summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorandroid-build-team Robot <android-build-team-robot@google.com>2020-09-03 22:39:51 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>2020-09-03 22:39:51 +0000
commite3620aa855242d2e6ab6d08a2f6720e9ecac9316 (patch)
tree3f2ad475a9e8d00ed6733ee962aaadb6c4b2a33b
parentc66e81d62d6bbcec2f235a022fd8ca443a8de336 (diff)
parentcb6cd0c1bcf2d9f68b84ba37a513a4140949d8ab (diff)
downloadplatform_hardware_interfaces-android11-d1-b-release.tar.gz
platform_hardware_interfaces-android11-d1-b-release.tar.bz2
platform_hardware_interfaces-android11-d1-b-release.zip
Snap for 6812258 from cb6cd0c1bcf2d9f68b84ba37a513a4140949d8ab to rvc-d1-b-releaseandroid-11.0.0_r16android11-d1-b-release
Change-Id: I733073c8ec24e355bbc1b9e29caaa6a4a3947b2a
-rw-r--r--keymaster/4.0/support/include/keymasterV4_0/authorization_set.h8
-rw-r--r--keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp35
2 files changed, 36 insertions, 7 deletions
diff --git a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
index ff08066bc0..3e29206e9e 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
@@ -17,6 +17,7 @@
#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
+#include <functional>
#include <vector>
#include <keymasterV4_0/keymaster_tags.h>
@@ -165,11 +166,12 @@ class AuthorizationSet {
*/
bool Contains(Tag tag) const { return find(tag) != -1; }
- template <TagType tag_type, Tag tag, typename ValueT>
- bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value) const {
+ template <TagType tag_type, Tag tag, typename ValueT, typename Comparator = std::equal_to<>>
+ bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value,
+ Comparator cmp = Comparator()) const {
for (const auto& param : data_) {
auto entry = authorizationValue(ttag, param);
- if (entry.isOk() && static_cast<ValueT>(entry.value()) == value) return true;
+ if (entry.isOk() && cmp(static_cast<ValueT>(entry.value()), value)) return true;
}
return false;
}
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index aa2de2a682..d6696673a2 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -17,9 +17,12 @@
#define LOG_TAG "keymaster_hidl_hal_test"
#include <cutils/log.h>
-#include <iostream>
#include <signal.h>
+#include <functional>
+#include <iostream>
+#include <string>
+
#include <openssl/evp.h>
#include <openssl/mem.h>
#include <openssl/x509.h>
@@ -32,6 +35,8 @@
#include "KeymasterHidlTest.h"
+using namespace std::string_literals;
+
static bool arm_deleteAllKeys = false;
static bool dump_Attestations = false;
@@ -315,6 +320,12 @@ bool avb_verification_enabled() {
return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
}
+bool is_gsi() {
+ char property_value[PROPERTY_VALUE_MAX] = {};
+ EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);
+ return "mainline"s == property_value;
+}
+
} // namespace
bool verify_attestation_record(const string& challenge, const string& app_id,
@@ -512,9 +523,25 @@ class NewKeyGenerationTest : public KeymasterHidlTest {
EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version()))
<< "OS version is " << os_version() << " key reported "
<< auths.GetTagValue(TAG_OS_VERSION);
- EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level()))
- << "OS patch level is " << os_patch_level() << " key reported "
- << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+
+ if (is_gsi()) {
+ // In general, TAG_OS_PATCHLEVEL should be equal to os_patch_level()
+ // reported from the system.img in use. But it is allowed to boot a
+ // GSI system.img with newer patch level, which means TAG_OS_PATCHLEVEL
+ // might be less than or equal to os_patch_level() in this case.
+ EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level
+ os_patch_level(), // system.img patch level
+ std::less_equal<>()))
+ << "OS patch level is " << os_patch_level()
+ << ", which is less than key reported " << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ } else {
+ EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level
+ os_patch_level(), // system.img patch level
+ std::equal_to<>()))
+ << "OS patch level is " << os_patch_level()
+ << ", which is not equal to key reported "
+ << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ }
}
void CheckCharacteristics(const HidlBuf& key_blob,