Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 39cb5984 authored by Rajesh Nyamagoud's avatar Rajesh Nyamagoud
Browse files

Skip tests on Strongbox with GSI build on devices with vendor-api-level 

< Android-V to avoid failures.

Bug: 385800086
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I41fc5575af31593cdf3e68519daeb38b2263579d
parent eb181a26

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+23 −4
Original line number Original line Diff line number Diff line
@@ -2269,11 +2269,20 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
    get_unique_id(app_id, min_date - 1, &unique_id8);

    get_unique_id(app_id, min_date - 1, &unique_id8);

    EXPECT_NE(unique_id, unique_id8);

    EXPECT_NE(unique_id, unique_id8);





    // Some StrongBox implementations did not correctly handle RESET_SINCE_ID_ROTATION when

    // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under GSI

    // were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be determined),

    // uncovering the problem. Skip this test for older implementations in that situation

    // (cf. b/385800086).

    int vendor_api_level = get_vendor_api_level();

    if (!(is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

          vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__))) {

        // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

        // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

        vector<uint8_t> unique_id9;

        vector<uint8_t> unique_id9;

        get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

        get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

        EXPECT_NE(unique_id, unique_id9);

        EXPECT_NE(unique_id, unique_id9);

    }

    }

}





/*

/*

 * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId

 * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId
@@ -2281,6 +2290,16 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
 * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

 * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

 */

 */

TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {

TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {

    int vendor_api_level = get_vendor_api_level();

    if (is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

        vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        // Some StrongBox implementations did not correctly handle missing APPLICATION_ID when

        // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under

        // GSI were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be

        // determined), uncovering the problem. Skip this test for older implementations in that

        // situation (cf. b/385800086).

        GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level < __ANDROID_API_V__";

    }

    auto challenge = "hello";

    auto challenge = "hello";

    auto attest_app_id = "foo";

    auto attest_app_id = "foo";

    auto subject = "cert subj 2";

    auto subject = "cert subj 2";