Basic Keystore availability test
Loop up the Keystore service from the test payload to make sure it can be found and communicated with. Bug: 190578423 Test: atest MicrodroidHostTestCases Change-Id: I1dd863202b7de5405658ee5e922b955e3cba6741
This commit is contained in:
parent
e9b74d0532
commit
6661661714
|
@ -77,6 +77,8 @@ android_system_image {
|
|||
"cgroups.json",
|
||||
"public.libraries.android.txt",
|
||||
|
||||
"android.system.keystore2-V1-ndk_platform",
|
||||
|
||||
// TODO(b/185767624): remove hidl after full keymint support
|
||||
"hwservicemanager",
|
||||
|
||||
|
|
|
@ -20,3 +20,6 @@ type locksettings_key, keystore2_key_type;
|
|||
# A keystore2 namespace for resume on reboot.
|
||||
type resume_on_reboot_key, keystore2_key_type;
|
||||
|
||||
# A keystore2 namespace for VM payloads.
|
||||
type vm_payload_key, keystore2_key_type;
|
||||
|
||||
|
|
|
@ -24,3 +24,18 @@ allow microdroid_launcher devpts:chr_file rw_file_perms;
|
|||
|
||||
# Allow to set debug prop
|
||||
set_prop(microdroid_launcher, debug_prop)
|
||||
|
||||
# Talk to binder services (for keystore)
|
||||
binder_use(microdroid_launcher);
|
||||
|
||||
# Allow payloads to use keystore
|
||||
use_keystore(microdroid_launcher);
|
||||
|
||||
# Allow payloads to use and manage their keys
|
||||
allow microdroid_launcher vm_payload_key:keystore2_key {
|
||||
delete
|
||||
get_info
|
||||
manage_blob
|
||||
rebind
|
||||
use
|
||||
};
|
||||
|
|
|
@ -104,6 +104,9 @@ public class MicrodroidTestCase extends BaseHostJUnit4Test {
|
|||
runOnMicrodroid(microdroidLauncher, testLib, "arg1", "arg2"),
|
||||
is("Hello Microdroid " + testLib + " arg1 arg2"));
|
||||
|
||||
// Check that keystore was found by the payload
|
||||
assertThat(runOnMicrodroid("getprop", "debug.microdroid.test_keystore"), is("PASS"));
|
||||
|
||||
// Shutdown microdroid
|
||||
runOnAndroid(VIRT_APEX + "bin/vm", "stop", cid);
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ android_app {
|
|||
name: "MicrodroidTestApp",
|
||||
srcs: ["src/java/**/*.java"],
|
||||
jni_libs: ["MicrodroidTestNativeLib"],
|
||||
sdk_version: "current",
|
||||
platform_apis: true,
|
||||
use_embedded_native_libs: true,
|
||||
}
|
||||
|
||||
|
@ -14,7 +14,10 @@ android_app {
|
|||
cc_library_shared {
|
||||
name: "MicrodroidTestNativeLib",
|
||||
srcs: ["src/native/*.cpp"],
|
||||
sdk_version: "current",
|
||||
shared_libs: [
|
||||
"android.system.keystore2-V1-ndk_platform",
|
||||
"libbinder_ndk",
|
||||
],
|
||||
}
|
||||
|
||||
genrule {
|
||||
|
|
|
@ -13,9 +13,36 @@
|
|||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
#include <aidl/android/system/keystore2/IKeystoreService.h>
|
||||
#include <android/binder_auto_utils.h>
|
||||
#include <android/binder_manager.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/system_properties.h>
|
||||
|
||||
using aidl::android::hardware::security::keymint::SecurityLevel;
|
||||
|
||||
using aidl::android::system::keystore2::IKeystoreSecurityLevel;
|
||||
using aidl::android::system::keystore2::IKeystoreService;
|
||||
|
||||
namespace {
|
||||
|
||||
bool test_keystore() {
|
||||
ndk::SpAIBinder binder(
|
||||
AServiceManager_getService("android.system.keystore2.IKeystoreService/default"));
|
||||
auto service = IKeystoreService::fromBinder(binder);
|
||||
if (service == nullptr) {
|
||||
return false;
|
||||
}
|
||||
std::shared_ptr<IKeystoreSecurityLevel> securityLevel;
|
||||
auto status = service->getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT, &securityLevel);
|
||||
if (!status.isOk()) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
} // Anonymous namespace
|
||||
|
||||
extern "C" int android_native_main(int argc, char* argv[]) {
|
||||
printf("Hello Microdroid ");
|
||||
for (int i = 0; i < argc; i++) {
|
||||
|
@ -28,5 +55,6 @@ extern "C" int android_native_main(int argc, char* argv[]) {
|
|||
printf("\n");
|
||||
|
||||
__system_property_set("debug.microdroid.app.run", "true");
|
||||
__system_property_set("debug.microdroid.test_keystore", test_keystore() ? "PASS" : "FAIL");
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue