diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-09-03 22:39:51 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-09-03 22:39:51 +0000 |
commit | e3620aa855242d2e6ab6d08a2f6720e9ecac9316 (patch) | |
tree | 3f2ad475a9e8d00ed6733ee962aaadb6c4b2a33b | |
parent | c66e81d62d6bbcec2f235a022fd8ca443a8de336 (diff) | |
parent | cb6cd0c1bcf2d9f68b84ba37a513a4140949d8ab (diff) | |
download | platform_hardware_interfaces-android11-d1-b-release.tar.gz platform_hardware_interfaces-android11-d1-b-release.tar.bz2 platform_hardware_interfaces-android11-d1-b-release.zip |
Snap for 6812258 from cb6cd0c1bcf2d9f68b84ba37a513a4140949d8ab to rvc-d1-b-releaseandroid-11.0.0_r16android11-d1-b-release
Change-Id: I733073c8ec24e355bbc1b9e29caaa6a4a3947b2a
-rw-r--r-- | keymaster/4.0/support/include/keymasterV4_0/authorization_set.h | 8 | ||||
-rw-r--r-- | keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp | 35 |
2 files changed, 36 insertions, 7 deletions
diff --git a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h index ff08066bc0..3e29206e9e 100644 --- a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h +++ b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h @@ -17,6 +17,7 @@ #ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ #define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ +#include <functional> #include <vector> #include <keymasterV4_0/keymaster_tags.h> @@ -165,11 +166,12 @@ class AuthorizationSet { */ bool Contains(Tag tag) const { return find(tag) != -1; } - template <TagType tag_type, Tag tag, typename ValueT> - bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value) const { + template <TagType tag_type, Tag tag, typename ValueT, typename Comparator = std::equal_to<>> + bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value, + Comparator cmp = Comparator()) const { for (const auto& param : data_) { auto entry = authorizationValue(ttag, param); - if (entry.isOk() && static_cast<ValueT>(entry.value()) == value) return true; + if (entry.isOk() && cmp(static_cast<ValueT>(entry.value()), value)) return true; } return false; } diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index aa2de2a682..d6696673a2 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -17,9 +17,12 @@ #define LOG_TAG "keymaster_hidl_hal_test" #include <cutils/log.h> -#include <iostream> #include <signal.h> +#include <functional> +#include <iostream> +#include <string> + #include <openssl/evp.h> #include <openssl/mem.h> #include <openssl/x509.h> @@ -32,6 +35,8 @@ #include "KeymasterHidlTest.h" +using namespace std::string_literals; + static bool arm_deleteAllKeys = false; static bool dump_Attestations = false; @@ -315,6 +320,12 @@ bool avb_verification_enabled() { return property_get("ro.boot.vbmeta.device_state", value, "") != 0; } +bool is_gsi() { + char property_value[PROPERTY_VALUE_MAX] = {}; + EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0); + return "mainline"s == property_value; +} + } // namespace bool verify_attestation_record(const string& challenge, const string& app_id, @@ -512,9 +523,25 @@ class NewKeyGenerationTest : public KeymasterHidlTest { EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version())) << "OS version is " << os_version() << " key reported " << auths.GetTagValue(TAG_OS_VERSION); - EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level())) - << "OS patch level is " << os_patch_level() << " key reported " - << auths.GetTagValue(TAG_OS_PATCHLEVEL); + + if (is_gsi()) { + // In general, TAG_OS_PATCHLEVEL should be equal to os_patch_level() + // reported from the system.img in use. But it is allowed to boot a + // GSI system.img with newer patch level, which means TAG_OS_PATCHLEVEL + // might be less than or equal to os_patch_level() in this case. + EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level + os_patch_level(), // system.img patch level + std::less_equal<>())) + << "OS patch level is " << os_patch_level() + << ", which is less than key reported " << auths.GetTagValue(TAG_OS_PATCHLEVEL); + } else { + EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level + os_patch_level(), // system.img patch level + std::equal_to<>())) + << "OS patch level is " << os_patch_level() + << ", which is not equal to key reported " + << auths.GetTagValue(TAG_OS_PATCHLEVEL); + } } void CheckCharacteristics(const HidlBuf& key_blob, |