diff options
Diffstat (limited to 'security')
3 files changed, 37 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index be219940f8..6f21d3e6e7 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -1461,6 +1461,28 @@ void verify_subject(const X509* cert, // OPENSSL_free(cert_issuer); } +int get_vsr_api_level() { + int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); + } + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.vndk.version", -1); + } + // We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird + // devices, we may not. So, we use the SDK first or current API level if needed. If this goes + // wrong, it should go wrong in the direction of being too strict rather than too lenient, which + // should provoke someone to examine why we don't have proper VSR API level properties. + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1); + } + if (api_level == -1) { + api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1); + } + EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent."; + return api_level; +} + bool is_gsi_image() { std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc"); return ifs.good(); diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 2634ab7868..abbfb398df 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t } } +// Return the VSR API level for this device. +int get_vsr_api_level(); + // Indicate whether the test is running on a GSI image. bool is_gsi_image(); diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 3c2bece4af..4e746b2bb9 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -7991,6 +7991,18 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) { INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest); +using VsrRequirementTest = KeyMintAidlTestBase; + +TEST_P(VsrRequirementTest, Vsr13Test) { + int vsr_api_level = get_vsr_api_level(); + if (vsr_api_level < 33) { + GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level; + } + EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2"; +} + +INSTANTIATE_KEYMINT_AIDL_TEST(VsrRequirementTest); + } // namespace aidl::android::hardware::security::keymint::test int main(int argc, char** argv) { |