diff options
6 files changed, 157 insertions, 112 deletions
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index bdaaf96dc4..fb5048a2f3 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -388,25 +388,28 @@ bool avb_verification_enabled() { } int get_vsr_api_level() { - int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); + int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1); + if (vendor_api_level != -1) { + return vendor_api_level; } - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.vndk.version", -1); + + // Android S and older devices do not define ro.vendor.api_level + vendor_api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); + if (vendor_api_level == -1) { + vendor_api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); } - // We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird - // devices, we may not. So, we use the SDK first or current API level if needed. If this goes - // wrong, it should go wrong in the direction of being too strict rather than too lenient, which - // should provoke someone to examine why we don't have proper VSR API level properties. - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + + int product_api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + if (product_api_level == -1) { + product_api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + EXPECT_NE(product_api_level, -1) << "Could not find ro.build.version.sdk"; } - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + + // VSR API level is the minimum of vendor_api_level and product_api_level. + if (vendor_api_level == -1 || vendor_api_level > product_api_level) { + return product_api_level; } - EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent."; - return api_level; + return vendor_api_level; } bool is_gsi() { diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 240de351d6..ca517ac61c 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -16,6 +16,7 @@ #define LOG_TAG "keymint_1_attest_key_test" #include <cutils/log.h> +#include <cutils/properties.h> #include <keymint_support/key_param_output.h> #include <keymint_support/openssl_utils.h> @@ -33,7 +34,33 @@ bool IsSelfSigned(const vector<Certificate>& chain) { } // namespace -using AttestKeyTest = KeyMintAidlTestBase; +class AttestKeyTest : public KeyMintAidlTestBase { + protected: + ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc, + const optional<AttestationKey>& attest_key, + vector<uint8_t>* key_blob, + vector<KeyCharacteristics>* key_characteristics, + vector<Certificate>* cert_chain) { + // The original specification for KeyMint v1 required ATTEST_KEY not be combined + // with any other key purpose, but the original VTS tests incorrectly did exactly that. + // This means that a device that launched prior to Android T (API level 33) may + // accept or even require KeyPurpose::SIGN too. + if (property_get_int32("ro.board.first_api_level", 0) < 33) { + AuthorizationSet key_desc_plus_sign = key_desc; + key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN); + + auto result = GenerateKey(key_desc_plus_sign, attest_key, key_blob, key_characteristics, + cert_chain); + if (result == ErrorCode::OK) { + return result; + } + // If the key generation failed, it may be because the device is (correctly) + // rejecting the combination of ATTEST_KEY+SIGN. Fall through to try again with + // just ATTEST_KEY. + } + return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain); + } +}; /* * AttestKeyTest.AllRsaSizes @@ -49,12 +76,13 @@ TEST_P(AttestKeyTest, AllRsaSizes) { AttestationKey attest_key; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; - ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaKey(size, 65537) - .AttestKey() - .SetDefaultValidity(), - {} /* attestation signing key */, &attest_key.keyBlob, - &attest_key_characteristics, &attest_key_cert_chain)); + ASSERT_EQ(ErrorCode::OK, + GenerateAttestKey(AuthorizationSetBuilder() + .RsaKey(size, 65537) + .AttestKey() + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, + &attest_key_characteristics, &attest_key_cert_chain)); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); @@ -227,17 +255,17 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { AttestationKey attest_key; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; - auto result = GenerateKey(AuthorizationSetBuilder() - .RsaKey(2048, 65537) - .AttestKey() - .AttestationChallenge(challenge) - .AttestationApplicationId(app_id) - .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) - .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) - .Authorization(TAG_NO_AUTH_REQUIRED) - .SetDefaultValidity(), - {} /* attestation signing key */, &attest_key.keyBlob, - &attest_key_characteristics, &attest_key_cert_chain); + auto result = GenerateAttestKey(AuthorizationSetBuilder() + .RsaKey(2048, 65537) + .AttestKey() + .AttestationChallenge(challenge) + .AttestationApplicationId(app_id) + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, + &attest_key_characteristics, &attest_key_cert_chain); // Strongbox may not support factory provisioned attestation key. if (SecLevel() == SecurityLevel::STRONGBOX) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; @@ -331,17 +359,17 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { attest_key_opt = attest_key; } - auto result = GenerateKey(AuthorizationSetBuilder() - .RsaKey(2048, 65537) - .AttestKey() - .AttestationChallenge("foo") - .AttestationApplicationId("bar") - .Authorization(TAG_NO_AUTH_REQUIRED) - .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) - .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) - .SetDefaultValidity(), - attest_key_opt, &key_blob_list[i], &attested_key_characteristics, - &cert_chain_list[i]); + auto result = GenerateAttestKey(AuthorizationSetBuilder() + .RsaKey(2048, 65537) + .AttestKey() + .AttestationChallenge("foo") + .AttestationApplicationId("bar") + .Authorization(TAG_NO_AUTH_REQUIRED) + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], + &attested_key_characteristics, &cert_chain_list[i]); // Strongbox may not support factory provisioned attestation key. if (SecLevel() == SecurityLevel::STRONGBOX) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; @@ -408,17 +436,17 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { attest_key_opt = attest_key; } - auto result = GenerateKey(AuthorizationSetBuilder() - .EcdsaKey(EcCurve::P_256) - .AttestKey() - .AttestationChallenge("foo") - .AttestationApplicationId("bar") - .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) - .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) - .Authorization(TAG_NO_AUTH_REQUIRED) - .SetDefaultValidity(), - attest_key_opt, &key_blob_list[i], &attested_key_characteristics, - &cert_chain_list[i]); + auto result = GenerateAttestKey(AuthorizationSetBuilder() + .EcdsaKey(EcCurve::P_256) + .AttestKey() + .AttestationChallenge("foo") + .AttestationApplicationId("bar") + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], + &attested_key_characteristics, &cert_chain_list[i]); // Strongbox may not support factory provisioned attestation key. if (SecLevel() == SecurityLevel::STRONGBOX) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; @@ -513,29 +541,29 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { } ErrorCode result; if ((i & 0x1) == 1) { - result = GenerateKey(AuthorizationSetBuilder() - .EcdsaKey(EcCurve::P_256) - .AttestKey() - .AttestationChallenge("foo") - .AttestationApplicationId("bar") - .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) - .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) - .Authorization(TAG_NO_AUTH_REQUIRED) - .SetDefaultValidity(), - attest_key_opt, &key_blob_list[i], &attested_key_characteristics, - &cert_chain_list[i]); + result = GenerateAttestKey(AuthorizationSetBuilder() + .EcdsaKey(EcCurve::P_256) + .AttestKey() + .AttestationChallenge("foo") + .AttestationApplicationId("bar") + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], + &attested_key_characteristics, &cert_chain_list[i]); } else { - result = GenerateKey(AuthorizationSetBuilder() - .RsaKey(2048, 65537) - .AttestKey() - .AttestationChallenge("foo") - .AttestationApplicationId("bar") - .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) - .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) - .Authorization(TAG_NO_AUTH_REQUIRED) - .SetDefaultValidity(), - attest_key_opt, &key_blob_list[i], &attested_key_characteristics, - &cert_chain_list[i]); + result = GenerateAttestKey(AuthorizationSetBuilder() + .RsaKey(2048, 65537) + .AttestKey() + .AttestationChallenge("foo") + .AttestationApplicationId("bar") + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], + &attested_key_characteristics, &cert_chain_list[i]); } // Strongbox may not support factory provisioned attestation key. if (SecLevel() == SecurityLevel::STRONGBOX) { @@ -581,12 +609,13 @@ TEST_P(AttestKeyTest, MissingChallenge) { AttestationKey attest_key; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; - ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .RsaKey(size, 65537) - .AttestKey() - .SetDefaultValidity(), - {} /* attestation signing key */, &attest_key.keyBlob, - &attest_key_characteristics, &attest_key_cert_chain)); + ASSERT_EQ(ErrorCode::OK, + GenerateAttestKey(AuthorizationSetBuilder() + .RsaKey(size, 65537) + .AttestKey() + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, + &attest_key_characteristics, &attest_key_cert_chain)); EXPECT_EQ(attest_key_cert_chain.size(), 1); EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size; @@ -630,7 +659,7 @@ TEST_P(AttestKeyTest, AllEcCurves) { vector<Certificate> attest_key_cert_chain; ASSERT_EQ( ErrorCode::OK, - GenerateKey( + GenerateAttestKey( AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); @@ -752,12 +781,13 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { AttestationKey attest_key; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; - ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .EcdsaKey(EcCurve::P_256) - .AttestKey() - .SetDefaultValidity(), - {} /* attestation signing key */, &attest_key.keyBlob, - &attest_key_characteristics, &attest_key_cert_chain)); + ASSERT_EQ(ErrorCode::OK, + GenerateAttestKey(AuthorizationSetBuilder() + .EcdsaKey(EcCurve::P_256) + .AttestKey() + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, + &attest_key_characteristics, &attest_key_cert_chain)); attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key"); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); @@ -816,12 +846,13 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) { AttestationKey attest_key; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; - ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() - .EcdsaKey(EcCurve::P_256) - .AttestKey() - .SetDefaultValidity(), - {} /* attestation signing key */, &attest_key.keyBlob, - &attest_key_characteristics, &attest_key_cert_chain)); + ASSERT_EQ(ErrorCode::OK, + GenerateAttestKey(AuthorizationSetBuilder() + .EcdsaKey(EcCurve::P_256) + .AttestKey() + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, + &attest_key_characteristics, &attest_key_cert_chain)); attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key"); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 33945fd0e5..46db4f0c78 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -1461,25 +1461,28 @@ void verify_subject(const X509* cert, // } int get_vsr_api_level() { - int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); + int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1); + if (vendor_api_level != -1) { + return vendor_api_level; } - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.vndk.version", -1); + + // Android S and older devices do not define ro.vendor.api_level + vendor_api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); + if (vendor_api_level == -1) { + vendor_api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); } - // We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird - // devices, we may not. So, we use the SDK first or current API level if needed. If this goes - // wrong, it should go wrong in the direction of being too strict rather than too lenient, which - // should provoke someone to examine why we don't have proper VSR API level properties. - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + + int product_api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + if (product_api_level == -1) { + product_api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + EXPECT_NE(product_api_level, -1) << "Could not find ro.build.version.sdk"; } - if (api_level == -1) { - api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + + // VSR API level is the minimum of vendor_api_level and product_api_level. + if (vendor_api_level == -1 || vendor_api_level > product_api_level) { + return product_api_level; } - EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent."; - return api_level; + return vendor_api_level; } bool is_gsi_image() { diff --git a/sensors/aidl/default/multihal/ConvertUtils.cpp b/sensors/aidl/default/multihal/ConvertUtils.cpp index 9b2d8fe309..bf56ed52a3 100644 --- a/sensors/aidl/default/multihal/ConvertUtils.cpp +++ b/sensors/aidl/default/multihal/ConvertUtils.cpp @@ -77,6 +77,8 @@ void convertToHidlEvent(const AidlEvent& aidlEvent, V2_1Event* hidlEvent) { hidlEvent->u.vec3.x = aidlEvent.payload.get<Event::EventPayload::vec3>().x; hidlEvent->u.vec3.y = aidlEvent.payload.get<Event::EventPayload::vec3>().y; hidlEvent->u.vec3.z = aidlEvent.payload.get<Event::EventPayload::vec3>().z; + hidlEvent->u.vec3.status = + (V1_0SensorStatus)aidlEvent.payload.get<Event::EventPayload::vec3>().status; break; case AidlSensorType::GAME_ROTATION_VECTOR: hidlEvent->u.vec4.x = aidlEvent.payload.get<Event::EventPayload::vec4>().x; @@ -225,6 +227,7 @@ void convertToAidlEvent(const V2_1Event& hidlEvent, AidlEvent* aidlEvent) { vec3.x = hidlEvent.u.vec3.x; vec3.y = hidlEvent.u.vec3.y; vec3.z = hidlEvent.u.vec3.z; + vec3.status = (SensorStatus)hidlEvent.u.vec3.status; aidlEvent->payload.set<Event::EventPayload::vec3>(vec3); break; } diff --git a/tv/tuner/1.0/vts/functional/VtsHalTvTunerV1_0TargetTest.cpp b/tv/tuner/1.0/vts/functional/VtsHalTvTunerV1_0TargetTest.cpp index 3e3a4d4732..59b7939833 100644 --- a/tv/tuner/1.0/vts/functional/VtsHalTvTunerV1_0TargetTest.cpp +++ b/tv/tuner/1.0/vts/functional/VtsHalTvTunerV1_0TargetTest.cpp @@ -144,9 +144,9 @@ void TunerPlaybackHidlTest::playbackSingleFilterTest(FilterConfig filterConf, Dv ASSERT_TRUE(mFilterTests.getNewlyOpenedFilterId(filterId)); ASSERT_TRUE(mFilterTests.configFilter(filterConf.settings, filterId)); ASSERT_TRUE(mFilterTests.getFilterMQDescriptor(filterId, filterConf.getMqDesc)); - mDvrTests.startPlaybackInputThread(dvrConf.playbackInputFile, dvrConf.settings.playback()); ASSERT_TRUE(mDvrTests.startDvrPlayback()); ASSERT_TRUE(mFilterTests.startFilter(filterId)); + mDvrTests.startPlaybackInputThread(dvrConf.playbackInputFile, dvrConf.settings.playback()); ASSERT_TRUE(filterDataOutputTest()); mDvrTests.stopPlaybackThread(); ASSERT_TRUE(mFilterTests.stopFilter(filterId)); diff --git a/uwb/aidl/vts/VtsHalUwbTargetTest.cpp b/uwb/aidl/vts/VtsHalUwbTargetTest.cpp index edd8dd6608..81d26ba06b 100644 --- a/uwb/aidl/vts/VtsHalUwbTargetTest.cpp +++ b/uwb/aidl/vts/VtsHalUwbTargetTest.cpp @@ -68,6 +68,11 @@ class UwbAidl : public testing::TestWithParam<std::string> { iuwb_ = IUwb::fromBinder(SpAIBinder(AServiceManager_waitForService(GetParam().c_str()))); ASSERT_NE(iuwb_, nullptr); } + virtual void TearDown() override { + // Trigger HAL close at end of each test. + const auto iuwb_chip = getAnyChip(); + iuwb_chip->close(); + } std::shared_ptr<IUwb> iuwb_; // TODO (b/197638976): We pick the first chip here. Need to fix this |