Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8c59c4fa authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Implement KeyMint2 test for VSR13" into tm-dev am: d782e213 

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/18746484



Change-Id: I05ed419822d1ff96cba2f47d65a2525e8350e6b2
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 92817a11 d782e213

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+35 −0
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ 
#include <openssl/mem.h>

#include <openssl/x509.h>



#include <android-base/properties.h>

#include <cutils/properties.h>



#include <keymasterV4_0/attestation_record.h>
@@ -386,6 +387,28 @@ bool avb_verification_enabled() { 
    return property_get("ro.boot.vbmeta.device_state", value, "") != 0;

}



int get_vsr_api_level() {

    int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);

    }

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.vndk.version", -1);

    }

    // We really should have a VSR API level by now.  But on cuttlefish, and perhaps other weird

    // devices, we may not.  So, we use the SDK first or current API level if needed.  If this goes

    // wrong, it should go wrong in the direction of being too strict rather than too lenient, which

    // should provoke someone to examine why we don't have proper VSR API level properties.

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1);

    }

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1);

    }

    EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent.";

    return api_level;

}



bool is_gsi() {

    char property_value[PROPERTY_VALUE_MAX] = {};

    EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);
@@ -4833,6 +4856,18 @@ TEST_P(TransportLimitTest, LargeFinishInput) { 


INSTANTIATE_KEYMASTER_HIDL_TEST(TransportLimitTest);



using VsrRequirementTest = KeymasterHidlTest;



TEST_P(VsrRequirementTest, Vsr13Test) {

    int vsr_api_level = get_vsr_api_level();

    if (vsr_api_level < 33) {

        GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;

    }

    FAIL() << "VSR 13+ requires KeyMint version 2";

}



INSTANTIATE_KEYMASTER_HIDL_TEST(VsrRequirementTest);



}  // namespace test

}  // namespace V4_0

}  // namespace keymaster

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+22 −0
Original line number Diff line number Diff line
@@ -1460,6 +1460,28 @@ void verify_subject(const X509* cert, // 
    OPENSSL_free(cert_issuer);

}



int get_vsr_api_level() {

    int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);

    }

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.vndk.version", -1);

    }

    // We really should have a VSR API level by now.  But on cuttlefish, and perhaps other weird

    // devices, we may not.  So, we use the SDK first or current API level if needed.  If this goes

    // wrong, it should go wrong in the direction of being too strict rather than too lenient, which

    // should provoke someone to examine why we don't have proper VSR API level properties.

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1);

    }

    if (api_level == -1) {

        api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1);

    }

    EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent.";

    return api_level;

}



bool is_gsi_image() {

    std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc");

    return ifs.good();

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+3 −0
Original line number Diff line number Diff line
@@ -355,6 +355,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t 
    }

}



// Return the VSR API level for this device.

int get_vsr_api_level();



// Indicate whether the test is running on a GSI image.

bool is_gsi_image();

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+12 −0
Original line number Diff line number Diff line
@@ -7991,6 +7991,18 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) { 


INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest);



using VsrRequirementTest = KeyMintAidlTestBase;



TEST_P(VsrRequirementTest, Vsr13Test) {

    int vsr_api_level = get_vsr_api_level();

    if (vsr_api_level < 33) {

        GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;

    }

    EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2";

}



INSTANTIATE_KEYMINT_AIDL_TEST(VsrRequirementTest);



}  // namespace aidl::android::hardware::security::keymint::test



int main(int argc, char** argv) {