Merge "identity: fix access control checks in libeic." into sc-dev
diff --git a/automotive/vehicle/2.0/vts/functional/VtsHalAutomotiveVehicleV2_0TargetTest.cpp b/automotive/vehicle/2.0/vts/functional/VtsHalAutomotiveVehicleV2_0TargetTest.cpp
index 7f1d4d1..4ac0aa5 100644
--- a/automotive/vehicle/2.0/vts/functional/VtsHalAutomotiveVehicleV2_0TargetTest.cpp
+++ b/automotive/vehicle/2.0/vts/functional/VtsHalAutomotiveVehicleV2_0TargetTest.cpp
@@ -241,6 +241,7 @@
ASSERT_NE(StatusCode::OK, mVehicle->subscribe(cb, options));
}
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(VehicleHalHidlTest);
INSTANTIATE_TEST_SUITE_P(
PerInstance, VehicleHalHidlTest,
testing::ValuesIn(android::hardware::getAllHalInstanceNames(IVehicle::descriptor)),
diff --git a/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp b/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
index ada6f73..47a7813 100644
--- a/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
+++ b/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
@@ -32,21 +32,8 @@
constexpr int kSensorId = 0;
constexpr int kUserId = 0;
-enum class MethodName {
- kOnError,
- kOnSessionClosed,
-};
-
-struct Invocation {
- MethodName methodName;
- Error error;
- int32_t vendorCode;
-};
-
class SessionCallback : public BnSessionCallback {
public:
- explicit SessionCallback(Invocation* inv) : mInv(inv) {}
-
ndk::ScopedAStatus onChallengeGenerated(int64_t /*challenge*/) override {
return ndk::ScopedAStatus::ok();
}
@@ -64,11 +51,11 @@
}
ndk::ScopedAStatus onError(Error error, int32_t vendorCode) override {
- *mInv = {};
- mInv->methodName = MethodName::kOnError;
- mInv->error = error;
- mInv->vendorCode = vendorCode;
-
+ auto lock = std::lock_guard<std::mutex>{mMutex};
+ mError = error;
+ mVendorCode = vendorCode;
+ mOnErrorInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
@@ -121,14 +108,18 @@
}
ndk::ScopedAStatus onSessionClosed() override {
- *mInv = {};
- mInv->methodName = MethodName::kOnSessionClosed;
-
+ auto lock = std::lock_guard<std::mutex>{mMutex};
+ mOnSessionClosedInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
- private:
- Invocation* mInv;
+ std::mutex mMutex;
+ std::condition_variable mCv;
+ Error mError = Error::UNKNOWN;
+ int32_t mVendorCode = 0;
+ bool mOnErrorInvoked = false;
+ bool mOnSessionClosedInvoked = false;
};
class Face : public testing::TestWithParam<std::string> {
@@ -140,12 +131,11 @@
}
std::shared_ptr<IFace> mHal;
- Invocation mInv;
};
TEST_P(Face, AuthenticateTest) {
// Prepare the callback.
- auto cb = ndk::SharedRefBase::make<SessionCallback>(&mInv);
+ auto cb = ndk::SharedRefBase::make<SessionCallback>();
// Create a session
std::shared_ptr<ISession> session;
@@ -155,15 +145,18 @@
std::shared_ptr<common::ICancellationSignal> cancellationSignal;
ASSERT_TRUE(session->authenticate(0 /* operationId */, &cancellationSignal).isOk());
+ auto lock = std::unique_lock<std::mutex>(cb->mMutex);
+ cb->mCv.wait(lock, [&cb] { return cb->mOnErrorInvoked; });
// Get the results
- EXPECT_EQ(mInv.methodName, MethodName::kOnError);
- EXPECT_EQ(mInv.error, Error::UNABLE_TO_PROCESS);
- EXPECT_EQ(mInv.vendorCode, 0);
+ EXPECT_EQ(cb->mError, Error::UNABLE_TO_PROCESS);
+ EXPECT_EQ(cb->mVendorCode, 0);
+ lock.unlock();
// Close the session
ASSERT_TRUE(session->close().isOk());
- EXPECT_EQ(mInv.methodName, MethodName::kOnSessionClosed);
+ lock.lock();
+ cb->mCv.wait(lock, [&cb] { return cb->mOnSessionClosedInvoked; });
}
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(Face);
@@ -180,4 +173,3 @@
ABinderProcess_startThreadPool();
return RUN_ALL_TESTS();
}
-
diff --git a/biometrics/fingerprint/aidl/default/tests/WorkerThreadTest.cpp b/biometrics/fingerprint/aidl/default/tests/WorkerThreadTest.cpp
index 8443336..b2417bd 100644
--- a/biometrics/fingerprint/aidl/default/tests/WorkerThreadTest.cpp
+++ b/biometrics/fingerprint/aidl/default/tests/WorkerThreadTest.cpp
@@ -73,24 +73,29 @@
constexpr int NUM_TASKS = 10000;
WorkerThread worker(NUM_TASKS);
+ std::mutex mut;
+ std::condition_variable cv;
+ bool finished = false;
std::vector<int> results;
+
for (int i = 0; i < NUM_TASKS; ++i) {
- worker.schedule(Callable::from([&results, i] {
+ worker.schedule(Callable::from([&mut, &results, i] {
// Delay tasks differently to provoke races.
std::this_thread::sleep_for(std::chrono::nanoseconds(100 - i % 100));
- // Unguarded write to results to provoke races.
+ auto lock = std::lock_guard(mut);
results.push_back(i);
}));
}
- std::promise<void> promise;
- auto future = promise.get_future();
-
// Schedule a special task to signal when all of the tasks are finished.
- worker.schedule(
- Callable::from([promise = std::move(promise)]() mutable { promise.set_value(); }));
- future.wait();
+ worker.schedule(Callable::from([&mut, &cv, &finished] {
+ auto lock = std::lock_guard(mut);
+ finished = true;
+ cv.notify_one();
+ }));
+ auto lock = std::unique_lock(mut);
+ cv.wait(lock, [&finished] { return finished; });
ASSERT_EQ(results.size(), NUM_TASKS);
EXPECT_TRUE(std::is_sorted(results.begin(), results.end()));
}
diff --git a/current.txt b/current.txt
index 3102972..9bc2713 100644
--- a/current.txt
+++ b/current.txt
@@ -825,6 +825,9 @@
b4cbc1f2d38787f2ad069a8e4d10c0896287531a2596f0de0283e390b0ecf05d android.hardware.audio.effect@7.0::IVirtualizerEffect
2b5681e1ea6a2db0dc1e84edb96d3de2f7daf306046543e7956be76dcb8f20fb android.hardware.audio.effect@7.0::IVisualizerEffect
fa1e2d78e66fd662de93cb479ffd55947fe54f51cb53915814b3d3e3036c86a5 android.hardware.audio.effect@7.0::types
+e3865e74cb1a6e6afd38c7aa84115cb109ce47b972132de5242bc3838d2771f6 android.hardware.automotive.vehicle@2.0::types
+b3caf524c46a47d67e6453a34419e1881942d059e146cda740502670e9a752c3 android.hardware.automotive.vehicle@2.0::IVehicle
+7ce8728b27600e840cacf0a832f6942819fe535f9d3797ae052d5eef5065921c android.hardware.automotive.vehicle@2.0::IVehicleCallback
b525e91d886379c13588f4975bb04d625d46e1f41b4453792c4b2db1e7ff4340 android.hardware.biometrics.fingerprint@2.3::IBiometricsFingerprint
4baf8e0eca4aa896cc9ceb7bb676aaf4fa21372ef8b49eed68eced1221c3dc0d android.hardware.bluetooth.audio@2.1::IBluetoothAudioProvider
d417a9212c8f96e3a06a2f221c8c5756c765355b2b81de2b2a65d4c9eee85401 android.hardware.bluetooth.audio@2.1::IBluetoothAudioProvidersFactory
diff --git a/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp b/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp
index 7d0a83b..2f0429c 100644
--- a/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp
+++ b/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp
@@ -561,17 +561,28 @@
setActiveConfig(display, config1);
sendRefreshFrame(display, nullptr);
- int32_t vsyncPeriod1 = mComposerClient->getDisplayAttribute_2_4(
+ const auto vsyncPeriod1 = mComposerClient->getDisplayAttribute_2_4(
display.get(), config1,
IComposerClient::IComposerClient::Attribute::VSYNC_PERIOD);
- int32_t vsyncPeriod2 = mComposerClient->getDisplayAttribute_2_4(
+ const auto configGroup1 = mComposerClient->getDisplayAttribute_2_4(
+ display.get(), config1,
+ IComposerClient::IComposerClient::Attribute::CONFIG_GROUP);
+ const auto vsyncPeriod2 = mComposerClient->getDisplayAttribute_2_4(
display.get(), config2,
IComposerClient::IComposerClient::Attribute::VSYNC_PERIOD);
+ const auto configGroup2 = mComposerClient->getDisplayAttribute_2_4(
+ display.get(), config2,
+ IComposerClient::IComposerClient::Attribute::CONFIG_GROUP);
if (vsyncPeriod1 == vsyncPeriod2) {
return; // continue
}
+ // We don't allow delayed change when changing config groups
+ if (params.delayForChange > 0 && configGroup1 != configGroup2) {
+ return; // continue
+ }
+
VsyncPeriodChangeTimeline timeline;
IComposerClient::VsyncPeriodChangeConstraints constraints = {
.desiredTimeNanos = systemTime() + params.delayForChange,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index f93dbba..fd6bf65 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -159,18 +159,17 @@
* purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
* algorithm [2] EXPLICIT INTEGER OPTIONAL,
* keySize [3] EXPLICIT INTEGER OPTIONAL,
- * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL,
* digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
* padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
- * callerNonce [7] EXPLICIT NULL OPTIONAL,
- * minMacLength [8] EXPLICIT INTEGER OPTIONAL,
* ecCurve [10] EXPLICIT INTEGER OPTIONAL,
* rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
+ * mgfDigest [203] EXPLICIT SET OF INTEGER OPTIONAL,
* rollbackResistance [303] EXPLICIT NULL OPTIONAL,
+ * earlyBootOnly [305] EXPLICIT NULL OPTIONAL,
* activeDateTime [400] EXPLICIT INTEGER OPTIONAL,
* originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
* usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
- * userSecureId [502] EXPLICIT INTEGER OPTIONAL,
+ * usageCountLimit [405] EXPLICIT INTEGER OPTIONAL,
* noAuthRequired [503] EXPLICIT NULL OPTIONAL,
* userAuthType [504] EXPLICIT INTEGER OPTIONAL,
* authTimeout [505] EXPLICIT INTEGER OPTIONAL,
@@ -194,6 +193,7 @@
* attestationIdModel [717] EXPLICIT OCTET_STRING OPTIONAL,
* vendorPatchLevel [718] EXPLICIT INTEGER OPTIONAL,
* bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL,
+ * deviceUniqueAttestation [720] EXPLICIT NULL OPTIONAL,
* }
*/
Certificate[] certificateChain;
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index c49b303..4d31fa4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -16,6 +16,7 @@
#pragma once
+#include <functional>
#include <string_view>
#include <aidl/Gtest.h>
@@ -206,50 +207,58 @@
template <typename TagType>
std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */,
KeyData /* ecdsaKey */>
- CreateTestKeys(TagType tagToTest, ErrorCode expectedReturn) {
+ CreateTestKeys(
+ TagType tagToTest, ErrorCode expectedReturn,
+ std::function<void(AuthorizationSetBuilder*)> tagModifier =
+ [](AuthorizationSetBuilder*) {}) {
/* AES */
KeyData aesKeyData;
- ErrorCode errorCode = GenerateKey(AuthorizationSetBuilder()
- .AesEncryptionKey(128)
- .Authorization(tagToTest)
- .BlockMode(BlockMode::ECB)
- .Padding(PaddingMode::NONE)
- .Authorization(TAG_NO_AUTH_REQUIRED),
- &aesKeyData.blob, &aesKeyData.characteristics);
+ AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder()
+ .AesEncryptionKey(128)
+ .Authorization(tagToTest)
+ .BlockMode(BlockMode::ECB)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_NO_AUTH_REQUIRED);
+ tagModifier(&aesBuilder);
+ ErrorCode errorCode =
+ GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics);
EXPECT_EQ(expectedReturn, errorCode);
/* HMAC */
KeyData hmacKeyData;
- errorCode = GenerateKey(AuthorizationSetBuilder()
- .HmacKey(128)
- .Authorization(tagToTest)
- .Digest(Digest::SHA_2_256)
- .Authorization(TAG_MIN_MAC_LENGTH, 128)
- .Authorization(TAG_NO_AUTH_REQUIRED),
- &hmacKeyData.blob, &hmacKeyData.characteristics);
+ AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder()
+ .HmacKey(128)
+ .Authorization(tagToTest)
+ .Digest(Digest::SHA_2_256)
+ .Authorization(TAG_MIN_MAC_LENGTH, 128)
+ .Authorization(TAG_NO_AUTH_REQUIRED);
+ tagModifier(&hmacBuilder);
+ errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics);
EXPECT_EQ(expectedReturn, errorCode);
/* RSA */
KeyData rsaKeyData;
- errorCode = GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(2048, 65537)
- .Authorization(tagToTest)
- .Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .SetDefaultValidity(),
- &rsaKeyData.blob, &rsaKeyData.characteristics);
+ AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .Authorization(tagToTest)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity();
+ tagModifier(&rsaBuilder);
+ errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
EXPECT_EQ(expectedReturn, errorCode);
/* ECDSA */
KeyData ecdsaKeyData;
- errorCode = GenerateKey(AuthorizationSetBuilder()
- .EcdsaSigningKey(256)
- .Authorization(tagToTest)
- .Digest(Digest::SHA_2_256)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .SetDefaultValidity(),
- &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
+ AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()
+ .EcdsaSigningKey(256)
+ .Authorization(tagToTest)
+ .Digest(Digest::SHA_2_256)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity();
+ tagModifier(&ecdsaBuilder);
+ errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
EXPECT_EQ(expectedReturn, errorCode);
return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 5dcfcaa..295be1a 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -6355,6 +6355,11 @@
auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] =
CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK);
+ for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) {
+ ASSERT_GT(keyData.blob.size(), 0U);
+ AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics);
+ EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params;
+ }
CheckedDeleteKey(&aesKeyData.blob);
CheckedDeleteKey(&hmacKeyData.blob);
CheckedDeleteKey(&rsaKeyData.blob);
@@ -6362,7 +6367,30 @@
}
/*
- * EarlyBootKeyTest.UsetEarlyBootKeyFailure
+ * EarlyBootKeyTest.CreateAttestedEarlyBootKey
+ *
+ * Verifies that creating an early boot key with attestation succeeds.
+ */
+TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) {
+ auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(
+ TAG_EARLY_BOOT_ONLY, ErrorCode::OK, [](AuthorizationSetBuilder* builder) {
+ builder->AttestationChallenge("challenge");
+ builder->AttestationApplicationId("app_id");
+ });
+
+ for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) {
+ ASSERT_GT(keyData.blob.size(), 0U);
+ AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics);
+ EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params;
+ }
+ CheckedDeleteKey(&aesKeyData.blob);
+ CheckedDeleteKey(&hmacKeyData.blob);
+ CheckedDeleteKey(&rsaKeyData.blob);
+ CheckedDeleteKey(&ecdsaKeyData.blob);
+}
+
+/*
+ * EarlyBootKeyTest.UseEarlyBootKeyFailure
*
* Verifies that using early boot keys at a later stage fails.
*/
diff --git a/security/keymint/support/attestation_record.cpp b/security/keymint/support/attestation_record.cpp
index a48f770..2462228 100644
--- a/security/keymint/support/attestation_record.cpp
+++ b/security/keymint/support/attestation_record.cpp
@@ -64,6 +64,7 @@
} ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
+// Fields ordered in tag order.
typedef struct km_auth_list {
ASN1_INTEGER_SET* purpose;
ASN1_INTEGER* algorithm;
@@ -72,32 +73,38 @@
ASN1_INTEGER_SET* padding;
ASN1_INTEGER* ec_curve;
ASN1_INTEGER* rsa_public_exponent;
+ ASN1_INTEGER_SET* mgf_digest;
+ ASN1_NULL* rollback_resistance;
+ ASN1_NULL* early_boot_only;
ASN1_INTEGER* active_date_time;
ASN1_INTEGER* origination_expire_date_time;
ASN1_INTEGER* usage_expire_date_time;
+ ASN1_INTEGER* usage_count_limit;
ASN1_NULL* no_auth_required;
ASN1_INTEGER* user_auth_type;
ASN1_INTEGER* auth_timeout;
ASN1_NULL* allow_while_on_body;
- ASN1_NULL* all_applications;
- ASN1_OCTET_STRING* application_id;
+ ASN1_NULL* trusted_user_presence_required;
+ ASN1_NULL* trusted_confirmation_required;
+ ASN1_NULL* unlocked_device_required;
ASN1_INTEGER* creation_date_time;
ASN1_INTEGER* origin;
- ASN1_NULL* rollback_resistance;
KM_ROOT_OF_TRUST* root_of_trust;
ASN1_INTEGER* os_version;
ASN1_INTEGER* os_patchlevel;
ASN1_OCTET_STRING* attestation_application_id;
- ASN1_NULL* trusted_user_presence_required;
- ASN1_NULL* trusted_confirmation_required;
- ASN1_NULL* unlocked_device_required;
+ ASN1_OCTET_STRING* attestation_id_brand;
+ ASN1_OCTET_STRING* attestation_id_device;
+ ASN1_OCTET_STRING* attestation_id_product;
+ ASN1_OCTET_STRING* attestation_id_serial;
+ ASN1_OCTET_STRING* attestation_id_imei;
+ ASN1_OCTET_STRING* attestation_id_meid;
+ ASN1_OCTET_STRING* attestation_id_manufacturer;
+ ASN1_OCTET_STRING* attestation_id_model;
ASN1_INTEGER* vendor_patchlevel;
ASN1_INTEGER* boot_patchlevel;
- ASN1_NULL* early_boot_only;
ASN1_NULL* device_unique_attestation;
- ASN1_NULL* storage_key;
ASN1_NULL* identity_credential;
- ASN1_INTEGER* usage_count_limit;
} KM_AUTH_LIST;
ASN1_SEQUENCE(KM_AUTH_LIST) = {
@@ -109,13 +116,18 @@
ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
+ ASN1_EXP_SET_OF_OPT(KM_AUTH_LIST, mgf_digest, ASN1_INTEGER,
+ TAG_RSA_OAEP_MGF_DIGEST.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL,
TAG_ROLLBACK_RESISTANCE.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, early_boot_only, ASN1_NULL, TAG_EARLY_BOOT_ONLY.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, usage_expire_date_time, ASN1_INTEGER,
TAG_USAGE_EXPIRE_DATETIME.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, usage_count_limit, ASN1_INTEGER,
+ TAG_USAGE_COUNT_LIMIT.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
@@ -133,19 +145,31 @@
ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_brand, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_BRAND.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_device, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_DEVICE.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_product, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_PRODUCT.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_serial, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_SERIAL.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_imei, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_IMEI.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_meid, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_MEID.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_manufacturer, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_MANUFACTURER.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_model, ASN1_OCTET_STRING,
+ TAG_ATTESTATION_ID_MODEL.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER,
TAG_VENDOR_PATCHLEVEL.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),
- ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
- TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
- ASN1_EXP_OPT(KM_AUTH_LIST, early_boot_only, ASN1_NULL, TAG_EARLY_BOOT_ONLY.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, device_unique_attestation, ASN1_NULL,
TAG_DEVICE_UNIQUE_ATTESTATION.maskedTag()),
- ASN1_EXP_OPT(KM_AUTH_LIST, storage_key, ASN1_NULL, TAG_STORAGE_KEY.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, identity_credential, ASN1_NULL,
TAG_IDENTITY_CREDENTIAL_KEY.maskedTag()),
- ASN1_EXP_OPT(KM_AUTH_LIST, usage_count_limit, ASN1_INTEGER,
- TAG_USAGE_COUNT_LIMIT.maskedTag()),
} ASN1_SEQUENCE_END(KM_AUTH_LIST);
IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
@@ -155,9 +179,9 @@
ASN1_INTEGER* keymint_version;
ASN1_ENUMERATED* keymint_security_level;
ASN1_OCTET_STRING* attestation_challenge;
+ ASN1_INTEGER* unique_id;
KM_AUTH_LIST* software_enforced;
KM_AUTH_LIST* tee_enforced;
- ASN1_INTEGER* unique_id;
} KM_KEY_DESCRIPTION;
ASN1_SEQUENCE(KM_KEY_DESCRIPTION) = {
@@ -253,41 +277,52 @@
}
// Extract the values from the specified ASN.1 record and place them in auth_list.
+// Does nothing with root-of-trust field.
static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* auth_list) {
if (!record) return ErrorCode::OK;
- copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list);
- copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list);
- copyAuthTag(record->application_id, TAG_APPLICATION_ID, auth_list);
- copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list);
- copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list);
- copyAuthTag(record->digest, TAG_DIGEST, auth_list);
- copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list);
- copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list);
- copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list);
- copyAuthTag(record->origin, TAG_ORIGIN, auth_list);
- copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list);
- copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list);
- copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
- copyAuthTag(record->padding, TAG_PADDING, auth_list);
+ // Fields ordered in tag order.
copyAuthTag(record->purpose, TAG_PURPOSE, auth_list);
- copyAuthTag(record->rollback_resistance, TAG_ROLLBACK_RESISTANCE, auth_list);
+ copyAuthTag(record->algorithm, TAG_ALGORITHM, auth_list);
+ copyAuthTag(record->key_size, TAG_KEY_SIZE, auth_list);
+ copyAuthTag(record->digest, TAG_DIGEST, auth_list);
+ copyAuthTag(record->padding, TAG_PADDING, auth_list);
+ copyAuthTag(record->ec_curve, TAG_EC_CURVE, auth_list);
copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list);
+ copyAuthTag(record->mgf_digest, TAG_RSA_OAEP_MGF_DIGEST, auth_list);
+ copyAuthTag(record->rollback_resistance, TAG_ROLLBACK_RESISTANCE, auth_list);
+ copyAuthTag(record->early_boot_only, TAG_EARLY_BOOT_ONLY, auth_list);
+ copyAuthTag(record->active_date_time, TAG_ACTIVE_DATETIME, auth_list);
+ copyAuthTag(record->origination_expire_date_time, TAG_ORIGINATION_EXPIRE_DATETIME, auth_list);
copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
+ copyAuthTag(record->usage_count_limit, TAG_USAGE_COUNT_LIMIT, auth_list);
+ copyAuthTag(record->no_auth_required, TAG_NO_AUTH_REQUIRED, auth_list);
copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
- copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
- copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);
- copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);
+ copyAuthTag(record->auth_timeout, TAG_AUTH_TIMEOUT, auth_list);
+ copyAuthTag(record->allow_while_on_body, TAG_ALLOW_WHILE_ON_BODY, auth_list);
copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,
auth_list);
copyAuthTag(record->trusted_confirmation_required, TAG_TRUSTED_CONFIRMATION_REQUIRED,
auth_list);
copyAuthTag(record->unlocked_device_required, TAG_UNLOCKED_DEVICE_REQUIRED, auth_list);
- copyAuthTag(record->early_boot_only, TAG_EARLY_BOOT_ONLY, auth_list);
+ copyAuthTag(record->creation_date_time, TAG_CREATION_DATETIME, auth_list);
+ copyAuthTag(record->origin, TAG_ORIGIN, auth_list);
+ // root_of_trust dealt with separately
+ copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
+ copyAuthTag(record->os_patchlevel, TAG_OS_PATCHLEVEL, auth_list);
+ copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
+ copyAuthTag(record->attestation_id_brand, TAG_ATTESTATION_ID_BRAND, auth_list);
+ copyAuthTag(record->attestation_id_device, TAG_ATTESTATION_ID_DEVICE, auth_list);
+ copyAuthTag(record->attestation_id_product, TAG_ATTESTATION_ID_PRODUCT, auth_list);
+ copyAuthTag(record->attestation_id_serial, TAG_ATTESTATION_ID_SERIAL, auth_list);
+ copyAuthTag(record->attestation_id_imei, TAG_ATTESTATION_ID_IMEI, auth_list);
+ copyAuthTag(record->attestation_id_meid, TAG_ATTESTATION_ID_MEID, auth_list);
+ copyAuthTag(record->attestation_id_manufacturer, TAG_ATTESTATION_ID_MANUFACTURER, auth_list);
+ copyAuthTag(record->attestation_id_model, TAG_ATTESTATION_ID_MODEL, auth_list);
+ copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);
+ copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);
copyAuthTag(record->device_unique_attestation, TAG_DEVICE_UNIQUE_ATTESTATION, auth_list);
- copyAuthTag(record->storage_key, TAG_STORAGE_KEY, auth_list);
copyAuthTag(record->identity_credential, TAG_IDENTITY_CREDENTIAL_KEY, auth_list);
- copyAuthTag(record->usage_count_limit, TAG_USAGE_COUNT_LIMIT, auth_list);
return ErrorCode::OK;
}
diff --git a/vibrator/aidl/vts/VtsHalVibratorManagerTargetTest.cpp b/vibrator/aidl/vts/VtsHalVibratorManagerTargetTest.cpp
index 9789188..44fa3be 100644
--- a/vibrator/aidl/vts/VtsHalVibratorManagerTargetTest.cpp
+++ b/vibrator/aidl/vts/VtsHalVibratorManagerTargetTest.cpp
@@ -71,6 +71,11 @@
std::vector<int32_t> vibratorIds;
};
+inline bool isUnknownOrUnsupported(Status status) {
+ return status.exceptionCode() == Status::EX_UNSUPPORTED_OPERATION ||
+ status.transactionError() == android::UNKNOWN_TRANSACTION;
+}
+
TEST_P(VibratorAidl, ValidateExistingVibrators) {
sp<IVibrator> vibrator;
for (auto& id : vibratorIds) {
@@ -101,8 +106,8 @@
TEST_P(VibratorAidl, PrepareSyncedNotSupported) {
if (!(capabilities & IVibratorManager::CAP_SYNC)) {
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION,
- manager->prepareSynced(vibratorIds).exceptionCode());
+ Status status = manager->prepareSynced(vibratorIds);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -116,8 +121,8 @@
for (auto& id : vibratorIds) {
EXPECT_TRUE(manager->getVibrator(id, &vibrator).isOk());
ASSERT_NE(vibrator, nullptr);
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION,
- vibrator->on(durationMs, nullptr).exceptionCode());
+ Status status = vibrator->on(durationMs, nullptr);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
EXPECT_TRUE(manager->cancelSynced().isOk());
}
@@ -134,7 +139,7 @@
ASSERT_NE(vibrator, nullptr);
int32_t lengthMs = 0;
Status status = vibrator->perform(kEffects[0], kEffectStrengths[0], nullptr, &lengthMs);
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, status.exceptionCode());
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
EXPECT_TRUE(manager->cancelSynced().isOk());
}
@@ -157,7 +162,7 @@
EXPECT_TRUE(manager->getVibrator(id, &vibrator).isOk());
ASSERT_NE(vibrator, nullptr);
Status status = vibrator->compose(composite, nullptr);
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, status.exceptionCode());
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
EXPECT_TRUE(manager->cancelSynced().isOk());
}
@@ -191,8 +196,8 @@
TEST_P(VibratorAidl, TriggerSyncNotSupported) {
if (!(capabilities & IVibratorManager::CAP_SYNC)) {
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION,
- manager->triggerSynced(nullptr).exceptionCode());
+ Status status = manager->triggerSynced(nullptr);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -201,8 +206,8 @@
if (!(capabilities & IVibratorManager::CAP_TRIGGER_CALLBACK)) {
sp<CompletionCallback> callback = new CompletionCallback([] {});
EXPECT_TRUE(manager->prepareSynced(vibratorIds).isOk());
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION,
- manager->triggerSynced(callback).exceptionCode());
+ Status status = manager->triggerSynced(callback);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
diff --git a/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp b/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
index 713ec75..4d49a12 100644
--- a/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
+++ b/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
@@ -112,6 +112,11 @@
int32_t capabilities;
};
+inline bool isUnknownOrUnsupported(Status status) {
+ return status.exceptionCode() == Status::EX_UNSUPPORTED_OPERATION ||
+ status.transactionError() == android::UNKNOWN_TRANSACTION;
+}
+
static float getResonantFrequencyHz(sp<IVibrator> vibrator, int32_t capabilities) {
float resonantFrequencyHz;
Status status = vibrator->getResonantFrequency(&resonantFrequencyHz);
@@ -119,7 +124,7 @@
EXPECT_GT(resonantFrequencyHz, 0);
EXPECT_EQ(status.exceptionCode(), Status::EX_NONE);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
return resonantFrequencyHz;
}
@@ -131,7 +136,7 @@
EXPECT_GT(freqResolutionHz, 0);
EXPECT_EQ(status.exceptionCode(), Status::EX_NONE);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
return freqResolutionHz;
}
@@ -147,7 +152,7 @@
EXPECT_GT(freqMinimumHz, 0);
EXPECT_LE(freqMinimumHz, resonantFrequencyHz);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
return freqMinimumHz;
}
@@ -158,7 +163,7 @@
if (capabilities & IVibrator::CAP_FREQUENCY_CONTROL) {
EXPECT_EQ(status.exceptionCode(), Status::EX_NONE);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
float freqMaximumHz =
@@ -219,7 +224,8 @@
TEST_P(VibratorAidl, OnCallbackNotSupported) {
if (!(capabilities & IVibrator::CAP_ON_CALLBACK)) {
sp<CompletionCallback> callback = new CompletionCallback([] {});
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, vibrator->on(250, callback).exceptionCode());
+ Status status = vibrator->on(250, callback);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -240,8 +246,8 @@
EXPECT_GT(lengthMs, 0);
usleep(lengthMs * 1000);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION)
- << toString(effect) << " " << toString(strength);
+ EXPECT_TRUE(isUnknownOrUnsupported(status))
+ << status << " " << toString(effect) << " " << toString(strength);
}
}
}
@@ -270,7 +276,7 @@
EXPECT_TRUE(status.isOk());
EXPECT_GT(lengthMs, 0);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
if (!status.isOk())
@@ -293,7 +299,7 @@
sp<CompletionCallback> callback = new CompletionCallback([] {});
int lengthMs;
Status status = vibrator->perform(effect, strength, callback, &lengthMs);
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, status.exceptionCode());
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
}
@@ -311,8 +317,8 @@
for (EffectStrength strength : kInvalidEffectStrengths) {
int32_t lengthMs;
Status status = vibrator->perform(effect, strength, nullptr /*callback*/, &lengthMs);
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION)
- << toString(effect) << " " << toString(strength);
+ EXPECT_TRUE(isUnknownOrUnsupported(status))
+ << status << " " << toString(effect) << " " << toString(strength);
}
}
}
@@ -338,7 +344,8 @@
TEST_P(VibratorAidl, AmplitudeReturnsUnsupportedMatchingCapabilities) {
if ((capabilities & IVibrator::CAP_AMPLITUDE_CONTROL) == 0) {
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, vibrator->setAmplitude(1).exceptionCode());
+ Status status = vibrator->setAmplitude(1);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -362,7 +369,7 @@
if (supportsExternalAmplitudeControl) {
EXPECT_TRUE(amplitudeStatus.isOk());
} else {
- EXPECT_EQ(amplitudeStatus.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(amplitudeStatus)) << amplitudeStatus;
}
EXPECT_TRUE(vibrator->setExternalControl(false).isOk());
} else {
@@ -372,8 +379,8 @@
TEST_P(VibratorAidl, ExternalControlUnsupportedMatchingCapabilities) {
if ((capabilities & IVibrator::CAP_EXTERNAL_CONTROL) == 0) {
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION,
- vibrator->setExternalControl(true).exceptionCode());
+ Status status = vibrator->setExternalControl(true);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -410,7 +417,7 @@
if (isPrimitiveSupported) {
EXPECT_EQ(Status::EX_NONE, status.exceptionCode());
} else {
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, status.exceptionCode());
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
}
@@ -473,8 +480,8 @@
effect.primitive = primitive;
effect.scale = 1.0f;
}
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION,
- vibrator->compose(composite, nullptr).exceptionCode());
+ Status status = vibrator->compose(composite, nullptr);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
vibrator->off();
}
}
@@ -618,8 +625,8 @@
EXPECT_EQ(Status::EX_NONE, status.exceptionCode())
<< toString(effect) << " " << toString(strength);
} else {
- EXPECT_EQ(Status::EX_UNSUPPORTED_OPERATION, status.exceptionCode())
- << toString(effect) << " " << toString(strength);
+ EXPECT_TRUE(isUnknownOrUnsupported(status))
+ << status << " " << toString(effect) << " " << toString(strength);
}
}
}
@@ -639,7 +646,7 @@
ASSERT_GT(qFactor, 0);
EXPECT_EQ(status.exceptionCode(), Status::EX_NONE);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -668,7 +675,7 @@
ASSERT_LE(e, 1.0);
}
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -690,7 +697,7 @@
ASSERT_NE(maxSize, 0);
EXPECT_EQ(status.exceptionCode(), Status::EX_NONE);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}
@@ -703,7 +710,7 @@
ASSERT_TRUE(isDefaultNoneSupported);
EXPECT_EQ(status.exceptionCode(), Status::EX_NONE);
} else {
- EXPECT_EQ(status.exceptionCode(), Status::EX_UNSUPPORTED_OPERATION);
+ EXPECT_TRUE(isUnknownOrUnsupported(status)) << status;
}
}