Merge "[DO NOT MERGE] vts: Fix for setProp in VtsHalAutomotiveVehicleV2_0TargetTest" into android12L-tests-dev
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index 77eea8a..2de19d5 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp
@@ -30,6 +30,7 @@
"VtsHalTargetTestDefaults",
],
shared_libs: [
+ "libbinder",
"libbinder_ndk",
"libcrypto",
],
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index f37676b..bc5e07e 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -35,7 +35,17 @@
} // namespace
class AttestKeyTest : public KeyMintAidlTestBase {
+ public:
+ void SetUp() override {
+ check_skip_test();
+ KeyMintAidlTestBase::SetUp();
+ }
+
protected:
+ const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
+
+ const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
+
ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
const optional<AttestationKey>& attest_key,
vector<uint8_t>* key_blob,
@@ -60,6 +70,59 @@
}
return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
}
+
+ // Check if ATTEST_KEY feature is disabled
+ bool is_attest_key_feature_disabled(void) const {
+ if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) {
+ GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled";
+ return true;
+ }
+
+ return false;
+ }
+
+ // Check if StrongBox KeyStore is enabled
+ bool is_strongbox_enabled(void) const {
+ if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) {
+ GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled";
+ return true;
+ }
+
+ return false;
+ }
+
+ // Check if chipset has received a waiver allowing it to be launched with
+ // Android S (or later) with Keymaster 4.0 in StrongBox
+ bool is_chipset_allowed_km4_strongbox(void) const {
+ std::array<char, PROPERTY_VALUE_MAX> buffer;
+
+ auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);
+ if (res <= 0) return false;
+
+ const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"};
+
+ for (const string model : allowed_soc_models) {
+ if (model.compare(buffer.data()) == 0) {
+ GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0";
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ // Skip the test if all the following conditions hold:
+ // 1. ATTEST_KEY feature is disabled
+ // 2. STRONGBOX is enabled
+ // 3. The device is running one of the chipsets that have received a waiver
+ // allowing it to be launched with Android S (or later) with Keymaster 4.0
+ // in StrongBox
+ void check_skip_test(void) const {
+ if (is_attest_key_feature_disabled() && is_strongbox_enabled() &&
+ is_chipset_allowed_km4_strongbox()) {
+ GTEST_SKIP() << "Test is not applicable";
+ }
+ }
};
/*
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 8e35c91..6598643 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -22,6 +22,7 @@
#include <android-base/logging.h>
#include <android/binder_manager.h>
+#include <android/content/pm/IPackageManagerNative.h>
#include <cppbor_parse.h>
#include <cutils/properties.h>
#include <gmock/gmock.h>
@@ -1684,6 +1685,29 @@
*signingKey = std::move(pubKey);
}
+// Check whether the given named feature is available.
+bool check_feature(const std::string& name) {
+ ::android::sp<::android::IServiceManager> sm(::android::defaultServiceManager());
+ ::android::sp<::android::IBinder> binder(sm->getService(::android::String16("package_native")));
+ if (binder == nullptr) {
+ GTEST_LOG_(ERROR) << "getService package_native failed";
+ return false;
+ }
+ ::android::sp<::android::content::pm::IPackageManagerNative> packageMgr =
+ ::android::interface_cast<::android::content::pm::IPackageManagerNative>(binder);
+ if (packageMgr == nullptr) {
+ GTEST_LOG_(ERROR) << "Cannot find package manager";
+ return false;
+ }
+ bool hasFeature = false;
+ auto status = packageMgr->hasSystemFeature(::android::String16(name.c_str()), 0, &hasFeature);
+ if (!status.isOk()) {
+ GTEST_LOG_(ERROR) << "hasSystemFeature('" << name << "') failed: " << status;
+ return false;
+ }
+ return hasFeature;
+}
+
} // namespace test
} // namespace aidl::android::hardware::security::keymint
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 7b3b9d4..e3972c4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -347,6 +347,7 @@
void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
vector<uint8_t>* payload_value);
void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
+bool check_feature(const std::string& name);
AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);