commit 0c3a2fa57a7b2ef98ebbeb354e98acb2a89d30e4
author Shikha Panwar <shikhapanwar@google.com> Fri Dec 06 18:38:06 2024 +0000
committer Shikha Panwar <shikhapanwar@google.com> Wed Jan 08 11:17:47 2025 +0000
tree 078849ad0a7dfcf2d16fd1a1dcf79fbb8330d96a
parent 4d74fc0aee7610c6e5c902545f0e61ec97b35bc6

VM: Introduce writePayloadRpData/readPayloadRpData

VM payload require an api to allow storing n bytes' data with
confidentialty & tamper evidence integrity guarantees.

Microdroid Manager implements this using the vm_secret module, which
uses the payload's DICE chain to store/get secret from Secretkeeper.

Additionally introduce a test that uses these api.
Test: #rollbackProtectedDataOfPayload
Bug: 378911776

Change-Id: Id39f5c6c626531029bf33ef5d28dc237881e40e6

tests/testapk/src/native/testbinary.cpp

diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index 632f648..a1739f9 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp
@@ -344,6 +344,23 @@
             return ScopedAStatus::ok();
         }
 
+        ScopedAStatus insecurelyReadPayloadRpData(std::array<uint8_t, 32>* out) override {
+            int32_t ret = AVmPayload_readRollbackProtectedSecret(out->data(), 32);
+            if (ret != 32) {
+                return ScopedAStatus::fromServiceSpecificError(ret);
+            }
+            return ScopedAStatus::ok();
+        }
+
+        ScopedAStatus insecurelyWritePayloadRpData(
+                const std::array<uint8_t, 32>& inputData) override {
+            int32_t ret = AVmPayload_writeRollbackProtectedSecret(inputData.data(), 32);
+            if (ret != 32) {
+                return ScopedAStatus::fromServiceSpecificError(ret);
+            }
+            return ScopedAStatus::ok();
+        }
+
         ScopedAStatus quit() override { exit(0); }
     };
     auto testService = ndk::SharedRefBase::make<TestService>();