Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 247b39a92f67354a29a474570ff61a2fdb8e7786^! / .
commit247b39a92f67354a29a474570ff61a2fdb8e7786[log] [tgz]
authorAlice Wang <aliceywang@google.com>Tue Oct 31 15:16:55 2023 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Oct 31 15:16:55 2023 +0000
tree5decccda481ce7488b9b2c02340d8ba66d99678c
parentcdf9d2c9362a41aa097aea9c183dc028e5518237 [diff]
Revert "Revert "[avf] Adjust IRPC VTS tests to handle AVF in uns..."

Revert submission 2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ

Reason for revert: This change relands the topic
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
This SELinux denial has been fixed in system/sepolicy

Reverted changes: /q/submissionid:2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ

Change-Id: Ia1aed212bf8de4b81239997cc1d1ca665cc456eb

diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 34f7ce4..6edbfc1 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp

@@ -520,6 +520,15 @@
                    std::to_string(info.versionNumber) + ").";
         }
     }
+    // Bypasses the device info validation since the device info in AVF is currently
+    // empty. Check b/299256925 for more information.
+    //
+    // TODO(b/300911665): This check is temporary and will be replaced once the markers
+    // on the DICE chain become available. We need to determine if the CSR is from the
+    // RKP VM using the markers on the DICE chain.
+    if (info.uniqueId == "AVF Remote Provisioning 1") {
+        return std::move(parsed);
+    }
 
     std::string error;
     std::string tmp;

diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 62463eb..a1de93e 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -55,6 +55,8 @@
 
 constexpr uint8_t MIN_CHALLENGE_SIZE = 0;
 constexpr uint8_t MAX_CHALLENGE_SIZE = 64;
+const string RKP_VM_INSTANCE_NAME =
+        "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf";
 
 #define INSTANTIATE_REM_PROV_AIDL_TEST(name)                                         \
     GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);                             \
@@ -181,7 +183,12 @@
             provisionable_ = IRemotelyProvisionedComponent::fromBinder(binder);
         }
         ASSERT_NE(provisionable_, nullptr);
-        ASSERT_TRUE(provisionable_->getHardwareInfo(&rpcHardwareInfo).isOk());
+        auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo);
+        if (GetParam() == RKP_VM_INSTANCE_NAME &&
+            status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
+            GTEST_SKIP() << "The RKP VM is not supported on this system.";
+        }
+        ASSERT_TRUE(status.isOk());
     }
 
     static vector<string> build_params() {
@@ -207,7 +214,11 @@
         ASSERT_NE(rpc, nullptr);
 
         RpcHardwareInfo hwInfo;
-        ASSERT_TRUE(rpc->getHardwareInfo(&hwInfo).isOk());
+        auto status = rpc->getHardwareInfo(&hwInfo);
+        if (hal == RKP_VM_INSTANCE_NAME && status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
+            GTEST_SKIP() << "The RKP VM is not supported on this system.";
+        }
+        ASSERT_TRUE(status.isOk());
 
         if (hwInfo.versionNumber >= VERSION_WITH_UNIQUE_ID_SUPPORT) {
             ASSERT_TRUE(hwInfo.uniqueId);