Merge "KeyMint: make test more robust to variations" into main am: d8693389c5 am: 9af151b926 Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3512170 Change-Id: I81d9b93493a75ff131b1b5fa634345c59d0a29ac Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: 76c09aa6dd2eb4925016e0e4c22c848939ea148c [log] [tgz]
author: David Drysdale <drysdale@google.com> Wed Mar 05 04:14:37 2025 -0800
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Mar 05 04:14:37 2025 -0800
tree: 264283d9b7024ac3fe439b4c521f2379ae679e25
parent: b883a204221b58cf7aed780d2519872f19433016 [diff]
parent: 9af151b926b1692fb5d6d8291707edc769aeb3ff [diff]
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index da3427a..a8ccabf 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp

@@ -100,6 +100,9 @@
     export_static_lib_headers: [
         "libkeymint_support",
     ],
+    shared_libs: [
+        "libkeystore2_flags_cc",
+    ],
     static_libs: [
         "libgmock_ndk",
     ],

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 0c86a27..0ec76a5 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -29,6 +29,7 @@
 #include <android-base/strings.h>
 #include <android/binder_manager.h>
 #include <android/content/pm/IPackageManagerNative.h>
+#include <android_security_keystore2.h>
 #include <cppbor_parse.h>
 #include <cutils/properties.h>
 #include <gmock/gmock.h>
@@ -387,11 +388,11 @@
     os_patch_level_ = getOsPatchlevel();
     vendor_patch_level_ = getVendorPatchlevel();
 
-    // TODO(b/369375199): temporary code, remove when apexd -> keystore2 -> KeyMint transmission
-    // of module info happens.
-    {
-        GTEST_LOG_(INFO) << "Setting MODULE_HASH to fake value as fallback";
-        // Ensure that a MODULE_HASH value is definitely present in KeyMint (if it's >= v4).
+    if (!::android::security::keystore2::attest_modules()) {
+        // Some tests (for v4+) require that the KeyMint instance has been
+        // provided with a module hash value.  If the keystore2 flag is off,
+        // this will not happen, so set a fake value here instead.
+        GTEST_LOG_(INFO) << "Setting MODULE_HASH to fake value as fallback when flag off";
         vector<uint8_t> fakeModuleHash = {
                 0xf3, 0xf1, 0x1f, 0xe5, 0x13, 0x05, 0xfe, 0xfa, 0xe9, 0xc3, 0x53,
                 0xef, 0x69, 0xdf, 0x9f, 0xd7, 0x0c, 0x1e, 0xcc, 0x2c, 0x2c, 0x62,

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 2f34b9d..5a6eea1 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -9134,5 +9134,12 @@
             }
         }
     }
+    // Some tests rely on information about the state of the system having been received by KeyMint,
+    // so ensure that has happened before running tests.
+    using namespace std::chrono_literals;
+    if (!android::base::WaitForProperty("keystore.module_hash.sent", "true", 30s)) {
+        std::cerr << "Warning: running test before keystore.module_hash.sent is true\n";
+    }
+
     return RUN_ALL_TESTS();
 }
commit	76c09aa6dd2eb4925016e0e4c22c848939ea148c	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Wed Mar 05 04:14:37 2025 -0800
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Wed Mar 05 04:14:37 2025 -0800
tree	264283d9b7024ac3fe439b4c521f2379ae679e25
parent	b883a204221b58cf7aed780d2519872f19433016 [diff]
parent	9af151b926b1692fb5d6d8291707edc769aeb3ff [diff]