summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBowgo Tsai <bowgotsai@google.com>2020-09-03 02:35:02 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>2020-09-03 02:35:02 +0000
commit294b32dd3fb7886065172a1ff5e5cf5cd943f761 (patch)
tree77f6e4dd0e705a22ac2f35d036a506ad0371ece2
parentf4f3dd7cfe21815878e0f9052805c8219ec48e32 (diff)
parentcb6cd0c1bcf2d9f68b84ba37a513a4140949d8ab (diff)
downloadplatform_hardware_interfaces-294b32dd3fb7886065172a1ff5e5cf5cd943f761.tar.gz
platform_hardware_interfaces-294b32dd3fb7886065172a1ff5e5cf5cd943f761.tar.bz2
platform_hardware_interfaces-294b32dd3fb7886065172a1ff5e5cf5cd943f761.zip
Allowing GSI patch level to be greater than vbmeta SPL am: 2c94e43016 am: e42109b559 am: cb6cd0c1bc
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/12501703 Change-Id: I829b9968e5dad0150ff16843049619cf5f5c76d6
-rw-r--r--keymaster/4.0/support/include/keymasterV4_0/authorization_set.h8
-rw-r--r--keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp35
2 files changed, 36 insertions, 7 deletions
diff --git a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
index ff08066bc0..3e29206e9e 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
@@ -17,6 +17,7 @@
#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
+#include <functional>
#include <vector>
#include <keymasterV4_0/keymaster_tags.h>
@@ -165,11 +166,12 @@ class AuthorizationSet {
*/
bool Contains(Tag tag) const { return find(tag) != -1; }
- template <TagType tag_type, Tag tag, typename ValueT>
- bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value) const {
+ template <TagType tag_type, Tag tag, typename ValueT, typename Comparator = std::equal_to<>>
+ bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value,
+ Comparator cmp = Comparator()) const {
for (const auto& param : data_) {
auto entry = authorizationValue(ttag, param);
- if (entry.isOk() && static_cast<ValueT>(entry.value()) == value) return true;
+ if (entry.isOk() && cmp(static_cast<ValueT>(entry.value()), value)) return true;
}
return false;
}
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index aa2de2a682..d6696673a2 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -17,9 +17,12 @@
#define LOG_TAG "keymaster_hidl_hal_test"
#include <cutils/log.h>
-#include <iostream>
#include <signal.h>
+#include <functional>
+#include <iostream>
+#include <string>
+
#include <openssl/evp.h>
#include <openssl/mem.h>
#include <openssl/x509.h>
@@ -32,6 +35,8 @@
#include "KeymasterHidlTest.h"
+using namespace std::string_literals;
+
static bool arm_deleteAllKeys = false;
static bool dump_Attestations = false;
@@ -315,6 +320,12 @@ bool avb_verification_enabled() {
return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
}
+bool is_gsi() {
+ char property_value[PROPERTY_VALUE_MAX] = {};
+ EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);
+ return "mainline"s == property_value;
+}
+
} // namespace
bool verify_attestation_record(const string& challenge, const string& app_id,
@@ -512,9 +523,25 @@ class NewKeyGenerationTest : public KeymasterHidlTest {
EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version()))
<< "OS version is " << os_version() << " key reported "
<< auths.GetTagValue(TAG_OS_VERSION);
- EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level()))
- << "OS patch level is " << os_patch_level() << " key reported "
- << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+
+ if (is_gsi()) {
+ // In general, TAG_OS_PATCHLEVEL should be equal to os_patch_level()
+ // reported from the system.img in use. But it is allowed to boot a
+ // GSI system.img with newer patch level, which means TAG_OS_PATCHLEVEL
+ // might be less than or equal to os_patch_level() in this case.
+ EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level
+ os_patch_level(), // system.img patch level
+ std::less_equal<>()))
+ << "OS patch level is " << os_patch_level()
+ << ", which is less than key reported " << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ } else {
+ EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, // vbmeta.img patch level
+ os_patch_level(), // system.img patch level
+ std::equal_to<>()))
+ << "OS patch level is " << os_patch_level()
+ << ", which is not equal to key reported "
+ << auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ }
}
void CheckCharacteristics(const HidlBuf& key_blob,