Merge "Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing" into sc-dev am: eca569897a am: 17ae17af10

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15263335 Change-Id: I3abd97b8d0a92588699b859bd3958d96dd3bcb1b
2026-02-02 17:31:58 +00:00 · 2021-07-13 18:06:42 +00:00
parent 31d806d4da 17ae17af10
commit 672ca71ff8
1 changed files with 4 additions and 6 deletions
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -1493,9 +1493,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
            tag.tag == TAG_ROLLBACK_RESISTANCE) {
            continue;
        }
-        if (result == ErrorCode::UNSUPPORTED_TAG &&
-            (tag.tag == TAG_ALLOW_WHILE_ON_BODY || tag.tag == TAG_TRUSTED_USER_PRESENCE_REQUIRED)) {
-            // Optional tag not supported by this KeyMint implementation.
+        if (result == ErrorCode::UNSUPPORTED_TAG && tag.tag == TAG_TRUSTED_USER_PRESENCE_REQUIRED) {
+            // Tag not required to be supported by all KeyMint implementations.
            continue;
        }
        ASSERT_EQ(result, ErrorCode::OK);
@@ -1507,9 +1506,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {

        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
-        if (tag.tag != TAG_ATTESTATION_APPLICATION_ID) {
-            // Expect to find most of the extra tags in the key characteristics
-            // of the generated key (but not for ATTESTATION_APPLICATION_ID).
+        // Some tags are optional, so don't require them to be in the enforcements.
+        if (tag.tag != TAG_ATTESTATION_APPLICATION_ID && tag.tag != TAG_ALLOW_WHILE_ON_BODY) {
            EXPECT_TRUE(hw_enforced.Contains(tag.tag) || sw_enforced.Contains(tag.tag))
                    << tag << " not in hw:" << hw_enforced << " nor sw:" << sw_enforced;
        }