diff options
| author | Seth Moore <sethmo@google.com> | 2021-08-04 16:31:52 -0700 |
|---|---|---|
| committer | Seth Moore <sethmo@google.com> | 2021-09-03 10:09:20 -0700 |
| commit | 2a9a00e385c20ee9df7162f45c83c3f70a681f85 (patch) | |
| tree | d970cc08a0601e953951348ba46f8def74a7accd /security | |
| parent | b04c67a9386fd141002f0836220ef69592f26a52 (diff) | |
Add logging to KeyCharacteristicsBasicallyValid
There are multiple ways this predicate can fail, so add some logging
statements when errors occur so that tests are easier to debug.
Test: VtsAidlKeyMintTargetTest
Change-Id: I49ec12271bdebeab3aa6b9c7ae5d491075b3b649
Diffstat (limited to 'security')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 20324117b9..fb720e8f46 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -77,12 +77,18 @@ bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel, std::unordered_set<SecurityLevel> levels_seen; for (auto& entry : key_characteristics) { - if (entry.authorizations.empty()) return false; + if (entry.authorizations.empty()) { + GTEST_LOG_(ERROR) << "empty authorizations for " << entry.securityLevel; + return false; + } // Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this. if (entry.securityLevel == SecurityLevel::KEYSTORE) continue; - if (levels_seen.find(entry.securityLevel) != levels_seen.end()) return false; + if (levels_seen.find(entry.securityLevel) != levels_seen.end()) { + GTEST_LOG_(ERROR) << "duplicate authorizations for " << entry.securityLevel; + return false; + } levels_seen.insert(entry.securityLevel); // Generally, we should only have one entry, at the same security level as the KM @@ -92,7 +98,10 @@ bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel, (secLevel == SecurityLevel::STRONGBOX && entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT); - if (!isExpectedSecurityLevel) return false; + if (!isExpectedSecurityLevel) { + GTEST_LOG_(ERROR) << "Unexpected security level " << entry.securityLevel; + return false; + } } return true; } |