Merge "Sk VTS: Use libdice_policy_builder" into main

2024-01-27 17:52:53 +00:00 · 2024-01-27 17:52:53 +00:00 · 9ef5917d40
commit 9ef5917d40
parent 1cd53aeb50 9eab79b8c9
3 changed files with 7 additions and 6 deletions
--- a/security/secretkeeper/aidl/vts/Android.bp
+++ b/security/secretkeeper/aidl/vts/Android.bp
@ -50,7 +50,7 @@ rust_test {
        "libbinder_rs",
        "libciborium",
        "libcoset",
-        "libdice_policy",
+        "libdice_policy_builder",
        "liblog_rust",
        "libsecretkeeper_client",
        "libsecretkeeper_comm_nostd",
@ -72,7 +72,7 @@ rust_binary {
        "libbinder_rs",
        "libclap",
        "libcoset",
-        "libdice_policy",
+        "libdice_policy_builder",
        "libhex",
        "liblog_rust",
        "libsecretkeeper_client",
--- a/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
+++ b/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
@ -24,7 +24,8 @@ use authgraph_boringssl::BoringSha256;
 use authgraph_core::traits::Sha256;
 use clap::{Args, Parser, Subcommand};
 use coset::CborSerializable;
-use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy, MissingAction};
+use dice_policy_builder::{ConstraintSpec, ConstraintType, MissingAction, policy_for_dice_chain};
+
 use secretkeeper_client::{dice::OwnedDiceArtifactsWithExplicitKey, SkSession};
 use secretkeeper_comm::data_types::{
    error::SecretkeeperError,
@ -146,7 +147,7 @@ impl SkClient {
                MissingAction::Ignore,
            ),
        ];
-        DicePolicy::from_dice_chain(dice, &constraint_spec)
+        policy_for_dice_chain(dice, &constraint_spec)
            .unwrap()
            .to_vec()
            .context("serialize DICE policy")
--- a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
+++ b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
@ -20,7 +20,7 @@ use authgraph_vts_test as ag_vts;
 use authgraph_boringssl as boring;
 use authgraph_core::key;
 use coset::{CborSerializable, CoseEncrypt0};
-use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy, MissingAction};
+use dice_policy_builder::{ConstraintSpec, ConstraintType, MissingAction, policy_for_dice_chain};
 use rdroidtest::{ignore_if, rdroidtest};
 use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey;
 use secretkeeper_client::SkSession;
@ -258,7 +258,7 @@ fn sealing_policy(dice: &[u8]) -> Vec<u8> {
        ),
    ];

-    DicePolicy::from_dice_chain(dice, &constraint_spec).unwrap().to_vec().unwrap()
+    policy_for_dice_chain(dice, &constraint_spec).unwrap().to_vec().unwrap()
 }

 /// Perform AuthGraph key exchange, returning the session keys and session ID.