From 32a7bece10eb1f47cb4473a86df12cabd7910d46 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Tue, 3 May 2022 18:48:57 +0100 Subject: [PATCH] KeyMint VTS: skip device ID checks on GSI Bug: 229356841 Test: VtsAidlKeyMintTargetTest Change-Id: I3182bad5584c35df7b1eeb476dabb39d19fdf12c (cherry picked from commit 555ba00c0f2adb6bed6f507a78e43885e9f46048) Merged-In: I3182bad5584c35df7b1eeb476dabb39d19fdf12c --- security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 5 +++++ .../keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 6 ++++++ security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h | 3 +++ security/keymint/aidl/vts/functional/KeyMintTest.cpp | 5 +++++ 4 files changed, 19 insertions(+) diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 5cdea93a19..240de351d6 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -743,6 +743,11 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) { } TEST_P(AttestKeyTest, EcdsaAttestationID) { + if (is_gsi_image()) { + // GSI sets up a standard set of device identifiers that may not match + // the device identifiers held by the device. + GTEST_SKIP() << "Test not applicable under GSI"; + } // Create attestation key. AttestationKey attest_key; vector attest_key_characteristics; diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 943c692c3e..be219940f8 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -17,6 +17,7 @@ #include "KeyMintAidlTestBase.h" #include +#include #include #include @@ -1460,6 +1461,11 @@ void verify_subject(const X509* cert, // OPENSSL_free(cert_issuer); } +bool is_gsi_image() { + std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc"); + return ifs.good(); +} + vector build_serial_blob(const uint64_t serial_int) { BIGNUM_Ptr serial(BN_new()); EXPECT_TRUE(BN_set_u64(serial.get(), serial_int)); diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 7279c95692..2634ab7868 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag build_serial_blob(const uint64_t serial_int); void verify_subject(const X509* cert, const string& subject, bool self_signed); void verify_serial(X509* cert, const uint64_t expected_serial); diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index cbe4512ab3..7950850f91 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -1949,6 +1949,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { * attestation extension. */ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { + if (is_gsi_image()) { + // GSI sets up a standard set of device identifiers that may not match + // the device identifiers held by the device. + GTEST_SKIP() << "Test not applicable under GSI"; + } auto challenge = "hello"; auto app_id = "foo"; auto subject = "cert subj 2";