commit fa63f2342d390bd0475805800a486f6cda0470da
author David Drysdale <drysdale@google.com> Mon Oct 21 06:36:43 2024 +0100
committer David Drysdale <drysdale@google.com> Mon Oct 21 07:04:35 2024 +0000
tree 16ba8c9a852acc7a11065a221fc5ea5b7c41790b
parent dd082da300f23a4032993ec157ff506cd6776632

Adjust tests for newly-exposed Grant functionality

Test: keystore2_client_tests
Test: keystore2_test
Bug: 374411756
Bug: 351899088
Change-Id: I99f2ad0d5a677db9c65ff30326608f930c049245

keystore2/src/permission/tests.rs

diff --git a/keystore2/src/permission/tests.rs b/keystore2/src/permission/tests.rs
index f555c12..c9aebfe 100644
--- a/keystore2/src/permission/tests.rs
+++ b/keystore2/src/permission/tests.rs
@@ -134,15 +134,12 @@
 #[test]
 fn check_grant_permission_app() -> Result<()> {
     let system_server_ctx = Context::new("u:r:system_server:s0")?;
-    let shell_ctx = Context::new("u:r:shell:s0")?;
     let key = KeyDescriptor { domain: Domain::APP, nspace: 0, alias: None, blob: None };
     check_grant_permission(&system_server_ctx, SYSTEM_SERVER_PERMISSIONS_NO_GRANT, &key)
         .expect("Grant permission check failed.");
 
     // attempts to grant the grant permission must always fail even when privileged.
     assert_perm_failed!(check_grant_permission(&system_server_ctx, KeyPerm::Grant.into(), &key));
-    // unprivileged grant attempts always fail. shell does not have the grant permission.
-    assert_perm_failed!(check_grant_permission(&shell_ctx, UNPRIV_PERMS, &key));
     Ok(())
 }
 
@@ -209,7 +206,6 @@
     assert!(check_key_permission(0, &shell_ctx, KeyPerm::GetInfo, &key, &None).is_ok());
     assert!(check_key_permission(0, &shell_ctx, KeyPerm::Rebind, &key, &None).is_ok());
     assert!(check_key_permission(0, &shell_ctx, KeyPerm::Update, &key, &None).is_ok());
-    assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::Grant, &key, &None));
     assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::ReqForcedOp, &key, &None));
     assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::ManageBlob, &key, &None));
     assert_perm_failed!(check_key_permission(0, &shell_ctx, KeyPerm::UseDevId, &key, &None));

keystore2/tests/keystore2_client_grant_key_tests.rs

diff --git a/keystore2/tests/keystore2_client_grant_key_tests.rs b/keystore2/tests/keystore2_client_grant_key_tests.rs
index 50b87b9..89569f5 100644
--- a/keystore2/tests/keystore2_client_grant_key_tests.rs
+++ b/keystore2/tests/keystore2_client_grant_key_tests.rs
@@ -311,6 +311,7 @@
 /// from grantee context. Test should make sure second grantee should not have a access to granted
 /// key.
 #[test]
+#[ignore]
 fn keystore2_grant_key_fails_with_permission_denied() {
     static GRANTOR_SU_CTX: &str = "u:r:su:s0";
     static GRANTEE_CTX: &str = "u:r:untrusted_app:s0:c91,c256,c10,c20";