Merge "Implement secretkeeper HAL v2" into main
diff --git a/audio/aidl/Android.bp b/audio/aidl/Android.bp
index 7b6109a..0f2fe99 100644
--- a/audio/aidl/Android.bp
+++ b/audio/aidl/Android.bp
@@ -310,6 +310,7 @@
"android.hardware.audio_defaults",
"latest_android_hardware_audio_common_import_interface",
"latest_android_media_audio_common_types_import_interface",
+ "latest_android_media_audio_eraser_types_import_interface",
],
srcs: [
"android/hardware/audio/effect/AcousticEchoCanceler.aidl",
@@ -324,6 +325,7 @@
"android/hardware/audio/effect/DynamicsProcessing.aidl",
"android/hardware/audio/effect/EnvironmentalReverb.aidl",
"android/hardware/audio/effect/Equalizer.aidl",
+ "android/hardware/audio/effect/Eraser.aidl",
"android/hardware/audio/effect/Flags.aidl",
"android/hardware/audio/effect/HapticGenerator.aidl",
"android/hardware/audio/effect/IEffect.aidl",
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Descriptor.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Descriptor.aidl
index 115da1d..36f22ae 100644
--- a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Descriptor.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Descriptor.aidl
@@ -44,6 +44,7 @@
const String EFFECT_TYPE_UUID_DYNAMICS_PROCESSING = "7261676f-6d75-7369-6364-28e2fd3ac39e";
const String EFFECT_TYPE_UUID_ENV_REVERB = "c2e5d5f0-94bd-4763-9cac-4e234d06839e";
const String EFFECT_TYPE_UUID_EQUALIZER = "0bed4300-ddd6-11db-8f34-0002a5d5c51b";
+ const String EFFECT_TYPE_UUID_ERASER = "fa81a9ac-588b-11ed-9b6a-0242ac120002";
const String EFFECT_TYPE_UUID_HAPTIC_GENERATOR = "1411e6d6-aecd-4021-a1cf-a6aceb0d71e5";
const String EFFECT_TYPE_UUID_LOUDNESS_ENHANCER = "fe3199be-aed0-413f-87bb-11260eb63cf1";
const String EFFECT_TYPE_UUID_NS = "58b4b260-8e06-11e0-aa8e-0002a5d5c51b";
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Eraser.aidl
similarity index 78%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
copy to audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Eraser.aidl
index d88d5c8..5d8abd5 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Eraser.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,12 +31,15 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-parcelable MemoryBufferParameter {
- android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
- int sizeBytes;
- union MemoryBuffer {
- ParcelFileDescriptor input;
- ParcelFileDescriptor output;
+package android.hardware.audio.effect;
+@VintfStability
+union Eraser {
+ android.hardware.audio.effect.VendorExtension vendor;
+ android.media.audio.eraser.Capability capability;
+ android.media.audio.eraser.Configuration configuration;
+ @VintfStability
+ union Id {
+ android.hardware.audio.effect.VendorExtension vendorExtensionTag;
+ android.hardware.audio.effect.Eraser.Tag commonTag;
}
}
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl
index ff33c42..40a49de 100644
--- a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl
@@ -63,6 +63,7 @@
android.hardware.audio.effect.Volume.Id volumeTag;
android.hardware.audio.effect.Parameter.Tag commonTag;
android.hardware.audio.effect.Spatializer.Id spatializerTag;
+ android.hardware.audio.effect.Eraser.Id eraserTag;
}
@VintfStability
parcelable Common {
@@ -95,5 +96,6 @@
android.hardware.audio.effect.Visualizer visualizer;
android.hardware.audio.effect.Volume volume;
android.hardware.audio.effect.Spatializer spatializer;
+ android.hardware.audio.effect.Eraser eraser;
}
}
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/State.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/State.aidl
index 17f9814..873fb43 100644
--- a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/State.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/State.aidl
@@ -37,4 +37,5 @@
INIT,
IDLE,
PROCESSING,
+ DRAINING,
}
diff --git a/audio/aidl/android/hardware/audio/effect/CommandId.aidl b/audio/aidl/android/hardware/audio/effect/CommandId.aidl
index d940b42..de573bf 100644
--- a/audio/aidl/android/hardware/audio/effect/CommandId.aidl
+++ b/audio/aidl/android/hardware/audio/effect/CommandId.aidl
@@ -33,25 +33,39 @@
/**
* Start effect engine processing.
* An effect instance must start processing data and transfer to PROCESSING state if it is in
- * IDLE state and have all necessary information. Otherwise it must:
- * 1. Throw a EX_ILLEGAL_STATE exception if effect is not in IDLE state, or
- * 2. Throw a EX_TRANSACTION_FAILED for all other errors.
+ * IDLE or DRAINING state and has all necessary information. Otherwise, it must:
+ * 1. Throw an EX_ILLEGAL_STATE exception if the effect is not in IDLE or DRAINING state, or
+ * 2. Throw an EX_TRANSACTION_FAILED for all other errors.
*
- * Depending on parameters set to the effect instance, effect may do process or reverse
- * process after START command.
+ * If an effect instance in DRAINING state receives a START command, it must transit back to
+ * PROCESSING state.
*/
START = 0,
/**
- * Stop effect engine processing with all resource kept.
- * The currently processed audio data will be discarded if the effect engine is in PROCESSING
- * state.
- * Effect instance must do nothing and return ok when it receive STOP command in IDLE state.
+ * Stop effect engine processing with all resources kept.
+ * If the effect is in **PROCESSING** state:
+ * - It must transition to **IDLE** state if no intermediate operations are required.
+ * - It must transition to **DRAINING** state if draining (e.g., fading) is required.
+ * - The instance must automatically transition to **IDLE** after draining.
+ * - It must ignore any new `STOP` commands during **DRAINING**.
+ * - `START` commands during **DRAINING** must transition the instance back to
+ * **PROCESSING**.
+ * If the effect instance is already in **IDLE** state, it must do nothing and return success.
+ *
+ * If the effect instance transitions to DRAINING state:
+ * 1. It must automatically transition to IDLE after completing draining tasks.
+ * 2. It must ignore any new STOP commands received during the DRAINING state.
+ * 3. START commands during DRAINING must immediately transfer the instance back to PROCESSING.
+ *
*/
STOP = 1,
/**
* Keep all parameter settings but reset the buffer content, stop engine processing, and transit
- * instance state to IDLE if its in PROCESSING state.
+ * the instance state to IDLE if it is in PROCESSING state.
* Effect instance must be able to handle RESET command at IDLE and PROCESSING states.
+ *
+ * If the implementation includes intermediate operations such as draining, the RESET command
+ * must bypass DRAINING and immediately transition the state to IDLE.
*/
RESET = 2,
diff --git a/audio/aidl/android/hardware/audio/effect/Descriptor.aidl b/audio/aidl/android/hardware/audio/effect/Descriptor.aidl
index b152f76..62e9bd4 100644
--- a/audio/aidl/android/hardware/audio/effect/Descriptor.aidl
+++ b/audio/aidl/android/hardware/audio/effect/Descriptor.aidl
@@ -70,6 +70,10 @@
*/
const String EFFECT_TYPE_UUID_EQUALIZER = "0bed4300-ddd6-11db-8f34-0002a5d5c51b";
/**
+ * UUID for Audio eraser effect type.
+ */
+ const String EFFECT_TYPE_UUID_ERASER = "fa81a9ac-588b-11ed-9b6a-0242ac120002";
+ /**
* UUID for Haptic Generator type.
*/
const String EFFECT_TYPE_UUID_HAPTIC_GENERATOR = "1411e6d6-aecd-4021-a1cf-a6aceb0d71e5";
diff --git a/audio/aidl/android/hardware/audio/effect/Eraser.aidl b/audio/aidl/android/hardware/audio/effect/Eraser.aidl
new file mode 100644
index 0000000..990c6c0
--- /dev/null
+++ b/audio/aidl/android/hardware/audio/effect/Eraser.aidl
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.audio.effect;
+
+import android.hardware.audio.effect.VendorExtension;
+import android.media.audio.eraser.Capability;
+import android.media.audio.eraser.Configuration;
+import android.media.audio.eraser.Mode;
+
+/**
+ * The Audio Eraser Effect is an audio effect that combines multiple capabilities to manipulate and
+ * enhance audio streams.
+ *
+ * The Audio Eraser Effect integrates three primary components:
+ *
+ * Sound Separator: Detects and splits the input audio into multiple sound sources.
+ * Sound Classifier: Classifies each separated sound source into predefined categories based on the
+ * AudioSet ontology.
+ * Remixer: Adjusts the gain factor (volume) of each classified sound source according to specified
+ * configurations, then recombines them into a single output audio stream.
+ *
+ * The Audio Eraser Effect operates in different modes, each leveraging a subset of these
+ * components to achieve specific functionalities as defined in `android.media.audio.eraser.Mode`.
+ *
+ * Flow Diagrams for each operation mode as below.
+ *
+ * ERASER:
+ * +-----------------+
+ * +-->| Sound Classifier|---+
+ * | +-----------------+ |
+ * | |
+ *+----------------+ +----------------+ | +-----------------+ | +----------------+
+ *| Input Audio |------>| Sound Separator|---+-->| Sound Classifier|---+-->| Remixer |
+ *+----------------+ +----------------+ | +-----------------+ | +--------+-------+
+ * | | |
+ * | +-----------------+ | |
+ * +-->| Sound Classifier|---+ |
+ * +-----------------+ |
+ * | v
+ * v +----------------+
+ * {Classification Metadata} | Output Audio |
+ * +----------------+
+ *
+ * CLASSIFIER:
+ *+----------------+ +-----------------+ +-----------------+
+ *| Input Audio |------>| Sound Classifier|------>| Original Audio |
+ *+----------------+ +-----------------+ +-----------------+
+ * |
+ * v
+ * {Classification Metadata}
+ *
+ */
+@VintfStability
+union Eraser {
+ /**
+ * Parameter Id with union tag to identify the parameters for getParameter().
+ */
+ @VintfStability
+ union Id {
+ VendorExtension vendorExtensionTag;
+ Eraser.Tag commonTag;
+ }
+
+ /**
+ * Vendor extension parameters which can be customized.
+ */
+ VendorExtension vendor;
+
+ /**
+ * Eraser capability, defines supported input/output data formats, available work modes, and
+ * the specific capabilities of the sound classifier and separator
+ */
+ Capability capability;
+
+ /**
+ * Eraser configuration, contains the list of configurations for the eraser effect.
+ */
+ Configuration configuration;
+}
diff --git a/audio/aidl/android/hardware/audio/effect/Parameter.aidl b/audio/aidl/android/hardware/audio/effect/Parameter.aidl
index 6fd9161..d57e67d 100644
--- a/audio/aidl/android/hardware/audio/effect/Parameter.aidl
+++ b/audio/aidl/android/hardware/audio/effect/Parameter.aidl
@@ -26,6 +26,7 @@
import android.hardware.audio.effect.DynamicsProcessing;
import android.hardware.audio.effect.EnvironmentalReverb;
import android.hardware.audio.effect.Equalizer;
+import android.hardware.audio.effect.Eraser;
import android.hardware.audio.effect.HapticGenerator;
import android.hardware.audio.effect.LoudnessEnhancer;
import android.hardware.audio.effect.NoiseSuppression;
@@ -111,6 +112,10 @@
* Parameter tag defined for Spatializer parameters.
*/
Spatializer.Id spatializerTag;
+ /**
+ * Parameter tag defined for eraser parameters.
+ */
+ Eraser.Id eraserTag;
}
/**
@@ -198,6 +203,8 @@
Visualizer visualizer;
Volume volume;
Spatializer spatializer;
+ // Eraser added at android.hardware.audio.effect.V3
+ Eraser eraser;
}
Specific specific;
diff --git a/audio/aidl/android/hardware/audio/effect/State.aidl b/audio/aidl/android/hardware/audio/effect/State.aidl
index 85a4afc..1b698d7 100644
--- a/audio/aidl/android/hardware/audio/effect/State.aidl
+++ b/audio/aidl/android/hardware/audio/effect/State.aidl
@@ -24,18 +24,18 @@
* it should transfer to IDLE state after handle the command successfully. Effect instance should
* consume minimal resource and transfer to INIT state after it was close().
*
- * Refer to State.gv for detailed state diagram.
+ * Refer to the state machine diagram `state.gv` for a detailed state diagram.
*/
@VintfStability
@Backing(type="byte")
enum State {
-
/**
* An effect instance is in INIT state by default after it was created with
* IFactory.createEffect(). When an effect instance is in INIT state, it should have instance
* context initialized, and ready to handle IEffect.setParameter(), IEffect.open() as well as
* all getter interfaces.
*
+ * **Requirements in INIT state:**
* In INIT state, effect instance must:
* 1. Not handle any IEffect.command() and return EX_ILLEGAL_STATE with any Command.Id.
* 2. Be able to handle all parameter setting with IEffect.setParameter().
@@ -43,28 +43,32 @@
* IEffect.getState().
* 4. Be able to handle IEffect.open() successfully after configuration.
*
- * Client is expected to do necessary configuration with IEffect.setParameter(), get all
- * resource ready with IEffect.open(), and make sure effect instance transfer to IDLE state
- * before sending commands with IEffect.command() interface. Effect instance must transfer
- * from INIT to IDLE state after handle IEffect.open() call successfully.
+ * **State Transitions:**
+ * - Transitions to **IDLE** after successful `IEffect.open()`.
+ * - Remains in **INIT** on `IEffect.getState()` and `IEffect.getDescriptor()`.
+ * - Transitions to the final state on `IFactory.destroyEffect()`.
*/
INIT,
+
/**
* An effect instance transfer to IDLE state after it was open successfully with IEffect.open()
* in INIT state, or after it was stop/reset with Command.Id.STOP/RESET in PROCESSING state.
*
- * In IDLE state, effect instance must:
+ * **Requirements in IDLE state:**
* 1. Be able to start effect processing engine with IEffect.command(Command.Id.START) call.
* 2. Be able to handle all parameter setting with IEffect.setParameter().
* 3. Be able to handle all getter interface calls like IEffect.getParameter() and
* IEffect.getState().
*
- * The following state transfer can happen in IDLE state:
- * 1. Transfer to PROCESSING if instance receive an START command and start processing data
- * successfully.
- * 2. Transfer to INIT if instance receive a close() call.
+ * **State Transitions:**
+ * - Transitions to **PROCESSING** on `IEffect.command(CommandId.START)` after starting
+ * processing data successfully.
+ * - Transitions to **INIT** on `IEffect.close()`.
+ * - Remains in **IDLE** on `IEffect.getParameter()`, `IEffect.setParameter()`,
+ * `IEffect.getDescriptor()`, `IEffect.command(CommandId.RESET)`, and `IEffect.reopen()`.
*/
IDLE,
+
/**
* An effect instance is in PROCESSING state after it receive an START command and start
* processing data successfully. Effect instance will transfer from PROCESSING to IDLE state if
@@ -75,12 +79,50 @@
* the case of a close() call received when instance in PROCESSING state, it should try to stop
* processing and transfer to IDLE first before close().
*
- * In PROCESSING state, effect instance must:
+ * **Requirements in PROCESSING state:**
* 1. Return EX_ILLEGAL_STATE if it's not able to handle any parameter settings at runtime.
* 2. Be able to handle STOP and RESET for IEffect.command() interface, and return
* EX_ILLEGAL_STATE for all other commands.
* 3. Must be able to handle all get* interface calls like IEffect.getParameter() and
* IEffect.getState().
+ *
+ * **State Transitions:**
+ * - Transitions to **IDLE** on `IEffect.command(CommandId.STOP)` ( if no draining is required
+ * or implemented) or `IEffect.command(CommandId.RESET)`.
+ * - Transitions to **DRAINING** on `IEffect.command(CommandId.STOP)` if draining is required.
+ * - Remains in **PROCESSING** on `IEffect.getParameter()`, `IEffect.setParameter()`,
+ * `IEffect.getDescriptor()`, and `IEffect.reopen()`.
+ *
+ * **Notes:**
+ * - Clients should avoid calling `IEffect.close()` directly in this state; instead, they should
+ * stop processing with `CommandId.STOP` before closing.
+ * - If `IEffect.close()` is called in this state, the effect instance should stop processing,
+ * transition to **IDLE**, and then close.
*/
PROCESSING,
+
+ /**
+ * DRAINING is an optional transitional state where the effect instance completes processing
+ * remaining input buffers or finalizes operations (e.g., fading) before stopping completely.
+ * This state is typically entered after a `CommandId.STOP` command in the PROCESSING state when
+ * draining is required.
+ *
+ * **Requirements in DRAINING state:**
+ * 1. Must handle `CommandId.START` and transition back to **PROCESSING**.
+ * 2. Must handle getter interface calls like `IEffect.getParameter()` and `IEffect.getState()`.
+ * 3. Must automatically transition to **IDLE** after draining is complete.
+ *
+ * **State Transitions:**
+ * - Transitions to **PROCESSING** on `IEffect.command(CommandId.START)`.
+ * - Transitions to **IDLE** on `IEffect.command(CommandId.RESET)`.
+ * - Transitions to **IDLE** automatically after draining is complete.
+ * - Remains in **DRAINING** on `IEffect.getParameter()`, `IEffect.setParameter()`,
+ * `IEffect.getDescriptor()`, and `IEffect.reopen()`.
+ *
+ * **Notes:**
+ * - If not implemented, the effect instance may transition directly from **PROCESSING** to
+ * **IDLE** without this intermediate state.
+ * - Any `CommandId.STOP` commands received during **DRAINING** should be ignored.
+ */
+ DRAINING,
}
diff --git a/audio/aidl/android/hardware/audio/effect/state.gv b/audio/aidl/android/hardware/audio/effect/state.gv
index 22c70c8..2a8194e 100644
--- a/audio/aidl/android/hardware/audio/effect/state.gv
+++ b/audio/aidl/android/hardware/audio/effect/state.gv
@@ -13,26 +13,56 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
// To render: "dot -Tpng state.gv -o state.png"
+
digraph effect_state_machine {
- node[shape = point style = filled fillcolor = black width = 0.5] I;
- node[shape = doublecircle] F;
- node[shape = oval width = 1];
- node[fillcolor = lightgreen] INIT;
- node[fillcolor = lightblue] IDLE;
- node[fillcolor = lightyellow] PROCESSING;
- I -> INIT[label = "IFactory.createEffect" labelfontcolor = "navy"];
- INIT -> F[label = "IFactory.destroyEffect"];
- INIT -> IDLE[label = "IEffect.open()" labelfontcolor = "lime"];
- IDLE -> PROCESSING[label = "IEffect.command(START"];
- PROCESSING -> IDLE[label = "IEffect.command(STOP)\nIEffect.command(RESET)"];
- IDLE -> INIT[label = "IEffect.close()"];
+ rankdir=LR; // Left to Right layout
- INIT -> INIT[label = "IEffect.getState\nIEffect.getDescriptor"];
- IDLE -> IDLE[label = "IEffect.getParameter\nIEffect.setParameter\nIEffect.getDescriptor\nIEffect.command(RESET)\nIEffect.reopen"];
- PROCESSING
- -> PROCESSING
- [label = "IEffect.getParameter\nIEffect.setParameter\nIEffect.getDescriptor\nIEffect.reopen"];
+ label="Effect State Machine";
+ fontsize=20;
+ labelloc=top;
+
+ node [fontname="Helvetica", fontsize=12, style=filled];
+
+ // Initial state node
+ I [shape=point, fillcolor=black, width=0.2];
+
+ // Final state node
+ F [shape=doublecircle, fillcolor=white, width=0.2];
+
+ // Define other nodes with colors
+ INIT [shape=ellipse, fillcolor=lightgreen];
+ IDLE [shape=ellipse, fillcolor=lightblue];
+ PROCESSING [shape=ellipse, fillcolor=lightyellow];
+ DRAINING [shape=ellipse, fillcolor=lightgrey];
+
+ // Transitions
+ I -> INIT [label="IFactory.createEffect", fontcolor="navy"];
+
+ INIT -> F [label="IFactory.destroyEffect"];
+
+ INIT -> IDLE [label="IEffect.open()", fontcolor="lime"];
+
+ IDLE -> PROCESSING [label="IEffect.command(START)"];
+
+ PROCESSING -> IDLE [label="IEffect.command(STOP)\nIEffect.command(RESET)"];
+
+ PROCESSING -> DRAINING [label="IEffect.command(STOP)", fontcolor="orange"];
+
+ DRAINING -> IDLE [label="Draining complete\n(IEffect.command(RESET)\nautomatic)"];
+
+ DRAINING -> PROCESSING [label="IEffect.command(START)\n(Interrupt draining)"];
+
+ IDLE -> INIT [label="IEffect.close()"];
+
+ // Self-loops
+ INIT -> INIT [label="IEffect.getState\nIEffect.getDescriptor"];
+
+ IDLE -> IDLE [label="IEffect.getParameter\nIEffect.setParameter\nIEffect.getDescriptor\nIEffect.command(RESET)\nIEffect.reopen"];
+
+ PROCESSING -> PROCESSING [label="IEffect.getParameter\nIEffect.setParameter\nIEffect.getDescriptor\nIEffect.reopen"];
+
+ DRAINING -> DRAINING [label="IEffect.getParameter\nIEffect.setParameter\nIEffect.getDescriptor\nIEffect.reopen\nFading"];
+
}
diff --git a/audio/aidl/default/EffectContext.cpp b/audio/aidl/default/EffectContext.cpp
index 26c88b2..b354dd1 100644
--- a/audio/aidl/default/EffectContext.cpp
+++ b/audio/aidl/default/EffectContext.cpp
@@ -258,4 +258,18 @@
return RetCode::SUCCESS;
}
+RetCode EffectContext::startDraining() {
+ mIsDraining = true;
+ return RetCode::SUCCESS;
+}
+
+RetCode EffectContext::finishDraining() {
+ mIsDraining = false;
+ return RetCode::SUCCESS;
+}
+
+bool EffectContext::isDraining() {
+ return mIsDraining;
+}
+
} // namespace aidl::android::hardware::audio::effect
diff --git a/audio/aidl/default/EffectImpl.cpp b/audio/aidl/default/EffectImpl.cpp
index 3e61335..7857f53 100644
--- a/audio/aidl/default/EffectImpl.cpp
+++ b/audio/aidl/default/EffectImpl.cpp
@@ -79,7 +79,6 @@
std::lock_guard lg(mImplMutex);
RETURN_IF(mState == State::INIT, EX_ILLEGAL_STATE, "alreadyClosed");
- // TODO: b/302036943 add reopen implementation
RETURN_IF(!mImplContext, EX_NULL_POINTER, "nullContext");
mImplContext->dupeFmqWithReopen(ret);
return ndk::ScopedAStatus::ok();
@@ -347,7 +346,7 @@
{
std::lock_guard lg(mImplMutex);
- if (mState != State::PROCESSING) {
+ if (mState != State::PROCESSING && mState != State::DRAINING) {
LOG(DEBUG) << getEffectNameWithVersion()
<< " skip process in state: " << toString(mState);
return;
diff --git a/audio/aidl/default/EffectThread.cpp b/audio/aidl/default/EffectThread.cpp
index b515385..1a52c13 100644
--- a/audio/aidl/default/EffectThread.cpp
+++ b/audio/aidl/default/EffectThread.cpp
@@ -68,7 +68,11 @@
RetCode EffectThread::startThread() {
{
std::lock_guard lg(mThreadMutex);
- mStop = false;
+ if (mDraining) {
+ mDraining = false;
+ } else {
+ mStop = false;
+ }
mCv.notify_one();
}
@@ -87,6 +91,25 @@
return RetCode::SUCCESS;
}
+RetCode EffectThread::startDraining() {
+ std::lock_guard lg(mThreadMutex);
+ mDraining = true;
+ mCv.notify_one();
+
+ LOG(VERBOSE) << mName << __func__;
+ return RetCode::SUCCESS;
+}
+
+RetCode EffectThread::finishDraining() {
+ std::lock_guard lg(mThreadMutex);
+ mDraining = false;
+ mStop = true;
+ mCv.notify_one();
+
+ LOG(VERBOSE) << mName << __func__;
+ return RetCode::SUCCESS;
+}
+
void EffectThread::threadLoop() {
pthread_setname_np(pthread_self(), mName.substr(0, kMaxTaskNameLen - 1).c_str());
setpriority(PRIO_PROCESS, 0, mPriority);
diff --git a/audio/aidl/default/audio_effects_config.xml b/audio/aidl/default/audio_effects_config.xml
index a54f4db..2e860d8 100644
--- a/audio/aidl/default/audio_effects_config.xml
+++ b/audio/aidl/default/audio_effects_config.xml
@@ -36,6 +36,7 @@
<library name="downmix" path="libdownmixaidl.so"/>
<library name="dynamics_processing" path="libdynamicsprocessingaidl.so"/>
<library name="equalizersw" path="libequalizersw.so"/>
+ <library name="erasersw" path="liberasersw.so"/>
<library name="haptic_generator" path="libhapticgeneratoraidl.so"/>
<library name="loudness_enhancer" path="libloudnessenhanceraidl.so"/>
<library name="nssw" path="libnssw.so"/>
@@ -75,6 +76,7 @@
<effect name="bassboost" library="bundle" uuid="8631f300-72e2-11df-b57e-0002a5d5c51b"/>
<effect name="downmix" library="downmix" uuid="93f04452-e4fe-41cc-91f9-e475b6d1d69f"/>
<effect name="dynamics_processing" library="dynamics_processing" uuid="e0e6539b-1781-7261-676f-6d7573696340"/>
+ <effect name="eraser" library="erasersw" uuid="fa81ab46-588b-11ed-9b6a-0242ac120002"/>
<effect name="haptic_generator" library="haptic_generator" uuid="97c4acd1-8b82-4f2f-832e-c2fe5d7a9931"/>
<effect name="loudness_enhancer" library="loudness_enhancer" uuid="fa415329-2034-4bea-b5dc-5b381c8d1e2c"/>
<effect name="reverb_env_aux" library="reverb" uuid="4a387fc0-8ab3-11df-8bad-0002a5d5c51b"/>
diff --git a/audio/aidl/default/eraser/Android.bp b/audio/aidl/default/eraser/Android.bp
new file mode 100644
index 0000000..c495d8e
--- /dev/null
+++ b/audio/aidl/default/eraser/Android.bp
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_team: "trendy_team_android_media_audio_framework",
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+cc_library_shared {
+ name: "liberasersw",
+ defaults: [
+ "aidlaudioeffectservice_defaults",
+ ],
+ srcs: [
+ "Eraser.cpp",
+ ":effectCommonFile",
+ ],
+ relative_install_path: "soundfx",
+ visibility: [
+ "//hardware/interfaces/audio/aidl/default:__subpackages__",
+ ],
+}
diff --git a/audio/aidl/default/eraser/Eraser.cpp b/audio/aidl/default/eraser/Eraser.cpp
new file mode 100644
index 0000000..59cc9a2
--- /dev/null
+++ b/audio/aidl/default/eraser/Eraser.cpp
@@ -0,0 +1,270 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "AHAL_Eraser"
+
+#include "Eraser.h"
+
+#include <android-base/logging.h>
+#include <system/audio_effects/effect_uuid.h>
+
+#include <optional>
+
+using aidl::android::hardware::audio::common::getChannelCount;
+using aidl::android::hardware::audio::effect::Descriptor;
+using aidl::android::hardware::audio::effect::EraserSw;
+using aidl::android::hardware::audio::effect::getEffectImplUuidEraserSw;
+using aidl::android::hardware::audio::effect::getEffectTypeUuidEraser;
+using aidl::android::hardware::audio::effect::IEffect;
+using aidl::android::hardware::audio::effect::State;
+using aidl::android::media::audio::common::AudioChannelLayout;
+using aidl::android::media::audio::common::AudioUuid;
+
+extern "C" binder_exception_t createEffect(const AudioUuid* in_impl_uuid,
+ std::shared_ptr<IEffect>* instanceSpp) {
+ if (!in_impl_uuid || *in_impl_uuid != getEffectImplUuidEraserSw()) {
+ LOG(ERROR) << __func__ << "uuid not supported";
+ return EX_ILLEGAL_ARGUMENT;
+ }
+ if (!instanceSpp) {
+ LOG(ERROR) << __func__ << " invalid input parameter!";
+ return EX_ILLEGAL_ARGUMENT;
+ }
+
+ *instanceSpp = ndk::SharedRefBase::make<EraserSw>();
+ LOG(DEBUG) << __func__ << " instance " << instanceSpp->get() << " created";
+ return EX_NONE;
+}
+
+extern "C" binder_exception_t queryEffect(const AudioUuid* in_impl_uuid, Descriptor* _aidl_return) {
+ if (!in_impl_uuid || *in_impl_uuid != getEffectImplUuidEraserSw()) {
+ LOG(ERROR) << __func__ << "uuid not supported";
+ return EX_ILLEGAL_ARGUMENT;
+ }
+ *_aidl_return = EraserSw::kDescriptor;
+ return EX_NONE;
+}
+
+namespace aidl::android::hardware::audio::effect {
+
+const std::string EraserSw::kEffectName = "EraserSw";
+const Descriptor EraserSw::kDescriptor = {
+ .common = {.id = {.type = getEffectTypeUuidEraser(), .uuid = getEffectImplUuidEraserSw()},
+ .flags = {.type = Flags::Type::INSERT,
+ .insert = Flags::Insert::FIRST,
+ .hwAcceleratorMode = Flags::HardwareAccelerator::NONE},
+ .name = EraserSw::kEffectName,
+ .implementor = "The Android Open Source Project"}};
+
+ndk::ScopedAStatus EraserSw::getDescriptor(Descriptor* _aidl_return) {
+ LOG(DEBUG) << __func__ << kDescriptor.toString();
+ *_aidl_return = kDescriptor;
+ return ndk::ScopedAStatus::ok();
+}
+
+ndk::ScopedAStatus EraserSw::setParameterSpecific(const Parameter::Specific& specific) {
+ RETURN_IF(Parameter::Specific::eraser != specific.getTag(), EX_ILLEGAL_ARGUMENT,
+ "EffectNotSupported");
+ RETURN_IF(!mContext, EX_NULL_POINTER, "nullContext");
+
+ auto& param = specific.get<Parameter::Specific::eraser>();
+ return mContext->setParam(param.getTag(), param);
+}
+
+ndk::ScopedAStatus EraserSw::getParameterSpecific(const Parameter::Id& id,
+ Parameter::Specific* specific) {
+ RETURN_IF(!mContext, EX_NULL_POINTER, "nullContext");
+
+ auto tag = id.getTag();
+ RETURN_IF(Parameter::Id::eraserTag != tag, EX_ILLEGAL_ARGUMENT, "wrongIdTag");
+ auto eraserId = id.get<Parameter::Id::eraserTag>();
+ auto eraserTag = eraserId.getTag();
+ switch (eraserTag) {
+ case Eraser::Id::commonTag: {
+ auto specificTag = eraserId.get<Eraser::Id::commonTag>();
+ std::optional<Eraser> param = mContext->getParam(specificTag);
+ if (!param.has_value()) {
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "EraserTagNotSupported");
+ }
+ specific->set<Parameter::Specific::eraser>(param.value());
+ break;
+ }
+ default: {
+ LOG(ERROR) << __func__ << " unsupported tag: " << toString(tag);
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "EraserTagNotSupported");
+ }
+ }
+ return ndk::ScopedAStatus::ok();
+}
+
+std::shared_ptr<EffectContext> EraserSw::createContext(const Parameter::Common& common) {
+ if (mContext) {
+ LOG(DEBUG) << __func__ << " context already exist";
+ } else {
+ mContext = std::make_shared<EraserSwContext>(1 /* statusFmqDepth */, common);
+ }
+ return mContext;
+}
+
+RetCode EraserSw::releaseContext() {
+ if (mContext) {
+ mContext.reset();
+ }
+ return RetCode::SUCCESS;
+}
+
+EraserSw::~EraserSw() {
+ cleanUp();
+ LOG(DEBUG) << __func__;
+}
+
+ndk::ScopedAStatus EraserSw::command(CommandId command) {
+ std::lock_guard lg(mImplMutex);
+ RETURN_IF(mState == State::INIT, EX_ILLEGAL_STATE, "instanceNotOpen");
+
+ switch (command) {
+ case CommandId::START:
+ RETURN_OK_IF(mState == State::PROCESSING);
+ mState = State::PROCESSING;
+ mContext->enable();
+ startThread();
+ RETURN_IF(notifyEventFlag(mDataMqNotEmptyEf) != RetCode::SUCCESS, EX_ILLEGAL_STATE,
+ "notifyEventFlagNotEmptyFailed");
+ break;
+ case CommandId::STOP:
+ RETURN_OK_IF(mState == State::IDLE || mState == State::DRAINING);
+ if (mVersion < kDrainSupportedVersion) {
+ mState = State::IDLE;
+ stopThread();
+ mContext->disable();
+ } else {
+ mState = State::DRAINING;
+ startDraining();
+ mContext->startDraining();
+ }
+ RETURN_IF(notifyEventFlag(mDataMqNotEmptyEf) != RetCode::SUCCESS, EX_ILLEGAL_STATE,
+ "notifyEventFlagNotEmptyFailed");
+ break;
+ case CommandId::RESET:
+ mState = State::IDLE;
+ RETURN_IF(notifyEventFlag(mDataMqNotEmptyEf) != RetCode::SUCCESS, EX_ILLEGAL_STATE,
+ "notifyEventFlagNotEmptyFailed");
+ stopThread();
+ mImplContext->disable();
+ mImplContext->reset();
+ mImplContext->resetBuffer();
+ break;
+ default:
+ LOG(ERROR) << getEffectNameWithVersion() << __func__ << " instance still processing";
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "CommandIdNotSupported");
+ }
+ LOG(VERBOSE) << getEffectNameWithVersion() << __func__
+ << " transfer to state: " << toString(mState);
+ return ndk::ScopedAStatus::ok();
+}
+
+// Processing method running in EffectWorker thread.
+IEffect::Status EraserSw::effectProcessImpl(float* in, float* out, int samples) {
+ RETURN_VALUE_IF(!mContext, (IEffect::Status{EX_NULL_POINTER, 0, 0}), "nullContext");
+ IEffect::Status procStatus{STATUS_NOT_ENOUGH_DATA, 0, 0};
+ procStatus = mContext->process(in, out, samples);
+ if (mState == State::DRAINING && procStatus.status == STATUS_NOT_ENOUGH_DATA) {
+ drainingComplete_l();
+ }
+
+ return procStatus;
+}
+
+void EraserSw::drainingComplete_l() {
+ if (mState != State::DRAINING) return;
+
+ LOG(DEBUG) << getEffectNameWithVersion() << __func__;
+ finishDraining();
+ mState = State::IDLE;
+}
+
+EraserSwContext::EraserSwContext(int statusDepth, const Parameter::Common& common)
+ : EffectContext(statusDepth, common) {
+ LOG(DEBUG) << __func__;
+}
+
+EraserSwContext::~EraserSwContext() {
+ LOG(DEBUG) << __func__;
+}
+
+template <typename TAG>
+std::optional<Eraser> EraserSwContext::getParam(TAG tag) {
+ if (mParamsMap.find(tag) != mParamsMap.end()) {
+ return mParamsMap.at(tag);
+ }
+ return std::nullopt;
+}
+
+template <typename TAG>
+ndk::ScopedAStatus EraserSwContext::setParam(TAG tag, Eraser eraser) {
+ mParamsMap[tag] = eraser;
+ return ndk::ScopedAStatus::ok();
+}
+
+IEffect::Status EraserSwContext::process(float* in, float* out, int samples) {
+ LOG(DEBUG) << __func__ << " in " << in << " out " << out << " samples " << samples;
+ IEffect::Status procStatus = {EX_ILLEGAL_ARGUMENT, 0, 0};
+ const auto inputChannelCount = getChannelCount(mCommon.input.base.channelMask);
+ const auto outputChannelCount = getChannelCount(mCommon.output.base.channelMask);
+ if (inputChannelCount < outputChannelCount) {
+ LOG(ERROR) << __func__ << " invalid channel count, in: " << inputChannelCount
+ << " out: " << outputChannelCount;
+ return procStatus;
+ }
+
+ if (samples <= 0 || 0 != samples % inputChannelCount) {
+ LOG(ERROR) << __func__ << " invalid samples: " << samples;
+ return procStatus;
+ }
+
+ const int iFrames = samples / inputChannelCount;
+ const float gainPerSample = 1.f / iFrames;
+ for (int i = 0; i < iFrames; i++) {
+ if (isDraining()) {
+ const float gain = (iFrames - i - 1) * gainPerSample;
+ for (size_t c = 0; c < outputChannelCount; c++) {
+ out[c] = in[c] * gain;
+ }
+ } else {
+ std::memcpy(out, in, outputChannelCount * sizeof(float));
+ }
+
+ in += inputChannelCount;
+ out += outputChannelCount;
+ }
+
+ // drain for one cycle
+ if (isDraining()) {
+ procStatus.status = STATUS_NOT_ENOUGH_DATA;
+ finishDraining();
+ } else {
+ procStatus.status = STATUS_OK;
+ }
+ procStatus.fmqConsumed = static_cast<int32_t>(iFrames * inputChannelCount);
+ procStatus.fmqProduced = static_cast<int32_t>(iFrames * outputChannelCount);
+
+ return procStatus;
+}
+
+} // namespace aidl::android::hardware::audio::effect
diff --git a/audio/aidl/default/eraser/Eraser.h b/audio/aidl/default/eraser/Eraser.h
new file mode 100644
index 0000000..7bf2f57
--- /dev/null
+++ b/audio/aidl/default/eraser/Eraser.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include "effect-impl/EffectContext.h"
+#include "effect-impl/EffectImpl.h"
+
+#include <fmq/AidlMessageQueue.h>
+
+#include <unordered_map>
+#include <vector>
+
+namespace aidl::android::hardware::audio::effect {
+
+class EraserSwContext final : public EffectContext {
+ public:
+ EraserSwContext(int statusDepth, const Parameter::Common& common);
+ ~EraserSwContext() final;
+
+ template <typename TAG>
+ std::optional<Eraser> getParam(TAG tag);
+ template <typename TAG>
+ ndk::ScopedAStatus setParam(TAG tag, Eraser eraser);
+
+ IEffect::Status process(float* in, float* out, int samples);
+
+ private:
+ std::unordered_map<Eraser::Tag, Eraser> mParamsMap;
+};
+
+class EraserSw final : public EffectImpl {
+ public:
+ static const std::string kEffectName;
+ static const Capability kCapability;
+ static const Descriptor kDescriptor;
+ ~EraserSw() final;
+
+ ndk::ScopedAStatus getDescriptor(Descriptor* _aidl_return) final;
+ ndk::ScopedAStatus setParameterSpecific(const Parameter::Specific& specific)
+ REQUIRES(mImplMutex) final;
+ ndk::ScopedAStatus getParameterSpecific(const Parameter::Id& id, Parameter::Specific* specific)
+ REQUIRES(mImplMutex) final;
+
+ std::shared_ptr<EffectContext> createContext(const Parameter::Common& common)
+ REQUIRES(mImplMutex) final;
+ RetCode releaseContext() REQUIRES(mImplMutex) final;
+
+ std::string getEffectName() final { return kEffectName; };
+ IEffect::Status effectProcessImpl(float* in, float* out, int samples)
+ REQUIRES(mImplMutex) final;
+
+ ndk::ScopedAStatus command(CommandId command) final;
+ void drainingComplete_l() REQUIRES(mImplMutex);
+
+ private:
+ static const std::vector<Range::SpatializerRange> kRanges;
+ std::shared_ptr<EraserSwContext> mContext GUARDED_BY(mImplMutex);
+};
+} // namespace aidl::android::hardware::audio::effect
diff --git a/audio/aidl/default/include/effect-impl/EffectContext.h b/audio/aidl/default/include/effect-impl/EffectContext.h
index 02a4caa..9e44349 100644
--- a/audio/aidl/default/include/effect-impl/EffectContext.h
+++ b/audio/aidl/default/include/effect-impl/EffectContext.h
@@ -86,7 +86,12 @@
virtual RetCode disable();
virtual RetCode reset();
+ virtual RetCode startDraining();
+ virtual RetCode finishDraining();
+ virtual bool isDraining();
+
protected:
+ bool mIsDraining = false;
int mVersion = 0;
size_t mInputFrameSize = 0;
size_t mOutputFrameSize = 0;
diff --git a/audio/aidl/default/include/effect-impl/EffectThread.h b/audio/aidl/default/include/effect-impl/EffectThread.h
index ec2a658..9abcdb8 100644
--- a/audio/aidl/default/include/effect-impl/EffectThread.h
+++ b/audio/aidl/default/include/effect-impl/EffectThread.h
@@ -38,6 +38,8 @@
RetCode destroyThread();
RetCode startThread();
RetCode stopThread();
+ RetCode startDraining();
+ RetCode finishDraining();
// Will call process() in a loop if the thread is running.
void threadLoop();
@@ -49,6 +51,9 @@
*/
virtual void process() = 0;
+ protected:
+ bool mDraining GUARDED_BY(mThreadMutex) = false;
+
private:
static constexpr int kMaxTaskNameLen = 15;
diff --git a/audio/aidl/vts/Android.bp b/audio/aidl/vts/Android.bp
index 467ad62..5b2230d 100644
--- a/audio/aidl/vts/Android.bp
+++ b/audio/aidl/vts/Android.bp
@@ -14,6 +14,7 @@
"latest_android_hardware_audio_common_ndk_static",
"latest_android_hardware_audio_effect_ndk_static",
"latest_android_media_audio_common_types_ndk_static",
+ "latest_android_media_audio_eraser_types_ndk_static",
"use_libaidlvintf_gtest_helper_static",
"VtsHalTargetTestDefaults",
],
@@ -115,6 +116,9 @@
defaults: ["VtsHalAudioEffectTargetTestDefaults"],
static_libs: ["libaudioaidlranges"],
srcs: ["VtsHalDynamicsProcessingTest.cpp"],
+ shared_libs: [
+ "libaudioutils",
+ ],
}
cc_test {
diff --git a/audio/aidl/vts/EffectHelper.h b/audio/aidl/vts/EffectHelper.h
index 570ecef..787bd12 100644
--- a/audio/aidl/vts/EffectHelper.h
+++ b/audio/aidl/vts/EffectHelper.h
@@ -124,7 +124,7 @@
return;
}
- ASSERT_NO_FATAL_FAILURE(expectState(effect, State::IDLE));
+ ASSERT_TRUE(expectState(effect, State::IDLE));
updateFrameSize(common);
}
@@ -155,7 +155,7 @@
if (effect) {
ASSERT_STATUS(status, effect->close());
if (status == EX_NONE) {
- ASSERT_NO_FATAL_FAILURE(expectState(effect, State::INIT));
+ ASSERT_TRUE(expectState(effect, State::INIT));
}
}
}
@@ -166,12 +166,14 @@
ASSERT_STATUS(status, effect->getDescriptor(&desc));
}
- static void expectState(std::shared_ptr<IEffect> effect, State expectState,
- binder_status_t status = EX_NONE) {
- ASSERT_NE(effect, nullptr);
- State state;
- ASSERT_STATUS(status, effect->getState(&state));
- ASSERT_EQ(expectState, state);
+ static bool expectState(std::shared_ptr<IEffect> effect, State expectState) {
+ if (effect == nullptr) return false;
+
+ if (State state; EX_NONE != effect->getState(&state).getStatus() || expectState != state) {
+ return false;
+ }
+
+ return true;
}
static void commandIgnoreRet(std::shared_ptr<IEffect> effect, CommandId command) {
@@ -190,12 +192,14 @@
switch (command) {
case CommandId::START:
- ASSERT_NO_FATAL_FAILURE(expectState(effect, State::PROCESSING));
+ ASSERT_TRUE(expectState(effect, State::PROCESSING));
break;
case CommandId::STOP:
- FALLTHROUGH_INTENDED;
+ ASSERT_TRUE(expectState(effect, State::IDLE) ||
+ expectState(effect, State::DRAINING));
+ break;
case CommandId::RESET:
- ASSERT_NO_FATAL_FAILURE(expectState(effect, State::IDLE));
+ ASSERT_TRUE(expectState(effect, State::IDLE));
break;
default:
return;
@@ -371,6 +375,24 @@
return functor(result);
}
+ // keep writing data to the FMQ until effect transit from DRAINING to IDLE
+ static void waitForDrain(std::vector<float>& inputBuffer, std::vector<float>& outputBuffer,
+ const std::shared_ptr<IEffect>& effect,
+ std::unique_ptr<EffectHelper::StatusMQ>& statusMQ,
+ std::unique_ptr<EffectHelper::DataMQ>& inputMQ,
+ std::unique_ptr<EffectHelper::DataMQ>& outputMQ, int version) {
+ State state;
+ while (effect->getState(&state).getStatus() == EX_NONE && state == State::DRAINING) {
+ EXPECT_NO_FATAL_FAILURE(
+ EffectHelper::writeToFmq(statusMQ, inputMQ, inputBuffer, version));
+ EXPECT_NO_FATAL_FAILURE(EffectHelper::readFromFmq(
+ statusMQ, 1, outputMQ, outputBuffer.size(), outputBuffer, std::nullopt));
+ }
+ ASSERT_TRUE(State::IDLE == state);
+ EXPECT_NO_FATAL_FAILURE(EffectHelper::readFromFmq(statusMQ, 0, outputMQ, 0, outputBuffer));
+ return;
+ }
+
static void processAndWriteToOutput(std::vector<float>& inputBuffer,
std::vector<float>& outputBuffer,
const std::shared_ptr<IEffect>& effect,
@@ -404,8 +426,9 @@
// Disable the process
if (callStopReset) {
ASSERT_NO_FATAL_FAILURE(command(effect, CommandId::STOP));
+ EXPECT_NO_FATAL_FAILURE(waitForDrain(inputBuffer, outputBuffer, effect, statusMQ,
+ inputMQ, outputMQ, version));
}
- EXPECT_NO_FATAL_FAILURE(EffectHelper::readFromFmq(statusMQ, 0, outputMQ, 0, outputBuffer));
if (callStopReset) {
ASSERT_NO_FATAL_FAILURE(command(effect, CommandId::RESET));
diff --git a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
index 0c201cc..6e8d410 100644
--- a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
+++ b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
@@ -20,6 +20,8 @@
#define LOG_TAG "VtsHalDynamicsProcessingTest"
#include <android-base/logging.h>
+#include <audio_utils/power.h>
+#include <audio_utils/primitives.h>
#include <Utils.h>
@@ -44,26 +46,25 @@
class DynamicsProcessingTestHelper : public EffectHelper {
public:
DynamicsProcessingTestHelper(std::pair<std::shared_ptr<IFactory>, Descriptor> pair,
- int32_t channelLayOut = AudioChannelLayout::LAYOUT_STEREO) {
+ int32_t channelLayOut = AudioChannelLayout::LAYOUT_STEREO)
+ : mChannelLayout(channelLayOut),
+ mChannelCount(::aidl::android::hardware::audio::common::getChannelCount(
+ AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout))) {
std::tie(mFactory, mDescriptor) = pair;
- mChannelLayout = channelLayOut;
- mChannelCount = ::aidl::android::hardware::audio::common::getChannelCount(
- AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout));
}
// setup
void SetUpDynamicsProcessingEffect() {
ASSERT_NE(nullptr, mFactory);
ASSERT_NO_FATAL_FAILURE(create(mFactory, mEffect, mDescriptor));
-
Parameter::Specific specific = getDefaultParamSpecific();
Parameter::Common common = createParamCommon(
- 0 /* session */, 1 /* ioHandle */, 44100 /* iSampleRate */, 44100 /* oSampleRate */,
- 0x100 /* iFrameCount */, 0x100 /* oFrameCount */,
+ 0 /* session */, 1 /* ioHandle */, kSamplingFrequency /* iSampleRate */,
+ kSamplingFrequency /* oSampleRate */, kFrameCount /* iFrameCount */,
+ kFrameCount /* oFrameCount */,
AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout),
AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout));
- IEffect::OpenEffectReturn ret;
- ASSERT_NO_FATAL_FAILURE(open(mEffect, common, specific, &ret, EX_NONE));
+ ASSERT_NO_FATAL_FAILURE(open(mEffect, common, specific, &mOpenEffectReturn, EX_NONE));
ASSERT_NE(nullptr, mEffect);
mEngineConfigApplied = mEngineConfigPreset;
}
@@ -113,6 +114,8 @@
// get set params and validate
void SetAndGetDynamicsProcessingParameters();
+ bool isAllParamsValid();
+
// enqueue test parameters
void addEngineConfig(const DynamicsProcessing::EngineArchitecture& cfg);
void addPreEqChannelConfig(const std::vector<DynamicsProcessing::ChannelConfig>& cfg);
@@ -126,9 +129,12 @@
static constexpr float kPreferredProcessingDurationMs = 10.0f;
static constexpr int kBandCount = 5;
+ static constexpr int kSamplingFrequency = 44100;
+ static constexpr int kFrameCount = 2048;
std::shared_ptr<IFactory> mFactory;
std::shared_ptr<IEffect> mEffect;
Descriptor mDescriptor;
+ IEffect::OpenEffectReturn mOpenEffectReturn;
DynamicsProcessing::EngineArchitecture mEngineConfigApplied;
DynamicsProcessing::EngineArchitecture mEngineConfigPreset{
.resolutionPreference =
@@ -148,12 +154,12 @@
static const std::set<DynamicsProcessing::StageEnablement> kStageEnablementTestSet;
static const std::set<std::vector<DynamicsProcessing::InputGain>> kInputGainTestSet;
- protected:
- int mChannelCount;
-
private:
- int32_t mChannelLayout;
+ const int32_t mChannelLayout;
std::vector<std::pair<DynamicsProcessing::Tag, DynamicsProcessing>> mTags;
+
+ protected:
+ const int mChannelCount;
void CleanUp() {
mTags.clear();
mPreEqChannelEnable.clear();
@@ -329,10 +335,7 @@
}
void DynamicsProcessingTestHelper::SetAndGetDynamicsProcessingParameters() {
- for (auto& it : mTags) {
- auto& tag = it.first;
- auto& dp = it.second;
-
+ for (const auto& [tag, dp] : mTags) {
// validate parameter
Descriptor desc;
ASSERT_STATUS(EX_NONE, mEffect->getDescriptor(&desc));
@@ -371,6 +374,22 @@
}
}
+bool DynamicsProcessingTestHelper::isAllParamsValid() {
+ if (mTags.empty()) {
+ return false;
+ }
+ for (const auto& [tag, dp] : mTags) {
+ // validate parameter
+ if (!isParamInRange(dp, mDescriptor.capability.range.get<Range::dynamicsProcessing>())) {
+ return false;
+ }
+ if (!isParamValid(tag, dp)) {
+ return false;
+ }
+ }
+ return true;
+}
+
void DynamicsProcessingTestHelper::addEngineConfig(
const DynamicsProcessing::EngineArchitecture& cfg) {
DynamicsProcessing dp;
@@ -446,6 +465,21 @@
mTags.push_back({DynamicsProcessing::inputGain, dp});
}
+void fillLimiterConfig(std::vector<DynamicsProcessing::LimiterConfig>& limiterConfigList,
+ int channelIndex, bool enable, int linkGroup, float attackTime,
+ float releaseTime, float ratio, float threshold, float postGain) {
+ DynamicsProcessing::LimiterConfig cfg;
+ cfg.channel = channelIndex;
+ cfg.enable = enable;
+ cfg.linkGroup = linkGroup;
+ cfg.attackTimeMs = attackTime;
+ cfg.releaseTimeMs = releaseTime;
+ cfg.ratio = ratio;
+ cfg.thresholdDb = threshold;
+ cfg.postGainDb = postGain;
+ limiterConfigList.push_back(cfg);
+}
+
/**
* Test DynamicsProcessing Engine Configuration
*/
@@ -486,7 +520,7 @@
TEST_P(DynamicsProcessingTestEngineArchitecture, SetAndGetEngineArch) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
@@ -527,7 +561,7 @@
public:
DynamicsProcessingTestInputGain()
: DynamicsProcessingTestHelper(std::get<INPUT_GAIN_INSTANCE_NAME>(GetParam())),
- mInputGain(std::get<INPUT_GAIN_PARAM>(GetParam())){};
+ mInputGain(std::get<INPUT_GAIN_PARAM>(GetParam())) {};
void SetUp() override { SetUpDynamicsProcessingEffect(); }
@@ -538,7 +572,7 @@
TEST_P(DynamicsProcessingTestInputGain, SetAndGetInputGain) {
EXPECT_NO_FATAL_FAILURE(addInputGain(mInputGain));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
@@ -565,40 +599,23 @@
enum LimiterConfigTestParamName {
LIMITER_INSTANCE_NAME,
LIMITER_CHANNEL,
- LIMITER_ENABLE,
LIMITER_LINK_GROUP,
- LIMITER_ADDITIONAL,
-};
-enum LimiterConfigTestAdditionalParam {
LIMITER_ATTACK_TIME,
LIMITER_RELEASE_TIME,
LIMITER_RATIO,
LIMITER_THRESHOLD,
LIMITER_POST_GAIN,
- LIMITER_MAX_NUM,
};
-using LimiterConfigTestAdditional = std::array<float, LIMITER_MAX_NUM>;
-// attackTime, releaseTime, ratio, thresh, postGain
-static constexpr std::array<LimiterConfigTestAdditional, 4> kLimiterConfigTestAdditionalParam = {
- {{-1, -60, -2.5, -2, -3.14},
- {-1, 60, -2.5, 2, -3.14},
- {1, -60, 2.5, -2, 3.14},
- {1, 60, 2.5, -2, 3.14}}};
using LimiterConfigTestParams = std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>,
- int32_t, bool, int32_t, LimiterConfigTestAdditional>;
+ int32_t, int32_t, float, float, float, float, float>;
-void fillLimiterConfig(DynamicsProcessing::LimiterConfig& cfg,
+void fillLimiterConfig(std::vector<DynamicsProcessing::LimiterConfig>& cfg,
const LimiterConfigTestParams& params) {
- const std::array<float, LIMITER_MAX_NUM> additional = std::get<LIMITER_ADDITIONAL>(params);
- cfg.channel = std::get<LIMITER_CHANNEL>(params);
- cfg.enable = std::get<LIMITER_ENABLE>(params);
- cfg.linkGroup = std::get<LIMITER_LINK_GROUP>(params);
- cfg.attackTimeMs = additional[LIMITER_ATTACK_TIME];
- cfg.releaseTimeMs = additional[LIMITER_RELEASE_TIME];
- cfg.ratio = additional[LIMITER_RATIO];
- cfg.thresholdDb = additional[LIMITER_THRESHOLD];
- cfg.postGainDb = additional[LIMITER_POST_GAIN];
+ fillLimiterConfig(cfg, std::get<LIMITER_CHANNEL>(params), true,
+ std::get<LIMITER_LINK_GROUP>(params), std::get<LIMITER_ATTACK_TIME>(params),
+ std::get<LIMITER_RELEASE_TIME>(params), std::get<LIMITER_RATIO>(params),
+ std::get<LIMITER_THRESHOLD>(params), std::get<LIMITER_POST_GAIN>(params));
}
class DynamicsProcessingTestLimiterConfig
@@ -607,7 +624,7 @@
public:
DynamicsProcessingTestLimiterConfig()
: DynamicsProcessingTestHelper(std::get<LIMITER_INSTANCE_NAME>(GetParam())) {
- fillLimiterConfig(mCfg, GetParam());
+ fillLimiterConfig(mLimiterConfigList, GetParam());
}
void SetUp() override { SetUpDynamicsProcessingEffect(); }
@@ -615,36 +632,194 @@
void TearDown() override { TearDownDynamicsProcessingEffect(); }
DynamicsProcessing::LimiterConfig mCfg;
+ std::vector<DynamicsProcessing::LimiterConfig> mLimiterConfigList;
};
TEST_P(DynamicsProcessingTestLimiterConfig, SetAndGetLimiterConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
- EXPECT_NO_FATAL_FAILURE(addLimiterConfig({mCfg}));
- SetAndGetDynamicsProcessingParameters();
+ EXPECT_NO_FATAL_FAILURE(addLimiterConfig(mLimiterConfigList));
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
DynamicsProcessingTest, DynamicsProcessingTestLimiterConfig,
::testing::Combine(testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
- testing::Values(-1, 0, 1, 2), // channel count
- testing::Bool(), // enable
- testing::Values(3), // link group
- testing::ValuesIn(kLimiterConfigTestAdditionalParam)), // Additional
+ testing::Values(-1, 0, 1, 2), // channel index
+ testing::Values(3), // link group
+ testing::Values(-1, 1), // attackTime
+ testing::Values(-60, 60), // releaseTime
+ testing::Values(-2.5, 2.5), // ratio
+ testing::Values(-2, 2), // thresh
+ testing::Values(-3.14, 3.14) // postGain
+ ),
[](const auto& info) {
auto descriptor = std::get<LIMITER_INSTANCE_NAME>(info.param).second;
- DynamicsProcessing::LimiterConfig cfg;
+ std::vector<DynamicsProcessing::LimiterConfig> cfg;
fillLimiterConfig(cfg, info.param);
- std::string name = "Implementor_" + descriptor.common.implementor + "_name_" +
- descriptor.common.name + "_UUID_" +
- toString(descriptor.common.id.uuid) + "_limiterConfig_" +
- cfg.toString();
+ std::string name =
+ "Implementer_" + getPrefix(descriptor) + "_limiterConfig_" + cfg[0].toString();
std::replace_if(
name.begin(), name.end(), [](const char c) { return !std::isalnum(c); }, '_');
return name;
});
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(DynamicsProcessingTestLimiterConfig);
+using LimiterConfigDataTestParams = std::pair<std::shared_ptr<IFactory>, Descriptor>;
+
+class DynamicsProcessingLimiterConfigDataTest
+ : public ::testing::TestWithParam<LimiterConfigDataTestParams>,
+ public DynamicsProcessingTestHelper {
+ public:
+ DynamicsProcessingLimiterConfigDataTest()
+ : DynamicsProcessingTestHelper(GetParam(), AudioChannelLayout::LAYOUT_MONO) {
+ mBufferSize = kFrameCount * mChannelCount;
+ mInput.resize(mBufferSize);
+ generateSineWave(1000 /*Input Frequency*/, mInput);
+ mInputDb = calculateDb(mInput);
+ }
+
+ void SetUp() override {
+ SetUpDynamicsProcessingEffect();
+ SKIP_TEST_IF_DATA_UNSUPPORTED(mDescriptor.common.flags);
+ }
+
+ void TearDown() override { TearDownDynamicsProcessingEffect(); }
+
+ float calculateDb(std::vector<float> input, size_t start = 0) {
+ return audio_utils_compute_power_mono(input.data() + start, AUDIO_FORMAT_PCM_FLOAT,
+ input.size() - start);
+ }
+
+ void computeThreshold(float ratio, float outputDb, float& threshold) {
+ EXPECT_NE(ratio, 0);
+ threshold = (mInputDb - (ratio * outputDb)) / (1 - ratio);
+ }
+
+ void computeRatio(float threshold, float outputDb, float& ratio) {
+ float inputOverThreshold = mInputDb - threshold;
+ float outputOverThreshold = outputDb - threshold;
+ EXPECT_NE(outputOverThreshold, 0);
+ ratio = inputOverThreshold / outputOverThreshold;
+ }
+
+ void setParamsAndProcess(std::vector<float>& output) {
+ EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
+ EXPECT_NO_FATAL_FAILURE(addLimiterConfig(mLimiterConfigList));
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
+ if (isAllParamsValid()) {
+ ASSERT_NO_FATAL_FAILURE(
+ processAndWriteToOutput(mInput, output, mEffect, &mOpenEffectReturn));
+ EXPECT_GT(output.size(), kStartIndex);
+ }
+ cleanUpLimiterConfig();
+ }
+
+ void cleanUpLimiterConfig() {
+ CleanUp();
+ mLimiterConfigList.clear();
+ }
+ static constexpr float kDefaultLinkerGroup = 3;
+ static constexpr float kDefaultAttackTime = 0;
+ static constexpr float kDefaultReleaseTime = 0;
+ static constexpr float kDefaultRatio = 4;
+ static constexpr float kDefaultThreshold = 0;
+ static constexpr float kDefaultPostGain = 0;
+ static constexpr int kInputFrequency = 1000;
+ static constexpr size_t kStartIndex = 15 * kSamplingFrequency / 1000; // skip 15ms
+ std::vector<DynamicsProcessing::LimiterConfig> mLimiterConfigList;
+ std::vector<float> mInput;
+ float mInputDb;
+ int mBufferSize;
+};
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, IncreasingThresholdDb) {
+ std::vector<float> thresholdValues = {-200, -150, -100, -50, -5, 0};
+ std::vector<float> output(mInput.size());
+ float previousThreshold = -FLT_MAX;
+ for (float threshold : thresholdValues) {
+ for (int i = 0; i < mChannelCount; i++) {
+ fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
+ kDefaultReleaseTime, kDefaultRatio, threshold, kDefaultPostGain);
+ }
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+ if (threshold >= mInputDb || kDefaultRatio == 1) {
+ EXPECT_EQ(std::round(mInputDb), std::round(outputDb));
+ } else {
+ float calculatedThreshold = 0;
+ EXPECT_NO_FATAL_FAILURE(computeThreshold(kDefaultRatio, outputDb, calculatedThreshold));
+ ASSERT_GT(calculatedThreshold, previousThreshold);
+ previousThreshold = calculatedThreshold;
+ }
+ }
+}
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, IncreasingRatio) {
+ std::vector<float> ratioValues = {1, 10, 20, 30, 40, 50};
+ std::vector<float> output(mInput.size());
+ float threshold = -10;
+ float previousRatio = 0;
+ for (float ratio : ratioValues) {
+ for (int i = 0; i < mChannelCount; i++) {
+ fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
+ kDefaultReleaseTime, ratio, threshold, kDefaultPostGain);
+ }
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+
+ if (threshold >= mInputDb) {
+ EXPECT_EQ(std::round(mInputDb), std::round(outputDb));
+ } else {
+ float calculatedRatio = 0;
+ EXPECT_NO_FATAL_FAILURE(computeRatio(threshold, outputDb, calculatedRatio));
+ ASSERT_GT(calculatedRatio, previousRatio);
+ previousRatio = calculatedRatio;
+ }
+ }
+}
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, LimiterEnableDisable) {
+ std::vector<bool> limiterEnableValues = {false, true};
+ std::vector<float> output(mInput.size());
+ for (bool isEnabled : limiterEnableValues) {
+ for (int i = 0; i < mChannelCount; i++) {
+ // Set non-default values
+ fillLimiterConfig(mLimiterConfigList, i, isEnabled, kDefaultLinkerGroup,
+ 5 /*attack time*/, 5 /*release time*/, 10 /*ratio*/,
+ -10 /*threshold*/, 5 /*postgain*/);
+ }
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ if (isEnabled) {
+ EXPECT_NE(mInputDb, calculateDb(output, kStartIndex));
+ } else {
+ EXPECT_NEAR(mInputDb, calculateDb(output, kStartIndex), 0.05);
+ }
+ }
+}
+
+INSTANTIATE_TEST_SUITE_P(DynamicsProcessingTest, DynamicsProcessingLimiterConfigDataTest,
+ testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
+ IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
+ [](const auto& info) {
+ auto descriptor = info.param;
+ std::string name = getPrefix(descriptor.second);
+ std::replace_if(
+ name.begin(), name.end(),
+ [](const char c) { return !std::isalnum(c); }, '_');
+ return name;
+ });
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(DynamicsProcessingLimiterConfigDataTest);
+
/**
* Test DynamicsProcessing ChannelConfig
*/
@@ -673,19 +848,19 @@
TEST_P(DynamicsProcessingTestChannelConfig, SetAndGetPreEqChannelConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addPreEqChannelConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
TEST_P(DynamicsProcessingTestChannelConfig, SetAndGetPostEqChannelConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addPostEqChannelConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
TEST_P(DynamicsProcessingTestChannelConfig, SetAndGetMbcChannelConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addMbcChannelConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
@@ -715,12 +890,11 @@
enum EqBandConfigTestParamName {
EQ_BAND_INSTANCE_NAME,
EQ_BAND_CHANNEL,
- EQ_BAND_ENABLE,
EQ_BAND_CUT_OFF_FREQ,
EQ_BAND_GAIN
};
using EqBandConfigTestParams = std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>, int32_t,
- bool, std::vector<std::pair<int, float>>, float>;
+ std::vector<std::pair<int, float>>, float>;
void fillEqBandConfig(std::vector<DynamicsProcessing::EqBandConfig>& cfgs,
const EqBandConfigTestParams& params) {
@@ -730,7 +904,7 @@
for (int i = 0; i < bandCount; i++) {
cfgs[i].channel = std::get<EQ_BAND_CHANNEL>(params);
cfgs[i].band = cutOffFreqs[i].first;
- cfgs[i].enable = std::get<EQ_BAND_ENABLE>(params);
+ cfgs[i].enable = true /*Eqband Enable*/;
cfgs[i].cutoffFrequencyHz = cutOffFreqs[i].second;
cfgs[i].gainDb = std::get<EQ_BAND_GAIN>(params);
}
@@ -761,7 +935,7 @@
}
EXPECT_NO_FATAL_FAILURE(addPreEqChannelConfig(cfgs));
EXPECT_NO_FATAL_FAILURE(addPreEqBandConfigs(mCfgs));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
TEST_P(DynamicsProcessingTestEqBandConfig, SetAndGetPostEqBandConfig) {
@@ -774,7 +948,7 @@
}
EXPECT_NO_FATAL_FAILURE(addPostEqChannelConfig(cfgs));
EXPECT_NO_FATAL_FAILURE(addPostEqBandConfigs(mCfgs));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
std::vector<std::vector<std::pair<int, float>>> kBands{
@@ -825,9 +999,8 @@
DynamicsProcessingTest, DynamicsProcessingTestEqBandConfig,
::testing::Combine(testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
- testing::Values(-1, 0, 10), // channel ID
- testing::Bool(), // band enable
- testing::ValuesIn(kBands), // cut off frequencies
+ testing::Values(-1, 0, 10), // channel index
+ testing::ValuesIn(kBands), // band index, cut off frequencies
testing::Values(-3.14f, 3.14f) // gain
),
[](const auto& info) {
@@ -851,7 +1024,6 @@
enum MbcBandConfigParamName {
MBC_BAND_INSTANCE_NAME,
MBC_BAND_CHANNEL,
- MBC_BAND_ENABLE,
MBC_BAND_CUTOFF_FREQ,
MBC_BAND_ADDITIONAL
};
@@ -877,7 +1049,7 @@
{3, 10, 2, -2, -5, 90, 2.5, 2, 2}}};
using TestParamsMbcBandConfig =
- std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>, int32_t, bool,
+ std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>, int32_t,
std::vector<std::pair<int, float>>, TestParamsMbcBandConfigAdditional>;
void fillMbcBandConfig(std::vector<DynamicsProcessing::MbcBandConfig>& cfgs,
@@ -890,7 +1062,7 @@
cfgs[i] = DynamicsProcessing::MbcBandConfig{
.channel = std::get<MBC_BAND_CHANNEL>(params),
.band = cutOffFreqs[i].first,
- .enable = std::get<MBC_BAND_ENABLE>(params),
+ .enable = true /*Mbc Band Enable*/,
.cutoffFrequencyHz = cutOffFreqs[i].second,
.attackTimeMs = additional[MBC_ADD_ATTACK_TIME],
.releaseTimeMs = additional[MBC_ADD_RELEASE_TIME],
@@ -930,16 +1102,15 @@
}
EXPECT_NO_FATAL_FAILURE(addMbcChannelConfig(cfgs));
EXPECT_NO_FATAL_FAILURE(addMbcBandConfigs(mCfgs));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
DynamicsProcessingTest, DynamicsProcessingTestMbcBandConfig,
::testing::Combine(testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
- testing::Values(-1, 0, 10), // channel count
- testing::Bool(), // enable
- testing::ValuesIn(kBands), // cut off frequencies
+ testing::Values(-1, 0, 10), // channel index
+ testing::ValuesIn(kBands), // band index, cut off frequencies
testing::ValuesIn(kMbcBandConfigAdditionalParam)), // Additional
[](const auto& info) {
auto descriptor = std::get<MBC_BAND_INSTANCE_NAME>(info.param).second;
diff --git a/automotive/vehicle/aidl/impl/vhal/src/fuzzer.cpp b/automotive/vehicle/aidl/impl/vhal/src/fuzzer.cpp
index ac1e3b1..6d994bb 100644
--- a/automotive/vehicle/aidl/impl/vhal/src/fuzzer.cpp
+++ b/automotive/vehicle/aidl/impl/vhal/src/fuzzer.cpp
@@ -25,6 +25,8 @@
using ::ndk::SharedRefBase;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ // TODO(b/183141167): need to rewrite 'dump' to avoid SIGPIPE.
+ signal(SIGPIPE, SIG_IGN);
std::unique_ptr<FakeVehicleHardware> hardware = std::make_unique<FakeVehicleHardware>();
std::shared_ptr<DefaultVehicleHal> vhal =
::ndk::SharedRefBase::make<DefaultVehicleHal>(std::move(hardware));
diff --git a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/BroadcastCapability.aidl b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/BroadcastCapability.aidl
index 58710ef..2872362 100644
--- a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/BroadcastCapability.aidl
+++ b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/BroadcastCapability.aidl
@@ -38,6 +38,7 @@
android.hardware.bluetooth.audio.AudioLocation supportedChannel;
int channelCountPerStream;
android.hardware.bluetooth.audio.BroadcastCapability.LeAudioCodecCapabilities leAudioCodecCapabilities;
+ @nullable android.hardware.bluetooth.audio.CodecSpecificConfigurationLtv.AudioChannelAllocation audioLocation;
@VintfStability
parcelable VendorCapabilities {
ParcelableHolder extension;
diff --git a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl
index 60c276b..93c3d8c 100644
--- a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl
+++ b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl
@@ -59,8 +59,10 @@
int bitmask;
const int US7500 = 0x01;
const int US10000 = 0x02;
+ const int US20000 = 0x04;
const int US7500PREFERRED = 0x10;
const int US10000PREFERRED = 0x20;
+ const int US20000PREFERRED = 0x40;
}
parcelable SupportedAudioChannelCounts {
int bitmask;
diff --git a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl
index 943d396..97fcd1f 100644
--- a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl
+++ b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl
@@ -59,6 +59,7 @@
enum FrameDuration {
US7500 = 0x00,
US10000 = 0x01,
+ US20000 = 0x02,
}
parcelable AudioChannelAllocation {
int bitmask;
@@ -91,6 +92,7 @@
const int FRONT_RIGHT_WIDE = 0x02000000;
const int LEFT_SURROUND = 0x04000000;
const int RIGHT_SURROUND = 0x08000000;
+ const int MONO = 0x00000000;
}
parcelable OctetsPerCodecFrame {
int value;
diff --git a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl
index 031ee67..0613f6c 100644
--- a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl
+++ b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl
@@ -37,6 +37,7 @@
android.hardware.bluetooth.audio.Lc3Configuration lc3Config;
android.hardware.bluetooth.audio.LeAudioCodecConfiguration.VendorConfiguration vendorConfig;
android.hardware.bluetooth.audio.AptxAdaptiveLeConfiguration aptxAdaptiveLeConfig;
+ android.hardware.bluetooth.audio.OpusConfiguration opusConfig;
@VintfStability
parcelable VendorConfiguration {
ParcelableHolder extension;
diff --git a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/UnicastCapability.aidl b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/UnicastCapability.aidl
index 894a2f3..6ed0e56 100644
--- a/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/UnicastCapability.aidl
+++ b/bluetooth/audio/aidl/aidl_api/android.hardware.bluetooth.audio/current/android/hardware/bluetooth/audio/UnicastCapability.aidl
@@ -39,6 +39,7 @@
int deviceCount;
int channelCountPerDevice;
android.hardware.bluetooth.audio.UnicastCapability.LeAudioCodecCapabilities leAudioCodecCapabilities;
+ @nullable android.hardware.bluetooth.audio.CodecSpecificConfigurationLtv.AudioChannelAllocation audioLocation;
@VintfStability
parcelable VendorCapabilities {
ParcelableHolder extension;
@@ -48,5 +49,6 @@
android.hardware.bluetooth.audio.Lc3Capabilities lc3Capabilities;
android.hardware.bluetooth.audio.UnicastCapability.VendorCapabilities vendorCapabillities;
android.hardware.bluetooth.audio.AptxAdaptiveLeCapabilities aptxAdaptiveLeCapabilities;
+ android.hardware.bluetooth.audio.OpusCapabilities opusCapabilities;
}
}
diff --git a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/BroadcastCapability.aidl b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/BroadcastCapability.aidl
index f1301fb..db3c10e 100644
--- a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/BroadcastCapability.aidl
+++ b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/BroadcastCapability.aidl
@@ -17,6 +17,7 @@
package android.hardware.bluetooth.audio;
import android.hardware.bluetooth.audio.AudioLocation;
+import android.hardware.bluetooth.audio.CodecSpecificConfigurationLtv.AudioChannelAllocation;
import android.hardware.bluetooth.audio.CodecType;
import android.hardware.bluetooth.audio.Lc3Capabilities;
@@ -35,8 +36,11 @@
@nullable VendorCapabilities[] vendorCapabillities;
}
CodecType codecType;
+ // @deprecated use audioLocation if present.
AudioLocation supportedChannel;
// Supported channel count for each stream
int channelCountPerStream;
LeAudioCodecCapabilities leAudioCodecCapabilities;
+ // The new audio location type, replacing supportedChannel
+ @nullable AudioChannelAllocation audioLocation;
}
diff --git a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl
index fa302e3..94f0544 100644
--- a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl
+++ b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificCapabilitiesLtv.aidl
@@ -50,9 +50,11 @@
parcelable SupportedFrameDurations {
const int US7500 = 0x01;
const int US10000 = 0x02;
+ const int US20000 = 0x04;
/* Bits 2-3 are RFU */
const int US7500PREFERRED = 0x10;
const int US10000PREFERRED = 0x20;
+ const int US20000PREFERRED = 0x40;
/* 8 bit wide bit mask */
int bitmask;
diff --git a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl
index c099ebe..2835325 100644
--- a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl
+++ b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.aidl
@@ -43,9 +43,11 @@
enum FrameDuration {
US7500 = 0x00,
US10000 = 0x01,
+ US20000 = 0x02,
}
parcelable AudioChannelAllocation {
+ // @deprecated use MONO instead.
const int NOT_ALLOWED = 0x00000000;
const int FRONT_LEFT = 0x00000001;
const int FRONT_RIGHT = 0x00000002;
@@ -75,6 +77,7 @@
const int FRONT_RIGHT_WIDE = 0x02000000;
const int LEFT_SURROUND = 0x04000000;
const int RIGHT_SURROUND = 0x08000000;
+ const int MONO = 0x00000000;
// Bit mask of Audio Locations
int bitmask;
diff --git a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl
index 7ce6ff3..20e6c0c 100644
--- a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl
+++ b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/LeAudioCodecConfiguration.aidl
@@ -16,8 +16,9 @@
package android.hardware.bluetooth.audio;
-import android.hardware.bluetooth.audio.Lc3Configuration;
import android.hardware.bluetooth.audio.AptxAdaptiveLeConfiguration;
+import android.hardware.bluetooth.audio.Lc3Configuration;
+import android.hardware.bluetooth.audio.OpusConfiguration;
@VintfStability
union LeAudioCodecConfiguration {
@@ -28,4 +29,5 @@
Lc3Configuration lc3Config;
VendorConfiguration vendorConfig;
AptxAdaptiveLeConfiguration aptxAdaptiveLeConfig;
+ OpusConfiguration opusConfig;
}
diff --git a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/UnicastCapability.aidl b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/UnicastCapability.aidl
index 07688a7..9f33672 100644
--- a/bluetooth/audio/aidl/android/hardware/bluetooth/audio/UnicastCapability.aidl
+++ b/bluetooth/audio/aidl/android/hardware/bluetooth/audio/UnicastCapability.aidl
@@ -16,10 +16,12 @@
package android.hardware.bluetooth.audio;
+import android.hardware.bluetooth.audio.AptxAdaptiveLeCapabilities;
import android.hardware.bluetooth.audio.AudioLocation;
+import android.hardware.bluetooth.audio.CodecSpecificConfigurationLtv.AudioChannelAllocation;
import android.hardware.bluetooth.audio.CodecType;
import android.hardware.bluetooth.audio.Lc3Capabilities;
-import android.hardware.bluetooth.audio.AptxAdaptiveLeCapabilities;
+import android.hardware.bluetooth.audio.OpusCapabilities;
/**
* Used to specify the le audio unicast codec capabilities for hardware offload.
@@ -35,12 +37,16 @@
Lc3Capabilities lc3Capabilities;
VendorCapabilities vendorCapabillities;
AptxAdaptiveLeCapabilities aptxAdaptiveLeCapabilities;
+ OpusCapabilities opusCapabilities;
}
CodecType codecType;
+ // @deprecated use audioLocation if present.
AudioLocation supportedChannel;
// The number of connected device
int deviceCount;
// Supported channel count for each device
int channelCountPerDevice;
LeAudioCodecCapabilities leAudioCodecCapabilities;
+ // The new audio location type, replacing supportedChannel
+ @nullable AudioChannelAllocation audioLocation;
}
diff --git a/bluetooth/audio/aidl/default/LeAudioOffloadAudioProvider.cpp b/bluetooth/audio/aidl/default/LeAudioOffloadAudioProvider.cpp
index 61c29d3..a10e0a6 100644
--- a/bluetooth/audio/aidl/default/LeAudioOffloadAudioProvider.cpp
+++ b/bluetooth/audio/aidl/default/LeAudioOffloadAudioProvider.cpp
@@ -82,6 +82,8 @@
CodecSpecificCapabilitiesLtv::SupportedFrameDurations::US7500},
{CodecSpecificConfigurationLtv::FrameDuration::US10000,
CodecSpecificCapabilitiesLtv::SupportedFrameDurations::US10000},
+ {CodecSpecificConfigurationLtv::FrameDuration::US20000,
+ CodecSpecificCapabilitiesLtv::SupportedFrameDurations::US20000},
};
std::map<int32_t, CodecSpecificConfigurationLtv::SamplingFrequency>
@@ -768,7 +770,7 @@
// A setting must match both source and sink.
// First filter all setting matched with sink capability
if (in_remoteSinkAudioCapabilities.has_value()) {
- for (auto& setting : ase_configuration_settings)
+ for (auto& setting : ase_configuration_settings) {
for (auto& capability : in_remoteSinkAudioCapabilities.value()) {
if (!capability.has_value()) continue;
auto filtered_ase_configuration_setting =
@@ -779,6 +781,7 @@
filtered_ase_configuration_setting.value());
}
}
+ }
} else {
sink_matched_ase_configuration_settings = ase_configuration_settings;
}
@@ -809,7 +812,6 @@
// Matching priority list:
// Preferred context - exact match with allocation
// Any context - exact match with allocation
-
auto matched_setting_with_context = matchWithRequirement(
matched_ase_configuration_settings, requirement, true);
if (matched_setting_with_context.has_value()) {
diff --git a/bluetooth/audio/aidl/vts/VtsHalBluetoothAudioTargetTest.cpp b/bluetooth/audio/aidl/vts/VtsHalBluetoothAudioTargetTest.cpp
index 4481238..a52d761 100644
--- a/bluetooth/audio/aidl/vts/VtsHalBluetoothAudioTargetTest.cpp
+++ b/bluetooth/audio/aidl/vts/VtsHalBluetoothAudioTargetTest.cpp
@@ -2375,6 +2375,43 @@
return capability;
}
+ LeAudioDeviceCapabilities GetOpusRemoteSinkCapability() {
+ // Create a capability specifically for vendor OPUS
+ LeAudioDeviceCapabilities capability;
+
+ auto vendor_codec = CodecId::Vendor();
+ vendor_codec.codecId = 255;
+ vendor_codec.id = 224;
+ capability.codecId = vendor_codec;
+
+ auto pref_context_metadata = MetadataLtv::PreferredAudioContexts();
+ pref_context_metadata.values =
+ GetAudioContext(AudioContext::MEDIA | AudioContext::CONVERSATIONAL |
+ AudioContext::GAME);
+ capability.metadata = {pref_context_metadata};
+
+ auto sampling_rate =
+ CodecSpecificCapabilitiesLtv::SupportedSamplingFrequencies();
+ sampling_rate.bitmask =
+ CodecSpecificCapabilitiesLtv::SupportedSamplingFrequencies::HZ16000 |
+ CodecSpecificCapabilitiesLtv::SupportedSamplingFrequencies::HZ8000 |
+ CodecSpecificCapabilitiesLtv::SupportedSamplingFrequencies::HZ48000;
+ auto frame_duration =
+ CodecSpecificCapabilitiesLtv::SupportedFrameDurations();
+ frame_duration.bitmask =
+ CodecSpecificCapabilitiesLtv::SupportedFrameDurations::US7500 |
+ CodecSpecificCapabilitiesLtv::SupportedFrameDurations::US10000 |
+ CodecSpecificCapabilitiesLtv::SupportedFrameDurations::US20000;
+ auto octets = CodecSpecificCapabilitiesLtv::SupportedOctetsPerCodecFrame();
+ octets.min = 0;
+ octets.max = 240;
+ auto frames = CodecSpecificCapabilitiesLtv::SupportedMaxCodecFramesPerSDU();
+ frames.value = 2;
+ capability.codecSpecificCapabilities = {sampling_rate, frame_duration,
+ octets, frames};
+ return capability;
+ }
+
LeAudioDeviceCapabilities GetDefaultRemoteSourceCapability() {
// Create a capability
LeAudioDeviceCapabilities capability;
@@ -2745,6 +2782,41 @@
return requirement;
}
+ LeAudioConfigurationRequirement GetOpusUnicastRequirement(
+ int32_t context_bits, bool is_sink_requirement,
+ bool is_source_requriement,
+ CodecSpecificConfigurationLtv::SamplingFrequency freq =
+ CodecSpecificConfigurationLtv::SamplingFrequency::HZ48000) {
+ // Create a requirements
+ LeAudioConfigurationRequirement requirement;
+ requirement.audioContext = GetAudioContext(context_bits);
+
+ auto allocation = CodecSpecificConfigurationLtv::AudioChannelAllocation();
+ allocation.bitmask =
+ CodecSpecificConfigurationLtv::AudioChannelAllocation::FRONT_LEFT |
+ CodecSpecificConfigurationLtv::AudioChannelAllocation::FRONT_RIGHT;
+
+ auto direction_ase_requriement = AseDirectionRequirement();
+ auto vendor_codec = CodecId::Vendor();
+ vendor_codec.codecId = 255;
+ vendor_codec.id = 224;
+ direction_ase_requriement.aseConfiguration.codecId = vendor_codec;
+ direction_ase_requriement.aseConfiguration.targetLatency =
+ LeAudioAseConfiguration::TargetLatency::HIGHER_RELIABILITY;
+
+ direction_ase_requriement.aseConfiguration.codecConfiguration = {
+ freq, CodecSpecificConfigurationLtv::FrameDuration::US20000, allocation
+
+ };
+ if (is_sink_requirement)
+ requirement.sinkAseRequirement = {direction_ase_requriement};
+
+ if (is_source_requriement)
+ requirement.sourceAseRequirement = {direction_ase_requriement};
+
+ return requirement;
+ }
+
LeAudioConfigurationRequirement GetUnicastGameRequirement(bool asymmetric) {
// Create a requirements
LeAudioConfigurationRequirement requirement;
@@ -3172,6 +3244,31 @@
}
TEST_P(BluetoothAudioProviderLeAudioOutputHardwareAidl,
+ GetOpusAseConfiguration) {
+ if (GetProviderFactoryInterfaceVersion() <
+ BluetoothAudioHalVersion::VERSION_AIDL_V4) {
+ GTEST_SKIP();
+ }
+
+ std::vector<std::optional<LeAudioDeviceCapabilities>> sink_capabilities = {
+ GetOpusRemoteSinkCapability()};
+ std::vector<std::optional<LeAudioDeviceCapabilities>> source_capabilities = {
+ GetDefaultRemoteSourceCapability()};
+
+ std::vector<LeAudioAseConfigurationSetting> configurations;
+ std::vector<LeAudioConfigurationRequirement> sink_requirements = {
+ GetOpusUnicastRequirement(AudioContext::MEDIA, true /* sink */,
+ false /* source */)};
+ auto aidl_retval = audio_provider_->getLeAudioAseConfiguration(
+ sink_capabilities, std::nullopt, sink_requirements, &configurations);
+
+ ASSERT_TRUE(aidl_retval.isOk());
+ if (!configurations.empty()) {
+ VerifyIfRequirementsSatisfied(sink_requirements, configurations);
+ }
+}
+
+TEST_P(BluetoothAudioProviderLeAudioOutputHardwareAidl,
GetAseConfiguration_Multidirectional) {
if (GetProviderFactoryInterfaceVersion() <
BluetoothAudioHalVersion::VERSION_AIDL_V4) {
diff --git a/bluetooth/audio/utils/Android.bp b/bluetooth/audio/utils/Android.bp
index d931c4d..d4968a8 100644
--- a/bluetooth/audio/utils/Android.bp
+++ b/bluetooth/audio/utils/Android.bp
@@ -90,13 +90,15 @@
cc_test {
name: "BluetoothLeAudioCodecsProviderTest",
- defaults: [
- "latest_android_hardware_bluetooth_audio_ndk_shared",
- ],
srcs: [
"aidl_session/BluetoothLeAudioCodecsProvider.cpp",
"aidl_session/BluetoothLeAudioCodecsProviderTest.cpp",
],
+ defaults: [
+ "latest_android_hardware_audio_common_ndk_static",
+ "latest_android_hardware_bluetooth_audio_ndk_static",
+ "latest_android_media_audio_common_types_ndk_static",
+ ],
header_libs: [
"libxsdc-utils",
],
diff --git a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioAseConfigurationSettingProvider.cpp b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioAseConfigurationSettingProvider.cpp
index 37812fa..07e4997 100644
--- a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioAseConfigurationSettingProvider.cpp
+++ b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioAseConfigurationSettingProvider.cpp
@@ -92,9 +92,10 @@
/* Frame Durations */
constexpr uint8_t kLeAudioCodecFrameDur7500us = 0x00;
constexpr uint8_t kLeAudioCodecFrameDur10000us = 0x01;
+constexpr uint8_t kLeAudioCodecFrameDur20000us = 0x02;
/* Audio Allocations */
-constexpr uint32_t kLeAudioLocationNotAllowed = 0x00000000;
+constexpr uint32_t kLeAudioLocationMonoAudio = 0x00000000;
constexpr uint32_t kLeAudioLocationFrontLeft = 0x00000001;
constexpr uint32_t kLeAudioLocationFrontRight = 0x00000002;
constexpr uint32_t kLeAudioLocationFrontCenter = 0x00000004;
@@ -171,12 +172,14 @@
{kLeAudioCodecFrameDur7500us,
CodecSpecificConfigurationLtv::FrameDuration::US7500},
{kLeAudioCodecFrameDur10000us,
- CodecSpecificConfigurationLtv::FrameDuration::US10000}};
+ CodecSpecificConfigurationLtv::FrameDuration::US10000},
+ {kLeAudioCodecFrameDur20000us,
+ CodecSpecificConfigurationLtv::FrameDuration::US20000}};
/* Helper map for matching various audio channel allocation notations */
std::map<uint32_t, uint32_t> audio_channel_allocation_map = {
- {kLeAudioLocationNotAllowed,
- CodecSpecificConfigurationLtv::AudioChannelAllocation::NOT_ALLOWED},
+ {kLeAudioLocationMonoAudio,
+ CodecSpecificConfigurationLtv::AudioChannelAllocation::MONO},
{kLeAudioLocationFrontLeft,
CodecSpecificConfigurationLtv::AudioChannelAllocation::FRONT_LEFT},
{kLeAudioLocationFrontRight,
@@ -487,6 +490,9 @@
case CodecSpecificConfigurationLtv::FrameDuration::US10000:
qos.sduIntervalUs = 10000;
break;
+ case CodecSpecificConfigurationLtv::FrameDuration::US20000:
+ qos.sduIntervalUs = 20000;
+ break;
}
qos.sduIntervalUs *= frameBlockValue;
}
diff --git a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.cpp b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.cpp
index 473777c..59c43a4 100644
--- a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.cpp
+++ b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.cpp
@@ -119,19 +119,36 @@
// Mapping octetsPerCodecFrame to bitdepth for easier comparison.
transport.bitdepth.push_back(codec_config.getOctetsPerCodecFrame());
transport.frameDurationUs.push_back(codec_config.getFrameDurationUs());
- switch (strategy_config.getAudioLocation()) {
- case setting::AudioLocation::MONO:
+ if (strategy_config.hasAudioLocation()) {
+ switch (strategy_config.getAudioLocation()) {
+ case setting::AudioLocation::MONO:
+ if (strategy_config_channel_count == 1)
+ transport.channelMode.push_back(ChannelMode::MONO);
+ else
+ transport.channelMode.push_back(ChannelMode::DUALMONO);
+ break;
+ case setting::AudioLocation::STEREO:
+ transport.channelMode.push_back(ChannelMode::STEREO);
+ break;
+ default:
+ transport.channelMode.push_back(ChannelMode::UNKNOWN);
+ break;
+ }
+ } else if (strategy_config.hasAudioChannelAllocation()) {
+ auto count =
+ std::bitset<32>(strategy_config.getAudioChannelAllocation()).count();
+ if (count <= 1) {
if (strategy_config_channel_count == 1)
transport.channelMode.push_back(ChannelMode::MONO);
else
transport.channelMode.push_back(ChannelMode::DUALMONO);
- break;
- case setting::AudioLocation::STEREO:
+ } else if (count == 2) {
transport.channelMode.push_back(ChannelMode::STEREO);
- break;
- default:
+ } else {
transport.channelMode.push_back(ChannelMode::UNKNOWN);
- break;
+ }
+ } else {
+ transport.channelMode.push_back(ChannelMode::UNKNOWN);
}
}
@@ -336,8 +353,12 @@
for (const auto& scenario : supported_scenarios) {
UnicastCapability unicast_encode_capability =
GetUnicastCapability(scenario.getEncode());
+ LOG(INFO) << __func__ << ": Unicast capability encode = "
+ << unicast_encode_capability.toString();
UnicastCapability unicast_decode_capability =
GetUnicastCapability(scenario.getDecode());
+ LOG(INFO) << __func__ << ": Unicast capability decode = "
+ << unicast_decode_capability.toString();
BroadcastCapability broadcast_capability = {.codecType =
CodecType::UNKNOWN};
@@ -384,22 +405,36 @@
return {.codecType = CodecType::UNKNOWN};
}
+ // Populate audio location
+ AudioLocation audio_location = AudioLocation::UNKNOWN;
+ if (strategy_configuration_iter->second.hasAudioLocation()) {
+ audio_location = GetAudioLocation(
+ strategy_configuration_iter->second.getAudioLocation());
+ }
+
+ // Populate audio channel allocation
+ std::optional<CodecSpecificConfigurationLtv::AudioChannelAllocation>
+ audio_channel_allocation = std::nullopt;
+ if (strategy_configuration_iter->second.hasAudioChannelAllocation()) {
+ LOG(INFO) << __func__ << ": has allocation";
+ CodecSpecificConfigurationLtv::AudioChannelAllocation tmp;
+ tmp.bitmask =
+ strategy_configuration_iter->second.getAudioChannelAllocation();
+ audio_channel_allocation = tmp;
+ }
+
CodecType codec_type =
GetCodecType(codec_configuration_iter->second.getCodec());
if (codec_type == CodecType::LC3) {
return ComposeUnicastCapability(
- codec_type,
- GetAudioLocation(
- strategy_configuration_iter->second.getAudioLocation()),
+ codec_type, audio_location, audio_channel_allocation,
strategy_configuration_iter->second.getConnectedDevice(),
strategy_configuration_iter->second.getChannelCount(),
ComposeLc3Capability(codec_configuration_iter->second));
} else if (codec_type == CodecType::APTX_ADAPTIVE_LE ||
codec_type == CodecType::APTX_ADAPTIVE_LEX) {
return ComposeUnicastCapability(
- codec_type,
- GetAudioLocation(
- strategy_configuration_iter->second.getAudioLocation()),
+ codec_type, audio_location, audio_channel_allocation,
strategy_configuration_iter->second.getConnectedDevice(),
strategy_configuration_iter->second.getChannelCount(),
ComposeAptxAdaptiveLeCapability(codec_configuration_iter->second));
@@ -435,11 +470,27 @@
std::vector<std::optional<Lc3Capabilities>> bcastLc3Cap(
1, std::optional(ComposeLc3Capability(codec_configuration_iter->second)));
+ // Populate audio location
+ AudioLocation audio_location = AudioLocation::UNKNOWN;
+ if (strategy_configuration_iter->second.hasAudioLocation()) {
+ audio_location = GetAudioLocation(
+ strategy_configuration_iter->second.getAudioLocation());
+ }
+
+ // Populate audio channel allocation
+ std::optional<CodecSpecificConfigurationLtv::AudioChannelAllocation>
+ audio_channel_allocation = std::nullopt;
+ if (strategy_configuration_iter->second.hasAudioChannelAllocation()) {
+ LOG(INFO) << __func__ << ": has allocation";
+ CodecSpecificConfigurationLtv::AudioChannelAllocation tmp;
+ tmp.bitmask =
+ strategy_configuration_iter->second.getAudioChannelAllocation();
+ audio_channel_allocation = tmp;
+ }
+
if (codec_type == CodecType::LC3) {
return ComposeBroadcastCapability(
- codec_type,
- GetAudioLocation(
- strategy_configuration_iter->second.getAudioLocation()),
+ codec_type, audio_location, audio_channel_allocation,
strategy_configuration_iter->second.getChannelCount(), bcastLc3Cap);
}
return {.codecType = CodecType::UNKNOWN};
@@ -448,16 +499,21 @@
template <class T>
BroadcastCapability BluetoothLeAudioCodecsProvider::ComposeBroadcastCapability(
const CodecType& codec_type, const AudioLocation& audio_location,
+ const std::optional<CodecSpecificConfigurationLtv::AudioChannelAllocation>&
+ audio_channel_allocation,
const uint8_t& channel_count, const std::vector<T>& capability) {
return {.codecType = codec_type,
.supportedChannel = audio_location,
.channelCountPerStream = channel_count,
- .leAudioCodecCapabilities = std::optional(capability)};
+ .leAudioCodecCapabilities = std::optional(capability),
+ .audioLocation = audio_channel_allocation};
}
template <class T>
UnicastCapability BluetoothLeAudioCodecsProvider::ComposeUnicastCapability(
const CodecType& codec_type, const AudioLocation& audio_location,
+ const std::optional<CodecSpecificConfigurationLtv::AudioChannelAllocation>&
+ audio_channel_allocation,
const uint8_t& device_cnt, const uint8_t& channel_count,
const T& capability) {
return {
@@ -467,6 +523,7 @@
.channelCountPerDevice = channel_count,
.leAudioCodecCapabilities =
UnicastCapability::LeAudioCodecCapabilities(capability),
+ .audioLocation = audio_channel_allocation,
};
}
@@ -519,38 +576,87 @@
codec_configuration.hasOctetsPerCodecFrame();
}
+bool IsValidStereoAudioLocation(
+ const setting::StrategyConfiguration& strategy_configuration) {
+ if ((strategy_configuration.getConnectedDevice() == 2 &&
+ strategy_configuration.getChannelCount() == 1) ||
+ (strategy_configuration.getConnectedDevice() == 1 &&
+ strategy_configuration.getChannelCount() == 2)) {
+ // Stereo
+ // 1. two connected device, one for L one for R
+ // 2. one connected device for both L and R
+ return true;
+ } else if (strategy_configuration.getConnectedDevice() == 0 &&
+ strategy_configuration.getChannelCount() == 2) {
+ // Broadcast
+ return true;
+ }
+ return false;
+}
+
+bool IsValidMonoAudioLocation(
+ const setting::StrategyConfiguration& strategy_configuration) {
+ if (strategy_configuration.getConnectedDevice() == 1 &&
+ strategy_configuration.getChannelCount() == 1) {
+ return true;
+ }
+ return false;
+}
+
+bool IsValidAudioLocation(
+ const setting::StrategyConfiguration& strategy_configuration) {
+ if (strategy_configuration.getAudioLocation() ==
+ setting::AudioLocation::STEREO)
+ return IsValidStereoAudioLocation(strategy_configuration);
+ else if (strategy_configuration.getAudioLocation() ==
+ setting::AudioLocation::MONO)
+ return IsValidMonoAudioLocation(strategy_configuration);
+ return false;
+}
+
+bool IsValidAudioChannelAllocation(
+ const setting::StrategyConfiguration& strategy_configuration) {
+ // First, ensure that there's only 2 bitmask enabled
+ int audio_channel_allocation =
+ strategy_configuration.getAudioChannelAllocation();
+ int count = 0;
+ for (int bit = 0; bit < 32; ++bit)
+ if (audio_channel_allocation & (1 << bit)) ++count;
+ if (count > 2) {
+ LOG(WARNING) << "Cannot parse more than 2 audio location, input is "
+ << audio_channel_allocation;
+ return false;
+ }
+
+ if (count == 2)
+ return IsValidStereoAudioLocation(strategy_configuration);
+ else
+ return IsValidMonoAudioLocation(strategy_configuration);
+}
+
bool BluetoothLeAudioCodecsProvider::IsValidStrategyConfiguration(
const setting::StrategyConfiguration& strategy_configuration) {
if (!strategy_configuration.hasName() ||
- !strategy_configuration.hasAudioLocation() ||
!strategy_configuration.hasConnectedDevice() ||
!strategy_configuration.hasChannelCount()) {
return false;
}
- if (strategy_configuration.getAudioLocation() ==
- setting::AudioLocation::STEREO) {
- if ((strategy_configuration.getConnectedDevice() == 2 &&
- strategy_configuration.getChannelCount() == 1) ||
- (strategy_configuration.getConnectedDevice() == 1 &&
- strategy_configuration.getChannelCount() == 2)) {
- // Stereo
- // 1. two connected device, one for L one for R
- // 2. one connected device for both L and R
- return true;
- } else if (strategy_configuration.getConnectedDevice() == 0 &&
- strategy_configuration.getChannelCount() == 2) {
- // Broadcast
- return true;
- }
- } else if (strategy_configuration.getAudioLocation() ==
- setting::AudioLocation::MONO) {
- if (strategy_configuration.getConnectedDevice() == 1 &&
- strategy_configuration.getChannelCount() == 1) {
- // Mono
- return true;
- }
- }
- return false;
+
+ // Both audio location field cannot be empty
+ if (!strategy_configuration.hasAudioLocation() &&
+ !strategy_configuration.hasAudioChannelAllocation())
+ return false;
+
+ // Any audio location field that presents must be valid
+ if (strategy_configuration.hasAudioLocation() &&
+ !IsValidAudioLocation(strategy_configuration))
+ return false;
+
+ if (strategy_configuration.hasAudioChannelAllocation() &&
+ !IsValidAudioChannelAllocation(strategy_configuration))
+ return false;
+
+ return true;
}
} // namespace audio
diff --git a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.h b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.h
index 5bf67e2..23b2bb6 100644
--- a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.h
+++ b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProvider.h
@@ -23,6 +23,7 @@
#include <vector>
#include "aidl/android/hardware/bluetooth/audio/CodecInfo.h"
+#include "aidl/android/hardware/bluetooth/audio/CodecSpecificConfigurationLtv.h"
#include "aidl/android/hardware/bluetooth/audio/SessionType.h"
#include "aidl_android_hardware_bluetooth_audio_setting.h"
@@ -84,12 +85,18 @@
template <class T>
static inline UnicastCapability ComposeUnicastCapability(
const CodecType& codec_type, const AudioLocation& audio_location,
+ const std::optional<
+ CodecSpecificConfigurationLtv::AudioChannelAllocation>&
+ audio_channel_allocation,
const uint8_t& device_cnt, const uint8_t& channel_count,
const T& capability);
template <class T>
static inline BroadcastCapability ComposeBroadcastCapability(
const CodecType& codec_type, const AudioLocation& audio_location,
+ const std::optional<
+ CodecSpecificConfigurationLtv::AudioChannelAllocation>&
+ audio_channel_allocation,
const uint8_t& channel_count, const std::vector<T>& capability);
static inline Lc3Capabilities ComposeLc3Capability(
diff --git a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProviderTest.cpp b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProviderTest.cpp
index dba2749..c47f7d5 100644
--- a/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProviderTest.cpp
+++ b/bluetooth/audio/utils/aidl_session/BluetoothLeAudioCodecsProviderTest.cpp
@@ -64,19 +64,101 @@
static const StrategyConfiguration kValidStrategyStereoOneCis(
std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
std::make_optional(AudioLocation::STEREO), std::make_optional(2),
- std::make_optional(1));
+ std::make_optional(1), std::nullopt);
static const StrategyConfiguration kValidStrategyStereoTwoCis(
std::make_optional("STEREO_TWO_CISES_PER_DEVICE"),
std::make_optional(AudioLocation::STEREO), std::make_optional(1),
- std::make_optional(2));
+ std::make_optional(2), std::nullopt);
static const StrategyConfiguration kValidStrategyMonoOneCis(
std::make_optional("MONO_ONE_CIS_PER_DEVICE"),
std::make_optional(AudioLocation::MONO), std::make_optional(1),
- std::make_optional(1));
+ std::make_optional(1), std::nullopt);
static const StrategyConfiguration kValidStrategyBroadcastStereo(
std::make_optional("BROADCAST_STEREO"),
std::make_optional(AudioLocation::STEREO), std::make_optional(0),
- std::make_optional(2));
+ std::make_optional(2), std::nullopt);
+
+static const StrategyConfiguration kValidStrategyStereoOneCisInt(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"), std::nullopt,
+ std::make_optional(2), std::make_optional(1), std::make_optional(3));
+static const StrategyConfiguration kValidStrategyStereoTwoCisInt(
+ std::make_optional("STEREO_TWO_CISES_PER_DEVICE"), std::nullopt,
+ std::make_optional(1), std::make_optional(2), std::make_optional(3));
+static const StrategyConfiguration kValidStrategyMonoOneCisInt(
+ std::make_optional("MONO_ONE_CIS_PER_DEVICE"), std::nullopt,
+ std::make_optional(1), std::make_optional(1), std::make_optional(4));
+static const StrategyConfiguration kValidStrategyBroadcastStereoInt(
+ std::make_optional("BROADCAST_STEREO"), std::nullopt, std::make_optional(0),
+ std::make_optional(2), std::make_optional(3));
+
+static const StrategyConfiguration kValidStrategyStereoOneCisBoth(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(2),
+ std::make_optional(1), std::make_optional(3));
+static const StrategyConfiguration kValidStrategyStereoTwoCisBoth(
+ std::make_optional("STEREO_TWO_CISES_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(1),
+ std::make_optional(2), std::make_optional(3));
+static const StrategyConfiguration kValidStrategyMonoOneCisBoth(
+ std::make_optional("MONO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::MONO), std::make_optional(1),
+ std::make_optional(1), std::make_optional(4));
+static const StrategyConfiguration kValidStrategyBroadcastStereoBoth(
+ std::make_optional("BROADCAST_STEREO"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(0),
+ std::make_optional(2), std::make_optional(3));
+
+// List of all invalid strategy configuration
+const auto kInvalidStrategyStereoTwoCisTwoDevice = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(2),
+ std::make_optional(2), std::nullopt)});
+const auto kInvalidStrategyMonoTwoCisTwoDevice = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("MONO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(2),
+ std::make_optional(2), std::nullopt)});
+const auto kInvalidStrategyNoName = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::nullopt, std::make_optional(AudioLocation::STEREO),
+ std::make_optional(2), std::make_optional(1), std::nullopt)});
+const auto kInvalidStrategyNoLocation = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"), std::nullopt,
+ std::make_optional(2), std::make_optional(1), std::nullopt)});
+const auto kInvalidStrategyNoDevice = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::nullopt,
+ std::make_optional(1), std::nullopt)});
+const auto kInvalidStrategyNoChannel = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(2),
+ std::nullopt, std::nullopt)});
+const auto kInvalidStrategyIntMoreBitmask = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(2),
+ std::make_optional(1), std::make_optional(7))});
+const auto kInvalidStrategyIntStereoTwoCisTwoDevice = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"), std::nullopt,
+ std::make_optional(2), std::make_optional(2), std::make_optional(3))});
+const auto kInvalidStrategyIntMonoTwoCisTwoDevice = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("MONO_ONE_CIS_PER_DEVICE"), std::nullopt,
+ std::make_optional(2), std::make_optional(2), std::make_optional(4))});
+const auto kInvalidStrategyIntBroadcast = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("MONO_ONE_CIS_PER_DEVICE"), std::nullopt,
+ std::make_optional(0), std::make_optional(1), std::make_optional(3))});
+const auto kInvalidStrategyBothStereoMonoInt = StrategyConfigurationList(
+ std::vector<StrategyConfiguration>{StrategyConfiguration(
+ std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
+ std::make_optional(AudioLocation::STEREO), std::make_optional(2),
+ std::make_optional(1), std::make_optional(4))});
// Define valid test list built from above valid components
// Scenario, Configuration, CodecConfiguration, StrategyConfiguration
@@ -88,11 +170,16 @@
static const std::vector<CodecConfigurationList> kValidCodecConfigurationList =
{CodecConfigurationList(
std::vector<CodecConfiguration>{kValidCodecLC3_16k_1})};
+
static const std::vector<StrategyConfigurationList>
kValidStrategyConfigurationList = {
StrategyConfigurationList(std::vector<StrategyConfiguration>{
kValidStrategyStereoOneCis, kValidStrategyStereoTwoCis,
- kValidStrategyMonoOneCis, kValidStrategyBroadcastStereo})};
+ kValidStrategyMonoOneCis, kValidStrategyBroadcastStereo,
+ kValidStrategyStereoOneCisInt, kValidStrategyStereoTwoCisInt,
+ kValidStrategyMonoOneCisInt, kValidStrategyBroadcastStereoInt,
+ kValidStrategyStereoOneCisBoth, kValidStrategyStereoTwoCisBoth,
+ kValidStrategyMonoOneCisBoth, kValidStrategyBroadcastStereoBoth})};
class BluetoothLeAudioCodecsProviderTest
: public ::testing::TestWithParam<OffloadSetting> {
@@ -270,49 +357,19 @@
static std::vector<StrategyConfigurationList>
CreateInvalidStrategyConfigurations() {
std::vector<StrategyConfigurationList>
- invalid_strategy_configuration_test_cases;
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(
- std::vector<StrategyConfiguration>{StrategyConfiguration(
- std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
- std::make_optional(AudioLocation::STEREO),
- std::make_optional(2), std::make_optional(2))}));
-
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(
- std::vector<StrategyConfiguration>{StrategyConfiguration(
- std::make_optional("MONO_ONE_CIS_PER_DEVICE"),
- std::make_optional(AudioLocation::STEREO),
- std::make_optional(2), std::make_optional(2))}));
-
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(
- std::vector<StrategyConfiguration>{StrategyConfiguration(
- std::nullopt, std::make_optional(AudioLocation::STEREO),
- std::make_optional(2), std::make_optional(1))}));
-
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(
- std::vector<StrategyConfiguration>{StrategyConfiguration(
- std::make_optional("STEREO_ONE_CIS_PER_DEVICE"), std::nullopt,
- std::make_optional(2), std::make_optional(1))}));
-
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(
- std::vector<StrategyConfiguration>{StrategyConfiguration(
- std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
- std::make_optional(AudioLocation::STEREO), std::nullopt,
- std::make_optional(1))}));
-
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(
- std::vector<StrategyConfiguration>{StrategyConfiguration(
- std::make_optional("STEREO_ONE_CIS_PER_DEVICE"),
- std::make_optional(AudioLocation::STEREO),
- std::make_optional(2), std::nullopt)}));
-
- invalid_strategy_configuration_test_cases.push_back(
- StrategyConfigurationList(std::vector<StrategyConfiguration>{}));
+ invalid_strategy_configuration_test_cases = {
+ kInvalidStrategyStereoTwoCisTwoDevice,
+ kInvalidStrategyMonoTwoCisTwoDevice,
+ kInvalidStrategyNoName,
+ kInvalidStrategyNoLocation,
+ kInvalidStrategyNoDevice,
+ kInvalidStrategyNoChannel,
+ kInvalidStrategyIntMoreBitmask,
+ kInvalidStrategyIntStereoTwoCisTwoDevice,
+ kInvalidStrategyIntMonoTwoCisTwoDevice,
+ kInvalidStrategyIntBroadcast,
+ kInvalidStrategyBothStereoMonoInt,
+ StrategyConfigurationList(std::vector<StrategyConfiguration>{})};
return invalid_strategy_configuration_test_cases;
}
diff --git a/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xml b/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xml
index eaace78..b6ebbd9 100644
--- a/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xml
+++ b/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xml
@@ -69,9 +69,9 @@
<codecConfiguration name="APTX_ADAPTIVE_LEX_96k" codec="APTX_ADAPTIVE_LEX" samplingFrequency="96000" frameDurationUs="10000" octetsPerCodecFrame="816"/>
</codecConfigurationList>
<strategyConfigurationList>
- <strategyConfiguration name="STEREO_ONE_CIS_PER_DEVICE" audioLocation="STEREO" connectedDevice="2" channelCount="1"/>
- <strategyConfiguration name="STEREO_TWO_CISES_PER_DEVICE" audioLocation="STEREO" connectedDevice="1" channelCount="2"/>
- <strategyConfiguration name="MONO_ONE_CIS_PER_DEVICE" audioLocation="MONO" connectedDevice="1" channelCount="1"/>
- <strategyConfiguration name="BROADCAST_STEREO" audioLocation="STEREO" connectedDevice="0" channelCount="2"/>
+ <strategyConfiguration name="STEREO_ONE_CIS_PER_DEVICE" audioLocation="STEREO" connectedDevice="2" channelCount="1" audioChannelAllocation="3"/>
+ <strategyConfiguration name="STEREO_TWO_CISES_PER_DEVICE" audioLocation="STEREO" connectedDevice="1" channelCount="2" audioChannelAllocation="3"/>
+ <strategyConfiguration name="MONO_ONE_CIS_PER_DEVICE" audioLocation="MONO" connectedDevice="1" channelCount="1" audioChannelAllocation="4"/>
+ <strategyConfiguration name="BROADCAST_STEREO" audioLocation="STEREO" connectedDevice="0" channelCount="2" audioChannelAllocation="3"/>
</strategyConfigurationList>
</leAudioOffloadSetting>
diff --git a/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xsd b/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xsd
index 03c8ade..d9ccab5 100644
--- a/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xsd
+++ b/bluetooth/audio/utils/le_audio_codec_capabilities/le_audio_codec_capabilities.xsd
@@ -56,9 +56,12 @@
<xs:element name="strategyConfiguration">
<xs:complexType>
<xs:attribute name="name" type="xs:string"/>
+ <!-- Deprecated definition of Audio Location, please use audioLocationInt -->
<xs:attribute name="audioLocation" type="audioLocation"/>
<xs:attribute name="connectedDevice" type="xs:unsignedByte"/>
<xs:attribute name="channelCount" type="xs:unsignedByte"/>
+ <!-- Integer Audio Location to populate to audioLocation if present -->
+ <xs:attribute name="audioChannelAllocation" type="xs:int"/>
</xs:complexType>
</xs:element>
<xs:simpleType name="audioLocation">
diff --git a/bluetooth/audio/utils/le_audio_codec_capabilities/schema/current.txt b/bluetooth/audio/utils/le_audio_codec_capabilities/schema/current.txt
index a882174..b6c2f03 100644
--- a/bluetooth/audio/utils/le_audio_codec_capabilities/schema/current.txt
+++ b/bluetooth/audio/utils/le_audio_codec_capabilities/schema/current.txt
@@ -81,10 +81,12 @@
public class StrategyConfiguration {
ctor public StrategyConfiguration();
+ method public int getAudioChannelAllocation();
method public aidl.android.hardware.bluetooth.audio.setting.AudioLocation getAudioLocation();
method public short getChannelCount();
method public short getConnectedDevice();
method public String getName();
+ method public void setAudioChannelAllocation(int);
method public void setAudioLocation(aidl.android.hardware.bluetooth.audio.setting.AudioLocation);
method public void setChannelCount(short);
method public void setConnectedDevice(short);
diff --git a/bluetooth/audio/utils/le_audio_configuration_set/audio_set_configurations.json b/bluetooth/audio/utils/le_audio_configuration_set/audio_set_configurations.json
index fbfa3f9..88e9ce4 100644
--- a/bluetooth/audio/utils/le_audio_configuration_set/audio_set_configurations.json
+++ b/bluetooth/audio/utils/le_audio_configuration_set/audio_set_configurations.json
@@ -18,6 +18,7 @@
" Example values which can be used as 'codec_configuration.compound_value'",
" Codec Coding formats:",
" LC3 = 6",
+ " OPUS = 225",
" Sampling Frequencies: ",
" 8000Hz = 1",
" 11025Hz = 2",
@@ -34,7 +35,8 @@
" 384000Hz = 13",
" Frame Durations:",
" 7500us = 0",
- " 10000us = 1"
+ " 10000us = 1",
+ " 20000us = 2"
],
"configurations": [
{
diff --git a/bluetooth/ranging/aidl/vts/Android.bp b/bluetooth/ranging/aidl/vts/Android.bp
index 9984ce8..bcae5d0 100644
--- a/bluetooth/ranging/aidl/vts/Android.bp
+++ b/bluetooth/ranging/aidl/vts/Android.bp
@@ -17,7 +17,7 @@
"libutils",
],
static_libs: [
- "android.hardware.bluetooth.ranging-V1-ndk",
+ "android.hardware.bluetooth.ranging-V2-ndk",
"libbluetooth-types",
],
test_config: "VtsHalBluetoothRangingTargetTest.xml",
diff --git a/bluetooth/ranging/aidl/vts/VtsHalBluetoothRangingTargetTest.cpp b/bluetooth/ranging/aidl/vts/VtsHalBluetoothRangingTargetTest.cpp
index 702df95..4510f24 100644
--- a/bluetooth/ranging/aidl/vts/VtsHalBluetoothRangingTargetTest.cpp
+++ b/bluetooth/ranging/aidl/vts/VtsHalBluetoothRangingTargetTest.cpp
@@ -30,12 +30,15 @@
using aidl::android::hardware::bluetooth::ranging::
BnBluetoothChannelSoundingSessionCallback;
using aidl::android::hardware::bluetooth::ranging::ChannelSoudingRawData;
+using aidl::android::hardware::bluetooth::ranging::ChannelSoundingProcedureData;
+using aidl::android::hardware::bluetooth::ranging::Config;
using aidl::android::hardware::bluetooth::ranging::CsSecurityLevel;
using aidl::android::hardware::bluetooth::ranging::IBluetoothChannelSounding;
using aidl::android::hardware::bluetooth::ranging::
IBluetoothChannelSoundingSession;
using aidl::android::hardware::bluetooth::ranging::
IBluetoothChannelSoundingSessionCallback;
+using aidl::android::hardware::bluetooth::ranging::ProcedureEnableConfig;
using aidl::android::hardware::bluetooth::ranging::RangingResult;
using aidl::android::hardware::bluetooth::ranging::Reason;
using aidl::android::hardware::bluetooth::ranging::ResultType;
@@ -43,6 +46,12 @@
using aidl::android::hardware::bluetooth::ranging::VendorSpecificData;
using ndk::ScopedAStatus;
+enum class RangingHalVersion : uint8_t {
+ V_UNAVAILABLE = 0,
+ V_1,
+ V_2,
+};
+
class BluetoothChannelSoundingSessionCallback
: public BnBluetoothChannelSoundingSessionCallback {
public:
@@ -80,6 +89,8 @@
ALOGI("SetUp Ranging Test");
bluetooth_channel_sounding_ = IBluetoothChannelSounding::fromBinder(
ndk::SpAIBinder(AServiceManager_waitForService(GetParam().c_str())));
+ hal_version_ = GetRangingHalVersion();
+ ASSERT_GT(hal_version_, RangingHalVersion::V_UNAVAILABLE);
ASSERT_NE(bluetooth_channel_sounding_, nullptr);
}
@@ -95,6 +106,8 @@
ScopedAStatus getSupportedSessionTypes(
std::optional<std::vector<SessionType>>* _aidl_return);
ScopedAStatus getMaxSupportedCsSecurityLevel(CsSecurityLevel* _aidl_return);
+ ScopedAStatus getSupportedCsSecurityLevels(
+ std::vector<CsSecurityLevel>* _aidl_return);
ScopedAStatus openSession(
const BluetoothChannelSoundingParameters& in_params,
const std::shared_ptr<IBluetoothChannelSoundingSessionCallback>&
@@ -111,6 +124,30 @@
return status;
}
+ RangingHalVersion GetRangingHalVersion() {
+ int32_t aidl_version = 0;
+ if (bluetooth_channel_sounding_ == nullptr) {
+ return RangingHalVersion::V_UNAVAILABLE;
+ }
+ auto aidl_ret_val =
+ bluetooth_channel_sounding_->getInterfaceVersion(&aidl_version);
+ if (!aidl_ret_val.isOk()) {
+ return RangingHalVersion::V_UNAVAILABLE;
+ }
+ switch (aidl_version) {
+ case 1:
+ return RangingHalVersion::V_1;
+ case 2:
+ return RangingHalVersion::V_2;
+ default:
+ return RangingHalVersion::V_UNAVAILABLE;
+ }
+ return RangingHalVersion::V_UNAVAILABLE;
+ }
+
+ public:
+ RangingHalVersion hal_version_ = RangingHalVersion::V_UNAVAILABLE;
+
private:
std::shared_ptr<IBluetoothChannelSounding> bluetooth_channel_sounding_;
};
@@ -130,6 +167,13 @@
return bluetooth_channel_sounding_->getMaxSupportedCsSecurityLevel(
_aidl_return);
}
+
+ScopedAStatus BluetoothRangingTest::getSupportedCsSecurityLevels(
+ std::vector<CsSecurityLevel>* _aidl_return) {
+ return bluetooth_channel_sounding_->getSupportedCsSecurityLevels(
+ _aidl_return);
+}
+
ScopedAStatus BluetoothRangingTest::openSession(
const BluetoothChannelSoundingParameters& in_params,
const std::shared_ptr<IBluetoothChannelSoundingSessionCallback>&
@@ -155,11 +199,25 @@
}
TEST_P(BluetoothRangingTest, GetMaxSupportedCsSecurityLevel) {
+ if (hal_version_ > RangingHalVersion::V_1) {
+ GTEST_SKIP();
+ }
CsSecurityLevel security_level;
ScopedAStatus status = getMaxSupportedCsSecurityLevel(&security_level);
ASSERT_TRUE(status.isOk());
}
+TEST_P(BluetoothRangingTest, GetSupportedCsSecurityLevels) {
+ if (hal_version_ < RangingHalVersion::V_2) {
+ GTEST_SKIP();
+ }
+ std::vector<CsSecurityLevel> supported_security_levels;
+ ScopedAStatus status =
+ getSupportedCsSecurityLevels(&supported_security_levels);
+ ASSERT_GT(static_cast<uint8_t>(supported_security_levels.size()), 0);
+ ASSERT_TRUE(status.isOk());
+}
+
TEST_P(BluetoothRangingTest, OpenSession) {
BluetoothChannelSoundingParameters params;
std::shared_ptr<BluetoothChannelSoundingSessionCallback> callback = nullptr;
@@ -205,6 +263,9 @@
}
TEST_P(BluetoothRangingTest, WriteRawData) {
+ if (hal_version_ > RangingHalVersion::V_1) {
+ GTEST_SKIP();
+ }
std::shared_ptr<IBluetoothChannelSoundingSession> session;
auto status = initBluetoothChannelSoundingSession(&session);
ASSERT_TRUE(status.isOk());
@@ -215,6 +276,62 @@
}
}
+TEST_P(BluetoothRangingTest, WriteProcedureData) {
+ if (hal_version_ < RangingHalVersion::V_2) {
+ GTEST_SKIP();
+ }
+ std::shared_ptr<IBluetoothChannelSoundingSession> session;
+ auto status = initBluetoothChannelSoundingSession(&session);
+ ASSERT_TRUE(status.isOk());
+ if (session != nullptr) {
+ ChannelSoundingProcedureData procedure_data;
+ status = session->writeProcedureData(procedure_data);
+ ASSERT_TRUE(status.isOk());
+ }
+}
+
+TEST_P(BluetoothRangingTest, UpdateChannelSoundingConfig) {
+ if (hal_version_ < RangingHalVersion::V_2) {
+ GTEST_SKIP();
+ }
+ std::shared_ptr<IBluetoothChannelSoundingSession> session;
+ auto status = initBluetoothChannelSoundingSession(&session);
+ ASSERT_TRUE(status.isOk());
+ if (session != nullptr) {
+ Config config;
+ status = session->updateChannelSoundingConfig(config);
+ ASSERT_TRUE(status.isOk());
+ }
+}
+
+TEST_P(BluetoothRangingTest, UpdateProcedureEnableConfig) {
+ if (hal_version_ < RangingHalVersion::V_2) {
+ GTEST_SKIP();
+ }
+ std::shared_ptr<IBluetoothChannelSoundingSession> session;
+ auto status = initBluetoothChannelSoundingSession(&session);
+ ASSERT_TRUE(status.isOk());
+ if (session != nullptr) {
+ ProcedureEnableConfig procedure_enable_config;
+ status = session->updateProcedureEnableConfig(procedure_enable_config);
+ ASSERT_TRUE(status.isOk());
+ }
+}
+
+TEST_P(BluetoothRangingTest, UpdateBleConnInterval) {
+ if (hal_version_ < RangingHalVersion::V_2) {
+ GTEST_SKIP();
+ }
+ std::shared_ptr<IBluetoothChannelSoundingSession> session;
+ auto status = initBluetoothChannelSoundingSession(&session);
+ ASSERT_TRUE(status.isOk());
+ if (session != nullptr) {
+ int ble_conn_interval = 10;
+ status = session->updateBleConnInterval(ble_conn_interval);
+ ASSERT_TRUE(status.isOk());
+ }
+}
+
TEST_P(BluetoothRangingTest, CloseSession) {
std::shared_ptr<IBluetoothChannelSoundingSession> session;
auto status = initBluetoothChannelSoundingSession(&session);
diff --git a/bluetooth/socket/OWNERS b/bluetooth/socket/OWNERS
new file mode 100644
index 0000000..e7a60e6
--- /dev/null
+++ b/bluetooth/socket/OWNERS
@@ -0,0 +1,5 @@
+# Bug component: 27441
+
+include platform/packages/modules/Bluetooth:/OWNERS
+
+jaydenk@google.com
diff --git a/bluetooth/socket/aidl/Android.bp b/bluetooth/socket/aidl/Android.bp
new file mode 100644
index 0000000..44e7f5a
--- /dev/null
+++ b/bluetooth/socket/aidl/Android.bp
@@ -0,0 +1,40 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.bluetooth.socket",
+ vendor_available: true,
+ host_supported: true,
+ srcs: ["android/hardware/bluetooth/socket/*.aidl"],
+ stability: "vintf",
+ backend: {
+ ndk: {
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.btservices",
+ ],
+ min_sdk_version: "33",
+ },
+ },
+ frozen: false,
+}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/ChannelInfo.aidl
similarity index 87%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/ChannelInfo.aidl
index 1e304ab..b9b9593 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/ChannelInfo.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+union ChannelInfo {
+ android.hardware.bluetooth.socket.LeCocChannelInfo leCocChannelInfo;
+ android.hardware.bluetooth.socket.RfcommChannelInfo rfcommChannelInfo;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/IBluetoothSocket.aidl
similarity index 81%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/IBluetoothSocket.aidl
index 5c26cc2..a961692 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/IBluetoothSocket.aidl
@@ -31,7 +31,11 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.bluetooth.socket;
+@VintfStability
+interface IBluetoothSocket {
+ void registerCallback(in android.hardware.bluetooth.socket.IBluetoothSocketCallback callback);
+ android.hardware.bluetooth.socket.SocketCapabilities getSocketCapabilities();
+ void opened(in android.hardware.bluetooth.socket.SocketContext context);
+ void closed(long socketId);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/IBluetoothSocketCallback.aidl
similarity index 86%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/IBluetoothSocketCallback.aidl
index 1e304ab..35bfb5b 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/IBluetoothSocketCallback.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+interface IBluetoothSocketCallback {
+ void openedComplete(long socketId, in android.hardware.bluetooth.socket.Status status, in String reason);
+ void close(long socketId, in String reason);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/LeCocCapabilities.aidl
similarity index 91%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/LeCocCapabilities.aidl
index 1e304ab..447daa9 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/LeCocCapabilities.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+parcelable LeCocCapabilities {
+ int numberOfSupportedSockets;
+ int mtu;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/LeCocChannelInfo.aidl
similarity index 86%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/LeCocChannelInfo.aidl
index 1e304ab..4d6fcb7 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/LeCocChannelInfo.aidl
@@ -31,7 +31,16 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+parcelable LeCocChannelInfo {
+ int localCid;
+ int remoteCid;
+ int psm;
+ int localMtu;
+ int remoteMtu;
+ int localMps;
+ int remoteMps;
+ int initialRxCredits;
+ int initialTxCredits;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/RfcommCapabilities.aidl
similarity index 91%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/RfcommCapabilities.aidl
index 1e304ab..06a75b4 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/RfcommCapabilities.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+parcelable RfcommCapabilities {
+ int numberOfSupportedSockets;
+ int maxFrameSize;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/RfcommChannelInfo.aidl
similarity index 86%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/RfcommChannelInfo.aidl
index 1e304ab..3f9a140 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/RfcommChannelInfo.aidl
@@ -31,7 +31,16 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+parcelable RfcommChannelInfo {
+ int localCid;
+ int remoteCid;
+ int localMtu;
+ int remoteMtu;
+ int initialRxCredits;
+ int initialTxCredits;
+ int dlci;
+ int maxFrameSize;
+ boolean muxInitiator;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/SocketCapabilities.aidl
similarity index 86%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/SocketCapabilities.aidl
index 1e304ab..400f20c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/SocketCapabilities.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@VintfStability
+parcelable SocketCapabilities {
+ android.hardware.bluetooth.socket.LeCocCapabilities leCocCapabilities;
+ android.hardware.bluetooth.socket.RfcommCapabilities rfcommCapabilities;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/SocketContext.aidl
similarity index 87%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/SocketContext.aidl
index 472215f..e5b31c2 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/SocketContext.aidl
@@ -31,6 +31,13 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface ICryptoOperationContext {
+package android.hardware.bluetooth.socket;
+@VintfStability
+parcelable SocketContext {
+ long socketId;
+ String name;
+ int aclConnectionHandle;
+ android.hardware.bluetooth.socket.ChannelInfo channelInfo;
+ long hubId;
+ long endpointId;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/Status.aidl
similarity index 92%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/Status.aidl
index 1e304ab..63f57a9 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/bluetooth/socket/aidl/aidl_api/android.hardware.bluetooth.socket/current/android/hardware/bluetooth/socket/Status.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.bluetooth.socket;
+@Backing(type="int") @VintfStability
+enum Status {
+ SUCCESS,
+ FAILURE,
}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/ChannelInfo.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/ChannelInfo.aidl
new file mode 100644
index 0000000..afae1c0
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/ChannelInfo.aidl
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+import android.hardware.bluetooth.socket.LeCocChannelInfo;
+import android.hardware.bluetooth.socket.RfcommChannelInfo;
+
+/**
+ * Used to specify the channel information of different protocol.
+ */
+@VintfStability
+union ChannelInfo {
+ /**
+ * LE L2CAP COC channel information.
+ */
+ LeCocChannelInfo leCocChannelInfo;
+
+ /**
+ * RFCOMM channel information.
+ */
+ RfcommChannelInfo rfcommChannelInfo;
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/IBluetoothSocket.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/IBluetoothSocket.aidl
new file mode 100644
index 0000000..5853c10
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/IBluetoothSocket.aidl
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+import android.hardware.bluetooth.socket.IBluetoothSocketCallback;
+import android.hardware.bluetooth.socket.SocketCapabilities;
+import android.hardware.bluetooth.socket.SocketContext;
+
+/**
+ * The interface for host stack to register callback, get capabilities, and open/close socket.
+ */
+@VintfStability
+interface IBluetoothSocket {
+ /**
+ * API to register a callback for HAL implementation to send asynchronous events.
+ *
+ * @param callback An instance of the |IBluetoothSocketCallback| AIDL interface object
+ */
+ void registerCallback(in IBluetoothSocketCallback callback);
+
+ /**
+ * API to get supported offload socket capabilities.
+ *
+ * @return a socket capabilities
+ */
+ SocketCapabilities getSocketCapabilities();
+
+ /**
+ * API to notify the offload stack that the socket is opened.
+ *
+ * The HAL implementation must use IBluetoothSocketCallback.openedComplete() to indicate the
+ * result of this operation
+ *
+ * @param context Socket context including socket id, channel, hub, and endpoint info
+ */
+ void opened(in SocketContext context);
+
+ /**
+ * API to notify the offload stack that the socket is closed.
+ *
+ * When host app requests to close a socket or the HAL calls IBluetoothSocketCallback.close(),
+ * the host stack closes the socket and sends the notification.
+ *
+ * @param socketId Identifier assigned to the socket by the host stack
+ */
+ void closed(long socketId);
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/IBluetoothSocketCallback.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/IBluetoothSocketCallback.aidl
new file mode 100644
index 0000000..7cd635d
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/IBluetoothSocketCallback.aidl
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+import android.hardware.bluetooth.socket.Status;
+
+/**
+ * The interface from the Bluetooth offload socket to the host stack.
+ */
+@VintfStability
+interface IBluetoothSocketCallback {
+ /**
+ * Invoked when IBluetoothSocket.opened() has been completed.
+ *
+ * @param socketId Identifier assigned to the socket by the host stack
+ * @param status Status indicating success or failure
+ * @param reason Reason string of the operation failure for debugging purposes
+ */
+ void openedComplete(long socketId, in Status status, in String reason);
+
+ /**
+ * Invoked when offload app or stack requests host stack to close the socket.
+ *
+ * @param socketId Identifier assigned to the socket by the host stack
+ * @param reason Reason string for closing the socket for debugging purposes
+ */
+ void close(long socketId, in String reason);
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/LeCocCapabilities.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/LeCocCapabilities.aidl
new file mode 100644
index 0000000..003da11
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/LeCocCapabilities.aidl
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+/**
+ * Capabilities for LE L2CAP COC that the offload stack supports.
+ */
+@VintfStability
+parcelable LeCocCapabilities {
+ /**
+ * Maximum number of LE COC sockets supported. If not supported, the value must be zero.
+ */
+ int numberOfSupportedSockets;
+
+ /**
+ * Local Maximum Transmission Unit size in octets. The MTU size must be in range 23 to 65535.
+ *
+ * The actual value of the local MTU shared in the connection configuration is set in
+ * LeCocChannelInfo.localMtu in the IBluetoothSocket.opened() context parameter.
+ */
+ int mtu;
+
+ /**
+ * The value used by the Host stack for the local Maximum Packet Size shall be the value
+ * LE_ACL_Data_Packet_Length returned by the controller in response to the command HCI LE Read
+ * Buffer Size. Then, the MPS size must be in range 1 to 255. We do not make the MPS
+ * configurable in HAL because using the maximum value does not require a large amount of
+ * memory.
+ */
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/LeCocChannelInfo.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/LeCocChannelInfo.aidl
new file mode 100644
index 0000000..af1bd71
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/LeCocChannelInfo.aidl
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+/**
+ * LE L2CAP COC channel information
+ */
+@VintfStability
+parcelable LeCocChannelInfo {
+ /**
+ * L2cap local channel ID.
+ */
+ int localCid;
+
+ /**
+ * L2cap remote channel ID.
+ */
+ int remoteCid;
+
+ /**
+ * PSM for L2CAP LE CoC.
+ */
+ int psm;
+
+ /**
+ * Local Maximum Transmission Unit for LE COC specifying the maximum SDU size in bytes that the
+ * local L2CAP layer can receive.
+ */
+ int localMtu;
+
+ /**
+ * Remote Maximum Transmission Unit for LE COC specifying the maximum SDU size in bytes that the
+ * remote L2CAP layer can receive.
+ */
+ int remoteMtu;
+
+ /**
+ * Local Maximum PDU payload Size in bytes that the local L2CAP layer can receive.
+ */
+ int localMps;
+
+ /**
+ * Remote Maximum PDU payload Size in bytes that the remote L2CAP layer can receive.
+ */
+ int remoteMps;
+
+ /**
+ * Protocol initial credits at Rx path.
+ *
+ * The host stack will always set the initial credits to 0 when configuring the L2CAP COC
+ * channel, and this value will always be zero. It means offload stack should send initial
+ * credits to peer device through L2CAP signaling command L2CAP_FLOW_CONTROL_CREDIT_IND when
+ * IBluetoothSocket.opened() is successful.
+ */
+ int initialRxCredits;
+
+ /**
+ * Protocol initial credits at Tx path.
+ */
+ int initialTxCredits;
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/RfcommCapabilities.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/RfcommCapabilities.aidl
new file mode 100644
index 0000000..e5cffff
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/RfcommCapabilities.aidl
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+/**
+ * Capabilities for RFCOMM that the offload stack supports.
+ */
+@VintfStability
+parcelable RfcommCapabilities {
+ /**
+ * Maximum number of RFCOMM sockets supported. If not supported, the value must be zero.
+ */
+ int numberOfSupportedSockets;
+
+ /**
+ * Maximum frame size in octets negotiated during DLCI establishment. The frame size must be
+ * in range 23 to 32767.
+ */
+ int maxFrameSize;
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/RfcommChannelInfo.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/RfcommChannelInfo.aidl
new file mode 100644
index 0000000..7c10144
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/RfcommChannelInfo.aidl
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+/**
+ * RFCOMM channel information
+ */
+@VintfStability
+parcelable RfcommChannelInfo {
+ /**
+ * L2cap local channel ID for RFCOMM.
+ */
+ int localCid;
+
+ /**
+ * L2cap remote channel ID for RFCOMM.
+ */
+ int remoteCid;
+
+ /**
+ * Local Maximum Transmission Unit Size in bytes that the local L2CAP layer can receive.
+ */
+ int localMtu;
+
+ /**
+ * Remote Maximum Transmission Unit Size in bytes that the remote L2CAP layer can receive.
+ */
+ int remoteMtu;
+
+ /**
+ * Protocol initial credits at Rx path.
+ *
+ * The host stack will always set the initial credits to 0 when configuring the RFCOMM
+ * channel, and this value will always be zero. It means offload stack should send initial
+ * credits to peer device when IBluetoothSocket.opened() is successful.
+ */
+ int initialRxCredits;
+
+ /**
+ * Protocol initial credits at Tx path.
+ */
+ int initialTxCredits;
+
+ /**
+ * Data Link Connection Identifier (DLCI).
+ */
+ int dlci;
+
+ /**
+ * Maximum frame size negotiated during DLCI establishment.
+ */
+ int maxFrameSize;
+
+ /**
+ * Flag of whether the Android stack initiated the RFCOMM multiplexer control channel.
+ *
+ * This flag determines the value of the Command/Response (C/R) bit of RFCOMM frames.
+ */
+ boolean muxInitiator;
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/SocketCapabilities.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/SocketCapabilities.aidl
new file mode 100644
index 0000000..05a59ee
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/SocketCapabilities.aidl
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+import android.hardware.bluetooth.socket.LeCocCapabilities;
+import android.hardware.bluetooth.socket.RfcommCapabilities;
+
+/**
+ * Supported socket protocol capabilities.
+ */
+@VintfStability
+parcelable SocketCapabilities {
+ /**
+ * Supported LE CoC protocol capabilities.
+ */
+ LeCocCapabilities leCocCapabilities;
+
+ /**
+ * Supported RFCOMM protocol capabilities.
+ */
+ RfcommCapabilities rfcommCapabilities;
+}
diff --git a/bluetooth/socket/aidl/android/hardware/bluetooth/socket/SocketContext.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/SocketContext.aidl
new file mode 100644
index 0000000..5e9be31
--- /dev/null
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/SocketContext.aidl
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.bluetooth.socket;
+
+import android.hardware.bluetooth.socket.ChannelInfo;
+
+/**
+ * Socket context.
+ */
+@VintfStability
+parcelable SocketContext {
+ /**
+ * Identifier assigned to the socket by the host stack when the socket is connected to a remote
+ * device. Used to uniquely identify the socket in other callbacks and method invocations. It is
+ * valid only while the socket is connected.
+ */
+ long socketId;
+
+ /**
+ * Descriptive socket name provided by the host app when it creates this socket. This is not
+ * unique across the system, but can help the offload app understand the purpose of the socket
+ * when it receives a socket connection event.
+ */
+ String name;
+
+ /**
+ * ACL connection handle for the socket.
+ */
+ int aclConnectionHandle;
+
+ /**
+ * Channel information of the socket protocol.
+ */
+ ChannelInfo channelInfo;
+
+ /**
+ * The ID of the Hub to which the end point belongs for hardware offload data path.
+ */
+ long hubId;
+
+ /**
+ * The ID of the Hub endpoint for hardware offload data path.
+ */
+ long endpointId;
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/Status.aidl
similarity index 82%
copy from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
copy to bluetooth/socket/aidl/android/hardware/bluetooth/socket/Status.aidl
index f9f608d..d881b09 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/bluetooth/socket/aidl/android/hardware/bluetooth/socket/Status.aidl
@@ -13,6 +13,12 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package android.hardware.security.see.hwcrypto.types;
-parcelable Void {}
+package android.hardware.bluetooth.socket;
+
+@VintfStability
+@Backing(type="int")
+enum Status {
+ SUCCESS,
+ FAILURE,
+}
diff --git a/bluetooth/socket/aidl/default/Android.bp b/bluetooth/socket/aidl/default/Android.bp
new file mode 100644
index 0000000..10e673c
--- /dev/null
+++ b/bluetooth/socket/aidl/default/Android.bp
@@ -0,0 +1,47 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+ name: "android.hardware.bluetooth.socket-service.default",
+ relative_install_path: "hw",
+ init_rc: ["bluetooth-socket-service-default.rc"],
+ vintf_fragments: [":manifest_android.hardware.bluetooth.socket-service.default.xml"],
+ vendor: true,
+ srcs: [
+ "BluetoothSocket.cpp",
+ "service.cpp",
+ ],
+ shared_libs: [
+ "android.hardware.bluetooth.socket-V1-ndk",
+ "libbase",
+ "libbinder_ndk",
+ "libhidlbase",
+ "libutils",
+ "liblog",
+ ],
+}
+
+cc_fuzz {
+ name: "android.hardware.bluetooth.socket-service_fuzzer",
+ team: "trendy_team_bluetooth",
+ defaults: ["service_fuzzer_defaults"],
+ srcs: [
+ "fuzzer.cpp",
+ "BluetoothSocket.cpp",
+ ],
+ static_libs: [
+ "android.hardware.bluetooth.socket-V1-ndk",
+ "liblog",
+ ],
+ fuzz_config: {
+ cc: [
+ "jaydenk@google.com",
+ ],
+ },
+}
+
+filegroup {
+ name: "manifest_android.hardware.bluetooth.socket-service.default.xml",
+ srcs: ["bluetooth-socket-service-default.xml"],
+}
diff --git a/bluetooth/socket/aidl/default/BluetoothSocket.cpp b/bluetooth/socket/aidl/default/BluetoothSocket.cpp
new file mode 100644
index 0000000..5993393
--- /dev/null
+++ b/bluetooth/socket/aidl/default/BluetoothSocket.cpp
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "BluetoothSocket.h"
+
+using aidl::android::hardware::bluetooth::socket::Status;
+
+namespace aidl::android::hardware::bluetooth::socket::impl {
+
+BluetoothSocket::BluetoothSocket() {}
+BluetoothSocket::~BluetoothSocket() {}
+
+::ndk::ScopedAStatus BluetoothSocket::registerCallback(
+ const std::shared_ptr<
+ ::aidl::android::hardware::bluetooth::socket::IBluetoothSocketCallback>&
+ in_callback) {
+ if (in_callback == nullptr) {
+ return ndk::ScopedAStatus::fromServiceSpecificError(STATUS_BAD_VALUE);
+ }
+ callback_ = in_callback;
+ return ::ndk::ScopedAStatus::ok();
+}
+::ndk::ScopedAStatus BluetoothSocket::getSocketCapabilities(
+ ::aidl::android::hardware::bluetooth::socket::SocketCapabilities*
+ _aidl_return) {
+ _aidl_return->leCocCapabilities.numberOfSupportedSockets = 0;
+ _aidl_return->leCocCapabilities.mtu = 0;
+ _aidl_return->rfcommCapabilities.numberOfSupportedSockets = 0;
+ _aidl_return->rfcommCapabilities.maxFrameSize = 0;
+ return ::ndk::ScopedAStatus::ok();
+}
+::ndk::ScopedAStatus BluetoothSocket::opened(
+ const ::aidl::android::hardware::bluetooth::socket::SocketContext&
+ /* in_context */) {
+ return ::ndk::ScopedAStatus::fromExceptionCode(EX_UNSUPPORTED_OPERATION);
+}
+::ndk::ScopedAStatus BluetoothSocket::closed(int64_t /*in_socketId*/) {
+ return ::ndk::ScopedAStatus::ok();
+}
+
+} // namespace aidl::android::hardware::bluetooth::socket::impl
diff --git a/bluetooth/socket/aidl/default/BluetoothSocket.h b/bluetooth/socket/aidl/default/BluetoothSocket.h
new file mode 100644
index 0000000..9bb41ec
--- /dev/null
+++ b/bluetooth/socket/aidl/default/BluetoothSocket.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <aidl/android/hardware/bluetooth/socket/BnBluetoothSocket.h>
+
+namespace aidl::android::hardware::bluetooth::socket::impl {
+
+class BluetoothSocket : public BnBluetoothSocket {
+ public:
+ BluetoothSocket();
+ ~BluetoothSocket();
+
+ ::ndk::ScopedAStatus registerCallback(
+ const std::shared_ptr<::aidl::android::hardware::bluetooth::socket::
+ IBluetoothSocketCallback>& in_callback)
+ override;
+ ::ndk::ScopedAStatus getSocketCapabilities(
+ ::aidl::android::hardware::bluetooth::socket::SocketCapabilities*
+ _aidl_return) override;
+ ::ndk::ScopedAStatus opened(
+ const ::aidl::android::hardware::bluetooth::socket::SocketContext&
+ in_context) override;
+ ::ndk::ScopedAStatus closed(int64_t in_socketId) override;
+
+ private:
+ std::shared_ptr<IBluetoothSocketCallback> callback_;
+};
+
+} // namespace aidl::android::hardware::bluetooth::socket::impl
diff --git a/bluetooth/socket/aidl/default/bluetooth-socket-service-default.rc b/bluetooth/socket/aidl/default/bluetooth-socket-service-default.rc
new file mode 100644
index 0000000..f1eb7f7
--- /dev/null
+++ b/bluetooth/socket/aidl/default/bluetooth-socket-service-default.rc
@@ -0,0 +1,4 @@
+service vendor.bluetooth.socket-default /vendor/bin/hw/android.hardware.bluetooth.socket-service.default
+ class hal
+ user nobody
+ group nobody
diff --git a/bluetooth/socket/aidl/default/bluetooth-socket-service-default.xml b/bluetooth/socket/aidl/default/bluetooth-socket-service-default.xml
new file mode 100644
index 0000000..b97074d
--- /dev/null
+++ b/bluetooth/socket/aidl/default/bluetooth-socket-service-default.xml
@@ -0,0 +1,7 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.bluetooth.socket</name>
+ <version>1</version>
+ <fqname>IBluetoothSocket/default</fqname>
+ </hal>
+</manifest>
diff --git a/bluetooth/socket/aidl/default/fuzzer.cpp b/bluetooth/socket/aidl/default/fuzzer.cpp
new file mode 100644
index 0000000..062db0f
--- /dev/null
+++ b/bluetooth/socket/aidl/default/fuzzer.cpp
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <fuzzbinder/libbinder_ndk_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "BluetoothSocket.h"
+
+using ::aidl::android::hardware::bluetooth::socket::impl::BluetoothSocket;
+using ::android::fuzzService;
+using ::ndk::SharedRefBase;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto bluetoothSocketAidl = SharedRefBase::make<BluetoothSocket>();
+
+ fuzzService(bluetoothSocketAidl->asBinder().get(),
+ FuzzedDataProvider(data, size));
+
+ return 0;
+}
diff --git a/bluetooth/socket/aidl/default/service.cpp b/bluetooth/socket/aidl/default/service.cpp
new file mode 100644
index 0000000..bd15084
--- /dev/null
+++ b/bluetooth/socket/aidl/default/service.cpp
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "aidl.android.hardware.bluetooth.socket.service.default"
+
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+#include <utils/Log.h>
+
+#include "BluetoothSocket.h"
+
+using ::aidl::android::hardware::bluetooth::socket::impl::BluetoothSocket;
+
+int main(int /* argc */, char** /* argv */) {
+ ALOGI("Bluetooth Socket HAL registering");
+ if (!ABinderProcess_setThreadPoolMaxThreadCount(0)) {
+ ALOGE("Failed to set thread pool max thread count");
+ return 1;
+ }
+
+ std::shared_ptr<BluetoothSocket> service =
+ ndk::SharedRefBase::make<BluetoothSocket>();
+ std::string instance =
+ std::string() + BluetoothSocket::descriptor + "/default";
+ auto result =
+ AServiceManager_addService(service->asBinder().get(), instance.c_str());
+ if (result == STATUS_OK) {
+ ABinderProcess_joinThreadPool();
+ } else {
+ ALOGE("Could not register as a service!");
+ }
+ return EXIT_FAILURE;
+}
diff --git a/bluetooth/socket/aidl/vts/Android.bp b/bluetooth/socket/aidl/vts/Android.bp
new file mode 100644
index 0000000..fa9e3b1
--- /dev/null
+++ b/bluetooth/socket/aidl/vts/Android.bp
@@ -0,0 +1,28 @@
+package {
+ default_team: "trendy_team_bluetooth",
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+cc_test {
+ name: "VtsHalBluetoothSocketTargetTest",
+ defaults: [
+ "use_libaidlvintf_gtest_helper_static",
+ ],
+ srcs: ["VtsHalBluetoothSocketTargetTest.cpp"],
+ shared_libs: [
+ "libbase",
+ "libbinder_ndk",
+ "libcutils",
+ "liblog",
+ "libutils",
+ ],
+ static_libs: [
+ "android.hardware.bluetooth.socket-V1-ndk",
+ "libbluetooth-types",
+ ],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ require_root: true,
+}
diff --git a/bluetooth/socket/aidl/vts/VtsHalBluetoothSocketTargetTest.cpp b/bluetooth/socket/aidl/vts/VtsHalBluetoothSocketTargetTest.cpp
new file mode 100644
index 0000000..1069207
--- /dev/null
+++ b/bluetooth/socket/aidl/vts/VtsHalBluetoothSocketTargetTest.cpp
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <aidl/Gtest.h>
+#include <aidl/Vintf.h>
+#include <aidl/android/hardware/bluetooth/socket/BnBluetoothSocketCallback.h>
+#include <aidl/android/hardware/bluetooth/socket/IBluetoothSocket.h>
+#include <aidl/android/hardware/bluetooth/socket/IBluetoothSocketCallback.h>
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+#include <binder/IServiceManager.h>
+#include <utils/Log.h>
+
+#include <future>
+
+using ::aidl::android::hardware::bluetooth::socket::BnBluetoothSocketCallback;
+using ::aidl::android::hardware::bluetooth::socket::IBluetoothSocket;
+using ::aidl::android::hardware::bluetooth::socket::SocketCapabilities;
+using ::aidl::android::hardware::bluetooth::socket::SocketContext;
+using ::ndk::ScopedAStatus;
+
+namespace {
+constexpr static int kCallbackTimeoutMs = 250;
+constexpr static int kOpenedCallbackTimeoutMs = 5000;
+} // namespace
+
+class BluetoothSocketCallback : public BnBluetoothSocketCallback {
+ public:
+ BluetoothSocketCallback(
+ const std::function<
+ void(int64_t in_socketId,
+ ::aidl::android::hardware::bluetooth::socket::Status in_status,
+ const std::string& in_reason)>& on_hal_opened_complete_cb)
+ : on_hal_opened_complete_cb_(on_hal_opened_complete_cb) {}
+
+ ScopedAStatus openedComplete(
+ int64_t in_socketId,
+ ::aidl::android::hardware::bluetooth::socket::Status in_status,
+ const std::string& in_reason) override {
+ on_hal_opened_complete_cb_(in_socketId, in_status, in_reason);
+ return ::ndk::ScopedAStatus::ok();
+ }
+
+ ScopedAStatus close(int64_t /* in_socketId */,
+ const std::string& /* in_reason */) override {
+ return ::ndk::ScopedAStatus::ok();
+ }
+
+ private:
+ std::function<void(
+ int64_t in_socketId,
+ ::aidl::android::hardware::bluetooth::socket::Status in_status,
+ const std::string& in_reason)>
+ on_hal_opened_complete_cb_;
+};
+
+class BluetoothSocketTest : public ::testing::TestWithParam<std::string> {
+ public:
+ virtual void SetUp() override {
+ ALOGI("SetUp Socket Test");
+ bluetooth_socket_ = IBluetoothSocket::fromBinder(
+ ndk::SpAIBinder(AServiceManager_waitForService(GetParam().c_str())));
+ ASSERT_NE(bluetooth_socket_, nullptr);
+ }
+
+ virtual void TearDown() override {
+ ALOGI("TearDown Socket Test");
+ bluetooth_socket_ = nullptr;
+ ASSERT_EQ(bluetooth_socket_, nullptr);
+ }
+
+ std::shared_ptr<IBluetoothSocket> bluetooth_socket_;
+};
+
+TEST_P(BluetoothSocketTest, registerCallback) {
+ std::promise<void> open_cb_promise;
+ std::future<void> open_cb_future{open_cb_promise.get_future()};
+ std::shared_ptr<BluetoothSocketCallback> callback =
+ ndk::SharedRefBase::make<BluetoothSocketCallback>(
+ [&open_cb_promise](auto /* socket_id */, auto /* status */,
+ auto /* reason */) {
+ open_cb_promise.set_value();
+ });
+ ScopedAStatus status = bluetooth_socket_->registerCallback(callback);
+ ASSERT_TRUE(status.isOk());
+}
+
+TEST_P(BluetoothSocketTest, GetSocketCapabilities) {
+ SocketCapabilities socket_capabilities;
+ ScopedAStatus status =
+ bluetooth_socket_->getSocketCapabilities(&socket_capabilities);
+ ASSERT_TRUE(status.isOk());
+ ASSERT_TRUE(socket_capabilities.leCocCapabilities.numberOfSupportedSockets >=
+ 0);
+ if (socket_capabilities.leCocCapabilities.numberOfSupportedSockets) {
+ // When LE COC is supported, the local MTU must be configured within the
+ // valid range defined in the L2CAP specification.
+ ASSERT_TRUE(socket_capabilities.leCocCapabilities.mtu >= 23 &&
+ socket_capabilities.leCocCapabilities.mtu <= 65535);
+ }
+ ASSERT_TRUE(socket_capabilities.rfcommCapabilities.numberOfSupportedSockets >=
+ 0);
+ if (socket_capabilities.rfcommCapabilities.numberOfSupportedSockets) {
+ // When RFCOMM is supported, the maximum frame size must be configured
+ // within the valid range defined in the RFCOMM specification.
+ ASSERT_TRUE(socket_capabilities.rfcommCapabilities.maxFrameSize >= 23 &&
+ socket_capabilities.rfcommCapabilities.maxFrameSize <= 32767);
+ }
+}
+
+TEST_P(BluetoothSocketTest, Opened) {
+ std::promise<void> open_cb_promise;
+ std::future<void> open_cb_future{open_cb_promise.get_future()};
+ std::shared_ptr<BluetoothSocketCallback> callback =
+ ndk::SharedRefBase::make<BluetoothSocketCallback>(
+ [&open_cb_promise](auto /* socket_id */, auto /* status */,
+ auto /* reason */) {
+ open_cb_promise.set_value();
+ });
+ bluetooth_socket_->registerCallback(callback);
+ SocketCapabilities socket_capabilities;
+ bluetooth_socket_->getSocketCapabilities(&socket_capabilities);
+
+ SocketContext socket_context;
+ ScopedAStatus status = bluetooth_socket_->opened(socket_context);
+ std::chrono::milliseconds timeout{kOpenedCallbackTimeoutMs};
+ if (status.isOk()) {
+ // If IBluetoothSocket.opened() returns success, the callback
+ // BluetoothSocketCallback.openedComplete() must be called within the
+ // timeout.
+ EXPECT_EQ(open_cb_future.wait_for(timeout), std::future_status::ready);
+ } else {
+ // If IBluetoothSocket.opened() returns failure, the callback
+ // BluetoothSocketCallback.openedComplete() must not be called.
+ EXPECT_EQ(open_cb_future.wait_for(timeout), std::future_status::timeout);
+ }
+}
+
+TEST_P(BluetoothSocketTest, Closed) {
+ std::promise<void> open_cb_promise;
+ std::future<void> open_cb_future{open_cb_promise.get_future()};
+ std::shared_ptr<BluetoothSocketCallback> callback =
+ ndk::SharedRefBase::make<BluetoothSocketCallback>(
+ [&open_cb_promise](auto /* socket_id */, auto /* status */,
+ auto /* reason */) {
+ open_cb_promise.set_value();
+ });
+ bluetooth_socket_->registerCallback(callback);
+ SocketCapabilities socket_capabilities;
+ bluetooth_socket_->getSocketCapabilities(&socket_capabilities);
+
+ long socket_id = 1;
+ bluetooth_socket_->closed(socket_id);
+}
+
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(BluetoothSocketTest);
+INSTANTIATE_TEST_SUITE_P(PerInstance, BluetoothSocketTest,
+ testing::ValuesIn(android::getAidlHalInstanceNames(
+ IBluetoothSocket::descriptor)),
+ android::PrintInstanceNameToString);
+
+int main(int argc, char** argv) {
+ ::testing::InitGoogleTest(&argc, argv);
+ ABinderProcess_startThreadPool();
+ int status = RUN_ALL_TESTS();
+ ALOGI("Test result = %d", status);
+ return status;
+}
diff --git a/broadcastradio/aidl/default/fuzzer.cpp b/broadcastradio/aidl/default/fuzzer.cpp
index d535432..2492d47 100644
--- a/broadcastradio/aidl/default/fuzzer.cpp
+++ b/broadcastradio/aidl/default/fuzzer.cpp
@@ -24,6 +24,8 @@
using ::android::fuzzService;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ // TODO(b/183141167): need to rewrite 'dump' to avoid SIGPIPE.
+ signal(SIGPIPE, SIG_IGN);
const VirtualRadio& amFmRadioMock = VirtualRadio::getAmFmRadio();
std::shared_ptr<BroadcastRadio> amFmRadio =
::ndk::SharedRefBase::make<BroadcastRadio>(amFmRadioMock);
diff --git a/common/aidl/Android.bp b/common/aidl/Android.bp
index 904a3d9..0ce52e7 100644
--- a/common/aidl/Android.bp
+++ b/common/aidl/Android.bp
@@ -26,7 +26,7 @@
],
},
cpp: {
- enabled: false,
+ enabled: true,
},
ndk: {
apex_available: [
diff --git a/common/fmq/aidl/Android.bp b/common/fmq/aidl/Android.bp
index 4a3658e..7fb6368 100644
--- a/common/fmq/aidl/Android.bp
+++ b/common/fmq/aidl/Android.bp
@@ -28,9 +28,8 @@
sdk_version: "module_current",
},
cpp: {
- // FMQ will not be supported in the cpp backend because the parcelables
- // are not stable enough for use in shared memory
- enabled: false,
+ // FMQ is only supported for PODs with the cpp backend
+ enabled: true,
},
ndk: {
apex_available: [
diff --git a/compatibility_matrices/compatibility_matrix.202504.xml b/compatibility_matrices/compatibility_matrix.202504.xml
index 0cdc992..2924280 100644
--- a/compatibility_matrices/compatibility_matrix.202504.xml
+++ b/compatibility_matrices/compatibility_matrix.202504.xml
@@ -139,6 +139,14 @@
</interface>
</hal>
<hal format="aidl">
+ <name>android.hardware.bluetooth.socket</name>
+ <version>1</version>
+ <interface>
+ <name>IBluetoothSocket</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="aidl">
<name>android.hardware.bluetooth.finder</name>
<version>1</version>
<interface>
@@ -507,6 +515,14 @@
<instance>nonsecure</instance>
</interface>
</hal>
+ <hal format="aidl">
+ <name>android.hardware.security.see.hwcrypto</name>
+ <version>1</version>
+ <interface>
+ <name>IHwCryptoKey</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
<hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.secureclock</name>
<version>1</version>
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index b86f399..61fb2b3 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -156,6 +156,8 @@
// Fastboot HAL is only used by recovery. Recovery is owned by OEM. Framework
// does not depend on this HAL, hence it is not declared in any manifests or matrices.
"android.hardware.fastboot@",
+ "android.hardware.security.see.hwcrypto.types",
+ "android.hardware.security.see.storage",
};
static std::vector<std::string> excluded_exact{
@@ -165,6 +167,8 @@
"android.hardware.audio.core.sounddose@1",
"android.hardware.audio.core.sounddose@2",
"android.hardware.audio.core.sounddose@3",
+ // This is only used by a trusty VM
+ "android.hardware.security.see.authmgr@1",
// Deprecated HALs.
"android.hardware.audio.sounddose@3",
diff --git a/drm/aidl/vts/drm_hal_common.cpp b/drm/aidl/vts/drm_hal_common.cpp
index f0445a5..3636250 100644
--- a/drm/aidl/vts/drm_hal_common.cpp
+++ b/drm/aidl/vts/drm_hal_common.cpp
@@ -27,6 +27,7 @@
#include <android/binder_process.h>
#include <android/sharedmem.h>
#include <cutils/native_handle.h>
+#include <cutils/properties.h>
#include "drm_hal_clearkey_module.h"
#include "drm_hal_common.h"
@@ -193,6 +194,13 @@
GTEST_SKIP() << "No vendor module installed";
}
+ char bootloader_state[PROPERTY_VALUE_MAX] = {};
+ if (property_get("ro.boot.vbmeta.device_state", bootloader_state, "") != 0) {
+ if (!strcmp(bootloader_state, "unlocked")) {
+ GTEST_SKIP() << "Skip test because bootloader is unlocked";
+ }
+ }
+
if (drmInstance.find("IDrmFactory") != std::string::npos) {
drmFactory = IDrmFactory::fromBinder(
::ndk::SpAIBinder(AServiceManager_waitForService(drmInstance.c_str())));
diff --git a/graphics/composer/aidl/vts/RenderEngineVts.h b/graphics/composer/aidl/vts/RenderEngineVts.h
index bbe508f..6553720 100644
--- a/graphics/composer/aidl/vts/RenderEngineVts.h
+++ b/graphics/composer/aidl/vts/RenderEngineVts.h
@@ -51,9 +51,10 @@
private:
common::PixelFormat mFormat;
- std::vector<::android::renderengine::LayerSettings> mCompositionLayers;
std::unique_ptr<::android::renderengine::RenderEngine> mRenderEngine;
- std::vector<::android::renderengine::LayerSettings> mRenderLayers;
+ // Delete RenderEngine layers before RenderEngine -- ExternalTexture holds a reference to
+ // RenderEngine.
+ std::vector<::android::renderengine::LayerSettings> mCompositionLayers;
::android::sp<::android::GraphicBuffer> mGraphicBuffer;
DisplaySettings mDisplaySettings;
diff --git a/nfc/aidl/Android.bp b/nfc/aidl/Android.bp
index b34e4f2..1ffd274 100644
--- a/nfc/aidl/Android.bp
+++ b/nfc/aidl/Android.bp
@@ -33,8 +33,9 @@
enabled: false,
},
java: {
- sdk_version: "module_current",
enabled: false,
+ sdk_version: "module_current",
+ min_sdk_version: "35",
},
ndk: {
enabled: true,
@@ -42,6 +43,7 @@
"//apex_available:platform",
"com.android.nfcservices",
],
+ min_sdk_version: "35",
},
rust: {
enabled: true,
diff --git a/power/OWNERS b/power/OWNERS
index 95778a4..13895bd 100644
--- a/power/OWNERS
+++ b/power/OWNERS
@@ -1,6 +1,3 @@
# Bug component: 826709
-
-# ADPF virtual team
-lpy@google.com
-wvw@google.com
file:platform/frameworks/base:/ADPF_OWNERS
+wvw@google.com
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 4fe3bd9..2d2f307 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -125,14 +125,25 @@
* straightforward translation of the KeyMint tag/value parameter lists to ASN.1.
*
* KeyDescription ::= SEQUENCE {
- * attestationVersion INTEGER, # Value 400
- * attestationSecurityLevel SecurityLevel, # See below
- * keyMintVersion INTEGER, # Value 400
- * keymintSecurityLevel SecurityLevel, # See below
- * attestationChallenge OCTET_STRING, # Tag::ATTESTATION_CHALLENGE from attestParams
- * uniqueId OCTET_STRING, # Empty unless key has Tag::INCLUDE_UNIQUE_ID
- * softwareEnforced AuthorizationList, # See below
- * hardwareEnforced AuthorizationList, # See below
+ * -- attestationVersion must be 400.
+ * attestationVersion INTEGER,
+ * -- attestationSecurityLevel is the SecurityLevel of the location where the attested
+ * -- key is stored. Must match keymintSecurityLevel.
+ * attestationSecurityLevel SecurityLevel,
+ * -- keyMintVersion must be 400.
+ * keyMintVersion INTEGER,
+ * -- keyMintSecurityLevel is the SecurityLevel of the IKeyMintDevice. Must match
+ * -- attestationSecurityLevel.
+ * keyMintSecurityLevel SecurityLevel,
+ * -- attestationChallenge contains Tag::ATTESTATION_CHALLENGE from attestParams.
+ * attestationChallenge OCTET_STRING,
+ * -- uniqueId is empty unless the key has Tag::INCLUDE_UNIQUE_ID.
+ * uniqueId OCTET_STRING,
+ * -- softwareEnforced contains the authorization tags enforced by the Android system.
+ * softwareEnforced AuthorizationList,
+ * -- hardwareEnforced contains the authorization tags enforced by a secure environment
+ * -- (TEE or StrongBox).
+ * hardwareEnforced AuthorizationList,
* }
*
* SecurityLevel ::= ENUMERATED {
@@ -142,12 +153,15 @@
* }
*
* RootOfTrust ::= SEQUENCE {
+ * -- verifiedBootKey must contain a SHA-256 digest of the public key embedded in the
+ * -- "vbmeta" partition if the device's bootloader is locked, or 32 bytes of zeroes if the
+ * -- device's bootloader is unlocked.
* verifiedBootKey OCTET_STRING,
* deviceLocked BOOLEAN,
* verifiedBootState VerifiedBootState,
- * # verifiedBootHash must contain a SHA-256 digest of all binaries and components validated
- * # by Verified Boot. Updating any verified binary or component must cause this value to
- * # change.
+ * -- verifiedBootHash must contain a SHA-256 digest of all binaries and components
+ * -- validated by Verified Boot. Updating any verified binary or component must cause this
+ * -- value to change.
* verifiedBootHash OCTET_STRING,
* }
*
@@ -158,15 +172,15 @@
* Failed (3),
* }
*
- * # Modules contains version information for APEX modules.
- * # Note that the Modules information is DER-encoded before being hashed, which requires a
- * # specific ordering (lexicographic by encoded value) for the constituent Module entries. This
- * # ensures that the ordering of Module entries is predictable and that the resulting SHA-256
- * # hash value is identical for the same set of modules.
+ * -- Modules contains version information for APEX modules.
+ * -- Note that the Modules information is DER-encoded before being hashed, which requires a
+ * -- specific ordering (lexicographic by encoded value) for the constituent Module entries.
+ * -- This ensures that the ordering of Module entries is predictable and that the resulting
+ * -- SHA-256 hash value is identical for the same set of modules.
* Modules ::= SET OF Module
* Module ::= SEQUENCE {
* packageName OCTET_STRING,
- * version INTEGER, # As determined at boot time
+ * version INTEGER, -- As determined at boot time
* }
*
* -- Note that the AuthorizationList SEQUENCE is also used in IKeyMintDevice::importWrappedKey
@@ -181,11 +195,11 @@
* purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
* algorithm [2] EXPLICIT INTEGER OPTIONAL,
* keySize [3] EXPLICIT INTEGER OPTIONAL,
- * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL, -- symmetric only
+ * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL, -- Symmetric keys only
* digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
* padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
- * callerNonce [7] EXPLICIT NULL OPTIONAL, -- symmetric only
- * minMacLength [8] EXPLICIT INTEGER OPTIONAL, -- symmetric only
+ * callerNonce [7] EXPLICIT NULL OPTIONAL, -- Symmetric keys only
+ * minMacLength [8] EXPLICIT INTEGER OPTIONAL, -- Symmetric keys only
* ecCurve [10] EXPLICIT INTEGER OPTIONAL,
* rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
* mgfDigest [203] EXPLICIT SET OF INTEGER OPTIONAL,
@@ -195,7 +209,7 @@
* originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
* usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
* usageCountLimit [405] EXPLICIT INTEGER OPTIONAL,
- * userSecureId [502] EXPLICIT INTEGER OPTIONAL, -- only used on import
+ * userSecureId [502] EXPLICIT INTEGER OPTIONAL, -- Only used on key import
* noAuthRequired [503] EXPLICIT NULL OPTIONAL,
* userAuthType [504] EXPLICIT INTEGER OPTIONAL,
* authTimeout [505] EXPLICIT INTEGER OPTIONAL,
@@ -221,7 +235,8 @@
* bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL,
* deviceUniqueAttestation [720] EXPLICIT NULL OPTIONAL,
* attestationIdSecondImei [723] EXPLICIT OCTET_STRING OPTIONAL,
- * moduleHash [724] EXPLICIT OCTET_STRING OPTIONAL, -- SHA-256 hash of DER-encoded `Modules`
+ * -- moduleHash contains a SHA-256 hash of DER-encoded `Modules`
+ * moduleHash [724] EXPLICIT OCTET_STRING OPTIONAL,
* }
*/
Certificate[] certificateChain;
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index ff2393c..0197141 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -104,6 +104,7 @@
],
}
+// The following target declares the latest version of KeyMint.
prebuilt_etc {
name: "android.hardware.hardware_keystore.xml",
sub_dir: "permissions",
@@ -111,6 +112,24 @@
src: "android.hardware.hardware_keystore.xml",
}
+// The following targets (and underlying XML files) declare specific
+// versions of KeyMint. Vendors should use the version that matches the
+// version of the KeyMint HAL that the device implements.
+
+prebuilt_etc {
+ name: "android.hardware.hardware_keystore_V1.xml",
+ sub_dir: "permissions",
+ vendor: true,
+ src: "android.hardware.hardware_keystore_V1.xml",
+}
+
+prebuilt_etc {
+ name: "android.hardware.hardware_keystore_V2.xml",
+ sub_dir: "permissions",
+ vendor: true,
+ src: "android.hardware.hardware_keystore_V2.xml",
+}
+
prebuilt_etc {
name: "android.hardware.hardware_keystore_V3.xml",
sub_dir: "permissions",
@@ -118,6 +137,13 @@
src: "android.hardware.hardware_keystore_V3.xml",
}
+prebuilt_etc {
+ name: "android.hardware.hardware_keystore_V4.xml",
+ sub_dir: "permissions",
+ vendor: true,
+ src: "android.hardware.hardware_keystore_V4.xml",
+}
+
rust_library {
name: "libkmr_hal_nonsecure",
crate_name: "kmr_hal_nonsecure",
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
new file mode 100644
index 0000000..e5a9345
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="100" />
+</permissions>
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml
new file mode 100644
index 0000000..2ebf1fe
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="200" />
+</permissions>
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V4.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V4.xml
new file mode 100644
index 0000000..1ab2133
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V4.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="400" />
+</permissions>
diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
index 083a9aa..b41da3f 100644
--- a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
@@ -95,6 +95,18 @@
<< "Verified boot state must be \"UNVERIFIED\" aka \"orange\".";
}
+// Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked.
+TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) {
+ // Gate this test to avoid waiver issues.
+ if (get_vsr_api_level() <= __ANDROID_API_V__) {
+ return;
+ }
+
+ std::vector<uint8_t> expectedVbKey(32, 0);
+ ASSERT_EQ(attestedVbKey_, expectedVbKey) << "Verified Boot key digest must be 32 bytes of "
+ "zeroes since the bootloader is unlocked.";
+}
+
// Following error codes from avb_slot_data() mean that slot data was loaded
// (even if verification failed).
static inline bool avb_slot_data_loaded(AvbSlotVerifyResult result) {
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 51afa12..09446ce 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -83,6 +83,16 @@
// additional overhead, for the digest algorithmIdentifier required by PKCS#1.
const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11;
+// Determine whether the key description is for an asymmetric key.
+bool is_asymmetric(const AuthorizationSet& key_desc) {
+ auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM);
+ if (algorithm && (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
size_t count_tag_invalid_entries(const std::vector<KeyParameter>& authorizations) {
return std::count_if(authorizations.begin(), authorizations.end(),
[](const KeyParameter& e) -> bool { return e.tag == Tag::INVALID; });
@@ -418,11 +428,14 @@
vector<Certificate> attest_cert_chain;
// If an attestation is requested, but the system is RKP-only, we need to supply an explicit
// attestation key. Else the result is a key without an attestation.
- // If the RKP-only value is undeterminable (i.e., when running on GSI), generate and use the
- // attest key anyways. In the case that using an attest key is not supported
- // (shouldSkipAttestKeyTest), assume the device has factory keys (so not RKP-only).
+ // - If the RKP-only value is undeterminable (i.e., when running on GSI), generate and use the
+ // `ATTEST_KEY` anyways.
+ // - In the case that using an `ATTEST_KEY` is not supported
+ // (shouldSkipAttestKeyTest), assume the device has factory keys (so not RKP-only).
+ // - If the key being generated is a symmetric key (from test cases that check that the
+ // attestation parameters are correctly ignored), don't try to use an `ATTEST_KEY`.
if (isRkpOnly().value_or(true) && key_desc.Contains(TAG_ATTESTATION_CHALLENGE) &&
- !shouldSkipAttestKeyTest()) {
+ !shouldSkipAttestKeyTest() && is_asymmetric(key_desc)) {
AuthorizationSet attest_key_desc =
AuthorizationSetBuilder().EcdsaKey(EcCurve::P_256).AttestKey().SetDefaultValidity();
attest_key.emplace();
@@ -462,10 +475,7 @@
*key_characteristics = std::move(creationResult.keyCharacteristics);
*cert_chain = std::move(creationResult.certificateChain);
- auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM);
- EXPECT_TRUE(algorithm);
- if (algorithm &&
- (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
+ if (is_asymmetric(key_desc)) {
EXPECT_GE(cert_chain->size(), 1);
if (key_desc.Contains(TAG_ATTESTATION_CHALLENGE)) {
if (attest_key) {
@@ -506,10 +516,7 @@
*key_characteristics = std::move(creationResult.keyCharacteristics);
cert_chain_ = std::move(creationResult.certificateChain);
- auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM);
- EXPECT_TRUE(algorithm);
- if (algorithm &&
- (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
+ if (is_asymmetric(key_desc)) {
EXPECT_GE(cert_chain_.size(), 1);
if (key_desc.Contains(TAG_ATTESTATION_CHALLENGE)) EXPECT_GT(cert_chain_.size(), 1);
} else {
@@ -554,10 +561,7 @@
for (auto& entry : key_characteristics_) {
allAuths.push_back(AuthorizationSet(entry.authorizations));
}
- auto algorithm = allAuths.GetTagValue(TAG_ALGORITHM);
- EXPECT_TRUE(algorithm);
- if (algorithm &&
- (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) {
+ if (is_asymmetric(allAuths)) {
EXPECT_GE(cert_chain_.size(), 1);
} else {
// For symmetric keys there should be no certificates.
@@ -1904,16 +1908,29 @@
}
}
+ if (get_vsr_api_level() > __ANDROID_API_V__) {
+ // The Verified Boot key field should be exactly 32 bytes since it
+ // contains the SHA-256 hash of the key on locked devices or 32 bytes
+ // of zeroes on unlocked devices. This wasn't checked for earlier
+ // versions of the KeyMint HAL, so only only be strict for VSR-16+.
+ EXPECT_EQ(verified_boot_key.size(), 32);
+ } else if (get_vsr_api_level() == __ANDROID_API_V__) {
+ // The Verified Boot key field should be:
+ // - Exactly 32 bytes on locked devices since it should contain
+ // the SHA-256 hash of the key, or
+ // - Up to 32 bytes of zeroes on unlocked devices (behaviour on
+ // unlocked devices isn't specified in the HAL interface
+ // specification).
+ // Thus, we can't check for strict equality in case unlocked devices
+ // report values with less than 32 bytes. This wasn't checked for
+ // earlier versions of the KeyMint HAL, so only check on VSR-15.
+ EXPECT_LE(verified_boot_key.size(), 32);
+ }
+
// Verified Boot key should be all zeroes if the boot state is "orange".
std::string empty_boot_key(32, '\0');
std::string verified_boot_key_str((const char*)verified_boot_key.data(),
verified_boot_key.size());
- if (get_vsr_api_level() >= __ANDROID_API_V__) {
- // The attestation should contain the SHA-256 hash of the verified boot
- // key. However, this was not checked for earlier versions of the KeyMint
- // HAL so only be strict for VSR-V and above.
- EXPECT_LE(verified_boot_key.size(), 32);
- }
EXPECT_NE(property_get("ro.boot.verifiedbootstate", property_value, ""), 0);
if (!strcmp(property_value, "green")) {
EXPECT_EQ(verified_boot_state, VerifiedBoot::VERIFIED);
@@ -2228,6 +2245,33 @@
namespace {
+std::optional<std::string> validateP256Point(const std::vector<uint8_t>& x_buffer,
+ const std::vector<uint8_t>& y_buffer) {
+ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+ if (group.get() == nullptr) {
+ return "Error creating EC group by curve name for prime256v1";
+ }
+
+ auto point = EC_POINT_Ptr(EC_POINT_new(group.get()));
+ BIGNUM_Ptr x(BN_bin2bn(x_buffer.data(), x_buffer.size(), nullptr));
+ BIGNUM_Ptr y(BN_bin2bn(y_buffer.data(), y_buffer.size(), nullptr));
+ if (!EC_POINT_set_affine_coordinates_GFp(group.get(), point.get(), x.get(), y.get(), nullptr)) {
+ return "Failed to set affine coordinates.";
+ }
+ if (!EC_POINT_is_on_curve(group.get(), point.get(), nullptr)) {
+ return "Point is not on curve.";
+ }
+ if (EC_POINT_is_at_infinity(group.get(), point.get())) {
+ return "Point is at infinity.";
+ }
+ const auto* generator = EC_GROUP_get0_generator(group.get());
+ if (!EC_POINT_cmp(group.get(), generator, point.get(), nullptr)) {
+ return "Point is equal to generator.";
+ }
+
+ return std::nullopt;
+}
+
void check_cose_key(const vector<uint8_t>& data, bool testMode) {
auto [parsedPayload, __, payloadParseErr] = cppbor::parse(data);
ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
@@ -2261,6 +2305,24 @@
" -3 : \\{(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}\\},\n" // pub_y: data
"\\}"));
}
+
+ ASSERT_TRUE(parsedPayload->asMap()) << "CBOR item was not a map";
+
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_X))
+ << "CBOR map did not contain x coordinate of public key";
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_X)->asBstr())
+ << "x coordinate of public key was not a bstr";
+ const auto& x = parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_X)->asBstr()->value();
+
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_Y))
+ << "CBOR map did not contain y coordinate of public key";
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_Y)->asBstr())
+ << "y coordinate of public key was not a bstr";
+ const auto& y = parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_Y)->asBstr()->value();
+
+ auto errorMessage = validateP256Point(x, y);
+ EXPECT_EQ(errorMessage, std::nullopt)
+ << *errorMessage << " x: " << bin2hex(x) << " y: " << bin2hex(y);
}
} // namespace
diff --git a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
index 9f7322a..f7639bf 100644
--- a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
+++ b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
@@ -114,10 +114,22 @@
const auto& vbKey = rot->asArray()->get(pos++);
ASSERT_TRUE(vbKey);
ASSERT_TRUE(vbKey->asBstr());
- if (get_vsr_api_level() >= __ANDROID_API_V__) {
- // The attestation should contain the SHA-256 hash of the verified boot
- // key. However, this not was checked for earlier versions of the KeyMint
- // HAL so only be strict for VSR-V and above.
+ if (get_vsr_api_level() > __ANDROID_API_V__) {
+ // The Verified Boot key field should be exactly 32 bytes since it
+ // contains the SHA-256 hash of the key on locked devices or 32 bytes
+ // of zeroes on unlocked devices. This wasn't checked for earlier
+ // versions of the KeyMint HAL, so only only be strict for VSR-16+.
+ ASSERT_EQ(vbKey->asBstr()->value().size(), 32);
+ } else if (get_vsr_api_level() == __ANDROID_API_V__) {
+ // The Verified Boot key field should be:
+ // - Exactly 32 bytes on locked devices since it should contain
+ // the SHA-256 hash of the key, or
+ // - Up to 32 bytes of zeroes on unlocked devices (behaviour on
+ // unlocked devices isn't specified in the HAL interface
+ // specification).
+ // Thus, we can't check for strict equality in case unlocked devices
+ // report values with less than 32 bytes. This wasn't checked for
+ // earlier versions of the KeyMint HAL, so only check on VSR-15.
ASSERT_LE(vbKey->asBstr()->value().size(), 32);
}
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 5467679..b9c742a 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -416,6 +416,32 @@
check_maced_pubkey(macedPubKey, testMode, nullptr);
}
+/**
+ * Generate and validate at most 2**16 production-mode keys. This aims to catch issues that do not
+ * deterministically show up. In practice, this will test far fewer keys, but a certain number are
+ * tested at a minimum.
+ */
+TEST_P(GenerateKeyTests, generateManyEcdsaP256KeysInProdMode) {
+ const auto start = std::chrono::steady_clock::now();
+ const auto time_bound = std::chrono::seconds(5);
+ const auto upper_bound = 1 << 16;
+ const auto lower_bound = 1 << 8;
+ for (auto iteration = 0; iteration < upper_bound; iteration++) {
+ MacedPublicKey macedPubKey;
+ bytevec privateKeyBlob;
+ bool testMode = false;
+ auto status =
+ provisionable_->generateEcdsaP256KeyPair(testMode, &macedPubKey, &privateKeyBlob);
+ ASSERT_TRUE(status.isOk());
+ vector<uint8_t> coseKeyData;
+ check_maced_pubkey(macedPubKey, testMode, &coseKeyData);
+ const auto current_time = std::chrono::steady_clock::now() - start;
+ if (iteration >= lower_bound && current_time >= time_bound) {
+ break;
+ }
+ }
+}
+
class CertificateRequestTestBase : public VtsRemotelyProvisionedComponentTests {
protected:
CertificateRequestTestBase()
diff --git a/security/see/authmgr/aidl/Android.bp b/security/see/authmgr/aidl/Android.bp
new file mode 100644
index 0000000..a32d4e9
--- /dev/null
+++ b/security/see/authmgr/aidl/Android.bp
@@ -0,0 +1,57 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.security.see.authmgr",
+ vendor_available: true,
+ srcs: [
+ "android/hardware/security/see/authmgr/*.aidl",
+ ],
+ stability: "vintf",
+ frozen: false,
+ backend: {
+ java: {
+ platform_apis: true,
+ },
+ ndk: {
+ enabled: true,
+ },
+ rust: {
+ enabled: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.virt",
+ ],
+ },
+ },
+}
+
+// A rust_defaults that includes the latest authmgr AIDL library.
+// Modules that depend on authmgr directly can include this rust_defaults to avoid
+// managing dependency versions explicitly.
+rust_defaults {
+ name: "authmgr_use_latest_hal_aidl_rust",
+ rustlibs: [
+ "android.hardware.security.see.authmgr-V1-rust",
+ ],
+}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
similarity index 87%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
index 1e304ab..b775f95 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,7 +31,8 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DiceChainEntry {
+ byte[] diceChainEntry;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
similarity index 82%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
index d88d5c8..0f61900 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,12 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-parcelable MemoryBufferParameter {
- android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
- int sizeBytes;
- union MemoryBuffer {
- ParcelFileDescriptor input;
- ParcelFileDescriptor output;
- }
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DiceLeafArtifacts {
+ android.hardware.security.see.authmgr.DiceChainEntry diceLeaf;
+ android.hardware.security.see.authmgr.DicePolicy diceLeafPolicy;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
similarity index 87%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
index 1e304ab..f434c3c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,7 +31,8 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DicePolicy {
+ byte[] dicePolicy;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
similarity index 64%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
index 5c26cc2..9e6a501 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,7 +31,24 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.security.see.authmgr;
+@Backing(type="int") @VintfStability
+enum Error {
+ OK = 0,
+ AUTHENTICATION_ALREADY_STARTED = (-1) /* -1 */,
+ INSTANCE_ALREADY_AUTHENTICATED = (-2) /* -2 */,
+ INVALID_DICE_CERT_CHAIN = (-3) /* -3 */,
+ INVALID_DICE_LEAF = (-4) /* -4 */,
+ INVALID_DICE_POLICY = (-5) /* -5 */,
+ DICE_POLICY_MATCHING_FAILED = (-6) /* -6 */,
+ SIGNATURE_VERIFICATION_FAILED = (-7) /* -7 */,
+ CONNECTION_HANDOVER_FAILED = (-8) /* -8 */,
+ CONNECTION_NOT_AUTHENTICATED = (-9) /* -9 */,
+ NO_CONNECTION_TO_AUTHORIZE = (-10) /* -10 */,
+ INVALID_INSTANCE_IDENTIFIER = (-11) /* -11 */,
+ MEMORY_ALLOCATION_FAILED = (-12) /* -12 */,
+ INSTANCE_PENDING_DELETION = (-13) /* -13 */,
+ CLIENT_PENDING_DELETION = (-14) /* -14 */,
+ AUTHENTICATION_NOT_STARTED = (-15) /* -15 */,
+ INSTANCE_CONTEXT_CREATION_DENIED = (-16) /* -16 */,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
similarity index 87%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
index 1e304ab..18d90eb 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,7 +31,8 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable ExplicitKeyDiceCertChain {
+ byte[] diceCertChain;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
similarity index 70%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
index 5c26cc2..a120b49 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,7 +31,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.security.see.authmgr;
+@VintfStability
+interface IAuthMgrAuthorization {
+ byte[32] initAuthentication(in android.hardware.security.see.authmgr.ExplicitKeyDiceCertChain diceCertChain, in @nullable byte[] instanceIdentifier);
+ void completeAuthentication(in android.hardware.security.see.authmgr.SignedConnectionRequest signedConnectionRequest, in android.hardware.security.see.authmgr.DicePolicy dicePolicy);
+ void authorizeAndConnectClientToTrustedService(in byte[] clientID, String serviceName, in byte[32] token, in android.hardware.security.see.authmgr.DiceLeafArtifacts clientDiceArtifacts);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
similarity index 86%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
index 1e304ab..46d8373 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The Android Open Source Project
+ * Copyright (C) 2024 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,7 +31,8 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable SignedConnectionRequest {
+ byte[] signedConnectionRequest;
}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl
new file mode 100644
index 0000000..3b4a35b
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * A CBOR encoded DICE certificate.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DiceChainEntry {
+ /**
+ * Data is CBOR encoded according to the `DiceChainEntry` CDDL in
+ * hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/
+ * generateCertificateRequestV2.cddl
+ */
+ byte[] diceChainEntry;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
new file mode 100644
index 0000000..333096f
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+import android.hardware.security.see.authmgr.DiceChainEntry;
+import android.hardware.security.see.authmgr.DicePolicy;
+
+/**
+ * This contains the DICE certificate and the DICE policy created for the client by the AuthMgr FE.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DiceLeafArtifacts {
+ DiceChainEntry diceLeaf;
+ DicePolicy diceLeafPolicy;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl
new file mode 100644
index 0000000..4b55330
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * DICE policy - CBOR encoded according to DicePolicy.cddl.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DicePolicy {
+ /**
+ * Data is CBOR encoded according to the `DicePolicy` CDDL in
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * DicePolicy.cddl
+ */
+ byte[] dicePolicy;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl
new file mode 100644
index 0000000..f7c3592
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * AuthMgr error codes. Aidl will return these error codes as service specific errors in
+ * EX_SERVICE_SPECIFIC.
+ */
+@VintfStability
+@Backing(type="int")
+enum Error {
+ /** Success */
+ OK = 0,
+
+ /** Duplicated attempt to start authentication from the same transport ID */
+ AUTHENTICATION_ALREADY_STARTED = -1,
+
+ /** Duplicated authenticated attempt with the same instance ID */
+ INSTANCE_ALREADY_AUTHENTICATED = -2,
+
+ /** Invalid DICE certificate chain of the AuthMgr FE */
+ INVALID_DICE_CERT_CHAIN = -3,
+
+ /** Invalid DICE leaf of the client */
+ INVALID_DICE_LEAF = -4,
+
+ /** Invalid DICE policy */
+ INVALID_DICE_POLICY = -5,
+
+ /** The DICE chain to policy matching failed */
+ DICE_POLICY_MATCHING_FAILED = -6,
+
+ /** Invalid signature */
+ SIGNATURE_VERIFICATION_FAILED = -7,
+
+ /** Failed to handover the connection to the trusted service */
+ CONNECTION_HANDOVER_FAILED = -8,
+
+ /**
+ * An authentication required request (e.g. phase 2) is invoked on a non-authenticated
+ * connection
+ */
+ CONNECTION_NOT_AUTHENTICATED = -9,
+
+ /** There is no pending connection with a matching token to authorize in phase 2 */
+ NO_CONNECTION_TO_AUTHORIZE = -10,
+
+ /** Invalid instance identifier */
+ INVALID_INSTANCE_IDENTIFIER = -11,
+
+ /** Failed to allocate memory */
+ MEMORY_ALLOCATION_FAILED = -12,
+
+ /** An instance which is pending deletion is trying to authenticate */
+ INSTANCE_PENDING_DELETION = -13,
+
+ /** A client which is pending deletion is trying to authorize */
+ CLIENT_PENDING_DELETION = -14,
+
+ /** Trying to complete authentication for an instance for which authentication is not started */
+ AUTHENTICATION_NOT_STARTED = -15,
+
+ /** Creation of the pVM instance's context in the secure storage is not allowed */
+ INSTANCE_CONTEXT_CREATION_DENIED = -16,
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
new file mode 100644
index 0000000..de23530
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * DICE certificate chain - CBOR encoded according to ExplicitKeyDiceCertChain.cddl.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable ExplicitKeyDiceCertChain {
+ /**
+ * Data is CBOR encoded according to the `ExplicitKeyDiceCertChain` CDDL in
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * ExplicitKeyDiceCertChain.cddl
+ */
+ byte[] diceCertChain;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
new file mode 100644
index 0000000..43c3bde
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
@@ -0,0 +1,276 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+import android.hardware.security.see.authmgr.DiceLeafArtifacts;
+import android.hardware.security.see.authmgr.DicePolicy;
+import android.hardware.security.see.authmgr.ExplicitKeyDiceCertChain;
+import android.hardware.security.see.authmgr.SignedConnectionRequest;
+
+/**
+ * This is the interface to be implemented by an AuthMgr backend component (AuthMgr BE), in order to
+ * allow the AuthMgr frontend component (AuthMgr FE) in a pVM instance to authenticate itself and
+ * to authorize one or more clients in the pVM instance, in order to let the clients access
+ * trusted services in the Trusted Execution Environment (TEE).
+ *
+ * The following assumptions must be true for the underlying IPC mechanism and the transport layer:
+ * 1. Both parties should be able to retrieve a non-spoofable identifier of the other party from
+ * the transport layer (a.k.a transport ID or vM ID), which stays the same throughout a given
+ * boot cycle of a pVM instance. This is important to prevent person-in-the-middle (PITM)
+ * attacks and to authorize a new connection from a pVM instance based on an already
+ * authenicated connection from the same pVM instance.
+ *
+ * 2. Each of AuthMgr FE and the AuthMgr BE should be able to hand over a connection that is
+ * setup between them to another party so that such connection can be used for communication
+ * between the two new parties subsequently. This is important to be able to handover an
+ * authorized connection established between the AuthMgr FE and the AuthMgr BE to a client in
+ * in a pVM instance and a trusted service in TEE respectively.
+ *
+ * 3. This API should be exposed over an IPC mechanism that supports statefull connections. This
+ * is important for the AuthMgr FE to setup an authenicated connection once per boot cycle
+ * and reuse it to authorize multiple client connections afterwards, if needed.
+ *
+ * 4. AuthMgr FE has a mechanism for discovering and establishing a connection to the trusted
+ * AuthMgr BE. Based on this assumptionson, mutual authentication is not covered by this
+ * API.
+ *
+ * The AuthMgr authorization protocol consists of two phases:
+ * 1. Phase 1 authenticates the AuthMgr FE to the AuthMgr BE via the first two methods of this
+ * API: `initAuthentication` and `completeAuthentication`. At the end of the successful
+ * excecution of phase 1, the AuthMgr FE and the AuthMgr BE have an authenticated connection
+ * established between them. Phase 1 also enforces rollback protection on AuthMgr FE in
+ * addition to authentication.
+ *
+ * Authentication is performed by verifying the AuthMgr FE's signature on the challenge
+ * issued by the AuthMgr BE. The public signing key of the AuthMgr FE is obtained from the
+ * validated DICE certificate chain for verifying the signature. Rollback protection is
+ * enforced by matching the DICE certificate chain against the stored DICE policy.
+ * AuthMgr FE uses this authenticated connection throughout the boot cycle of the pVM to send
+ * phase 2 requests to the AuthMgr BE. Therefore, phase 1 needs to be executed only once per
+ * boot cycle of the pVM. AuthMgr BE should take measures to prevent any duplicate
+ * authentication attempts from the same instance or from any impersonating instances.
+ *
+ * 2. Phase 2 authorizes a client in the pVM to access trusted service(s) in the TEE and
+ * establishes a new connection between the client and the trusted service based on the trust
+ * in the authenticated connection established in phase 1. The client and the trusted service
+ * can communicate independently from the AuthMgr(s) after the successful execution of
+ * phase 2 of the authorization protocol.
+ *
+ * The AuthMgr FE first opens a new vsock connection to the AuthMgr BE and sends a one-time
+ * token over that connection. The AuthMgr FE then invokes the third method of this API
+ * (`authorizeAndConnectClientToTrustedService`) on the authenticated connection established
+ * with the AuthMgr BE in phase 1. Rollback protection is enforced on the client by matching
+ * the client's DICE certificate against the stored DICE policy. The new connection is
+ * authorized by matching the token sent over the new connection and the token sent over the
+ * authenicated connection.
+ *
+ * AuthMgr BE should make sure that "use-after-destroy" threats are prevented in the implementation
+ * of this authorization protocol. This means that even if a client/pVM instance is created with the
+ * same identifier(s) of a deleted client/pVM instance, the new client should not be able to access
+ * the deleted client's secrets/resources created in the trusted services. The following
+ * requirements should be addressed in order to ensure this:
+ * 1) Each client should be identified by a unique identifier at the AuthMgr BE. The uniqueness
+ * should be guaranteed across factory resets.
+ * 2) The client's unique identifier should be used when constructing the file path to store the
+ * client's context, including the client's DICE policy, in the AuthMgr BE's secure storage.
+ * 3) The client's unique identifier should be conveyed to the trusted service(s) that the client
+ * accesses, when an authorized connection is setup between the client and the trusted service in
+ * phase 2. The trusted service(s) should mix in this unique client identifier when providing the
+ * critical services to the clients (e.g. deriving HW-backed keys by the HWCrypto service,
+ * storing data by the SecureStorage service).
+ *
+ * An example approach to build a unique identifier for a client is as follows:
+ * The AuthMgr BE stores a `global sequence number` in the secure storage that does not get
+ * wiped upon factory reset. Everytime the AuthMgr BE sees a new instance or a client, it assigns
+ * the current `global sequence number` as the unique sequence number of the instance or the client
+ * and increments the `global sequence number`.
+ */
+@VintfStability
+interface IAuthMgrAuthorization {
+ /**
+ * AuthMgr FE initiates the challenge-response protocol with the AuthMgr BE in order to
+ * authenticate the AuthMgr FE to the AuthMgr BE. AuthMgr BE creates and returns a challenge
+ * (a cryptographic random of 32 bytes) to the AuthMgr FE.
+ *
+ * The AuthMgr BE extracts the instance identifier from the DICE certificate chain of the
+ * AuthMgr FE (given in the input: `diceCertChain`). If the instance identifier is not included
+ * in the DICE certificate chain, then it should be sent in the optional
+ * input: `instanceIdentifier`. The instance identifier is used by the AuthMgr BE in this step
+ * to detect and reject any duplicate authentication attempts.
+ * The instance identifier is used in step 2 to build the file path in the secure storage to
+ * store the instance's context.
+ *
+ * If authentication is already started (but not completed) from the same transport ID, return
+ * the error code `AUTHENTICATION_ALREADY_STARTED`.
+ *
+ * @param diceCertChain - DICE certificate chain of the AuthMgr FE.
+ *
+ * @param instanceIdentifier - optional parameter to send the instance identifier, if it is not
+ * included in the DICE certificate chain
+ *
+ * @return challenge to be included in the signed response sent by the AuthMgr FE in
+ * `completeAuthentication`
+ *
+ * @throws ServiceSpecificException:
+ * Error::INSTANCE_ALREADY_AUTHENTICATED - when a pVM instance with the same
+ * `instanceIdentifier` or the same transport id has already been authenticated.
+ * Error::AUTHENTICATION_ALREADY_STARTED - when a pVM instance with the same
+ * the same transport id has already started authentication
+ */
+ byte[32] initAuthentication(in ExplicitKeyDiceCertChain diceCertChain,
+ in @nullable byte[] instanceIdentifier);
+
+ /**
+ * AuthMgr FE invokes this method to complete phase 1 of the authorization protocol. The AuthMgr
+ * BE verifies the signature in `signedConnectionRequest` with the public signing key of the
+ * AuthMgr FE obtained from the DICE certificate chain.
+ *
+ * As per the CDDL for `SignedConnectionRequest` in SignedConnectionRequest.cddl, the AuthMgr FE
+ * includes the challenge sent by the AuthMgr BE and the unique transport IDs of the AuthMgr FE
+ * and AuthMgr BE in the signed response. This is to prevent replay attacks in the presence of
+ * more than one AuthMgr BE, where one AuthMgr BE may impersonate a pVM instance/AuthMgr FE to
+ * another AuthMgr BE. Both transport IDs are included for completeness, although it is
+ * sufficient to include either of them for the purpose of preventing such attacks.
+ *
+ * AuthMgr BE validates the DICE certificate chain by verifying all the signatures in the chain
+ * and by checking wither the root public key is trusted.
+ *
+ * The AuthMgr BE matches the DICE certificate chain of the AuthMgr FE to the DICE policy given
+ * in the input: `dicePolicy`. If this is the first invocation of this method during the
+ * lifetime of the AuthMgr FE, the AuthMgr BE stores the DICE policy in the secure storage as
+ * part of the pVM instance's context, upon successful matching of DICE chain to the policy.
+ * The file path for the storage of the pVM context is constructed using the instance
+ * identifier. Note that the creation of a pVM instance's context in the secure storage is
+ * allowed only during the factory, for the first version of this API. In the future, we expect
+ * to allow the creation of a pVM instance's context in the secure storage even after the device
+ * leaves the factory, based on hard-coded DICE policies and/or via a separate
+ * `IAuthMgrInstanceContextMaintenance` API.
+ *
+ * In the subsequent invocations of this method, the AuthMgr BE matches the given DICE chain
+ * to the stored DICE policy in order to enforce rollback protection. If that succeeds and if
+ * the given DICE poliy is different from the stored DICE policy, the AuthMgr BE replaces the
+ * stored DICE policy with the given DICE policy.
+ *
+ * Upon successful execution of this method, the AuthMgr BE should store some state associated
+ * with the connection, in order to distinguish authenicated connections from any
+ * non-authenticated connections. The state associated with the connection may cache certain
+ * artifacts such as instance identifier, instance sequence number, transport ID, DICE chain
+ * and DICE policy of the AuthMgr FE, so that they can be reused when serving phase 2 requests.
+ * The requests for phase 2 of the authorization protocol are allowed only on authenticated
+ * connections.
+ *
+ * @param signedConnectionRequest - signature from AuthMgr FE (CBOR encoded according to
+ * SignedConnectionRequest.cddl)
+ *
+ * @param dicePolicy - DICE policy of the AuthMgr FE
+ *
+ * @throws ServiceSpecificException:
+ * Error::AUTHENTICATION_NOT_STARTED - when the authentication process has not been
+ * started for the pVM instance.
+ * Error::INSTANCE_ALREADY_AUTHENTICATED - when a pVM instance with the same
+ * `instanceIdentifier` or the same transport id has already been authenticated.
+ * Error::SIGNATURE_VERIFICATION_FAILED - when the signature verification fails.
+ * Error::INVALID_DICE_CERT_CHAIN - when the DICE certificate chain validation fails.
+ * Error::DICE_POLICY_MATCHING_FAILED - when the DICE certificate chain to DICE policy
+ * matching fails for the pVM instance.
+ * Error::INSTANCE_CONTEXT_CREATION_DENIED - when the creation of the pVM instances's
+ * context in the AuthMgr BE is not allowed.
+ * Error::INSTANCE_PENDING_DELETION - when a pVM that is being deleted is trying to
+ * authenticate.
+ *
+ */
+ void completeAuthentication(
+ in SignedConnectionRequest signedConnectionRequest, in DicePolicy dicePolicy);
+
+ /**
+ * When the AuthMgr FE receives a request from a client to access a trusted service, the
+ * AuthMgr FE first creates a new (out-of-band) connection with the AuthMgr BE and sends a
+ * one-time cryptographic token of 32 bytes over that new connection.
+ *
+ * The AuthMgr FE then invokes this method on the authenticated connection established with the
+ * AuthMgr BE in phase 1. When this method is invoked, the AuthMgr BE checks whether the
+ * underlying connection of this method call is already authenticated.
+ *
+ * The AuthMgr FE acts as the DICE manager for all the clients in the pVM and generates the DICE
+ * leaf certificate and the DICE leaf policy for the client, which are sent in the input:
+ * `clientDiceArtifacts`.
+ *
+ * The AuthMgr BE matches the client's DICE leaf certificate to the client's DICE policy.
+ * If this is the first invocation of this method in the lifetime of the client, the AuthMgr BE
+ * stores the client's DICE policy in the secure storage as part of the client's context, upon
+ * successful matching of the DICE certificate to the policy. The file path for the storage of
+ * the client's context should be constructed using the unique id assigned to the pVM instance
+ * by the AuthMgr BE (e.g. instance sequence number) and the client ID. There is no use
+ * case for deleting a client context or a pVM context created in the secure storage, for the
+ * first version of this API, outside of the factory reset. In the future, we expect to
+ * expose APIs for those tasks.
+ *
+ * In the subsequent invocations of this method, the AuthMgr BE matches the given DICE leaf
+ * certificate to the stored DICE policy in order to enforce rollback protection. If that
+ * succeeds and if the given DICE policy is different from the stored DICE policy, the AuthMgr
+ * BE replaces the stored DICE policy with the given DICE policy.
+ *
+ * If the same client requests multiple trusted services or connects to the same trusted service
+ * multiple times during the same boot cycle of the pVM instance, it is recommended to validate
+ * the client's DICE artifacts only once for a given client as an optimization.
+ *
+ * The AuthMgr BE keeps track of the aforementioned new connections that are pending
+ * authorization along with the tokens sent over them and the transport ID of the pVM instance
+ * which created those connections.
+ *
+ * The AuthMgr FE sends the same token that was sent over an aforementioned new connection
+ * in the input: `token` of this method call, in order to authorize the new connection, based on
+ * the trust in the authenticated connection established in phase 1.
+ *
+ * Once the validation of the client's DICE artifacts is completed, the AuthMgr BE retrieves the
+ * pending new connection to be authorized, which is associated with a token that matches the
+ * token sent in this method call and a transport ID that matches the transport ID associated
+ * with the connection underlying this method call.
+ *
+ * Next the AuthMgr BE connects to the trusted service requested by the client in order to
+ * handover the new authorized connection to the trusted service. Once the connection
+ * handover is successful, the AuthMgr BE returns OK to the AuthMgr FE. Then the AuthMgr FE
+ * returns to the client a handle to the new connection (created at the beginning of phase 2).
+ * At this point, an authorized connection is setup between the client and the trusted service,
+ * which they can use to communicate independently of the AuthMgr FE and the AuthMgr BE.
+ *
+ * @param clientID - the identifier of the client in the pVM instance, which is unique in the
+ * context of the pVM instance
+ *
+ * @param service name - the name of the trusted service requested by the client
+ *
+ * @param token - the one-time token used to authorize the new connection created between the
+ * AuthMgr FE and the AuthMgr BE
+ *
+ * @param clientDiceArtifacts - DICE leaf certificate and the DICE leaf policy of the client
+ *
+ * @throws ServiceSpecificException:
+ * Error::CONNECTION_NOT_AUTHENTICATED - when the underlying connection of this method
+ * call is not authenticated.
+ * Error::DICE_POLICY_MATCHING_FAILED - when the DICE certificate chain to DICE policy
+ * matching fails for the client.
+ * Error::NO_CONNECTION_TO_AUTHORIZE - when there is no pending new connection that
+ * is associated with a token and a transport ID that matches those of this
+ * method call.
+ * Error::CONNECTION_HANDOVER_FAILED - when the hanover of the authorized connection to
+ * the trusted service fails.
+ * Error::CLIENT_PENDING_DELETION - when a client that is being deleted is trying to be
+ * authorized.
+ */
+ void authorizeAndConnectClientToTrustedService(in byte[] clientID, String serviceName,
+ in byte[32] token, in DiceLeafArtifacts clientDiceArtifacts);
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
new file mode 100644
index 0000000..f258603
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * The response from the AuthMgr FE which includes the challenge sent by the AuthMgr BE and other
+ * information signed by the AuthMgr FE's signing key.
+ */
+
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable SignedConnectionRequest {
+ /* Data is CBOR encoded according the CDDL in ./SignedConnectionRequest.cddl */
+ byte[] signedConnectionRequest;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl
new file mode 100644
index 0000000..a74ccd7
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+SignedConnectionRequestProtected = {
+ 1 : AlgorithmEdDSA / AlgorithmES256,
+}
+
+SignedConnectionRequest = [ ; COSE_Sign1 (untagged) [RFC9052 s4.2]
+ protected: bstr .cbor SignedConnectionRequesProtected,
+ unprotected: {},
+ payload: bstr .cbor ConnectionRequest,
+ signature: bstr ; PureEd25519(privateKey, SignedResponseSigStruct) /
+ ; ECDSA(privateKey, SignedResponseSigStruct)
+]
+
+ConnectionRequestSigStruct = [ ; Sig_structure for SignedConnectionRequest [ RFC9052 s4.4]
+ context: "Signature1",
+ body_protected: bstr .cbor SignedConnectionRequesProtected,
+ external_aad: bstr .cbor ExternalAADForDICESignedConnectionRequest,
+ payload: bstr .cbor ConnectionRequest,
+]
+
+; The payload structure signed by the DICE signing key
+ConnectionRequest [
+ challenge: bstr .size 32,
+ transport_type: TransportType, ; this indicates what CBOR structure should be exected for the
+ ; next element (i.e. transport_id_info)
+ transport_id_info: TransportIdInfo, ; this information is used to detect person-in-the-middle
+ ; attacks
+]
+
+; The unique id assigned to the `ConnectionRequest` payload structure
+ConnectionRequestUuid = h'34c82916 9579 4d86 baef 592a066419e4' ; bstr .size 16 (UUID v4 - RFC 9562)
+
+; An integer that identifies the type of the transport used for communication between clients and
+; trusted services
+TransportType = &(
+ FFA: 1,
+ ; Any other transport type(s) also be defined here
+)
+
+; Identity information of the peers provided by the transport layer
+TransportIdInfo = &(
+ FFATransportId,
+ ; Any other type(s) containing transport layer identity information should also be defiend here
+)
+
+; Transport ids (a.k.a VM IDs) provided by the FFA transport
+FFATransportId = [
+ feID: uint .size 2, ; FF-A partition ID of the AuthMgr FE
+ beID: uint .size 2, ; FF-A partition ID of the AuthMgr BE
+]
+
+; External AAD to be added to any Sig_structure signed by the DICE signing key, with the mandatory
+; field of `uuid_of_payload_struct` of type UUID v4 (RFC 9562). This field is required to ensure
+; that both the signer and the verifier refer to the same payload structure, given that there are
+; various payload structures signed by the DICE signing key in different protocols in Android.
+ExternalAADForDICESigned = [
+ uuid_of_payload_struct: buuid,
+]
+
+; RFC8610 - Section 3.6
+buuid = #6.37(bstr .size 16)
+
+ExternalAADForDICESignedConnectionRequest = [ ; ExternalAADForDICESigned for ConnectionRequest
+ uuid_of_payload_struct: #6.37(ConnectionRequestUuid),
+]
+
+AlgorithmES256 = -7 ; [RFC9053 s2.1]
+AlgorithmEdDSA = -8 ; [RFC9053 s2.2]
diff --git a/security/see/authmgr/aidl/vts/Android.bp b/security/see/authmgr/aidl/vts/Android.bp
new file mode 100644
index 0000000..3d6fce2
--- /dev/null
+++ b/security/see/authmgr/aidl/vts/Android.bp
@@ -0,0 +1,36 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["Android-Apache-2.0"],
+ default_team: "trendy_team_trusty",
+}
+
+rust_test {
+ name: "VtsAidlAuthMgrNonExistentTest",
+ srcs: ["test.rs"],
+ require_root: true,
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ rustlibs: [
+ "libbinder_rs",
+ ],
+}
diff --git a/security/see/authmgr/aidl/vts/test.rs b/security/see/authmgr/aidl/vts/test.rs
new file mode 100644
index 0000000..45533a7
--- /dev/null
+++ b/security/see/authmgr/aidl/vts/test.rs
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Test for asserting the non-existence of an IAuthMgrAuthorization.aidl
+
+#![cfg(test)]
+
+use binder;
+
+const AUTHMGR_INTERFACE_NAME: &str = "android.hardware.security.see.authmgr.IAuthMgrAuthorization";
+
+#[test]
+fn test_authmgr_non_existence() {
+ let authmgr_instances = match binder::get_declared_instances(AUTHMGR_INTERFACE_NAME) {
+ Ok(vec) => vec,
+ Err(e) => {
+ panic!("failed to retrieve the declared interfaces for AuthMgr: {:?}", e);
+ }
+ };
+ assert!(authmgr_instances.is_empty());
+}
diff --git a/staging/security/see/hwcrypto/aidl/Android.bp b/security/see/hwcrypto/aidl/Android.bp
similarity index 77%
rename from staging/security/see/hwcrypto/aidl/Android.bp
rename to security/see/hwcrypto/aidl/Android.bp
index 2da59a4..e15f494 100644
--- a/staging/security/see/hwcrypto/aidl/Android.bp
+++ b/security/see/hwcrypto/aidl/Android.bp
@@ -8,10 +8,8 @@
}
aidl_interface {
- name: "android.hardware.security.see",
- unstable: false,
- // TODO Remove this owner field when this interface is moved out of /staging
- owner: "google_while_staging",
+ name: "android.hardware.security.see.hwcrypto",
+ stability: "vintf",
host_supported: true,
srcs: [
"android/hardware/security/see/hwcrypto/*.aidl",
@@ -22,11 +20,15 @@
enabled: false,
},
cpp: {
- enabled: false,
+ enabled: true,
},
rust: {
enabled: true,
},
+ ndk: {
+ enabled: true,
+ },
},
frozen: false,
+ system_ext_specific: true,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
index 0a7e7a2..fd2904b 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
union CryptoOperation {
android.hardware.security.see.hwcrypto.MemoryBufferParameter setMemoryBuffer;
android.hardware.security.see.hwcrypto.OperationParameters setOperationParameters;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
index 05780e1..66bed55 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable CryptoOperationErrorAdditionalInfo {
long failingCommandIndex;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
index 1088e27..7996b9a 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable CryptoOperationResult {
@nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
index f3b9b43..75bb0dc 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable CryptoOperationSet {
@nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
android.hardware.security.see.hwcrypto.CryptoOperation[] operations;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
index 472215f..7646656 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -32,5 +32,6 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface ICryptoOperationContext {
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
index 5b34572..b31a06c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface IHwCryptoKey {
android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey);
android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
@@ -43,7 +44,6 @@
android.hardware.security.see.hwcrypto.IOpaqueKey getKeyslotData(android.hardware.security.see.hwcrypto.IHwCryptoKey.KeySlot slotId);
enum DeviceKeyId {
DEVICE_BOUND_KEY,
- BATCH_KEY,
}
enum KeySlot {
KEYMINT_SHARED_HMAC_KEY,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
index 5c26cc2..7c87dd3 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface IHwCryptoOperations {
android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
index 88dbdf1..1121f01 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface IOpaqueKey {
byte[] exportWrappedKey(in android.hardware.security.see.hwcrypto.IOpaqueKey wrappingKey);
android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
index 0e3896e..ca114c3 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable KeyPolicy {
android.hardware.security.see.hwcrypto.types.KeyUse usage;
android.hardware.security.see.hwcrypto.types.KeyLifetime keyLifetime = android.hardware.security.see.hwcrypto.types.KeyLifetime.EPHEMERAL;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
index d88d5c8..1c49297 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable MemoryBufferParameter {
android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
int sizeBytes;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
index e069610..d6f57ab 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
union OperationParameters {
android.hardware.security.see.hwcrypto.types.SymmetricAuthOperationParameters symmetricAuthCrypto;
android.hardware.security.see.hwcrypto.types.SymmetricOperationParameters symmetricCrypto;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
index 0fd1ee7..7b9924e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable PatternParameters {
long numberBlocksProcess;
long numberBlocksCopy;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
index e7501ff..6ad2c09 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union AesCipherMode {
android.hardware.security.see.hwcrypto.types.CipherModeParameters cbc;
android.hardware.security.see.hwcrypto.types.CipherModeParameters ctr;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
index 4084abb..68ad142 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union AesGcmMode {
android.hardware.security.see.hwcrypto.types.AesGcmMode.AesGcmModeParameters gcmTag16;
parcelable AesGcmModeParameters {
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
index f4bf786..78b1ff8 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union AesKey {
byte[16] aes128 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
byte[32] aes256;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
index 7a77521..83713ff 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable CipherModeParameters {
byte[16] nonce;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
index 9970678..45cb234 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union ExplicitKeyMaterial {
android.hardware.security.see.hwcrypto.types.AesKey aes;
android.hardware.security.see.hwcrypto.types.HmacKey hmac;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
index 742314c..969e9c8 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable HalErrorCode {
const int NO_ERROR = 0;
const int GENERIC_ERROR = (-1) /* -1 */;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
index f8de94a..4d4e65d 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union HmacKey {
byte[32] sha256 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
byte[64] sha512;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
index 532cd8d..33a518d 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable HmacOperationParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey key;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
index db5964c..ddee337 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -32,7 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
-@Backing(type="byte")
+@Backing(type="byte") @VintfStability
enum KeyLifetime {
EPHEMERAL,
HARDWARE,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
index ea3a173..919be32 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum KeyPermissions {
ALLOW_EPHEMERAL_KEY_WRAPPING,
ALLOW_HARDWARE_KEY_WRAPPING,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
index 59b83c4..07a7ce4 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum KeyType {
AES_128_CBC_NO_PADDING,
AES_128_CBC_PKCS7_PADDING,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
index e888bdf..b607fd5 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -32,7 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
-@Backing(type="int")
+@Backing(type="int") @VintfStability
enum KeyUse {
ENCRYPT = 1,
DECRYPT = 2,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
similarity index 96%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
index 59c8757..184e21f 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -32,7 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
-@RustDerive(Clone=true, Copy=true)
+@RustDerive(Clone=true, Copy=true) @VintfStability
parcelable MemoryBufferReference {
int startOffset;
int sizeBytes;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
index fc2dd63..6dfefcb 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable OpaqueKeyToken {
byte[] keyToken;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
index aad3ac1..858ef1c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union OperationData {
android.hardware.security.see.hwcrypto.types.MemoryBufferReference memoryBufferReference;
byte[] dataBuffer;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
index ca8b3eb..03c2bba 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum OperationType {
READ,
WRITE,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
index 1e304ab..cb963ee 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum ProtectionId {
WIDEVINE_OUTPUT_BUFFER = 1,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
index d3d1763..e42190e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union SymmetricAuthCryptoParameters {
android.hardware.security.see.hwcrypto.types.AesGcmMode aes;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
index 8a8ef09..78c4a4f 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable SymmetricAuthOperationParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey key;
android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
index cc93094..8fd5e85 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union SymmetricCryptoParameters {
android.hardware.security.see.hwcrypto.types.AesCipherMode aes;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
index 1a17525..40fd2d5 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum SymmetricOperation {
ENCRYPT,
DECRYPT,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
index 769833b..7007074 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable SymmetricOperationParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey key;
android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
index b37848b..80c91ee 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -32,5 +32,6 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable Void {
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
index 2fdbc78..0859d2a 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -25,6 +25,7 @@
* Type that describes the different operations that can be performed along with its required
* parameters. It will be used to construct a vector of operation that are executed sequentially.
*/
+@VintfStability
union CryptoOperation {
/*
* Sets a memory buffer to operate on. References to positions of this memory buffer can be used
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
index f3ac8ea..cc94b02 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -18,6 +18,7 @@
/*
* Type that provides more information about failures when processing a list of commands.
*/
+@VintfStability
parcelable CryptoOperationErrorAdditionalInfo {
/*
* Index indicating the first step of <code>CryptoOperationSet::operations</code> that failed
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
index 07c2983..5c3b81e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -20,6 +20,7 @@
/*
* Type that describes the result of a set of crypto operations.
*/
+@VintfStability
parcelable CryptoOperationResult {
/*
* Token that can be passed on a CryptoOperationSet to issue more operations on the same context
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
index 9aff1e8..285ed36 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -21,6 +21,7 @@
/*
* Type that describes a set of crypto operations to execute
*/
+@VintfStability
parcelable CryptoOperationSet {
/*
* Token to be used to issue the operations. If NULL, a new context will be created and
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
index 68d0c03..8cfa735 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -22,4 +22,5 @@
* operation in progress context includes any memory buffer previously mapped by a
* <code>CryptoOperation::SetMemoryBuffer</code> call.
*/
+@VintfStability
interface ICryptoOperationContext {}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..97a4c37
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,294 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+
+/*
+ * Higher level interface to access and generate keys.
+ */
+@VintfStability
+interface IHwCryptoKey {
+ /*
+ * Identifier for the requested device provided key. The currently supported identifiers are:
+ *
+ */
+ enum DeviceKeyId {
+ /*
+ * This is a key unique to the device.
+ */
+ DEVICE_BOUND_KEY,
+ }
+
+ /*
+ * Identifier for the requested key slot. The currently supported identifiers are:
+ *
+ */
+ enum KeySlot {
+ /*
+ * This is the shared HMAC key that will now be computed by HwCryptoKey after participating
+ * in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
+ * ISharedSecret.aidl for more information.
+ */
+ KEYMINT_SHARED_HMAC_KEY,
+ }
+
+ union DiceBoundDerivationKey {
+ /*
+ * Opaque to be used to derive the DICE bound key.
+ */
+ IOpaqueKey opaqueKey;
+
+ /*
+ * Device provided key to be used to derive the DICE bound key.
+ */
+ DeviceKeyId keyId;
+ }
+
+ parcelable DiceCurrentBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Current dice policy which was used to generate the returned key. This policy is opaque
+ * from this service perspective (it will be sent to an Authentication Manager Service to be
+ * verified). It follows the structure defined on DicePolicy.cddl, located under
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/ with the
+ * caveat that it could be encrypted if the client does not have enough permissions to see
+ * the device dice policy information.
+ */
+ byte[] dicePolicyForKeyVersion;
+ }
+
+ parcelable DiceBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Indicates if the diceBoundKey returned was created using a current DICE policy. The
+ * caller can use this to detect if an old policy was provided and rotate its keys if so
+ * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
+ * use a potentially compromised key.
+ */
+ boolean dicePolicyWasCurrent;
+ }
+
+ parcelable ClearKeyPolicy {
+ /*
+ * Indicates the desired key size. It will be used to calculate how many bytes of key
+ * material should be returned.
+ */
+ int keySizeBytes;
+ }
+
+ union DerivedKeyPolicy {
+ /*
+ * If used we will derive a clear key and pass it back as an array of bytes on
+ * <code>HwCryptoKeyMaterial::explicitKey</code>.
+ */
+ ClearKeyPolicy clearKey;
+
+ /*
+ * Policy for the newly derived opaque key. Defines how the key can be used and its type.
+ */
+ byte[] opaqueKey;
+ }
+
+ parcelable DerivedKeyParameters {
+ /*
+ * Key to be used to derive the new key using HKDF.
+ */
+ IOpaqueKey derivationKey;
+
+ /*
+ * Policy for the newly derived key. Depending on its type, either a clear or opaque key
+ * will be derived.
+ */
+ DerivedKeyPolicy keyPolicy;
+
+ /*
+ * An arbitrary set of bytes incorporated into the key derivation. May have an
+ * implementation-specific maximum length, but it is guaranteed to accept at least 32 bytes.
+ */
+ byte[] context;
+ }
+
+ union DerivedKey {
+ /*
+ * Derived key in clear format.
+ */
+ byte[] explicitKey = {};
+
+ /*
+ * Derived key as a key token to be used only through the HWCrypto service.
+ */
+ IOpaqueKey opaque;
+ }
+
+ /*
+ * Derives a versioned key tied to the caller's current DICE policy. It will return this current
+ * policy back to the caller along with the generated key.
+ *
+ * @param derivationKey:
+ * Key to be used to derive the new key using HKDF.
+ *
+ * @return:
+ * A DiceCurrentBoundKeyResult containint the versioned key tied the current client version
+ * on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
+ in DiceBoundDerivationKey derivationKey);
+
+ /*
+ * Derive a versioned key by checking the provided DICE policy against the caller and then using
+ * it as a context for deriving the returned key.
+ *
+ * @param derivationKey:
+ * Key to be used to derive the new key using HKDF.
+ *
+ * @param dicePolicyForKeyVersion:
+ * Policy used to derive keys tied to specific versions. Using this parameter the caller can
+ * tie a derived key to a minimum version of itself, so in the future only itself or a more
+ * recent version can derive the same key. This parameter is opaque to the caller and it
+ * could be encrypted in the case the client doesn't have permission to know the dice chain.
+ * When implementing this function, this parameter shall be one of the components fed to the
+ * KDF context and it needs to be checked against the caller DICE certificate before being
+ * used.
+ *
+ * @return:
+ * A DiceBoundKeyResult containing the versioned key tied to the provided DICE policy on
+ * success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DiceBoundKeyResult deriveDicePolicyBoundKey(
+ in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
+
+ /*
+ * Derive a new key based on the given key, policy and context.
+ *
+ * @param parameters:
+ * Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
+ * file for more information.
+ *
+ * @return:
+ * A HwCryptoKeyMaterial containing the derived key on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DerivedKey deriveKey(in DerivedKeyParameters parameters);
+
+ /*
+ * Returns an interface used to work on opaque keys. This interface can also be used to operate
+ * on any opaque key generated by hwkeyDeriveVersioned, even if this key has been generated
+ * after retrieving a IHwCryptoOperations binder object, as long as the parent
+ * IHwCryptoDeviceKeyAccess is not dropped between retrieving the IHwCryptoOperations binder
+ * object and deriving the key. IHwCryptoOperations can also be used to create opaque keys that
+ * are not bound to the device.
+ *
+ * @return:
+ * IHwCryptoOperations on success
+ */
+ IHwCryptoOperations getHwCryptoOperations();
+
+ /*
+ * Imports a SW clear key into the secure environment.
+ *
+ * @param keyMaterial:
+ * key to be imported.
+ *
+ * @param newKeyPolicy:
+ * Policy of the new key. Defines how the newly created key can be used. Because any clear
+ * key imported into the system is considered to have a <code>KeyLifetime::PORTABLE</code>
+ * lifetime, a call to this function will return an error if
+ * <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
+ *
+ * @return:
+ * IOpaqueKey on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
+
+ /*
+ * Returns the client current DICE policy. This policy is encrypted and considered opaque from
+ * the client perspective. This policy is the same used to create DICE bound keys and will also
+ * be used to seal secrets that can only be retrieved by the DICE policy owner. The first use of
+ * this seal operation will be <code>IOpaqueKey::getShareableToken</code> and will call this
+ * <code>IHwCryptoKey::keyTokenImport</code>. To start this process, the intended key receiver
+ * function and then pass the generated DICE policy to the owner of the key that the receiver
+ * wants to import. The key owner will then call <code>IOpaqueKey::getShareableToken</code>
+ * passing the receiver DICE policy to insure that only that receiver can import the key.
+ *
+ * @return:
+ * byte[] on success, which is the caller encrypted DICE policy.
+ */
+ byte[] getCurrentDicePolicy();
+
+ /*
+ * Imports a key from a different client service instance. Because IOpaqueKey are binder objects
+ * that cannot be directly shared between binder rpc clients, this method provide a way to send
+ * a key to another client. Keys to be imported by the receiver are represented by a token
+ * created using <code>IOpaqueKey::getShareableToken</code>. The flow to create this token is
+ * described in <code>IHwCryptoKey::getCurrentDicePolicy</code>.
+ *
+ * @param requested_key:
+ * Handle to the key to be imported to the caller service.
+ *
+ * @param sealingDicePolicy:
+ * DICE policy used to seal the exported key.
+ *
+ * @return:
+ * An IOpaqueKey that can be directly be used on the local HWCrypto service on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
+
+ /*
+ * Gets the keyslot key material referenced by slotId. This interface is used to access device
+ * specific keys with known types and uses. Because the returned key is opaque, it can only be
+ * used through the different HwCrypto interfaces. Because the keys live in a global namespace
+ * the identity of the caller needs to be checked to verify that it has permission to access the
+ * requested key.
+ *
+ * @param slotId:
+ * Identifier for the requested keyslot
+ *
+ * @return:
+ * An IOpaqueKey corresponding to the requested key slot on success.
+ *
+ * @throws:
+ * ServiceSpecificException <code>UNAUTHORIZED</code> if the caller cannot access the
+ * requested key, another specific error based on <code>HalErrorCode</code> otherwise.
+ */
+ IOpaqueKey getKeyslotData(KeySlot slotId);
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
similarity index 84%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
index 4d394ed..9df6d67 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -24,20 +24,25 @@
* cryptographic keys. Interactions with this interface are done through a command-base API,
* which allow callers to execute a large set of operations on a single call.
*/
+@VintfStability
interface IHwCryptoOperations {
/*
- * processCommandList() - Executes a list of cryptographic commands in order
+ * Executes a list of cryptographic commands in order
*
- * @operations:
+ * @param operations:
* Parameter containing 1 or more set of commands to execute. Additionally, each set can
* also contain a context on which the commands will be executed.
- * @additionalErrorInfo:
+ *
+ * @param additionalErrorInfo:
* Structure containing additional info when errors are encountered. Only valid if the
* function failed its execution.
- * Return:
+ *
+ * @return:
* CryptoOperationResult[] on success, which can contain a context to continue executing
- * each of the provided operations sets, service specific error based on
- * <code>HalErrorCode</code> otherwise.
+ * each of the provided operations sets.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
*/
CryptoOperationResult[] processCommandList(inout CryptoOperationSet[] operations,
out CryptoOperationErrorAdditionalInfo additionalErrorInfo);
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
new file mode 100644
index 0000000..318a27e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+import android.hardware.security.see.hwcrypto.types.OperationType;
+import android.hardware.security.see.hwcrypto.types.ProtectionId;
+
+@VintfStability
+interface IOpaqueKey {
+ /*
+ * Exports this key as a wrapped (encrypted) blob.
+ *
+ * @param wrapping_key:
+ * wrapping key. It needs to be an opaque key and its policy needs to indicate that it can
+ * be used for key wrapping.
+ *
+ * @return:
+ * Wrapped key blob as a byte array on success. Format of the blob is opaque to the service
+ * but has to match the command accepted by
+ * <code>IHwCryptoKeyGeneration::importWrappedKey</code>
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ byte[] exportWrappedKey(in IOpaqueKey wrappingKey);
+
+ /*
+ * Returns the key policy.
+ *
+ * @return:
+ * A <code>KeyPolicy</code> on success
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ KeyPolicy getKeyPolicy();
+
+ /*
+ * Returns the public key portion of this OpaqueKey. This operation is only valid for asymmetric
+ * keys.
+ *
+ * @return:
+ * public key as a byte array on success. Format used for the returned public key is COSE.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ byte[] getPublicKey();
+
+ /*
+ * Returns a token that can shared with another HWCrypto client.
+ *
+ * @param sealingDicePolicy:
+ * Token to be used to protect the returned OpaqueKeyToken. It will be used so only
+ * the owner of the sealingDicePolicy can import the key.
+ *
+ * @return:
+ * <code>OpaqueKeyMaterial</code> token on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
+
+ /*
+ * Sets the protectionID associated with the buffers where the operation will be performed. A
+ * protection ID serves as a limitation on the key so it can only operate on buffers with a
+ * matching protection ID. The client calling this functions needs to have the necessary
+ * permissions to read and/or write to this buffer. Setting this parameter means that if the key
+ * is shared with a different client, the client receiving the key will be limited in which
+ * buffers can be used to read/write data for this operation.
+ *
+ * @param protectionId:
+ * ID of the given use case to provide protection for. The method of protecting the buffer
+ * will be platform dependent.
+ *
+ * @param allowedOperations:
+ * array of allowed operations. Allowed operations are either READ or WRITE.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
index 9266bfa..a20e99b 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -23,6 +23,7 @@
/*
* Parcelable that specified how a key can be used.
*/
+@VintfStability
parcelable KeyPolicy {
/*
* Enum specifying the operations the key can perform (encryption, decryption, etc.).
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
similarity index 100%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
index c5a6a5c..efc5767 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -18,6 +18,7 @@
/*
* Parcelable representing a memory buffer.
*/
+@VintfStability
parcelable MemoryBufferParameter {
union MemoryBuffer {
ParcelFileDescriptor input;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
index a977f56..bf0b720 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -22,6 +22,7 @@
/*
* Type that describes the parameters for the different operations that can be performed.
*/
+@VintfStability
union OperationParameters {
/*
* Parameters for authenticated symmetric cryptography (AES GCM).
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
index 3f62abe..9f8950f 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -18,6 +18,7 @@
/*
* Parcelable that specifies a pattern to process data.
*/
+@VintfStability
parcelable PatternParameters {
/*
* Number of blocks that will be processed. The size of the block matches the size of the
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
index ac31557..8ce83aa 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -21,6 +21,7 @@
/*
* Type used for the parameters needed to run a non-authenticated AES operation.
*/
+@VintfStability
union AesCipherMode {
/*
* Cipher Block Chaining mode. Padding will either be none or PKCS#7 depending on the key policy
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
index 4025553..1c6551c 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -18,6 +18,7 @@
/*
* Type used for the parameters needed to run an authenticated AES operation (GCM).
*/
+@VintfStability
union AesGcmMode {
parcelable AesGcmModeParameters {
/*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
index cf9082d..ae62ef9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -18,6 +18,7 @@
/*
* Type that represents an AES key.
*/
+@VintfStability
union AesKey {
/*
* Raw AES 128 bit key material.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
similarity index 88%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
index bfa5daa..e7ede57 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -19,6 +19,10 @@
/*
* Type encapsulating nonce used on non-authenticated AES symmetric encryption.
*/
+@VintfStability
parcelable CipherModeParameters {
+ /*
+ * nonce to be used as IV for AES-CBC or as the nonce in AES-CTR
+ */
byte[16] nonce;
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
similarity index 88%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
index 3aa5611..a5bf594 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -21,7 +21,15 @@
/*
* Type encapsulating a clear key.
*/
+@VintfStability
union ExplicitKeyMaterial {
+ /*
+ * AES key in clear format.
+ */
AesKey aes;
+
+ /*
+ * HMAC key in clear format.
+ */
HmacKey hmac;
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
index f536c0e..df12262 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -18,6 +18,7 @@
/*
* Service error codes. Will be returned as service specific errors.
*/
+@VintfStability
parcelable HalErrorCode {
/* Success */
const int NO_ERROR = 0;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
index a0b6ba7..b1a988e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -18,6 +18,7 @@
/*
* Type that represents an Hmac key.
*/
+@VintfStability
union HmacKey {
/*
* Raw Hmac key for use with sha256.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
index da09a2c..faa3072 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -19,6 +19,7 @@
/*
* Data needed to perform HMAC operations.
*/
+@VintfStability
parcelable HmacOperationParameters {
/*
* Key to be used for the HMAC operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
index 9958a0b..b03b850 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -20,6 +20,7 @@
* represented as a bitmask to allow us to internally combine them on a single property to describe
* a set of allowed lifetimes.
*/
+@VintfStability
@Backing(type="byte")
enum KeyLifetime {
/*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
index a1e4f21..c48ef8b 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -18,6 +18,7 @@
/*
* Additional characteristics and permissions of the key.
*/
+@VintfStability
enum KeyPermissions {
/*
* Key can be wrapped by an ephemeral key.
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
new file mode 100644
index 0000000..ed90899
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing all supported key types. Key types are strongly bound to the algorithm to
+ * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
+ * 128 Cipher modes).
+ */
+@VintfStability
+enum KeyType {
+ /*
+ * AES with key size 128 bits using CBC mode of operation and no padding.
+ */
+ AES_128_CBC_NO_PADDING,
+
+ /*
+ * AES with key size 128 bits using CBC mode of operation and PKCS7 padding.
+ */
+ AES_128_CBC_PKCS7_PADDING,
+
+ /*
+ * AES with key size 128 bits using counter mode.
+ */
+ AES_128_CTR,
+
+ /*
+ * AES with key size 128 bits using GCM mode for authenticated encryption.
+ */
+ AES_128_GCM,
+
+ /*
+ * AES with key size 128 bits for CMAC calculation.
+ */
+ AES_128_CMAC,
+
+ /*
+ * AES with key size 256 bits using CBC mode of operation and no padding.
+ */
+ AES_256_CBC_NO_PADDING,
+
+ /*
+ * AES with key size 256 bits using CBC mode of operation and PKCS7 padding.
+ */
+ AES_256_CBC_PKCS7_PADDING,
+
+ /*
+ * AES with key size 128 bits using counter mode.
+ */
+ AES_256_CTR,
+
+ /*
+ * AES with key size 128 bits using GCM mode for authenticated encryption.
+ */
+ AES_256_GCM,
+
+ /*
+ * AES with key size 128 bits for CMAC calculation.
+ */
+ AES_256_CMAC,
+
+ /*
+ * Key of length of 32 bytes for HMAC operations using SHA256.
+ */
+ HMAC_SHA256,
+
+ /*
+ * Key of length of 64 bytes for HMAC operations using SHA512.
+ */
+ HMAC_SHA512,
+
+ /*
+ * RSA of key size of 2048 bits for signing using PSS.
+ */
+ RSA2048_PSS_SHA256,
+
+ /*
+ * RSA of key size of 2048 bits for signing with padding PKCS 1.5 and SHA256 as the digest
+ * algorithm.
+ */
+ RSA2048_PKCS1_5_SHA256,
+
+ /*
+ * ECC key for signing using curve P-256 and no padding.
+ */
+ ECC_NIST_P256_SIGN_NO_PADDING,
+
+ /*
+ * ECC key for signing using curve P-256 and SHA256 as hashing algorithm.
+ */
+ ECC_NIST_P256_SIGN_SHA256,
+
+ /*
+ * ECC key for signing using curve P-521 and no padding.
+ */
+ ECC_NIST_P521_SIGN_NO_PADDING,
+
+ /*
+ * ECC key for signing using curve P-512 and SHA512 as hashing algorithm.
+ */
+ ECC_NIST_P521_SIGN_SHA512,
+
+ /*
+ * ECC key for signing using EdDSA.
+ */
+ ECC_ED25519_SIGN,
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
similarity index 77%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
index 76bfd62..60bfd06 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -18,12 +18,24 @@
/*
* Enum describing the allowed operations that can be performed with the given key.
*/
+@VintfStability
@Backing(type="int")
enum KeyUse {
+ /* Key can be used to encrypt */
ENCRYPT = 1,
+
+ /* Key can be used to decrypt */
DECRYPT = 2,
+
+ /* Key can be used to encrypt or decrypt */
ENCRYPT_DECRYPT = ENCRYPT | DECRYPT,
+
+ /* Key can be used to sign */
SIGN = 4,
+
+ /* Key can be used to derive other keys */
DERIVE = 8,
+
+ /* Key can be used to wrap other keys */
WRAP = 16,
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
index 1175dc5..0f3c099 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -18,6 +18,7 @@
/*
* Structure representing a section of a memory buffer.
*/
+@VintfStability
@RustDerive(Copy=true, Clone=true)
parcelable MemoryBufferReference {
/*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
index db95c18..25cc6fb 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -20,6 +20,7 @@
* valid on the current boot, and its reuse after a session is closed (or between sessions) is not
* guaranteed.
*/
+@VintfStability
parcelable OpaqueKeyToken {
/*
* Opaque type used to send IOpaqueKeys keys to different clients. Its format is implementation
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
index 642d05e..8dfca72 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -20,6 +20,7 @@
/*
* Union holding buffers to be used by the cryptographic operation.
*/
+@VintfStability
union OperationData {
/*
* Reference (offset, size) to the active operations' MemoryBuffer.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
similarity index 90%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
index 76878a3..2dc9ae9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -18,7 +18,11 @@
/*
* Enum describing the different types of operations allowed on a buffer.
*/
+@VintfStability
enum OperationType {
+ /* Read operations allowed*/
READ,
+
+ /* Write operations allowed*/
WRITE,
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
index 8686882..8fd0551 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -19,6 +19,7 @@
* Enum describing the different types of protected buffers. Protected buffers are named by its
* corresponding use case and its underlaying implementation is platform dependant.
*/
+@VintfStability
enum ProtectionId {
/*
* ProtectionID used by HwCrypto to enable Keys that can be used for Widevine video buffers.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
index 278e48d..79c39f9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -20,6 +20,7 @@
/*
* Data needed to perform authenticated symmetric cryptographic operations.
*/
+@VintfStability
union SymmetricAuthCryptoParameters {
/*
* AES (Advanced Encryption Standard) GCM parameters.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
index 46568c3..844a3bc 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -23,6 +23,7 @@
* Parameters needed to perform an authenticated symmetric cryptographic operation. Currently only
* AES-GCM is supported.
*/
+@VintfStability
parcelable SymmetricAuthOperationParameters {
/*
* Key to be used on the operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
index 2350242..679fe6a 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -20,6 +20,7 @@
/*
* Data needed to perform non-authenticated symmetric cryptographic operations.
*/
+@VintfStability
union SymmetricCryptoParameters {
/*
* AES (Advanced Encryption Standard) parameters.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
similarity index 92%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
index 2717472..d88d4e9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -18,4 +18,4 @@
/*
* Enum describing the type of symmetric operation desired.
*/
-enum SymmetricOperation { ENCRYPT, DECRYPT }
+@VintfStability enum SymmetricOperation { ENCRYPT, DECRYPT }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
index 1d1554d..509d416 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -22,6 +22,7 @@
/*
* Parameters needed to perform a non-authenticated symmetric cryptographic operation.
*/
+@VintfStability
parcelable SymmetricOperationParameters {
/*
* Key to be used on the operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
similarity index 92%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
index f9f608d..243fb45 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -15,4 +15,8 @@
*/
package android.hardware.security.see.hwcrypto.types;
+/*
+ * Type used to represent no data.
+ */
+@VintfStability
parcelable Void {}
diff --git a/staging/security/see/storage/aidl/Android.bp b/security/see/storage/aidl/Android.bp
similarity index 91%
rename from staging/security/see/storage/aidl/Android.bp
rename to security/see/storage/aidl/Android.bp
index f669be8..279cb90 100644
--- a/staging/security/see/storage/aidl/Android.bp
+++ b/security/see/storage/aidl/Android.bp
@@ -4,7 +4,7 @@
aidl_interface {
name: "android.hardware.security.see.storage",
- unstable: true,
+ stability: "vintf",
host_supported: true,
srcs: [
"android/hardware/security/see/storage/*.aidl",
@@ -23,4 +23,5 @@
enabled: true,
},
},
+ frozen: false,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Availability.aidl
similarity index 92%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Availability.aidl
index 1e304ab..62af569 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Availability.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.storage;
+@VintfStability
+enum Availability {
+ BEFORE_USERDATA,
+ AFTER_USERDATA,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/CreationMode.aidl
similarity index 92%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/CreationMode.aidl
index 1e304ab..f999205 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/CreationMode.aidl
@@ -31,7 +31,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.storage;
+@VintfStability
+enum CreationMode {
+ NO_CREATE,
+ CREATE_EXCLUSIVE,
+ CREATE,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/FileMode.aidl
similarity index 92%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/FileMode.aidl
index 1e304ab..604e61f 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/FileMode.aidl
@@ -31,7 +31,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.storage;
+@VintfStability
+enum FileMode {
+ READ_ONLY,
+ WRITE_ONLY,
+ READ_WRITE,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Filesystem.aidl
similarity index 81%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Filesystem.aidl
index 5c26cc2..df08380 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Filesystem.aidl
@@ -31,7 +31,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.security.see.storage;
+@VintfStability
+parcelable Filesystem {
+ android.hardware.security.see.storage.Integrity integrity = android.hardware.security.see.storage.Integrity.TAMPER_PROOF_AT_REST;
+ android.hardware.security.see.storage.Availability availability = android.hardware.security.see.storage.Availability.BEFORE_USERDATA;
+ boolean persistent;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IDir.aidl
similarity index 91%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IDir.aidl
index 1e304ab..7068ea2 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IDir.aidl
@@ -31,7 +31,8 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.storage;
+@VintfStability
+interface IDir {
+ @utf8InCpp String[] readNextFilenames(int maxCount);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IFile.aidl
similarity index 83%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IFile.aidl
index d88d5c8..734ec0c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IFile.aidl
@@ -31,12 +31,12 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-parcelable MemoryBufferParameter {
- android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
- int sizeBytes;
- union MemoryBuffer {
- ParcelFileDescriptor input;
- ParcelFileDescriptor output;
- }
+package android.hardware.security.see.storage;
+@VintfStability
+interface IFile {
+ byte[] read(long size, long offset);
+ long write(long offset, in byte[] buffer);
+ long getSize();
+ void setSize(long newSize);
+ void rename(in @utf8InCpp String destPath, in android.hardware.security.see.storage.CreationMode destCreateMode);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/ISecureStorage.aidl
similarity index 78%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/ISecureStorage.aidl
index 5c26cc2..c99c039 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/ISecureStorage.aidl
@@ -31,7 +31,14 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.security.see.storage;
+@VintfStability
+interface ISecureStorage {
+ android.hardware.security.see.storage.IStorageSession startSession(in android.hardware.security.see.storage.Filesystem filesystem);
+ const int ERR_UNSUPPORTED_PROPERTIES = 1;
+ const int ERR_NOT_FOUND = 2;
+ const int ERR_ALREADY_EXISTS = 3;
+ const int ERR_BAD_TRANSACTION = 4;
+ const int ERR_AB_UPDATE_IN_PROGRESS = 5;
+ const int ERR_FS_TAMPERED = 6;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IStorageSession.aidl
similarity index 72%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IStorageSession.aidl
index 5c26cc2..11b4b9a 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IStorageSession.aidl
@@ -31,7 +31,14 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.security.see.storage;
+@VintfStability
+interface IStorageSession {
+ void commitChanges();
+ void stageChangesForCommitOnAbUpdateComplete();
+ void abandonChanges();
+ android.hardware.security.see.storage.IFile openFile(in @utf8InCpp String filePath, in android.hardware.security.see.storage.OpenOptions options);
+ void deleteFile(in @utf8InCpp String filePath);
+ void renameFile(in @utf8InCpp String currentPath, in @utf8InCpp String destPath, in android.hardware.security.see.storage.CreationMode destCreateMode);
+ android.hardware.security.see.storage.IDir openDir(in @utf8InCpp String path);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Integrity.aidl
similarity index 92%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Integrity.aidl
index 1e304ab..801da04 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Integrity.aidl
@@ -31,7 +31,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto.types;
-enum ProtectionId {
- WIDEVINE_OUTPUT_BUFFER = 1,
+package android.hardware.security.see.storage;
+@VintfStability
+enum Integrity {
+ TAMPER_PROOF_AT_REST,
+ TAMPER_DETECT,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/OpenOptions.aidl
similarity index 81%
copy from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
copy to security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/OpenOptions.aidl
index 5c26cc2..eda2404 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/OpenOptions.aidl
@@ -31,7 +31,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.see.hwcrypto;
-interface IHwCryptoOperations {
- android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+package android.hardware.security.see.storage;
+@VintfStability
+parcelable OpenOptions {
+ android.hardware.security.see.storage.CreationMode createMode = android.hardware.security.see.storage.CreationMode.NO_CREATE;
+ android.hardware.security.see.storage.FileMode accessMode = android.hardware.security.see.storage.FileMode.READ_WRITE;
+ boolean truncateOnOpen;
}
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl
index 21a275c..e2954d5 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl
@@ -16,6 +16,7 @@
package android.hardware.security.see.storage;
/** Determines how early during the boot process file is able to be accessed. */
+@VintfStability
enum Availability {
/** Available before userdata is mounted, but after android has booted. */
BEFORE_USERDATA,
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl
index 1c65038..652d5c6 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl
@@ -15,6 +15,7 @@
*/
package android.hardware.security.see.storage;
+@VintfStability
enum CreationMode {
/** Returns an error if the file does not already exist. */
NO_CREATE,
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl
similarity index 97%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl
index 18a2eae..b167a17 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl
@@ -15,6 +15,7 @@
*/
package android.hardware.security.see.storage;
+@VintfStability
enum FileMode {
/** The file may only be read from. */
READ_ONLY,
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl
index ea8db53..eacd4fe 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl
@@ -21,6 +21,7 @@
/**
* Specifies minimum security requirements for a Secure Storage filesystem.
*/
+@VintfStability
parcelable Filesystem {
Integrity integrity = Integrity.TAMPER_PROOF_AT_REST;
Availability availability = Availability.BEFORE_USERDATA;
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl
index 5d9a761..ddf8ed1 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl
@@ -16,6 +16,7 @@
package android.hardware.security.see.storage;
/** The interface for an open directory */
+@VintfStability
interface IDir {
/**
* Gets the next batch of filenames in this directory.
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl
similarity index 99%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl
index fd2032e..414d423 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl
@@ -18,6 +18,7 @@
import android.hardware.security.see.storage.CreationMode;
/** The interface for an open file */
+@VintfStability
interface IFile {
/**
* Read bytes from this file.
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl
index 1841bf5..d2ac4d3 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl
@@ -23,6 +23,7 @@
*
* Creates sessions which can be used to access storage.
*/
+@VintfStability
interface ISecureStorage {
const int ERR_UNSUPPORTED_PROPERTIES = 1;
const int ERR_NOT_FOUND = 2;
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl
similarity index 99%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl
index dc1e6a8..9a8d0d7 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl
@@ -31,6 +31,7 @@
*
* Any changes still pending when the session is dropped will be abandoned.
*/
+@VintfStability
interface IStorageSession {
/**
* Commits any pending changes made through this session to storage.
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl
index 2f7f7ab..6f86ab0 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl
@@ -15,6 +15,7 @@
*/
package android.hardware.security.see.storage;
+@VintfStability
enum Integrity {
/** REE may prevent operations, but cannot alter data once written. */
TAMPER_PROOF_AT_REST,
diff --git a/staging/security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl b/security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl
similarity index 98%
rename from staging/security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl
rename to security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl
index 9fdf9e5..110b370 100644
--- a/staging/security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl
+++ b/security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl
@@ -18,6 +18,7 @@
import android.hardware.security.see.storage.CreationMode;
import android.hardware.security.see.storage.FileMode;
+@VintfStability
parcelable OpenOptions {
/** Controls creation behavior of the to-be-opened file. See `CreationMode` docs for details. */
CreationMode createMode = CreationMode.NO_CREATE;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
deleted file mode 100644
index bb194a3..0000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ /dev/null
@@ -1,289 +0,0 @@
-/*
- * Copyright 2023 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto;
-
-import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
-import android.hardware.security.see.hwcrypto.IOpaqueKey;
-import android.hardware.security.see.hwcrypto.KeyPolicy;
-import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
-import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
-
-/*
- * Higher level interface to access and generate keys.
- */
-interface IHwCryptoKey {
- /*
- * Identifier for the requested device provided key. The currently supported identifiers are:
- *
- * DEVICE_BOUND_KEY:
- * This is a key unique to the device.
- * BATCH_KEY:
- * This is a shared by a set of devices.
- */
- enum DeviceKeyId {
- DEVICE_BOUND_KEY,
- BATCH_KEY,
- }
-
- /*
- * Identifier for the requested key slot. The currently supported identifiers are:
- *
- * KEYMINT_SHARED_HMAC_KEY:
- * This is the shared HMAC key that will now be computed by HwCryptoKey after participating
- * in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
- * ISharedSecret.aidl for more information.
- */
- enum KeySlot {
- KEYMINT_SHARED_HMAC_KEY,
- }
-
- union DiceBoundDerivationKey {
- /*
- * Opaque to be used to derive the DICE bound key.
- */
- IOpaqueKey opaqueKey;
-
- /*
- * Device provided key to be used to derive the DICE bound key.
- */
- DeviceKeyId keyId;
- }
-
- parcelable DiceCurrentBoundKeyResult {
- /*
- * Key cryptographically bound to a DICE policy.
- */
- IOpaqueKey diceBoundKey;
-
- /*
- * Current dice policy which was used to generate the returned key. This policy is
- * opaque from this service perspective (it will be sent to an Authentication Manager
- * Service to be verified). It follows the structure defined on DicePolicy.cddl, located
- * under hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
- * with the caveat that it could be encrypted if the client does not have enough permissions
- * to see the device dice policy information.
- */
- byte[] dicePolicyForKeyVersion;
- }
-
- parcelable DiceBoundKeyResult {
- /*
- * Key cryptographically bound to a DICE policy.
- */
- IOpaqueKey diceBoundKey;
-
- /*
- * Indicates if the diceBoundKey returned was created using a current DICE policy. The
- * caller can use this to detect if an old policy was provided and rotate its keys if so
- * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
- * use a potentially compromised key.
- */
- boolean dicePolicyWasCurrent;
- }
-
- parcelable ClearKeyPolicy {
- /*
- * Indicates the desired key size. It will be used to calculate how many bytes of key
- * material should be returned.
- */
- int keySizeBytes;
- }
-
- union DerivedKeyPolicy {
- /*
- * If used we will derive a clear key and pass it back as an array of bytes on
- * <code>HwCryptoKeyMaterial::explicitKey</code>.
- */
- ClearKeyPolicy clearKey;
-
- /*
- * Policy for the newly derived opaque key. Defines how the key can be used and its type.
- */
- byte[] opaqueKey;
- }
-
- parcelable DerivedKeyParameters {
- /*
- * Key to be used to derive the new key using HKDF.
- */
- IOpaqueKey derivationKey;
-
- /*
- * Policy for the newly derived key. Depending on its type, either a clear or opaque key
- * will be derived.
- */
- DerivedKeyPolicy keyPolicy;
-
- /*
- * An arbitrary set of bytes incorporated into the key derivation. May have
- * an implementation-specific maximum length, but it is guaranteed to accept
- * at least 32 bytes.
- */
- byte[] context;
- }
-
- union DerivedKey {
- /*
- * Derived key in clear format.
- */
- byte[] explicitKey = {};
-
- /*
- * Derived key as a key token to be used only through the HWCrypto service.
- */
- IOpaqueKey opaque;
- }
-
- /*
- * deriveCurrentDicePolicyBoundKey() - Derives a versioned key tied to the caller's current DICE
- * policy. It will return this current policy back to the caller
- * along with the generated key.
- *
- * @derivationKey:
- * Key to be used to derive the new key using HKDF.
- *
- * Return:
- * Ok(DiceCurrentBoundKeyResult) on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
- in DiceBoundDerivationKey derivationKey);
-
- /*
- * deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy
- * against the caller and then using it as a context for deriving
- * the returned key.
- *
- * @derivationKey:
- * Key to be used to derive the new key using HKDF.
- *
- * @dicePolicyForKeyVersion:
- * Policy used to derive keys tied to specific versions. Using this parameter
- * the caller can tie a derived key to a minimum version of itself, so in the future only
- * itself or a more recent version can derive the same key. This parameter is opaque to the
- * caller and it could be encrypted in the case the client doesn't have permission to know
- * the dice chain.
- * When implementing this function, this parameter shall be one of the components fed
- * to the KDF context and it needs to be checked against the caller DICE certificate before
- * being used.
- *
- * Return:
- * Ok(DiceBoundKeyResult) on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- DiceBoundKeyResult deriveDicePolicyBoundKey(
- in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
-
- /*
- * deriveKey() - Derive a new key based on the given key, policy and context.
- *
- * @parameters:
- * Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
- * file for more information.
- *
- * Return:
- * Ok(HwCryptoKeyMaterial) on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- DerivedKey deriveKey(in DerivedKeyParameters parameters);
-
- /*
- * getHwCryptoOperations() - Returns an interface used to work on opaque keys. This interface
- * can also be used to operate on any opaque key generated by
- * hwkeyDeriveVersioned, even if this key has been generated after
- * retrieving a IHwCryptoOperations binder object, as long as the
- * parent IHwCryptoDeviceKeyAccess is not dropped between retrieving
- * the IHwCryptoOperations binder object and deriving the key.
- * IHwCryptoOperations can also be used to create opaque keys that
- * are not bound to the device.
- *
- * Return:
- * IHwCryptoOperations on success
- */
- IHwCryptoOperations getHwCryptoOperations();
-
- /*
- * importClearKey() - Imports a SW clear key into the secure environment.
- *
- * @keyMaterial:
- * key to be imported.
- * @newKeyPolicy:
- * Policy of the new key. Defines how the newly created key can be used. Because any
- * clear key imported into the system is considered to have a
- * <code>KeyLifetime::PORTABLE</code> lifetime, a call to this function will return an
- * error if <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
- *
- * Return:
- * IOpaqueKey on success, service specific error based on <code>HalErrorCode</code>
- * otherwise.
- */
- IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
-
- /*
- * getCurrentDicePolicy() - Returns the client current DICE policy. This policy is encrypted and
- * considered opaque from the client perspective. This policy is the
- * same used to create DICE bound keys and will also be used to seal
- * secrets that can only be retrieved by the DICE policy owner. The
- * first use of this seal operation will be
- * <code>IOpaqueKey::getShareableToken</code> and
- * <code>IHwCryptoKey::keyTokenImport</code>. To start this process,
- * the intended key receiver will call this function and then pass the
- * generated DICE policy to the owner of the key that the receiver
- * wants to import. The key owner will then call
- * <code>IOpaqueKey::getShareableToken</code> passing the receiver DICE
- * policy to insure that only that receiver can import the key.
- *
- * Return:
- * byte[] on success, which is the caller encrypted DICE policy.
- */
- byte[] getCurrentDicePolicy();
-
- /*
- * key_token_import() - Imports a key from a different client service instance. Because
- * IOpaqueKey are binder objects that cannot be directly shared between
- * binder rpc clients, this method provide a way to send a key to another
- * client. Keys to be imported by the receiver are represented by a token
- * created using <code>IOpaqueKey::getShareableToken</code>. The flow
- * to create this token is described in
- * <code>IHwCryptoKey::getCurrentDicePolicy</code>.
- *
- * @requested_key:
- * Handle to the key to be imported to the caller service.
- * @sealingDicePolicy:
- * DICE policy used to seal the exported key.
- * Return:
- * A IOpaqueKey that can be directly be used on the local HWCrypto service on
- * success, service specific error based on <code>HalErrorCode</code> otherwise.
- */
- IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
-
- /*
- * getKeyslotData() - Gets the keyslot key material referenced by slotId.
- *
- * @slotId:
- * Identifier for the requested keyslot
- *
- * This interface is used to access device specific keys with known types and uses. Because the
- * returned key is opaque, it can only be used through the different HwCrypto interfaces.
- * Because the keys live in a global namespace the identity of the caller needs to be
- * checked to verify that it has permission to accesses the requested key.
- *
- * Return:
- * Ok(IOpaqueKey) on success, UNAUTHORIZED if the caller cannot access the requested key,
- * another specific error code otherwise.
- */
- IOpaqueKey getKeyslotData(KeySlot slotId);
-}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
deleted file mode 100644
index 9a72639..0000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto;
-
-import android.hardware.security.see.hwcrypto.KeyPolicy;
-import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
-import android.hardware.security.see.hwcrypto.types.OperationType;
-import android.hardware.security.see.hwcrypto.types.ProtectionId;
-
-interface IOpaqueKey {
- /*
- * exportWrappedKey() - Exports this key as a wrapped (encrypted) blob.
- *
- * @wrapping_key:
- * wrapping key. It needs to be an opaque key and its policy needs to indicate that it can
- * be used for key wrapping.
- *
- * Return:
- * Wrapped key blob as a byte array on success. Format of the blob is opaque to the service
- * but has to match the command accepted by
- * <code>IHwCryptoKeyGeneration::importWrappedKey</code>, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- byte[] exportWrappedKey(in IOpaqueKey wrappingKey);
-
- /*
- * getKeyPolicy() - Returns the key policy.
- *
- * Return:
- * A <code>KeyPolicy</code> on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- KeyPolicy getKeyPolicy();
-
- /*
- * getPublicKey() - Returns the public key portion of this OpaqueKey. This operation is only
- * valid for asymmetric keys
- *
- * Return:
- * public key as a byte array on success, service specific error based on
- * <code>HalErrorCode</code> otherwise. Format used for the returned public key is COSE.
- */
- byte[] getPublicKey();
-
- /*
- * getShareableToken() - Returns a token that can shared with another HWCrypto client.
- *
- * @sealingDicePolicy:
- * Token to be used to protect the returned OpaqueKeyToken. It will be used so only
- * the owner of the sealingDicePolicy can import the key.
- * Return:
- * <code>OpaqueKeyMaterial</code> token on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
-
- /*
- * setProtectionId() - Sets the protectionID associated with the buffers where the operation
- * will be performed. A protection ID serves as a limitation on the key so
- * it can only operate on buffers with a matching protection ID.
- * The client calling this functions needs to have the necessary permissions
- * to read and/or write to this buffer. Setting this parameter means that
- * if the key is shared with a different client, the client receiving the
- * key will be limited in which buffers can be used to read/write data for
- * this operation.
- *
- * @protectionId:
- * ID of the given use case to provide protection for. The method of protecting the buffer
- * will be platform dependent.
- * @allowedOperations:
- * array of allowed operations. Allowed operations are either READ or WRITE.
- *
- * Return:
- * service specific error based on <code>HalErrorCode</code> on failure.
- */
- void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
-}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
deleted file mode 100644
index 3cf4670..0000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto.types;
-
-/*
- * Enum describing all supported key types. Key types are strongly bound to the algorithm to
- * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
- * 128 Cipher modes).
- */
-enum KeyType {
- AES_128_CBC_NO_PADDING,
- AES_128_CBC_PKCS7_PADDING,
- AES_128_CTR,
- AES_128_GCM,
- AES_128_CMAC,
- AES_256_CBC_NO_PADDING,
- AES_256_CBC_PKCS7_PADDING,
- AES_256_CTR,
- AES_256_GCM,
- AES_256_CMAC,
- HMAC_SHA256,
- HMAC_SHA512,
- RSA2048_PSS_SHA256,
- RSA2048_PKCS1_5_SHA256,
- ECC_NIST_P256_SIGN_NO_PADDING,
- ECC_NIST_P256_SIGN_SHA256,
- ECC_NIST_P521_SIGN_NO_PADDING,
- ECC_NIST_P521_SIGN_SHA512,
- ECC_ED25519_SIGN,
-}
diff --git a/thermal/OWNERS b/thermal/OWNERS
index 7229b22..13895bd 100644
--- a/thermal/OWNERS
+++ b/thermal/OWNERS
@@ -1,5 +1,3 @@
# Bug component: 826709
-
-# ADPF virtual team
-lpy@google.com
+file:platform/frameworks/base:/ADPF_OWNERS
wvw@google.com