Unit tests fail on tvOS 14
NickEntin opened this issue · comments
Running on tvOS 14.5, we're getting a -26276
response to SecItemCopyMatching(_:_:)
in many of the SinglePromptSecureEnclaveIntegrationTests
tests.
This doesn't match any of the OSStatus
codes. The closest is errSecDecode
, so maybe it's related to that?
errSecDecode = -26275, /* Unable to decode the provided data. */
Looking at other OSS Keychain code, it looks like -26276
is an internal
error, which isn't terribly helpful.
When I ran these tests locally, I saw the following error text in the console:
Valet tvOS Test Host App[70063:28557685] [Client,LAContext] LAContext[70063:0] failed to initialize: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.CoreAuthentication.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.CoreAuthentication.daemon was invalidated.}
Valet tvOS Test Host App[70063:28557685] [Client,LAContext] LAContext[70063:0] failed to initialize: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service on pid 0 named com.apple.CoreAuthentication.daemon.libxpc was invalidated." UserInfo={NSDebugDescription=The connection to service on pid 0 named com.apple.CoreAuthentication.daemon.libxpc was invalidated.}
It seems like CoreAuthentication isn't working on tvOS 14, or at least it isn't working properly in the tvOS 14 simulators. It seems that prior to #256 we weren't testing tvOS 14 in CI, so it's quite likely this never worked.
I'm curious if physical tvOS devices work with LAContext
s or SinglePromptSecureEnclaveValet
s. I don't have a way to test this, however. Ideas?
Given the contents of our testEnvironmentSupportsWhenPasscodeSet check and how liberally we utilize that check in both SecureEnclaveIntegrationTests and SinglePromptSecureEnclaveIntegrationTests, I'm tempted to say this is an tvOS 14 simulator-only issue.
What's fascinating is that it looks like the tvOS 14 simulator has less impactful bugs than the tvOS 13 simulator. We may want to create a new method similar to testEnvironmentSupportsWhenPasscodeSet
called testEnvironmentSupportsLocalAuthenticationContext
that returns true unless we're on tvOS 14, and pepper the SinglePromptSecureEnclaveIntegrationTests
methods with guard
statements that check testEnvironmentSupportsLocalAuthenticationContext
.
Same issue occurs with the tvOS 15 simulator. I'd really love someone with a TV app to let us know what actually works on a device.
Fixed in #284