Merge "Rename kernel config modules from current to Q." into qt-dev
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 38882a2..7a779b9 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -64,10 +64,10 @@
}
vintf_compatibility_matrix {
- name: "framework_compatibility_matrix.current.xml",
- stem: "compatibility_matrix.current.xml",
+ name: "framework_compatibility_matrix.4.xml",
+ stem: "compatibility_matrix.4.xml",
srcs: [
- "compatibility_matrix.current.xml",
+ "compatibility_matrix.4.xml",
],
kernel_configs: [
"kernel_config_q_4.9",
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
index 425e376..b0caa7c 100644
--- a/compatibility_matrices/Android.mk
+++ b/compatibility_matrices/Android.mk
@@ -96,7 +96,7 @@
framework_compatibility_matrix.1.xml \
framework_compatibility_matrix.2.xml \
framework_compatibility_matrix.3.xml \
- framework_compatibility_matrix.current.xml \
+ framework_compatibility_matrix.4.xml \
framework_compatibility_matrix.device.xml \
my_framework_matrix_deps += \
diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.4.xml
similarity index 97%
rename from compatibility_matrices/compatibility_matrix.current.xml
rename to compatibility_matrices/compatibility_matrix.4.xml
index 999c29c..a4e77cc 100644
--- a/compatibility_matrices/compatibility_matrix.current.xml
+++ b/compatibility_matrices/compatibility_matrix.4.xml
@@ -80,14 +80,6 @@
</interface>
</hal>
<hal format="hidl" optional="true">
- <name>android.hardware.bluetooth.a2dp</name>
- <version>1.0</version>
- <interface>
- <name>IBluetoothAudioOffload</name>
- <instance>default</instance>
- </interface>
- </hal>
- <hal format="hidl" optional="true">
<name>android.hardware.bluetooth.audio</name>
<version>2.0</version>
<interface>
diff --git a/current.txt b/current.txt
index 875be97..1d1b80a 100644
--- a/current.txt
+++ b/current.txt
@@ -487,7 +487,7 @@
01c6398c90fc6be0640810e2c5d8a4863b457280132bb3f97dd5682e19632b62 android.hardware.graphics.bufferqueue@2.0::types
7a2d64095252f85781b2d521f4f11d04ce774544feececcec2088c568656e93c android.hardware.graphics.common@1.2::types
3dff04a36b86660b5807414587e530bb0c294ed56fdff06f8915ba0a9b73f974 android.hardware.graphics.composer@2.3::IComposer
-54bc1dc874f8bc0781767786075dafd33a0796c1eea7d2317231b8929280e946 android.hardware.graphics.composer@2.3::IComposerClient
+b2b0ef3e6f5e9bb4aa6e978bc62e017b3fd64dba95a2152e8b07e3b7c4581d4f android.hardware.graphics.composer@2.3::IComposerClient
033e096cb65e5093ee1d0e473892b9a487911d4611dbb65ebecb5cef18338923 android.hardware.graphics.mapper@3.0::IMapper
7183d9d9acfa41a61a64bdfed548e98299265a7bb1821a3ed204173b5c2cfd4a android.hardware.graphics.mapper@3.0::types
c3f831a66d5815baf74f5b82fe79cf099542ddae4dfab3f388e1d41828e794fc android.hardware.health.storage@1.0::IGarbageCollectCallback
@@ -509,7 +509,7 @@
b9422a9aca84df1ff9623dc12c0562abce97716e28d63a965f2bfb88f9ad9607 android.hardware.media.c2@1.0::IInputSurface
0a786a19e6753f9774a7ca7781c2a2edfe5c0b5fa112355dfa0e50ebedeb08b9 android.hardware.media.c2@1.0::IInputSurfaceConnection
7d3c292ca75ec3e22a8fd4ae72d2edb0659d280257e763786e766f3429954dd1 android.hardware.media.c2@1.0::types
-4880af120fc1640225abdc2c60bda6d79617d73484d5124913c7278af3b11e2d android.hardware.neuralnetworks@1.2::IBurstCallback
+5f6b6b99ffd0d51a5713174a3030a2a69273bcd476fc1b5ce814491437685857 android.hardware.neuralnetworks@1.2::IBurstCallback
19877e466ad8c6ed42b38050b77bd010cf7800ff365fdc8574f45bbfda03a758 android.hardware.neuralnetworks@1.2::IBurstContext
b83317b66721241887d2770b5ae95fd5af1e77c5daa7530ecb08fae8892f2b43 android.hardware.neuralnetworks@1.2::IDevice
92714960d1a53fc2ec557302b41c7cc93d2636d8364a44bd0f85be0c92927ff8 android.hardware.neuralnetworks@1.2::IExecutionCallback
diff --git a/graphics/composer/2.3/IComposerClient.hal b/graphics/composer/2.3/IComposerClient.hal
index 1eea306..4d6f78f 100644
--- a/graphics/composer/2.3/IComposerClient.hal
+++ b/graphics/composer/2.3/IComposerClient.hal
@@ -502,6 +502,10 @@
float minLuminance);
/**
+ * Use getDisplayCapabilities instead. If brightness is supported, must return
+ * DisplayCapability::BRIGHTNESS as one of the display capabilities via getDisplayCapabilities.
+ * Only use getDisplayCapabilities as the source of truth to query brightness support.
+ *
* Gets whether brightness operations are supported on a display.
*
* @param display
diff --git a/graphics/composer/2.3/vts/functional/VtsHalGraphicsComposerV2_3TargetTest.cpp b/graphics/composer/2.3/vts/functional/VtsHalGraphicsComposerV2_3TargetTest.cpp
index 56b2e33..d51c30a 100644
--- a/graphics/composer/2.3/vts/functional/VtsHalGraphicsComposerV2_3TargetTest.cpp
+++ b/graphics/composer/2.3/vts/functional/VtsHalGraphicsComposerV2_3TargetTest.cpp
@@ -572,6 +572,10 @@
std::find(capabilities.begin(), capabilities.end(),
IComposerClient::DisplayCapability::DOZE) != capabilities.end();
EXPECT_EQ(mComposerClient->getDozeSupport(mPrimaryDisplay), hasDozeSupport);
+ bool hasBrightnessSupport =
+ std::find(capabilities.begin(), capabilities.end(),
+ IComposerClient::DisplayCapability::BRIGHTNESS) != capabilities.end();
+ EXPECT_EQ(mComposerClient->getDisplayBrightnessSupport(mPrimaryDisplay), hasBrightnessSupport);
}
TEST_F(GraphicsComposerHidlTest, getDisplayCapabilitiesBadDisplay) {
@@ -604,24 +608,18 @@
}
/*
- * Test that getDisplayBrightnessSupport works as expected.
+ * Test that if brightness operations are supported, setDisplayBrightness works as expected.
*/
-TEST_F(GraphicsComposerHidlTest, getDisplayBrightnessSupport) {
+TEST_F(GraphicsComposerHidlTest, setDisplayBrightness) {
std::vector<IComposerClient::DisplayCapability> capabilities;
const auto error = mComposerClient->getDisplayCapabilities(mPrimaryDisplay, &capabilities);
ASSERT_EQ(Error::NONE, error);
bool brightnessSupport =
std::find(capabilities.begin(), capabilities.end(),
IComposerClient::DisplayCapability::BRIGHTNESS) != capabilities.end();
- EXPECT_EQ(mComposerClient->getDisplayBrightnessSupport(mPrimaryDisplay), brightnessSupport);
-}
-
-/*
- * Test that if brightness operations are supported, setDisplayBrightness works as expected.
- */
-TEST_F(GraphicsComposerHidlTest, setDisplayBrightness) {
- if (!mComposerClient->getDisplayBrightnessSupport(mPrimaryDisplay)) {
- EXPECT_EQ(mComposerClient->setDisplayBrightness(mPrimaryDisplay, 0.5f), Error::UNSUPPORTED);
+ if (!brightnessSupport) {
+ EXPECT_EQ(mComposerClient->getRaw()->setDisplayBrightness(mPrimaryDisplay, 0.5f),
+ Error::UNSUPPORTED);
GTEST_SUCCEED() << "Brightness operations are not supported";
return;
}
diff --git a/keymaster/4.0/support/attestation_record.cpp b/keymaster/4.0/support/attestation_record.cpp
index 6de0c1c..000d46e 100644
--- a/keymaster/4.0/support/attestation_record.cpp
+++ b/keymaster/4.0/support/attestation_record.cpp
@@ -16,6 +16,7 @@
#include <keymasterV4_0/attestation_record.h>
+#include <android-base/logging.h>
#include <assert.h>
#include <openssl/asn1t.h>
@@ -26,6 +27,8 @@
#include <keymasterV4_0/authorization_set.h>
#include <keymasterV4_0/openssl_utils.h>
+#define AT __FILE__ ":" << __LINE__
+
namespace android {
namespace hardware {
namespace keymaster {
@@ -304,6 +307,61 @@
return extract_auth_list(record->tee_enforced, tee_enforced);
}
+ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
+ hidl_vec<uint8_t>* verified_boot_key,
+ keymaster_verified_boot_t* verified_boot_state, bool* device_locked,
+ hidl_vec<uint8_t>* verified_boot_hash) {
+ if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) {
+ LOG(ERROR) << AT << "null pointer input(s)";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+ const uint8_t* p = asn1_key_desc;
+ KM_KEY_DESCRIPTION_Ptr record(d2i_KM_KEY_DESCRIPTION(nullptr, &p, asn1_key_desc_len));
+ if (!record.get()) {
+ LOG(ERROR) << AT << "Failed record parsing";
+ return ErrorCode::UNKNOWN_ERROR;
+ }
+ if (!record->tee_enforced) {
+ LOG(ERROR) << AT << "Failed hardware characteristic parsing";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+ if (!record->tee_enforced->root_of_trust) {
+ LOG(ERROR) << AT << "Failed root of trust parsing";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+ if (!record->tee_enforced->root_of_trust->verified_boot_key) {
+ LOG(ERROR) << AT << "Failed verified boot key parsing";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+ KM_ROOT_OF_TRUST* root_of_trust = record->tee_enforced->root_of_trust;
+
+ auto& vb_key = root_of_trust->verified_boot_key;
+ verified_boot_key->resize(vb_key->length);
+ memcpy(verified_boot_key->data(), vb_key->data, vb_key->length);
+
+ *verified_boot_state = static_cast<keymaster_verified_boot_t>(
+ ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
+ if (!verified_boot_state) {
+ LOG(ERROR) << AT << "Failed verified boot state parsing";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+
+ *device_locked = root_of_trust->device_locked;
+ if (!device_locked) {
+ LOG(ERROR) << AT << "Failed device locked parsing";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+
+ auto& vb_hash = root_of_trust->verified_boot_hash;
+ if (!vb_hash) {
+ LOG(ERROR) << AT << "Failed verified boot hash parsing";
+ return ErrorCode::INVALID_ARGUMENT;
+ }
+ verified_boot_hash->resize(vb_hash->length);
+ memcpy(verified_boot_hash->data(), vb_hash->data, vb_hash->length);
+ return ErrorCode::OK; // KM_ERROR_OK;
+}
+
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
diff --git a/keymaster/4.0/support/include/keymasterV4_0/attestation_record.h b/keymaster/4.0/support/include/keymasterV4_0/attestation_record.h
index fae403a..eb95cea 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/attestation_record.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/attestation_record.h
@@ -42,6 +42,13 @@
*/
static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17";
+enum keymaster_verified_boot_t {
+ KM_VERIFIED_BOOT_VERIFIED = 0,
+ KM_VERIFIED_BOOT_SELF_SIGNED = 1,
+ KM_VERIFIED_BOOT_UNVERIFIED = 2,
+ KM_VERIFIED_BOOT_FAILED = 3,
+};
+
ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
uint32_t* attestation_version, //
SecurityLevel* attestation_security_level,
@@ -51,6 +58,12 @@
AuthorizationSet* software_enforced,
AuthorizationSet* tee_enforced, //
hidl_vec<uint8_t>* unique_id);
+
+ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
+ hidl_vec<uint8_t>* verified_boot_key,
+ keymaster_verified_boot_t* verified_boot_state, bool* device_locked,
+ hidl_vec<uint8_t>* verified_boot_hash);
+
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index 995ae4f..a7b6c98 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -16,6 +16,7 @@
#include "KeymasterHidlTest.h"
+#include <chrono>
#include <vector>
#include <android-base/logging.h>
@@ -206,6 +207,47 @@
CheckedDeleteKey(&key_blob_);
}
+void KeymasterHidlTest::CheckCreationDateTime(
+ const AuthorizationSet& sw_enforced,
+ std::chrono::time_point<std::chrono::system_clock> creation) {
+ for (int i = 0; i < sw_enforced.size(); i++) {
+ if (sw_enforced[i].tag == TAG_CREATION_DATETIME) {
+ std::chrono::time_point<std::chrono::system_clock> now =
+ std::chrono::system_clock::now();
+ std::chrono::time_point<std::chrono::system_clock> reported_time{
+ std::chrono::milliseconds(sw_enforced[i].f.dateTime)};
+ // The test is flaky for EC keys, so a buffer time of 1 second will be added.
+ EXPECT_LE(creation - 1s, reported_time);
+ EXPECT_LE(reported_time, now + 1s);
+ }
+ }
+}
+
+void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
+ const HidlBuf& app_data,
+ KeyCharacteristics* key_characteristics) {
+ HidlBuf empty_buf = {};
+ EXPECT_EQ(ErrorCode::OK,
+ GetCharacteristics(key_blob, client_id, app_data, key_characteristics));
+ EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
+ EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
+
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ GetCharacteristics(key_blob, empty_buf, app_data, key_characteristics));
+ EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
+ EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
+
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ GetCharacteristics(key_blob, client_id, empty_buf, key_characteristics));
+ EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
+ EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
+
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ GetCharacteristics(key_blob, empty_buf, empty_buf, key_characteristics));
+ EXPECT_EQ(key_characteristics->hardwareEnforced.size(), 0);
+ EXPECT_EQ(key_characteristics->softwareEnforced.size(), 0);
+}
+
ErrorCode KeymasterHidlTest::GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
const HidlBuf& app_data,
KeyCharacteristics* key_characteristics) {
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.h b/keymaster/4.0/vts/functional/KeymasterHidlTest.h
index 4cd6a5b..015fc43 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.h
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.h
@@ -131,6 +131,11 @@
void CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob = false);
void CheckedDeleteKey();
+ static void CheckCreationDateTime(const AuthorizationSet& sw_enforced,
+ std::chrono::time_point<std::chrono::system_clock> creation);
+
+ void CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
+ const HidlBuf& app_data, KeyCharacteristics* key_characteristics);
ErrorCode GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
const HidlBuf& app_data, KeyCharacteristics* key_characteristics);
ErrorCode GetCharacteristics(const HidlBuf& key_blob, KeyCharacteristics* key_characteristics);
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 5c07532..fc96724 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -313,8 +313,9 @@
bool verify_attestation_record(const string& challenge, const string& app_id,
AuthorizationSet expected_sw_enforced,
- AuthorizationSet expected_tee_enforced, SecurityLevel security_level,
- const hidl_vec<uint8_t>& attestation_cert) {
+ AuthorizationSet expected_hw_enforced, SecurityLevel security_level,
+ const hidl_vec<uint8_t>& attestation_cert,
+ std::chrono::time_point<std::chrono::system_clock> creation_time) {
X509_Ptr cert(parse_cert_blob(attestation_cert));
EXPECT_TRUE(!!cert.get());
if (!cert.get()) return false;
@@ -324,7 +325,7 @@
if (!attest_rec) return false;
AuthorizationSet att_sw_enforced;
- AuthorizationSet att_tee_enforced;
+ AuthorizationSet att_hw_enforced;
uint32_t att_attestation_version;
uint32_t att_keymaster_version;
SecurityLevel att_attestation_security_level;
@@ -341,7 +342,7 @@
&att_keymaster_security_level, //
&att_challenge, //
&att_sw_enforced, //
- &att_tee_enforced, //
+ &att_hw_enforced, //
&att_unique_id);
EXPECT_EQ(ErrorCode::OK, error);
if (error != ErrorCode::OK) return false;
@@ -357,13 +358,105 @@
EXPECT_EQ(challenge.length(), att_challenge.size());
EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length()));
+ char property_value[PROPERTY_VALUE_MAX] = {};
+ for (int i = 0; i < att_hw_enforced.size(); i++) {
+ if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL ||
+ att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) {
+ std::string date = std::to_string(att_hw_enforced[i].f.integer);
+ // strptime seems to require delimiters, but the tag value will be YYYYMMDD
+ date.insert(6, "-");
+ date.insert(4, "-");
+ EXPECT_EQ(date.size(), 10);
+ struct tm time;
+ strptime(date.c_str(), "%Y-%m-%d", &time);
+
+ // Day of the month (0-31)
+ EXPECT_GT(time.tm_mday, 0);
+ EXPECT_LT(time.tm_mday, 32);
+ // Months since Jan (0-11)
+ EXPECT_GE(time.tm_mon, 0);
+ EXPECT_LT(time.tm_mon, 12);
+ // Years since 1900
+ EXPECT_GT(time.tm_year, 110);
+ EXPECT_LT(time.tm_year, 200);
+ }
+ }
+
+ // Check to make sure boolean values are properly encoded. Presence of a boolean tag indicates
+ // true. A provided boolean tag that can be pulled back out of the certificate indicates correct
+ // encoding. No need to check if it's in both lists, since the AuthorizationSet compare below
+ // will handle mismatches of tags.
+ EXPECT_TRUE(expected_hw_enforced.Contains(TAG_NO_AUTH_REQUIRED));
+
+ // Alternatively this checks the opposite - a false boolean tag (one that isn't provided in
+ // the authorization list during key generation) isn't being attested to in the certificate.
+ EXPECT_FALSE(expected_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED));
+ EXPECT_FALSE(att_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED));
+
+ KeymasterHidlTest::CheckCreationDateTime(att_sw_enforced, creation_time);
+
+ if (att_hw_enforced.Contains(TAG_ALGORITHM, Algorithm::EC)) {
+ // For ECDSA keys, either an EC_CURVE or a KEY_SIZE can be specified, but one must be.
+ EXPECT_TRUE(att_hw_enforced.Contains(TAG_EC_CURVE) ||
+ att_hw_enforced.Contains(TAG_KEY_SIZE));
+ }
+
+ // Test root of trust elements
+ HidlBuf verified_boot_key;
+ keymaster_verified_boot_t verified_boot_state;
+ bool device_locked;
+ HidlBuf verified_boot_hash;
+ error = parse_root_of_trust(attest_rec->data, attest_rec->length, &verified_boot_key,
+ &verified_boot_state, &device_locked, &verified_boot_hash);
+ EXPECT_EQ(ErrorCode::OK, error);
+
+ property_get("ro.boot.vbmeta.digest", property_value, "nogood");
+ EXPECT_NE(strcmp(property_value, "nogood"), 0);
+ string prop_string(property_value);
+ EXPECT_EQ(prop_string.size(), 64);
+ EXPECT_EQ(0, memcmp(verified_boot_hash.data(), prop_string.data(), verified_boot_hash.size()));
+
+ property_get("ro.boot.vbmeta.device_state", property_value, "nogood");
+ EXPECT_NE(property_value, "nogood");
+ if (!strcmp(property_value, "unlocked")) {
+ EXPECT_FALSE(device_locked);
+ } else {
+ EXPECT_TRUE(device_locked);
+ }
+
+ // Verified boot key should be all 0's if the boot state is not verified or self signed
+ std::string empty_boot_key(32, '\0');
+ std::string verified_boot_key_str((const char*)verified_boot_key.data(),
+ verified_boot_key.size());
+ property_get("ro.boot.verifiedbootstate", property_value, "nogood");
+ EXPECT_NE(property_value, "nogood");
+ if (!strcmp(property_value, "green")) {
+ EXPECT_EQ(verified_boot_state, KM_VERIFIED_BOOT_VERIFIED);
+ EXPECT_NE(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
+ verified_boot_key.size()));
+ } else if (!strcmp(property_value, "yellow")) {
+ EXPECT_EQ(verified_boot_state, KM_VERIFIED_BOOT_SELF_SIGNED);
+ EXPECT_NE(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
+ verified_boot_key.size()));
+ } else if (!strcmp(property_value, "orange")) {
+ EXPECT_EQ(verified_boot_state, KM_VERIFIED_BOOT_UNVERIFIED);
+ EXPECT_EQ(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
+ verified_boot_key.size()));
+ } else if (!strcmp(property_value, "red")) {
+ EXPECT_EQ(verified_boot_state, KM_VERIFIED_BOOT_FAILED);
+ EXPECT_EQ(0, memcmp(verified_boot_key.data(), empty_boot_key.data(),
+ verified_boot_key.size()));
+ } else {
+ EXPECT_TRUE(false);
+ }
+
att_sw_enforced.Sort();
expected_sw_enforced.Sort();
EXPECT_EQ(filter_tags(expected_sw_enforced), filter_tags(att_sw_enforced));
- att_tee_enforced.Sort();
- expected_tee_enforced.Sort();
- EXPECT_EQ(filter_tags(expected_tee_enforced), filter_tags(att_tee_enforced));
+ att_hw_enforced.Sort();
+ expected_hw_enforced.Sort();
+ EXPECT_EQ(filter_tags(expected_hw_enforced), filter_tags(att_hw_enforced));
return true;
}
@@ -446,6 +539,24 @@
}
/*
+ * NewKeyGenerationTest.RsaCheckCreationDateTime
+ *
+ * Verifies that creation date time is correct.
+ */
+TEST_F(NewKeyGenerationTest, RsaCheckCreationDateTime) {
+ KeyCharacteristics key_characteristics;
+ auto creation_time = std::chrono::system_clock::now();
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(2048, 3)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)));
+ GetCharacteristics(key_blob_, &key_characteristics);
+ AuthorizationSet sw_enforced = key_characteristics.softwareEnforced;
+ CheckCreationDateTime(sw_enforced, creation_time);
+}
+
+/*
* NewKeyGenerationTest.NoInvalidRsaSizes
*
* Verifies that keymaster cannot generate any RSA key sizes that are designated as invalid.
@@ -509,6 +620,23 @@
}
/*
+ * NewKeyGenerationTest.EcCheckCreationDateTime
+ *
+ * Verifies that creation date time is correct.
+ */
+TEST_F(NewKeyGenerationTest, EcCheckCreationDateTime) {
+ KeyCharacteristics key_characteristics;
+ auto creation_time = std::chrono::system_clock::now();
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(256)
+ .Digest(Digest::NONE)));
+ GetCharacteristics(key_blob_, &key_characteristics);
+ AuthorizationSet sw_enforced = key_characteristics.softwareEnforced;
+ CheckCreationDateTime(sw_enforced, creation_time);
+}
+
+/*
* NewKeyGenerationTest.EcdsaDefaultSize
*
* Verifies that failing to specify a key size for EC key generation returns UNSUPPORTED_KEY_SIZE.
@@ -748,6 +876,69 @@
}
/*
+ * SigningOperationsTest.RsaGetKeyCharacteristicsRequiresCorrectAppIdAppData
+ *
+ * Verifies that getting RSA key characteristics requires the correct app ID/data.
+ */
+TEST_F(SigningOperationsTest, RsaGetKeyCharacteristicsRequiresCorrectAppIdAppData) {
+ HidlBuf key_blob;
+ KeyCharacteristics key_characteristics;
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(2048, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata")),
+ &key_blob, &key_characteristics));
+ CheckGetCharacteristics(key_blob, HidlBuf("clientid"), HidlBuf("appdata"),
+ &key_characteristics);
+}
+
+/*
+ * SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData
+ *
+ * Verifies that using an RSA key requires the correct app ID/data.
+ */
+TEST_F(SigningOperationsTest, RsaUseRequiresCorrectAppIdAppData) {
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(2048, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))));
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)));
+ AbortIfNeeded();
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))));
+ AbortIfNeeded();
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))));
+ AbortIfNeeded();
+ EXPECT_EQ(ErrorCode::OK,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))));
+ AbortIfNeeded();
+}
+
+/*
* SigningOperationsTest.RsaPssSha256Success
*
* Verifies that RSA-PSS signature operations succeed.
@@ -1124,6 +1315,63 @@
}
/*
+ * SigningOperationsTest.EcGetKeyCharacteristicsRequiresCorrectAppIdAppData
+ *
+ * Verifies that getting EC key characteristics requires the correct app ID/data.
+ */
+TEST_F(SigningOperationsTest, EcGetKeyCharacteristicsRequiresCorrectAppIdAppData) {
+ HidlBuf key_blob;
+ KeyCharacteristics key_characteristics;
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(256)
+ .Digest(Digest::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata")),
+ &key_blob, &key_characteristics));
+ CheckGetCharacteristics(key_blob, HidlBuf("clientid"), HidlBuf("appdata"),
+ &key_characteristics);
+}
+
+/*
+ * SigningOperationsTest.EcUseRequiresCorrectAppIdAppData
+ *
+ * Verifies that using an EC key requires the correct app ID/data.
+ */
+TEST_F(SigningOperationsTest, EcUseRequiresCorrectAppIdAppData) {
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(256)
+ .Digest(Digest::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))));
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE)));
+ AbortIfNeeded();
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))));
+ AbortIfNeeded();
+ EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))));
+ AbortIfNeeded();
+ EXPECT_EQ(ErrorCode::OK,
+ Begin(KeyPurpose::SIGN,
+ AuthorizationSetBuilder()
+ .Digest(Digest::NONE)
+ .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))));
+ AbortIfNeeded();
+}
+
+/*
* SigningOperationsTest.AesEcbSign
*
* Verifies that attempts to use AES keys to sign fail in the correct way.
@@ -3922,6 +4170,7 @@
* Verifies that attesting to RSA keys works and generates the expected output.
*/
TEST_F(AttestationTest, RsaAttestation) {
+ auto creation_time = std::chrono::system_clock::now();
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
@@ -3946,7 +4195,7 @@
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- SecLevel(), cert_chain[0]));
+ SecLevel(), cert_chain[0], creation_time));
}
/*
@@ -3970,11 +4219,34 @@
}
/*
+ * AttestationTest.RsaAttestationRequiresCorrectAppId
+ *
+ * Verifies that attesting to RSA requires the correct app ID.
+ */
+TEST_F(AttestationTest, RsaAttestationRequiresCorrectAppId) {
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(2048, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("lol"))));
+
+ hidl_vec<hidl_vec<uint8_t>> cert_chain;
+ EXPECT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING,
+ AttestKey(AuthorizationSetBuilder()
+ .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
+ .Authorization(TAG_APPLICATION_ID, HidlBuf("heh")),
+ &cert_chain));
+}
+
+/*
* AttestationTest.EcAttestation
*
* Verifies that attesting to EC keys works and generates the expected output.
*/
TEST_F(AttestationTest, EcAttestation) {
+ auto creation_time = std::chrono::system_clock::now();
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_256)
@@ -3993,11 +4265,10 @@
string signature = SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
EXPECT_TRUE(verify_chain(cert_chain, message, signature));
-
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- SecLevel(), cert_chain[0]));
+ SecLevel(), cert_chain[0], creation_time));
}
/*
diff --git a/neuralnetworks/1.2/IBurstCallback.hal b/neuralnetworks/1.2/IBurstCallback.hal
index 3f82e31..cc38d7a 100644
--- a/neuralnetworks/1.2/IBurstCallback.hal
+++ b/neuralnetworks/1.2/IBurstCallback.hal
@@ -24,7 +24,7 @@
*/
interface IBurstCallback {
/**
- * Get the memory regions that correspond to slot ids. The slot ids are are
+ * Get the memory regions that correspond to slot ids. The slot ids are
* unique to the burst object.
*
* @param slots Values uniquely identifying memory regions within a Burst.
diff --git a/vibrator/1.3/example/Vibrator.cpp b/vibrator/1.3/example/Vibrator.cpp
index 0cb37e6..b529437 100644
--- a/vibrator/1.3/example/Vibrator.cpp
+++ b/vibrator/1.3/example/Vibrator.cpp
@@ -56,27 +56,30 @@
}
Return<Status> Vibrator::setAmplitude(uint8_t amplitude) {
+ if (!amplitude) {
+ return Status::BAD_VALUE;
+ }
ALOGI("Amplitude: %u -> %u\n", mAmplitude, amplitude);
mAmplitude = amplitude;
return Status::OK;
}
Return<void> Vibrator::perform(V1_0::Effect effect, EffectStrength strength, perform_cb _hidl_cb) {
- return perform_1_1(static_cast<V1_1::Effect_1_1>(effect), strength, _hidl_cb);
+ return perform<decltype(effect)>(effect, strength, _hidl_cb);
}
// Methods from ::android::hardware::vibrator::V1_1::IVibrator follow.
Return<void> Vibrator::perform_1_1(V1_1::Effect_1_1 effect, EffectStrength strength,
perform_cb _hidl_cb) {
- return perform_1_2(static_cast<V1_2::Effect>(effect), strength, _hidl_cb);
+ return perform<decltype(effect)>(effect, strength, _hidl_cb);
}
// Methods from ::android::hardware::vibrator::V1_2::IVibrator follow.
Return<void> Vibrator::perform_1_2(V1_2::Effect effect, EffectStrength strength,
perform_cb _hidl_cb) {
- return perform_1_3(static_cast<V1_3::Effect>(effect), strength, _hidl_cb);
+ return perform<decltype(effect)>(effect, strength, _hidl_cb);
}
// Methods from ::android::hardware::vibrator::V1_3::IVibrator follow.
@@ -98,6 +101,12 @@
}
Return<void> Vibrator::perform_1_3(Effect effect, EffectStrength strength, perform_cb _hidl_cb) {
+ return perform<decltype(effect)>(effect, strength, _hidl_cb);
+}
+
+// Private methods follow.
+
+Return<void> Vibrator::perform(Effect effect, EffectStrength strength, perform_cb _hidl_cb) {
uint8_t amplitude;
uint32_t ms;
Status status = Status::OK;
@@ -123,7 +132,15 @@
return Void();
}
-// Private methods follow.
+template <typename T>
+Return<void> Vibrator::perform(T effect, EffectStrength strength, perform_cb _hidl_cb) {
+ auto validRange = hidl_enum_range<T>();
+ if (effect < *validRange.begin() || effect > *std::prev(validRange.end())) {
+ _hidl_cb(Status::UNSUPPORTED_OPERATION, 0);
+ return Void();
+ }
+ return perform(static_cast<Effect>(effect), strength, _hidl_cb);
+}
Status Vibrator::enable(bool enabled) {
if (mExternalControl) {
diff --git a/vibrator/1.3/example/Vibrator.h b/vibrator/1.3/example/Vibrator.h
index 64e8e1b..5180774 100644
--- a/vibrator/1.3/example/Vibrator.h
+++ b/vibrator/1.3/example/Vibrator.h
@@ -54,6 +54,9 @@
Return<void> perform_1_3(Effect effect, EffectStrength strength, perform_cb _hidl_cb) override;
private:
+ Return<void> perform(Effect effect, EffectStrength strength, perform_cb _hidl_cb);
+ template <typename T>
+ Return<void> perform(T effect, EffectStrength strength, perform_cb _hidl_cb);
Status enable(bool enabled);
Status activate(uint32_t ms);
void timeout();