Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 728336ffa332ee09ff69d8f839a58ccb95357073^! / .
commit728336ffa332ee09ff69d8f839a58ccb95357073[log] [tgz]
authorTommy Chiu <tommychiu@google.com>Wed Feb 08 14:55:40 2023 +0000
committerTommy Chiu <tommychiu@google.com>Thu Apr 06 02:09:22 2023 +0000
tree3b59376d06054d9c097793767988ddbbd085aaf4
parenta4ccb03efdd7824745cb0c62433065ef3f682346 [diff]
VTS: Restore 2nd-IMEI tests

Enable some tests that are bypassed on strongbox implementation.

Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b

diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 8ffc179..e759123 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp

@@ -1019,12 +1019,8 @@
                     .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")
                     .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");
 
-    // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
-    if (SecLevel() != SecurityLevel::STRONGBOX) {
-        if (isSecondImeiIdAttestationRequired()) {
-            attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI,
-                                              "invalid-second-imei");
-        }
+    if (isSecondImeiIdAttestationRequired()) {
+        attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-second-imei");
     }
     vector<uint8_t> key_blob;
     vector<KeyCharacteristics> key_characteristics;
@@ -1061,11 +1057,6 @@
         GTEST_SKIP() << "Test not applicable under GSI";
     }
 
-    // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
-    if (SecLevel() == SecurityLevel::STRONGBOX) {
-        GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";
-    }
-
     // Skip the test if there is no second IMEI exists.
     string second_imei = get_imei(1);
     if (second_imei.empty() || second_imei.compare("null") == 0) {
@@ -1144,11 +1135,6 @@
         GTEST_SKIP() << "Test not applicable under GSI";
     }
 
-    // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.
-    if (SecLevel() == SecurityLevel::STRONGBOX) {
-        GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";
-    }
-
     // Skip the test if there is no first IMEI exists.
     string imei = get_imei(0);
     if (imei.empty() || imei.compare("null") == 0) {

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c45dd3f..9430f12 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -3081,9 +3081,6 @@
  * presented.
  */
 TEST_P(SigningOperationsTest, NoUserConfirmation) {
-    if (SecLevel() == SecurityLevel::STRONGBOX) {
-        GTEST_SKIP() << "Test not applicable to StrongBox device";
-    }
     ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
                                                  .RsaSigningKey(1024, 65537)
                                                  .Digest(Digest::NONE)
@@ -7788,10 +7785,6 @@
  * in hardware.
  */
 TEST_P(UsageCountLimitTest, TestSingleUseKeyAndRollbackResistance) {
-    if (SecLevel() == SecurityLevel::STRONGBOX) {
-        GTEST_SKIP() << "Test not applicable to StrongBox device";
-    }
-
     auto error = GenerateKey(AuthorizationSetBuilder()
                                      .RsaSigningKey(2048, 65537)
                                      .Digest(Digest::NONE)