commit ff635634ab625504e9b1f42cb1e6771045d239e7
author Victor Hsieh <victorhsieh@google.com> Thu Dec 05 18:50:40 2024 +0000
committer Victor Hsieh <victorhsieh@google.com> Mon Dec 09 23:48:09 2024 +0000
tree d979bee98c86a88c7a57fae558df87761e79fb77
parent a5ad8db5180e60cf101e7351845d56293869504f

Require DeleteAllKeys to work regardless of rollback resistance tag

Bug: 376261153
Test: VtsAidlKeyMintTargetTest --gtest_filter=*DeleteAllKeys* --arm_deleteAllKeys
Change-Id: Icff430509710ec928ca0b803a5bc4d1fb4e8ab88

security/keymint/aidl/vts/functional/KeyMintTest.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 067db78..416e6c0 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -8305,21 +8305,15 @@
         GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
         return;
     }
+    // This test was introduced in API level 36, but is not version guarded because it requires a
+    // manual opt-in anyway. This makes it easier to run on older devices.
     auto error = GenerateKey(AuthorizationSetBuilder()
                                      .RsaSigningKey(2048, 65537)
                                      .Digest(Digest::NONE)
                                      .Padding(PaddingMode::NONE)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
-                                     .Authorization(TAG_ROLLBACK_RESISTANCE)
                                      .SetDefaultValidity());
-    if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
-        GTEST_SKIP() << "Rollback resistance not supported";
-    }
-
-    // Delete must work if rollback protection is implemented
     ASSERT_EQ(ErrorCode::OK, error);
-    AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
-    ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
 
     ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());