commit 46c40cfb0bd8b9b49ce94accc0a42498a0a60219
author Treehugger Robot <treehugger-gerrit@google.com> Tue Feb 08 23:59:45 2022 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Tue Feb 08 23:59:45 2022 +0000
tree f3fc09f6878c5454c9185859ba967e08c1582416
parent 6deedfe25556079302771acd1af87dab62b8a99f
parent fa59f35bce1a75dd6bdc97b3c266fbc575a6467b

Merge "Make os_version optional for StrongBox" am: fc3fdf1a96 am: be60ee6543 am: f402fd2a55 am: fa59f35bce

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1971121

Change-Id: Ib268a21c6b06400e98400a86e0ae459de4a82603

security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index 153a04f..abb2a7b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -40,7 +40,9 @@
      *         "vb_state" : "green" / "yellow" / "orange",    // Taken from the AVB values
      *         "bootloader_state" : "locked" / "unlocked",    // Taken from the AVB values
      *         "vbmeta_digest": bstr,                         // Taken from the AVB values
-     *         "os_version" : tstr,                      // Same as android.os.Build.VERSION.release
+     *         ? "os_version" : tstr,                         // Same as
+     *                                                        // android.os.Build.VERSION.release
+     *                                                        // Not optional for TEE.
      *         "system_patch_level" : uint,                   // YYYYMMDD
      *         "boot_patch_level" : uint,                     // YYYYMMDD
      *         "vendor_patch_level" : uint,                   // YYYYMMDD

security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 927d7d7..e2d75ce 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -492,7 +492,6 @@
                 ASSERT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()),
                           allowList.end());
                 checkType(deviceInfo, cppbor::BSTR, "vbmeta_digest");
-                checkType(deviceInfo, cppbor::TSTR, "os_version");
                 checkType(deviceInfo, cppbor::UINT, "system_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "boot_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "vendor_patch_level");
@@ -502,6 +501,9 @@
                 allowList = getAllowedSecurityLevels();
                 ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
                           allowList.end());
+                if (deviceInfo->get("security_level")->asTstr()->value() == "tee") {
+                    checkType(deviceInfo, cppbor::TSTR, "os_version");
+                }
                 break;
             case 1:
                 checkType(deviceInfo, cppbor::TSTR, "security_level");