Merge "Use std::filesystem when libc++ is new enough" into main
diff --git a/audio/aidl/vts/TestUtils.h b/audio/aidl/vts/TestUtils.h
index 10c2fc6..b559669 100644
--- a/audio/aidl/vts/TestUtils.h
+++ b/audio/aidl/vts/TestUtils.h
@@ -78,9 +78,9 @@
EXPECT_PRED_FORMAT2(::android::hardware::audio::common::testing::detail::assertResult, \
expected, ret)
-#define SKIP_TEST_IF_DATA_UNSUPPORTED(flags) \
- ({ \
- if ((flags).hwAcceleratorMode == Flags::HardwareAccelerator::TUNNEL || (flags).bypass) { \
- GTEST_SKIP() << "Skip data path for offload"; \
- } \
+#define SKIP_TEST_IF_DATA_UNSUPPORTED(flags) \
+ ({ \
+ if ((flags).hwAcceleratorMode == Flags::HardwareAccelerator::TUNNEL || (flags).bypass) { \
+ GTEST_SKIP() << "Skip data path for offload"; \
+ } \
})
\ No newline at end of file
diff --git a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
index 3011a5e..1876756 100644
--- a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
@@ -42,11 +42,11 @@
using aidl::android::hardware::audio::effect::CommandId;
using aidl::android::hardware::audio::effect::Descriptor;
+using aidl::android::hardware::audio::effect::Flags;
using aidl::android::hardware::audio::effect::IEffect;
using aidl::android::hardware::audio::effect::IFactory;
using aidl::android::hardware::audio::effect::Parameter;
using aidl::android::hardware::audio::effect::State;
-using aidl::android::hardware::audio::effect::Flags;
using aidl::android::media::audio::common::AudioDeviceDescription;
using aidl::android::media::audio::common::AudioDeviceType;
using aidl::android::media::audio::common::AudioMode;
@@ -87,11 +87,11 @@
};
class AudioEffectDataPathTest : public AudioEffectTest {
- public:
- void SetUp() override {
- AudioEffectTest::SetUp();
- SKIP_TEST_IF_DATA_UNSUPPORTED(mDescriptor.common.flags);
- }
+ public:
+ void SetUp() override {
+ AudioEffectTest::SetUp();
+ SKIP_TEST_IF_DATA_UNSUPPORTED(mDescriptor.common.flags);
+ }
};
TEST_P(AudioEffectTest, SetupAndTearDown) {
@@ -504,6 +504,11 @@
// Set and get AudioDeviceDescription in Parameter
TEST_P(AudioEffectTest, SetAndGetParameterDeviceDescription) {
+ if (!mDescriptor.common.flags.deviceIndication) {
+ GTEST_SKIP() << "Skipping test as effect does not support deviceIndication"
+ << mDescriptor.common.flags.toString();
+ }
+
ASSERT_NO_FATAL_FAILURE(create(mFactory, mEffect, mDescriptor));
ASSERT_NO_FATAL_FAILURE(open(mEffect));
@@ -527,6 +532,11 @@
// Set and get AudioMode in Parameter
TEST_P(AudioEffectTest, SetAndGetParameterAudioMode) {
+ if (!mDescriptor.common.flags.audioModeIndication) {
+ GTEST_SKIP() << "Skipping test as effect does not support audioModeIndication"
+ << mDescriptor.common.flags.toString();
+ }
+
ASSERT_NO_FATAL_FAILURE(create(mFactory, mEffect, mDescriptor));
ASSERT_NO_FATAL_FAILURE(open(mEffect));
@@ -547,6 +557,11 @@
// Set and get AudioSource in Parameter
TEST_P(AudioEffectTest, SetAndGetParameterAudioSource) {
+ if (!mDescriptor.common.flags.audioSourceIndication) {
+ GTEST_SKIP() << "Skipping test as effect does not support audioSourceIndication"
+ << mDescriptor.common.flags.toString();
+ }
+
ASSERT_NO_FATAL_FAILURE(create(mFactory, mEffect, mDescriptor));
ASSERT_NO_FATAL_FAILURE(open(mEffect));
@@ -567,6 +582,11 @@
// Set and get VolumeStereo in Parameter
TEST_P(AudioEffectTest, SetAndGetParameterVolume) {
+ if (mDescriptor.common.flags.volume == Flags::Volume::NONE) {
+ GTEST_SKIP() << "Skipping test as effect does not support volume"
+ << mDescriptor.common.flags.toString();
+ }
+
ASSERT_NO_FATAL_FAILURE(create(mFactory, mEffect, mDescriptor));
ASSERT_NO_FATAL_FAILURE(open(mEffect));
diff --git a/boot/1.1/default/Android.bp b/boot/1.1/default/Android.bp
index 0b0a5b7..e7a8d6e 100644
--- a/boot/1.1/default/Android.bp
+++ b/boot/1.1/default/Android.bp
@@ -20,6 +20,7 @@
srcs: ["BootControl.cpp"],
shared_libs: [
+ "libbase",
"liblog",
"libhidlbase",
"libhardware",
diff --git a/boot/1.1/default/boot_control/Android.bp b/boot/1.1/default/boot_control/Android.bp
index 6aa30c2..d0dcb59 100644
--- a/boot/1.1/default/boot_control/Android.bp
+++ b/boot/1.1/default/boot_control/Android.bp
@@ -35,14 +35,13 @@
],
shared_libs: [
- "android.hardware.boot@1.1",
- "libbase",
"liblog",
],
static_libs: [
"libbootloader_message",
"libfstab",
],
+
}
cc_library_static {
@@ -52,7 +51,13 @@
recovery_available: true,
vendor_available: true,
- srcs: ["libboot_control.cpp"],
+ srcs: [
+ "libboot_control.cpp",
+ ],
+ static_libs: [
+ "android.hardware.boot@1.1",
+ "libbase",
+ ],
}
cc_library_shared {
@@ -67,6 +72,8 @@
"libboot_control",
],
shared_libs: [
+ "android.hardware.boot@1.1",
+ "libbase",
"libhardware",
],
}
diff --git a/boot/1.2/default/Android.bp b/boot/1.2/default/Android.bp
index 4e1c35e..f1e9c34 100644
--- a/boot/1.2/default/Android.bp
+++ b/boot/1.2/default/Android.bp
@@ -20,6 +20,7 @@
srcs: ["BootControl.cpp"],
shared_libs: [
+ "libbase",
"liblog",
"libhidlbase",
"libhardware",
diff --git a/boot/aidl/default/Android.bp b/boot/aidl/default/Android.bp
index dcb40db..c1d3c57 100644
--- a/boot/aidl/default/Android.bp
+++ b/boot/aidl/default/Android.bp
@@ -27,7 +27,39 @@
name: "android.hardware.boot-service_common",
relative_install_path: "hw",
defaults: ["libboot_control_defaults"],
+ srcs: [
+ "main.cpp",
+ "BootControl.cpp",
+ ],
+}
+
+cc_binary {
+ name: "android.hardware.boot-service.default",
+ defaults: ["android.hardware.boot-service_common"],
+ vendor: true,
+
+ stl: "c++_static",
+ shared_libs: [
+ "libbinder_ndk",
+ "liblog",
+ ],
+ static_libs: [
+ "android.hardware.boot@1.1",
+ "android.hardware.boot-V1-ndk",
+ "libbase",
+ "libboot_control",
+ ],
+
+ installable: false, // installed in APEX
+}
+
+cc_binary {
+ name: "android.hardware.boot-service.default_recovery",
+ defaults: ["android.hardware.boot-service_common"],
+ init_rc: ["android.hardware.boot-service.default_recovery.rc"],
vintf_fragments: ["android.hardware.boot-service.default.xml"],
+ recovery: true,
+
shared_libs: [
"libbase",
"libbinder_ndk",
@@ -37,19 +69,35 @@
static_libs: [
"libboot_control",
],
- srcs: ["main.cpp", "BootControl.cpp"],
}
-cc_binary {
- name: "android.hardware.boot-service.default",
- defaults: ["android.hardware.boot-service_common"],
- init_rc: ["android.hardware.boot-service.default.rc"],
+prebuilt_etc {
+ name: "android.hardware.boot-service.default.rc",
+ src: "android.hardware.boot-service.default.rc",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "android.hardware.boot-service.default.xml",
+ src: "android.hardware.boot-service.default.xml",
+ sub_dir: "vintf",
+ installable: false,
+}
+
+apex {
+ name: "com.android.hardware.boot",
vendor: true,
-}
+ manifest: "apex_manifest.json",
+ file_contexts: "apex_file_contexts",
+ key: "com.android.hardware.key",
+ certificate: ":com.android.hardware.certificate",
+ updatable: false,
-cc_binary {
- name: "android.hardware.boot-service.default_recovery",
- defaults: ["android.hardware.boot-service_common"],
- init_rc: ["android.hardware.boot-service.default_recovery.rc"],
- recovery: true,
+ binaries: [
+ "android.hardware.boot-service.default",
+ ],
+ prebuilts: [
+ "android.hardware.boot-service.default.rc",
+ "android.hardware.boot-service.default.xml",
+ ],
}
diff --git a/boot/aidl/default/android.hardware.boot-service.default.rc b/boot/aidl/default/android.hardware.boot-service.default.rc
index 589f803..5090e2c 100644
--- a/boot/aidl/default/android.hardware.boot-service.default.rc
+++ b/boot/aidl/default/android.hardware.boot-service.default.rc
@@ -1,4 +1,4 @@
-service vendor.boot-default /vendor/bin/hw/android.hardware.boot-service.default
+service vendor.boot-default /apex/com.android.hardware.boot/bin/hw/android.hardware.boot-service.default
class early_hal
user root
group root
diff --git a/boot/aidl/default/apex_file_contexts b/boot/aidl/default/apex_file_contexts
new file mode 100644
index 0000000..bf03585
--- /dev/null
+++ b/boot/aidl/default/apex_file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:vendor_file:s0
+/etc(/.*)? u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.boot-service\.default u:object_r:hal_bootctl_default_exec:s0
diff --git a/boot/aidl/default/apex_manifest.json b/boot/aidl/default/apex_manifest.json
new file mode 100644
index 0000000..92661c9
--- /dev/null
+++ b/boot/aidl/default/apex_manifest.json
@@ -0,0 +1,5 @@
+{
+ "name": "com.android.hardware.boot",
+ "version": 1,
+ "vendorBootstrap": true
+}
\ No newline at end of file
diff --git a/contexthub/aidl/default/Android.bp b/contexthub/aidl/default/Android.bp
index 269057a..4bcdda8 100644
--- a/contexthub/aidl/default/Android.bp
+++ b/contexthub/aidl/default/Android.bp
@@ -57,3 +57,34 @@
],
srcs: ["main.cpp"],
}
+
+prebuilt_etc {
+ name: "android.hardware.contexthub-service.example.rc",
+ src: "android.hardware.contexthub-service.example.rc",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "contexthub-default.xml",
+ src: "contexthub-default.xml",
+ sub_dir: "vintf",
+ installable: false,
+}
+
+apex {
+ name: "com.android.hardware.contexthub",
+ vendor: true,
+ manifest: "apex_manifest.json",
+ file_contexts: "apex_file_contexts",
+ key: "com.android.hardware.key",
+ certificate: ":com.android.hardware.certificate",
+ updatable: false,
+
+ binaries: [
+ "android.hardware.contexthub-service.example",
+ ],
+ prebuilts: [
+ "android.hardware.contexthub-service.example.rc",
+ "contexthub-default.xml",
+ ],
+}
diff --git a/contexthub/aidl/default/android.hardware.contexthub-service.example.rc b/contexthub/aidl/default/android.hardware.contexthub-service.example.rc
new file mode 100644
index 0000000..7d5d2aa
--- /dev/null
+++ b/contexthub/aidl/default/android.hardware.contexthub-service.example.rc
@@ -0,0 +1,4 @@
+service vendor.contexthub-default /apex/com.android.hardware.contexthub/bin/hw/android.hardware.contexthub-service.example
+ class hal
+ user context_hub
+ group context_hub
diff --git a/contexthub/aidl/default/apex_file_contexts b/contexthub/aidl/default/apex_file_contexts
new file mode 100644
index 0000000..c3c67df
--- /dev/null
+++ b/contexthub/aidl/default/apex_file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:vendor_file:s0
+/etc(/.*)? u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.contexthub-service\.example u:object_r:hal_contexthub_default_exec:s0
diff --git a/contexthub/aidl/default/apex_manifest.json b/contexthub/aidl/default/apex_manifest.json
new file mode 100644
index 0000000..aed7081
--- /dev/null
+++ b/contexthub/aidl/default/apex_manifest.json
@@ -0,0 +1,4 @@
+{
+ "name": "com.android.hardware.contexthub",
+ "version": 1
+}
\ No newline at end of file
diff --git a/secure_element/aidl/vts/VtsHalSecureElementTargetTest.cpp b/secure_element/aidl/vts/VtsHalSecureElementTargetTest.cpp
index 97b4e27..9678da4 100644
--- a/secure_element/aidl/vts/VtsHalSecureElementTargetTest.cpp
+++ b/secure_element/aidl/vts/VtsHalSecureElementTargetTest.cpp
@@ -293,11 +293,13 @@
std::vector<uint8_t> response;
LogicalChannelResponse logical_channel_response;
+ /* Temporaly disable this check to clarify Basic Channel behavior (b/300502872)
// Note: no channel is opened for this test
// transmit() will return an empty response with the error
// code CHANNEL_NOT_AVAILABLE when the SE cannot be
// communicated with.
EXPECT_ERR(secure_element_->transmit(kDataApdu, &response));
+ */
EXPECT_OK(secure_element_->openLogicalChannel(kSelectableAid, 0x00, &logical_channel_response));
EXPECT_GE(logical_channel_response.selectResponse.size(), 2u);
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 4c46719..cc97c13 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -88,30 +88,6 @@
return imei;
}
-
-// Use `ro.product.<property>_for_attestation` property for attestation if it is present else
-// fallback to use `ro.product.vendor.<property>` if it is present else fallback to
-// `ro.product.<property>`. Similar logic can be seen in Java method `getVendorDeviceIdProperty`
-// in frameworks/base/core/java/android/os/Build.java.
-template <Tag tag>
-void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
- TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
- ::android::String8 prop_name =
- ::android::String8::format("ro.product.%s_for_attestation", prop);
- std::string prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
- if (!prop_value.empty()) {
- add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
- } else {
- prop_name = ::android::String8::format("ro.product.vendor.%s", prop);
- prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
- if (!prop_value.empty()) {
- add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
- } else {
- prop_name = ::android::String8::format("ro.product.%s", prop);
- add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
- }
- }
-}
} // namespace
class AttestKeyTest : public KeyMintAidlTestBase {
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 8934a57..9778b3d 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -454,6 +454,29 @@
::android::PrintInstanceNameToString); \
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
+// Use `ro.product.<property>_for_attestation` property for attestation if it is present else
+// fallback to use `ro.product.vendor.<property>` if it is present else fallback to
+// `ro.product.<property>`. Similar logic can be seen in Java method `getVendorDeviceIdProperty`
+// in frameworks/base/core/java/android/os/Build.java.
+template <Tag tag>
+void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
+ TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
+ ::android::String8 prop_name =
+ ::android::String8::format("ro.product.%s_for_attestation", prop);
+ std::string prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
+ } else {
+ prop_name = ::android::String8::format("ro.product.vendor.%s", prop);
+ prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
+ if (!prop_value.empty()) {
+ add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
+ } else {
+ prop_name = ::android::String8::format("ro.product.%s", prop);
+ add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
+ }
+ }
+}
} // namespace test
} // namespace aidl::android::hardware::security::keymint
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 5c3d8cc..de563c4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -2082,11 +2082,6 @@
* attestation extension.
*/
TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
- if (is_gsi_image()) {
- // GSI sets up a standard set of device identifiers that may not match
- // the device identifiers held by the device.
- GTEST_SKIP() << "Test not applicable under GSI";
- }
auto challenge = "hello";
auto app_id = "foo";
auto subject = "cert subj 2";
@@ -2106,38 +2101,12 @@
// Various ATTESTATION_ID_* tags that map to fields in the attestation extension ASN.1 schema.
auto extra_tags = AuthorizationSetBuilder();
- // Use ro.product.brand_for_attestation property for attestation if it is present else fallback
- // to ro.product.brand
- std::string prop_value =
- ::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
- if (!prop_value.empty()) {
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND,
- "ro.product.brand_for_attestation");
- } else {
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
- }
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
- // Use ro.product.name_for_attestation property for attestation if it is present else fallback
- // to ro.product.name
- prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
- if (!prop_value.empty()) {
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT,
- "ro.product.name_for_attestation");
- } else {
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
- }
+ add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_BRAND, "brand");
+ add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "device");
+ add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "name");
+ add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "manufacturer");
+ add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_MODEL, "model");
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "ro.product.manufacturer");
- // Use ro.product.model_for_attestation property for attestation if it is present else fallback
- // to ro.product.model
- prop_value =
- ::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
- if (!prop_value.empty()) {
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL,
- "ro.product.model_for_attestation");
- } else {
- add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
- }
for (const KeyParameter& tag : extra_tags) {
SCOPED_TRACE(testing::Message() << "tag-" << tag);
@@ -4828,7 +4797,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
}
@@ -5336,7 +5305,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
}
@@ -5403,7 +5372,7 @@
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_OAEP)));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext, &result));
EXPECT_EQ(0U, result.size());
}
@@ -5473,7 +5442,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
}
@@ -5517,7 +5486,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext, &result));
EXPECT_EQ(0U, result.size());
}
@@ -5649,7 +5618,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 780c3d2..34f7ce4 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -962,6 +962,20 @@
return signedRequest->value();
}
+ErrMsgOr<hwtrust::DiceChain::Kind> getDiceChainKind() {
+ int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
+ switch (vendor_api_level) {
+ case __ANDROID_API_T__:
+ return hwtrust::DiceChain::Kind::kVsr13;
+ case __ANDROID_API_U__:
+ return hwtrust::DiceChain::Kind::kVsr14;
+ case __ANDROID_API_V__:
+ return hwtrust::DiceChain::Kind::kVsr15;
+ default:
+ return "Unsupported vendor API level: " + std::to_string(vendor_api_level);
+ }
+}
+
ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
const std::vector<uint8_t>& challenge) {
auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
@@ -996,7 +1010,12 @@
}
// DICE chain is [ pubkey, + DiceChainEntry ].
- auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kVsr14);
+ auto diceChainKind = getDiceChainKind();
+ if (!diceChainKind) {
+ return diceChainKind.message();
+ }
+
+ auto diceContents = validateBcc(diceCertChain, *diceChainKind);
if (!diceContents) {
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}
diff --git a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
index 80f7cbd..15b0442 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
+++ b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
@@ -90,9 +90,10 @@
DiceChainEntryPayload = { ; CWT [RFC8392]
1 : tstr, ; Issuer
2 : tstr, ; Subject
+ -4670554 : "android.15", ; Profile Name
-4670552 : bstr .cbor PubKeyEd25519 /
bstr .cbor PubKeyECDSA256 /
- bstr .cbor PubKeyECDSA384, ; Subject Public Key
+ bstr .cbor PubKeyECDSA384, ; Subject Public Key
-4670553 : bstr ; Key Usage
; NOTE: All of the following fields may be omitted for a "Degenerate DICE Chain", as