Merge "Grant VTS tests all permissions in keystore on userdebug/eng" am: 3ed33f4013 am: 7806acc7e8
am: d10c58edbd
Change-Id: Iad66984e3a462e3fdad7c5387d31671c31470fae
diff --git a/keystore/Android.bp b/keystore/Android.bp
index a12183f..9bd363f 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -78,6 +78,13 @@
pdk: {
enabled: false,
},
+ debuggable: {
+ cflags: [
+ // Allow VTS tests running as root to have
+ // additional permissions.
+ "-DGRANT_ROOT_ALL_PERMISSIONS",
+ ],
+ },
},
required: ["keystore_cli_v2"],
diff --git a/keystore/permissions.cpp b/keystore/permissions.cpp
index 42568b2..c68be50 100644
--- a/keystore/permissions.cpp
+++ b/keystore/permissions.cpp
@@ -54,9 +54,16 @@
uid_t euid;
};
-user_euid user_euids[] = {
- {AID_VPN, AID_SYSTEM}, {AID_WIFI, AID_SYSTEM}, {AID_ROOT, AID_SYSTEM},
- {AID_WIFI, AID_KEYSTORE}, {AID_KEYSTORE, AID_WIFI}
+user_euid user_euids[] = {{AID_VPN, AID_SYSTEM},
+ {AID_WIFI, AID_SYSTEM},
+ {AID_ROOT, AID_SYSTEM},
+ {AID_WIFI, AID_KEYSTORE},
+ {AID_KEYSTORE, AID_WIFI},
+
+#ifdef GRANT_ROOT_ALL_PERMISSIONS
+ // Allow VTS tests to act on behalf of the wifi user
+ {AID_WIFI, AID_ROOT}
+#endif
};
struct user_perm {
@@ -68,7 +75,13 @@
{AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0))},
{AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY)},
{AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY)},
+
+#ifdef GRANT_ROOT_ALL_PERMISSIONS
+ // Allow VTS tests running as root to perform all operations
+ {AID_ROOT, static_cast<perm_t>((uint32_t)(~0))},
+#else
{AID_ROOT, static_cast<perm_t>(P_GET)},
+#endif
};
static const perm_t DEFAULT_PERMS = static_cast<perm_t>(