Merge "Avoid checking VENDOR_PATCHLEVEL in generated key characteristics if the underlying device is a Keymaster implementation." into main am: 255cde6f04 Original change: https://android-review.googlesource.com/c/platform/system/security/+/3254317 Change-Id: I6a678c110675fb4f6e8dfb079da9dba3a79b98f4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: d1a34e64575fe6f0490cfe08d43caa0b0df9f58f [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Wed Sep 04 18:22:47 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Sep 04 18:22:47 2024 +0000
tree: bb8ca31de261b5a99d47672f79f49cab552d87b5
parent: 29005ce693c7e2f0d0cbfe08e9f35da7cbf77e01 [diff]
parent: 255cde6f04bdd77103b62f09e6b9958446aa828f [diff]
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
index 258c68f..e2f0b3e 100644
--- a/keystore2/test_utils/key_generations.rs
+++ b/keystore2/test_utils/key_generations.rs

@@ -466,14 +466,19 @@
             return true;
         }
 
+        // Don't check these parameters if the underlying device is a Keymaster implementation.
         if sl.is_keymaster() {
-            // `Tag::USAGE_COUNT_LIMIT` was added in KeyMint 1.0, so don't check for it if the
-            // underlying device is a Keymaster implementation.
-            if matches!(key_param.tag, Tag::USAGE_COUNT_LIMIT) {
+            if matches!(
+                key_param.tag,
+                // `Tag::USAGE_COUNT_LIMIT` was added in KeyMint 1.0.
+                Tag::USAGE_COUNT_LIMIT |
+                // Keymaster implementations may not consistently include `Tag::VENDOR_PATCHLEVEL`
+                // in generated key characteristics.
+                Tag::VENDOR_PATCHLEVEL
+            ) {
                 return true;
             }
-            // `KeyPurpose::ATTEST_KEY` was added in KeyMint 1.0, so don't check for it if the
-            // underlying device is a Keymaster implementation.
+            // `KeyPurpose::ATTEST_KEY` was added in KeyMint 1.0.
             if key_param.tag == Tag::PURPOSE
                 && key_param.value == KeyParameterValue::KeyPurpose(KeyPurpose::ATTEST_KEY)
             {
commit	d1a34e64575fe6f0490cfe08d43caa0b0df9f58f	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Wed Sep 04 18:22:47 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Wed Sep 04 18:22:47 2024 +0000
tree	bb8ca31de261b5a99d47672f79f49cab552d87b5
parent	29005ce693c7e2f0d0cbfe08e9f35da7cbf77e01 [diff]
parent	255cde6f04bdd77103b62f09e6b9958446aa828f [diff]