keystore/tests/list_auth_bound_keys_test.sh - platform/system/security - Gitiles

 #!/usr/bin/env bash

 #
 # Copyright (C) 2018 The Android Open Source Project
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 #
 # Simple adb based test for keystore method list_auth_bound_keys
 # Depends on keystore_cli_v2 tool and root
 #

 set -e

 ROOT_ID=0
 USER1_ID=10901
 USER2_ID=10902
 SYSTEM_ID=1000

 function cli {
 	adb shell "su $1 keystore_cli_v2 $2"
 }

 #start as root
 adb root

 # generate keys as user
 echo "generating keys"
 cli $USER1_ID "delete --name=no_auth_key" || true
 cli $USER1_ID "generate --name=no_auth_key"
 cli $USER2_ID "delete --name=auth_key" || true
 if ! cli $USER2_ID "generate --name=auth_key --auth_bound"; then
 	echo "Unable to generate auth bound key, make sure device/emulator has a pin/password set."
 	echo "$ adb shell locksettings set-pin 1234"
 	exit 1
 fi

 # try to list keys as user
 if cli $USER2_ID list-apps-with-keys; then
 	echo "Error: list-apps-with-keys succeeded as user, this is not expected!"
 	exit 1
 fi

 # try to list keys as root
 if cli $ROOT_ID "list-apps-with-keys"; then
 	echo "Error: list-apps-with-keys succeeded as root, this is not expected!"
 	exit 1
 fi

 # try to list keys as system
 success=false
 while read -r line; do
 	echo $line
     if [ "$line" == "$USER2_ID" ]; then
     	success=true
     fi
     if [ "$line" == "$USER1_ID" ]; then
     	echo "Error: User1 id not expected in list"
     	exit 1
     fi
 done <<< $(cli $SYSTEM_ID "list-apps-with-keys")
 if [ $success = true ]; then
 	echo "Success!"
 else
 	echo "Error: User2 id not in list"
 	exit 1
 fi
	#!/usr/bin/env bash

	#
	# Copyright (C) 2018 The Android Open Source Project
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	#
	# Simple adb based test for keystore method list_auth_bound_keys
	# Depends on keystore_cli_v2 tool and root
	#

	set -e

	ROOT_ID=0
	USER1_ID=10901
	USER2_ID=10902
	SYSTEM_ID=1000

	function cli {
	adb shell "su $1 keystore_cli_v2 $2"
	}

	#start as root
	adb root

	# generate keys as user
	echo "generating keys"
	cli $USER1_ID "delete --name=no_auth_key" \|\| true
	cli $USER1_ID "generate --name=no_auth_key"
	cli $USER2_ID "delete --name=auth_key" \|\| true
	if ! cli $USER2_ID "generate --name=auth_key --auth_bound"; then
	echo "Unable to generate auth bound key, make sure device/emulator has a pin/password set."
	echo "$ adb shell locksettings set-pin 1234"
	exit 1
	fi

	# try to list keys as user
	if cli $USER2_ID list-apps-with-keys; then
	echo "Error: list-apps-with-keys succeeded as user, this is not expected!"
	exit 1
	fi

	# try to list keys as root
	if cli $ROOT_ID "list-apps-with-keys"; then
	echo "Error: list-apps-with-keys succeeded as root, this is not expected!"
	exit 1
	fi

	# try to list keys as system
	success=false
	while read -r line; do
	echo $line
	if [ "$line" == "$USER2_ID" ]; then
	success=true
	fi
	if [ "$line" == "$USER1_ID" ]; then
	echo "Error: User1 id not expected in list"
	exit 1
	fi
	done <<< $(cli $SYSTEM_ID "list-apps-with-keys")
	if [ $success = true ]; then
	echo "Success!"
	else
	echo "Error: User2 id not in list"
	exit 1
	fi