Merge "matrix: Add version 1 to AIDL HALs (AOSP)"
diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml
index 706bf55..a328f4f 100644
--- a/compatibility_matrices/compatibility_matrix.current.xml
+++ b/compatibility_matrices/compatibility_matrix.current.xml
@@ -85,7 +85,7 @@
<name>android.hardware.automotive.sv</name>
<version>1.0</version>
<interface>
- <name>ISurroundView</name>
+ <name>ISurroundViewService</name>
<instance>default</instance>
</interface>
</hal>
diff --git a/memtrack/aidl/vts/VtsHalMemtrackTargetTest.cpp b/memtrack/aidl/vts/VtsHalMemtrackTargetTest.cpp
index 2393c56..d5f4612 100644
--- a/memtrack/aidl/vts/VtsHalMemtrackTargetTest.cpp
+++ b/memtrack/aidl/vts/VtsHalMemtrackTargetTest.cpp
@@ -79,10 +79,10 @@
auto status = memtrack_->getGpuDeviceInfo(&device_info);
- // Devices with < 5.10 kernels aren't required to provide an implementation of
+ // Devices with < 5.4 kernels aren't required to provide an implementation of
// getGpuDeviceInfo(), and can return EX_UNSUPPORTED_OPERATION
if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
- KernelVersion min_kernel_version = KernelVersion(5, 10, 0);
+ KernelVersion min_kernel_version = KernelVersion(5, 4, 0);
KernelVersion kernel_version = VintfObject::GetInstance()
->getRuntimeInfo(RuntimeInfo::FetchFlag::CPU_VERSION)
->kernelVersion();
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl
index 78da3e8..c720d6d 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl
@@ -36,4 +36,5 @@
SOFTWARE = 0,
TRUSTED_ENVIRONMENT = 1,
STRONGBOX = 2,
+ KEYSTORE = 100,
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index b149ac9..69bec2d7 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -36,7 +36,6 @@
* deciding whether a given tag from `keyParams` argument to the generation/import method should
* be returned in `keyCharacteristics` are:
*
- * - If the IKeyMintDevice cannot fully enforce the semantics of the tag, it should be omitted.
* - If the semantics of the tag are fully enforced by the IKeyMintDevice, without any
* assistance from components running at other security levels, it should be included in an
* entry with the SecurityLevel of the IKeyMintDevice.
@@ -45,6 +44,9 @@
* SecurityLevel of the involved components. For example if a StrongBox IKeyMintDevice relies
* on a TEE to validate biometric authentication, biometric authentication tags go in an entry
* with SecurityLevel::TRUSTED_ENVIRONMENT.
+ * - If the semantics are not enforced by KeyMint at all, SecurityLevel::KEYSTORE is used to
+ * indicate that Keystore should enforce. Note that in Keymaster (predecessor to KeyMint),
+ * these tags would have been in SecurityLevel::SOFTWARE.
*/
KeyCharacteristics[] keyCharacteristics;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl b/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl
index 10363e9..c63859c 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl
@@ -17,16 +17,59 @@
package android.hardware.security.keymint;
/**
- * Device security levels.
+ * Device security levels. These enum values are used in two ways:
+ *
+ * 1. Returned from IKeyMintDevice::getHardwareInfo to identify the security level of the
+ * IKeyMintDevice. This characterizes the sort of environment in which the KeyMint
+ * implementation runs, and therefore the security of its operations.
+ *
+ * 2. Associated with individual KeyMint authorization Tags in KeyCharacteristics or in attestation
+ * certificates. This specifies the security level of the weakest environment involved in
+ * enforcing that particular tag, i.e. the sort of security environment an attacker would have
+ * to subvert in order to break the enforcement of that tag.
*/
@VintfStability
@Backing(type="int")
enum SecurityLevel {
+ /**
+ * The SOFTWARE security level represents a KeyMint implementation that runs in an Android
+ * process, or a tag enforced by such an implementation. An attacker who can compromise that
+ * process, or obtain root, or subvert the kernel on the device can defeat it.
+ *
+ * Note that the distinction between SOFTWARE and KEYSTORE is only relevant on-device. For
+ * attestation purposes, these categories are combined into the software-enforced authorization
+ * list.
+ */
SOFTWARE = 0,
+
+ /**
+ * The TRUSTED_ENVIRONMENT security level represents a KeyMint implementation that runs in an
+ * Android process, or a tag enforced by such an implementation. An attacker who completely
+ * compromises Android, including the Linux kernel, does not have the ability to subvert it. At
+ * attacker who can find an exploit that gains them control of the trusted environment, or who
+ * has access to the physical device and can mount a sophisticated hardware attack, may be able
+ * to defeat it.
+ */
TRUSTED_ENVIRONMENT = 1,
/**
- * STRONGBOX specifies that the secure hardware satisfies the requirements specified in CDD
- * 9.11.2.
+ * The STRONGBOX security level represents a KeyMint implementation that runs in security
+ * hardware that satisfies the requirements specified in CDD 9.11.2. Roughly speaking, these
+ * are discrete, security-focus computing environments that are hardened against physical and
+ * side channel attack, and have had their security formally validated by a competent
+ * penetration testing lab.
*/
STRONGBOX = 2,
+
+ /**
+ * KeyMint implementations must never return the KEYSTORE security level from getHardwareInfo.
+ * It is used to specify tags that are not enforced by the IKeyMintDevice, but are instead
+ * to be enforced by Keystore. An attacker who can subvert the keystore process or gain root or
+ * subvert the kernel can prevent proper enforcement of these tags.
+ *
+ *
+ * Note that the distinction between SOFTWARE and KEYSTORE is only relevant on-device. When
+ * KeyMint generates an attestation certificate, these categories are combined into the
+ * software-enforced authorization list.
+ */
+ KEYSTORE = 100
}
diff --git a/sensors/common/default/2.X/Sensor.cpp b/sensors/common/default/2.X/Sensor.cpp
index 642fc89..1a7c628 100644
--- a/sensors/common/default/2.X/Sensor.cpp
+++ b/sensors/common/default/2.X/Sensor.cpp
@@ -313,7 +313,7 @@
mSensorInfo.maxRange = 1000.0f * M_PI / 180.0f;
mSensorInfo.resolution = 1000.0f * M_PI / (180.0f * 32768.0f);
mSensorInfo.power = 0.001f;
- mSensorInfo.minDelay = 2.5f * 1000; // microseconds
+ mSensorInfo.minDelay = 10 * 1000; // microseconds
mSensorInfo.maxDelay = kDefaultMaxDelayUs;
mSensorInfo.fifoReservedEventCount = 0;
mSensorInfo.fifoMaxEventCount = 0;
diff --git a/tetheroffload/control/1.1/IOffloadControl.hal b/tetheroffload/control/1.1/IOffloadControl.hal
index eb5b8a1..2eb54c8 100644
--- a/tetheroffload/control/1.1/IOffloadControl.hal
+++ b/tetheroffload/control/1.1/IOffloadControl.hal
@@ -37,11 +37,9 @@
* offload is started. This is because the quota values would likely become stale over
* time and would not reflect any new traffic that has occurred.
*
- * This API replaces {@link @1.0::IOffloadControl::setDataLimit}, the framework would always
- * calls this API if 1.1 HAL is supported. Otherwise, calls the other one. Thus, no
- * interaction between the two APIs need to be addressed. However, the hardware implementation
- * still needs to keep functionality of both in case of shipping with older framework that
- * doesn't support 1.1 HAL.
+ * This API replaces {@link @1.0::IOffloadControl::setDataLimit}, the framework will always
+ * call setDataWarningAndLimit on 1.1 implementations, and setDataLimit on 1.0 implementations.
+ * Thus, no interaction between the two APIs need to be addressed.
*
* The specified quota bytes MUST replace any previous quotas set by
* {@code setDataWarningAndLimit} specified on the same interface. It may be interpreted as