Merge "Allowing GSI patch level to be greater than vbmeta SPL"

#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

#include <functional>

#include <vector>

#include <keymasterV4_0/keymaster_tags.h>

     */

    bool Contains(Tag tag) const { return find(tag) != -1; }

    template <TagType tag_type, Tag tag, typename ValueT>

    bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value) const {

    template <TagType tag_type, Tag tag, typename ValueT, typename Comparator = std::equal_to<>>

    bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value,

                  Comparator cmp = Comparator()) const {

        for (const auto& param : data_) {

            auto entry = authorizationValue(ttag, param);

            if (entry.isOk() && static_cast<ValueT>(entry.value()) == value) return true;

            if (entry.isOk() && cmp(static_cast<ValueT>(entry.value()), value)) return true;

        }

        return false;

    }

#define LOG_TAG "keymaster_hidl_hal_test"

#include <cutils/log.h>

#include <iostream>

#include <signal.h>

#include <functional>

#include <iostream>

#include <string>

#include <openssl/evp.h>

#include <openssl/mem.h>

#include <openssl/x509.h>

#include "KeymasterHidlTest.h"

using namespace std::string_literals;

static bool arm_deleteAllKeys = false;

static bool dump_Attestations = false;

    return property_get("ro.boot.vbmeta.device_state", value, "") != 0;

}

bool is_gsi() {

    char property_value[PROPERTY_VALUE_MAX] = {};

    EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);

    return "mainline"s == property_value;

}

}  // namespace

bool verify_attestation_record(const string& challenge, const string& app_id,

        EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version()))

            << "OS version is " << os_version() << " key reported "

            << auths.GetTagValue(TAG_OS_VERSION);

        EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level()))

            << "OS patch level is " << os_patch_level() << " key reported "

        if (is_gsi()) {

            // In general, TAG_OS_PATCHLEVEL should be equal to os_patch_level()

            // reported from the system.img in use. But it is allowed to boot a

            // GSI system.img with newer patch level, which means TAG_OS_PATCHLEVEL

            // might be less than or equal to os_patch_level() in this case.

            EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL,  // vbmeta.img patch level

                                       os_patch_level(),   // system.img patch level

                                       std::less_equal<>()))

                    << "OS patch level is " << os_patch_level()

                    << ", which is less than key reported " << auths.GetTagValue(TAG_OS_PATCHLEVEL);

        } else {

            EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL,  // vbmeta.img patch level

                                       os_patch_level(),   // system.img patch level

                                       std::equal_to<>()))

                    << "OS patch level is " << os_patch_level()

                    << ", which is not equal to key reported "

                    << auths.GetTagValue(TAG_OS_PATCHLEVEL);

        }

    }

    void CheckCharacteristics(const HidlBuf& key_blob,

                              const KeyCharacteristics& key_characteristics) {