diff options
4 files changed, 72 insertions, 0 deletions
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index bf568600d6..bdaaf96dc4 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -27,6 +27,7 @@ #include <openssl/mem.h> #include <openssl/x509.h> +#include <android-base/properties.h> #include <cutils/properties.h> #include <keymasterV4_0/attestation_record.h> @@ -386,6 +387,28 @@ bool avb_verification_enabled() { return property_get("ro.boot.vbmeta.device_state", value, "") != 0; } +int get_vsr_api_level() { + int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); + } + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.vndk.version", -1); + } + // We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird + // devices, we may not. So, we use the SDK first or current API level if needed. If this goes + // wrong, it should go wrong in the direction of being too strict rather than too lenient, which + // should provoke someone to examine why we don't have proper VSR API level properties. + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + } + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + } + EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent."; + return api_level; +} + bool is_gsi() { char property_value[PROPERTY_VALUE_MAX] = {}; EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0); @@ -4833,6 +4856,18 @@ TEST_P(TransportLimitTest, LargeFinishInput) { INSTANTIATE_KEYMASTER_HIDL_TEST(TransportLimitTest); +using VsrRequirementTest = KeymasterHidlTest; + +TEST_P(VsrRequirementTest, Vsr13Test) { + int vsr_api_level = get_vsr_api_level(); + if (vsr_api_level < 33) { + GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level; + } + FAIL() << "VSR 13+ requires KeyMint version 2"; +} + +INSTANTIATE_KEYMASTER_HIDL_TEST(VsrRequirementTest); + } // namespace test } // namespace V4_0 } // namespace keymaster diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index be219940f8..6f21d3e6e7 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -1461,6 +1461,28 @@ void verify_subject(const X509* cert, // OPENSSL_free(cert_issuer); } +int get_vsr_api_level() { + int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); + } + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.vndk.version", -1); + } + // We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird + // devices, we may not. So, we use the SDK first or current API level if needed. If this goes + // wrong, it should go wrong in the direction of being too strict rather than too lenient, which + // should provoke someone to examine why we don't have proper VSR API level properties. + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + } + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + } + EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent."; + return api_level; +} + bool is_gsi_image() { std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc"); return ifs.good(); diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 2634ab7868..abbfb398df 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t } } +// Return the VSR API level for this device. +int get_vsr_api_level(); + // Indicate whether the test is running on a GSI image. bool is_gsi_image(); diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 3c2bece4af..4e746b2bb9 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -7991,6 +7991,18 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) { INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest); +using VsrRequirementTest = KeyMintAidlTestBase; + +TEST_P(VsrRequirementTest, Vsr13Test) { + int vsr_api_level = get_vsr_api_level(); + if (vsr_api_level < 33) { + GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level; + } + EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2"; +} + +INSTANTIATE_KEYMINT_AIDL_TEST(VsrRequirementTest); + } // namespace aidl::android::hardware::security::keymint::test int main(int argc, char** argv) { |