diff options
author | Rajesh Nyamagoud <nyamagoud@google.com> | 2024-02-27 01:59:52 +0000 |
---|---|---|
committer | Rajesh Nyamagoud <nyamagoud@google.com> | 2024-02-29 19:02:11 +0000 |
commit | 3f6c8a250de737a3cc9571b047ff8a156c2b4754 (patch) | |
tree | ab0e6c5a7dfada7355f010f50b88828c84093e6c | |
parent | cbae97c988c298303d9f094133182fc63b31e399 (diff) | |
download | security-3f6c8a250de737a3cc9571b047ff8a156c2b4754.tar.gz |
Updated the logic to determine the VSR API level for device ID
attestation tests.
The following order of precedence is used to determine the VSR API level:
1. If the `ro.vendor.api_level` property is present, then use it as the
VSR API level.
2. Otherwise, determine the VSR API level with the following logic:
- Get the vendor API level using the `ro.board.api_level` property if
present; otherwise, use the `ro.board.first_api_level` property.
- Get the product API level using the `ro.product.first_api_level`
property if present; otherwise, use the `ro.build.version.sdk`
property.
- If it is unable to determine the vendor API level, then use the
product API level as the VSR API level.
- If both the vendor API level and product API level are available,
then use the minimum of `vendor_api_level` and `product_api_level`
as the VSR API level.
- Otherwise, the vendor API level will be used as the VSR API level.
Bug: 326675646
Test: atest keystore2_client_tests
Change-Id: I3aa48d05f367fafab5151fa7eb6dd447840dae0d
-rw-r--r-- | keystore2/tests/keystore2_client_test_utils.rs | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/keystore2/tests/keystore2_client_test_utils.rs b/keystore2/tests/keystore2_client_test_utils.rs index f270297c..7534da3a 100644 --- a/keystore2/tests/keystore2_client_test_utils.rs +++ b/keystore2/tests/keystore2_client_test_utils.rs @@ -95,14 +95,11 @@ pub fn skip_device_id_attest_tests() -> bool { // only system update and not vendor update, newly added attestation properties // (ro.product.*_for_attestation) reading logic would not be available for such devices // hence skipping this test for such scenario. - let api_level = std::str::from_utf8(&get_system_prop("ro.board.first_api_level")) - .unwrap() - .parse::<i32>() - .unwrap(); + // This file is only present on GSI builds. - let path_buf = PathBuf::from("/system/system_ext/etc/init/init.gsi.rc"); + let gsi_marker = PathBuf::from("/system/system_ext/etc/init/init.gsi.rc"); - api_level < 34 && path_buf.as_path().is_file() + get_vsr_api_level() < 34 && gsi_marker.as_path().is_file() } #[macro_export] @@ -514,15 +511,38 @@ pub fn get_system_prop(name: &str) -> Vec<u8> { } } +fn get_integer_system_prop(name: &str) -> Option<i32> { + let val = get_system_prop(name); + if val.is_empty() { + return None; + } + let val = std::str::from_utf8(&val).ok()?; + val.parse::<i32>().ok() +} + +pub fn get_vsr_api_level() -> i32 { + if let Some(api_level) = get_integer_system_prop("ro.vendor.api_level") { + return api_level; + } + + let vendor_api_level = get_integer_system_prop("ro.board.api_level") + .or_else(|| get_integer_system_prop("ro.board.first_api_level")); + let product_api_level = get_integer_system_prop("ro.product.first_api_level") + .or_else(|| get_integer_system_prop("ro.build.version.sdk")); + + match (vendor_api_level, product_api_level) { + (Some(v), Some(p)) => std::cmp::min(v, p), + (Some(v), None) => v, + (None, Some(p)) => p, + _ => panic!("Could not determine VSR API level"), + } +} + /// Determines whether the SECOND-IMEI can be used as device attest-id. pub fn is_second_imei_id_attestation_required( keystore2: &binder::Strong<dyn IKeystoreService>, ) -> bool { - let api_level = std::str::from_utf8(&get_system_prop("ro.vendor.api_level")) - .unwrap() - .parse::<i32>() - .unwrap(); - keystore2.getInterfaceVersion().unwrap() >= 3 && api_level > 33 + keystore2.getInterfaceVersion().unwrap() >= 3 && get_vsr_api_level() > 33 } /// Run a service command and collect the output. |