Merge "VtsHalMediaOmx should test functionality only" into pi-dev
diff --git a/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp b/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp
index a7f4031..9911038 100644
--- a/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp
+++ b/biometrics/fingerprint/2.1/vts/functional/VtsHalBiometricsFingerprintV2_1TargetTest.cpp
@@ -19,6 +19,7 @@
 #include <VtsHalHidlTargetTestBase.h>
 #include <VtsHalHidlTargetTestEnvBase.h>
 #include <android-base/logging.h>
+#include <android-base/properties.h>
 #include <android/hardware/biometrics/fingerprint/2.1/IBiometricsFingerprint.h>
 #include <android/hardware/biometrics/fingerprint/2.1/IBiometricsFingerprintClientCallback.h>
 #include <hidl/HidlSupport.h>
@@ -28,6 +29,7 @@
 #include <future>
 #include <utility>
 
+using android::base::GetUintProperty;
 using android::Condition;
 using android::hardware::biometrics::fingerprint::V2_1::IBiometricsFingerprint;
 using android::hardware::biometrics::fingerprint::V2_1::IBiometricsFingerprintClientCallback;
@@ -44,7 +46,7 @@
 static const uint32_t kTimeout = 3;
 static const std::chrono::seconds kTimeoutInSeconds = std::chrono::seconds(kTimeout);
 static const uint32_t kGroupId = 99;
-static const std::string kTmpDir = "/data/system/users/0/fpdata/";
+static std::string kTmpDir = "";
 static const uint32_t kIterations = 1000;
 
 // Wait for a callback to occur (signaled by the given future) up to the
@@ -199,9 +201,25 @@
         FingerprintHidlEnvironment::Instance()->getServiceName<IBiometricsFingerprint>());
     ASSERT_FALSE(mService == nullptr);
 
-    // Create an active group
-    // FP service can only write to /data/system/users/*/fpdata/ due to
-    // SELinux Policy and Linux Dir Permissions
+    /*
+     * Devices shipped from now on will instead store
+     * fingerprint data under /data/vendor_de/<user-id>/fpdata.
+     * Support for /data/vendor_de and /data/vendor_ce has been added to vold.
+     */
+
+    uint64_t api_level = GetUintProperty<uint64_t>("ro.product.first_api_level", 0);
+    if (api_level == 0) {
+      api_level = GetUintProperty<uint64_t>("ro.build.version.sdk", 0);
+    }
+    ASSERT_TRUE(api_level != 0);
+
+    // 27 is the API number for O-MR1
+    if (api_level <= 27) {
+      kTmpDir = "/data/system/users/0/fpdata/";
+    } else {
+      kTmpDir = "/data/vendor_de/0/fpdata/";
+    }
+
     Return<RequestStatus> res = mService->setActiveGroup(kGroupId, kTmpDir);
     ASSERT_EQ(RequestStatus::SYS_OK, static_cast<RequestStatus>(res));
   }
diff --git a/current.txt b/current.txt
index 413efae..9ddfdb6 100644
--- a/current.txt
+++ b/current.txt
@@ -347,8 +347,8 @@
 675682dd3007805c985eaaec91612abc88f4c25b3431fb84070b7584a1a741fb android.hardware.health@2.0::IHealth
 434c4c32c00b0e54bb05e40c79503208b40f786a318029a2a4f66e34f10f2a76 android.hardware.health@2.0::IHealthInfoCallback
 c9e498f1ade5e26f00d290b4763a9671ec6720f915e7d592844b62e8cb1f9b5c android.hardware.health@2.0::types
-5c8e06f9945276d1a9e8f7e37cf0ea8894bdb906fa80809cb06c36abb39afc4f android.hardware.keymaster@4.0::IKeymasterDevice
-6695eb5744108035506004dd136068b1aaebe809cf9d4a69c2fe33b73058bb85 android.hardware.keymaster@4.0::types
+201f9723353fdbd40bf3705537fb7e015e4c399879425e68688fe0f43606ea4d android.hardware.keymaster@4.0::IKeymasterDevice
+1b7d2090c0a28b229d37c4b96160796b1f0d703950ac6ccc163fccd280830503 android.hardware.keymaster@4.0::types
 6d5c646a83538f0f9d8438c259932509f4353410c6c76e56db0d6ca98b69c3bb android.hardware.media.bufferpool@1.0::IAccessor
 b8c7ed58aa8740361e63d0ce9e7c94227572a629f356958840b34809d2393a7c android.hardware.media.bufferpool@1.0::IClientManager
 4a2c0dc82780e6c90731725a103feab8ab6ecf85a64e049b9cbd2b2c61620fe1 android.hardware.media.bufferpool@1.0::IConnection
diff --git a/gnss/1.1/vts/functional/gnss_hal_test.cpp b/gnss/1.1/vts/functional/gnss_hal_test.cpp
index 8928a5a..46d61e5 100644
--- a/gnss/1.1/vts/functional/gnss_hal_test.cpp
+++ b/gnss/1.1/vts/functional/gnss_hal_test.cpp
@@ -191,7 +191,7 @@
 void GnssHalTest::StartAndCheckLocations(int count) {
     const int kMinIntervalMsec = 500;
     const int kLocationTimeoutSubsequentSec = 2;
-    const bool kLowPowerMode = true;
+    const bool kLowPowerMode = false;
 
     SetPositionMode(kMinIntervalMsec, kLowPowerMode);
 
diff --git a/keymaster/4.0/IKeymasterDevice.hal b/keymaster/4.0/IKeymasterDevice.hal
index 6c09ef3..74d13d8 100644
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal
@@ -217,8 +217,8 @@
      * must be a TEE Keymaster as well.  The HMAC key used to MAC and verify authentication tokens
      * (HardwareAuthToken, VerificationToken and ConfirmationToken all use this HMAC key) must be
      * shared between TEE and StrongBox so they can each validate tokens produced by the other.
-     * This method is the first step in the process for for agreeing on a shared key.  It is called
-     * by Android during startup.  The system calls it on each of the HAL instances and collects the
+     * This method is the first step in the process for agreeing on a shared key.  It is called by
+     * Android during startup.  The system calls it on each of the HAL instances and collects the
      * results in preparation for the second step.
      *
      * @return error ErrorCode::OK on success, ErrorCode::UNIMPLEMENTED if HMAC agreement is not
@@ -324,7 +324,7 @@
      *             sharingCheck = HMAC(H, "Keymaster HMAC Verification")
      *
      *         The string is UTF-8 encoded, 27 bytes in length.  If the returned values of all
-     *         IKeymasterDevice instances don't match, Keystore will assume that HMAC agreement
+     *         IKeymasterDevice instances don't match, clients must assume that HMAC agreement
      *         failed.
      */
     computeSharedHmac(vec<HmacSharingParameters> params)
@@ -718,16 +718,19 @@
      * AuthorizationList ::= SEQUENCE {
      *     purpose                    [1] EXPLICIT SET OF INTEGER OPTIONAL,
      *     algorithm                  [2] EXPLICIT INTEGER OPTIONAL,
-     *     keySize                    [3] EXPLICIT INTEGER OPTIONAL.
+     *     keySize                    [3] EXPLICIT INTEGER OPTIONAL,
      *     blockMode                  [4] EXPLICIT SET OF INTEGER OPTIONAL,
      *     digest                     [5] EXPLICIT SET OF INTEGER OPTIONAL,
      *     padding                    [6] EXPLICIT SET OF INTEGER OPTIONAL,
+     *     callerNonce                [7] EXPLICIT NULL OPTIONAL,
+     *     minMacLength               [8] EXPLICIT INTEGER OPTIONAL,
      *     ecCurve                    [10] EXPLICIT INTEGER OPTIONAL,
      *     rsaPublicExponent          [200] EXPLICIT INTEGER OPTIONAL,
      *     rollbackResistance         [303] EXPLICIT NULL OPTIONAL,
-     *     activeDateTime             [400] EXPLICIT INTEGER OPTIONAL
-     *     originationExpireDateTime  [401] EXPLICIT INTEGER OPTIONAL
-     *     usageExpireDateTime        [402] EXPLICIT INTEGER OPTIONAL
+     *     activeDateTime             [400] EXPLICIT INTEGER OPTIONAL,
+     *     originationExpireDateTime  [401] EXPLICIT INTEGER OPTIONAL,
+     *     usageExpireDateTime        [402] EXPLICIT INTEGER OPTIONAL,
+     *     userSecureId               [502] EXPLICIT INTEGER OPTIONAL,
      *     noAuthRequired             [503] EXPLICIT NULL OPTIONAL,
      *     userAuthType               [504] EXPLICIT INTEGER OPTIONAL,
      *     authTimeout                [505] EXPLICIT INTEGER OPTIONAL,
@@ -735,15 +738,11 @@
      *     trustedUserPresenceReq     [507] EXPLICIT NULL OPTIONAL,
      *     trustedConfirmationReq     [508] EXPLICIT NULL OPTIONAL,
      *     unlockedDeviceReq          [509] EXPLICIT NULL OPTIONAL,
-     *     allApplications            [600] EXPLICIT NULL OPTIONAL,
-     *     applicationId              [601] EXPLICIT OCTET_STRING OPTIONAL,
      *     creationDateTime           [701] EXPLICIT INTEGER OPTIONAL,
      *     origin                     [702] EXPLICIT INTEGER OPTIONAL,
-     *     rollbackResistant          [703] EXPLICIT NULL OPTIONAL,
      *     rootOfTrust                [704] EXPLICIT RootOfTrust OPTIONAL,
      *     osVersion                  [705] EXPLICIT INTEGER OPTIONAL,
      *     osPatchLevel               [706] EXPLICIT INTEGER OPTIONAL,
-     *     attestationChallenge       [708] EXPLICIT OCTET_STRING OPTIONAL,
      *     attestationApplicationId   [709] EXPLICIT OCTET_STRING OPTIONAL,
      *     attestationIdBrand         [710] EXPLICIT OCTET_STRING OPTIONAL,
      *     attestationIdDevice        [711] EXPLICIT OCTET_STRING OPTIONAL,
diff --git a/keymaster/4.0/types.hal b/keymaster/4.0/types.hal
index 85f181a..94dfec5 100644
--- a/keymaster/4.0/types.hal
+++ b/keymaster/4.0/types.hal
@@ -460,6 +460,8 @@
      * called on one key with TRUSTED_USER_PRESENCE_REQUIRED, and another begin() comes in for that
      * key or another with TRUSTED_USER_PRESENCE_REQUIRED, Keymaster must return
      * ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED.
+     *
+     * Must be hardware-enforced.
      */
     TRUSTED_USER_PRESENCE_REQUIRED = TagType:BOOL | 507,
 
@@ -470,11 +472,17 @@
      *
      * If an attempt to use a key with this tag does not have a cryptographically valid
      * CONFIRMATION_TOKEN provided to finish() or if the data provided to update()/finish() does not
-     * match the data described in the token, keymaster must return NO_USER_CONFIRMATION. */
+     * match the data described in the token, keymaster must return NO_USER_CONFIRMATION.
+     *
+     * Must be hardware-enforced.
+     */
     TRUSTED_CONFIRMATION_REQUIRED = TagType:BOOL | 508,
 
     /**
+     * Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is
+     * unlocked.
      *
+     * Must be software-enforced.
      */
     UNLOCKED_DEVICE_REQUIRED = TagType:BOOL | 509,
 
@@ -490,7 +498,7 @@
      * access to the tag content to decrypt the key without brute-forcing the tag content, which
      * applications can prevent by specifying sufficiently high-entropy content.
      *
-     * Must be hardware-enforced.
+     * Must never appear in KeyCharacteristics.
      */
     APPLICATION_ID = TagType:BYTES | 601,
 
@@ -511,7 +519,7 @@
      * access to the tag content to decrypt the key without brute-forcing the tag content, which
      * applications can prevent by specifying sufficiently high-entropy content.
      *
-     * Must be hardware-enforced.
+     * Must never appear in KeyCharacteristics.
      */
     APPLICATION_DATA = TagType:BYTES | 700,
 
@@ -557,11 +565,12 @@
      * key generated on Android version 4.0.3, the value would be 040003.
      *
      * The IKeymasterDevice HAL must read the current OS version from the system property
-     * ro.build.id and deliver it to the secure environment when the HAL is first loaded (mechanism
-     * is implementation-defined).  The secure environment must not accept another version until
-     * after the next boot.  If the content of ro.build.id has additional version information after
-     * the sub-minor version number, it must not be included in Tag::OS_VERSION.  If the content is
-     * non-numeric, the secure environment must use 0 as the system version.
+     * ro.build.version.release and deliver it to the secure environment when the HAL is first
+     * loaded (mechanism is implementation-defined).  The secure environment must not accept another
+     * version until after the next boot.  If the content of ro.build.version.release has additional
+     * version information after the sub-minor version number, it must not be included in
+     * Tag::OS_VERSION.  If the content is non-numeric, the secure environment must use 0 as the
+     * system version.
      *
      * Must be hardware-enforced.
      */
@@ -659,8 +668,8 @@
 
     /**
      * Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in
-     * Android, to attestKey().  This field is set only when requesting attestation of the device's
-     * identifiers.
+     * Android, to attestKey().  This field must be set only when requesting attestation of the
+     * device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
      * called and the device can no longer attest its IDs), any key attestation request that
@@ -672,8 +681,8 @@
 
     /**
      * Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in
-     * Android, to attestKey().  This field is set only when requesting attestation of the device's
-     * identifiers.
+     * Android, to attestKey().  This field must be set only when requesting attestation of the
+     * device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
      * called and the device can no longer attest its IDs), any key attestation request that
@@ -685,7 +694,7 @@
 
     /**
      * Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT
-     * in Android, to attestKey().  This field is set only when requesting attestation of the
+     * in Android, to attestKey().  This field must be set only when requesting attestation of the
      * device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
@@ -697,7 +706,7 @@
     ATTESTATION_ID_PRODUCT = TagType:BYTES | 712,
 
     /**
-     * Tag::ATTESTATION_ID_SERIAL the device's serial number.  This field is set only when
+     * Tag::ATTESTATION_ID_SERIAL the device's serial number.  This field must be set only when
      * requesting attestation of the device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
@@ -710,7 +719,7 @@
 
     /**
      * Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attestKey().
-     * This field is set only when requesting attestation of the device's identifiers.
+     * This field must be set only when requesting attestation of the device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
      * called and the device can no longer attest its IDs), any key attestation request that
@@ -723,7 +732,7 @@
 
     /**
      * Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attestKey().
-     * This field will only be set when requesting attestation of the device's identifiers.
+     * This field must be set only when requesting attestation of the device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
      * called and the device can no longer attest its IDs), any key attestation request that
@@ -736,7 +745,7 @@
 
     /**
      * Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by
-     * Build.MANUFACTURER in Android, to attstKey().  This field is set only when requesting
+     * Build.MANUFACTURER in Android, to attstKey().  This field must be set only when requesting
      * attestation of the device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
@@ -749,8 +758,8 @@
 
     /**
      * Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in
-     * Android, to attestKey().  This field is set only when requesting attestation of the device's
-     * identifiers.
+     * Android, to attestKey().  This field must be set only when requesting attestation of the
+     * device's identifiers.
      *
      * If the device does not support ID attestation (or destroyAttestationIds() was previously
      * called and the device can no longer attest its IDs), any key attestation request that
@@ -815,7 +824,7 @@
      * Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM,
      * AES-CBC, AES-CTR, or 3DES-CBC encryption or decryption.  This tag is provided to begin during
      * encryption and decryption operations.  It is only provided to begin if the key has
-     * Tag::CALLER_NONCE.  If not provided, an appropriate nonce or IV will be randomly generated by
+     * Tag::CALLER_NONCE.  If not provided, an appropriate nonce or IV must be randomly generated by
      * Keymaster and returned from begin.
      *
      * The value is a blob, an arbitrary-length array of bytes.  Allowed lengths depend on the mode: