commit 9c28a1ed3ab45706f64296e924ec46eecbc39ded
author Max Bires <jbires@google.com> Thu Feb 03 19:14:06 2022 -0800
committer Max Bires <jbires@google.com> Thu Feb 03 19:17:38 2022 -0800
tree 2b88fa533e319f6198a1b5b89888ee4261f46c8e
parent 87a6fbc5cdb6f7767d53e87bcdb63ddde7c30220

Make os_version optional for StrongBox

This change allows the os_version in the DeviceInfo map to be optional
for StrongBox implementations. It also adds the appropriate changes to
the VTS test to relax this requirement.

Bug: 215444522
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I1695b7c4e7a9bd884fa88c14f9c22bacd38cdbd3

security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index 586e659..180f191 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -38,7 +38,9 @@
      *         "vb_state" : "green" / "yellow" / "orange",    // Taken from the AVB values
      *         "bootloader_state" : "locked" / "unlocked",    // Taken from the AVB values
      *         "vbmeta_digest": bstr,                         // Taken from the AVB values
-     *         "os_version" : tstr,                      // Same as android.os.Build.VERSION.release
+     *         ? "os_version" : tstr,                         // Same as
+     *                                                        // android.os.Build.VERSION.release
+     *                                                        // Not optional for TEE.
      *         "system_patch_level" : uint,                   // YYYYMMDD
      *         "boot_patch_level" : uint,                     // YYYYMMDD
      *         "vendor_patch_level" : uint,                   // YYYYMMDD

security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 3a7e000..7e1b65c 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -492,7 +492,6 @@
                 ASSERT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()),
                           allowList.end());
                 checkType(deviceInfo, cppbor::BSTR, "vbmeta_digest");
-                checkType(deviceInfo, cppbor::TSTR, "os_version");
                 checkType(deviceInfo, cppbor::UINT, "system_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "boot_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "vendor_patch_level");
@@ -502,6 +501,9 @@
                 allowList = getAllowedSecurityLevels();
                 ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
                           allowList.end());
+                if (deviceInfo->get("security_level")->asTstr()->value() == "tee") {
+                    checkType(deviceInfo, cppbor::TSTR, "os_version");
+                }
                 break;
             case 1:
                 checkType(deviceInfo, cppbor::TSTR, "security_level");