Merge "Skip tests on Strongbox with GSI build on devices with vendor-api-level...

    get_unique_id(app_id, min_date - 1, &unique_id8);

    EXPECT_NE(unique_id, unique_id8);

    // Some StrongBox implementations did not correctly handle RESET_SINCE_ID_ROTATION when

    // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under GSI

    // were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be determined),

    // uncovering the problem. Skip this test for older implementations in that situation

    // (cf. b/385800086).

    if (!(is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

          get_vsr_api_level() < __ANDROID_API_V__)) {

        // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

        vector<uint8_t> unique_id9;

        get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

        EXPECT_NE(unique_id, unique_id9);

    }

}

/*

 * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId

 * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

 */

TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {

    if (is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

        get_vsr_api_level() < __ANDROID_API_V__) {

        // Some StrongBox implementations did not correctly handle missing APPLICATION_ID when

        // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under

        // GSI were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be

        // determined), uncovering the problem. Skip this test for older implementations in that

        // situation (cf. b/385800086).

        GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level < __ANDROID_API_V__";

    }

    auto challenge = "hello";

    auto attest_app_id = "foo";

    auto subject = "cert subj 2";