From 22fb9c16fc97281ac9b89eae4897f9650ebd6f01 Mon Sep 17 00:00:00 2001
From: Shawn Willden <swillden@google.com>
Date: Thu, 2 Jun 2022 14:04:33 -0600
Subject: [PATCH] Implement KeyMint2 test for VSR13

Test: VtsAidlKeyMintTargetTest & VtsHalKeymasterV4_0TargetTest
Change-Id: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
---
 .../functional/keymaster_hidl_hal_test.cpp    | 35 +++++++++++++++++++
 .../vts/functional/KeyMintAidlTestBase.cpp    | 22 ++++++++++++
 .../aidl/vts/functional/KeyMintAidlTestBase.h |  3 ++
 .../aidl/vts/functional/KeyMintTest.cpp       | 12 +++++++
 4 files changed, 72 insertions(+)

diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index bf568600d6..bdaaf96dc4 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -27,6 +27,7 @@
 #include <openssl/mem.h>
 #include <openssl/x509.h>
 
+#include <android-base/properties.h>
 #include <cutils/properties.h>
 
 #include <keymasterV4_0/attestation_record.h>
@@ -386,6 +387,28 @@ bool avb_verification_enabled() {
     return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
 }
 
+int get_vsr_api_level() {
+    int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);
+    }
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.vndk.version", -1);
+    }
+    // We really should have a VSR API level by now.  But on cuttlefish, and perhaps other weird
+    // devices, we may not.  So, we use the SDK first or current API level if needed.  If this goes
+    // wrong, it should go wrong in the direction of being too strict rather than too lenient, which
+    // should provoke someone to examine why we don't have proper VSR API level properties.
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1);
+    }
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1);
+    }
+    EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent.";
+    return api_level;
+}
+
 bool is_gsi() {
     char property_value[PROPERTY_VALUE_MAX] = {};
     EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);
@@ -4833,6 +4856,18 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
 
 INSTANTIATE_KEYMASTER_HIDL_TEST(TransportLimitTest);
 
+using VsrRequirementTest = KeymasterHidlTest;
+
+TEST_P(VsrRequirementTest, Vsr13Test) {
+    int vsr_api_level = get_vsr_api_level();
+    if (vsr_api_level < 33) {
+        GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;
+    }
+    FAIL() << "VSR 13+ requires KeyMint version 2";
+}
+
+INSTANTIATE_KEYMASTER_HIDL_TEST(VsrRequirementTest);
+
 }  // namespace test
 }  // namespace V4_0
 }  // namespace keymaster
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 70b89c3280..33945fd0e5 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -1460,6 +1460,28 @@ void verify_subject(const X509* cert,       //
     OPENSSL_free(cert_issuer);
 }
 
+int get_vsr_api_level() {
+    int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);
+    }
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.vndk.version", -1);
+    }
+    // We really should have a VSR API level by now.  But on cuttlefish, and perhaps other weird
+    // devices, we may not.  So, we use the SDK first or current API level if needed.  If this goes
+    // wrong, it should go wrong in the direction of being too strict rather than too lenient, which
+    // should provoke someone to examine why we don't have proper VSR API level properties.
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1);
+    }
+    if (api_level == -1) {
+        api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1);
+    }
+    EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent.";
+    return api_level;
+}
+
 bool is_gsi_image() {
     std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc");
     return ifs.good();
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 043d8b5144..8f9df24522 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -355,6 +355,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t
     }
 }
 
+// Return the VSR API level for this device.
+int get_vsr_api_level();
+
 // Indicate whether the test is running on a GSI image.
 bool is_gsi_image();
 
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 38f5b1c789..641a227b59 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -8014,6 +8014,18 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) {
 
 INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest);
 
+using VsrRequirementTest = KeyMintAidlTestBase;
+
+TEST_P(VsrRequirementTest, Vsr13Test) {
+    int vsr_api_level = get_vsr_api_level();
+    if (vsr_api_level < 33) {
+        GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;
+    }
+    EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2";
+}
+
+INSTANTIATE_KEYMINT_AIDL_TEST(VsrRequirementTest);
+
 }  // namespace aidl::android::hardware::security::keymint::test
 
 int main(int argc, char** argv) {