Merge "Merge "Add android.hardware.security.dice HAL interface." am: b05a7c1376 am: 1d5af3f5ec" into sc-v2-dev-plus-aosp
diff --git a/bluetooth/audio/2.1/Android.bp b/bluetooth/audio/2.1/Android.bp
index 822f5b3..1175fb3 100644
--- a/bluetooth/audio/2.1/Android.bp
+++ b/bluetooth/audio/2.1/Android.bp
@@ -25,7 +25,7 @@
],
apex_available: [
"//apex_available:platform",
- "com.android.bluetooth.updatable",
+ "com.android.bluetooth",
],
gen_java: false,
}
diff --git a/bluetooth/audio/2.2/Android.bp b/bluetooth/audio/2.2/Android.bp
index 8d52ce9..d66e84e 100644
--- a/bluetooth/audio/2.2/Android.bp
+++ b/bluetooth/audio/2.2/Android.bp
@@ -27,7 +27,7 @@
],
apex_available: [
"//apex_available:platform",
- "com.android.bluetooth.updatable",
+ "com.android.bluetooth",
],
gen_java: false,
}
diff --git a/graphics/composer/2.1/utils/vts/GraphicsComposerCallback.cpp b/graphics/composer/2.1/utils/vts/GraphicsComposerCallback.cpp
index 1ead138..ccbc5b1 100644
--- a/graphics/composer/2.1/utils/vts/GraphicsComposerCallback.cpp
+++ b/graphics/composer/2.1/utils/vts/GraphicsComposerCallback.cpp
@@ -30,7 +30,7 @@
std::vector<Display> GraphicsComposerCallback::getDisplays() const {
std::lock_guard<std::mutex> lock(mMutex);
- return std::vector<Display>(mDisplays.begin(), mDisplays.end());
+ return mDisplays;
}
int GraphicsComposerCallback::getInvalidHotplugCount() const {
@@ -51,12 +51,17 @@
Return<void> GraphicsComposerCallback::onHotplug(Display display, Connection connection) {
std::lock_guard<std::mutex> lock(mMutex);
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
if (connection == Connection::CONNECTED) {
- if (!mDisplays.insert(display).second) {
+ if (it == mDisplays.end()) {
+ mDisplays.push_back(display);
+ } else {
mInvalidHotplugCount++;
}
} else if (connection == Connection::DISCONNECTED) {
- if (!mDisplays.erase(display)) {
+ if (it != mDisplays.end()) {
+ mDisplays.erase(it);
+ } else {
mInvalidHotplugCount++;
}
}
@@ -67,7 +72,8 @@
Return<void> GraphicsComposerCallback::onRefresh(Display display) {
std::lock_guard<std::mutex> lock(mMutex);
- if (mDisplays.count(display) == 0) {
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
+ if (it == mDisplays.end()) {
mInvalidRefreshCount++;
}
@@ -77,7 +83,8 @@
Return<void> GraphicsComposerCallback::onVsync(Display display, int64_t) {
std::lock_guard<std::mutex> lock(mMutex);
- if (!mVsyncAllowed || mDisplays.count(display) == 0) {
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
+ if (!mVsyncAllowed || it == mDisplays.end()) {
mInvalidVsyncCount++;
}
diff --git a/graphics/composer/2.1/utils/vts/include/composer-vts/2.1/GraphicsComposerCallback.h b/graphics/composer/2.1/utils/vts/include/composer-vts/2.1/GraphicsComposerCallback.h
index e3c348f..da64052 100644
--- a/graphics/composer/2.1/utils/vts/include/composer-vts/2.1/GraphicsComposerCallback.h
+++ b/graphics/composer/2.1/utils/vts/include/composer-vts/2.1/GraphicsComposerCallback.h
@@ -19,7 +19,7 @@
#include <android/hardware/graphics/composer/2.1/IComposerCallback.h>
#include <mutex>
-#include <unordered_set>
+#include <vector>
namespace android {
namespace hardware {
@@ -48,7 +48,7 @@
mutable std::mutex mMutex;
// the set of all currently connected displays
- std::unordered_set<Display> mDisplays;
+ std::vector<Display> mDisplays;
// true only when vsync is enabled
bool mVsyncAllowed = true;
diff --git a/graphics/composer/2.4/utils/vts/GraphicsComposerCallback.cpp b/graphics/composer/2.4/utils/vts/GraphicsComposerCallback.cpp
index c9366a8..51e1ab7 100644
--- a/graphics/composer/2.4/utils/vts/GraphicsComposerCallback.cpp
+++ b/graphics/composer/2.4/utils/vts/GraphicsComposerCallback.cpp
@@ -25,7 +25,7 @@
std::vector<Display> GraphicsComposerCallback::getDisplays() const {
std::lock_guard<std::mutex> lock(mMutex);
- return std::vector<Display>(mDisplays.begin(), mDisplays.end());
+ return mDisplays;
}
int32_t GraphicsComposerCallback::getInvalidHotplugCount() const {
@@ -71,12 +71,17 @@
Return<void> GraphicsComposerCallback::onHotplug(Display display, Connection connection) {
std::lock_guard<std::mutex> lock(mMutex);
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
if (connection == Connection::CONNECTED) {
- if (!mDisplays.insert(display).second) {
+ if (it == mDisplays.end()) {
+ mDisplays.push_back(display);
+ } else {
mInvalidHotplugCount++;
}
} else if (connection == Connection::DISCONNECTED) {
- if (!mDisplays.erase(display)) {
+ if (it != mDisplays.end()) {
+ mDisplays.erase(it);
+ } else {
mInvalidHotplugCount++;
}
}
@@ -87,7 +92,8 @@
Return<void> GraphicsComposerCallback::onRefresh(Display display) {
std::lock_guard<std::mutex> lock(mMutex);
- if (mDisplays.count(display) == 0) {
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
+ if (it == mDisplays.end()) {
mInvalidRefreshCount++;
}
@@ -106,7 +112,8 @@
Return<void> GraphicsComposerCallback::onVsync_2_4(Display display, int64_t, VsyncPeriodNanos) {
std::lock_guard<std::mutex> lock(mMutex);
- if (!mVsyncAllowed || mDisplays.count(display) == 0) {
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
+ if (!mVsyncAllowed || it == mDisplays.end()) {
mInvalidVsync_2_4Count++;
}
@@ -117,7 +124,8 @@
Display display, const VsyncPeriodChangeTimeline& updatedTimeline) {
std::lock_guard<std::mutex> lock(mMutex);
- if (mDisplays.count(display) == 0) {
+ auto it = std::find(mDisplays.begin(), mDisplays.end(), display);
+ if (it == mDisplays.end()) {
mInvalidVsyncPeriodChangeCount++;
}
@@ -134,4 +142,4 @@
return Void();
}
-} // namespace android::hardware::graphics::composer::V2_4::vts
\ No newline at end of file
+} // namespace android::hardware::graphics::composer::V2_4::vts
diff --git a/graphics/composer/2.4/utils/vts/include/composer-vts/2.4/GraphicsComposerCallback.h b/graphics/composer/2.4/utils/vts/include/composer-vts/2.4/GraphicsComposerCallback.h
index f4e23ae..c03070b 100644
--- a/graphics/composer/2.4/utils/vts/include/composer-vts/2.4/GraphicsComposerCallback.h
+++ b/graphics/composer/2.4/utils/vts/include/composer-vts/2.4/GraphicsComposerCallback.h
@@ -18,7 +18,7 @@
#include <android/hardware/graphics/composer/2.4/IComposerCallback.h>
#include <mutex>
-#include <unordered_set>
+#include <vector>
namespace android::hardware::graphics::composer::V2_4::vts {
@@ -56,7 +56,7 @@
mutable std::mutex mMutex;
// the set of all currently connected displays
- std::unordered_set<Display> mDisplays;
+ std::vector<Display> mDisplays;
// true only when vsync is enabled
bool mVsyncAllowed = true;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index fd6bf65..16bbc5c 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -122,9 +122,9 @@
* straightforward translation of the KeyMint tag/value parameter lists to ASN.1.
*
* KeyDescription ::= SEQUENCE {
- * attestationVersion INTEGER, # Value 100
+ * attestationVersion INTEGER, # Value 200
* attestationSecurityLevel SecurityLevel, # See below
- * keyMintVersion INTEGER, # Value 100
+ * keyMintVersion INTEGER, # Value 200
* keymintSecurityLevel SecurityLevel, # See below
* attestationChallenge OCTET_STRING, # Tag::ATTESTATION_CHALLENGE from attestParams
* uniqueId OCTET_STRING, # Empty unless key has Tag::INCLUDE_UNIQUE_ID
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 0fdf48d..727c6b7 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -81,7 +81,8 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
// Attestation by itself is not valid (last entry is not self-signed).
@@ -113,7 +114,8 @@
hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
- EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
+ hw_enforced, SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
// Attestation by itself is not valid (last entry is not self-signed).
@@ -154,12 +156,13 @@
sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
// The client-specified CREATION_DATETIME should be in sw_enforced.
- // Its presence will also trigger verify_attestation_record() to check that it
- // is in the attestation extension with a matching value.
+ // Its presence will also trigger verify_attestation_record() to check that
+ // it is in the attestation extension with a matching value.
EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
<< "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
<< " not in hw_enforced:" << hw_enforced;
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
// Attestation by itself is not valid (last entry is not self-signed).
@@ -235,7 +238,7 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(),
attest_key_cert_chain[0].encodedCertificate));
@@ -270,7 +273,8 @@
AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
+ SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
// Attestation by itself is not valid (last entry is not self-signed).
@@ -331,7 +335,8 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
ASSERT_GT(cert_chain_list[i].size(), 0);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
cert_chain_list[i][0].encodedCertificate));
if (i > 0) {
@@ -403,7 +408,8 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
ASSERT_GT(cert_chain_list[i].size(), 0);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
cert_chain_list[i][0].encodedCertificate));
if (i > 0) {
@@ -510,7 +516,8 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
ASSERT_GT(cert_chain_list[i].size(), 0);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
cert_chain_list[i][0].encodedCertificate));
if (i > 0) {
@@ -624,7 +631,8 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
// Attestation by itself is not valid (last entry is not self-signed).
@@ -655,7 +663,8 @@
hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+ SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
// Attestation by itself is not valid (last entry is not self-signed).
@@ -760,8 +769,8 @@
// attestation extension should contain them, so make sure the extra tag is added.
hw_enforced.push_back(tag);
- EXPECT_TRUE(verify_attestation_record("challenge", "foo", sw_enforced, hw_enforced,
- SecLevel(),
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
+ hw_enforced, SecLevel(),
attested_key_cert_chain[0].encodedCertificate));
}
CheckedDeleteKey(&attest_key.keyBlob);
diff --git a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
index 3cbffbf..d4bbd69 100644
--- a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
+++ b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
@@ -52,8 +52,9 @@
EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_, /* strict_issuer_check= */ false));
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record("challenge", "foo", sw_enforced, hw_enforced,
- SecLevel(), cert_chain_[0].encodedCertificate));
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
+ hw_enforced, SecLevel(),
+ cert_chain_[0].encodedCertificate));
}
};
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 6140df1..3695f1e 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -127,6 +127,16 @@
return attest_rec;
}
+void check_attestation_version(uint32_t attestation_version, int32_t aidl_version) {
+ // Version numbers in attestation extensions should be a multiple of 100.
+ EXPECT_EQ(attestation_version % 100, 0);
+
+ // The multiplier should never be higher than the AIDL version, but can be less
+ // (for example, if the implementation is from an earlier version but the HAL service
+ // uses the default libraries and so reports the current AIDL version).
+ EXPECT_TRUE((attestation_version / 100) <= aidl_version);
+}
+
bool avb_verification_enabled() {
char value[PROPERTY_VALUE_MAX];
return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
@@ -223,6 +233,15 @@
vendor_patch_level_ = getVendorPatchlevel();
}
+int32_t KeyMintAidlTestBase::AidlVersion() {
+ int32_t version = 0;
+ auto status = keymint_->getInterfaceVersion(&version);
+ if (!status.isOk()) {
+ ADD_FAILURE() << "Failed to determine interface version";
+ }
+ return version;
+}
+
void KeyMintAidlTestBase::SetUp() {
if (AServiceManager_isDeclared(GetParam().c_str())) {
::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
@@ -1304,7 +1323,8 @@
verify_subject(cert.get(), subject, self_signed);
}
-bool verify_attestation_record(const string& challenge, //
+bool verify_attestation_record(int32_t aidl_version, //
+ const string& challenge, //
const string& app_id, //
AuthorizationSet expected_sw_enforced, //
AuthorizationSet expected_hw_enforced, //
@@ -1342,7 +1362,7 @@
EXPECT_EQ(ErrorCode::OK, error);
if (error != ErrorCode::OK) return false;
- EXPECT_EQ(att_attestation_version, 100U);
+ check_attestation_version(att_attestation_version, aidl_version);
vector<uint8_t> appId(app_id.begin(), app_id.end());
// check challenge and app id only if we expects a non-fake certificate
@@ -1353,7 +1373,7 @@
expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, appId);
}
- EXPECT_EQ(att_keymint_version, 100U);
+ check_attestation_version(att_keymint_version, aidl_version);
EXPECT_EQ(security_level, att_keymint_security_level);
EXPECT_EQ(security_level, att_attestation_security_level);
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 7b3b9d4..61f9d4d 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -73,6 +73,7 @@
void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
IKeyMintDevice& keyMint() { return *keymint_; }
+ int32_t AidlVersion();
uint32_t os_version() { return os_version_; }
uint32_t os_patch_level() { return os_patch_level_; }
uint32_t vendor_patch_level() { return vendor_patch_level_; }
@@ -333,7 +334,8 @@
const uint64_t expected_serial, //
const string& subject, bool self_signed);
-bool verify_attestation_record(const string& challenge, //
+bool verify_attestation_record(int aidl_version, //
+ const string& challenge, //
const string& app_id, //
AuthorizationSet expected_sw_enforced, //
AuthorizationSet expected_hw_enforced, //
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 217ea0e..5b80b6f 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -942,7 +942,7 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(),
cert_chain_[0].encodedCertificate));
@@ -1093,7 +1093,7 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(),
cert_chain_[0].encodedCertificate));
@@ -1315,7 +1315,7 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(),
cert_chain_[0].encodedCertificate));
@@ -1444,7 +1444,7 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(),
cert_chain_[0].encodedCertificate));
@@ -1523,8 +1523,9 @@
// Verifying the attestation record will check for the specific tag because
// it's included in the authorizations.
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, sw_enforced, hw_enforced,
- SecLevel(), cert_chain_[0].encodedCertificate));
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, sw_enforced,
+ hw_enforced, SecLevel(),
+ cert_chain_[0].encodedCertificate));
CheckedDeleteKey(&key_blob);
}
@@ -1621,8 +1622,9 @@
// Verifying the attestation record will check for the specific tag because
// it's included in the authorizations.
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, sw_enforced, hw_enforced,
- SecLevel(), cert_chain_[0].encodedCertificate));
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, sw_enforced,
+ hw_enforced, SecLevel(),
+ cert_chain_[0].encodedCertificate));
CheckedDeleteKey(&key_blob);
}
@@ -1668,9 +1670,9 @@
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics_);
// Check that the unique ID field in the extension is non-empty.
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, sw_enforced, hw_enforced,
- SecLevel(), cert_chain_[0].encodedCertificate,
- unique_id));
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, sw_enforced,
+ hw_enforced, SecLevel(),
+ cert_chain_[0].encodedCertificate, unique_id));
EXPECT_GT(unique_id->size(), 0);
CheckedDeleteKey();
};
@@ -1765,8 +1767,9 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, attest_app_id, sw_enforced, hw_enforced,
- SecLevel(), cert_chain_[0].encodedCertificate));
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, attest_app_id, sw_enforced,
+ hw_enforced, SecLevel(),
+ cert_chain_[0].encodedCertificate));
// Check that the app id is not in the cert.
string app_id = "clientid";
@@ -1919,7 +1922,7 @@
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
- EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(),
cert_chain_[0].encodedCertificate));
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 76fb79b..c9d506f 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -236,9 +236,11 @@
vector<Certificate> attested_key_cert_chain = std::move(creationResult.certificateChain);
EXPECT_EQ(attested_key_cert_chain.size(), 1);
+ int32_t aidl_version = 0;
+ ASSERT_TRUE(keyMint->getInterfaceVersion(&aidl_version).isOk());
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
- EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced,
+ EXPECT_TRUE(verify_attestation_record(aidl_version, "foo", "bar", sw_enforced, hw_enforced,
info.securityLevel,
attested_key_cert_chain[0].encodedCertificate));