[automerger skipped] Read VSR level from correct property. am: e5364d7617 am: 527c55f1c4 am: 761f890b00 -s ours
am skip reason: Merged-In I39109c097d129124097a303c3f108d015cb367e3 with SHA-1 e5364d7617 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/18931908
Change-Id: I0dc49c716b7de6302ed8c92323c7500e1aa219bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/audio/aidl/Android.bp b/audio/aidl/Android.bp
index 0b5b993..fd893ec 100644
--- a/audio/aidl/Android.bp
+++ b/audio/aidl/Android.bp
@@ -49,9 +49,6 @@
],
},
ndk: {
- vndk: {
- enabled: true,
- },
apex_available: [
"//apex_available:platform",
"com.android.bluetooth",
diff --git a/audio/common/all-versions/default/tests/hidlutils_tests.cpp b/audio/common/all-versions/default/tests/hidlutils_tests.cpp
index ec16b02..e5ed844 100644
--- a/audio/common/all-versions/default/tests/hidlutils_tests.cpp
+++ b/audio/common/all-versions/default/tests/hidlutils_tests.cpp
@@ -17,6 +17,7 @@
#include <array>
#include <string>
+#include <android-base/test_utils.h>
#include <gtest/gtest.h>
#define LOG_TAG "HidlUtils_Test"
@@ -1100,6 +1101,7 @@
TYPED_TEST_SUITE(FilterTest, FilterTestTypeParams);
TYPED_TEST(FilterTest, FilterOutNonVendorTags) {
+ SKIP_WITH_HWASAN; // b/230535046
TypeParam emptyTags;
EXPECT_EQ(emptyTags, HidlUtils::filterOutNonVendorTags(emptyTags));
diff --git a/audio/common/all-versions/test/utility/src/ValidateXml.cpp b/audio/common/all-versions/test/utility/src/ValidateXml.cpp
index f111c01..4d6f003 100644
--- a/audio/common/all-versions/test/utility/src/ValidateXml.cpp
+++ b/audio/common/all-versions/test/utility/src/ValidateXml.cpp
@@ -63,11 +63,8 @@
xmlSetGenericErrorFunc(this, errorCb);
}
~Libxml2Global() {
- // TODO: check if all those cleanup are needed
xmlSetGenericErrorFunc(nullptr, nullptr);
- xmlSchemaCleanupTypes();
xmlCleanupParser();
- xmlCleanupThreads();
}
const std::string& getErrors() { return errors; }
diff --git a/authsecret/aidl/Android.bp b/authsecret/aidl/Android.bp
index 432c1b9..90e128d 100644
--- a/authsecret/aidl/Android.bp
+++ b/authsecret/aidl/Android.bp
@@ -16,11 +16,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: ["1"],
}
diff --git a/automotive/OWNERS b/automotive/OWNERS
index 43c5f3e..09e257c 100644
--- a/automotive/OWNERS
+++ b/automotive/OWNERS
@@ -1,6 +1 @@
-pirozzoj@google.com
-twasilczyk@google.com
-krachuri@google.com
-gurunagarajan@google.com
-keunyoung@google.com
-felipeal@google.com
+include platform/packages/services/Car:/OWNERS
diff --git a/automotive/audiocontrol/OWNERS b/automotive/audiocontrol/OWNERS
new file mode 100644
index 0000000..f55eff3
--- /dev/null
+++ b/automotive/audiocontrol/OWNERS
@@ -0,0 +1 @@
+oscarazu@google.com
diff --git a/automotive/can/OWNERS b/automotive/can/OWNERS
new file mode 100644
index 0000000..ffa4828
--- /dev/null
+++ b/automotive/can/OWNERS
@@ -0,0 +1,3 @@
+kevinme@google.com
+chrisweir@google.com
+twasilczyk@google.com
diff --git a/automotive/occupant_awareness/aidl/Android.bp b/automotive/occupant_awareness/aidl/Android.bp
index 6ddc127..1a8124c 100644
--- a/automotive/occupant_awareness/aidl/Android.bp
+++ b/automotive/occupant_awareness/aidl/Android.bp
@@ -23,11 +23,6 @@
"com.android.car.framework",
],
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: ["1"],
}
diff --git a/automotive/sv/OWNERS b/automotive/sv/OWNERS
new file mode 100644
index 0000000..af6788b
--- /dev/null
+++ b/automotive/sv/OWNERS
@@ -0,0 +1 @@
+tanmayp@google.com
diff --git a/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp b/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp
index 90cdc66..fb8df99 100644
--- a/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp
+++ b/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp
@@ -88,11 +88,18 @@
}
mBtHci->close();
mBtHci.clear();
+ for (size_t i = 0; i < mFdCount; ++i) {
+ if (mFdList[i]) {
+ close(mFdList[i]);
+ }
+ }
}
bool init(const uint8_t* data, size_t size);
void process();
private:
+ size_t mFdCount = 1;
+ int32_t mFdList[CH_MAX] = {0};
sp<BluetoothHci> mBtHci = nullptr;
FuzzedDataProvider* mFdp = nullptr;
};
@@ -143,17 +150,15 @@
bool shouldSetH4Protocol = mFdp->ConsumeBool();
BtVendor* btVendor = BtVendor::getInstance();
- size_t fdcount = 1;
- int32_t fdList[CH_MAX] = {0};
if (!shouldSetH4Protocol) {
- fdcount = mFdp->ConsumeIntegralInRange<size_t>(kMinFdcount, CH_MAX - 1);
+ mFdCount = mFdp->ConsumeIntegralInRange<size_t>(kMinFdcount, CH_MAX - 1);
}
- for (size_t i = 0; i < fdcount; ++i) {
- fdList[i] = open("/dev/null", O_RDWR | O_CREAT);
+ for (size_t i = 0; i < mFdCount; ++i) {
+ mFdList[i] = open("/dev/null", O_RDWR | O_CREAT);
}
- btVendor->populateFdList(fdList, fdcount);
+ btVendor->populateFdList(mFdList, mFdCount);
mBtHci->initialize(bluetoothCallback);
if (!bluetoothCallback->isInitialized) {
@@ -181,12 +186,6 @@
}
btVendor->callRemainingCbacks();
-
- for (size_t i = 0; i < fdcount; ++i) {
- if (fdList[i]) {
- close(fdList[i]);
- }
- }
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
diff --git a/bluetooth/1.1/vts/functional/VtsHalBluetoothV1_1TargetTest.xml b/bluetooth/1.1/vts/functional/VtsHalBluetoothV1_1TargetTest.xml
index d64751a..98b62ef 100644
--- a/bluetooth/1.1/vts/functional/VtsHalBluetoothV1_1TargetTest.xml
+++ b/bluetooth/1.1/vts/functional/VtsHalBluetoothV1_1TargetTest.xml
@@ -20,8 +20,11 @@
<target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer">
</target_preparer>
- <target_preparer class="com.android.tradefed.targetprep.DeviceSetup">
- <option name="bluetooth" value="off" />
+ <target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
+ <option name="run-command" value="settings put global ble_scan_always_enabled 0" />
+ <option name="run-command" value="su u$(am get-current-user)_system svc bluetooth disable" />
+ <option name="teardown-command" value="su u$(am get-current-user)_system svc bluetooth enable" />
+ <option name="teardown-command" value="settings put global ble_scan_always_enabled 1" />
</target_preparer>
<target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
diff --git a/bluetooth/audio/aidl/Android.bp b/bluetooth/audio/aidl/Android.bp
index c581702..a687162 100644
--- a/bluetooth/audio/aidl/Android.bp
+++ b/bluetooth/audio/aidl/Android.bp
@@ -40,9 +40,6 @@
enabled: false,
},
ndk: {
- vndk: {
- enabled: true,
- },
apex_available: [
"//apex_available:platform",
"com.android.bluetooth",
diff --git a/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h b/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h
index ac17d6d..572a8b6 100644
--- a/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h
+++ b/boot/1.1/default/boot_control/include/libboot_control/libboot_control.h
@@ -25,9 +25,8 @@
// Helper library to implement the IBootControl HAL using the misc partition.
class BootControl {
- using MergeStatus = ::android::hardware::boot::V1_1::MergeStatus;
-
public:
+ using MergeStatus = ::android::hardware::boot::V1_1::MergeStatus;
bool Init();
unsigned int GetNumberSlots();
unsigned int GetCurrentSlot();
diff --git a/boot/1.1/default/boot_control/include/private/boot_control_definition.h b/boot/1.1/default/boot_control/include/private/boot_control_definition.h
index 8f02111..57c2f73 100644
--- a/boot/1.1/default/boot_control/include/private/boot_control_definition.h
+++ b/boot/1.1/default/boot_control/include/private/boot_control_definition.h
@@ -14,6 +14,9 @@
* limitations under the License.
*/
+#include <stdint.h>
+
+#include <bootloader_message/bootloader_message.h>
/**
* The A/B-specific bootloader message structure (4-KiB).
diff --git a/boot/1.1/vts/functional/VtsHalBootV1_1TargetTest.cpp b/boot/1.1/vts/functional/VtsHalBootV1_1TargetTest.cpp
index c38f257..05f136e 100644
--- a/boot/1.1/vts/functional/VtsHalBootV1_1TargetTest.cpp
+++ b/boot/1.1/vts/functional/VtsHalBootV1_1TargetTest.cpp
@@ -1,4 +1,5 @@
/*
+
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,6 +20,7 @@
#include <vector>
#include <android-base/logging.h>
+#include <android-base/properties.h>
#include <android/hardware/boot/1.1/IBootControl.h>
#include <android/hardware/boot/1.1/types.h>
#include <gmock/gmock.h>
@@ -37,9 +39,21 @@
using ::android::hardware::boot::V1_1::MergeStatus;
using ::testing::Contains;
+bool IsVirtualAbEnabled();
+
+#define SKIP_IF_NON_VIRTUAL_AB() \
+ do { \
+ if (!IsVirtualAbEnabled()) GTEST_SKIP() << "Test for Virtual A/B devices only"; \
+ } while (0)
+
+bool IsVirtualAbEnabled() {
+ return android::base::GetBoolProperty("ro.virtual_ab.enabled", false);
+}
+
class BootHidlTest : public testing::TestWithParam<std::string> {
public:
virtual void SetUp() override {
+ SKIP_IF_NON_VIRTUAL_AB();
boot = IBootControl::getService(GetParam());
ASSERT_NE(boot, nullptr);
diff --git a/boot/aidl/Android.bp b/boot/aidl/Android.bp
new file mode 100644
index 0000000..be38245
--- /dev/null
+++ b/boot/aidl/Android.bp
@@ -0,0 +1,40 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.boot",
+ vendor_available: true,
+ srcs: ["android/hardware/boot/*.aidl"],
+ stability: "vintf",
+ recovery_available: true,
+ backend: {
+ java: {
+ sdk_version: "module_current",
+ },
+ cpp: {
+ enabled: false,
+ },
+ },
+}
diff --git a/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/IBootControl.aidl b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/IBootControl.aidl
new file mode 100644
index 0000000..c8ab51e
--- /dev/null
+++ b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/IBootControl.aidl
@@ -0,0 +1,50 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.boot;
+@VintfStability
+interface IBootControl {
+ int getActiveBootSlot();
+ int getCurrentSlot();
+ int getNumberSlots();
+ android.hardware.boot.MergeStatus getSnapshotMergeStatus();
+ String getSuffix(in int slot);
+ boolean isSlotBootable(in int slot);
+ boolean isSlotMarkedSuccessful(in int slot);
+ void markBootSuccessful();
+ void setActiveBootSlot(in int slot);
+ void setSlotAsUnbootable(in int slot);
+ void setSnapshotMergeStatus(in android.hardware.boot.MergeStatus status);
+ const int INVALID_SLOT = -1;
+ const int COMMAND_FAILED = -2;
+}
diff --git a/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/MergeStatus.aidl b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/MergeStatus.aidl
new file mode 100644
index 0000000..53c6204
--- /dev/null
+++ b/boot/aidl/aidl_api/android.hardware.boot/current/android/hardware/boot/MergeStatus.aidl
@@ -0,0 +1,42 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.boot;
+@Backing(type="int") @VintfStability
+enum MergeStatus {
+ NONE = 0,
+ UNKNOWN = 1,
+ SNAPSHOTTED = 2,
+ MERGING = 3,
+ CANCELLED = 4,
+}
diff --git a/boot/aidl/android/hardware/boot/IBootControl.aidl b/boot/aidl/android/hardware/boot/IBootControl.aidl
new file mode 100644
index 0000000..6c9e8ce
--- /dev/null
+++ b/boot/aidl/android/hardware/boot/IBootControl.aidl
@@ -0,0 +1,158 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package android.hardware.boot;
+
+import android.hardware.boot.MergeStatus;
+
+@VintfStability
+interface IBootControl {
+ const int INVALID_SLOT = -1;
+ const int COMMAND_FAILED = -2;
+ /**
+ * Returns the active slot to boot into on the next boot. If
+ * setActiveBootSlot() has been called, the getter function should return the
+ * same slot as the one provided in the last setActiveBootSlot() call.
+ * The returned value is always guaranteed to be strictly less than the
+ * value returned by getNumberSlots. Slots start at 0 and finish at
+ * getNumberSlots() - 1. For instance, a system with A/B must return 0 or 1.
+ * @return the active slot to boot into on the next boot.
+ */
+ int getActiveBootSlot();
+
+ /**
+ * getCurrentSlot() returns the slot number of that the current boot is booted
+ * from, for example slot number 0 (Slot A). It is assumed that if the current
+ * slot is A, then the block devices underlying B can be accessed directly
+ * without any risk of corruption.
+ * The returned value is always guaranteed to be strictly less than the
+ * value returned by getNumberSlots. Slots start at 0 and finish at
+ * getNumberSlots() - 1. The value returned here must match the suffix passed
+ * from the bootloader, regardless of which slot is active or successful.
+ * @return the slot number of that the current boot is booted
+ */
+ int getCurrentSlot();
+
+ /**
+ * getNumberSlots() returns the number of available slots.
+ * For instance, a system with a single set of partitions must return
+ * 1, a system with A/B must return 2, A/B/C -> 3 and so on. A system with
+ * less than two slots doesn't support background updates, for example if
+ * running from a virtual machine with only one copy of each partition for the
+ * purpose of testing.
+ * @return number of available slots
+ */
+ int getNumberSlots();
+
+ /**
+ * Returns whether a snapshot-merge of any dynamic partition is in progress.
+ *
+ * This function must return the merge status set by the last setSnapshotMergeStatus call and
+ * recorded by the bootloader with one exception. If the partitions are being flashed from the
+ * bootloader such that the pending merge must be canceled (for example, if the super partition
+ * is being flashed), this function must return CANCELLED.
+ *
+ * @param out success True if the merge status is read successfully, false otherwise.
+ * @return Merge status.
+ */
+ MergeStatus getSnapshotMergeStatus();
+
+ /**
+ * getSuffix() returns the string suffix used by partitions that correspond to
+ * the slot number passed in as a parameter. The bootloader must pass the
+ * suffix of the currently active slot either through a kernel command line
+ * property at androidboot.slot_suffix, or the device tree at
+ * /firmware/android/slot_suffix.
+ * @return suffix for the input slot, or the empty string "" if slot
+ * does not match an existing slot.
+ */
+ String getSuffix(in int slot);
+
+ /**
+ * isSlotBootable() returns if the slot passed in parameter is bootable. Note
+ * that slots can be made unbootable by both the bootloader and by the OS
+ * using setSlotAsUnbootable.
+ * @return true if the slot is bootable, false if it's not.
+ * @throws service specific error INVALID_SLOT if slot is invalid.
+ */
+ boolean isSlotBootable(in int slot);
+
+ /**
+ * isSlotMarkedSuccessful() returns if the slot passed in parameter has been
+ * marked as successful using markBootSuccessful. Note that only the current
+ * slot can be marked as successful but any slot can be queried.
+ * @return true if the slot has been marked as successful, false if it has
+ * not.
+ * @throws service specific error INVALID_SLOT if slot is invalid.
+ */
+ boolean isSlotMarkedSuccessful(in int slot);
+
+ /**
+ * markBootSuccessful() marks the current slot as having booted successfully.
+ *
+ * @throws Service specific error COMMAND_FAILED if command failed.
+ */
+ void markBootSuccessful();
+
+ /**
+ * setActiveBootSlot() marks the slot passed in parameter as the active boot
+ * slot (see getCurrentSlot for an explanation of the "slot" parameter). This
+ * overrides any previous call to setSlotAsUnbootable.
+ * @throws Service specific error INVALID_SLOT if slot is invalid, or COMMAND_FAILED if
+ * operation failed.
+ */
+ void setActiveBootSlot(in int slot);
+
+ /**
+ * setSlotAsUnbootable() marks the slot passed in parameter as
+ * an unbootable. This can be used while updating the contents of the slot's
+ * partitions, so that the system must not attempt to boot a known bad set up.
+ * @throws Service specific error INVALID_SLOT if slot is invalid, or COMMAND_FAILED if
+ * operation failed.
+ */
+ void setSlotAsUnbootable(in int slot);
+
+ /**
+ * Sets whether a snapshot-merge of any dynamic partition is in progress.
+ *
+ * After the merge status is set to a given value, subsequent calls to
+ * getSnapshotMergeStatus must return the set value.
+ *
+ * The merge status must be persistent across reboots. That is, getSnapshotMergeStatus
+ * must return the same value after a reboot if the merge status is not altered in any way
+ * (e.g. set by setSnapshotMergeStatus or set to CANCELLED by bootloader).
+ *
+ * Read/write access to the merge status must be atomic. When the HAL is processing a
+ * setSnapshotMergeStatus call, all subsequent calls to getSnapshotMergeStatus must block until
+ * setSnapshotMergeStatus has returned.
+ *
+ * A MERGING state indicates that dynamic partitions are partially comprised by blocks in the
+ * userdata partition.
+ *
+ * When the merge status is set to MERGING, the following operations must be prohibited from the
+ * bootloader:
+ * - Flashing or erasing "userdata" or "metadata".
+ *
+ * The following operations may be prohibited when the status is set to MERGING. If not
+ * prohibited, it is recommended that the user receive a warning.
+ * - Changing the active slot (e.g. via "fastboot set_active")
+ *
+ * @param status Merge status.
+ *
+ * @throws service specific error COMMAND_FAILED if operation failed.
+ */
+ void setSnapshotMergeStatus(in MergeStatus status);
+}
diff --git a/boot/aidl/android/hardware/boot/MergeStatus.aidl b/boot/aidl/android/hardware/boot/MergeStatus.aidl
new file mode 100644
index 0000000..16ac85f
--- /dev/null
+++ b/boot/aidl/android/hardware/boot/MergeStatus.aidl
@@ -0,0 +1,42 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package android.hardware.boot;
+
+@VintfStability
+@Backing(type="int")
+enum MergeStatus {
+ /**
+ * No snapshot or merge is in progress.
+ */
+ NONE = 0,
+ /**
+ * The merge status could not be determined.
+ */
+ UNKNOWN,
+ /**
+ * Partitions are being snapshotted, but no merge has been started.
+ */
+ SNAPSHOTTED,
+ /**
+ * At least one partition has merge is in progress.
+ */
+ MERGING,
+ /**
+ * A merge was in progress, but it was canceled by the bootloader.
+ */
+ CANCELLED,
+}
diff --git a/boot/aidl/default/Android.bp b/boot/aidl/default/Android.bp
new file mode 100644
index 0000000..7294faa
--- /dev/null
+++ b/boot/aidl/default/Android.bp
@@ -0,0 +1,34 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+cc_binary {
+ name: "android.hardware.boot-service.default",
+ defaults: ["libboot_control_defaults"],
+ relative_install_path: "hw",
+ init_rc: ["boot-default.rc"],
+ vintf_fragments: ["boot-default.xml"],
+ vendor: true,
+ shared_libs: [
+ "libbase",
+ "libbinder_ndk",
+ "android.hardware.boot@1.1",
+ "android.hardware.boot-V1-ndk",
+ ],
+ static_libs: [
+ "libboot_control",
+ ],
+ srcs: ["main.cpp", "BootControl.cpp"],
+}
diff --git a/boot/aidl/default/BootControl.cpp b/boot/aidl/default/BootControl.cpp
new file mode 100644
index 0000000..4e3c21b
--- /dev/null
+++ b/boot/aidl/default/BootControl.cpp
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "BootControl.h"
+#include <cstdint>
+
+#include <android-base/logging.h>
+
+using HIDLMergeStatus = ::android::bootable::BootControl::MergeStatus;
+using ndk::ScopedAStatus;
+
+namespace aidl::android::hardware::boot {
+
+BootControl::BootControl() {
+ CHECK(impl_.Init());
+}
+
+ScopedAStatus BootControl::getActiveBootSlot(int32_t* _aidl_return) {
+ *_aidl_return = impl_.GetActiveBootSlot();
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getCurrentSlot(int32_t* _aidl_return) {
+ *_aidl_return = impl_.GetCurrentSlot();
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getNumberSlots(int32_t* _aidl_return) {
+ *_aidl_return = impl_.GetNumberSlots();
+ return ScopedAStatus::ok();
+}
+
+namespace {
+
+static constexpr MergeStatus ToAIDLMergeStatus(HIDLMergeStatus status) {
+ switch (status) {
+ case HIDLMergeStatus::NONE:
+ return MergeStatus::NONE;
+ case HIDLMergeStatus::UNKNOWN:
+ return MergeStatus::UNKNOWN;
+ case HIDLMergeStatus::SNAPSHOTTED:
+ return MergeStatus::SNAPSHOTTED;
+ case HIDLMergeStatus::MERGING:
+ return MergeStatus::MERGING;
+ case HIDLMergeStatus::CANCELLED:
+ return MergeStatus::CANCELLED;
+ }
+}
+
+static constexpr HIDLMergeStatus ToHIDLMergeStatus(MergeStatus status) {
+ switch (status) {
+ case MergeStatus::NONE:
+ return HIDLMergeStatus::NONE;
+ case MergeStatus::UNKNOWN:
+ return HIDLMergeStatus::UNKNOWN;
+ case MergeStatus::SNAPSHOTTED:
+ return HIDLMergeStatus::SNAPSHOTTED;
+ case MergeStatus::MERGING:
+ return HIDLMergeStatus::MERGING;
+ case MergeStatus::CANCELLED:
+ return HIDLMergeStatus::CANCELLED;
+ }
+}
+
+}
+
+ScopedAStatus BootControl::getSnapshotMergeStatus(MergeStatus* _aidl_return) {
+ *_aidl_return = ToAIDLMergeStatus(impl_.GetSnapshotMergeStatus());
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::getSuffix(int32_t in_slot, std::string* _aidl_return) {
+ if (!impl_.IsValidSlot(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+ }
+ *_aidl_return = impl_.GetSuffix(in_slot);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::isSlotBootable(int32_t in_slot, bool* _aidl_return) {
+ if (!impl_.IsValidSlot(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+ }
+ *_aidl_return = impl_.IsSlotBootable(in_slot);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_return) {
+ if (!impl_.IsValidSlot(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+ }
+ *_aidl_return = impl_.IsSlotMarkedSuccessful(in_slot);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::markBootSuccessful() {
+ if (!impl_.MarkBootSuccessful()) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "Operation failed");
+ }
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::setActiveBootSlot(int32_t in_slot) {
+ if (!impl_.IsValidSlot(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+ }
+ if (!impl_.SetActiveBootSlot(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "Operation failed");
+ }
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::setSlotAsUnbootable(int32_t in_slot) {
+ if (!impl_.IsValidSlot(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(
+ INVALID_SLOT, (std::string("Invalid slot ") + std::to_string(in_slot)).c_str());
+ }
+ if (!impl_.SetSlotAsUnbootable(in_slot)) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "Operation failed");
+ }
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus BootControl::setSnapshotMergeStatus(MergeStatus in_status) {
+ if (!impl_.SetSnapshotMergeStatus(ToHIDLMergeStatus(in_status))) {
+ return ScopedAStatus::fromServiceSpecificErrorWithMessage(COMMAND_FAILED,
+ "Operation failed");
+ }
+ return ScopedAStatus::ok();
+}
+
+} // namespace aidl::android::hardware::boot
diff --git a/boot/aidl/default/BootControl.h b/boot/aidl/default/BootControl.h
new file mode 100644
index 0000000..54cd32d
--- /dev/null
+++ b/boot/aidl/default/BootControl.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/boot/BnBootControl.h>
+#include <libboot_control/libboot_control.h>
+
+namespace aidl::android::hardware::boot {
+
+class BootControl final : public BnBootControl {
+ public:
+ BootControl();
+ ::ndk::ScopedAStatus getActiveBootSlot(int32_t* _aidl_return) override;
+ ::ndk::ScopedAStatus getCurrentSlot(int32_t* _aidl_return) override;
+ ::ndk::ScopedAStatus getNumberSlots(int32_t* _aidl_return) override;
+ ::ndk::ScopedAStatus getSnapshotMergeStatus(
+ ::aidl::android::hardware::boot::MergeStatus* _aidl_return) override;
+ ::ndk::ScopedAStatus getSuffix(int32_t in_slot, std::string* _aidl_return) override;
+ ::ndk::ScopedAStatus isSlotBootable(int32_t in_slot, bool* _aidl_return) override;
+ ::ndk::ScopedAStatus isSlotMarkedSuccessful(int32_t in_slot, bool* _aidl_return) override;
+ ::ndk::ScopedAStatus markBootSuccessful() override;
+ ::ndk::ScopedAStatus setActiveBootSlot(int32_t in_slot) override;
+ ::ndk::ScopedAStatus setSlotAsUnbootable(int32_t in_slot) override;
+ ::ndk::ScopedAStatus setSnapshotMergeStatus(
+ ::aidl::android::hardware::boot::MergeStatus in_status) override;
+
+ private:
+ ::android::bootable::BootControl impl_;
+};
+
+} // namespace aidl::android::hardware::boot
diff --git a/boot/aidl/default/boot-default.rc b/boot/aidl/default/boot-default.rc
new file mode 100644
index 0000000..589f803
--- /dev/null
+++ b/boot/aidl/default/boot-default.rc
@@ -0,0 +1,5 @@
+service vendor.boot-default /vendor/bin/hw/android.hardware.boot-service.default
+ class early_hal
+ user root
+ group root
+
diff --git a/boot/aidl/default/boot-default.xml b/boot/aidl/default/boot-default.xml
new file mode 100644
index 0000000..23ccc4e
--- /dev/null
+++ b/boot/aidl/default/boot-default.xml
@@ -0,0 +1,6 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.boot</name>
+ <fqname>IBootControl/default</fqname>
+ </hal>
+</manifest>
diff --git a/boot/aidl/default/main.cpp b/boot/aidl/default/main.cpp
new file mode 100644
index 0000000..70b284e
--- /dev/null
+++ b/boot/aidl/default/main.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "BootControl.h"
+
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+using aidl::android::hardware::boot::BootControl;
+using aidl::android::hardware::boot::IBootControl;
+
+int main(int, char* argv[]) {
+ android::base::InitLogging(argv, android::base::KernelLogger);
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+ std::shared_ptr<IBootControl> service = ndk::SharedRefBase::make<BootControl>();
+
+ const std::string instance = std::string(BootControl::descriptor) + "/default";
+ auto status = AServiceManager_addService(service->asBinder().get(), instance.c_str());
+ CHECK_EQ(status, STATUS_OK) << "Failed to add service " << instance << " " << status;
+ LOG(INFO) << "IBootControl AIDL service running...";
+
+ ABinderProcess_joinThreadPool();
+ return EXIT_FAILURE; // should not reach
+}
diff --git a/camera/common/aidl/Android.bp b/camera/common/aidl/Android.bp
index 19de22d..d21ae58 100644
--- a/camera/common/aidl/Android.bp
+++ b/camera/common/aidl/Android.bp
@@ -19,11 +19,6 @@
java: {
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/camera/device/aidl/Android.bp b/camera/device/aidl/Android.bp
index afc6b8d..365a5ff 100644
--- a/camera/device/aidl/Android.bp
+++ b/camera/device/aidl/Android.bp
@@ -27,11 +27,6 @@
sdk_version: "module_current",
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/camera/metadata/aidl/Android.bp b/camera/metadata/aidl/Android.bp
index 31d4b4d..301a943 100644
--- a/camera/metadata/aidl/Android.bp
+++ b/camera/metadata/aidl/Android.bp
@@ -19,11 +19,6 @@
java: {
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/camera/provider/aidl/Android.bp b/camera/provider/aidl/Android.bp
index f082bce..87a94b2 100644
--- a/camera/provider/aidl/Android.bp
+++ b/camera/provider/aidl/Android.bp
@@ -25,11 +25,6 @@
cpp: {
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 422b37e..524242f 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -87,7 +87,6 @@
vintf_compatibility_matrix {
name: "framework_compatibility_matrix.current.xml",
- enabled: false,
stem: "compatibility_matrix.current.xml",
srcs: [
"compatibility_matrix.current.xml",
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
index d6a44d0..d19f0da 100644
--- a/compatibility_matrices/Android.mk
+++ b/compatibility_matrices/Android.mk
@@ -103,6 +103,7 @@
framework_compatibility_matrix.5.xml \
framework_compatibility_matrix.6.xml \
framework_compatibility_matrix.7.xml \
+ framework_compatibility_matrix.current.xml \
framework_compatibility_matrix.device.xml \
my_framework_matrix_deps += \
diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml
index 886f7f5..943fdb1 100644
--- a/compatibility_matrices/compatibility_matrix.current.xml
+++ b/compatibility_matrices/compatibility_matrix.current.xml
@@ -156,6 +156,13 @@
<instance>default</instance>
</interface>
</hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.boot</name>
+ <interface>
+ <name>IBootControl</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
<hal format="hidl" optional="true">
<name>android.hardware.broadcastradio</name>
<version>1.0-1</version>
diff --git a/confirmationui/support/Android.bp b/confirmationui/support/Android.bp
index 6ab83f2..1200115 100644
--- a/confirmationui/support/Android.bp
+++ b/confirmationui/support/Android.bp
@@ -36,7 +36,7 @@
],
export_include_dirs: [
"include",
- ]
+ ],
}
cc_test {
@@ -56,6 +56,5 @@
"libhidlbase",
],
test_suites: ["general-tests"],
- clang: true,
- cflags: [ "-O0" ],
+ cflags: ["-O0"],
}
diff --git a/drm/aidl/Android.bp b/drm/aidl/Android.bp
index 0fdba31..6273a38 100644
--- a/drm/aidl/Android.bp
+++ b/drm/aidl/Android.bp
@@ -23,9 +23,6 @@
sdk_version: "module_current",
},
ndk: {
- vndk: {
- enabled: true,
- },
min_sdk_version: "current",
},
},
diff --git a/dumpstate/aidl/Android.bp b/dumpstate/aidl/Android.bp
index d9acc7a..63670bb 100644
--- a/dumpstate/aidl/Android.bp
+++ b/dumpstate/aidl/Android.bp
@@ -33,11 +33,6 @@
java: {
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/gnss/aidl/Android.bp b/gnss/aidl/Android.bp
index 9f9090c..f45fe5d 100644
--- a/gnss/aidl/Android.bp
+++ b/gnss/aidl/Android.bp
@@ -36,11 +36,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/graphics/composer/2.1/utils/hwc2on1adapter/Android.bp b/graphics/composer/2.1/utils/hwc2on1adapter/Android.bp
index 0171dd6..3527cca 100644
--- a/graphics/composer/2.1/utils/hwc2on1adapter/Android.bp
+++ b/graphics/composer/2.1/utils/hwc2on1adapter/Android.bp
@@ -25,7 +25,6 @@
name: "libhwc2on1adapter",
vendor: true,
- clang: true,
cflags: [
"-Wall",
"-Werror",
diff --git a/graphics/composer/2.1/utils/hwc2onfbadapter/Android.bp b/graphics/composer/2.1/utils/hwc2onfbadapter/Android.bp
index 3965d12..d613ba9 100644
--- a/graphics/composer/2.1/utils/hwc2onfbadapter/Android.bp
+++ b/graphics/composer/2.1/utils/hwc2onfbadapter/Android.bp
@@ -25,7 +25,6 @@
name: "libhwc2onfbadapter",
vendor: true,
- clang: true,
cflags: [
"-Wall",
"-Wextra",
@@ -37,6 +36,9 @@
],
header_libs: ["libhardware_headers"],
- shared_libs: ["liblog", "libsync"],
+ shared_libs: [
+ "liblog",
+ "libsync",
+ ],
export_include_dirs: ["include"],
}
diff --git a/health/aidl/Android.bp b/health/aidl/Android.bp
index f0cd33f..a4d4ace 100644
--- a/health/aidl/Android.bp
+++ b/health/aidl/Android.bp
@@ -36,11 +36,6 @@
enabled: true,
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/health/aidl/default/Android.bp b/health/aidl/default/Android.bp
index 8eab997..0d426da 100644
--- a/health/aidl/default/Android.bp
+++ b/health/aidl/default/Android.bp
@@ -159,3 +159,70 @@
init_rc: ["android.hardware.health-service.example_recovery.rc"],
overrides: ["charger.recovery"],
}
+
+// AIDL Fuzz version of libhealth2impl.
+cc_library_static {
+ name: "fuzz_libhealth_aidl_impl",
+ defaults: [
+ "libhealth_aidl_common_defaults",
+ "libhealth_aidl_charger_defaults",
+ ],
+ recovery_available: true,
+ export_include_dirs: ["include"],
+ export_static_lib_headers: [
+ "libbatterymonitor",
+ ],
+ srcs: [
+ "ChargerUtils.cpp",
+ "health-convert.cpp",
+ "HalHealthLoop.cpp",
+ "Health.cpp",
+ "LinkedCallback.cpp",
+ ],
+ target: {
+ recovery: {
+ exclude_srcs: [
+ "ChargerUtils.cpp",
+ ],
+ },
+ },
+}
+
+cc_fuzz {
+ name: "android.hardware.health-service.aidl_fuzzer",
+ defaults: [
+ "libhealth_aidl_impl_user",
+ ],
+ static_libs: [
+ "android.hardware.health-V1-ndk",
+ "libbase",
+ "libbinder_random_parcel",
+ "libcutils",
+ "liblog",
+ "libutils",
+ "fuzz_libhealth_aidl_impl",
+ ],
+ target: {
+ android: {
+ shared_libs: [
+ "libbinder_ndk",
+ "libbinder",
+ ],
+ },
+ host: {
+ static_libs: [
+ "libbinder_ndk",
+ "libbinder",
+ ],
+ },
+ darwin: {
+ enabled: false,
+ },
+ },
+ srcs: ["fuzzer.cpp"],
+ fuzz_config: {
+ cc: [
+ "hamzeh@google.com",
+ ],
+ },
+}
diff --git a/health/aidl/default/fuzzer.cpp b/health/aidl/default/fuzzer.cpp
new file mode 100644
index 0000000..b7c6d39
--- /dev/null
+++ b/health/aidl/default/fuzzer.cpp
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <fuzzbinder/libbinder_ndk_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <android-base/logging.h>
+#include <android/binder_interface_utils.h>
+#include <health-impl/Health.h>
+#include <health/utils.h>
+
+using aidl::android::hardware::health::Health;
+using android::fuzzService;
+using ndk::SharedRefBase;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto config = std::make_unique<healthd_config>();
+ ::android::hardware::health::InitHealthdConfig(config.get());
+ auto binder = ndk::SharedRefBase::make<Health>("default", std::move(config));
+
+ fuzzService(binder->asBinder().get(), FuzzedDataProvider(data, size));
+
+ return 0;
+}
\ No newline at end of file
diff --git a/health/storage/aidl/Android.bp b/health/storage/aidl/Android.bp
index 4cd9263..c614efb 100644
--- a/health/storage/aidl/Android.bp
+++ b/health/storage/aidl/Android.bp
@@ -33,11 +33,6 @@
java: {
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: ["1"],
}
diff --git a/identity/aidl/Android.bp b/identity/aidl/Android.bp
index 920a4b9..f6855e8 100644
--- a/identity/aidl/Android.bp
+++ b/identity/aidl/Android.bp
@@ -23,9 +23,6 @@
platform_apis: true,
},
ndk: {
- vndk: {
- enabled: true,
- },
apps_enabled: false,
},
},
diff --git a/identity/aidl/vts/AndroidTest.xml b/identity/aidl/vts/AndroidTest.xml
new file mode 100644
index 0000000..67132b0
--- /dev/null
+++ b/identity/aidl/vts/AndroidTest.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration description="Runs VtsHalIdentityTargetTest.">
+ <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer">
+ </target_preparer>
+
+ <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
+ <option name="cleanup" value="true" />
+ <option name="push"
+ value="VtsHalIdentityTargetTest->/data/local/tmp/VtsHalIdentityTargetTest" />
+ </target_preparer>
+
+ <test class="com.android.tradefed.testtype.GTest" >
+ <option name="native-test-device-path" value="/data/local/tmp" />
+ <option name="module-name" value="VtsHalIdentityTargetTest" />
+ <option name="native-test-timeout" value="300000"/>
+ </test>
+</configuration>
diff --git a/ir/aidl/Android.bp b/ir/aidl/Android.bp
index 2485f5b..25f6c8f 100644
--- a/ir/aidl/Android.bp
+++ b/ir/aidl/Android.bp
@@ -33,11 +33,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/keymaster/aidl/Android.bp b/keymaster/aidl/Android.bp
index c4b6740..0fb6e4c 100644
--- a/keymaster/aidl/Android.bp
+++ b/keymaster/aidl/Android.bp
@@ -18,11 +18,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: [
"1",
diff --git a/light/aidl/Android.bp b/light/aidl/Android.bp
index 6f478d7..c11934f 100644
--- a/light/aidl/Android.bp
+++ b/light/aidl/Android.bp
@@ -18,11 +18,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/neuralnetworks/1.0/vts/functional/Android.bp b/neuralnetworks/1.0/vts/functional/Android.bp
index 29b31d2..a41f37f 100644
--- a/neuralnetworks/1.0/vts/functional/Android.bp
+++ b/neuralnetworks/1.0/vts/functional/Android.bp
@@ -90,7 +90,6 @@
"libneuralnetworks_headers",
],
test_suites: [
- "general-tests",
"vts",
],
}
diff --git a/neuralnetworks/1.1/vts/functional/Android.bp b/neuralnetworks/1.1/vts/functional/Android.bp
index e9d4b76..7c1c118 100644
--- a/neuralnetworks/1.1/vts/functional/Android.bp
+++ b/neuralnetworks/1.1/vts/functional/Android.bp
@@ -58,7 +58,6 @@
"libneuralnetworks_headers",
],
test_suites: [
- "general-tests",
"vts",
],
}
diff --git a/neuralnetworks/1.2/vts/functional/Android.bp b/neuralnetworks/1.2/vts/functional/Android.bp
index 2177924..7e4b5bb 100644
--- a/neuralnetworks/1.2/vts/functional/Android.bp
+++ b/neuralnetworks/1.2/vts/functional/Android.bp
@@ -85,7 +85,6 @@
"libneuralnetworks_headers",
],
test_suites: [
- "general-tests",
"vts",
],
}
diff --git a/neuralnetworks/1.2/vts/functional/CompilationCachingTests.cpp b/neuralnetworks/1.2/vts/functional/CompilationCachingTests.cpp
index 3d783d9..fe38e61 100644
--- a/neuralnetworks/1.2/vts/functional/CompilationCachingTests.cpp
+++ b/neuralnetworks/1.2/vts/functional/CompilationCachingTests.cpp
@@ -1262,7 +1262,7 @@
FILE* pFile = fopen(filename.c_str(), "a");
uint32_t appendLength = getRandomInt(1, 256);
for (uint32_t i = 0; i < appendLength; i++) {
- ASSERT_NE(fputc(getRandomInt<uint8_t>(0, 255), pFile), EOF);
+ ASSERT_NE(fputc(getRandomInt<uint16_t>(0, 255), pFile), EOF);
}
fclose(pFile);
*skip = false;
diff --git a/neuralnetworks/1.3/vts/functional/Android.bp b/neuralnetworks/1.3/vts/functional/Android.bp
index 9fa0f0a..07071cc 100644
--- a/neuralnetworks/1.3/vts/functional/Android.bp
+++ b/neuralnetworks/1.3/vts/functional/Android.bp
@@ -92,7 +92,6 @@
"libneuralnetworks_headers",
],
test_suites: [
- "general-tests",
"vts",
],
}
diff --git a/neuralnetworks/1.3/vts/functional/CompilationCachingTests.cpp b/neuralnetworks/1.3/vts/functional/CompilationCachingTests.cpp
index a2013ec..f2cfa3f 100644
--- a/neuralnetworks/1.3/vts/functional/CompilationCachingTests.cpp
+++ b/neuralnetworks/1.3/vts/functional/CompilationCachingTests.cpp
@@ -1253,7 +1253,7 @@
FILE* pFile = fopen(filename.c_str(), "a");
uint32_t appendLength = getRandomInt(1, 256);
for (uint32_t i = 0; i < appendLength; i++) {
- ASSERT_NE(fputc(getRandomInt<uint8_t>(0, 255), pFile), EOF);
+ ASSERT_NE(fputc(getRandomInt<uint16_t>(0, 255), pFile), EOF);
}
fclose(pFile);
*skip = false;
diff --git a/neuralnetworks/TEST_MAPPING b/neuralnetworks/TEST_MAPPING
index d296828..3218206 100644
--- a/neuralnetworks/TEST_MAPPING
+++ b/neuralnetworks/TEST_MAPPING
@@ -17,54 +17,10 @@
},
{
"name": "neuralnetworks_utils_hal_aidl_test"
- },
- {
- "name": "VtsHalNeuralnetworksV1_0TargetTest",
- "options": [
- {
- // Do not use any sample driver except sample-all in order to reduce
- // testing time. The other sample drivers (fast-float, quant, etc.)
- // are subsets of sample-all.
- "include-filter": "-*sample_float_fast*:*sample_float_slow*:*sample_minimal*:*sample_quant*"
- }
- ]
- },
- {
- "name": "VtsHalNeuralnetworksV1_1TargetTest",
- "options": [
- {
- // Do not use any sample driver except sample-all in order to reduce
- // testing time. The other sample drivers (fast-float, quant, etc.)
- // are subsets of sample-all.
- "include-filter": "-*sample_float_fast*:*sample_float_slow*:*sample_minimal*:*sample_quant*"
- }
- ]
}
],
"presubmit-large": [
{
- "name": "VtsHalNeuralnetworksV1_2TargetTest",
- "options": [
- {
- // Do not use any sample driver except sample-all in order to reduce
- // testing time. The other sample drivers (fast-float, quant, etc.)
- // are subsets of sample-all.
- "include-filter": "-*sample_float_fast*:*sample_float_slow*:*sample_minimal*:*sample_quant*"
- }
- ]
- },
- {
- "name": "VtsHalNeuralnetworksV1_3TargetTest",
- "options": [
- {
- // Do not use any sample driver except sample-all in order to reduce
- // testing time. The other sample drivers (fast-float, quant, etc.)
- // are subsets of sample-all.
- "include-filter": "-*sample_float_fast*:*sample_float_slow*:*sample_minimal*:*sample_quant*"
- }
- ]
- },
- {
"name": "VtsHalNeuralnetworksTargetTest",
"options": [
{
diff --git a/neuralnetworks/aidl/vts/functional/CompilationCachingTests.cpp b/neuralnetworks/aidl/vts/functional/CompilationCachingTests.cpp
index 7451f7e..da0fe64 100644
--- a/neuralnetworks/aidl/vts/functional/CompilationCachingTests.cpp
+++ b/neuralnetworks/aidl/vts/functional/CompilationCachingTests.cpp
@@ -1068,7 +1068,7 @@
FILE* pFile = fopen(filename.c_str(), "a");
uint32_t appendLength = getRandomInt(1, 256);
for (uint32_t i = 0; i < appendLength; i++) {
- ASSERT_NE(fputc(getRandomInt<uint8_t>(0, 255), pFile), EOF);
+ ASSERT_NE(fputc(getRandomInt<uint16_t>(0, 255), pFile), EOF);
}
fclose(pFile);
*skip = false;
diff --git a/nfc/aidl/Android.bp b/nfc/aidl/Android.bp
index b9578f4..09a45d1 100644
--- a/nfc/aidl/Android.bp
+++ b/nfc/aidl/Android.bp
@@ -34,11 +34,6 @@
sdk_version: "module_current",
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/oemlock/aidl/Android.bp b/oemlock/aidl/Android.bp
index d1930f9..1c19bb1 100644
--- a/oemlock/aidl/Android.bp
+++ b/oemlock/aidl/Android.bp
@@ -16,11 +16,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: ["1"],
}
diff --git a/power/aidl/Android.bp b/power/aidl/Android.bp
index e4708f8..70b1203 100644
--- a/power/aidl/Android.bp
+++ b/power/aidl/Android.bp
@@ -35,11 +35,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/power/stats/aidl/Android.bp b/power/stats/aidl/Android.bp
index 48d3c51..b1b2515 100644
--- a/power/stats/aidl/Android.bp
+++ b/power/stats/aidl/Android.bp
@@ -32,11 +32,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
cpp: {
enabled: true,
},
diff --git a/radio/aidl/Android.bp b/radio/aidl/Android.bp
index 72f160d..98eafc1 100644
--- a/radio/aidl/Android.bp
+++ b/radio/aidl/Android.bp
@@ -20,11 +20,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -49,11 +44,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -78,11 +68,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -107,11 +92,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -136,11 +116,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -165,11 +140,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -197,11 +167,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
@@ -229,11 +194,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/rebootescrow/aidl/Android.bp b/rebootescrow/aidl/Android.bp
index c764f86..39aaa07 100644
--- a/rebootescrow/aidl/Android.bp
+++ b/rebootescrow/aidl/Android.bp
@@ -18,11 +18,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: ["1"],
}
diff --git a/security/OWNERS b/security/OWNERS
index 54d820a..4142fc1 100644
--- a/security/OWNERS
+++ b/security/OWNERS
@@ -1,3 +1,6 @@
+# Please assign all bugs related to /hardware/interfaces/security to the team alias,
+# android-hardware-security@google.com. This will get them auto-assigned to the on-call triage
+# engineer, ensuring quickest response.
drysdale@google.com
jbires@google.com
jdanis@google.com
diff --git a/security/dice/aidl/Android.bp b/security/dice/aidl/Android.bp
index 97781b3..5625d70 100644
--- a/security/dice/aidl/Android.bp
+++ b/security/dice/aidl/Android.bp
@@ -34,9 +34,6 @@
platform_apis: false,
},
ndk: {
- vndk: {
- enabled: true,
- },
apps_enabled: false,
apex_available: [
"//apex_available:platform",
diff --git a/security/keymint/aidl/Android.bp b/security/keymint/aidl/Android.bp
index a233087..96d44a7 100644
--- a/security/keymint/aidl/Android.bp
+++ b/security/keymint/aidl/Android.bp
@@ -22,9 +22,6 @@
platform_apis: true,
},
ndk: {
- vndk: {
- enabled: true,
- },
apps_enabled: false,
},
rust: {
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 95a3710..b9694e9 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -196,12 +196,12 @@
* derive a key that is used to encrypt the private/secret key material.
*
* The root of trust consists of a bitstring that must be derived from the public key used by
- * Verified Boot to verify the signature on the boot image and from the lock state of the
- * device. If the public key is changed to allow a different system image to be used or if the
- * lock state is changed, then all of the IKeyMintDevice-protected keys created by the previous
- * system state must be unusable, unless the previous state is restored. The goal is to increase
- * the value of the software-enforced key access controls by making it impossible for an attacker-
- * installed operating system to use IKeyMintDevice keys.
+ * Verified Boot to verify the signature on the boot image, from the lock state and from the
+ * Verified Boot state of the device. If the public key is changed to allow a different system
+ * image to be used or if the lock state is changed, then all of the IKeyMintDevice-protected keys
+ * created by the previous system state must be unusable, unless the previous state is restored.
+ * The goal is to increase the value of the software-enforced key access controls by making it
+ * impossible for an attacker-installed operating system to use IKeyMintDevice keys.
*
* == Version Binding ==
*
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index b28ebcb..42dfad5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -504,7 +504,9 @@
* that is necessary during all uses of the key. In particular, calls to exportKey() and
* getKeyCharacteristics() must provide the same value to the clientId parameter, and calls to
* begin() must provide this tag and the same associated data as part of the inParams set. If
- * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+ * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB. Note
+ * that a key with a zero-length APPLICATION_ID cannot have its key characteristics retrieved
+ * using getKeyCharacteristics() due to a historical limitation of the API.
*
* The content of this tag must be bound to the key cryptographically, meaning it must not be
* possible for an adversary who has access to all of the secure world secrets but does not have
@@ -525,7 +527,9 @@
* that is necessary during all uses of the key. In particular, calls to begin() and
* exportKey() must provide the same value to the appData parameter, and calls to begin must
* provide this tag and the same associated data as part of the inParams set. If the correct
- * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+ * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB. Note that a key
+ * with a zero-length APPLICATION_DATA cannot have its key characteristics retrieved using
+ * getKeyCharacteristics() due to a historical limitation of the API.
*
* The content of this tag must be bound to the key cryptographically, meaning it must not be
* possible for an adversary who has access to all of the secure world secrets but does not have
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 240de35..ca517ac 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -16,6 +16,7 @@
#define LOG_TAG "keymint_1_attest_key_test"
#include <cutils/log.h>
+#include <cutils/properties.h>
#include <keymint_support/key_param_output.h>
#include <keymint_support/openssl_utils.h>
@@ -33,7 +34,33 @@
} // namespace
-using AttestKeyTest = KeyMintAidlTestBase;
+class AttestKeyTest : public KeyMintAidlTestBase {
+ protected:
+ ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
+ const optional<AttestationKey>& attest_key,
+ vector<uint8_t>* key_blob,
+ vector<KeyCharacteristics>* key_characteristics,
+ vector<Certificate>* cert_chain) {
+ // The original specification for KeyMint v1 required ATTEST_KEY not be combined
+ // with any other key purpose, but the original VTS tests incorrectly did exactly that.
+ // This means that a device that launched prior to Android T (API level 33) may
+ // accept or even require KeyPurpose::SIGN too.
+ if (property_get_int32("ro.board.first_api_level", 0) < 33) {
+ AuthorizationSet key_desc_plus_sign = key_desc;
+ key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
+
+ auto result = GenerateKey(key_desc_plus_sign, attest_key, key_blob, key_characteristics,
+ cert_chain);
+ if (result == ErrorCode::OK) {
+ return result;
+ }
+ // If the key generation failed, it may be because the device is (correctly)
+ // rejecting the combination of ATTEST_KEY+SIGN. Fall through to try again with
+ // just ATTEST_KEY.
+ }
+ return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
+ }
+};
/*
* AttestKeyTest.AllRsaSizes
@@ -49,12 +76,13 @@
AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaKey(size, 65537)
- .AttestKey()
- .SetDefaultValidity(),
- {} /* attestation signing key */, &attest_key.keyBlob,
- &attest_key_characteristics, &attest_key_cert_chain));
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateAttestKey(AuthorizationSetBuilder()
+ .RsaKey(size, 65537)
+ .AttestKey()
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_key_cert_chain));
ASSERT_GT(attest_key_cert_chain.size(), 0);
EXPECT_EQ(attest_key_cert_chain.size(), 1);
@@ -227,17 +255,17 @@
AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
- auto result = GenerateKey(AuthorizationSetBuilder()
- .RsaKey(2048, 65537)
- .AttestKey()
- .AttestationChallenge(challenge)
- .AttestationApplicationId(app_id)
- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .SetDefaultValidity(),
- {} /* attestation signing key */, &attest_key.keyBlob,
- &attest_key_characteristics, &attest_key_cert_chain);
+ auto result = GenerateAttestKey(AuthorizationSetBuilder()
+ .RsaKey(2048, 65537)
+ .AttestKey()
+ .AttestationChallenge(challenge)
+ .AttestationApplicationId(app_id)
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_key_cert_chain);
// Strongbox may not support factory provisioned attestation key.
if (SecLevel() == SecurityLevel::STRONGBOX) {
if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
@@ -331,17 +359,17 @@
attest_key_opt = attest_key;
}
- auto result = GenerateKey(AuthorizationSetBuilder()
- .RsaKey(2048, 65537)
- .AttestKey()
- .AttestationChallenge("foo")
- .AttestationApplicationId("bar")
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
- .SetDefaultValidity(),
- attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
- &cert_chain_list[i]);
+ auto result = GenerateAttestKey(AuthorizationSetBuilder()
+ .RsaKey(2048, 65537)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i],
+ &attested_key_characteristics, &cert_chain_list[i]);
// Strongbox may not support factory provisioned attestation key.
if (SecLevel() == SecurityLevel::STRONGBOX) {
if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
@@ -408,17 +436,17 @@
attest_key_opt = attest_key;
}
- auto result = GenerateKey(AuthorizationSetBuilder()
- .EcdsaKey(EcCurve::P_256)
- .AttestKey()
- .AttestationChallenge("foo")
- .AttestationApplicationId("bar")
- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .SetDefaultValidity(),
- attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
- &cert_chain_list[i]);
+ auto result = GenerateAttestKey(AuthorizationSetBuilder()
+ .EcdsaKey(EcCurve::P_256)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i],
+ &attested_key_characteristics, &cert_chain_list[i]);
// Strongbox may not support factory provisioned attestation key.
if (SecLevel() == SecurityLevel::STRONGBOX) {
if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
@@ -513,29 +541,29 @@
}
ErrorCode result;
if ((i & 0x1) == 1) {
- result = GenerateKey(AuthorizationSetBuilder()
- .EcdsaKey(EcCurve::P_256)
- .AttestKey()
- .AttestationChallenge("foo")
- .AttestationApplicationId("bar")
- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .SetDefaultValidity(),
- attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
- &cert_chain_list[i]);
+ result = GenerateAttestKey(AuthorizationSetBuilder()
+ .EcdsaKey(EcCurve::P_256)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i],
+ &attested_key_characteristics, &cert_chain_list[i]);
} else {
- result = GenerateKey(AuthorizationSetBuilder()
- .RsaKey(2048, 65537)
- .AttestKey()
- .AttestationChallenge("foo")
- .AttestationApplicationId("bar")
- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .SetDefaultValidity(),
- attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
- &cert_chain_list[i]);
+ result = GenerateAttestKey(AuthorizationSetBuilder()
+ .RsaKey(2048, 65537)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i],
+ &attested_key_characteristics, &cert_chain_list[i]);
}
// Strongbox may not support factory provisioned attestation key.
if (SecLevel() == SecurityLevel::STRONGBOX) {
@@ -581,12 +609,13 @@
AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaKey(size, 65537)
- .AttestKey()
- .SetDefaultValidity(),
- {} /* attestation signing key */, &attest_key.keyBlob,
- &attest_key_characteristics, &attest_key_cert_chain));
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateAttestKey(AuthorizationSetBuilder()
+ .RsaKey(size, 65537)
+ .AttestKey()
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_key_cert_chain));
EXPECT_EQ(attest_key_cert_chain.size(), 1);
EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
@@ -630,7 +659,7 @@
vector<Certificate> attest_key_cert_chain;
ASSERT_EQ(
ErrorCode::OK,
- GenerateKey(
+ GenerateAttestKey(
AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(),
{} /* attestation signing key */, &attest_key.keyBlob,
&attest_key_characteristics, &attest_key_cert_chain));
@@ -752,12 +781,13 @@
AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .EcdsaKey(EcCurve::P_256)
- .AttestKey()
- .SetDefaultValidity(),
- {} /* attestation signing key */, &attest_key.keyBlob,
- &attest_key_characteristics, &attest_key_cert_chain));
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateAttestKey(AuthorizationSetBuilder()
+ .EcdsaKey(EcCurve::P_256)
+ .AttestKey()
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_key_cert_chain));
attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
ASSERT_GT(attest_key_cert_chain.size(), 0);
EXPECT_EQ(attest_key_cert_chain.size(), 1);
@@ -816,12 +846,13 @@
AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .EcdsaKey(EcCurve::P_256)
- .AttestKey()
- .SetDefaultValidity(),
- {} /* attestation signing key */, &attest_key.keyBlob,
- &attest_key_characteristics, &attest_key_cert_chain));
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateAttestKey(AuthorizationSetBuilder()
+ .EcdsaKey(EcCurve::P_256)
+ .AttestKey()
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_key_cert_chain));
attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
ASSERT_GT(attest_key_cert_chain.size(), 0);
EXPECT_EQ(attest_key_cert_chain.size(), 1);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 4e746b2..371b589 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -1102,9 +1102,9 @@
<< "Key size " << key_size << "missing";
EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 65537U));
+ ASSERT_GT(cert_chain_.size(), 0);
verify_subject_and_serial(cert_chain_[0], serial_int, subject, false);
EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
- ASSERT_GT(cert_chain_.size(), 0);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
@@ -1178,6 +1178,7 @@
EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_));
// The signature over the attested key should correspond to the P256 public key.
+ ASSERT_GT(cert_chain_.size(), 0);
X509_Ptr key_cert(parse_cert_blob(cert_chain_[0].encodedCertificate));
ASSERT_TRUE(key_cert.get());
EVP_PKEY_Ptr signing_pubkey;
@@ -1265,9 +1266,9 @@
<< "Key size " << key_size << "missing";
EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 65537U));
+ ASSERT_GT(cert_chain_.size(), 0);
verify_subject_and_serial(cert_chain_[0], serial_int, subject, false);
EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
- ASSERT_GT(cert_chain_.size(), 0);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
@@ -1317,9 +1318,9 @@
<< "Key size " << key_size << "missing";
EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 65537U));
+ ASSERT_EQ(cert_chain_.size(), 1);
verify_subject_and_serial(cert_chain_[0], serial_int, subject, false);
EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
- ASSERT_EQ(cert_chain_.size(), 1);
CheckedDeleteKey(&key_blob);
}
@@ -1398,6 +1399,7 @@
<< "Key size " << key_size << "missing";
EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 65537U));
+ ASSERT_GT(cert_chain_.size(), 0);
verify_subject_and_serial(cert_chain_[0], serial_int, subject, false);
EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
ASSERT_EQ(cert_chain_.size(), 1);
@@ -2228,8 +2230,8 @@
EXPECT_TRUE(crypto_params.Contains(TAG_EC_CURVE, curve)) << "Curve " << curve << "missing";
EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
- verify_subject_and_serial(cert_chain_[0], serial_int, subject, false);
ASSERT_EQ(cert_chain_.size(), 1);
+ verify_subject_and_serial(cert_chain_[0], serial_int, subject, false);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics);
@@ -2448,6 +2450,29 @@
}
/*
+ * NewKeyGenerationTest.EcdsaMissingCurve
+ *
+ * Verifies that EC key generation fails if EC_CURVE not specified after KeyMint V2.
+ */
+TEST_P(NewKeyGenerationTest, EcdsaMissingCurve) {
+ if (AidlVersion() < 2) {
+ /*
+ * The KeyMint V1 spec required that EC_CURVE be specified for EC keys.
+ * However, this was not checked at the time so we can only be strict about checking this
+ * for implementations of KeyMint version 2 and above.
+ */
+ GTEST_SKIP() << "Requiring EC_CURVE only strict since KeyMint v2";
+ }
+ /* If EC_CURVE not provided, generateKey
+ * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE.
+ */
+ auto result = GenerateKey(
+ AuthorizationSetBuilder().EcdsaKey(256).Digest(Digest::NONE).SetDefaultValidity());
+ ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_KEY_SIZE ||
+ result == ErrorCode::UNSUPPORTED_EC_CURVE);
+}
+
+/*
* NewKeyGenerationTest.EcdsaMismatchKeySize
*
* Verifies that specifying mismatched key size and curve for EC key generation returns
@@ -6163,7 +6188,7 @@
// Encrypt
AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
string ciphertext;
AuthorizationSet finish_out_params;
ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
@@ -6206,7 +6231,7 @@
.Authorization(TAG_MAC_LENGTH, tag_bits);
AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
// No data, AAD only.
EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
@@ -6222,7 +6247,7 @@
begin_params.push_back(begin_out_params);
// Decrypt
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad("foofoo"));
string plaintext;
EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
@@ -6249,7 +6274,7 @@
.Authorization(TAG_MAC_LENGTH, 128);
AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
string ciphertext;
@@ -6283,7 +6308,7 @@
// Encrypt
AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string ciphertext;
EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
@@ -6292,7 +6317,7 @@
begin_params.push_back(begin_out_params);
// Decrypt.
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad("barfoo"));
string plaintext;
EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
@@ -6319,7 +6344,7 @@
// Encrypt
AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string ciphertext;
AuthorizationSet finish_out_params;
@@ -6329,7 +6354,7 @@
begin_params.push_back(TAG_NONCE, AidlBuf("123456789012"));
// Decrypt.
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string plaintext;
EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
@@ -6361,7 +6386,7 @@
// Encrypt
AuthorizationSet begin_out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
string ciphertext;
EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
@@ -6373,7 +6398,7 @@
params.push_back(begin_out_params);
// Decrypt.
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
@@ -6486,7 +6511,7 @@
for (size_t i = 0; i < kMaxPaddingCorruptionRetries; ++i) {
++ciphertext[ciphertext.size() / 2];
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
string plaintext;
EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
ErrorCode error = Finish(&plaintext);
@@ -6758,7 +6783,7 @@
auto begin_params =
AuthorizationSetBuilder().BlockMode(blockMode).Padding(PaddingMode::NONE);
AuthorizationSet output_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &output_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &output_params));
string ciphertext;
EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, "", &ciphertext));
@@ -6837,7 +6862,7 @@
for (size_t i = 0; i < kMaxPaddingCorruptionRetries; ++i) {
SCOPED_TRACE(testing::Message() << "i = " << i);
++ciphertext[ciphertext.size() / 2];
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
string plaintext;
EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
ErrorCode error = Finish(&plaintext);
@@ -6869,7 +6894,7 @@
AuthorizationSet input_params =
AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::NONE);
AuthorizationSet output_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params));
string ciphertext;
for (size_t i = 0; i < message.size(); i += increment)
@@ -6883,7 +6908,7 @@
input_params.push_back(TAG_PADDING, PaddingMode::NONE);
output_params.Clear();
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params));
string plaintext;
for (size_t i = 0; i < ciphertext.size(); i += increment)
EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
@@ -7000,7 +7025,7 @@
} else {
// Usage count limit tag is enforced by keystore, keymint does nothing.
EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U));
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
}
}
@@ -7047,7 +7072,7 @@
} else {
// Usage count limit tag is enforced by keystore, keymint does nothing.
EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 3U));
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
}
}
@@ -7093,7 +7118,7 @@
} else {
// Usage count limit tag is enforced by keystore, keymint does nothing.
EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U));
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));
}
}
@@ -7140,7 +7165,7 @@
} else {
// Usage count limit tag is enforced by keystore, keymint does nothing.
EXPECT_TRUE(keystore_auths.Contains(TAG_USAGE_COUNT_LIMIT, 3U));
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, params));
}
}
@@ -7453,7 +7478,7 @@
EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j]))
<< "Aboort failed for i = " << j << std::endl;
}
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params));
AbortIfNeeded();
}
@@ -7478,7 +7503,7 @@
AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE);
AuthorizationSet out_params;
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, cipher_params, &out_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, cipher_params, &out_params));
string plain_message = std::string(1 << msg_size, 'x');
string encrypted_message;
@@ -7489,7 +7514,7 @@
<< "Encrypt finish returned OK, but did not consume all of the given input";
cipher_params.push_back(out_params);
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, cipher_params));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, cipher_params));
string decrypted_message;
rc = Finish(encrypted_message, &decrypted_message);
@@ -7655,7 +7680,7 @@
if (curve != localCurve) {
// If the keys are using different curves KeyMint should fail with
// ErrorCode:INVALID_ARGUMENT. Check that.
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));
string ZabFromKeyMintStr;
EXPECT_EQ(ErrorCode::INVALID_ARGUMENT,
Finish(string(localPublicKey.begin(), localPublicKey.end()),
@@ -7795,7 +7820,7 @@
vector<uint8_t> encodedPublicKey;
GenerateLocalEcKey(localCurve, &privKey, &encodedPublicKey);
- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::AGREE_KEY, AuthorizationSetBuilder()));
string ZabFromKeyMintStr;
EXPECT_EQ(ErrorCode::INVALID_ARGUMENT,
Finish(string(encodedPublicKey.begin(), encodedPublicKey.end()),
diff --git a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
index 54b6fdc..5bbae4c 100644
--- a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
+++ b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
@@ -142,6 +142,25 @@
return Digest::NONE;
}
+ optional<EcCurve> getCurveFromLength(int keySize) {
+ switch (keySize) {
+ case 224:
+ return EcCurve::P_224;
+ break;
+ case 256:
+ return EcCurve::P_256;
+ break;
+ case 384:
+ return EcCurve::P_384;
+ break;
+ case 521:
+ return EcCurve::P_521;
+ break;
+ default:
+ return {};
+ }
+ }
+
bool GenerateKey(string transform, int keySize, bool sign = false) {
if (transform == key_transform_) {
return true;
@@ -184,6 +203,12 @@
}
if (algorithm == Algorithm::EC) {
authSet.SetDefaultValidity();
+ std::optional<EcCurve> curve = getCurveFromLength(keySize);
+ if (!curve) {
+ std::cerr << "Error: invalid EC-Curve from size " << keySize << std::endl;
+ return false;
+ }
+ authSet.Authorization(TAG_EC_CURVE, curve.value());
}
error_ = GenerateKey(authSet);
return error_ == ErrorCode::OK;
diff --git a/security/secureclock/aidl/Android.bp b/security/secureclock/aidl/Android.bp
index 00a6ba3..853ad89 100644
--- a/security/secureclock/aidl/Android.bp
+++ b/security/secureclock/aidl/Android.bp
@@ -18,11 +18,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
rust: {
enabled: true,
apex_available: [
diff --git a/security/sharedsecret/aidl/Android.bp b/security/sharedsecret/aidl/Android.bp
index f1fce74..fe77c10 100644
--- a/security/sharedsecret/aidl/Android.bp
+++ b/security/sharedsecret/aidl/Android.bp
@@ -18,11 +18,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
rust: {
enabled: true,
},
diff --git a/sensors/aidl/Android.bp b/sensors/aidl/Android.bp
index 1c2d83f..d04017c 100644
--- a/sensors/aidl/Android.bp
+++ b/sensors/aidl/Android.bp
@@ -23,11 +23,6 @@
java: {
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/soundtrigger/aidl/Android.bp b/soundtrigger/aidl/Android.bp
index 448895c..0658519 100644
--- a/soundtrigger/aidl/Android.bp
+++ b/soundtrigger/aidl/Android.bp
@@ -33,11 +33,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/usb/aidl/Android.bp b/usb/aidl/Android.bp
index 7eb6020..4f59f02 100644
--- a/usb/aidl/Android.bp
+++ b/usb/aidl/Android.bp
@@ -33,11 +33,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/uwb/aidl/Android.bp b/uwb/aidl/Android.bp
index cc61046..52f0605 100755
--- a/uwb/aidl/Android.bp
+++ b/uwb/aidl/Android.bp
@@ -21,9 +21,6 @@
enabled: false,
},
ndk: {
- vndk: {
- enabled: true,
- },
apex_available: [
"//apex_available:platform",
"com.android.uwb",
diff --git a/vibrator/aidl/Android.bp b/vibrator/aidl/Android.bp
index d4d5857..86ef027 100644
--- a/vibrator/aidl/Android.bp
+++ b/vibrator/aidl/Android.bp
@@ -19,11 +19,6 @@
java: {
sdk_version: "module_current",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: [
"1",
diff --git a/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp b/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
index 3841715..791d7e8 100644
--- a/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
+++ b/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
@@ -332,6 +332,7 @@
sleep(1);
EXPECT_EQ(Status::EX_NONE, vibrator->setAmplitude(1.0f).exceptionCode());
sleep(1);
+ EXPECT_TRUE(vibrator->off().isOk());
}
}
diff --git a/weaver/aidl/Android.bp b/weaver/aidl/Android.bp
index 8b4306f..caa92aa 100644
--- a/weaver/aidl/Android.bp
+++ b/weaver/aidl/Android.bp
@@ -16,11 +16,6 @@
java: {
platform_apis: true,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions: ["1"],
}
diff --git a/wifi/hostapd/aidl/Android.bp b/wifi/hostapd/aidl/Android.bp
index c97f8da..6240933 100644
--- a/wifi/hostapd/aidl/Android.bp
+++ b/wifi/hostapd/aidl/Android.bp
@@ -37,11 +37,6 @@
],
min_sdk_version: "30",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp
index eabbf1b..da3ff3a 100644
--- a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp
+++ b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp
@@ -38,11 +38,12 @@
: public ::testing::TestWithParam<std::tuple<std::string, std::string>> {
public:
virtual void SetUp() override {
- // Stop Wi-Fi
- ASSERT_TRUE(stopWifiFramework()); // stop & wait for wifi to shutdown.
-
wifi_instance_name_ = std::get<0>(GetParam());
supplicant_instance_name_ = std::get<1>(GetParam());
+
+ // Stop & wait for wifi to shutdown.
+ ASSERT_TRUE(stopWifiFramework(wifi_instance_name_));
+
std::system("/system/bin/start");
ASSERT_TRUE(waitForFrameworkReady());
isP2pOn_ =
diff --git a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp
index 086166a..6760663 100644
--- a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp
+++ b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp
@@ -28,26 +28,42 @@
using ::android::sp;
using ::android::hardware::configureRpcThreadpool;
-using ::android::hardware::joinRpcThreadpool;
using ::android::hardware::hidl_string;
using ::android::hardware::hidl_vec;
+using ::android::hardware::joinRpcThreadpool;
using ::android::hardware::Return;
using ::android::hardware::Void;
-using ::android::hardware::wifi::V1_0::ChipModeId;
-using ::android::hardware::wifi::V1_0::IWifiChip;
+using ::android::hardware::wifi::supplicant::V1_0::IfaceType;
using ::android::hardware::wifi::supplicant::V1_0::ISupplicant;
using ::android::hardware::wifi::supplicant::V1_0::ISupplicantIface;
using ::android::hardware::wifi::supplicant::V1_0::ISupplicantNetwork;
+using ::android::hardware::wifi::supplicant::V1_0::ISupplicantP2pIface;
using ::android::hardware::wifi::supplicant::V1_0::ISupplicantStaIface;
using ::android::hardware::wifi::supplicant::V1_0::ISupplicantStaNetwork;
-using ::android::hardware::wifi::supplicant::V1_0::ISupplicantP2pIface;
-using ::android::hardware::wifi::supplicant::V1_0::IfaceType;
using ::android::hardware::wifi::supplicant::V1_0::SupplicantStatus;
using ::android::hardware::wifi::supplicant::V1_0::SupplicantStatusCode;
+using ::android::hardware::wifi::V1_0::ChipModeId;
+using ::android::hardware::wifi::V1_0::IWifi;
+using ::android::hardware::wifi::V1_0::IWifiChip;
using ::android::wifi_system::InterfaceTool;
using ::android::wifi_system::SupplicantManager;
namespace {
+
+bool waitForWifiHalStop(const std::string& wifi_instance_name) {
+ sp<IWifi> wifi = getWifi(wifi_instance_name);
+ int count = 50; /* wait at most 5 seconds for completion */
+ while (count-- > 0) {
+ if (wifi != nullptr && !wifi->isStarted()) {
+ return true;
+ }
+ usleep(100000);
+ wifi = getWifi(wifi_instance_name);
+ }
+ LOG(ERROR) << "Wifi HAL was not stopped";
+ return false;
+}
+
bool waitForSupplicantState(bool is_running) {
SupplicantManager supplicant_manager;
int count = 50; /* wait at most 5 seconds for completion */
@@ -113,10 +129,10 @@
return waitForSupplicantStart(); // wait for wifi to start.
}
-bool stopWifiFramework() {
+bool stopWifiFramework(const std::string& wifi_instance_name) {
std::system("svc wifi disable");
std::system("cmd wifi set-scan-always-available disabled");
- return waitForSupplicantStop(); // wait for wifi to shutdown.
+ return waitForSupplicantStop() && waitForWifiHalStop(wifi_instance_name);
}
void stopSupplicant() { stopSupplicant(""); }
diff --git a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h
index 7228623..2198d7c 100644
--- a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h
+++ b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h
@@ -33,7 +33,7 @@
bool startWifiFramework();
// Used to stop the android wifi framework before every test.
-bool stopWifiFramework();
+bool stopWifiFramework(const std::string& wifi_instance_name);
void stopSupplicant(const std::string& wifi_instance_name);
// Used to configure the chip, driver and start wpa_supplicant before every
@@ -77,12 +77,13 @@
: public ::testing::TestWithParam<std::tuple<std::string, std::string>> {
public:
virtual void SetUp() override {
- // Stop Wi-Fi
- ASSERT_TRUE(stopWifiFramework()); // stop & wait for wifi to shutdown.
-
- // should always be v1.0 wifi
- wifi_v1_0_instance_name_ = std::get<0>(GetParam());
+ wifi_v1_0_instance_name_ =
+ std::get<0>(GetParam()); // should always be v1.0 wifi
supplicant_instance_name_ = std::get<1>(GetParam());
+
+ // Stop & wait for wifi to shutdown.
+ ASSERT_TRUE(stopWifiFramework(wifi_v1_0_instance_name_));
+
std::system("/system/bin/start");
ASSERT_TRUE(waitForFrameworkReady());
isP2pOn_ =
diff --git a/wifi/supplicant/aidl/Android.bp b/wifi/supplicant/aidl/Android.bp
index ca0785b..35de751 100644
--- a/wifi/supplicant/aidl/Android.bp
+++ b/wifi/supplicant/aidl/Android.bp
@@ -37,11 +37,6 @@
],
min_sdk_version: "30",
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
},
versions_with_info: [
{
diff --git a/wifi/supplicant/aidl/vts/functional/supplicant_test_utils.h b/wifi/supplicant/aidl/vts/functional/supplicant_test_utils.h
index 17e0394..31042a2 100644
--- a/wifi/supplicant/aidl/vts/functional/supplicant_test_utils.h
+++ b/wifi/supplicant/aidl/vts/functional/supplicant_test_utils.h
@@ -78,7 +78,7 @@
void stopSupplicantService() { stopSupplicant(getWifiInstanceName()); }
void initializeService() {
- ASSERT_TRUE(stopWifiFramework());
+ ASSERT_TRUE(stopWifiFramework(getWifiInstanceName()));
std::system("/system/bin/start");
ASSERT_TRUE(waitForFrameworkReady());
stopSupplicantService();