Merge "have one implementation of deviceSuffix" into main am: d9c0272480 (5f8fb547) · Commits · e / os / android_hardware_interfaces

security/keymint/support/include/remote_prov/remote_prov_utils.h

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -99,7 +99,7 @@ const std::string RKPVM_INSTANCE_NAME =
	* e.g. for "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf",		* e.g. for "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf",
	* it returns "avf".		* it returns "avf".
	*/		*/
	std::string deviceSuffix(const std::string& name);		std::string_view deviceSuffix(std::string_view name);

	struct EekChain {		struct EekChain {
	bytevec chain;		bytevec chain;

security/keymint/support/remote_prov_utils.cpp

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -52,8 +52,8 @@ using EVP_PKEY_CTX_Ptr = bssl::UniquePtr<EVP_PKEY_CTX>;
	using X509_Ptr = bssl::UniquePtr<X509>;		using X509_Ptr = bssl::UniquePtr<X509>;
	using CRYPTO_BUFFER_Ptr = bssl::UniquePtr<CRYPTO_BUFFER>;		using CRYPTO_BUFFER_Ptr = bssl::UniquePtr<CRYPTO_BUFFER>;

	std::string deviceSuffix(const std::string& name) {		std::string_view deviceSuffix(std::string_view name) {
	size_t pos = name.rfind('/');		auto pos = name.rfind('/');
	if (pos == std::string::npos) {		if (pos == std::string::npos) {
	return name;		return name;
	}		}

security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

+4 −11

Original line number	Original line	Diff line number	Diff line
	@@ -35,6 +35,7 @@
	#include <remote_prov/remote_prov_utils.h>		#include <remote_prov/remote_prov_utils.h>
	#include <optional>		#include <optional>
	#include <set>		#include <set>
			#include <string_view>
	#include <vector>		#include <vector>

	#include "KeyMintAidlTestBase.h"		#include "KeyMintAidlTestBase.h"
	@@ -150,22 +151,14 @@ ErrMsgOr<bytevec> corrupt_sig_chain(const bytevec& encodedEekChain, int which) {
	return corruptChain.encode();		return corruptChain.encode();
	}		}

	string device_suffix(const string& name) {
	size_t pos = name.find('/');
	if (pos == string::npos) {
	return name;
	}
	return name.substr(pos + 1);
	}

	bool matching_keymint_device(const string& rp_name, std::shared_ptr<IKeyMintDevice>* keyMint) {		bool matching_keymint_device(const string& rp_name, std::shared_ptr<IKeyMintDevice>* keyMint) {
	string rp_suffix = device_suffix(rp_name);		auto rp_suffix = deviceSuffix(rp_name);

	vector<string> km_names = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);		vector<string> km_names = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
	for (const string& km_name : km_names) {		for (const string& km_name : km_names) {
	// If the suffix of the KeyMint instance equals the suffix of the		// If the suffix of the KeyMint instance equals the suffix of the
	// RemotelyProvisionedComponent instance, assume they match.		// RemotelyProvisionedComponent instance, assume they match.
	if (device_suffix(km_name) == rp_suffix && AServiceManager_isDeclared(km_name.c_str())) {		if (deviceSuffix(km_name) == rp_suffix && AServiceManager_isDeclared(km_name.c_str())) {
	::ndk::SpAIBinder binder(AServiceManager_waitForService(km_name.c_str()));		::ndk::SpAIBinder binder(AServiceManager_waitForService(km_name.c_str()));
	*keyMint = IKeyMintDevice::fromBinder(binder);		*keyMint = IKeyMintDevice::fromBinder(binder);
	return true;		return true;
	@@ -1002,7 +995,7 @@ TEST_P(CertificateRequestV2Test, DeviceInfo) {
	ASSERT_TRUE(bootPatchLevel);		ASSERT_TRUE(bootPatchLevel);
	ASSERT_TRUE(securityLevel);		ASSERT_TRUE(securityLevel);

	auto kmDeviceName = device_suffix(GetParam());		auto kmDeviceName = deviceSuffix(GetParam());

	// Compare DeviceInfo against IDs attested by KeyMint.		// Compare DeviceInfo against IDs attested by KeyMint.
	ASSERT_TRUE((securityLevel->value() == "tee" && kmDeviceName == "default") \|\|		ASSERT_TRUE((securityLevel->value() == "tee" && kmDeviceName == "default") \|\|