From 3a4a3a95b82df6e9c7449d7ea2676b7d13fbaf58 Mon Sep 17 00:00:00 2001 From: Shawn Willden Date: Wed, 22 Feb 2023 14:15:34 -0700 Subject: [PATCH] Correct AttestKey test that checks Qualcomm's SPU waiver. The test exempted KeyMint on the affected chips from having to implement ATTEST_KEY if they have StrongBox in all Android releases from Android S onwards, but the waiver was given only for Android S and T. This CL changes the test to reinstate the requirement after Android T. Test: VtsAidlKeyMintTargetTest Change-Id: I8481ae31de34aae220af7e7188632edcc2d391f0 --- security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index cdcaaf33f4..8027dce4d6 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -142,11 +142,14 @@ class AttestKeyTest : public KeyMintAidlTestBase { return false; } - // Check if chipset has received a waiver allowing it to be launched with - // Android S (or later) with Keymaster 4.0 in StrongBox + // Check if chipset has received a waiver allowing it to be launched with Android S or T with + // Keymaster 4.0 in StrongBox. bool is_chipset_allowed_km4_strongbox(void) const { std::array buffer; + const int32_t first_api_level = property_get_int32("ro.board.first_api_level", 0); + if (first_api_level <= 0 || first_api_level > __ANDROID_API_T__) return false; + auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr); if (res <= 0) return false;