Merge "Fix a bug that would access uninitialized data." into tm-dev am: 7ab075cb83
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/18207278
Change-Id: If391668da5103306575b6c8c9e8d183a52b59b89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/audio/common/all-versions/default/tests/hidlutils_tests.cpp b/audio/common/all-versions/default/tests/hidlutils_tests.cpp
index ec16b02..e5ed844 100644
--- a/audio/common/all-versions/default/tests/hidlutils_tests.cpp
+++ b/audio/common/all-versions/default/tests/hidlutils_tests.cpp
@@ -17,6 +17,7 @@
#include <array>
#include <string>
+#include <android-base/test_utils.h>
#include <gtest/gtest.h>
#define LOG_TAG "HidlUtils_Test"
@@ -1100,6 +1101,7 @@
TYPED_TEST_SUITE(FilterTest, FilterTestTypeParams);
TYPED_TEST(FilterTest, FilterOutNonVendorTags) {
+ SKIP_WITH_HWASAN; // b/230535046
TypeParam emptyTags;
EXPECT_EQ(emptyTags, HidlUtils::filterOutNonVendorTags(emptyTags));
diff --git a/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp b/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp
index 90cdc66..fb8df99 100644
--- a/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp
+++ b/bluetooth/1.0/default/test/fuzzer/bluetoothV1.0_fuzzer.cpp
@@ -88,11 +88,18 @@
}
mBtHci->close();
mBtHci.clear();
+ for (size_t i = 0; i < mFdCount; ++i) {
+ if (mFdList[i]) {
+ close(mFdList[i]);
+ }
+ }
}
bool init(const uint8_t* data, size_t size);
void process();
private:
+ size_t mFdCount = 1;
+ int32_t mFdList[CH_MAX] = {0};
sp<BluetoothHci> mBtHci = nullptr;
FuzzedDataProvider* mFdp = nullptr;
};
@@ -143,17 +150,15 @@
bool shouldSetH4Protocol = mFdp->ConsumeBool();
BtVendor* btVendor = BtVendor::getInstance();
- size_t fdcount = 1;
- int32_t fdList[CH_MAX] = {0};
if (!shouldSetH4Protocol) {
- fdcount = mFdp->ConsumeIntegralInRange<size_t>(kMinFdcount, CH_MAX - 1);
+ mFdCount = mFdp->ConsumeIntegralInRange<size_t>(kMinFdcount, CH_MAX - 1);
}
- for (size_t i = 0; i < fdcount; ++i) {
- fdList[i] = open("/dev/null", O_RDWR | O_CREAT);
+ for (size_t i = 0; i < mFdCount; ++i) {
+ mFdList[i] = open("/dev/null", O_RDWR | O_CREAT);
}
- btVendor->populateFdList(fdList, fdcount);
+ btVendor->populateFdList(mFdList, mFdCount);
mBtHci->initialize(bluetoothCallback);
if (!bluetoothCallback->isInitialized) {
@@ -181,12 +186,6 @@
}
btVendor->callRemainingCbacks();
-
- for (size_t i = 0; i < fdcount; ++i) {
- if (fdList[i]) {
- close(fdList[i]);
- }
- }
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 422b37e..524242f 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -87,7 +87,6 @@
vintf_compatibility_matrix {
name: "framework_compatibility_matrix.current.xml",
- enabled: false,
stem: "compatibility_matrix.current.xml",
srcs: [
"compatibility_matrix.current.xml",
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
index d6a44d0..d19f0da 100644
--- a/compatibility_matrices/Android.mk
+++ b/compatibility_matrices/Android.mk
@@ -103,6 +103,7 @@
framework_compatibility_matrix.5.xml \
framework_compatibility_matrix.6.xml \
framework_compatibility_matrix.7.xml \
+ framework_compatibility_matrix.current.xml \
framework_compatibility_matrix.device.xml \
my_framework_matrix_deps += \
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 8b3875b..6db58f2 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -100,13 +100,15 @@
* SignerName = tstr
*
* DKCertChain = [
- * 2* X509Certificate // Root -> ... -> Leaf. "Root" is the vendor self-signed
+ * 2* Certificate // Root -> ... -> Leaf. "Root" is the vendor self-signed
* // cert, "Leaf" contains DK_pub. There may also be
* // intermediate certificates between Root and Leaf.
* ]
*
- * // A bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
- * X509Certificate = bstr
+ * // Certificates may be either:
+ * // 1. COSE_Sign1, with payload containing PubKeyEd25519 or PubKeyECDSA256
+ * // 2. a bstr containing a DER-encoded X.509 certificate (RSA, NIST P-curve, or edDSA)
+ * Certificate = COSE_Sign1 / bstr
*
* // The SignedMac, which authenticates the MAC key that is used to authenticate the
* // keysToSign.
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index b28ebcb..42dfad5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -504,7 +504,9 @@
* that is necessary during all uses of the key. In particular, calls to exportKey() and
* getKeyCharacteristics() must provide the same value to the clientId parameter, and calls to
* begin() must provide this tag and the same associated data as part of the inParams set. If
- * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+ * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB. Note
+ * that a key with a zero-length APPLICATION_ID cannot have its key characteristics retrieved
+ * using getKeyCharacteristics() due to a historical limitation of the API.
*
* The content of this tag must be bound to the key cryptographically, meaning it must not be
* possible for an adversary who has access to all of the secure world secrets but does not have
@@ -525,7 +527,9 @@
* that is necessary during all uses of the key. In particular, calls to begin() and
* exportKey() must provide the same value to the appData parameter, and calls to begin must
* provide this tag and the same associated data as part of the inParams set. If the correct
- * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+ * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB. Note that a key
+ * with a zero-length APPLICATION_DATA cannot have its key characteristics retrieved using
+ * getKeyCharacteristics() due to a historical limitation of the API.
*
* The content of this tag must be bound to the key cryptographically, meaning it must not be
* possible for an adversary who has access to all of the secure world secrets but does not have