hwcryptohal: Adding test
Adding first hwcrypto hal service VTS test.
Bug: 393162614
Test: cf build/ manual service use test
Change-Id: Ied8f30629ad8ecae04ba7e34e799375e7ce5a622
diff --git a/security/see/hwcrypto/aidl/vts/functional/Android.bp b/security/see/hwcrypto/aidl/vts/functional/Android.bp
new file mode 100644
index 0000000..beb8976
--- /dev/null
+++ b/security/see/hwcrypto/aidl/vts/functional/Android.bp
@@ -0,0 +1,83 @@
+// Copyright (C) 2024 The Android Open-Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_defaults {
+ name: "hw_crypto_hal_aidl_rust_defaults",
+ enabled: false,
+ rustlibs: [
+ "libbinder_rs",
+ "android.hardware.security.see.hwcrypto-V1-rust",
+ "liblogger",
+ "liblog_rust",
+ "libanyhow",
+ "libvsock",
+ "librpcbinder_rs",
+ "librustutils",
+ ],
+ arch: {
+ x86_64: {
+ enabled: true,
+ },
+ },
+}
+
+rust_library {
+ name: "libhwcryptohal_vts_test",
+ crate_name: "hwcryptohal_vts_test",
+ srcs: [
+ "lib.rs",
+ ],
+ defaults: [
+ "hw_crypto_hal_aidl_rust_defaults",
+ ],
+}
+
+rust_binary {
+ name: "wait_hw_crypto",
+ prefer_rlib: true,
+ defaults: [
+ "hw_crypto_hal_aidl_rust_defaults",
+ ],
+ srcs: ["wait_service.rs"],
+ rustlibs: [
+ "libhwcryptohal_vts_test",
+ "liblogger",
+ "liblog_rust",
+ "libanyhow",
+ "libclap",
+ ],
+}
+
+rust_test {
+ name: "VtsAidlHwCryptoConnTest",
+ srcs: ["connection_test.rs"],
+ require_root: true,
+ defaults: [
+ "hw_crypto_hal_aidl_rust_defaults",
+ ],
+ rustlibs: [
+ "libhwcryptohal_vts_test",
+ ],
+ data: [
+ ":trusty_test_vm_elf",
+ ":trusty_test_vm_config",
+ ":trusty_vm_launcher_sh",
+ ":trusty_wait_ready_sh",
+ ":wait_hw_crypto",
+ ],
+}
diff --git a/security/see/hwcrypto/aidl/vts/functional/AndroidTest.xml b/security/see/hwcrypto/aidl/vts/functional/AndroidTest.xml
new file mode 100644
index 0000000..73290cf
--- /dev/null
+++ b/security/see/hwcrypto/aidl/vts/functional/AndroidTest.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2025 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+ <configuration description="Runs {MODULE}">
+ <!-- object type="module_controller" class="com.android.tradefed.testtype.suite.module.CommandSuccessModuleController" -->
+ <!--Skip the test when trusty VM is not enabled. -->
+ <!--option name="run-command" value="getprop trusty.test_vm.nonsecure_vm_ready | grep 1" /-->
+ <!--/object-->
+ <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer" />
+ <!-- Target Preparers - Run Shell Commands -->
+ <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
+ <option name="cleanup" value="true" />
+ <option name="push-file" key="trusty-vm-launcher.sh" value="/data/local/tmp/trusty_test_vm/trusty-vm-launcher.sh" />
+ <option name="push-file" key="trusty-wait-ready.sh" value="/data/local/tmp/trusty_test_vm/trusty-wait-ready.sh" />
+ <option name="push-file" key="wait_hw_crypto" value="/data/local/tmp/trusty_test_vm/wait_hw_crypto" />
+ <option name="push-file" key="trusty-test_vm-config.json" value="/data/local/tmp/trusty_test_vm/trusty-test_vm-config.json" />
+ <option name="push-file" key="trusty_test_vm_elf" value="/data/local/tmp/trusty_test_vm/trusty_test_vm_elf" />
+ <option name="push-file" key="VtsAidlHwCryptoConnTest" value="/data/local/tmp/VtsAidlHwCryptoConnTest" />
+ </target_preparer>
+ <target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
+ <option name="throw-if-cmd-fail" value="true" />
+ <!--Note: the first run-command shall not expect the background command to have started -->
+ <option name="run-bg-command" value="sh /data/local/tmp/trusty_test_vm/trusty-vm-launcher.sh" />
+ <option name="run-command" value="sh /data/local/tmp/trusty_test_vm/trusty-wait-ready.sh" />
+ <option name="run-bg-command" value="start trusty-hwcryptohal" />
+ <option name="run-command" value="/data/local/tmp/trusty_test_vm/wait_hw_crypto" />
+ <option name="run-command" value="start storageproxyd_test_system" />
+ <option name="teardown-command" value="stop storageproxyd_test_system" />
+ <option name="teardown-command" value="stop trusty-hwcryptohal" />
+ <option name="teardown-command" value="killall storageproxyd_test_system || true" />
+ <option name="teardown-command" value="stop trusty-hwcryptohal" />
+ <option name="teardown-command" value="killall trusty || true" />
+ </target_preparer>
+
+ <test class="com.android.tradefed.testtype.rust.RustBinaryTest" >
+ <option name="test-device-path" value="/data/local/tmp" />
+ <option name="module-name" value="VtsAidlHwCryptoConnTest" />
+ <!-- Rust tests are run in parallel by default. Run these ones
+ single-threaded, so that one test's secrets don't affect
+ the behaviour of a different test. -->
+ <option name="native-test-flag" value="--test-threads=1" />
+ </test>
+ </configuration>
diff --git a/security/see/hwcrypto/aidl/vts/functional/connection_test.rs b/security/see/hwcrypto/aidl/vts/functional/connection_test.rs
new file mode 100644
index 0000000..338923d
--- /dev/null
+++ b/security/see/hwcrypto/aidl/vts/functional/connection_test.rs
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! HwCrypto Connection tests.
+
+#[test]
+fn test_hwcrypto_key_connection() {
+ let hw_crypto_key = hwcryptohal_vts_test::get_hwcryptokey();
+ assert!(hw_crypto_key.is_ok(), "Couldn't get back a hwcryptokey binder object");
+}
diff --git a/security/see/hwcrypto/aidl/vts/functional/lib.rs b/security/see/hwcrypto/aidl/vts/functional/lib.rs
new file mode 100644
index 0000000..e14ac83
--- /dev/null
+++ b/security/see/hwcrypto/aidl/vts/functional/lib.rs
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! VTS test library for HwCrypto functionality.
+//! It provides the base clases necessaries to write HwCrypto VTS tests
+
+use anyhow::{Context, Result};
+use binder::{ExceptionCode, FromIBinder, IntoBinderResult, ParcelFileDescriptor};
+use rpcbinder::RpcSession;
+use vsock::VsockStream;
+use std::os::fd::{FromRawFd, IntoRawFd};
+use std::fs::File;
+use std::io::Read;
+use rustutils::system_properties;
+use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;
+
+const HWCRYPTO_SERVICE_PORT: u32 = 4;
+
+/// Local function to connect to service
+pub fn connect_service<T: FromIBinder + ?Sized>(
+ cid: u32,
+ port: u32,
+) -> Result<binder::Strong<T>, binder::StatusCode> {
+ RpcSession::new().setup_preconnected_client(|| {
+ let mut stream = VsockStream::connect_with_cid_port(cid, port).ok()?;
+ let mut buffer = [0];
+ let _ = stream.read(&mut buffer);
+ // SAFETY: ownership is transferred from stream to f
+ let f = unsafe { File::from_raw_fd(stream.into_raw_fd()) };
+ Some(ParcelFileDescriptor::new(f).into_raw_fd())
+ })
+}
+
+/// Get a HwCryptoKey binder service object
+pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {
+ let cid = system_properties::read("trusty.test_vm.vm_cid")
+ .context("couldn't get vm cid")
+ .or_binder_exception(ExceptionCode::ILLEGAL_STATE)?
+ .ok_or(ExceptionCode::ILLEGAL_STATE)?
+ .parse::<u32>()
+ .context("couldn't parse vm cid")
+ .or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT)?;
+ Ok(connect_service(cid, HWCRYPTO_SERVICE_PORT)?)
+}
diff --git a/security/see/hwcrypto/aidl/vts/functional/wait_service.rs b/security/see/hwcrypto/aidl/vts/functional/wait_service.rs
new file mode 100644
index 0000000..13cbcb1
--- /dev/null
+++ b/security/see/hwcrypto/aidl/vts/functional/wait_service.rs
@@ -0,0 +1,47 @@
+// Copyright 2025, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Small utility to wait for hwcrypto service to be up
+
+use anyhow::{/*Context,*/ Result};
+use clap::Parser;
+use log::info;
+use std::{thread, time};
+
+#[derive(Parser)]
+/// Collection of CLI for trusty_security_vm_launcher
+pub struct Args {
+ /// Number of repetitions for the wait
+ #[arg(long, default_value_t = 20)]
+ number_repetitions: u32,
+
+ /// Delay between repetitiond
+ #[arg(long, default_value_t = 2)]
+ delay_between_repetitions: u32,
+}
+
+fn main() -> Result<()> {
+ let args = Args::parse();
+
+ info!("Waiting for hwcrypto service");
+ let delay = time::Duration::new(args.delay_between_repetitions.into(), 0);
+ for _ in 0..args.number_repetitions {
+ let hw_crypto_key = hwcryptohal_vts_test::get_hwcryptokey();
+ if hw_crypto_key.is_ok() {
+ break;
+ }
+ thread::sleep(delay);
+ }
+ Ok(())
+}