Merge "AuthGraph VTS: detect additional errors" into main

security/authgraph/aidl/vts/functional/Android.bp

@@ -50,6 +50,7 @@ cc_test {
 rust_test {
     name: "VtsAidlAuthGraphRoleTest",
     srcs: ["role_test.rs"],
+    require_root: true,
     test_suites: [
         "general-tests",
         "vts",

security/authgraph/aidl/vts/functional/role_test.rs

@@ -22,13 +22,18 @@ use authgraph_vts_test as vts;
 use android_hardware_security_authgraph::aidl::android::hardware::security::authgraph::{
     IAuthGraphKeyExchange::IAuthGraphKeyExchange,
 };
+use binder::StatusCode;
 
 const AUTH_GRAPH_NONSECURE: &str =
     "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure";
 
 /// Retrieve the /nonsecure instance of AuthGraph, which supports both sink and source roles.
 fn get_nonsecure() -> Option<binder::Strong<dyn IAuthGraphKeyExchange>> {
-    binder::get_interface(AUTH_GRAPH_NONSECURE).ok()
+    match binder::get_interface(AUTH_GRAPH_NONSECURE) {
+        Ok(ag) => Some(ag),
+        Err(StatusCode::NAME_NOT_FOUND) => None,
+        Err(e) => panic!("failed to get AuthGraph/nonsecure: {e:?}"),
+    }
 }
 
 /// Macro to require availability of a /nonsecure instance of AuthGraph.

security/authgraph/aidl/vts/functional/source.rs

@@ -250,9 +250,13 @@ pub fn test_corrupt_key(
         &corrupt_key,
     );
 
-    let err = result.expect_err("expect failure with corrupt signature");
+    let err = result.expect_err("expect failure with corrupt key");
-    assert_eq!(
+    assert!(
-        err,
+        err == binder::Status::new_service_specific_error(Error::INVALID_KE_KEY.0, None)
-        binder::Status::new_service_specific_error(Error::INVALID_PRIV_KEY_ARC_IN_KEY.0, None)
+            || err
+                == binder::Status::new_service_specific_error(
+                    Error::INVALID_PRIV_KEY_ARC_IN_KEY.0,
+                    None
+                )
     );
 }