From cdf9d2c9362a41aa097aea9c183dc028e5518237 Mon Sep 17 00:00:00 2001 From: Alice Wang Date: Tue, 31 Oct 2023 15:01:15 +0000 Subject: [PATCH] Revert "[avf] Adjust IRPC VTS tests to handle AVF in unsupported env" Revert submission 2778549-expose-avf-rkp-hal Reason for revert: SELinux denial avc: denied { find } for pid=3400 uid=10085 name=android.hardware.security.keymint.IRemotelyProvisionedComponent/avf scontext=u:r:rkpdapp:s0:c85,c256,c512,c768 tcontext=u:object_r:avf_remotelyprovisionedcomponent_service:s0 tclass=service_manager permissive=0 Reverted changes: /q/submissionid:2778549-expose-avf-rkp-hal Bug: 308596709 Change-Id: Id6a930d16949389048713cef20dfa06cdbb9ac95 --- security/keymint/support/remote_prov_utils.cpp | 9 --------- .../VtsRemotelyProvisionedComponentTests.cpp | 15 ++------------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp index 6edbfc157a..34f7ce4627 100644 --- a/security/keymint/support/remote_prov_utils.cpp +++ b/security/keymint/support/remote_prov_utils.cpp @@ -520,15 +520,6 @@ ErrMsgOr> parseAndValidateDeviceInfo( std::to_string(info.versionNumber) + ")."; } } - // Bypasses the device info validation since the device info in AVF is currently - // empty. Check b/299256925 for more information. - // - // TODO(b/300911665): This check is temporary and will be replaced once the markers - // on the DICE chain become available. We need to determine if the CSR is from the - // RKP VM using the markers on the DICE chain. - if (info.uniqueId == "AVF Remote Provisioning 1") { - return std::move(parsed); - } std::string error; std::string tmp; diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp index a1de93ee2a..62463ebc7b 100644 --- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp @@ -55,8 +55,6 @@ constexpr int32_t VERSION_WITH_SUPPORTED_NUM_KEYS_IN_CSR = 3; constexpr uint8_t MIN_CHALLENGE_SIZE = 0; constexpr uint8_t MAX_CHALLENGE_SIZE = 64; -const string RKP_VM_INSTANCE_NAME = - "android.hardware.security.keymint.IRemotelyProvisionedComponent/avf"; #define INSTANTIATE_REM_PROV_AIDL_TEST(name) \ GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name); \ @@ -183,12 +181,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParamgetHardwareInfo(&rpcHardwareInfo); - if (GetParam() == RKP_VM_INSTANCE_NAME && - status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) { - GTEST_SKIP() << "The RKP VM is not supported on this system."; - } - ASSERT_TRUE(status.isOk()); + ASSERT_TRUE(provisionable_->getHardwareInfo(&rpcHardwareInfo).isOk()); } static vector build_params() { @@ -214,11 +207,7 @@ TEST(NonParameterizedTests, eachRpcHasAUniqueId) { ASSERT_NE(rpc, nullptr); RpcHardwareInfo hwInfo; - auto status = rpc->getHardwareInfo(&hwInfo); - if (hal == RKP_VM_INSTANCE_NAME && status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) { - GTEST_SKIP() << "The RKP VM is not supported on this system."; - } - ASSERT_TRUE(status.isOk()); + ASSERT_TRUE(rpc->getHardwareInfo(&hwInfo).isOk()); if (hwInfo.versionNumber >= VERSION_WITH_UNIQUE_ID_SUPPORT) { ASSERT_TRUE(hwInfo.uniqueId);