Basic Keystore availability test

Loop up the Keystore service from the test payload to make sure it can
be found and communicated with.

Bug: 190578423
Test: atest MicrodroidHostTestCases
Change-Id: I1dd863202b7de5405658ee5e922b955e3cba6741
This commit is contained in:
Andrew Scull 2021-06-17 16:41:03 +00:00
parent e9b74d0532
commit 6661661714
6 changed files with 56 additions and 2 deletions

View File

@ -77,6 +77,8 @@ android_system_image {
"cgroups.json",
"public.libraries.android.txt",
"android.system.keystore2-V1-ndk_platform",
// TODO(b/185767624): remove hidl after full keymint support
"hwservicemanager",

View File

@ -20,3 +20,6 @@ type locksettings_key, keystore2_key_type;
# A keystore2 namespace for resume on reboot.
type resume_on_reboot_key, keystore2_key_type;
# A keystore2 namespace for VM payloads.
type vm_payload_key, keystore2_key_type;

View File

@ -24,3 +24,18 @@ allow microdroid_launcher devpts:chr_file rw_file_perms;
# Allow to set debug prop
set_prop(microdroid_launcher, debug_prop)
# Talk to binder services (for keystore)
binder_use(microdroid_launcher);
# Allow payloads to use keystore
use_keystore(microdroid_launcher);
# Allow payloads to use and manage their keys
allow microdroid_launcher vm_payload_key:keystore2_key {
delete
get_info
manage_blob
rebind
use
};

View File

@ -104,6 +104,9 @@ public class MicrodroidTestCase extends BaseHostJUnit4Test {
runOnMicrodroid(microdroidLauncher, testLib, "arg1", "arg2"),
is("Hello Microdroid " + testLib + " arg1 arg2"));
// Check that keystore was found by the payload
assertThat(runOnMicrodroid("getprop", "debug.microdroid.test_keystore"), is("PASS"));
// Shutdown microdroid
runOnAndroid(VIRT_APEX + "bin/vm", "stop", cid);
}

View File

@ -6,7 +6,7 @@ android_app {
name: "MicrodroidTestApp",
srcs: ["src/java/**/*.java"],
jni_libs: ["MicrodroidTestNativeLib"],
sdk_version: "current",
platform_apis: true,
use_embedded_native_libs: true,
}
@ -14,7 +14,10 @@ android_app {
cc_library_shared {
name: "MicrodroidTestNativeLib",
srcs: ["src/native/*.cpp"],
sdk_version: "current",
shared_libs: [
"android.system.keystore2-V1-ndk_platform",
"libbinder_ndk",
],
}
genrule {

View File

@ -13,9 +13,36 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <aidl/android/system/keystore2/IKeystoreService.h>
#include <android/binder_auto_utils.h>
#include <android/binder_manager.h>
#include <stdio.h>
#include <sys/system_properties.h>
using aidl::android::hardware::security::keymint::SecurityLevel;
using aidl::android::system::keystore2::IKeystoreSecurityLevel;
using aidl::android::system::keystore2::IKeystoreService;
namespace {
bool test_keystore() {
ndk::SpAIBinder binder(
AServiceManager_getService("android.system.keystore2.IKeystoreService/default"));
auto service = IKeystoreService::fromBinder(binder);
if (service == nullptr) {
return false;
}
std::shared_ptr<IKeystoreSecurityLevel> securityLevel;
auto status = service->getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT, &securityLevel);
if (!status.isOk()) {
return false;
}
return true;
}
} // Anonymous namespace
extern "C" int android_native_main(int argc, char* argv[]) {
printf("Hello Microdroid ");
for (int i = 0; i < argc; i++) {
@ -28,5 +55,6 @@ extern "C" int android_native_main(int argc, char* argv[]) {
printf("\n");
__system_property_set("debug.microdroid.app.run", "true");
__system_property_set("debug.microdroid.test_keystore", test_keystore() ? "PASS" : "FAIL");
return 0;
}