Merge "KeyMint VTS: skip device ID checks on GSI"

2022-05-05 05:27:34 +00:00 · 2022-05-05 05:27:34 +00:00 · 072c0b3ab6
commit 072c0b3ab6
parent 746490557e 555ba00c0f
4 changed files with 19 additions and 0 deletions
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@ -743,6 +743,11 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
 }

 TEST_P(AttestKeyTest, EcdsaAttestationID) {
+    if (is_gsi_image()) {
+        // GSI sets up a standard set of device identifiers that may not match
+        // the device identifiers held by the device.
+        GTEST_SKIP() << "Test not applicable under GSI";
+    }
    // Create attestation key.
    AttestationKey attest_key;
    vector<KeyCharacteristics> attest_key_characteristics;
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@ -17,6 +17,7 @@
 #include "KeyMintAidlTestBase.h"

 #include <chrono>
+#include <fstream>
 #include <unordered_set>
 #include <vector>

@ -1460,6 +1461,11 @@ void verify_subject(const X509* cert,       //
    OPENSSL_free(cert_issuer);
 }

+bool is_gsi_image() {
+    std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc");
+    return ifs.good();
+}
+
 vector<uint8_t> build_serial_blob(const uint64_t serial_int) {
    BIGNUM_Ptr serial(BN_new());
    EXPECT_TRUE(BN_set_u64(serial.get(), serial_int));
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t
    }
 }

+// Indicate whether the test is running on a GSI image.
+bool is_gsi_image();
+
 vector<uint8_t> build_serial_blob(const uint64_t serial_int);
 void verify_subject(const X509* cert, const string& subject, bool self_signed);
 void verify_serial(X509* cert, const uint64_t expected_serial);
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@ -1949,6 +1949,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
 * attestation extension.
 */
 TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
+    if (is_gsi_image()) {
+        // GSI sets up a standard set of device identifiers that may not match
+        // the device identifiers held by the device.
+        GTEST_SKIP() << "Test not applicable under GSI";
+    }
    auto challenge = "hello";
    auto app_id = "foo";
    auto subject = "cert subj 2";