Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bc14ada1 authored by Rajesh Nyamagoud's avatar Rajesh Nyamagoud Committed by Rajesh Nyamagoud (xWF)
Browse files

Skip tests on Strongbox with GSI build on devices with vendor-api-level 

< Android-V to avoid failures.

Bug: 385800086
Test: atest VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:39cb59847214ff3e96a0b047ad16888864e06aad)
Merged-In: I41fc5575af31593cdf3e68519daeb38b2263579d
Change-Id: I41fc5575af31593cdf3e68519daeb38b2263579d
parent b012c347

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+21 −4
Original line number Diff line number Diff line
@@ -2266,11 +2266,19 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
    get_unique_id(app_id, min_date - 1, &unique_id8);

    EXPECT_NE(unique_id, unique_id8);



    // Some StrongBox implementations did not correctly handle RESET_SINCE_ID_ROTATION when

    // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under GSI

    // were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be determined),

    // uncovering the problem. Skip this test for older implementations in that situation

    // (cf. b/385800086).

    if (!(is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

          get_vsr_api_level() < __ANDROID_API_V__)) {

        // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

        vector<uint8_t> unique_id9;

        get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

        EXPECT_NE(unique_id, unique_id9);

    }

}



/*

 * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId
@@ -2278,6 +2286,15 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
 * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

 */

TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {

    if (is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

        get_vsr_api_level() < __ANDROID_API_V__) {

        // Some StrongBox implementations did not correctly handle missing APPLICATION_ID when

        // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under

        // GSI were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be

        // determined), uncovering the problem. Skip this test for older implementations in that

        // situation (cf. b/385800086).

        GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level < __ANDROID_API_V__";

    }

    auto challenge = "hello";

    auto attest_app_id = "foo";

    auto subject = "cert subj 2";