diff options
Diffstat (limited to 'security/keymint/aidl/vts')
4 files changed, 90 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp index ef5b0bda73..f30e29cd4c 100644 --- a/security/keymint/aidl/vts/functional/Android.bp +++ b/security/keymint/aidl/vts/functional/Android.bp @@ -31,8 +31,10 @@ cc_defaults { "VtsHalTargetTestDefaults", ], shared_libs: [ + "libbinder", "libbinder_ndk", "libcrypto", + "packagemanager_aidl-cpp", ], static_libs: [ "android.hardware.security.secureclock-V1-ndk", diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index ca517ac61c..b9968f8afc 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -35,7 +35,17 @@ bool IsSelfSigned(const vector<Certificate>& chain) { } // namespace class AttestKeyTest : public KeyMintAidlTestBase { + public: + void SetUp() override { + check_skip_test(); + KeyMintAidlTestBase::SetUp(); + } + protected: + const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key"; + + const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore"; + ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc, const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob, @@ -60,6 +70,59 @@ class AttestKeyTest : public KeyMintAidlTestBase { } return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain); } + + // Check if ATTEST_KEY feature is disabled + bool is_attest_key_feature_disabled(void) const { + if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) { + GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled"; + return true; + } + + return false; + } + + // Check if StrongBox KeyStore is enabled + bool is_strongbox_enabled(void) const { + if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) { + GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled"; + return true; + } + + return false; + } + + // Check if chipset has received a waiver allowing it to be launched with + // Android S (or later) with Keymaster 4.0 in StrongBox + bool is_chipset_allowed_km4_strongbox(void) const { + std::array<char, PROPERTY_VALUE_MAX> buffer; + + auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr); + if (res <= 0) return false; + + const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"}; + + for (const string model : allowed_soc_models) { + if (model.compare(buffer.data()) == 0) { + GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0"; + return true; + } + } + + return false; + } + + // Skip the test if all the following conditions hold: + // 1. ATTEST_KEY feature is disabled + // 2. STRONGBOX is enabled + // 3. The device is running one of the chipsets that have received a waiver + // allowing it to be launched with Android S (or later) with Keymaster 4.0 + // in StrongBox + void check_skip_test(void) const { + if (is_attest_key_feature_disabled() && is_strongbox_enabled() && + is_chipset_allowed_km4_strongbox()) { + GTEST_SKIP() << "Test is not applicable"; + } + } }; /* diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 46db4f0c78..20c0bf580f 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -23,6 +23,7 @@ #include <android-base/logging.h> #include <android/binder_manager.h> +#include <android/content/pm/IPackageManagerNative.h> #include <cppbor_parse.h> #include <cutils/properties.h> #include <gmock/gmock.h> @@ -1923,6 +1924,29 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey) *signingKey = std::move(pubKey); } +// Check whether the given named feature is available. +bool check_feature(const std::string& name) { + ::android::sp<::android::IServiceManager> sm(::android::defaultServiceManager()); + ::android::sp<::android::IBinder> binder(sm->getService(::android::String16("package_native"))); + if (binder == nullptr) { + GTEST_LOG_(ERROR) << "getService package_native failed"; + return false; + } + ::android::sp<::android::content::pm::IPackageManagerNative> packageMgr = + ::android::interface_cast<::android::content::pm::IPackageManagerNative>(binder); + if (packageMgr == nullptr) { + GTEST_LOG_(ERROR) << "Cannot find package manager"; + return false; + } + bool hasFeature = false; + auto status = packageMgr->hasSystemFeature(::android::String16(name.c_str()), 0, &hasFeature); + if (!status.isOk()) { + GTEST_LOG_(ERROR) << "hasSystemFeature('" << name << "') failed: " << status; + return false; + } + return hasFeature; +} + } // namespace test } // namespace aidl::android::hardware::security::keymint diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 8f9df24522..7d3bc30b7b 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -386,6 +386,7 @@ vector<uint8_t> make_name_from_str(const string& name); void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode, vector<uint8_t>* payload_value); void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey); +bool check_feature(const std::string& name); AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics); AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics); |