Merge changes from topic "AidlAudioHalModuleConfig" into main
* changes:
audio: Use hardcoded r_submix configuration with XML
audio: Set connectedProfiles for non-attached device ports.
audio: Populate MicrophoneInfo with vendor data
audio: Parse module configurations from the APM XML files
diff --git a/media/OWNERS b/media/OWNERS
index 71a53ef..01b440a 100644
--- a/media/OWNERS
+++ b/media/OWNERS
@@ -1,7 +1,6 @@
# Bug component: 25690
# Media team
-jgus@google.com
lajos@google.com
taklee@google.com
wonsik@google.com
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 3a8a1e8..822770d 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -79,7 +79,8 @@
typedef KeyMintAidlTestBase::KeyData KeyData;
// Predicate for testing basic characteristics validity in generation or import.
bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
- const vector<KeyCharacteristics>& key_characteristics) {
+ const vector<KeyCharacteristics>& key_characteristics,
+ int32_t aidl_version) {
if (key_characteristics.empty()) return false;
std::unordered_set<SecurityLevel> levels_seen;
@@ -89,7 +90,12 @@
return false;
}
- EXPECT_EQ(count_tag_invalid_entries(entry.authorizations), 0);
+ // There was no test to assert that INVALID tag should not present in authorization list
+ // before Keymint V3, so there are some Keymint implementations where asserting for INVALID
+ // tag fails(b/297306437), hence skipping for Keymint < 3.
+ if (aidl_version >= 3) {
+ EXPECT_EQ(count_tag_invalid_entries(entry.authorizations), 0);
+ }
// Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;
@@ -264,7 +270,7 @@
vendor_patch_level_ = getVendorPatchlevel();
}
-int32_t KeyMintAidlTestBase::AidlVersion() {
+int32_t KeyMintAidlTestBase::AidlVersion() const {
int32_t version = 0;
auto status = keymint_->getInterfaceVersion(&version);
if (!status.isOk()) {
@@ -294,8 +300,8 @@
KeyCreationResult creationResult;
Status result = keymint_->generateKey(key_desc.vector_data(), attest_key, &creationResult);
if (result.isOk()) {
- EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
- creationResult.keyCharacteristics);
+ EXPECT_PRED3(KeyCharacteristicsBasicallyValid, SecLevel(),
+ creationResult.keyCharacteristics, AidlVersion());
EXPECT_GT(creationResult.keyBlob.size(), 0);
*key_blob = std::move(creationResult.keyBlob);
*key_characteristics = std::move(creationResult.keyCharacteristics);
@@ -367,8 +373,8 @@
{} /* attestationSigningKeyBlob */, &creationResult);
if (result.isOk()) {
- EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
- creationResult.keyCharacteristics);
+ EXPECT_PRED3(KeyCharacteristicsBasicallyValid, SecLevel(),
+ creationResult.keyCharacteristics, AidlVersion());
EXPECT_GT(creationResult.keyBlob.size(), 0);
*key_blob = std::move(creationResult.keyBlob);
@@ -411,8 +417,8 @@
unwrapping_params.vector_data(), password_sid, biometric_sid, &creationResult);
if (result.isOk()) {
- EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
- creationResult.keyCharacteristics);
+ EXPECT_PRED3(KeyCharacteristicsBasicallyValid, SecLevel(),
+ creationResult.keyCharacteristics, AidlVersion());
EXPECT_GT(creationResult.keyBlob.size(), 0);
key_blob_ = std::move(creationResult.keyBlob);
@@ -2068,27 +2074,36 @@
return retval;
}
-void assert_mgf_digests_present_in_key_characteristics(
+void KeyMintAidlTestBase::assert_mgf_digests_present_or_not_in_key_characteristics(
+ std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
+ bool is_mgf_digest_expected) const {
+ assert_mgf_digests_present_or_not_in_key_characteristics(
+ key_characteristics_, expected_mgf_digests, is_mgf_digest_expected);
+}
+
+void KeyMintAidlTestBase::assert_mgf_digests_present_or_not_in_key_characteristics(
const vector<KeyCharacteristics>& key_characteristics,
- std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests) {
+ std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
+ bool is_mgf_digest_expected) const {
+ // There was no test to assert that MGF1 digest was present in generated/imported key
+ // characteristics before Keymint V3, so there are some Keymint implementations where
+ // asserting for MGF1 digest fails(b/297306437), hence skipping for Keymint < 3.
+ if (AidlVersion() < 3) {
+ return;
+ }
AuthorizationSet auths;
for (auto& entry : key_characteristics) {
auths.push_back(AuthorizationSet(entry.authorizations));
}
for (auto digest : expected_mgf_digests) {
- ASSERT_TRUE(auths.Contains(TAG_RSA_OAEP_MGF_DIGEST, digest));
+ if (is_mgf_digest_expected) {
+ ASSERT_TRUE(auths.Contains(TAG_RSA_OAEP_MGF_DIGEST, digest));
+ } else {
+ ASSERT_FALSE(auths.Contains(TAG_RSA_OAEP_MGF_DIGEST, digest));
+ }
}
}
-bool is_mgf_digest_present(const vector<KeyCharacteristics>& key_characteristics,
- android::hardware::security::keymint::Digest expected_mgf_digest) {
- AuthorizationSet auths;
- for (auto& entry : key_characteristics) {
- auths.push_back(AuthorizationSet(entry.authorizations));
- }
- return auths.Contains(TAG_RSA_OAEP_MGF_DIGEST, expected_mgf_digest);
-}
-
namespace {
void check_cose_key(const vector<uint8_t>& data, bool testMode) {
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 9778b3d..4fb711c 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -95,7 +95,7 @@
void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
IKeyMintDevice& keyMint() { return *keymint_; }
- int32_t AidlVersion();
+ int32_t AidlVersion() const;
uint32_t os_version() { return os_version_; }
uint32_t os_patch_level() { return os_patch_level_; }
uint32_t vendor_patch_level() { return vendor_patch_level_; }
@@ -373,6 +373,15 @@
bool shouldSkipAttestKeyTest(void) const;
void skipAttestKeyTest(void) const;
+ void assert_mgf_digests_present_or_not_in_key_characteristics(
+ const vector<KeyCharacteristics>& key_characteristics,
+ std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
+ bool is_mgf_digest_expected) const;
+
+ void assert_mgf_digests_present_or_not_in_key_characteristics(
+ std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests,
+ bool is_mgf_digest_expected) const;
+
protected:
std::shared_ptr<IKeyMintDevice> keymint_;
uint32_t os_version_;
@@ -430,11 +439,6 @@
X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
ASN1_OCTET_STRING* get_attestation_record(X509* certificate);
vector<uint8_t> make_name_from_str(const string& name);
-void assert_mgf_digests_present_in_key_characteristics(
- const vector<KeyCharacteristics>& key_characteristics,
- std::vector<android::hardware::security::keymint::Digest>& expected_mgf_digests);
-bool is_mgf_digest_present(const vector<KeyCharacteristics>& key_characteristics,
- android::hardware::security::keymint::Digest expected_mgf_digest);
void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
vector<uint8_t>* payload_value);
void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index de563c4..a8f17dd 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4743,6 +4743,12 @@
* should have the correct characteristics.
*/
TEST_P(ImportKeyTest, RsaOaepMGFDigestSuccess) {
+ // There was no test to assert that MGF1 digest was present in generated/imported key
+ // characteristics before Keymint V3, so there are some Keymint implementations where
+ // this test case fails(b/297306437), hence this test is skipped for Keymint < 3.
+ if (AidlVersion() < 3) {
+ GTEST_SKIP() << "Test not applicable to Keymint < V3";
+ }
auto mgf_digests = ValidDigests(false /* withNone */, true /* withMD5 */);
size_t key_size = 2048;
@@ -4763,7 +4769,7 @@
CheckOrigin();
// Make sure explicitly specified mgf-digests exist in key characteristics.
- assert_mgf_digests_present_in_key_characteristics(key_characteristics_, mgf_digests);
+ assert_mgf_digests_present_or_not_in_key_characteristics(mgf_digests, true);
string message = "Hello";
@@ -4827,8 +4833,9 @@
CheckCryptoParam(TAG_PADDING, PaddingMode::RSA_OAEP);
CheckOrigin();
+ vector defaultDigest = {Digest::SHA1};
// Make sure default mgf-digest (SHA1) is not included in Key characteristics.
- ASSERT_FALSE(is_mgf_digest_present(key_characteristics_, Digest::SHA1));
+ assert_mgf_digests_present_or_not_in_key_characteristics(defaultDigest, false);
}
INSTANTIATE_KEYMINT_AIDL_TEST(ImportKeyTest);
@@ -5256,7 +5263,7 @@
*/
TEST_P(EncryptionOperationsTest, RsaOaepSuccess) {
auto digests = ValidDigests(false /* withNone */, true /* withMD5 */);
- auto mgf_digest = Digest::SHA1;
+ auto mgf_digest = vector{Digest::SHA1};
size_t key_size = 2048; // Need largish key for SHA-512 test.
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
@@ -5264,11 +5271,11 @@
.RsaEncryptionKey(key_size, 65537)
.Padding(PaddingMode::RSA_OAEP)
.Digest(digests)
- .Authorization(TAG_RSA_OAEP_MGF_DIGEST, mgf_digest)
+ .OaepMGFDigest(mgf_digest)
.SetDefaultValidity()));
// Make sure explicitly specified mgf-digest exist in key characteristics.
- ASSERT_TRUE(is_mgf_digest_present(key_characteristics_, mgf_digest));
+ assert_mgf_digests_present_or_not_in_key_characteristics(mgf_digest, true);
string message = "Hello";
@@ -5393,21 +5400,21 @@
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)
.SetDefaultValidity()));
+ if (AidlVersion() >= 3) {
+ std::vector<Digest> mgf1DigestsInAuths;
+ mgf1DigestsInAuths.reserve(digests.size());
+ const auto& hw_auths = SecLevelAuthorizations(key_characteristics_);
+ std::for_each(hw_auths.begin(), hw_auths.end(), [&](auto& param) {
+ if (param.tag == Tag::RSA_OAEP_MGF_DIGEST) {
+ KeyParameterValue value = param.value;
+ mgf1DigestsInAuths.push_back(param.value.template get<KeyParameterValue::digest>());
+ }
+ });
- std::vector<Digest> mgf1DigestsInAuths;
- mgf1DigestsInAuths.reserve(digests.size());
- const auto& hw_auths = SecLevelAuthorizations(key_characteristics_);
- std::for_each(hw_auths.begin(), hw_auths.end(), [&](auto& param) {
- if (param.tag == Tag::RSA_OAEP_MGF_DIGEST) {
- KeyParameterValue value = param.value;
- mgf1DigestsInAuths.push_back(param.value.template get<KeyParameterValue::digest>());
- }
- });
-
- std::sort(digests.begin(), digests.end());
- std::sort(mgf1DigestsInAuths.begin(), mgf1DigestsInAuths.end());
- EXPECT_EQ(digests, mgf1DigestsInAuths);
-
+ std::sort(digests.begin(), digests.end());
+ std::sort(mgf1DigestsInAuths.begin(), mgf1DigestsInAuths.end());
+ EXPECT_EQ(digests, mgf1DigestsInAuths);
+ }
string message = "Hello";
for (auto digest : digests) {
@@ -5462,8 +5469,9 @@
.Digest(Digest::SHA_2_256)
.SetDefaultValidity()));
+ vector defaultDigest = vector{Digest::SHA1};
// Make sure default mgf-digest (SHA1) is not included in Key characteristics.
- ASSERT_FALSE(is_mgf_digest_present(key_characteristics_, Digest::SHA1));
+ assert_mgf_digests_present_or_not_in_key_characteristics(defaultDigest, false);
// Do local RSA encryption using the default MGF digest of SHA-1.
string message = "Hello";
@@ -5499,19 +5507,20 @@
*/
TEST_P(EncryptionOperationsTest, RsaOaepMGFDigestDefaultFail) {
size_t key_size = 2048;
- auto mgf_digest = Digest::SHA_2_256;
+ auto mgf_digest = vector{Digest::SHA_2_256};
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_RSA_OAEP_MGF_DIGEST, mgf_digest)
+ .OaepMGFDigest(mgf_digest)
.RsaEncryptionKey(key_size, 65537)
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)
.SetDefaultValidity()));
// Make sure explicitly specified mgf-digest exist in key characteristics.
- ASSERT_TRUE(is_mgf_digest_present(key_characteristics_, mgf_digest));
+ assert_mgf_digests_present_or_not_in_key_characteristics(mgf_digest, true);
+ vector defaultDigest = vector{Digest::SHA1};
// Make sure default mgf-digest is not included in key characteristics.
- ASSERT_FALSE(is_mgf_digest_present(key_characteristics_, Digest::SHA1));
+ assert_mgf_digests_present_or_not_in_key_characteristics(defaultDigest, false);
// Do local RSA encryption using the default MGF digest of SHA-1.
string message = "Hello";
@@ -5535,16 +5544,17 @@
* with incompatible MGF digest.
*/
TEST_P(EncryptionOperationsTest, RsaOaepWithMGFIncompatibleDigest) {
- auto mgf_digest = Digest::SHA_2_256;
+ auto mgf_digest = vector{Digest::SHA_2_256};
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_RSA_OAEP_MGF_DIGEST, mgf_digest)
+ .OaepMGFDigest(mgf_digest)
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)
.SetDefaultValidity()));
+
// Make sure explicitly specified mgf-digest exist in key characteristics.
- ASSERT_TRUE(is_mgf_digest_present(key_characteristics_, mgf_digest));
+ assert_mgf_digests_present_or_not_in_key_characteristics(mgf_digest, true);
string message = "Hello World!";
@@ -5562,16 +5572,17 @@
* with unsupported MGF digest.
*/
TEST_P(EncryptionOperationsTest, RsaOaepWithMGFUnsupportedDigest) {
- auto mgf_digest = Digest::SHA_2_256;
+ auto mgf_digest = vector{Digest::SHA_2_256};
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_RSA_OAEP_MGF_DIGEST, mgf_digest)
+ .OaepMGFDigest(mgf_digest)
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)
.SetDefaultValidity()));
+
// Make sure explicitly specified mgf-digest exist in key characteristics.
- ASSERT_TRUE(is_mgf_digest_present(key_characteristics_, mgf_digest));
+ assert_mgf_digests_present_or_not_in_key_characteristics(mgf_digest, true);
string message = "Hello World!";
diff --git a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
index 15b0442..61404d4 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
+++ b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
@@ -101,17 +101,19 @@
-4670545 : bstr, ; Code Hash
? -4670546 : bstr, ; Code Descriptor
-4670547 : bstr, ; Configuration Hash
- -4670548 : bstr .cbor { ; Configuration Descriptor
- ? -70002 : tstr, ; Component name
- ? -70003 : int / tstr, ; Component version
- ? -70004 : null, ; Resettable
- ? -70005 : uint, ; Security version
- },
+ -4670548 : bstr .cbor ConfigurationDescriptor,
-4670549 : bstr, ; Authority Hash
? -4670550 : bstr, ; Authority Descriptor
-4670551 : bstr, ; Mode
}
+ConfigurationDescriptor = { ; Configuration Descriptor
+ ? -70002 : tstr, ; Component name
+ ? -70003 : int / tstr, ; Component version
+ ? -70004 : null, ; Resettable
+ ? -70005 : uint, ; Security version
+}
+
; Each entry in the DICE chain is a DiceChainEntryPayload signed by the key from the previous
; entry in the DICE chain array.
DiceChainEntry = [ ; COSE_Sign1 (untagged), [RFC9052 s4.2]
diff --git a/thermal/2.0/default/Android.bp b/thermal/2.0/default/Android.bp
index f743ade..83afa97 100644
--- a/thermal/2.0/default/Android.bp
+++ b/thermal/2.0/default/Android.bp
@@ -22,23 +22,13 @@
default_applicable_licenses: ["hardware_interfaces_license"],
}
-filegroup {
- name: "android.hardware.thermal@2.0-service.xml",
- srcs: ["android.hardware.thermal@2.0-service.xml"],
-}
-
-filegroup {
- name: "android.hardware.thermal@2.0-service.rc",
- srcs: ["android.hardware.thermal@2.0-service.rc"],
-}
-
cc_binary {
name: "android.hardware.thermal@2.0-service.mock",
defaults: ["hidl_defaults"],
relative_install_path: "hw",
vendor: true,
- init_rc: [":android.hardware.thermal@2.0-service.rc"],
- vintf_fragments: [":android.hardware.thermal@2.0-service.xml"],
+ init_rc: ["android.hardware.thermal@2.0-service.rc"],
+ vintf_fragments: ["android.hardware.thermal@2.0-service.xml"],
srcs: [
"Thermal.cpp",
"service.cpp",
diff --git a/thermal/2.0/default/apex/Android.bp b/thermal/2.0/default/apex/Android.bp
deleted file mode 100644
index 914a3a8..0000000
--- a/thermal/2.0/default/apex/Android.bp
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright (C) 2022 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-apex_key {
- name: "com.android.hardware.thermal.key",
- public_key: "com.android.hardware.thermal.avbpubkey",
- private_key: "com.android.hardware.thermal.pem",
-}
-
-android_app_certificate {
- name: "com.android.hardware.thermal.certificate",
- certificate: "com.android.hardware.thermal",
-}
-
-genrule {
- name: "com.android.hardware.thermal.rc-gen",
- srcs: [":android.hardware.thermal@2.0-service.rc"],
- out: ["com.android.hardware.thermal.rc"],
- cmd: "sed -E 's/\\/vendor/\\/apex\\/com.android.hardware.thermal.mock/' $(in) > $(out)",
-}
-
-prebuilt_etc {
- name: "com.android.hardware.thermal.rc",
- src: ":com.android.hardware.thermal.rc-gen",
- installable: false,
-}
-
-apex {
- name: "com.android.hardware.thermal.mock",
- manifest: "manifest.json",
- file_contexts: "file_contexts",
- key: "com.android.hardware.thermal.key",
- certificate: ":com.android.hardware.thermal.certificate",
- use_vndk_as_stable: true,
- updatable: false,
- soc_specific: true,
- binaries: ["android.hardware.thermal@2.0-service.mock"],
- prebuilts: ["com.android.hardware.thermal.rc"],
- vintf_fragments: [":android.hardware.thermal@2.0-service.xml"],
-}
diff --git a/thermal/2.0/default/apex/com.android.hardware.thermal.avbpubkey b/thermal/2.0/default/apex/com.android.hardware.thermal.avbpubkey
deleted file mode 100644
index 8f7cf72..0000000
--- a/thermal/2.0/default/apex/com.android.hardware.thermal.avbpubkey
+++ /dev/null
Binary files differ
diff --git a/thermal/2.0/default/apex/com.android.hardware.thermal.pem b/thermal/2.0/default/apex/com.android.hardware.thermal.pem
deleted file mode 100644
index 4ea6e85..0000000
--- a/thermal/2.0/default/apex/com.android.hardware.thermal.pem
+++ /dev/null
@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEApXL2prEKqnU/xHlYeZB55x5EOrVAsfBuyHN5xOgUY877UuDC
-xoX+DOYAkCDSwMPmBj/Q9E70lId1PXMeI3y0obgYpdFubqRsoGNcEq2zG811tr6J
-BAE/7mAI0a4VVFWtauBNTiP5G31hsRpZNTE/dyZxs20GEVQqdvtBlEAuebCt7VIb
-fCwXnPCXSiYQ9WyjU0dwHoZPuy02qBuq3v9NYt5J6lYiPDqTWmpYBFm+SIZvth/j
-HUcaU3p+BlUad0qLhA8HYTPPBwJq2uHbTXeFrWXngt+UPCdzYubyUjG4WmgHIfee
-zSvoTjud2Gaofnd4/PcE5jFTMYUJuz0D4E+8StZArw+xegfxGcvqFZ4gfKAO1Vha
-eQBhw94P2eieUfh9metQEyKZ+A24sxG0awtAUOgcwr/WNv2TgJoN8+56DhuPXOuO
-U2qeIZuIrmE5xmyzrzJsCx+5vRQA7A3kpxRo1ZCgbJlzMgdAQaRTe2rqxyyoeFQR
-HbxUdsM7ZwDLE62UlaTTZFoJ1wzvZmsIJdkdRg97zcc3R3kYnVehCxAZ1KdAKzq6
-bhrw/kNAVA0zUHhlhHWGDnJQ/rkGfjQ9GGhS51IJYgKEoQc5M9hSgZD3idic8hso
-63r/P2Wn4S78gwLigfpzsGD7RrusTbMIRkebwpHwAYpB8qIykrtUKfunLtMCAwEA
-AQKCAgEAjiKbv0ytaw9bfwD4f0cdUu5vkzgPok55/f8mh4ERs0UoKGUrL74BKTeX
-GDr6k9w4CvpcGuaRu+A7WlVBeR8zVxN/KUUo6CidoZR6jxlmm+YA0MQTlbs1Hyal
-rO0vKcqJNx4Hi6/f3Dv0519JcCck7Mm8OHbbFZwG9zyXdDNHOggNA6rcLer7Rjpy
-3qKhQxbXoT3oFnEwog8Pu5A5VWZjJyLswULKGo//81cU0nf+vvOvmPj/9jEVbs32
-4p3OJNmHziXTIzCNFOqAvhX2fzDFSNgY8hf9k0gZGshpOS+5vwFLz2SZqo2j/0G8
-MyLOcgdVi4zzSobpf8tZNuAOKnCVwxteV3Ddl0o+qAf4cQCAXtuEkJvFWpAxrX4m
-J7nDDuvcTjKMlnchlm6XxmP27YNTKA2w5uNfrJQV5LR3IDs77PFpNiKOwERka6MU
-WE1LnjAFTCDxujT29NfIjC9z0iOY45TYut4okesaK7woe6pfK2H0ouvE6mZ+Lb7Y
-qZphPb4e4DZZZAVoELVvWflm/VC/xmBMA9vtzpjuvRXD+iYjgxbHaiG2UANLWmTd
-vADLqBadlbp10AvyrjKxHUhAiZnJgaVKRXtw5qk8YrwZOwypEHCQjY41fJuRScWF
-pD58/PYOLtSdwewzTijXSVwwPeqL1JMdJ+KWFk5zI410DtmHwoECggEBANM5dHEj
-L4ZOCcgHVG7aCLah7f/0Za7BBiPsZFD0uRIzWFTd77st3v8ulMw1JQiO3+xmpL7e
-iOP+onuSEMKgNQqeX9WCnv6pL+mjg0of2IEcGnvCpmfUZRA2x/MlyJRrQ1vHGqkV
-oBIIWgCGmIAWuFbHPmkNYx7mAJymAfzShkVtMw29oiGYyubqx9cTjD0odeyScbhZ
-LuMt72O5QeNsPREX4SsSRAL+vZbz1+8iRI8Fon89csZym3hos3DA4QSml+FNHnLe
-YFD6AfU7pdn79YhhNkn4jE0BxLaEkXhMs8RRTU2Q3o990ZxrAZGQz4zqOm5sOIQT
-JaXFXxGvOwEysrMCggEBAMiFaTzkhJSLEmLEu0T3gNEC2d3jE9kt4Olv4mQmzD00
-AzDtkrkArLQCeG3CMn55oFcJRwr8gAEk7/f2mvJSoZQnw0J0tRI+QiHJG4zwdsQC
-UszqN89X8ef0yoobwVa31ZoWxK4/NvLO4GZQ6UUd9uni10jfYVWmwEwKBU61ihvT
-ntcZIXvROR6khxzLeXtglnsznnYcdYMPJUeN+cfK9/rL3V3jk1jes8y8XwYfxkUa
-99nEe1NkRCUznzKxvkRwnKunlMCEkZ5z4nNMlqEqiOlVEYgwKwNCP+qM7ZKUJg7t
-uOL91bqWFPj2qdzyUh0uP5V/dg2odnu0xSblKWhxI2ECggEBAKbZttJ8Idlsoath
-pt+d2c4yoadTLlNZ5HjSDfgpKFxpNLhtTCbGuGVJLX8V5/gXrGi4OCER9n5rMXx9
-SEIFfYCy1C77bI7rpI5hfJ88ArESOxVSEFLqYx7otw+p5AThqibAY533GCfGcxoB
-OEvOJrVd1D31tju9IfSb6ewFfM0w0mhjSMRTRswb39pUda4F3QkQMUaXJEOOkJBs
-0dBNOvvaqiJ03kajZa3tVsBuiEuV/uOV7ak29Pqrcjt6EQW0dzsgyRGh+eFda9iE
-0qEbt7uQVusdq+5UnEg09hhaNpK4SmEgM76Te9WcbXPIOTst9xQs5oPmABIvk8aL
-bgenPaMCggEAX9EAHIzFnYVm37NKGQZ7k2RdXt2nGlwF4QYJk/nGFmjILZUYSza7
-T7jueuQU5MKRj4VrYSCOuf1AfahlGe3KL9VgRF0oOPNu/l3uwEYXOkox7qDs0jMf
-8MrUDXJ9zEZD10GR8gFa7GNWbw2yqchLuC8g2D2FcTwhHzSanKW6vNk+SWJE0bmE
-JdRQi73e6smYnn5n9eBbdqjCE5MQDBw8qqbHvJmGSyz/lZFdhrugLl1YmcJ9e7ep
-qG0mYT71wBZfhtapCeVO//w39Qhf4dtFWNnBauY5Z3E8wYNd8nDATtnhQvYwLtyQ
-YPbc7CsOecsjrvgdHSGmnC4hFxjh1HpbgQKCAQBzEr35CFQpUfGsu06SqRrxp7mb
-BfQzLmqnt+ZLu21H/YjVbamMXNjbJFSdtFLxAK/s9vFGQzEWWEYia2pRZejlCXhQ
-RO+TREJ4rm4Erfdh+zS9z8MZlxe2ybIMs260XxjZ0gEltRtJ6P14zLBlChi/rQEY
-tGrOpfjvLc1Lryaucwj7snDLtMfyqvemAUmuJNn/6IEMuG4DcdtJ3Whh7t3xKfO0
-Hc71Oh7F30okQQ6Ctiwp1T77Y1EXlRJrUtpf1sLxeItP6/r3WXLNaiFdKqGJxiCM
-Gw11oUcBA9bvfAzeJIpVVbLtGPNOp4J1XpkgFcWzsTM+ZpxWwbj4yJL6rSN2
------END RSA PRIVATE KEY-----
diff --git a/thermal/2.0/default/apex/com.android.hardware.thermal.pk8 b/thermal/2.0/default/apex/com.android.hardware.thermal.pk8
deleted file mode 100644
index 3e5bf69..0000000
--- a/thermal/2.0/default/apex/com.android.hardware.thermal.pk8
+++ /dev/null
Binary files differ
diff --git a/thermal/2.0/default/apex/com.android.hardware.thermal.x509.pem b/thermal/2.0/default/apex/com.android.hardware.thermal.x509.pem
deleted file mode 100644
index 048e69a..0000000
--- a/thermal/2.0/default/apex/com.android.hardware.thermal.x509.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF3TCCA8UCFFWeg2KJX/fyAqZPcKaFS61/a3GiMA0GCSqGSIb3DQEBCwUAMIGp
-MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91
-bnRhaW4gVmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEi
-MCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTElMCMGA1UEAwwcY29t
-LmFuZHJvaWQuaGFyZHdhcmUudGhlcm1hbDAgFw0yMTExMTcxODE3MjRaGA80NzU5
-MTAxNDE4MTcyNFowgakxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
-MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYD
-VQQLDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29t
-MSUwIwYDVQQDDBxjb20uYW5kcm9pZC5oYXJkd2FyZS50aGVybWFsMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2W8QhCKX0WoS5jhIWbWBoKulD6XhKASA
-CL0oU6Uci0U6id2m++ou/T0aHSlliS9kT1NEABNwbLeTDa9h1qg1lbajRzXbvzEz
-EvZYT+dlgYFNZ9zaVCIlMapoiN+nrM/Rs24UBjJrZu1B39+IcE5ciQz69PgrLKWF
-vFEdYzxWI246azOVr3fvdelQg+CyPgiGObVAGOHhAidvsjg4FssKnADzn+JNlTt6
-b9P65xUQErut8hz9YdLtfZ096iwe8eEpsMOQwCNdKNXVCcNjQWkOwRaU+0awHoH1
-4mArvF7yyvJxqzkNaR03BPqXAHPIAPu6xdfA19+HVIiz6bLEZ1mfCM6edXByCWZu
-K8o54OZph71r15ncv4DVd+cnBjNvBvfdlJSeGjSreFkUo5NkfAwqdmLfZx6CedHI
-sLx7X8vPYolQnR4UEvaX6yeNN0gs8Dd6ePMqOEiwWFVASD+cbpcUrp09uzlDStGV
-1DPx/9J2kw8eXPMqOSGThkLWuUMUFojyh7bNlL16oYmEeZW6/OOXCOXzAQgJ7NIs
-DA1/H2w1HMHWgSfF4y+Es2CiqcgVFOIU/07b31Edw4v56pjx1CUpRpJZjDA1JJNo
-A4YCnpA6JWTxzUTmv21fEYyY+poA3CuzvCfZ80z9h/UFW98oM9GawGvK0i2pLudS
-RaZXWeil08cCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAj2gpn/IpAHQLDlI52WwL
-IDc5uzlf1BGseLZ8M8uuMiwvN00nOjunQQZEIbhH7+03GYyMzRhTTI3nWwmX4Fnq
-vC5sR68yNlu9gOAMXaAHo/Rw73ak7sv8xGbb2FeQsHaMKDQ2nqxP17SWdQ0xWa1u
-5qNurPOdAPOw77noZcT7yYX7lcrOKxPIekPJxyeOlp4bQSmabSRgYr70B7GybPlv
-K1gkgCBxl5RiVjVxLo+7ESHSAaGLy0S7F2v6PJ9oj15TovWQ0py2iBKZ6HReB7s/
-umnQqkwXDLudlNmoXIsgIYn8vKFTYpy1GSNJqhRSLfvLR6NtuU0iCTvg/X7oPmS1
-dWUdjVeO7ZVvIpO3gLLEe4maBEYF2sOlt3bRmzIHydORJtkfTt5tiZ4wR9RfJbkj
-iBiDbNiX010bZPTAXmgMbuJzQXZEXCBy0qKeS1cHwf9M8FDoiLajXepfZIp+6syt
-D4lZk4eAV141JL5PfABfdZWwT3cTgFIqCYpqrMQJIu+GHEjUwD2yNPi0I1/ydFCW
-CPDnzWjYCi6yVB8hss3ZFbvhfyJzdm3LivNVbLGK0+TG0EOAz6d2aQ0UjESgMD1A
-U8hLzQt7MiFSG0bt2cVx6SgCHeYUqMntbFELEAURWrhAfPLMJtAvFgKbEiZEAkkW
-pdDVh603aIp4LjVCfTYp/mQ=
------END CERTIFICATE-----
diff --git a/thermal/2.0/default/apex/file_contexts b/thermal/2.0/default/apex/file_contexts
deleted file mode 100644
index e0d87c7..0000000
--- a/thermal/2.0/default/apex/file_contexts
+++ /dev/null
@@ -1,5 +0,0 @@
-(/.*)? u:object_r:vendor_file:s0
-# Permission XMLs
-/etc/permissions(/.*)? u:object_r:vendor_configs_file:s0
-# binary
-/bin/hw/android\.hardware\.thermal@2\.0-service\.mock u:object_r:hal_thermal_default_exec:s0
diff --git a/thermal/2.0/default/apex/manifest.json b/thermal/2.0/default/apex/manifest.json
deleted file mode 100644
index ee44dc1..0000000
--- a/thermal/2.0/default/apex/manifest.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
- "name": "com.android.hardware.thermal.mock",
- "version": 1
-}
diff --git a/vibrator/OWNERS b/vibrator/OWNERS
index 62a567e..c4de58a 100644
--- a/vibrator/OWNERS
+++ b/vibrator/OWNERS
@@ -1,8 +1,2 @@
# Bug component: 345036
-
include platform/frameworks/base:/services/core/java/com/android/server/vibrator/OWNERS
-
-chrispaulo@google.com
-michaelwr@google.com
-nathankulczak@google.com
-taikuo@google.com