commit 091bfbe33b43322405c62be6b55dfedd14cf9325
author Shikha Panwar <shikhapanwar@google.com> Mon Jan 15 09:37:06 2024 +0000
committer Shikha Panwar <shikhapanwar@google.com> Mon Jan 15 13:07:13 2024 +0000
tree 0ca1317b8d6cc766bd83d5bd92c095aa34c498f8
parent 47fe3c5a72148c3e21f1ec1bd9cee0b6d932ec99

Use MissingAction for building constraint_spec

ConstraintSpec constructor will take enum instead of boolean for
MissingAction type.

Test: Builds
Bug: 291213394
Change-Id: Ief2f96eebabf1229f69e54331c312ea27a4296ab

microdroid_manager/src/vm_secret.rs

diff --git a/microdroid_manager/src/vm_secret.rs b/microdroid_manager/src/vm_secret.rs
index dea6af1..9b7d4f1 100644
--- a/microdroid_manager/src/vm_secret.rs
+++ b/microdroid_manager/src/vm_secret.rs
@@ -20,7 +20,7 @@
 use secretkeeper_comm::data_types::request::Request;
 use binder::{Strong};
 use coset::CborSerializable;
-use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy};
+use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy, MissingAction};
 use diced_open_dice::{DiceArtifacts, OwnedDiceArtifacts};
 use keystore2_crypto::ZVec;
 use openssl::hkdf::hkdf;
@@ -164,16 +164,12 @@
 // TODO(b/291219197) : Add constraints on Extra apks as well!
 fn sealing_policy(dice: &[u8]) -> Result<Vec<u8>, String> {
     let constraint_spec = [
-        ConstraintSpec::new(
-            ConstraintType::ExactMatch,
-            vec![AUTHORITY_HASH],
-            /* Optional */ false,
-        ),
-        ConstraintSpec::new(ConstraintType::ExactMatch, vec![MODE], /* Optional */ false),
+        ConstraintSpec::new(ConstraintType::ExactMatch, vec![AUTHORITY_HASH], MissingAction::Fail),
+        ConstraintSpec::new(ConstraintType::ExactMatch, vec![MODE], MissingAction::Fail),
         ConstraintSpec::new(
             ConstraintType::GreaterOrEqual,
             vec![CONFIG_DESC, SECURITY_VERSION],
-            /* Optional */ true,
+            MissingAction::Ignore,
         ),
     ];