From 9c28a1ed3ab45706f64296e924ec46eecbc39ded Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Thu, 3 Feb 2022 19:14:06 -0800
Subject: [PATCH] Make os_version optional for StrongBox

This change allows the os_version in the DeviceInfo map to be optional
for StrongBox implementations. It also adds the appropriate changes to
the VTS test to relax this requirement.

Bug: 215444522
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I1695b7c4e7a9bd884fa88c14f9c22bacd38cdbd3
---
 .../aidl/android/hardware/security/keymint/DeviceInfo.aidl    | 4 +++-
 .../vts/functional/VtsRemotelyProvisionedComponentTests.cpp   | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index 586e6597a6..180f191188 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
@@ -38,7 +38,9 @@ parcelable DeviceInfo {
      *         "vb_state" : "green" / "yellow" / "orange",    // Taken from the AVB values
      *         "bootloader_state" : "locked" / "unlocked",    // Taken from the AVB values
      *         "vbmeta_digest": bstr,                         // Taken from the AVB values
-     *         "os_version" : tstr,                      // Same as android.os.Build.VERSION.release
+     *         ? "os_version" : tstr,                         // Same as
+     *                                                        // android.os.Build.VERSION.release
+     *                                                        // Not optional for TEE.
      *         "system_patch_level" : uint,                   // YYYYMMDD
      *         "boot_patch_level" : uint,                     // YYYYMMDD
      *         "vendor_patch_level" : uint,                   // YYYYMMDD
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 3a7e000450..7e1b65cd65 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -492,7 +492,6 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
                 ASSERT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()),
                           allowList.end());
                 checkType(deviceInfo, cppbor::BSTR, "vbmeta_digest");
-                checkType(deviceInfo, cppbor::TSTR, "os_version");
                 checkType(deviceInfo, cppbor::UINT, "system_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "boot_patch_level");
                 checkType(deviceInfo, cppbor::UINT, "vendor_patch_level");
@@ -502,6 +501,9 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
                 allowList = getAllowedSecurityLevels();
                 ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
                           allowList.end());
+                if (deviceInfo->get("security_level")->asTstr()->value() == "tee") {
+                    checkType(deviceInfo, cppbor::TSTR, "os_version");
+                }
                 break;
             case 1:
                 checkType(deviceInfo, cppbor::TSTR, "security_level");