tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Updated the logic to determine the VSR API level for device ID

Browse source 
attestation tests.

The following order of precedence is used to determine the VSR API level:
1. If the `ro.vendor.api_level` property is present, then use it as the
   VSR API level.
2. Otherwise, determine the VSR API level with the following logic:
  - Get the vendor API level using the `ro.board.api_level` property if
    present; otherwise, use the `ro.board.first_api_level` property.
  - Get the product API level using the `ro.product.first_api_level`
    property if present; otherwise, use the `ro.build.version.sdk`
    property.
  - If it is unable to determine the vendor API level, then use the
    product API level as the VSR API level.
  - If both the vendor API level and product API level are available,
    then use the minimum of `vendor_api_level` and `product_api_level`
    as the VSR API level.
  - Otherwise, the vendor API level will be used as the VSR API level.

Bug: 326675646
Test: atest keystore2_client_tests
(cherry picked from https://android-review.googlesource.com/q/commit:3f6c8a250de737a3cc9571b047ff8a156c2b4754)
Merged-In: I3aa48d05f367fafab5151fa7eb6dd447840dae0d
Change-Id: I3aa48d05f367fafab5151fa7eb6dd447840dae0d
This commit is contained in:
Rajesh Nyamagoud 2024-02-27 01:59:52 +00:00 committed by Cherrypicker Worker
parent 3ae9de9fe3
commit b10745144a
1 changed files with 32 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
keystore2/tests/keystore2_client_test_utils.rs
View file

@ -95,14 +95,11 @@ pub fn skip_device_id_attest_tests() -> bool {
// only system update and not vendor update, newly added attestation properties
// (ro.product.*_for_attestation) reading logic would not be available for such devices
// hence skipping this test for such scenario.
let api_level = std::str::from_utf8(&get_system_prop("ro.board.first_api_level"))
.unwrap()
.parse::<i32>()
.unwrap();
// This file is only present on GSI builds.
let path_buf = PathBuf::from("/system/system_ext/etc/init/init.gsi.rc");
api_level < 34 && path_buf.as_path().is_file()
// This file is only present on GSI builds.
let gsi_marker = PathBuf::from("/system/system_ext/etc/init/init.gsi.rc");
get_vsr_api_level() < 34 && gsi_marker.as_path().is_file()
}
#[macro_export]
@ -514,15 +511,38 @@ pub fn get_system_prop(name: &str) -> Vec<u8> {
}
}
fn get_integer_system_prop(name: &str) -> Option<i32> {
let val = get_system_prop(name);
if val.is_empty() {
return None;
}
let val = std::str::from_utf8(&val).ok()?;
val.parse::<i32>().ok()
}
pub fn get_vsr_api_level() -> i32 {
if let Some(api_level) = get_integer_system_prop("ro.vendor.api_level") {
return api_level;
}
let vendor_api_level = get_integer_system_prop("ro.board.api_level")
.or_else(|| get_integer_system_prop("ro.board.first_api_level"));
let product_api_level = get_integer_system_prop("ro.product.first_api_level")
.or_else(|| get_integer_system_prop("ro.build.version.sdk"));
match (vendor_api_level, product_api_level) {
(Some(v), Some(p)) => std::cmp::min(v, p),
(Some(v), None) => v,
(None, Some(p)) => p,
_ => panic!("Could not determine VSR API level"),
}
}
/// Determines whether the SECOND-IMEI can be used as device attest-id.
pub fn is_second_imei_id_attestation_required(
keystore2: &binder::Strong<dyn IKeystoreService>,
) -> bool {
let api_level = std::str::from_utf8(&get_system_prop("ro.vendor.api_level"))
.unwrap()
.parse::<i32>()
.unwrap();
keystore2.getInterfaceVersion().unwrap() >= 3 && api_level > 33
keystore2.getInterfaceVersion().unwrap() >= 3 && get_vsr_api_level() > 33
}
/// Run a service command and collect the output.