Add and use run_as::run_as_app helper
Test: keystore2_client_tests
Test: keystore2_legacy_blobs_test
Flag: None, pure refactor of test code
Change-Id: Ia1ea17f6eb5a19eb689b226e242c78c8523a170e
diff --git a/keystore2/test_utils/run_as.rs b/keystore2/test_utils/run_as.rs
index 07d1bbd..d4fd06c 100644
--- a/keystore2/test_utils/run_as.rs
+++ b/keystore2/test_utils/run_as.rs
@@ -443,6 +443,29 @@
unsafe { run_as("u:r:su:s0", Uid::from_raw(0), Gid::from_raw(0), f) }
}
+/// Run the given closure in a new `untrusted_app` process running with the given `uid` and `gid`.
+///
+/// # Safety
+/// run_as runs the given closure in the client branch of fork. And it uses non
+/// async signal safe API. This means that calling this function in a multi threaded program
+/// yields undefined behavior in the child. As of this writing, it is safe to call this function
+/// from a Rust device test, because every test itself is spawned as a separate process.
+///
+/// # Safety Binder
+/// It is okay for the closure to use binder services, however, this does not work
+/// if the parent initialized libbinder already. So do not use binder outside of the closure
+/// in your test.
+pub unsafe fn run_as_app<F, R>(uid: u32, gid: u32, f: F) -> R
+where
+ R: Serialize + DeserializeOwned,
+ F: 'static + Send + FnOnce() -> R,
+{
+ // SAFETY: Our caller guarantees that the process only has a single thread.
+ unsafe {
+ run_as("u:r:untrusted_app:s0:c91,c256,c10,c20", Uid::from_raw(uid), Gid::from_raw(gid), f)
+ }
+}
+
/// Run the given closure in a new process running with the new identity given as
/// `uid`, `gid`, and `se_context`.
///
diff --git a/keystore2/tests/keystore2_client_attest_key_tests.rs b/keystore2/tests/keystore2_client_attest_key_tests.rs
index d93573a..02dfd3f 100644
--- a/keystore2/tests/keystore2_client_attest_key_tests.rs
+++ b/keystore2/tests/keystore2_client_attest_key_tests.rs
@@ -33,7 +33,7 @@
use keystore2_test_utils::{
authorizations, key_generations, key_generations::Error, run_as, SecLevel,
};
-use nix::unistd::{getuid, Gid, Uid};
+use nix::unistd::getuid;
use rustutils::users::AID_USER_OFFSET;
/// Generate RSA and EC attestation keys and use them for signing RSA-signing keys.
@@ -655,7 +655,6 @@
/// should return error response code - `GET_ATTESTATION_APPLICATION_ID_FAILED`.
#[test]
fn keystore2_generate_attested_key_fail_to_get_aaid() {
- static APP_USER_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 19901;
static APP_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -698,7 +697,5 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(APP_USER_CTX, Uid::from_raw(APP_UID), Gid::from_raw(APP_GID), gen_key_fn)
- };
+ unsafe { run_as::run_as_app(APP_UID, APP_GID, gen_key_fn) };
}
diff --git a/keystore2/tests/keystore2_client_ec_key_tests.rs b/keystore2/tests/keystore2_client_ec_key_tests.rs
index 2ae65b2..526a339 100644
--- a/keystore2/tests/keystore2_client_ec_key_tests.rs
+++ b/keystore2/tests/keystore2_client_ec_key_tests.rs
@@ -464,7 +464,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
unsafe {
- run_as::run_as(TARGET_CTX, Uid::from_raw(uid2), Gid::from_raw(gid2), get_key_fn);
+ run_as::run_as_app(uid2, gid2, get_key_fn);
};
// Notify the child process (client#1) to resume and finish.
diff --git a/keystore2/tests/keystore2_client_grant_key_tests.rs b/keystore2/tests/keystore2_client_grant_key_tests.rs
index e800f99..5391d20 100644
--- a/keystore2/tests/keystore2_client_grant_key_tests.rs
+++ b/keystore2/tests/keystore2_client_grant_key_tests.rs
@@ -25,7 +25,7 @@
use keystore2_test_utils::{
authorizations, get_keystore_service, key_generations, key_generations::Error, run_as, SecLevel,
};
-use nix::unistd::{getuid, Gid, Uid};
+use nix::unistd::getuid;
use rustutils::users::AID_USER_OFFSET;
/// Generate an EC signing key and grant it to the user with given access vector.
@@ -100,7 +100,6 @@
/// should fail to load the key with permission denied error.
#[test]
fn keystore2_grant_key_with_perm_none() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -141,14 +140,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
/// Grant a key to the user (grantee) with `GET_INFO|USE` key permissions. Verify whether grantee
@@ -158,7 +150,6 @@
/// delete it as `DELETE` permission is not granted.
#[test]
fn keystore2_grant_get_info_use_key_perm() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -229,14 +220,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
/// Grant a key to the user with DELETE access. In grantee context load the key and delete it.
@@ -244,7 +228,6 @@
/// should fail to find the key with error response `KEY_NOT_FOUND`.
#[test]
fn keystore2_grant_delete_key_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -285,14 +268,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
// Verify whether key got deleted in grantor's context.
let grantor_fn = move || {
@@ -319,7 +295,6 @@
#[test]
#[ignore]
fn keystore2_grant_key_fails_with_permission_denied() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -374,14 +349,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
// Make sure second grantee shouldn't have access to the above granted key.
let grantee2_fn = move || {
@@ -400,14 +368,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(SEC_GRANTEE_UID),
- Gid::from_raw(SEC_GRANTEE_GID),
- grantee2_fn,
- )
- };
+ unsafe { run_as::run_as_app(SEC_GRANTEE_UID, SEC_GRANTEE_GID, grantee2_fn) };
}
/// Try to grant a key with `GRANT` access. Keystore2 system shouldn't allow to grant a key with
@@ -460,7 +421,6 @@
/// the key. Grantee should fail to load the ungranted key with `KEY_NOT_FOUND` error response.
#[test]
fn keystore2_ungrant_key_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -511,14 +471,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
/// Generate a key, grant it to the user and then delete the granted key. Try to ungrant
@@ -528,8 +481,6 @@
/// associated key is deleted from grantor context.
#[test]
fn keystore2_ungrant_fails_with_non_existing_key_expect_key_not_found_error() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const APPLICATION_ID: u32 = 10001;
const USER_ID: u32 = 99;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -601,22 +552,13 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
/// Grant a key to multiple users. Verify that all grantees should succeed in loading the key and
/// use it for performing an operation successfully.
#[test]
fn keystore2_grant_key_to_multi_users_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const APPLICATION_ID: u32 = 10001;
const USER_ID_1: u32 = 99;
static GRANTEE_1_UID: u32 = USER_ID_1 * AID_USER_OFFSET + APPLICATION_ID;
@@ -662,14 +604,7 @@
};
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(*grantee_uid),
- Gid::from_raw(*grantee_gid),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(*grantee_uid, *grantee_gid, grantee_fn) };
}
}
@@ -678,8 +613,6 @@
/// fail to load the granted key with `KEY_NOT_FOUND` error response.
#[test]
fn keystore2_grant_key_to_multi_users_delete_fails_with_key_not_found_error() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID_1: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_1_UID: u32 = USER_ID_1 * AID_USER_OFFSET + APPLICATION_ID;
@@ -735,14 +668,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_1_UID),
- Gid::from_raw(GRANTEE_1_GID),
- grantee1_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_1_UID, GRANTEE_1_GID, grantee1_fn) };
// Grantee #2 context
let grant_key2_nspace = grant_keys.remove(0);
@@ -761,12 +687,5 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_2_UID),
- Gid::from_raw(GRANTEE_2_GID),
- grantee2_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_2_UID, GRANTEE_2_GID, grantee2_fn) };
}
diff --git a/keystore2/tests/keystore2_client_keystore_engine_tests.rs b/keystore2/tests/keystore2_client_keystore_engine_tests.rs
index 8ab9eb5..a4d7f2c 100644
--- a/keystore2/tests/keystore2_client_keystore_engine_tests.rs
+++ b/keystore2/tests/keystore2_client_keystore_engine_tests.rs
@@ -24,7 +24,6 @@
use keystore2_test_utils::{
authorizations::AuthSetBuilder, get_keystore_service, run_as, SecLevel,
};
-use nix::unistd::{Gid, Uid};
use openssl::x509::X509;
use rustutils::users::AID_USER_OFFSET;
@@ -152,8 +151,7 @@
}
#[test]
-fn keystore2_perofrm_crypto_op_using_keystore2_engine_rsa_key_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
+fn keystore2_perform_crypto_op_using_keystore2_engine_rsa_key_success() {
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -178,19 +176,11 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
#[test]
-fn keystore2_perofrm_crypto_op_using_keystore2_engine_ec_key_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
+fn keystore2_perform_crypto_op_using_keystore2_engine_ec_key_success() {
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -215,19 +205,11 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
#[test]
-fn keystore2_perofrm_crypto_op_using_keystore2_engine_pem_pub_key_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
+fn keystore2_perform_crypto_op_using_keystore2_engine_pem_pub_key_success() {
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -273,12 +255,5 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- grantee_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, grantee_fn) };
}
diff --git a/keystore2/tests/keystore2_client_list_entries_tests.rs b/keystore2/tests/keystore2_client_list_entries_tests.rs
index de9f42e..bb1d6cf 100644
--- a/keystore2/tests/keystore2_client_list_entries_tests.rs
+++ b/keystore2/tests/keystore2_client_list_entries_tests.rs
@@ -20,7 +20,7 @@
use keystore2_test_utils::{
get_keystore_service, key_generations, key_generations::Error, run_as, SecLevel,
};
-use nix::unistd::{getuid, Gid, Uid};
+use nix::unistd::getuid;
use rustutils::users::AID_USER_OFFSET;
use std::collections::HashSet;
use std::fmt::Write;
@@ -51,8 +51,6 @@
/// context. GRANT keys shouldn't be part of this list.
#[test]
fn keystore2_list_entries_success() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID: u32 = 91;
const APPLICATION_ID: u32 = 10006;
static GRANTEE_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -143,14 +141,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_UID),
- Gid::from_raw(GRANTEE_GID),
- list_keys_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_UID, GRANTEE_GID, list_keys_fn) };
}
/// Try to list the key entries with domain SELINUX from user context where user doesn't possesses
@@ -160,8 +151,6 @@
fn keystore2_list_entries_fails_perm_denied() {
let auid = 91 * AID_USER_OFFSET + 10001;
let agid = 91 * AID_USER_OFFSET + 10001;
- static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
let list_keys_fn = move || {
let keystore2 = get_keystore_service();
@@ -174,7 +163,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), list_keys_fn) };
+ unsafe { run_as::run_as_app(auid, agid, list_keys_fn) };
}
/// Try to list key entries with domain BLOB. Test should fail with error repose code
@@ -194,8 +183,6 @@
/// of all the entries in the keystore.
#[test]
fn keystore2_list_entries_with_long_aliases_success() {
- static CLIENT_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID: u32 = 92;
const APPLICATION_ID: u32 = 10002;
static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -252,14 +239,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- CLIENT_CTX,
- Uid::from_raw(CLIENT_UID),
- Gid::from_raw(CLIENT_GID),
- import_keys_fn,
- )
- };
+ unsafe { run_as::run_as_app(CLIENT_UID, CLIENT_GID, import_keys_fn) };
}
/// Import large number of Keystore entries with long aliases such that the
@@ -267,8 +247,6 @@
/// Try to list aliases of all the entries in the keystore using `listEntriesBatched` API.
#[test]
fn keystore2_list_entries_batched_with_long_aliases_success() {
- static CLIENT_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID: u32 = 92;
const APPLICATION_ID: u32 = 10002;
static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -319,14 +297,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- CLIENT_CTX,
- Uid::from_raw(CLIENT_UID),
- Gid::from_raw(CLIENT_GID),
- import_keys_fn,
- )
- };
+ unsafe { run_as::run_as_app(CLIENT_UID, CLIENT_GID, import_keys_fn) };
}
/// Import keys from multiple processes with same user context and try to list the keystore entries
@@ -341,8 +312,6 @@
/// `startingPastAlias` as None. It should list all the keys imported in process-1 and process-2.
#[test]
fn keystore2_list_entries_batched_with_multi_procs_success() {
- static CLIENT_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID: u32 = 92;
const APPLICATION_ID: u32 = 10002;
static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -377,14 +346,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- CLIENT_CTX,
- Uid::from_raw(CLIENT_UID),
- Gid::from_raw(CLIENT_GID),
- import_keys_fn,
- )
- };
+ unsafe { run_as::run_as_app(CLIENT_UID, CLIENT_GID, import_keys_fn) };
let import_more_fn = || {
let sl = SecLevel::tee();
@@ -442,20 +404,11 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- CLIENT_CTX,
- Uid::from_raw(CLIENT_UID),
- Gid::from_raw(CLIENT_GID),
- import_more_fn,
- )
- };
+ unsafe { run_as::run_as_app(CLIENT_UID, CLIENT_GID, import_more_fn) };
}
#[test]
fn keystore2_list_entries_batched_with_empty_keystore_success() {
- static CLIENT_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID: u32 = 92;
const APPLICATION_ID: u32 = 10002;
static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -479,14 +432,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- CLIENT_CTX,
- Uid::from_raw(CLIENT_UID),
- Gid::from_raw(CLIENT_GID),
- list_keys_fn,
- )
- };
+ unsafe { run_as::run_as_app(CLIENT_UID, CLIENT_GID, list_keys_fn) };
}
/// Import a key with SELINUX as domain, list aliases using `listEntriesBatched`.
@@ -546,8 +492,6 @@
#[test]
fn keystore2_list_entries_batched_validate_count_and_order_success() {
- static CLIENT_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID: u32 = 92;
const APPLICATION_ID: u32 = 10002;
static CLIENT_UID: u32 = USER_ID * AID_USER_OFFSET + APPLICATION_ID;
@@ -676,14 +620,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- CLIENT_CTX,
- Uid::from_raw(CLIENT_UID),
- Gid::from_raw(CLIENT_GID),
- list_keys_fn,
- )
- };
+ unsafe { run_as::run_as_app(CLIENT_UID, CLIENT_GID, list_keys_fn) };
}
/// Try to list the key entries with domain SELINUX from user context where user doesn't possesses
@@ -693,8 +630,6 @@
fn keystore2_list_entries_batched_fails_perm_denied() {
let auid = 91 * AID_USER_OFFSET + 10001;
let agid = 91 * AID_USER_OFFSET + 10001;
- static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
let list_keys_fn = move || {
let keystore2 = get_keystore_service();
@@ -709,7 +644,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), list_keys_fn) };
+ unsafe { run_as::run_as_app(auid, agid, list_keys_fn) };
}
/// Try to list key entries with domain BLOB. Test should fail with error response code
@@ -734,8 +669,6 @@
fn keystore2_get_number_of_entries_fails_perm_denied() {
let auid = 91 * AID_USER_OFFSET + 10001;
let agid = 91 * AID_USER_OFFSET + 10001;
- static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
let get_num_fn = move || {
let keystore2 = get_keystore_service();
@@ -748,7 +681,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), get_num_fn) };
+ unsafe { run_as::run_as_app(auid, agid, get_num_fn) };
}
/// Try to get number of key entries with domain BLOB. Test should fail with error response code
diff --git a/keystore2/tests/keystore2_client_operation_tests.rs b/keystore2/tests/keystore2_client_operation_tests.rs
index b4dd385..1f8396e 100644
--- a/keystore2/tests/keystore2_client_operation_tests.rs
+++ b/keystore2/tests/keystore2_client_operation_tests.rs
@@ -430,7 +430,7 @@
/// Should be able to create forced operation with `vold` context successfully.
#[test]
fn keystore2_forced_op_success_test() {
- static TARGET_CTX: &str = "u:r:vold:s0";
+ static TARGET_VOLD_CTX: &str = "u:r:vold:s0";
const USER_ID: u32 = 99;
const APPLICATION_ID: u32 = 10601;
@@ -452,7 +452,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
unsafe {
- run_as::run_as(TARGET_CTX, Uid::from_raw(uid), Gid::from_raw(gid), forced_op_fn);
+ run_as::run_as(TARGET_VOLD_CTX, Uid::from_raw(uid), Gid::from_raw(gid), forced_op_fn);
}
}
diff --git a/keystore2/tests/keystore2_client_update_subcomponent_tests.rs b/keystore2/tests/keystore2_client_update_subcomponent_tests.rs
index 5078924..0e38298 100644
--- a/keystore2/tests/keystore2_client_update_subcomponent_tests.rs
+++ b/keystore2/tests/keystore2_client_update_subcomponent_tests.rs
@@ -22,7 +22,7 @@
use keystore2_test_utils::{
get_keystore_service, key_generations, key_generations::Error, run_as, SecLevel,
};
-use nix::unistd::{getuid, Gid, Uid};
+use nix::unistd::getuid;
use rustutils::users::AID_USER_OFFSET;
/// Generate a key and update its public certificate and certificate chain. Test should be able to
@@ -153,8 +153,6 @@
/// permissions, test should be able to update public certificate and cert-chain successfully.
#[test]
fn keystore2_update_subcomponent_fails_permission_denied() {
- static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
-
const USER_ID_1: u32 = 99;
const APPLICATION_ID: u32 = 10001;
static GRANTEE_1_UID: u32 = USER_ID_1 * AID_USER_OFFSET + APPLICATION_ID;
@@ -223,14 +221,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_1_UID),
- Gid::from_raw(GRANTEE_1_GID),
- grantee1_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_1_UID, GRANTEE_1_GID, grantee1_fn) };
// Grantee context, update granted key public certs. Update should happen successfully.
let granted_key2_nspace = granted_keys.remove(0);
@@ -267,14 +258,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe {
- run_as::run_as(
- GRANTEE_CTX,
- Uid::from_raw(GRANTEE_2_UID),
- Gid::from_raw(GRANTEE_2_GID),
- grantee2_fn,
- )
- };
+ unsafe { run_as::run_as_app(GRANTEE_2_UID, GRANTEE_2_GID, grantee2_fn) };
}
#[test]
diff --git a/keystore2/tests/legacy_blobs/keystore2_legacy_blob_tests.rs b/keystore2/tests/legacy_blobs/keystore2_legacy_blob_tests.rs
index bbbadee..d71f463 100644
--- a/keystore2/tests/legacy_blobs/keystore2_legacy_blob_tests.rs
+++ b/keystore2/tests/legacy_blobs/keystore2_legacy_blob_tests.rs
@@ -27,7 +27,7 @@
use keystore2::utils::AesGcm;
use keystore2_crypto::{Password, ZVec};
use keystore2_test_utils::{get_keystore_service, key_generations, run_as, SecLevel};
-use nix::unistd::{getuid, Gid, Uid};
+use nix::unistd::getuid;
use rustutils::users::AID_USER_OFFSET;
use serde::{Deserialize, Serialize};
use std::ops::Deref;
@@ -128,7 +128,6 @@
fn keystore2_encrypted_characteristics() -> anyhow::Result<()> {
let auid = 99 * AID_USER_OFFSET + 10001;
let agid = 99 * AID_USER_OFFSET + 10001;
- static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
// Cleanup user directory if it exists
let path_buf = PathBuf::from("/data/misc/keystore/user_99");
@@ -330,7 +329,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), use_key_fn) };
+ unsafe { run_as::run_as_app(auid, agid, use_key_fn) };
// Make sure keystore2 clean up imported legacy db.
let path_buf = PathBuf::from("/data/misc/keystore/user_99");
@@ -372,7 +371,6 @@
fn keystore2_encrypted_certificates() -> anyhow::Result<()> {
let auid = 98 * AID_USER_OFFSET + 10001;
let agid = 98 * AID_USER_OFFSET + 10001;
- static TARGET_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";
// Cleanup user directory if it exists
let path_buf = PathBuf::from("/data/misc/keystore/user_98");
@@ -543,7 +541,7 @@
// Safety: only one thread at this point (enforced by `AndroidTest.xml` setting
// `--test-threads=1`), and nothing yet done with binder.
- unsafe { run_as::run_as(TARGET_CTX, Uid::from_raw(auid), Gid::from_raw(agid), use_key_fn) };
+ unsafe { run_as::run_as_app(auid, agid, use_key_fn) };
// Make sure keystore2 clean up imported legacy db.
let path_buf = PathBuf::from("/data/misc/keystore/user_98");