Do not require StrongBox to implement RKP
Detect if there is an IRemotelyProvisionedComponent for strongbox, and
if so run the associated keymint tests. Else, allow strongbox to skip
the test as it's not required to implement the IRPC HAL.
Bug: 271948302
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibf98e594e725d6ad14c0ff189ab9fbcc25b51f80
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c6b8906..c45dd3f 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -590,8 +590,7 @@
return name.substr(pos + 1);
}
-bool matching_rp_instance(const string& km_name,
- std::shared_ptr<IRemotelyProvisionedComponent>* rp) {
+std::shared_ptr<IRemotelyProvisionedComponent> matching_rp_instance(const std::string& km_name) {
string km_suffix = device_suffix(km_name);
vector<string> rp_names =
@@ -601,11 +600,10 @@
// KeyMint instance, assume they match.
if (device_suffix(rp_name) == km_suffix && AServiceManager_isDeclared(rp_name.c_str())) {
::ndk::SpAIBinder binder(AServiceManager_waitForService(rp_name.c_str()));
- *rp = IRemotelyProvisionedComponent::fromBinder(binder);
- return true;
+ return IRemotelyProvisionedComponent::fromBinder(binder);
}
}
- return false;
+ return nullptr;
}
} // namespace
@@ -1140,11 +1138,14 @@
GTEST_SKIP() << "RKP support is not required on this platform";
}
- // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
- // instance.
- std::shared_ptr<IRemotelyProvisionedComponent> rp;
- ASSERT_TRUE(matching_rp_instance(GetParam(), &rp))
- << "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam();
+ // Check for an IRemotelyProvisionedComponent instance associated with the
+ // KeyMint instance.
+ std::shared_ptr<IRemotelyProvisionedComponent> rp = matching_rp_instance(GetParam());
+ if (rp == nullptr && SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Encountered StrongBox implementation that does not support RKP";
+ }
+ ASSERT_NE(rp, nullptr) << "No IRemotelyProvisionedComponent found that matches KeyMint device "
+ << GetParam();
// Generate a P-256 keypair to use as an attestation key.
MacedPublicKey macedPubKey;
@@ -1218,11 +1219,14 @@
GTEST_SKIP() << "RKP support is not required on this platform";
}
- // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
- // instance.
- std::shared_ptr<IRemotelyProvisionedComponent> rp;
- ASSERT_TRUE(matching_rp_instance(GetParam(), &rp))
- << "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam();
+ // Check for an IRemotelyProvisionedComponent instance associated with the
+ // KeyMint instance.
+ std::shared_ptr<IRemotelyProvisionedComponent> rp = matching_rp_instance(GetParam());
+ if (rp == nullptr && SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Encountered StrongBox implementation that does not support RKP";
+ }
+ ASSERT_NE(rp, nullptr) << "No IRemotelyProvisionedComponent found that matches KeyMint device "
+ << GetParam();
// Generate a P-256 keypair to use as an attestation key.
MacedPublicKey macedPubKey;