Merge "Convert SDK API level to vendor API level for Android 15+ in VTS gates." into main

commit: 1d8a63680b28e09b6d6de2f7c9ec7996c526d473 [log] [tgz]
author: Catherine Vlasov <cvlasov@google.com> Mon Dec 16 05:29:26 2024 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Dec 16 05:29:26 2024 -0800
tree: 1607e43a5af2ba98a0d9b3c74c604bab92b09b93
parent: e20b08eeadf2d3b0b6a9eae33dcb08f69268ff82 [diff]
parent: f16bd49ecdde911b0975c449861c8b26d6144591 [diff]
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index 1414220..da3427a 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp

@@ -37,6 +37,7 @@
         "libcrypto",
         "libbase",
         "libgatekeeper",
+        "libvendorsupport",
         "packagemanager_aidl-cpp",
     ],
     static_libs: [

diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
index b41da3f..62215f3 100644
--- a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp

@@ -27,6 +27,7 @@
 #include <libavb/libavb.h>
 #include <libavb_user/avb_ops_user.h>
 #include <remote_prov/remote_prov_utils.h>
+#include <vendorsupport/api_level.h>
 
 #include "KeyMintAidlTestBase.h"
 
@@ -98,7 +99,7 @@
 // Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked.
 TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) {
     // Gate this test to avoid waiver issues.
-    if (get_vsr_api_level() <= __ANDROID_API_V__) {
+    if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         return;
     }
 
@@ -141,7 +142,7 @@
     avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256,
                                                  sha256Digest.data());
 
-    if (get_vsr_api_level() >= __ANDROID_API_V__) {
+    if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest)
                 << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_)
                 << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest)

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 09446ce..4429816 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -35,6 +35,7 @@
 #include <openssl/evp.h>
 #include <openssl/mem.h>
 #include <remote_prov/remote_prov_utils.h>
+#include <vendorsupport/api_level.h>
 
 #include <keymaster/cppcose/cppcose.h>
 #include <keymint_support/key_param_output.h>
@@ -1908,13 +1909,13 @@
         }
     }
 
-    if (get_vsr_api_level() > __ANDROID_API_V__) {
+    if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         // The Verified Boot key field should be exactly 32 bytes since it
         // contains the SHA-256 hash of the key on locked devices or 32 bytes
         // of zeroes on unlocked devices. This wasn't checked for earlier
         // versions of the KeyMint HAL, so only only be strict for VSR-16+.
         EXPECT_EQ(verified_boot_key.size(), 32);
-    } else if (get_vsr_api_level() == __ANDROID_API_V__) {
+    } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         // The Verified Boot key field should be:
         //   - Exactly 32 bytes on locked devices since it should contain
         //     the SHA-256 hash of the key, or

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 416e6c0..e8a767b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -42,6 +42,8 @@
 #include <keymint_support/key_param_output.h>
 #include <keymint_support/openssl_utils.h>
 
+#include <vendorsupport/api_level.h>
+
 #include "KeyMintAidlTestBase.h"
 
 using aidl::android::hardware::security::keymint::AuthorizationSet;
@@ -4156,7 +4158,7 @@
  * when the EC_CURVE is not explicitly specified.
  */
 TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {
-    if (get_vsr_api_level() < __ANDROID_API_V__) {
+    if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         /*
          * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import
          * of EC keys. However, this was not checked at the time so we can only be strict about
@@ -5315,7 +5317,7 @@
 
 TEST_P(ImportWrappedKeyTest, RsaKey) {
     int vsr_api_level = get_vsr_api_level();
-    if (vsr_api_level < __ANDROID_API_V__) {
+    if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         /*
          * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to
          * just symmetric keys.  However, the import of asymmetric wrapped keys was not tested
@@ -5346,7 +5348,7 @@
 
 TEST_P(ImportWrappedKeyTest, EcKey) {
     int vsr_api_level = get_vsr_api_level();
-    if (vsr_api_level < __ANDROID_API_V__) {
+    if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         /*
          * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to
          * just symmetric keys.  However, the import of asymmetric wrapped keys was not tested
@@ -8962,7 +8964,7 @@
 // @VsrTest = GMS-VSR-3.10-019
 TEST_P(VsrRequirementTest, Vsr16Test) {
     int vsr_api_level = get_vsr_api_level();
-    if (vsr_api_level <= __ANDROID_API_V__) {
+    if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
         GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level;
     }
     if (SecLevel() == SecurityLevel::STRONGBOX) {

diff --git a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
index f7639bf..1f09328 100644
--- a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
+++ b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp

@@ -26,6 +26,7 @@
 #include <cppbor_parse.h>
 #include <keymaster/cppcose/cppcose.h>
 #include <keymint_support/key_param_output.h>
+#include <vendorsupport/api_level.h>
 
 #include "KeyMintAidlTestBase.h"
 
@@ -114,13 +115,13 @@
         const auto& vbKey = rot->asArray()->get(pos++);
         ASSERT_TRUE(vbKey);
         ASSERT_TRUE(vbKey->asBstr());
-        if (get_vsr_api_level() > __ANDROID_API_V__) {
+        if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
             // The Verified Boot key field should be exactly 32 bytes since it
             // contains the SHA-256 hash of the key on locked devices or 32 bytes
             // of zeroes on unlocked devices. This wasn't checked for earlier
             // versions of the KeyMint HAL, so only only be strict for VSR-16+.
             ASSERT_EQ(vbKey->asBstr()->value().size(), 32);
-        } else if (get_vsr_api_level() == __ANDROID_API_V__) {
+        } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
             // The Verified Boot key field should be:
             //   - Exactly 32 bytes on locked devices since it should contain
             //     the SHA-256 hash of the key, or
commit	1d8a63680b28e09b6d6de2f7c9ec7996c526d473	[log] [tgz]
author	Catherine Vlasov <cvlasov@google.com>	Mon Dec 16 05:29:26 2024 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Dec 16 05:29:26 2024 -0800
tree	1607e43a5af2ba98a0d9b3c74c604bab92b09b93
parent	e20b08eeadf2d3b0b6a9eae33dcb08f69268ff82 [diff]
parent	f16bd49ecdde911b0975c449861c8b26d6144591 [diff]