Merge "Fix the default BandwidthAmplitudeMap contant" into tm-dev
diff --git a/camera/provider/aidl/vts/VtsAidlHalCameraProvider_TargetTest.cpp b/camera/provider/aidl/vts/VtsAidlHalCameraProvider_TargetTest.cpp
index af83578..bde56b3 100644
--- a/camera/provider/aidl/vts/VtsAidlHalCameraProvider_TargetTest.cpp
+++ b/camera/provider/aidl/vts/VtsAidlHalCameraProvider_TargetTest.cpp
@@ -2989,8 +2989,8 @@
auto retcode = find_camera_metadata_ro_entry(
staticMeta, ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES, &entry);
if ((0 == retcode) && (entry.count > 0)) {
- supportedUseCases.insert(supportedUseCases.end(), entry.data.i32,
- entry.data.i32 + entry.count);
+ supportedUseCases.insert(supportedUseCases.end(), entry.data.i64,
+ entry.data.i64 + entry.count);
} else {
supportedUseCases.push_back(ANDROID_SCALER_AVAILABLE_STREAM_USE_CASES_DEFAULT);
}
@@ -3034,12 +3034,13 @@
bool combSupported;
ret = cameraDevice->isStreamCombinationSupported(config, &combSupported);
- ASSERT_TRUE((ret.isOk()) || (static_cast<int32_t>(Status::OPERATION_NOT_SUPPORTED) ==
- ret.getServiceSpecificError()));
- if (ret.isOk()) {
- ASSERT_EQ(combSupported, useCaseSupported);
+ if (static_cast<int32_t>(Status::OPERATION_NOT_SUPPORTED) ==
+ ret.getServiceSpecificError()) {
+ continue;
}
+
ASSERT_TRUE(ret.isOk());
+ ASSERT_EQ(combSupported, useCaseSupported);
std::vector<HalStream> halStreams;
ret = mSession->configureStreams(config, &halStreams);
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 16bbc5c..a4cfb8b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -78,15 +78,16 @@
* provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned.
*
* 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not
- * provided and the generated/imported key has KeyPurpose::SIGN, then the returned
- * certificate chain must contain only a single self-signed certificate with no attestation
- * extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
+ * provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY,
+ * then the returned certificate chain must contain only a single self-signed certificate
+ * with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
+ * provided.
*
* 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is
- * not provided and the generated/imported key does not have KeyPurpose::SIGN, then the
- * returned certificate chain must contain only a single certificate with an empty signature
- * and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
- * provided.
+ * not provided and the generated/imported key does not have KeyPurpose::SIGN nor
+ * KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single
+ * certificate with an empty signature and no attestation extension.
+ * Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
*
* 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must
* return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index a14fc88..5024400 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -92,8 +92,8 @@
* },
* {}, // Unprotected params
* bstr .size 32, // MAC key
- * bstr PureEd25519(KM_priv, .cbor SignedMac_structure) /
- * ECDSA(KM_priv, bstr .cbor SignedMac_structure)
+ * bstr // PureEd25519(KM_priv, bstr .cbor SignedMac_structure) /
+ * // ECDSA(KM_priv, bstr .cbor SignedMac_structure)
* ]
*
* SignedMac_structure = [
@@ -144,8 +144,8 @@
* },
* unprotected: {},
* payload: bstr .cbor BccPayload,
- * signature: bstr .cbor PureEd25519(SigningKey, bstr .cbor BccEntryInput) /
- * bstr .cbor ECDSA(SigningKey, bstr .cbor BccEntryInput)
+ * signature: bstr // PureEd25519(SigningKey, bstr .cbor BccEntryInput) /
+ * // ECDSA(SigningKey, bstr .cbor BccEntryInput)
* // See RFC 8032 for details of how to encode the signature value for Ed25519.
* ]
*
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 8a26b3c..0bab54c 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -183,6 +183,14 @@
* This test attempts to create an RSA attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
+
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
@@ -453,6 +461,13 @@
* This test attempts to create an EC attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 056d83a..8a24d25 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3821,6 +3821,13 @@
* Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
uint32_t key_size = 2048;
string key = rsa_2048_key;
@@ -3959,6 +3966,13 @@
* Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 4341aa1..3cc11f6 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -432,10 +432,9 @@
auto [deviceInfoMap, __2, deviceInfoErrMsg] = cppbor::parse(deviceInfo.deviceInfo);
ASSERT_TRUE(deviceInfoMap) << "Failed to parse deviceInfo: " << deviceInfoErrMsg;
ASSERT_TRUE(deviceInfoMap->asMap());
-
checkDeviceInfo(deviceInfoMap->asMap(), deviceInfo.deviceInfo);
-
auto& signingKey = bccContents->back().pubKey;
+ deviceInfoMap->asMap()->canonicalize();
auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey,
cppbor::Array() // SignedMacAad
.add(challenge_)
@@ -467,10 +466,10 @@
ASSERT_EQ(val->type(), majorType) << entryName << " has the wrong type.";
switch (majorType) {
case cppbor::TSTR:
- ASSERT_GT(val->asTstr()->value().size(), 0);
+ EXPECT_GT(val->asTstr()->value().size(), 0);
break;
case cppbor::BSTR:
- ASSERT_GT(val->asBstr()->value().size(), 0);
+ EXPECT_GT(val->asBstr()->value().size(), 0);
break;
default:
break;
@@ -478,6 +477,8 @@
}
void checkDeviceInfo(const cppbor::Map* deviceInfo, bytevec deviceInfoBytes) {
+ EXPECT_EQ(deviceInfo->clone()->asMap()->canonicalize().encode(), deviceInfoBytes)
+ << "DeviceInfo ordering is non-canonical.";
const auto& version = deviceInfo->get("version");
ASSERT_TRUE(version);
ASSERT_TRUE(version->asUint());
@@ -496,21 +497,21 @@
// TODO: Refactor the KeyMint code that validates these fields and include it here.
checkType(deviceInfo, cppbor::TSTR, "vb_state");
allowList = getAllowedVbStates();
- ASSERT_NE(allowList.find(deviceInfo->get("vb_state")->asTstr()->value()),
+ EXPECT_NE(allowList.find(deviceInfo->get("vb_state")->asTstr()->value()),
allowList.end());
checkType(deviceInfo, cppbor::TSTR, "bootloader_state");
allowList = getAllowedBootloaderStates();
- ASSERT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()),
+ EXPECT_NE(allowList.find(deviceInfo->get("bootloader_state")->asTstr()->value()),
allowList.end());
checkType(deviceInfo, cppbor::BSTR, "vbmeta_digest");
checkType(deviceInfo, cppbor::UINT, "system_patch_level");
checkType(deviceInfo, cppbor::UINT, "boot_patch_level");
checkType(deviceInfo, cppbor::UINT, "vendor_patch_level");
checkType(deviceInfo, cppbor::UINT, "fused");
- ASSERT_LT(deviceInfo->get("fused")->asUint()->value(), 2); // Must be 0 or 1.
+ EXPECT_LT(deviceInfo->get("fused")->asUint()->value(), 2); // Must be 0 or 1.
checkType(deviceInfo, cppbor::TSTR, "security_level");
allowList = getAllowedSecurityLevels();
- ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
+ EXPECT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
allowList.end());
if (deviceInfo->get("security_level")->asTstr()->value() == "tee") {
checkType(deviceInfo, cppbor::TSTR, "os_version");
@@ -519,20 +520,18 @@
case 1:
checkType(deviceInfo, cppbor::TSTR, "security_level");
allowList = getAllowedSecurityLevels();
- ASSERT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
+ EXPECT_NE(allowList.find(deviceInfo->get("security_level")->asTstr()->value()),
allowList.end());
if (version->asUint()->value() == 1) {
checkType(deviceInfo, cppbor::TSTR, "att_id_state");
allowList = getAllowedAttIdStates();
- ASSERT_NE(allowList.find(deviceInfo->get("att_id_state")->asTstr()->value()),
+ EXPECT_NE(allowList.find(deviceInfo->get("att_id_state")->asTstr()->value()),
allowList.end());
}
break;
default:
FAIL() << "Unrecognized version: " << version->asUint()->value();
}
- ASSERT_EQ(deviceInfo->clone()->asMap()->canonicalize().encode(), deviceInfoBytes)
- << "DeviceInfo ordering is non-canonical.";
}
bytevec eekId_;
diff --git a/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp b/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp
index 2ed6a0e..272a427 100644
--- a/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp
+++ b/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp
@@ -43,7 +43,6 @@
using aidl::android::hardware::wifi::supplicant::ISupplicantStaIface;
using aidl::android::hardware::wifi::supplicant::ISupplicantStaNetwork;
using aidl::android::hardware::wifi::supplicant::KeyMgmtMask;
-using aidl::android::hardware::wifi::supplicant::RxFilterType;
using aidl::android::hardware::wifi::supplicant::WpaDriverCapabilitiesMask;
using aidl::android::hardware::wifi::supplicant::WpsConfigMethods;
using android::ProcessState;
@@ -544,36 +543,6 @@
}
/*
- * StartRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, StartRxFilter) {
- EXPECT_TRUE(sta_iface_->startRxFilter().isOk());
-}
-
-/*
- * StopRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, StopRxFilter) {
- EXPECT_TRUE(sta_iface_->stopRxFilter().isOk());
-}
-
-/*
- * AddRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, AddRxFilter) {
- EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V4_MULTICAST).isOk());
- EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V6_MULTICAST).isOk());
-}
-
-/*
- * RemoveRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, RemoveRxFilter) {
- EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V4_MULTICAST).isOk());
- EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V6_MULTICAST).isOk());
-}
-
-/*
* AddExtRadioWork
*/
TEST_P(SupplicantStaIfaceAidlTest, AddExtRadioWork) {