summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBowgo Tsai <bowgotsai@google.com>2020-03-13 14:54:37 +0800
committerBowgo Tsai <bowgotsai@google.com>2020-09-02 11:06:39 +0800
commitcf6360233b3828d27b6f0b606db30171c4801b46 (patch)
tree6a1c75077f6536fc17f13d49e10fceb25caa878d
parentbd78c601d1422eb26b3fff745aa3ebe0ab346b66 (diff)
downloadplatform_hardware_interfaces-cf6360233b3828d27b6f0b606db30171c4801b46.tar.gz
platform_hardware_interfaces-cf6360233b3828d27b6f0b606db30171c4801b46.tar.bz2
platform_hardware_interfaces-cf6360233b3828d27b6f0b606db30171c4801b46.zip
Allowing GSI patch level to be greater than vbmeta SPL
The GSI patch level might be greater than the vbmeta SPL, because GSI system.img might be updated via the DSU flow, where vbmeta.img won't be updated in this scenario. https://developer.android.com/topic/dsu Allowing GSI patch level to be greater than or equal to the vbmeta SPL, since Treble allows new system.img works on old vendor images. Bug: 145377203 Test: atest VtsHalKeymasterV4_0TargetTest Change-Id: Ib761d80c88695eb2db08b0dc00e30fcdc2788865 Merged-In: Ib761d80c88695eb2db08b0dc00e30fcdc2788865 (cherry picked from commit 63c0129fa64838ce2f2b982246d74f683bcd5426)
-rw-r--r--keymaster/4.0/support/include/keymasterV4_0/authorization_set.h8
-rw-r--r--keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp32
2 files changed, 34 insertions, 6 deletions
diff --git a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
index ff08066bc0..3e29206e9e 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
@@ -17,6 +17,7 @@
#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
+#include <functional>
#include <vector>
#include <keymasterV4_0/keymaster_tags.h>
@@ -165,11 +166,12 @@ class AuthorizationSet {
*/
bool Contains(Tag tag) const { return find(tag) != -1; }
- template <TagType tag_type, Tag tag, typename ValueT>
- bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value) const {
+ template <TagType tag_type, Tag tag, typename ValueT, typename Comparator = std::equal_to<>>
+ bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value,
+ Comparator cmp = Comparator()) const {
for (const auto& param : data_) {
auto entry = authorizationValue(ttag, param);
- if (entry.isOk() && static_cast<ValueT>(entry.value()) == value) return true;
+ if (entry.isOk() && cmp(static_cast<ValueT>(entry.value()), value)) return true;
}
return false;
}
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 293c50c31d..f95f65885f 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -17,7 +17,9 @@
#define LOG_TAG "keymaster_hidl_hal_test"
#include <cutils/log.h>
+#include <functional>
#include <iostream>
+#include <string>
#include <openssl/evp.h>
#include <openssl/mem.h>
@@ -31,6 +33,8 @@
#include "KeymasterHidlTest.h"
+using namespace std::string_literals;
+
static bool arm_deleteAllKeys = false;
static bool dump_Attestations = false;
@@ -314,6 +318,12 @@ bool avb_verification_enabled() {
return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
}
+bool is_gsi() {
+ char property_value[PROPERTY_VALUE_MAX] = {};
+ EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);
+ return "mainline"s == property_value;
+}
+
} // namespace
bool verify_attestation_record(const string& challenge, const string& app_id,
@@ -502,9 +512,25 @@ class NewKeyGenerationTest : public KeymasterHidlTest {
EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version()))
<< "OS version is " << os_version() << " key reported "
<< auths.GetTagValue(TAG_OS_VERSION);
- EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level()))
- << "OS patch level is " << os_patch_level() << " key reported "
- << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+
+ if (is_gsi()) {
+ // In general, TAG_OS_PATCHLEVEL should be equal to os_patch_level()
+ // reported from the system.img in use. But it is allowed to boot a
+ // GSI system.img with newer patch level, which means TAG_OS_PATCHLEVEL
+ // might be less than or equal to os_patch_level() in this case.
+ EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level
+ os_patch_level(), // system.img patch level
+ std::less_equal<>()))
+ << "OS patch level is " << os_patch_level()
+ << ", which is less than key reported " << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ } else {
+ EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level
+ os_patch_level(), // system.img patch level
+ std::equal_to<>()))
+ << "OS patch level is " << os_patch_level()
+ << ", which is not equal to key reported "
+ << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ }
}
void CheckCharacteristics(const HidlBuf& key_blob,