Merge "Explain how to add service_contexts for stable-c mapper" into main
diff --git a/automotive/can/1.0/default/tests/fuzzer/Android.bp b/automotive/can/1.0/default/tests/fuzzer/Android.bp
index 01c8a9d..16030d8 100644
--- a/automotive/can/1.0/default/tests/fuzzer/Android.bp
+++ b/automotive/can/1.0/default/tests/fuzzer/Android.bp
@@ -48,7 +48,8 @@
],
fuzz_config: {
cc: [
- "android-media-fuzzing-reports@google.com",
+ "chrisweir@google.com",
+ "twasilczyk@google.com",
],
componentid: 533764,
hotlists: [
diff --git a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
index 140b956..aaf436f 100644
--- a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
+++ b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
@@ -1095,6 +1095,37 @@
}
+/**
+ * VSR-5.3.14-012 MUST support at least eight LE concurrent connections with
+ * three in peripheral role.
+ */
+// @VsrTest = 5.3.14-012
+TEST_P(BluetoothAidlTest, Vsr_BlE_Connection_Requirement) {
+ std::vector<uint8_t> version_event;
+ send_and_wait_for_cmd_complete(ReadLocalVersionInformationBuilder::Create(),
+ version_event);
+ auto version_view = ReadLocalVersionInformationCompleteView::Create(
+ CommandCompleteView::Create(EventView::Create(PacketView<true>(
+ std::make_shared<std::vector<uint8_t>>(version_event)))));
+ ASSERT_TRUE(version_view.IsValid());
+ ASSERT_EQ(::bluetooth::hci::ErrorCode::SUCCESS, version_view.GetStatus());
+ auto version = version_view.GetLocalVersionInformation();
+ if (version.hci_version_ < ::bluetooth::hci::HciVersion::V_5_0) {
+ // This test does not apply to controllers below 5.0
+ return;
+ };
+
+ int max_connections = ::android::base::GetIntProperty(
+ "bluetooth.core.le.max_number_of_concurrent_connections", -1);
+ if (max_connections == -1) {
+ // With the property not set the default minimum of 8 will be used
+ ALOGI("Max number of LE concurrent connections isn't set");
+ return;
+ }
+ ALOGI("Max number of LE concurrent connections = %d", max_connections);
+ ASSERT_GE(max_connections, 8);
+}
+
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(BluetoothAidlTest);
INSTANTIATE_TEST_SUITE_P(PerInstance, BluetoothAidlTest,
testing::ValuesIn(android::getAidlHalInstanceNames(
diff --git a/bluetooth/audio/utils/Android.bp b/bluetooth/audio/utils/Android.bp
index cecf8f0..779a90f 100644
--- a/bluetooth/audio/utils/Android.bp
+++ b/bluetooth/audio/utils/Android.bp
@@ -51,6 +51,7 @@
"libxsdc-utils",
],
defaults: [
+ "aconfig_lib_cc_static_link.defaults",
"latest_android_hardware_bluetooth_audio_ndk_shared",
],
shared_libs: [
diff --git a/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp b/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp
index fee9e242..be07a7d 100644
--- a/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp
+++ b/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp
@@ -18,7 +18,6 @@
#include <aidl/Vintf.h>
#include <aidl/android/hardware/bluetooth/finder/IBluetoothFinder.h>
#include <android-base/logging.h>
-#include <android-base/properties.h>
#include <android/binder_manager.h>
#include <android/binder_process.h>
#include <binder/IServiceManager.h>
@@ -72,12 +71,6 @@
return bluetooth_finder->getPoweredOffFinderMode(status);
}
-TEST_P(BluetoothFinderTest, PropertyIsSet) {
- ASSERT_EQ(
- android::base::GetProperty("ro.bluetooth.finder.supported", "false"),
- "true");
-}
-
TEST_P(BluetoothFinderTest, SendEidsSingle) {
ScopedAStatus status = sendEids(1);
ASSERT_TRUE(status.isOk());
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index 0cf53cf..fbb6140 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -7,6 +7,13 @@
default_applicable_licenses: ["hardware_interfaces_license"],
}
+// The following target has an insecure implementation of KeyMint where the
+// trusted application (TA) code runs in-process alongside the HAL service
+// code.
+//
+// A real device is required to run the TA code in a secure environment, as
+// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
+// isolated execution environment."
cc_binary {
name: "android.hardware.security.keymint-service",
relative_install_path: "hw",
@@ -46,6 +53,13 @@
],
}
+// The following target has an insecure implementation of KeyMint where the
+// trusted application (TA) code runs in-process alongside the HAL service
+// code.
+//
+// A real device is required to run the TA code in a secure environment, as
+// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an
+// isolated execution environment."
rust_binary {
name: "android.hardware.security.keymint-service.nonsecure",
relative_install_path: "hw",
diff --git a/security/keymint/aidl/default/main.rs b/security/keymint/aidl/default/main.rs
index 055c698..47143f4 100644
--- a/security/keymint/aidl/default/main.rs
+++ b/security/keymint/aidl/default/main.rs
@@ -17,11 +17,15 @@
//! Default implementation of the KeyMint HAL and related HALs.
//!
//! This implementation of the HAL is only intended to allow testing and policy compliance. A real
-//! implementation **must be implemented in a secure environment**.
+//! implementation **must implement the TA in a secure environment**, as per CDD 9.11 [C-1-1]:
+//! "MUST back up the keystore implementation with an isolated execution environment."
+//!
+//! The additional device-specific components that are required for a real implementation of KeyMint
+//! that is based on the Rust reference implementation are described in system/keymint/README.md.
use kmr_hal::SerializedChannel;
use kmr_hal_nonsecure::{attestation_id_info, get_boot_info};
-use log::{debug, error, info};
+use log::{debug, error, info, warn};
use std::ops::DerefMut;
use std::sync::{mpsc, Arc, Mutex};
@@ -62,7 +66,7 @@
error!("{}", panic_info);
}));
- info!("Insecure KeyMint HAL service is starting.");
+ warn!("Insecure KeyMint HAL service is starting.");
info!("Starting thread pool now.");
binder::ProcessState::start_thread_pool();
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index b65218f..65a4645 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -22,6 +22,7 @@
#include <algorithm>
#include <iostream>
#include <map>
+#include <set>
#include <openssl/curve25519.h>
#include <openssl/ec.h>
@@ -3588,6 +3589,42 @@
}
/*
+ * SigningOperationsTest.HmacMessageDigestUnique
+ *
+ * Verifies that HMAC with different keys gives different results.
+ */
+TEST_P(SigningOperationsTest, HmacMessageDigestUnique) {
+ for (int key_len : {64, 128, 192, 256, 512}) {
+ for (int msg_len = 0; msg_len <= 30; msg_len += 10) {
+ string message = string(msg_len, 'x');
+ for (auto digest : ValidDigests(false /* withNone */, false /* withMD5 */)) {
+ SCOPED_TRACE(testing::Message() << "Digest::" << digest << "::MsgLen::" << msg_len);
+
+ int count = 10;
+ std::set<string> results;
+ for (int ii = 0; ii < count; ii++) {
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .HmacKey(key_len)
+ .Digest(digest)
+ .Authorization(TAG_MIN_MAC_LENGTH, 160)))
+ << "Failed to create HMAC key with digest " << digest;
+ string signature = MacMessage(message, digest, 160);
+ EXPECT_EQ(160U / 8U, signature.size())
+ << "Failed to sign with HMAC key with digest " << digest;
+ CheckedDeleteKey();
+ results.insert(signature);
+ }
+ EXPECT_EQ(results.size(), count)
+ << "HMAC of a message '" << message << "' with " << count
+ << " fresh keys only gave " << results.size() << " distinct results";
+ }
+ }
+ }
+}
+
+/*
* SigningOperationsTest.HmacSha256TooLargeMacLength
*
* Verifies that HMAC fails in the correct way when asked to generate a MAC larger than the
diff --git a/threadnetwork/aidl/default/main.cpp b/threadnetwork/aidl/default/main.cpp
index 8419041..26683bf 100644
--- a/threadnetwork/aidl/default/main.cpp
+++ b/threadnetwork/aidl/default/main.cpp
@@ -26,24 +26,29 @@
using aidl::android::hardware::threadnetwork::IThreadChip;
using aidl::android::hardware::threadnetwork::ThreadChip;
+namespace {
+void addThreadChip(int id, const char* url) {
+ binder_status_t status;
+ const std::string serviceName(std::string() + IThreadChip::descriptor + "/chip" +
+ std::to_string(id));
+
+ ALOGI("ServiceName: %s, Url: %s", serviceName.c_str(), url);
+
+ auto threadChip = ndk::SharedRefBase::make<ThreadChip>(url);
+
+ CHECK_NE(threadChip, nullptr);
+
+ status = AServiceManager_addService(threadChip->asBinder().get(), serviceName.c_str());
+ CHECK_EQ(status, STATUS_OK);
+}
+}
+
int main(int argc, char* argv[]) {
CHECK_GT(argc, 1);
- std::vector<std::shared_ptr<ThreadChip>> threadChips;
aidl::android::hardware::threadnetwork::Service service;
for (int id = 0; id < argc - 1; id++) {
- binder_status_t status;
- const std::string serviceName(std::string() + IThreadChip::descriptor + "/chip" +
- std::to_string(id));
- auto threadChip = ndk::SharedRefBase::make<ThreadChip>(argv[id + 1]);
-
- CHECK_NE(threadChip, nullptr);
-
- status = AServiceManager_addService(threadChip->asBinder().get(), serviceName.c_str());
- CHECK_EQ(status, STATUS_OK);
-
- ALOGI("ServiceName: %s, Url: %s", serviceName.c_str(), argv[id + 1]);
- threadChips.push_back(std::move(threadChip));
+ addThreadChip(id, argv[id + 1]);
}
ALOGI("Thread Network HAL is running");
diff --git a/threadnetwork/aidl/default/thread_chip.cpp b/threadnetwork/aidl/default/thread_chip.cpp
index d1e1d4c..e312728 100644
--- a/threadnetwork/aidl/default/thread_chip.cpp
+++ b/threadnetwork/aidl/default/thread_chip.cpp
@@ -32,11 +32,9 @@
namespace hardware {
namespace threadnetwork {
-ThreadChip::ThreadChip(char* url) : mUrl(), mRxFrameBuffer(), mCallback(nullptr) {
+ThreadChip::ThreadChip(const char* url) : mUrl(url), mRxFrameBuffer(), mCallback(nullptr) {
const char* interfaceName;
- CHECK_EQ(mUrl.Init(url), 0);
-
interfaceName = mUrl.GetProtocol();
CHECK_NE(interfaceName, nullptr);
diff --git a/threadnetwork/aidl/default/thread_chip.hpp b/threadnetwork/aidl/default/thread_chip.hpp
index 30046ef..d07d049 100644
--- a/threadnetwork/aidl/default/thread_chip.hpp
+++ b/threadnetwork/aidl/default/thread_chip.hpp
@@ -20,8 +20,8 @@
#include <aidl/android/hardware/threadnetwork/IThreadChipCallback.h>
#include "lib/spinel/spinel_interface.hpp"
-#include "lib/url/url.hpp"
#include "mainloop.hpp"
+#include "radio_url.hpp"
#include <android/binder_auto_utils.h>
#include <android/binder_ibinder.h>
@@ -34,7 +34,7 @@
class ThreadChip : public BnThreadChip, ot::Posix::Mainloop::Source {
public:
- ThreadChip(char* url);
+ ThreadChip(const char* url);
~ThreadChip() {}
ndk::ScopedAStatus open(const std::shared_ptr<IThreadChipCallback>& in_callback) override;
@@ -55,7 +55,7 @@
ndk::ScopedAStatus initChip(const std::shared_ptr<IThreadChipCallback>& in_callback);
ndk::ScopedAStatus deinitChip();
- ot::Url::Url mUrl;
+ ot::Posix::RadioUrl mUrl;
std::shared_ptr<ot::Spinel::SpinelInterface> mSpinelInterface;
ot::Spinel::SpinelInterface::RxFrameBuffer mRxFrameBuffer;
std::shared_ptr<IThreadChipCallback> mCallback;