Merge "Use ObjectPool objects in property store."
diff --git a/automotive/audiocontrol/1.0/vts/functional/OWNERS b/automotive/audiocontrol/1.0/vts/functional/OWNERS
new file mode 100644
index 0000000..fb422db
--- /dev/null
+++ b/automotive/audiocontrol/1.0/vts/functional/OWNERS
@@ -0,0 +1,2 @@
+# Bug component: 162915
+zhaomingyin@google.com
diff --git a/automotive/audiocontrol/2.0/vts/functional/OWNERS b/automotive/audiocontrol/2.0/vts/functional/OWNERS
new file mode 100644
index 0000000..fb422db
--- /dev/null
+++ b/automotive/audiocontrol/2.0/vts/functional/OWNERS
@@ -0,0 +1,2 @@
+# Bug component: 162915
+zhaomingyin@google.com
diff --git a/automotive/sv/1.0/vts/functional/OWNERS b/automotive/sv/1.0/vts/functional/OWNERS
new file mode 100644
index 0000000..2ba00a3
--- /dev/null
+++ b/automotive/sv/1.0/vts/functional/OWNERS
@@ -0,0 +1,3 @@
+# Bug component: 821659
+tanmayp@google.com
+ankitarora@google.com
diff --git a/automotive/vehicle/2.0/vts/functional/OWNERS b/automotive/vehicle/2.0/vts/functional/OWNERS
new file mode 100644
index 0000000..8a0f2af
--- /dev/null
+++ b/automotive/vehicle/2.0/vts/functional/OWNERS
@@ -0,0 +1,2 @@
+# Bug component: 533426
+kwangsudo@google.com
diff --git a/neuralnetworks/1.2/utils/src/ExecutionBurstController.cpp b/neuralnetworks/1.2/utils/src/ExecutionBurstController.cpp
index b4b6f68..8ce96c4 100644
--- a/neuralnetworks/1.2/utils/src/ExecutionBurstController.cpp
+++ b/neuralnetworks/1.2/utils/src/ExecutionBurstController.cpp
@@ -176,7 +176,10 @@
std::lock_guard guard(mMutex);
const int32_t slot = mMemoryIdToSlot.at(memory);
if (mBurstContext) {
- mBurstContext->freeMemory(slot);
+ const auto ret = mBurstContext->freeMemory(slot);
+ if (!ret.isOk()) {
+ LOG(ERROR) << "IBustContext::freeMemory failed: " << ret.description();
+ }
}
mMemoryIdToSlot.erase(memory);
mMemoryCache[slot] = {};
diff --git a/renderscript/1.0/vts/functional/OWNERS b/renderscript/1.0/vts/functional/OWNERS
new file mode 100644
index 0000000..d785790
--- /dev/null
+++ b/renderscript/1.0/vts/functional/OWNERS
@@ -0,0 +1,6 @@
+# Bug component: 43047
+butlermichael@google.com
+dgross@google.com
+jeanluc@google.com
+miaowang@google.com
+xusongw@google.com
diff --git a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
index d7abf07..6f2f189 100644
--- a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
+++ b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
@@ -64,7 +64,9 @@
* attestation.
*/
TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@@ -91,7 +93,9 @@
* attestation.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@@ -117,7 +121,9 @@
* attestation correctly, if implemented.
*/
TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
- if (SecLevel() != SecurityLevel::STRONGBOX) return;
+ if (SecLevel() != SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to non-StrongBox device";
+ }
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@@ -174,7 +180,9 @@
* attestation correctly, if implemented.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
- if (SecLevel() != SecurityLevel::STRONGBOX) return;
+ if (SecLevel() != SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to non-StrongBox device";
+ }
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@@ -226,7 +234,9 @@
* local device.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {
- if (SecLevel() != SecurityLevel::STRONGBOX) return;
+ if (SecLevel() != SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to non-StrongBox device";
+ }
// Collection of valid attestation ID tags.
auto attestation_id_tags = AuthorizationSetBuilder();
@@ -292,7 +302,9 @@
* don't match the local device.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
- if (SecLevel() != SecurityLevel::STRONGBOX) return;
+ if (SecLevel() != SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to non-StrongBox device";
+ }
// Collection of invalid attestation ID tags.
auto attestation_id_tags =
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index d8db5c7..53d980d 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -1482,6 +1482,7 @@
.Authorization(TAG_TRUSTED_CONFIRMATION_REQUIRED)
.Authorization(TAG_UNLOCKED_DEVICE_REQUIRED)
.Authorization(TAG_CREATION_DATETIME, 1619621648000);
+
for (const KeyParameter& tag : extra_tags) {
SCOPED_TRACE(testing::Message() << "tag-" << tag);
vector<uint8_t> key_blob;
@@ -1520,19 +1521,19 @@
CheckedDeleteKey(&key_blob);
}
- // Device attestation IDs should be rejected for normal attestation requests; these fields
- // are only used for device unique attestation.
- auto invalid_tags = AuthorizationSetBuilder()
- .Authorization(TAG_ATTESTATION_ID_BRAND, "brand")
- .Authorization(TAG_ATTESTATION_ID_DEVICE, "device")
- .Authorization(TAG_ATTESTATION_ID_PRODUCT, "product")
- .Authorization(TAG_ATTESTATION_ID_SERIAL, "serial")
- .Authorization(TAG_ATTESTATION_ID_IMEI, "imei")
- .Authorization(TAG_ATTESTATION_ID_MEID, "meid")
- .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "manufacturer")
- .Authorization(TAG_ATTESTATION_ID_MODEL, "model");
+ // Collection of invalid attestation ID tags.
+ auto invalid_tags =
+ AuthorizationSetBuilder()
+ .Authorization(TAG_ATTESTATION_ID_BRAND, "bogus-brand")
+ .Authorization(TAG_ATTESTATION_ID_DEVICE, "devious-device")
+ .Authorization(TAG_ATTESTATION_ID_PRODUCT, "punctured-product")
+ .Authorization(TAG_ATTESTATION_ID_SERIAL, "suspicious-serial")
+ .Authorization(TAG_ATTESTATION_ID_IMEI, "invalid-imei")
+ .Authorization(TAG_ATTESTATION_ID_MEID, "mismatching-meid")
+ .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
+ .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
for (const KeyParameter& tag : invalid_tags) {
- SCOPED_TRACE(testing::Message() << "tag-" << tag);
+ SCOPED_TRACE(testing::Message() << "-incorrect-tag-" << tag);
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
AuthorizationSetBuilder builder =
@@ -1552,6 +1553,74 @@
}
/*
+ * NewKeyGenerationTest.EcdsaAttestationIdTags
+ *
+ * Verifies that creation of an attested ECDSA key includes various ID tags in the
+ * attestation extension.
+ */
+TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
+ auto challenge = "hello";
+ auto app_id = "foo";
+ auto subject = "cert subj 2";
+ vector<uint8_t> subject_der(make_name_from_str(subject));
+ uint64_t serial_int = 0x1010;
+ vector<uint8_t> serial_blob(build_serial_blob(serial_int));
+ const AuthorizationSetBuilder base_builder =
+ AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(EcCurve::P_256)
+ .Digest(Digest::NONE)
+ .AttestationChallenge(challenge)
+ .AttestationApplicationId(app_id)
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .SetDefaultValidity();
+
+ // Various ATTESTATION_ID_* tags that map to fields in the attestation extension ASN.1 schema.
+ auto extra_tags = AuthorizationSetBuilder();
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serial");
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "ro.product.manufacturer");
+ add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
+
+ for (const KeyParameter& tag : extra_tags) {
+ SCOPED_TRACE(testing::Message() << "tag-" << tag);
+ vector<uint8_t> key_blob;
+ vector<KeyCharacteristics> key_characteristics;
+ AuthorizationSetBuilder builder = base_builder;
+ builder.push_back(tag);
+ auto result = GenerateKey(builder, &key_blob, &key_characteristics);
+ if (result == ErrorCode::CANNOT_ATTEST_IDS) {
+ // Device ID attestation is optional; KeyMint may not support it at all.
+ continue;
+ }
+ ASSERT_EQ(result, ErrorCode::OK);
+ ASSERT_GT(key_blob.size(), 0U);
+
+ EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
+ ASSERT_GT(cert_chain_.size(), 0);
+ verify_subject_and_serial(cert_chain_[0], serial_int, subject, /* self_signed = */ false);
+
+ AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
+ AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
+
+ // The attested key characteristics will not contain APPLICATION_ID_* fields (their
+ // spec definitions all have "Must never appear in KeyCharacteristics"), but the
+ // attestation extension should contain them, so make sure the extra tag is added.
+ hw_enforced.push_back(tag);
+
+ // Verifying the attestation record will check for the specific tag because
+ // it's included in the authorizations.
+ EXPECT_TRUE(verify_attestation_record(challenge, app_id, sw_enforced, hw_enforced,
+ SecLevel(), cert_chain_[0].encodedCertificate));
+
+ CheckedDeleteKey(&key_blob);
+ }
+}
+
+/*
* NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId
*
* Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.
@@ -1840,7 +1909,9 @@
* INVALID_ARGUMENT.
*/
TEST_P(NewKeyGenerationTest, EcdsaMismatchKeySize) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
auto result = GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_ALGORITHM, Algorithm::EC)
@@ -2067,7 +2138,9 @@
* Verifies that keymint rejects HMAC key generation with multiple specified digest algorithms.
*/
TEST_P(NewKeyGenerationTest, HmacMultipleDigests) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST,
GenerateKey(AuthorizationSetBuilder()
@@ -2291,7 +2364,9 @@
* presented.
*/
TEST_P(SigningOperationsTest, NoUserConfirmation) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(1024, 65537)
.Digest(Digest::NONE)
@@ -2381,7 +2456,9 @@
* for a 1024-bit key.
*/
TEST_P(SigningOperationsTest, RsaPssSha512TooSmallKey) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(1024, 65537)
.Digest(Digest::SHA_2_512)
@@ -3200,7 +3277,9 @@
* Verifies that importing and using an ECDSA P-521 key pair works correctly.
*/
TEST_P(ImportKeyTest, Ecdsa521Success) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_521)
@@ -3909,7 +3988,9 @@
* with a different digest than was used to encrypt.
*/
TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -5823,7 +5904,9 @@
* Verifies that the max uses per boot tag works correctly with AES keys.
*/
TEST_P(MaxOperationsTest, TestLimitAes) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -5850,7 +5933,9 @@
* Verifies that the max uses per boot tag works correctly with RSA keys.
*/
TEST_P(MaxOperationsTest, TestLimitRsa) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -5881,7 +5966,9 @@
* Verifies that the usage count limit tag = 1 works correctly with AES keys.
*/
TEST_P(UsageCountLimitTest, TestSingleUseAes) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -5925,7 +6012,9 @@
* Verifies that the usage count limit tag > 1 works correctly with AES keys.
*/
TEST_P(UsageCountLimitTest, TestLimitedUseAes) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -5970,7 +6059,9 @@
* Verifies that the usage count limit tag = 1 works correctly with RSA keys.
*/
TEST_P(UsageCountLimitTest, TestSingleUseRsa) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -6014,7 +6105,9 @@
* Verifies that the usage count limit tag > 1 works correctly with RSA keys.
*/
TEST_P(UsageCountLimitTest, TestLimitUseRsa) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -6061,7 +6154,9 @@
* in hardware.
*/
TEST_P(UsageCountLimitTest, TestSingleUseKeyAndRollbackResistance) {
- if (SecLevel() == SecurityLevel::STRONGBOX) return;
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ GTEST_SKIP() << "Test not applicable to StrongBox device";
+ }
auto error = GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
@@ -6070,38 +6165,39 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
- ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
-
- if (error == ErrorCode::OK) {
- // Rollback resistance is supported by KeyMint, verify it is enforced in hardware.
- AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
- ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
- ASSERT_EQ(ErrorCode::OK, DeleteKey());
-
- // The KeyMint should also enforce single use key in hardware when it supports rollback
- // resistance.
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
- .NoDigestOrPadding()
- .Authorization(TAG_USAGE_COUNT_LIMIT, 1)
- .SetDefaultValidity()));
-
- // Check the usage count limit tag appears in the hardware authorizations.
- AuthorizationSet hardware_auths = HwEnforcedAuthorizations(key_characteristics_);
- EXPECT_TRUE(hardware_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U))
- << "key usage count limit " << 1U << " missing";
-
- string message = "1234567890123456";
- auto params = AuthorizationSetBuilder().NoDigestOrPadding();
-
- // First usage of RSA key should work.
- SignMessage(message, params);
-
- // Usage count limit tag is enforced by hardware. After using the key, the key blob
- // must be invalidated from secure storage (such as RPMB partition).
- EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, Begin(KeyPurpose::SIGN, params));
+ if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
+ GTEST_SKIP() << "Rollback resistance not supported";
}
+
+ // Rollback resistance is supported by KeyMint, verify it is enforced in hardware.
+ ASSERT_EQ(ErrorCode::OK, error);
+ AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
+ ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
+ ASSERT_EQ(ErrorCode::OK, DeleteKey());
+
+ // The KeyMint should also enforce single use key in hardware when it supports rollback
+ // resistance.
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(1024, 65537)
+ .NoDigestOrPadding()
+ .Authorization(TAG_USAGE_COUNT_LIMIT, 1)
+ .SetDefaultValidity()));
+
+ // Check the usage count limit tag appears in the hardware authorizations.
+ AuthorizationSet hardware_auths = HwEnforcedAuthorizations(key_characteristics_);
+ EXPECT_TRUE(hardware_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U))
+ << "key usage count limit " << 1U << " missing";
+
+ string message = "1234567890123456";
+ auto params = AuthorizationSetBuilder().NoDigestOrPadding();
+
+ // First usage of RSA key should work.
+ SignMessage(message, params);
+
+ // Usage count limit tag is enforced by hardware. After using the key, the key blob
+ // must be invalidated from secure storage (such as RPMB partition).
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, Begin(KeyPurpose::SIGN, params));
}
INSTANTIATE_KEYMINT_AIDL_TEST(UsageCountLimitTest);
@@ -6178,24 +6274,25 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
- ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
+ if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
+ GTEST_SKIP() << "Rollback resistance not supported";
+ }
// Delete must work if rollback protection is implemented
- if (error == ErrorCode::OK) {
- AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
- ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
+ ASSERT_EQ(ErrorCode::OK, error);
+ AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
+ ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
- ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */));
+ ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */));
- string message = "12345678901234567890123456789012";
- AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
- Begin(KeyPurpose::SIGN, key_blob_,
- AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
- &begin_out_params));
- AbortIfNeeded();
- key_blob_ = AidlBuf();
- }
+ string message = "12345678901234567890123456789012";
+ AuthorizationSet begin_out_params;
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN, key_blob_,
+ AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
+ &begin_out_params));
+ AbortIfNeeded();
+ key_blob_ = AidlBuf();
}
/**
@@ -6212,21 +6309,22 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
- ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
+ if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
+ GTEST_SKIP() << "Rollback resistance not supported";
+ }
// Delete must work if rollback protection is implemented
- if (error == ErrorCode::OK) {
- AuthorizationSet enforced(SecLevelAuthorizations());
- ASSERT_TRUE(enforced.Contains(TAG_ROLLBACK_RESISTANCE));
+ ASSERT_EQ(ErrorCode::OK, error);
+ AuthorizationSet enforced(SecLevelAuthorizations());
+ ASSERT_TRUE(enforced.Contains(TAG_ROLLBACK_RESISTANCE));
- // Delete the key we don't care about the result at this point.
- DeleteKey();
+ // Delete the key we don't care about the result at this point.
+ DeleteKey();
- // Now create an invalid key blob and delete it.
- key_blob_ = AidlBuf("just some garbage data which is not a valid key blob");
+ // Now create an invalid key blob and delete it.
+ key_blob_ = AidlBuf("just some garbage data which is not a valid key blob");
- ASSERT_EQ(ErrorCode::OK, DeleteKey());
- }
+ ASSERT_EQ(ErrorCode::OK, DeleteKey());
}
/**
@@ -6241,7 +6339,10 @@
* credentials stored in Keystore/Keymint.
*/
TEST_P(KeyDeletionTest, DeleteAllKeys) {
- if (!arm_deleteAllKeys) return;
+ if (!arm_deleteAllKeys) {
+ GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
+ return;
+ }
auto error = GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
@@ -6249,25 +6350,26 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
- ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
+ if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
+ GTEST_SKIP() << "Rollback resistance not supported";
+ }
// Delete must work if rollback protection is implemented
- if (error == ErrorCode::OK) {
- AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
- ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
+ ASSERT_EQ(ErrorCode::OK, error);
+ AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
+ ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
- ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());
+ ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());
- string message = "12345678901234567890123456789012";
- AuthorizationSet begin_out_params;
+ string message = "12345678901234567890123456789012";
+ AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
- Begin(KeyPurpose::SIGN, key_blob_,
- AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
- &begin_out_params));
- AbortIfNeeded();
- key_blob_ = AidlBuf();
- }
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN, key_blob_,
+ AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
+ &begin_out_params));
+ AbortIfNeeded();
+ key_blob_ = AidlBuf();
}
INSTANTIATE_KEYMINT_AIDL_TEST(KeyDeletionTest);
diff --git a/wifi/1.0/vts/OWNERS b/wifi/1.0/vts/OWNERS
index cf81c79..287152d 100644
--- a/wifi/1.0/vts/OWNERS
+++ b/wifi/1.0/vts/OWNERS
@@ -1,2 +1,3 @@
+# Bug component: 33618
arabawy@google.com
etancohen@google.com
diff --git a/wifi/1.1/vts/OWNERS b/wifi/1.1/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/1.1/vts/OWNERS
+++ b/wifi/1.1/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/1.2/vts/OWNERS b/wifi/1.2/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/1.2/vts/OWNERS
+++ b/wifi/1.2/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/1.3/vts/OWNERS b/wifi/1.3/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/1.3/vts/OWNERS
+++ b/wifi/1.3/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/1.4/vts/OWNERS b/wifi/1.4/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/1.4/vts/OWNERS
+++ b/wifi/1.4/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/1.5/vts/OWNERS b/wifi/1.5/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/1.5/vts/OWNERS
+++ b/wifi/1.5/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/hostapd/1.0/vts/OWNERS b/wifi/hostapd/1.0/vts/OWNERS
index cf81c79..287152d 100644
--- a/wifi/hostapd/1.0/vts/OWNERS
+++ b/wifi/hostapd/1.0/vts/OWNERS
@@ -1,2 +1,3 @@
+# Bug component: 33618
arabawy@google.com
etancohen@google.com
diff --git a/wifi/hostapd/1.1/vts/OWNERS b/wifi/hostapd/1.1/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/hostapd/1.1/vts/OWNERS
+++ b/wifi/hostapd/1.1/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/hostapd/1.2/vts/OWNERS b/wifi/hostapd/1.2/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/hostapd/1.2/vts/OWNERS
+++ b/wifi/hostapd/1.2/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/hostapd/1.3/vts/OWNERS b/wifi/hostapd/1.3/vts/OWNERS
index cf81c79..294fc82 100644
--- a/wifi/hostapd/1.3/vts/OWNERS
+++ b/wifi/hostapd/1.3/vts/OWNERS
@@ -1,2 +1,2 @@
-arabawy@google.com
-etancohen@google.com
+# Bug component: 33618
+include ../../1.0/vts/OWNERS
diff --git a/wifi/offload/1.0/vts/OWNERS b/wifi/offload/1.0/vts/OWNERS
new file mode 100644
index 0000000..287152d
--- /dev/null
+++ b/wifi/offload/1.0/vts/OWNERS
@@ -0,0 +1,3 @@
+# Bug component: 33618
+arabawy@google.com
+etancohen@google.com