Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / e045c6b28e470d331fab754cd3c117c34c934d34^! / .
commite045c6b28e470d331fab754cd3c117c34c934d34[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Tue May 21 14:16:08 2024 +0100
committerAlan Stokes <alanstokes@google.com>Tue May 21 14:18:27 2024 +0100
treec01f18deaf9582f98660a47cbf1255b6684bc50b
parent1cba46d4b5dbec9fe131fb4102601416317317db [diff]
New DICE chain requirements apply from VSR 15

For vendor API levels before 202404 there is no requirement that the
DICE chain for a VM be properly rooted, and so it is legitimate for
their to be no DICE entry preceding that for pvmwfw. Adjust the test
accordingly.

While I'm here, extract a common helper for reading the vendor API
level.

Bug: 341740108
Test: atest MicrodroidTestApp
Change-Id: Ic8c312e09acf30f92d3a868b4636b9d4dc520db9

diff --git a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
index b2a77a7..d3f6093 100644
--- a/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java
+++ b/tests/helper/src/java/com/android/microdroid/test/device/MicrodroidDeviceTestBase.java

@@ -207,13 +207,17 @@
         assume().withMessage("Device doesn't support AVF")
                 .that(mCtx.getPackageManager().hasSystemFeature(FEATURE_VIRTUALIZATION_FRAMEWORK))
                 .isTrue();
-        int vendorApiLevel = SystemProperties.getInt("ro.vendor.api_level", 0);
+        int vendorApiLevel = getVendorApiLevel();
         boolean isGsi = new File("/system/system_ext/etc/init/init.gsi.rc").exists();
         assume().withMessage("GSI with vendor API level < 202404 may not support AVF")
                 .that(isGsi && vendorApiLevel < 202404)
                 .isFalse();
     }
 
+    protected static int getVendorApiLevel() {
+        return SystemProperties.getInt("ro.vendor.api_level", 0);
+    }
+
     protected void assumeSupportedDevice() {
         assume().withMessage("Skip on 5.4 kernel. b/218303240")
                 .that(KERNEL_VERSION)

diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java
index c50e59a..3b755a0 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidCapabilitiesTest.java

@@ -20,14 +20,12 @@
 import static com.google.common.truth.Truth.assertWithMessage;
 import static com.google.common.truth.TruthJUnit.assume;
 
-import android.os.SystemProperties;
 import android.system.virtualmachine.VirtualMachineManager;
 
 import com.android.compatibility.common.util.CddTest;
 import com.android.compatibility.common.util.VsrTest;
 import com.android.microdroid.test.device.MicrodroidDeviceTestBase;
 
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -65,9 +63,8 @@
     @Test
     @VsrTest(requirements = "VSR-7.1-001.005")
     public void avfIsRequired() {
-        int vendorApiLevel = SystemProperties.getInt("ro.vendor.api_level", 0);
         assume().withMessage("Requirement doesn't apply due to vendor API level")
-                .that(vendorApiLevel)
+                .that(getVendorApiLevel())
                 .isAtLeast(202404);
         boolean avfSupported =
                 getContext().getPackageManager().hasSystemFeature(FEATURE_VIRTUALIZATION_FRAMEWORK);

diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 6308072..4ffef3c 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java

@@ -1285,17 +1285,20 @@
         assertThat(dataItems.size()).isEqualTo(1);
         assertThat(dataItems.get(0).getMajorType()).isEqualTo(MajorType.ARRAY);
         List<DataItem> rootArrayItems = ((Array) dataItems.get(0)).getDataItems();
-        assertThat(rootArrayItems.size()).isAtLeast(2); // Root public key and one certificate
+        int diceChainSize = rootArrayItems.size();
+        assertThat(diceChainSize).isAtLeast(2); // Root public key and one certificate
         if (mProtectedVm) {
             if (isFeatureEnabled(VirtualMachineManager.FEATURE_DICE_CHANGES)) {
-                // When a true DICE chain is created, we expect the root public key, at least one
-                // entry for the boot before pvmfw, then pvmfw, vm_entry (Microdroid kernel) and
-                // Microdroid payload entries.
-                assertThat(rootArrayItems.size()).isAtLeast(5);
+                // We expect the root public key, at least one entry for the boot before pvmfw,
+                // then pvmfw, vm_entry (Microdroid kernel) and Microdroid payload entries.
+                // Before Android V we did not require that vendor code contain any DICE entries
+                // preceding pvmfw, so the minimum is one less.
+                int minDiceChainSize = getVendorApiLevel() >= 202404 ? 5 : 4;
+                assertThat(diceChainSize).isAtLeast(minDiceChainSize);
             } else {
                 // pvmfw truncates the DICE chain it gets, so we expect exactly entries for
                 // public key, vm_entry (Microdroid kernel) and Microdroid payload.
-                assertThat(rootArrayItems.size()).isEqualTo(3);
+                assertThat(diceChainSize).isEqualTo(3);
             }
         }
     }