Conditionally enable KeyMint tests
The KeyMint Rust TA may or may not be installed on a device.
Make the port tests cope with either eventuality, and re-enabled
some as a result.
Bug: 324883625
Test: build-root/build-qemu-generic-arm64-test-debug/run --headless --boot-test "com.android.trusty.rust.keymint.test"
Test: (repeat with KM/Rust both enabled and disabled on qemu)
Change-Id: I3a6369bf791a5d7f3356529619452d2ad229ea90
diff --git a/ipc_manager.rs b/ipc_manager.rs
index 93881ff..1ac41a2 100644
--- a/ipc_manager.rs
+++ b/ipc_manager.rs
@@ -631,7 +631,7 @@
keymint::{ErrorCode, VerifiedBootState},
legacy::{self, InnerSerialize},
};
- use test::expect;
+ use test::{expect, skip};
use trusty_std::ffi::{CString, FallibleCString};
const CONFIGURE_BOOT_PATCHLEVEL_CMD: u32 =
@@ -640,11 +640,12 @@
const SET_ATTESTATION_IDS_CMD: u32 = legacy::TrustyKeymasterOperation::SetAttestationIds as u32;
const SET_ATTESTATION_KEY_CMD: u32 = legacy::TrustyKeymasterOperation::SetAttestationKey as u32;
- // TODO: Removing tests for now until we have the Rust implementation as the default keymint;
- // put them back once we finish switching to the Rust implementation.
-
- //#[test]
+ #[test]
fn connection_test() {
+ if !cfg!(kmr_enabled) {
+ skip!("KeyMint Rust TA not configured");
+ }
+
// Only doing a connection test because the auth token key is not available for unittests.
let port1 = CString::try_new(KM_NS_TIPC_SRV_PORT).unwrap();
let _session1 = Handle::connect(port1.as_c_str()).unwrap();
@@ -654,8 +655,12 @@
let _session3 = Handle::connect(port3.as_c_str()).unwrap();
}
- // #[test]
+ #[test]
fn test_access_policy() {
+ if !cfg!(kmr_enabled) {
+ skip!("KeyMint Rust TA not configured");
+ }
+
// Test whether the access policy is in action.
// Keymint unit test app should be able to connect to the KM secure service.
let port = CString::try_new(KM_SEC_TIPC_SRV_PORT).unwrap();
@@ -750,8 +755,12 @@
Ok(req)
}
- //#[test]
+ #[test]
fn set_attestation_keys_certs() {
+ if !cfg!(kmr_enabled) {
+ skip!("KeyMint Rust TA not configured");
+ }
+
let port = CString::try_new(KM_NS_LEGACY_TIPC_SRV_PORT).unwrap();
let session = Handle::connect(port.as_c_str()).unwrap();
@@ -798,8 +807,12 @@
session.recv(buf)
}
- //#[test]
+ #[test]
fn set_attestation_ids() {
+ if !cfg!(kmr_enabled) {
+ skip!("KeyMint Rust TA not configured");
+ }
+
let port = CString::try_new(KM_NS_LEGACY_TIPC_SRV_PORT).unwrap();
let session = Handle::connect(port.as_c_str()).unwrap();
@@ -833,8 +846,15 @@
expect!(km_error_code.is_ok(), "Should be able to call SetAttestationIds");
}
- //#[test]
+ // The following tests are all skipped because they try to SetBootParams more than once
+ // which isn't allowed. However, the code is preserved to allow for future manual testing.
+
+ #[test]
fn send_setbootparams_configure_setbootparams_configure() {
+ if true {
+ skip!("SetBootParams cannot be performed more than once");
+ }
+
let port = CString::try_new(KM_NS_LEGACY_TIPC_SRV_PORT).unwrap();
let session = Handle::connect(port.as_c_str()).unwrap();
@@ -886,13 +906,12 @@
);
}
- // Not running the next 3 tests because we never restart the server, which means that
- // the server remembers the commands from the previous test. Also not using #[ignore] because
- // it doesn't seem to be supported yet.
-
- //#[test]
- #[allow(dead_code)]
+ #[test]
fn send_configure_configure_setbootparams_setbootparams() {
+ if true {
+ skip!("SetBootParams cannot be performed more than once");
+ }
+
let port = CString::try_new(KM_NS_LEGACY_TIPC_SRV_PORT).unwrap();
let session = Handle::connect(port.as_c_str()).unwrap();
@@ -944,9 +963,12 @@
expect!(km_error_code.is_err(), "Shouldn't be able to call SetBootParams a second time");
}
- //#[test]
- #[allow(dead_code)]
+ #[test]
fn send_setbootparams_setbootparams_configure_configure() {
+ if true {
+ skip!("SetBootParams cannot be performed more than once");
+ }
+
let port = CString::try_new(KM_NS_LEGACY_TIPC_SRV_PORT).unwrap();
let session = Handle::connect(port.as_c_str()).unwrap();
@@ -998,9 +1020,12 @@
);
}
- //#[test]
- #[allow(dead_code)]
+ #[test]
fn send_configure_setbootparams_setbootparams_configure() {
+ if true {
+ skip!("SetBootParams cannot be performed more than once");
+ }
+
let port = CString::try_new(KM_NS_LEGACY_TIPC_SRV_PORT).unwrap();
let session = Handle::connect(port.as_c_str()).unwrap();
diff --git a/rules.mk b/rules.mk
index 47e34e5..ee38d24 100644
--- a/rules.mk
+++ b/rules.mk
@@ -52,6 +52,12 @@
MODULE_RUST_TESTS := true
+# The port tests are built and installed regardless of whether the KeyMint Rust TA
+# is enabled, so set a config value to allow tests that involve the TA to be skipped.
+ifeq (rust,$(TRUSTY_KEYMINT_IMPL))
+ MODULE_RUSTFLAGS += --cfg 'kmr_enabled'
+endif
+
MODULE_BINDGEN_ALLOW_TYPES := \
keybox.* \
diff --git a/unauthorized_test_app/lib.rs b/unauthorized_test_app/lib.rs
index d53ff5a..ce5b633 100644
--- a/unauthorized_test_app/lib.rs
+++ b/unauthorized_test_app/lib.rs
@@ -14,8 +14,6 @@
* limitations under the License.
*/
-// TODO: Remove this after enabling the test.
-#[allow(dead_code)]
#[cfg(test)]
mod tests {
use tipc::{Handle, TipcError};
@@ -23,12 +21,15 @@
test::init!();
- /// Port that handles secure world messages
- const KM_SEC_TIPC_SRV_PORT: &str = "com.android.trusty.keymaster.secure";
- // TODO: Removing tests for now until we have the Rust implementation as the default keymint;
- // put them back once we finish switching to the Rust implementation.
- // #[test]
+ #[test]
fn test_access_policy_unauthorized() {
+ if !cfg!(kmr_enabled) {
+ test::skip!("KeyMint Rust TA not configured");
+ }
+
+ /// Port that handles secure world messages
+ const KM_SEC_TIPC_SRV_PORT: &str = "com.android.trusty.keymaster.secure";
+
let port2 = CString::try_new(KM_SEC_TIPC_SRV_PORT).unwrap();
let err1 = Handle::connect(port2.as_c_str()).expect_err(
"An error is expected because the uuid of this test app is
diff --git a/unauthorized_test_app/rules.mk b/unauthorized_test_app/rules.mk
index 0067782..2e46345 100644
--- a/unauthorized_test_app/rules.mk
+++ b/unauthorized_test_app/rules.mk
@@ -30,4 +30,10 @@
MODULE_RUST_TESTS := true
-include make/library.mk
\ No newline at end of file
+# The port tests are built and installed regardless of whether the KeyMint Rust TA
+# is enabled, so set a config value to allow tests that involve the TA to be skipped.
+ifeq (rust,$(TRUSTY_KEYMINT_IMPL))
+ MODULE_RUSTFLAGS += --cfg 'kmr_enabled'
+endif
+
+include make/library.mk