diff options
4 files changed, 19 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 5cdea93a19..240de351d6 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -743,6 +743,11 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) { } TEST_P(AttestKeyTest, EcdsaAttestationID) { + if (is_gsi_image()) { + // GSI sets up a standard set of device identifiers that may not match + // the device identifiers held by the device. + GTEST_SKIP() << "Test not applicable under GSI"; + } // Create attestation key. AttestationKey attest_key; vector<KeyCharacteristics> attest_key_characteristics; diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 943c692c3e..be219940f8 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -17,6 +17,7 @@ #include "KeyMintAidlTestBase.h" #include <chrono> +#include <fstream> #include <unordered_set> #include <vector> @@ -1460,6 +1461,11 @@ void verify_subject(const X509* cert, // OPENSSL_free(cert_issuer); } +bool is_gsi_image() { + std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc"); + return ifs.good(); +} + vector<uint8_t> build_serial_blob(const uint64_t serial_int) { BIGNUM_Ptr serial(BN_new()); EXPECT_TRUE(BN_set_u64(serial.get(), serial_int)); diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 7279c95692..2634ab7868 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t } } +// Indicate whether the test is running on a GSI image. +bool is_gsi_image(); + vector<uint8_t> build_serial_blob(const uint64_t serial_int); void verify_subject(const X509* cert, const string& subject, bool self_signed); void verify_serial(X509* cert, const uint64_t expected_serial); diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index cbe4512ab3..7950850f91 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -1949,6 +1949,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { * attestation extension. */ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { + if (is_gsi_image()) { + // GSI sets up a standard set of device identifiers that may not match + // the device identifiers held by the device. + GTEST_SKIP() << "Test not applicable under GSI"; + } auto challenge = "hello"; auto app_id = "foo"; auto subject = "cert subj 2"; |