Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d645d0a2 authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint: make test more robust to variations 

Only perform the population of a fake module hash if the keystore2
flag is off (indicating that the real module hash will not be populated)

Also hold off from running the test until Keystore has done the
population, so tests that rely on the module hash being populated
are more likely to work.

Bug: 369375199
Bug: 380020528
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib4978349c70427065a004db775a13311d1bf4754
parent 1a086472

security/keymint/aidl/vts/functional/Android.bp

+3 −0
Original line number Diff line number Diff line
@@ -100,6 +100,9 @@ cc_test_library { 
    export_static_lib_headers: [

        "libkeymint_support",

    ],

    shared_libs: [

        "libkeystore2_flags_cc",

    ],

    static_libs: [

        "libgmock_ndk",

    ],

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+6 −5
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ 
#include <android-base/strings.h>

#include <android/binder_manager.h>

#include <android/content/pm/IPackageManagerNative.h>

#include <android_security_keystore2.h>

#include <cppbor_parse.h>

#include <cutils/properties.h>

#include <gmock/gmock.h>
@@ -387,11 +388,11 @@ void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyM 
    os_patch_level_ = getOsPatchlevel();

    vendor_patch_level_ = getVendorPatchlevel();



    // TODO(b/369375199): temporary code, remove when apexd -> keystore2 -> KeyMint transmission

    // of module info happens.

    {

        GTEST_LOG_(INFO) << "Setting MODULE_HASH to fake value as fallback";

        // Ensure that a MODULE_HASH value is definitely present in KeyMint (if it's >= v4).

    if (!::android::security::keystore2::attest_modules()) {

        // Some tests (for v4+) require that the KeyMint instance has been

        // provided with a module hash value.  If the keystore2 flag is off,

        // this will not happen, so set a fake value here instead.

        GTEST_LOG_(INFO) << "Setting MODULE_HASH to fake value as fallback when flag off";

        vector<uint8_t> fakeModuleHash = {

                0xf3, 0xf1, 0x1f, 0xe5, 0x13, 0x05, 0xfe, 0xfa, 0xe9, 0xc3, 0x53,

                0xef, 0x69, 0xdf, 0x9f, 0xd7, 0x0c, 0x1e, 0xcc, 0x2c, 0x2c, 0x62,

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+7 −0
Original line number Diff line number Diff line
@@ -9134,5 +9134,12 @@ int main(int argc, char** argv) { 
            }

        }

    }

    // Some tests rely on information about the state of the system having been received by KeyMint,

    // so ensure that has happened before running tests.

    using namespace std::chrono_literals;

    if (!android::base::WaitForProperty("keystore.module_hash.sent", "true", 30s)) {

        std::cerr << "Warning: running test before keystore.module_hash.sent is true\n";

    }



    return RUN_ALL_TESTS();

}