Add logging to KeyCharacteristicsBasicallyValid
There are multiple ways this predicate can fail, so add some logging
statements when errors occur so that tests are easier to debug.
Test: VtsAidlKeyMintTargetTest
Change-Id: I49ec12271bdebeab3aa6b9c7ae5d491075b3b649
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 2032411..fb720e8 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -77,12 +77,18 @@
std::unordered_set<SecurityLevel> levels_seen;
for (auto& entry : key_characteristics) {
- if (entry.authorizations.empty()) return false;
+ if (entry.authorizations.empty()) {
+ GTEST_LOG_(ERROR) << "empty authorizations for " << entry.securityLevel;
+ return false;
+ }
// Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;
- if (levels_seen.find(entry.securityLevel) != levels_seen.end()) return false;
+ if (levels_seen.find(entry.securityLevel) != levels_seen.end()) {
+ GTEST_LOG_(ERROR) << "duplicate authorizations for " << entry.securityLevel;
+ return false;
+ }
levels_seen.insert(entry.securityLevel);
// Generally, we should only have one entry, at the same security level as the KM
@@ -92,7 +98,10 @@
(secLevel == SecurityLevel::STRONGBOX &&
entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT);
- if (!isExpectedSecurityLevel) return false;
+ if (!isExpectedSecurityLevel) {
+ GTEST_LOG_(ERROR) << "Unexpected security level " << entry.securityLevel;
+ return false;
+ }
}
return true;
}