Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 2e6ab799461c3b98888a896c23dfa7bf1b8d95e1^! / . / tests / testapk / src / native / testbinary.cpp
commit2e6ab799461c3b98888a896c23dfa7bf1b8d95e1[log] [tgz]
authorAndrew Scull <ascull@google.com>Sun Jan 30 16:04:08 2022 +0000
committerAndrew Scull <ascull@google.com>Mon Jan 31 23:54:24 2022 +0000
tree8c950ffe7e79f5301f0a9abce5e748a3f787b3cc
parent34916a75a2201db6bb09b21ad6f91ca94295f8cd [diff] [blame]
Smoke tests for VM instance secrets

Different instances should have different secrets but within an instance
it should get the same secrets. This should from the very start
of the VM and continue to be true after things have been loaded in the
VM. These tests checks that the microdroid payloads continue to follow
the expectations.

There is a slight chance for the test to fail by chance, but it is
cryptographically insignificant by design.

Bug: 214231981
Test: atest MicrodroidTestApp
Change-Id: I488c7370ad901a73a520bc3fa548d4b9b7959d19

diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index 301328a..417ff4a 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp

@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+#include <aidl/android/security/dice/IDiceNode.h>
 #include <aidl/android/system/virtualmachineservice/IVirtualMachineService.h>
 #include <aidl/com/android/microdroid/testservice/BnTestService.h>
 #include <android-base/file.h>
@@ -32,6 +33,9 @@
 #include <binder_rpc_unstable.hpp>
 #include <string>
 
+using aidl::android::hardware::security::dice::BccHandover;
+using aidl::android::security::dice::IDiceNode;
+
 using aidl::android::system::virtualmachineservice::IVirtualMachineService;
 
 using android::base::ErrnoError;
@@ -74,6 +78,23 @@
 
             return ndk::ScopedAStatus::ok();
         }
+
+        ndk::ScopedAStatus insecurelyExposeSecret(std::vector<uint8_t>* out) override {
+            ndk::SpAIBinder binder(AServiceManager_getService("android.security.dice.IDiceNode"));
+            auto service = IDiceNode::fromBinder(binder);
+            if (service == nullptr) {
+                return ndk::ScopedAStatus::
+                        fromServiceSpecificErrorWithMessage(0, "Failed to find diced");
+            }
+            BccHandover handover;
+            auto deriveStatus = service->derive({}, &handover);
+            if (!deriveStatus.isOk()) {
+                return ndk::ScopedAStatus::fromServiceSpecificErrorWithMessage(0,
+                                                                               "Failed call diced");
+            }
+            *out = {handover.cdiSeal.begin(), handover.cdiSeal.end()};
+            return ndk::ScopedAStatus::ok();
+        }
     };
     auto testService = ndk::SharedRefBase::make<TestService>();