From 087ead16089949116a0d1e157d4c3f87fe47c80e Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Tue, 21 Nov 2023 10:18:08 +0000 Subject: [PATCH] AuthGraph VTS: detect additional errors A failure to get the IAuthGraphKeyExchange/nonsecure instance might be because it's not registered (likely on most non-Cuttlefish devices) or it might be for some other reason, such as SELinux denial. So detect other kinds of failure to get the service, and also change the VTS to require root so SELinux denials don't happen. Also tweak the expected return code when a source is given a corrupt key; now that replay protection is implemented, the reference implementation rejects this earlier (and with a different error) because the session lookup fails. Test: VtsAidlAuthGraphRoleTest Bug: 291228560 Change-Id: I032600ac809f43a3642fa9ef9aae788d3ca2378f --- security/authgraph/aidl/vts/functional/Android.bp | 1 + security/authgraph/aidl/vts/functional/role_test.rs | 7 ++++++- security/authgraph/aidl/vts/functional/source.rs | 12 ++++++++---- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/security/authgraph/aidl/vts/functional/Android.bp b/security/authgraph/aidl/vts/functional/Android.bp index 0e3480f006..28a70e204d 100644 --- a/security/authgraph/aidl/vts/functional/Android.bp +++ b/security/authgraph/aidl/vts/functional/Android.bp @@ -50,6 +50,7 @@ cc_test { rust_test { name: "VtsAidlAuthGraphRoleTest", srcs: ["role_test.rs"], + require_root: true, test_suites: [ "general-tests", "vts", diff --git a/security/authgraph/aidl/vts/functional/role_test.rs b/security/authgraph/aidl/vts/functional/role_test.rs index 71a2fae941..3075d8a85f 100644 --- a/security/authgraph/aidl/vts/functional/role_test.rs +++ b/security/authgraph/aidl/vts/functional/role_test.rs @@ -22,13 +22,18 @@ use authgraph_vts_test as vts; use android_hardware_security_authgraph::aidl::android::hardware::security::authgraph::{ IAuthGraphKeyExchange::IAuthGraphKeyExchange, }; +use binder::StatusCode; const AUTH_GRAPH_NONSECURE: &str = "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure"; /// Retrieve the /nonsecure instance of AuthGraph, which supports both sink and source roles. fn get_nonsecure() -> Option> { - binder::get_interface(AUTH_GRAPH_NONSECURE).ok() + match binder::get_interface(AUTH_GRAPH_NONSECURE) { + Ok(ag) => Some(ag), + Err(StatusCode::NAME_NOT_FOUND) => None, + Err(e) => panic!("failed to get AuthGraph/nonsecure: {e:?}"), + } } /// Macro to require availability of a /nonsecure instance of AuthGraph. diff --git a/security/authgraph/aidl/vts/functional/source.rs b/security/authgraph/aidl/vts/functional/source.rs index 4178a99733..a1e76b329c 100644 --- a/security/authgraph/aidl/vts/functional/source.rs +++ b/security/authgraph/aidl/vts/functional/source.rs @@ -250,9 +250,13 @@ pub fn test_corrupt_key( &corrupt_key, ); - let err = result.expect_err("expect failure with corrupt signature"); - assert_eq!( - err, - binder::Status::new_service_specific_error(Error::INVALID_PRIV_KEY_ARC_IN_KEY.0, None) + let err = result.expect_err("expect failure with corrupt key"); + assert!( + err == binder::Status::new_service_specific_error(Error::INVALID_KE_KEY.0, None) + || err + == binder::Status::new_service_specific_error( + Error::INVALID_PRIV_KEY_ARC_IN_KEY.0, + None + ) ); }