Adding Keystore2 version gate >=4 for the below recently added tests.
1. Tests using
`ResponseCode::GET_ATTESTATION_APPLICATION_ID_FAILED`.
2. Tests using below `IKeystoreAuthorization` APIs -
- onDeviceLocked and onDeviceUnlocked.
These above mentioned changes supported on devices with
`IKeystoreService` version >= 4.
Bug: 353162976
Bug: 354094581
Test: atest keystore2_client_tests
Change-Id: Ib9be4ac705fb5affd3c233cbb27ea13c9a2e57a9
diff --git a/keystore2/tests/user_auth.rs b/keystore2/tests/user_auth.rs
index 263ad56..38cdf6d 100644
--- a/keystore2/tests/user_auth.rs
+++ b/keystore2/tests/user_auth.rs
@@ -126,12 +126,19 @@
Uid::from_raw(UID),
Gid::from_raw(UID),
move |reader, writer| -> Result<(), String> {
- // Now we're in a new process, wait to be notified before starting.
- reader.recv();
-
// Action A: create a new unlocked-device-required key (which thus requires
// super-encryption), while the device is unlocked.
let ks2 = get_keystore_service();
+ if ks2.getInterfaceVersion().unwrap() < 4 {
+ // Assuming `IKeystoreAuthorization::onDeviceLocked` and
+ // `IKeystoreAuthorization::onDeviceUnlocked` APIs will be supported on devices
+ // with `IKeystoreService` >= 4.
+ return Ok(());
+ }
+
+ // Now we're in a new process, wait to be notified before starting.
+ reader.recv();
+
let sec_level = ks2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
let params = AuthSetBuilder::new()
.unlocked_device_required()
@@ -192,6 +199,14 @@
}
.unwrap();
+ let ks2 = get_keystore_service();
+ if ks2.getInterfaceVersion().unwrap() < 4 {
+ // Assuming `IKeystoreAuthorization::onDeviceLocked` and
+ // `IKeystoreAuthorization::onDeviceUnlocked` APIs will be supported on devices
+ // with `IKeystoreService` >= 4.
+ assert_eq!(child_handle.get_result(), Ok(()), "child process failed");
+ return;
+ }
// Now that the separate process has been forked off, it's safe to use binder.
let user = TestUser::new();
let user_id = user.id;