Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / d645d0a2777743f73db84a961eb62983b742f342^! / .
commitd645d0a2777743f73db84a961eb62983b742f342[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Tue Jan 07 15:25:15 2025 +0000
committerDavid Drysdale <drysdale@google.com>Tue Mar 04 18:03:07 2025 +0000
treee763f8e08744cf287950ed9d23c081cb58272b27
parent1a08647218d0cc1f6edc088759138b0ce7bd78cd [diff]
KeyMint: make test more robust to variations

Only perform the population of a fake module hash if the keystore2
flag is off (indicating that the real module hash will not be populated)

Also hold off from running the test until Keystore has done the
population, so tests that rely on the module hash being populated
are more likely to work.

Bug: 369375199
Bug: 380020528
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib4978349c70427065a004db775a13311d1bf4754

diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index da3427a..a8ccabf 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp

@@ -100,6 +100,9 @@
     export_static_lib_headers: [
         "libkeymint_support",
     ],
+    shared_libs: [
+        "libkeystore2_flags_cc",
+    ],
     static_libs: [
         "libgmock_ndk",
     ],

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 0c86a27..0ec76a5 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -29,6 +29,7 @@
 #include <android-base/strings.h>
 #include <android/binder_manager.h>
 #include <android/content/pm/IPackageManagerNative.h>
+#include <android_security_keystore2.h>
 #include <cppbor_parse.h>
 #include <cutils/properties.h>
 #include <gmock/gmock.h>
@@ -387,11 +388,11 @@
     os_patch_level_ = getOsPatchlevel();
     vendor_patch_level_ = getVendorPatchlevel();
 
-    // TODO(b/369375199): temporary code, remove when apexd -> keystore2 -> KeyMint transmission
-    // of module info happens.
-    {
-        GTEST_LOG_(INFO) << "Setting MODULE_HASH to fake value as fallback";
-        // Ensure that a MODULE_HASH value is definitely present in KeyMint (if it's >= v4).
+    if (!::android::security::keystore2::attest_modules()) {
+        // Some tests (for v4+) require that the KeyMint instance has been
+        // provided with a module hash value.  If the keystore2 flag is off,
+        // this will not happen, so set a fake value here instead.
+        GTEST_LOG_(INFO) << "Setting MODULE_HASH to fake value as fallback when flag off";
         vector<uint8_t> fakeModuleHash = {
                 0xf3, 0xf1, 0x1f, 0xe5, 0x13, 0x05, 0xfe, 0xfa, 0xe9, 0xc3, 0x53,
                 0xef, 0x69, 0xdf, 0x9f, 0xd7, 0x0c, 0x1e, 0xcc, 0x2c, 0x2c, 0x62,

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 2f34b9d..5a6eea1 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -9134,5 +9134,12 @@
             }
         }
     }
+    // Some tests rely on information about the state of the system having been received by KeyMint,
+    // so ensure that has happened before running tests.
+    using namespace std::chrono_literals;
+    if (!android::base::WaitForProperty("keystore.module_hash.sent", "true", 30s)) {
+        std::cerr << "Warning: running test before keystore.module_hash.sent is true\n";
+    }
+
     return RUN_ALL_TESTS();
 }