Merge "HIDL multithreaded: increase timeout duration" into main
diff --git a/audio/aidl/Android.bp b/audio/aidl/Android.bp
index 5a009fe..89d186c 100644
--- a/audio/aidl/Android.bp
+++ b/audio/aidl/Android.bp
@@ -34,6 +34,7 @@
name: "android.hardware.audio.common",
defaults: [
"android.hardware.audio_defaults",
+ "latest_android_media_audio_common_types_import_interface",
],
srcs: [
"android/hardware/audio/common/AudioOffloadMetadata.aidl",
@@ -42,10 +43,7 @@
"android/hardware/audio/common/SinkMetadata.aidl",
"android/hardware/audio/common/SourceMetadata.aidl",
],
- frozen: true,
- imports: [
- "android.media.audio.common.types-V2",
- ],
+ frozen: false,
backend: {
cpp: {
enabled: true,
@@ -83,7 +81,7 @@
}
// Note: This should always be one version ahead of the last frozen version
-latest_android_hardware_audio_common = "android.hardware.audio.common-V2"
+latest_android_hardware_audio_common = "android.hardware.audio.common-V3"
// Modules that depend on android.hardware.audio.common directly can include
// the following cc_defaults to avoid explicitly managing dependency versions
@@ -109,10 +107,21 @@
],
}
+aidl_interface_defaults {
+ name: "latest_android_hardware_audio_common_import_interface",
+ imports: [
+ latest_android_hardware_audio_common,
+ ],
+}
+
aidl_interface {
name: "android.hardware.audio.core",
defaults: [
"android.hardware.audio_defaults",
+ "latest_android_hardware_audio_common_import_interface",
+ "latest_android_hardware_audio_core_sounddose_import_interface",
+ "latest_android_hardware_audio_effect_import_interface",
+ "latest_android_media_audio_common_types_import_interface",
],
srcs: [
"android/hardware/audio/core/AudioPatch.aidl",
@@ -137,10 +146,6 @@
imports: [
"android.hardware.common-V2",
"android.hardware.common.fmq-V1",
- "android.hardware.audio.common-V2",
- "android.hardware.audio.core.sounddose-V1",
- "android.hardware.audio.effect-V1",
- "android.media.audio.common.types-V2",
],
backend: {
// The C++ backend is disabled transitively due to use of FMQ.
@@ -167,11 +172,11 @@
// IMPORTANT: Update latest_android_hardware_audio_core every time you
// add the latest frozen version to versions_with_info
],
- frozen: true,
+ frozen: false,
}
// Note: This should always be one version ahead of the last frozen version
-latest_android_hardware_audio_core = "android.hardware.audio.core-V1"
+latest_android_hardware_audio_core = "android.hardware.audio.core-V2"
// Modules that depend on android.hardware.audio.core directly can include
// the following cc_defaults to avoid explicitly managing dependency versions
@@ -190,18 +195,23 @@
],
}
+aidl_interface_defaults {
+ name: "latest_android_hardware_audio_core_import_interface",
+ imports: [
+ latest_android_hardware_audio_core,
+ ],
+}
+
// Used for the standalone sounddose HAL
aidl_interface {
name: "android.hardware.audio.core.sounddose",
defaults: [
"android.hardware.audio_defaults",
+ "latest_android_media_audio_common_types_import_interface",
],
srcs: [
"android/hardware/audio/core/sounddose/ISoundDose.aidl",
],
- imports: [
- "android.media.audio.common.types-V2",
- ],
backend: {
// The C++ backend is disabled transitively due to use of FMQ by the core HAL.
cpp: {
@@ -220,11 +230,11 @@
// IMPORTANT: Update latest_android_hardware_audio_core_sounddose every time you
// add the latest frozen version to versions_with_info
],
- frozen: true,
+ frozen: false,
}
// Note: This should always be one version ahead of the last frozen version
-latest_android_hardware_audio_core_sounddose = "android.hardware.audio.core.sounddose-V1"
+latest_android_hardware_audio_core_sounddose = "android.hardware.audio.core.sounddose-V2"
// Modules that depend on android.hardware.audio.core.sounddose directly can include
// the following cc_defaults to avoid explicitly managing dependency versions
@@ -237,16 +247,32 @@
}
cc_defaults {
+ name: "latest_android_hardware_audio_core_sounddose_ndk_export_shared_lib_header",
+ export_shared_lib_headers: [
+ latest_android_hardware_audio_core_sounddose + "-ndk",
+ ],
+}
+
+cc_defaults {
name: "latest_android_hardware_audio_core_sounddose_ndk_static",
static_libs: [
latest_android_hardware_audio_core_sounddose + "-ndk",
],
}
+aidl_interface_defaults {
+ name: "latest_android_hardware_audio_core_sounddose_import_interface",
+ imports: [
+ latest_android_hardware_audio_core_sounddose,
+ ],
+}
+
aidl_interface {
name: "android.hardware.audio.effect",
defaults: [
"android.hardware.audio_defaults",
+ "latest_android_hardware_audio_common_import_interface",
+ "latest_android_media_audio_common_types_import_interface",
],
srcs: [
"android/hardware/audio/effect/AcousticEchoCanceler.aidl",
@@ -271,6 +297,7 @@
"android/hardware/audio/effect/PresetReverb.aidl",
"android/hardware/audio/effect/Processing.aidl",
"android/hardware/audio/effect/Range.aidl",
+ "android/hardware/audio/effect/Spatializer.aidl",
"android/hardware/audio/effect/State.aidl",
"android/hardware/audio/effect/VendorExtension.aidl",
"android/hardware/audio/effect/Virtualizer.aidl",
@@ -280,8 +307,6 @@
imports: [
"android.hardware.common-V2",
"android.hardware.common.fmq-V1",
- "android.hardware.audio.common-V2",
- "android.media.audio.common.types-V2",
],
backend: {
// The C++ backend is disabled transitively due to use of FMQ.
@@ -303,11 +328,11 @@
],
},
],
- frozen: true,
+ frozen: false,
}
-latest_android_hardware_audio_effect = "android.hardware.audio.effect-V1"
+latest_android_hardware_audio_effect = "android.hardware.audio.effect-V2"
cc_defaults {
name: "latest_android_hardware_audio_effect_ndk_shared",
@@ -322,3 +347,10 @@
latest_android_hardware_audio_effect + "-ndk",
],
}
+
+aidl_interface_defaults {
+ name: "latest_android_hardware_audio_effect_import_interface",
+ imports: [
+ latest_android_hardware_audio_effect,
+ ],
+}
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl
index 0422bd9..7313b57 100644
--- a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Parameter.aidl
@@ -60,6 +60,7 @@
android.hardware.audio.effect.Visualizer.Id visualizerTag;
android.hardware.audio.effect.Volume.Id volumeTag;
android.hardware.audio.effect.Parameter.Tag commonTag;
+ android.hardware.audio.effect.Spatializer.Id spatializerTag;
}
@VintfStability
parcelable Common {
@@ -91,5 +92,6 @@
android.hardware.audio.effect.Virtualizer virtualizer;
android.hardware.audio.effect.Visualizer visualizer;
android.hardware.audio.effect.Volume volume;
+ android.hardware.audio.effect.Spatializer spatializer;
}
}
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Range.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Range.aidl
index 93edc5e..40ee6b5 100644
--- a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Range.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Range.aidl
@@ -50,6 +50,7 @@
android.hardware.audio.effect.Range.VirtualizerRange[] virtualizer;
android.hardware.audio.effect.Range.VisualizerRange[] visualizer;
android.hardware.audio.effect.Range.VolumeRange[] volume;
+ android.hardware.audio.effect.Range.SpatializerRange[] spatializer;
@VintfStability
parcelable AcousticEchoCancelerRange {
android.hardware.audio.effect.AcousticEchoCanceler min;
@@ -111,6 +112,11 @@
android.hardware.audio.effect.PresetReverb max;
}
@VintfStability
+ parcelable SpatializerRange {
+ android.hardware.audio.effect.Spatializer min;
+ android.hardware.audio.effect.Spatializer max;
+ }
+ @VintfStability
parcelable VendorExtensionRange {
android.hardware.audio.effect.VendorExtension min;
android.hardware.audio.effect.VendorExtension max;
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl
new file mode 100644
index 0000000..9f97de0
--- /dev/null
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.audio.effect;
+@VintfStability
+union Spatializer {
+ android.hardware.audio.effect.VendorExtension vendor;
+ android.media.audio.common.Spatialization.Level spatializationLevel;
+ android.media.audio.common.HeadTracking.Mode headTrackingMode;
+ android.media.audio.common.AudioChannelLayout[] supportedChannelLayout;
+ android.media.audio.common.Spatialization.Mode spatializationMode;
+ float[6] headToStage;
+ const int HEAD_TO_STAGE_VEC_SIZE = 6;
+ @VintfStability
+ union Id {
+ android.hardware.audio.effect.VendorExtension vendorExtensionTag;
+ android.hardware.audio.effect.Spatializer.Tag commonTag;
+ }
+}
diff --git a/audio/aidl/android/hardware/audio/effect/Parameter.aidl b/audio/aidl/android/hardware/audio/effect/Parameter.aidl
index 0954055..6ec7226 100644
--- a/audio/aidl/android/hardware/audio/effect/Parameter.aidl
+++ b/audio/aidl/android/hardware/audio/effect/Parameter.aidl
@@ -28,6 +28,7 @@
import android.hardware.audio.effect.LoudnessEnhancer;
import android.hardware.audio.effect.NoiseSuppression;
import android.hardware.audio.effect.PresetReverb;
+import android.hardware.audio.effect.Spatializer;
import android.hardware.audio.effect.VendorExtension;
import android.hardware.audio.effect.Virtualizer;
import android.hardware.audio.effect.Visualizer;
@@ -103,6 +104,11 @@
* directly.
*/
Parameter.Tag commonTag;
+
+ /**
+ * Parameter tag defined for Spatializer parameters.
+ */
+ Spatializer.Id spatializerTag;
}
/**
@@ -189,6 +195,7 @@
Virtualizer virtualizer;
Visualizer visualizer;
Volume volume;
+ Spatializer spatializer;
}
Specific specific;
}
diff --git a/audio/aidl/android/hardware/audio/effect/Range.aidl b/audio/aidl/android/hardware/audio/effect/Range.aidl
index 567320a..e5acb68 100644
--- a/audio/aidl/android/hardware/audio/effect/Range.aidl
+++ b/audio/aidl/android/hardware/audio/effect/Range.aidl
@@ -28,6 +28,7 @@
import android.hardware.audio.effect.LoudnessEnhancer;
import android.hardware.audio.effect.NoiseSuppression;
import android.hardware.audio.effect.PresetReverb;
+import android.hardware.audio.effect.Spatializer;
import android.hardware.audio.effect.VendorExtension;
import android.hardware.audio.effect.Virtualizer;
import android.hardware.audio.effect.Visualizer;
@@ -169,6 +170,12 @@
}
@VintfStability
+ parcelable SpatializerRange {
+ Spatializer min;
+ Spatializer max;
+ }
+
+ @VintfStability
parcelable VendorExtensionRange {
VendorExtension min;
VendorExtension max;
@@ -217,4 +224,5 @@
VirtualizerRange[] virtualizer;
VisualizerRange[] visualizer;
VolumeRange[] volume;
+ SpatializerRange[] spatializer;
}
diff --git a/audio/aidl/android/hardware/audio/effect/Spatializer.aidl b/audio/aidl/android/hardware/audio/effect/Spatializer.aidl
new file mode 100644
index 0000000..4edb2e8
--- /dev/null
+++ b/audio/aidl/android/hardware/audio/effect/Spatializer.aidl
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.audio.effect;
+
+import android.hardware.audio.effect.VendorExtension;
+import android.media.audio.common.AudioChannelLayout;
+import android.media.audio.common.HeadTracking;
+import android.media.audio.common.Spatialization;
+
+/**
+ * Union representing parameters for audio spatialization effects.
+ *
+ * Sound spatialization simulates sounds around the listener as if they were emanating from virtual
+ * positions based on the original recording.
+ * For more details, refer to the documentation:
+ * https://developer.android.com/reference/android/media/Spatializer.
+ *
+ * android.hardware.audio.effect.Spatializer specifies parameters for the implementation of audio
+ * spatialization effects.
+ *
+ * A Spatializer implementation must report its supported parameter ranges using Capability.Range.
+ * spatializer.
+ */
+@VintfStability
+union Spatializer {
+ /**
+ * Parameter tag to identify the parameters for getParameter().
+ */
+ @VintfStability
+ union Id {
+ VendorExtension vendorExtensionTag;
+ Spatializer.Tag commonTag;
+ }
+
+ /**
+ * Vendor extension implementation for additional parameters.
+ */
+ VendorExtension vendor;
+
+ /**
+ * Level of spatialization.
+ */
+ Spatialization.Level spatializationLevel;
+
+ /**
+ * Head tracking mode for spatialization.
+ */
+ HeadTracking.Mode headTrackingMode;
+
+ /**
+ * List of supported input channel layouts.
+ */
+ AudioChannelLayout[] supportedChannelLayout;
+
+ /**
+ * Spatialization mode, Binaural or Transaural for example.
+ */
+ Spatialization.Mode spatializationMode;
+
+ /**
+ * Vector representing of the head-to-stage pose with six floats: first three are a translation
+ * vector, and the last three are a rotation vector.
+ */
+ const int HEAD_TO_STAGE_VEC_SIZE = 6;
+ float[HEAD_TO_STAGE_VEC_SIZE] headToStage;
+}
diff --git a/audio/aidl/common/Android.bp b/audio/aidl/common/Android.bp
index 4c6a74e..85ece3b 100644
--- a/audio/aidl/common/Android.bp
+++ b/audio/aidl/common/Android.bp
@@ -45,8 +45,8 @@
name: "libaudioaidlranges",
host_supported: true,
vendor_available: true,
- static_libs: [
- "android.hardware.audio.effect-V1-ndk",
+ defaults: [
+ "latest_android_hardware_audio_effect_ndk_shared",
],
export_include_dirs: ["include"],
header_libs: ["libaudioaidl_headers"],
@@ -59,8 +59,10 @@
name: "libaudioaidlcommon_test",
host_supported: true,
vendor_available: true,
+ defaults: [
+ "latest_android_media_audio_common_types_ndk_static",
+ ],
static_libs: [
- "android.media.audio.common.types-V1-ndk",
"libaudioaidlcommon",
],
shared_libs: [
diff --git a/audio/aidl/common/include/Utils.h b/audio/aidl/common/include/Utils.h
index 59ca92a..ef312d5 100644
--- a/audio/aidl/common/include/Utils.h
+++ b/audio/aidl/common/include/Utils.h
@@ -175,7 +175,7 @@
}
constexpr int32_t frameCountFromDurationUs(long durationUs, int32_t sampleRateHz) {
- return (durationUs * sampleRateHz) / 1000000LL;
+ return (static_cast<long long>(durationUs) * sampleRateHz) / 1000000LL;
}
constexpr int32_t frameCountFromDurationMs(int32_t durationMs, int32_t sampleRateHz) {
diff --git a/audio/aidl/default/Android.bp b/audio/aidl/default/Android.bp
index 3a8a781..7b96293 100644
--- a/audio/aidl/default/Android.bp
+++ b/audio/aidl/default/Android.bp
@@ -46,6 +46,7 @@
"latest_android_media_audio_common_types_ndk_shared",
"latest_android_hardware_audio_core_ndk_shared",
"latest_android_hardware_audio_core_sounddose_ndk_shared",
+ "latest_android_hardware_bluetooth_audio_ndk_shared",
],
export_include_dirs: ["include"],
srcs: [
@@ -93,7 +94,6 @@
"audio_policy_engine_configuration_aidl_default",
],
shared_libs: [
- "android.hardware.bluetooth.audio-V3-ndk",
"libaudio_aidl_conversion_common_ndk",
"libbluetooth_audio_session_aidl",
"libmedia_helper",
@@ -118,15 +118,15 @@
vintf_fragments: ["android.hardware.audio.service-aidl.xml"],
defaults: [
"aidlaudioservice_defaults",
- "latest_android_media_audio_common_types_ndk_shared",
"latest_android_hardware_audio_core_sounddose_ndk_shared",
"latest_android_hardware_audio_core_ndk_shared",
+ "latest_android_hardware_bluetooth_audio_ndk_shared",
+ "latest_android_media_audio_common_types_ndk_shared",
],
static_libs: [
"libaudioserviceexampleimpl",
],
shared_libs: [
- "android.hardware.bluetooth.audio-V3-ndk",
"libaudio_aidl_conversion_common_ndk",
"libbluetooth_audio_session_aidl",
"libmedia_helper",
diff --git a/audio/aidl/default/android.hardware.audio.effect.service-aidl.xml b/audio/aidl/default/android.hardware.audio.effect.service-aidl.xml
index fdc53a3..05a825d 100644
--- a/audio/aidl/default/android.hardware.audio.effect.service-aidl.xml
+++ b/audio/aidl/default/android.hardware.audio.effect.service-aidl.xml
@@ -1,7 +1,7 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.audio.effect</name>
- <version>1</version>
+ <version>2</version>
<fqname>IFactory/default</fqname>
</hal>
</manifest>
diff --git a/audio/aidl/default/android.hardware.audio.service-aidl.xml b/audio/aidl/default/android.hardware.audio.service-aidl.xml
index 57f61c9..2a51876 100644
--- a/audio/aidl/default/android.hardware.audio.service-aidl.xml
+++ b/audio/aidl/default/android.hardware.audio.service-aidl.xml
@@ -1,22 +1,22 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.audio.core</name>
- <version>1</version>
+ <version>2</version>
<fqname>IModule/default</fqname>
</hal>
<hal format="aidl">
<name>android.hardware.audio.core</name>
- <version>1</version>
+ <version>2</version>
<fqname>IModule/r_submix</fqname>
</hal>
<hal format="aidl">
<name>android.hardware.audio.core</name>
- <version>1</version>
+ <version>2</version>
<fqname>IModule/bluetooth</fqname>
</hal>
<hal format="aidl">
<name>android.hardware.audio.core</name>
- <version>1</version>
+ <version>2</version>
<fqname>IConfig/default</fqname>
</hal>
<!-- Uncomment when these modules present in the configuration
diff --git a/audio/aidl/sounddose/Android.bp b/audio/aidl/sounddose/Android.bp
index 6f2f790..c65e4ff 100644
--- a/audio/aidl/sounddose/Android.bp
+++ b/audio/aidl/sounddose/Android.bp
@@ -52,11 +52,11 @@
// IMPORTANT: Update latest_android_hardware_audio_sounddose every time you
// add the latest frozen version to versions_with_info
],
- frozen: true,
+ frozen: false,
}
// Note: This should always be one version ahead of the last frozen version
-latest_android_hardware_audio_sounddose = "android.hardware.audio.sounddose-V1"
+latest_android_hardware_audio_sounddose = "android.hardware.audio.sounddose-V2"
// Modules that depend on android.hardware.audio.sounddose directly can include
// the following cc_defaults to avoid explicitly managing dependency versions
diff --git a/audio/aidl/vts/Android.bp b/audio/aidl/vts/Android.bp
index 0de8574..ad816c7 100644
--- a/audio/aidl/vts/Android.bp
+++ b/audio/aidl/vts/Android.bp
@@ -11,6 +11,7 @@
name: "VtsHalAudioTargetTestDefaults",
defaults: [
"latest_android_hardware_audio_common_ndk_static",
+ "latest_android_hardware_audio_effect_ndk_static",
"latest_android_media_audio_common_types_ndk_static",
"use_libaidlvintf_gtest_helper_static",
"VtsHalTargetTestDefaults",
@@ -20,7 +21,6 @@
"libfmq",
],
static_libs: [
- "android.hardware.audio.effect-V1-ndk",
"android.hardware.common-V2-ndk",
"android.hardware.common.fmq-V1-ndk",
"libaudioaidlcommon",
diff --git a/audio/aidl/vts/AudioHalBinderServiceUtil.h b/audio/aidl/vts/AudioHalBinderServiceUtil.h
index b4b4632..4ebc1b1 100644
--- a/audio/aidl/vts/AudioHalBinderServiceUtil.h
+++ b/audio/aidl/vts/AudioHalBinderServiceUtil.h
@@ -42,20 +42,9 @@
ndk::SpAIBinder restartService(
std::chrono::milliseconds timeoutMs = std::chrono::milliseconds(3000)) {
- mDeathHandler.reset(new AidlDeathRecipient(mBinder));
- if (STATUS_OK != mDeathHandler->linkToDeath()) {
- LOG(ERROR) << "linkToDeath failed";
- return nullptr;
+ if (!stopService(timeoutMs)) {
+ return {};
}
- if (!android::base::SetProperty("sys.audio.restart.hal", "1")) {
- LOG(ERROR) << "SetProperty failed";
- return nullptr;
- }
- if (!mDeathHandler->waitForFired(timeoutMs)) {
- LOG(ERROR) << "Timeout wait for death";
- return nullptr;
- }
- mDeathHandler.reset();
return connectToService(mServiceName);
}
@@ -71,8 +60,7 @@
bool waitForFired(std::chrono::milliseconds timeoutMs) {
std::unique_lock<std::mutex> lock(mutex);
- condition.wait_for(lock, timeoutMs, [this]() { return fired; });
- return fired;
+ return condition.wait_for(lock, timeoutMs, [this]() { return fired; });
}
private:
@@ -94,7 +82,23 @@
}
};
+ bool stopService(std::chrono::milliseconds timeoutMs) {
+ AidlDeathRecipient deathHandler(mBinder);
+ if (STATUS_OK != deathHandler.linkToDeath()) {
+ LOG(ERROR) << "linkToDeath failed";
+ return false;
+ }
+ if (!android::base::SetProperty("sys.audio.restart.hal", "1")) {
+ LOG(ERROR) << "SetProperty failed";
+ return false;
+ }
+ if (!deathHandler.waitForFired(timeoutMs)) {
+ LOG(ERROR) << "Timeout wait for death of " << mServiceName;
+ return false;
+ }
+ return true;
+ }
+
std::string mServiceName;
ndk::SpAIBinder mBinder;
- std::unique_ptr<AidlDeathRecipient> mDeathHandler;
};
diff --git a/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp b/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
index 536bc26..697aae9 100644
--- a/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
@@ -446,6 +446,7 @@
void TearDownImpl() {
debug.reset();
+ ASSERT_NE(module, nullptr);
std::vector<AudioPort> finalPorts;
ASSERT_IS_OK(module->getAudioPorts(&finalPorts));
EXPECT_NO_FATAL_FAILURE(VerifyVectorsAreEqual<AudioPort>(initialPorts, finalPorts))
diff --git a/automotive/audiocontrol/aidl/Android.bp b/automotive/audiocontrol/aidl/Android.bp
index 9ae77cd..86b63a6 100644
--- a/automotive/audiocontrol/aidl/Android.bp
+++ b/automotive/audiocontrol/aidl/Android.bp
@@ -13,9 +13,9 @@
name: "android.hardware.automotive.audiocontrol",
vendor_available: true,
srcs: ["android/hardware/automotive/audiocontrol/*.aidl"],
- imports: [
- "android.hardware.audio.common-V1",
- "android.media.audio.common.types-V2",
+ defaults: [
+ "latest_android_hardware_audio_common_import_interface",
+ "latest_android_media_audio_common_types_import_interface",
],
stability: "vintf",
backend: {
@@ -52,6 +52,37 @@
},
],
- frozen: true,
+ frozen: false,
}
+
+// Note: This should always be one version ahead of the last frozen version
+latest_android_hardware_automotive_audiocontrol = "android.hardware.automotive.audiocontrol-V4"
+
+cc_defaults {
+ name: "latest_android_hardware_automotive_audiocontrol_cpp_static",
+ static_libs: [
+ latest_android_hardware_automotive_audiocontrol + "-cpp",
+ ],
+}
+
+cc_defaults {
+ name: "latest_android_hardware_automotive_audiocontrol_cpp_shared",
+ shared_libs: [
+ latest_android_hardware_automotive_audiocontrol + "-cpp",
+ ],
+}
+
+cc_defaults {
+ name: "latest_android_hardware_automotive_audiocontrol_ndk_static",
+ static_libs: [
+ latest_android_hardware_automotive_audiocontrol + "-ndk",
+ ],
+}
+
+cc_defaults {
+ name: "latest_android_hardware_automotive_audiocontrol_ndk_shared",
+ shared_libs: [
+ latest_android_hardware_automotive_audiocontrol + "-ndk",
+ ],
+}
diff --git a/automotive/audiocontrol/aidl/default/audiocontrol-default.xml b/automotive/audiocontrol/aidl/default/audiocontrol-default.xml
index 95cd7f0..bcb5669 100644
--- a/automotive/audiocontrol/aidl/default/audiocontrol-default.xml
+++ b/automotive/audiocontrol/aidl/default/audiocontrol-default.xml
@@ -1,7 +1,7 @@
<manifest version="2.0" type="device">
<hal format="aidl">
<name>android.hardware.automotive.audiocontrol</name>
- <version>3</version>
+ <version>4</version>
<fqname>IAudioControl/default</fqname>
</hal>
</manifest>
diff --git a/automotive/audiocontrol/aidl/vts/Android.bp b/automotive/audiocontrol/aidl/vts/Android.bp
index cfc2a3e..c73ad79 100644
--- a/automotive/audiocontrol/aidl/vts/Android.bp
+++ b/automotive/audiocontrol/aidl/vts/Android.bp
@@ -24,6 +24,8 @@
cc_test {
name: "VtsAidlHalAudioControlTest",
defaults: [
+ "latest_android_hardware_audio_common_cpp_static",
+ "latest_android_hardware_automotive_audiocontrol_cpp_static",
"latest_android_media_audio_common_types_cpp_static",
"VtsHalTargetTestDefaults",
"use_libaidlvintf_gtest_helper_static",
@@ -38,8 +40,6 @@
"libxml2",
],
static_libs: [
- "android.hardware.automotive.audiocontrol-V3-cpp",
- "android.hardware.audio.common-V1-cpp",
"libgmock",
],
test_suites: [
diff --git a/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.cpp b/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.cpp
index 96110db..e882160 100644
--- a/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.cpp
+++ b/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.cpp
@@ -18,9 +18,9 @@
namespace android::hardware::automotive::can::V1_0::implementation::fuzzer {
-constexpr CanController::InterfaceType kInterfaceType[] = {CanController::InterfaceType::VIRTUAL,
- CanController::InterfaceType::SOCKETCAN,
- CanController::InterfaceType::SLCAN};
+constexpr CanController::InterfaceType kInterfaceType[] = {
+ CanController::InterfaceType::VIRTUAL, CanController::InterfaceType::SOCKETCAN,
+ CanController::InterfaceType::SLCAN, CanController::InterfaceType::INDEXED};
constexpr FilterFlag kFilterFlag[] = {FilterFlag::DONT_CARE, FilterFlag::SET, FilterFlag::NOT_SET};
constexpr size_t kInterfaceTypeLength = std::size(kInterfaceType);
constexpr size_t kFilterFlagLength = std::size(kFilterFlag);
@@ -28,8 +28,8 @@
constexpr size_t kMaxPayloadBytes = 64;
constexpr size_t kMaxFilters = 20;
constexpr size_t kMaxSerialNumber = 1000;
-constexpr size_t kMaxBuses = 10;
-constexpr size_t kMaxRepeat = 5;
+constexpr size_t kMaxBuses = 100;
+constexpr size_t kMaxRepeat = 100;
Bus CanFuzzer::makeBus() {
ICanController::BusConfig config = {};
@@ -56,9 +56,13 @@
}
void CanFuzzer::invokeUpInterface() {
- const CanController::InterfaceType iftype =
- kInterfaceType[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(
- 0, kInterfaceTypeLength - 1)];
+ CanController::InterfaceType controller;
+ if (mFuzzedDataProvider->ConsumeBool()) {
+ controller = (CanController::InterfaceType)mFuzzedDataProvider->ConsumeIntegral<uint8_t>();
+ } else {
+ controller = kInterfaceType[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(
+ 0, kInterfaceTypeLength - 1)];
+ }
std::string configName;
if (const bool shouldInvokeValidBus = mFuzzedDataProvider->ConsumeBool();
@@ -73,7 +77,7 @@
ICanController::BusConfig config = {.name = configName};
- if (iftype == CanController::InterfaceType::SOCKETCAN) {
+ if (controller == CanController::InterfaceType::SOCKETCAN) {
CanController::BusConfig::InterfaceId::Socketcan socketcan = {};
if (const bool shouldPassSerialSocket = mFuzzedDataProvider->ConsumeBool();
shouldPassSerialSocket) {
@@ -83,7 +87,7 @@
socketcan.ifname(ifname);
}
config.interfaceId.socketcan(socketcan);
- } else if (iftype == CanController::InterfaceType::SLCAN) {
+ } else if (controller == CanController::InterfaceType::SLCAN) {
CanController::BusConfig::InterfaceId::Slcan slcan = {};
if (const bool shouldPassSerialSlcan = mFuzzedDataProvider->ConsumeBool();
shouldPassSerialSlcan) {
@@ -93,8 +97,12 @@
slcan.ttyname(ifname);
}
config.interfaceId.slcan(slcan);
- } else if (iftype == CanController::InterfaceType::VIRTUAL) {
+ } else if (controller == CanController::InterfaceType::VIRTUAL) {
config.interfaceId.virtualif({ifname});
+ } else if (controller == CanController::InterfaceType::INDEXED) {
+ CanController::BusConfig::InterfaceId::Indexed indexed;
+ indexed.index = mFuzzedDataProvider->ConsumeIntegral<uint8_t>();
+ config.interfaceId.indexed(indexed);
}
const size_t numInvocations =
@@ -108,8 +116,13 @@
hidl_string configName;
if (const bool shouldInvokeValidBus = mFuzzedDataProvider->ConsumeBool();
(shouldInvokeValidBus) && (mBusNames.size() > 0)) {
- const size_t busNameIndex =
- mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(0, mBusNames.size() - 1);
+ size_t busNameIndex;
+ if (mBusNames.size() == 1) {
+ busNameIndex = 0;
+ } else {
+ busNameIndex =
+ mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(0, mBusNames.size() - 1);
+ }
configName = mBusNames[busNameIndex];
} else {
configName = mFuzzedDataProvider->ConsumeRandomLengthString(kMaxCharacters);
@@ -122,12 +135,6 @@
}
}
-void CanFuzzer::invokeController() {
- getSupportedInterfaceTypes();
- invokeUpInterface();
- invokeDownInterface();
-}
-
void CanFuzzer::invokeBus() {
const size_t numBuses = mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(1, kMaxBuses);
for (size_t i = 0; i < numBuses; ++i) {
@@ -152,12 +159,22 @@
for (uint32_t k = 0; k < numFilters; ++k) {
filterVector[k].id = mFuzzedDataProvider->ConsumeIntegral<uint32_t>();
filterVector[k].mask = mFuzzedDataProvider->ConsumeIntegral<uint32_t>();
- filterVector[k].rtr =
- kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(
- 0, kFilterFlagLength - 1)];
- filterVector[k].extendedFormat =
- kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(
- 0, kFilterFlagLength - 1)];
+ if (mFuzzedDataProvider->ConsumeBool()) {
+ filterVector[k].rtr =
+ (FilterFlag)mFuzzedDataProvider->ConsumeIntegral<uint8_t>();
+ } else {
+ filterVector[k].rtr =
+ kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(
+ 0, kFilterFlagLength - 1)];
+ }
+ if (mFuzzedDataProvider->ConsumeBool()) {
+ filterVector[k].extendedFormat =
+ (FilterFlag)mFuzzedDataProvider->ConsumeIntegral<uint8_t>();
+ } else {
+ filterVector[k].extendedFormat =
+ kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(
+ 0, kFilterFlagLength - 1)];
+ }
filterVector[k].exclude = mFuzzedDataProvider->ConsumeBool();
}
auto listener = listeningBus.listen(filterVector);
@@ -175,8 +192,16 @@
void CanFuzzer::process(const uint8_t* data, size_t size) {
mFuzzedDataProvider = new FuzzedDataProvider(data, size);
- invokeController();
- invokeBus();
+ while (mFuzzedDataProvider->remaining_bytes()) {
+ auto CanFuzzerFunction =
+ mFuzzedDataProvider->PickValueInArray<const std::function<void()>>({
+ [&]() { getSupportedInterfaceTypes(); },
+ [&]() { invokeUpInterface(); },
+ [&]() { invokeDownInterface(); },
+ [&]() { invokeBus(); },
+ });
+ CanFuzzerFunction();
+ }
}
bool CanFuzzer::init() {
diff --git a/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.h b/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.h
index 930cddd..3211bd0 100644
--- a/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.h
+++ b/automotive/can/1.0/default/tests/fuzzer/AutomotiveCanV1_0Fuzzer.h
@@ -116,7 +116,6 @@
hidl_vec<hidl_string> getBusNames();
void getSupportedInterfaceTypes();
void invokeBus();
- void invokeController();
void invokeUpInterface();
void invokeDownInterface();
FuzzedDataProvider* mFuzzedDataProvider = nullptr;
diff --git a/bluetooth/aidl/default/BluetoothHci.cpp b/bluetooth/aidl/default/BluetoothHci.cpp
index 9862e9e..a247cb0 100644
--- a/bluetooth/aidl/default/BluetoothHci.cpp
+++ b/bluetooth/aidl/default/BluetoothHci.cpp
@@ -320,6 +320,7 @@
{
std::lock_guard<std::mutex> guard(mStateMutex);
mState = HalState::READY;
+ mH4 = nullptr;
}
return ndk::ScopedAStatus::ok();
}
@@ -346,13 +347,16 @@
ndk::ScopedAStatus BluetoothHci::send(PacketType type,
const std::vector<uint8_t>& v) {
- if (mH4 == nullptr) {
- return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
- }
if (v.empty()) {
ALOGE("Packet is empty, no data was found to be sent");
return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
}
+
+ std::lock_guard<std::mutex> guard(mStateMutex);
+ if (mH4 == nullptr) {
+ return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
+ }
+
mH4->Send(type, v);
return ndk::ScopedAStatus::ok();
}
diff --git a/bluetooth/audio/aidl/Android.bp b/bluetooth/audio/aidl/Android.bp
index 1028fae..feed6f5 100644
--- a/bluetooth/audio/aidl/Android.bp
+++ b/bluetooth/audio/aidl/Android.bp
@@ -27,10 +27,12 @@
host_supported: true,
srcs: ["android/hardware/bluetooth/audio/*.aidl"],
stability: "vintf",
+ defaults: [
+ "latest_android_hardware_audio_common_import_interface",
+ ],
imports: [
"android.hardware.common-V2",
"android.hardware.common.fmq-V1",
- "android.hardware.audio.common-V2",
],
backend: {
cpp: {
@@ -75,6 +77,23 @@
},
],
- frozen: true,
+ frozen: false,
}
+
+// Note: This should always be one version ahead of the last frozen version
+latest_android_hardware_bluetooth_audio = "android.hardware.bluetooth.audio-V4"
+
+cc_defaults {
+ name: "latest_android_hardware_bluetooth_audio_ndk_shared",
+ shared_libs: [
+ latest_android_hardware_bluetooth_audio + "-ndk",
+ ],
+}
+
+cc_defaults {
+ name: "latest_android_hardware_bluetooth_audio_ndk_static",
+ static_libs: [
+ latest_android_hardware_bluetooth_audio + "-ndk",
+ ],
+}
diff --git a/bluetooth/audio/aidl/default/Android.bp b/bluetooth/audio/aidl/default/Android.bp
index e4c2844..40aea32 100644
--- a/bluetooth/audio/aidl/default/Android.bp
+++ b/bluetooth/audio/aidl/default/Android.bp
@@ -11,6 +11,9 @@
name: "android.hardware.bluetooth.audio-impl",
vendor: true,
vintf_fragments: ["bluetooth_audio.xml"],
+ defaults: [
+ "latest_android_hardware_bluetooth_audio_ndk_shared",
+ ],
srcs: [
"BluetoothAudioProvider.cpp",
"BluetoothAudioProviderFactory.cpp",
@@ -29,7 +32,6 @@
"libcutils",
"libfmq",
"liblog",
- "android.hardware.bluetooth.audio-V3-ndk",
"libbluetooth_audio_session_aidl",
],
}
diff --git a/bluetooth/audio/aidl/default/bluetooth_audio.xml b/bluetooth/audio/aidl/default/bluetooth_audio.xml
index c0bc55e..3561dd1 100644
--- a/bluetooth/audio/aidl/default/bluetooth_audio.xml
+++ b/bluetooth/audio/aidl/default/bluetooth_audio.xml
@@ -1,7 +1,7 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.bluetooth.audio</name>
- <version>3</version>
+ <version>4</version>
<fqname>IBluetoothAudioProviderFactory/default</fqname>
</hal>
</manifest>
diff --git a/bluetooth/audio/aidl/vts/Android.bp b/bluetooth/audio/aidl/vts/Android.bp
index fa85fa8..884062a 100644
--- a/bluetooth/audio/aidl/vts/Android.bp
+++ b/bluetooth/audio/aidl/vts/Android.bp
@@ -10,17 +10,17 @@
cc_test {
name: "VtsHalBluetoothAudioTargetTest",
defaults: [
+ "latest_android_hardware_audio_common_ndk_static",
+ "latest_android_hardware_bluetooth_audio_ndk_static",
+ "latest_android_media_audio_common_types_ndk_static",
"VtsHalTargetTestDefaults",
"use_libaidlvintf_gtest_helper_static",
],
tidy_timeout_srcs: ["VtsHalBluetoothAudioTargetTest.cpp"],
srcs: ["VtsHalBluetoothAudioTargetTest.cpp"],
static_libs: [
- "android.hardware.audio.common-V2-ndk",
- "android.hardware.bluetooth.audio-V3-ndk",
"android.hardware.common-V2-ndk",
"android.hardware.common.fmq-V1-ndk",
- "android.media.audio.common.types-V2-ndk",
],
shared_libs: [
"libbase",
diff --git a/bluetooth/audio/utils/Android.bp b/bluetooth/audio/utils/Android.bp
index a09e7fe..75081d6 100644
--- a/bluetooth/audio/utils/Android.bp
+++ b/bluetooth/audio/utils/Android.bp
@@ -48,6 +48,9 @@
"libhardware_headers",
"libxsdc-utils",
],
+ defaults: [
+ "latest_android_hardware_bluetooth_audio_ndk_shared",
+ ],
shared_libs: [
"android.hardware.bluetooth.audio@2.0",
"android.hardware.bluetooth.audio@2.1",
@@ -56,7 +59,6 @@
"libbinder_ndk",
"libfmq",
"liblog",
- "android.hardware.bluetooth.audio-V3-ndk",
"libhidlbase",
"libxml2",
],
diff --git a/cas/aidl/default/service.cpp b/cas/aidl/default/service.cpp
index bed2f01..076c7bb 100644
--- a/cas/aidl/default/service.cpp
+++ b/cas/aidl/default/service.cpp
@@ -31,6 +31,7 @@
int main() {
ABinderProcess_setThreadPoolMaxThreadCount(8);
+ ABinderProcess_startThreadPool();
// Setup hwbinder service
std::shared_ptr<MediaCasService> service = ::ndk::SharedRefBase::make<MediaCasService>();
diff --git a/common/aidl/Android.bp b/common/aidl/Android.bp
index f3ea8e8..1457b8a 100644
--- a/common/aidl/Android.bp
+++ b/common/aidl/Android.bp
@@ -38,7 +38,7 @@
},
rust: {
enabled: true,
- }
+ },
},
frozen: true,
versions: [
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
index d356cf3..c2ffb84 100644
--- a/compatibility_matrices/Android.mk
+++ b/compatibility_matrices/Android.mk
@@ -106,9 +106,15 @@
framework_compatibility_matrix.6.xml \
framework_compatibility_matrix.7.xml \
framework_compatibility_matrix.8.xml \
- framework_compatibility_matrix.9.xml \
framework_compatibility_matrix.device.xml \
+# Only allow the use of the unreleased compatibility matrix when we can use unfrozen
+# interfaces (in the `next` release configuration).
+ifeq ($(RELEASE_AIDL_USE_UNFROZEN),true)
+my_system_matrix_deps += \
+ framework_compatibility_matrix.9.xml
+endif
+
my_framework_matrix_deps += \
$(my_system_matrix_deps)
diff --git a/compatibility_matrices/compatibility_matrix.8.xml b/compatibility_matrices/compatibility_matrix.8.xml
index 99dcdbb..9057788 100644
--- a/compatibility_matrices/compatibility_matrix.8.xml
+++ b/compatibility_matrices/compatibility_matrix.8.xml
@@ -52,7 +52,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.authsecret</name>
<version>1</version>
<interface>
@@ -123,7 +123,7 @@
<instance>virtual</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.biometrics.fingerprint</name>
<version>3</version>
<interface>
@@ -314,7 +314,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.security.keymint</name>
<version>1-3</version>
<interface>
@@ -323,7 +323,7 @@
<instance>strongbox</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.security.keymint</name>
<version>1-3</version>
<interface>
@@ -532,7 +532,7 @@
<regex-instance>SIM[1-9][0-9]*</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.security.secureclock</name>
<version>1</version>
<interface>
@@ -540,7 +540,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.security.sharedsecret</name>
<version>1</version>
<interface>
@@ -692,7 +692,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.uwb</name>
<version>1</version>
<interface>
diff --git a/compatibility_matrices/compatibility_matrix.9.xml b/compatibility_matrices/compatibility_matrix.9.xml
index 6ed8e8f..83d2665 100644
--- a/compatibility_matrices/compatibility_matrix.9.xml
+++ b/compatibility_matrices/compatibility_matrix.9.xml
@@ -19,7 +19,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.audio.core</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>IModule</name>
<instance>default</instance>
@@ -38,7 +38,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.audio.effect</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>IFactory</name>
<instance>default</instance>
@@ -46,7 +46,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.audio.sounddose</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>ISoundDoseFactory</name>
<instance>default</instance>
@@ -62,7 +62,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.automotive.audiocontrol</name>
- <version>2-3</version>
+ <version>2-4</version>
<interface>
<name>IAudioControl</name>
<instance>default</instance>
@@ -140,7 +140,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.bluetooth.audio</name>
- <version>3</version>
+ <version>3-4</version>
<interface>
<name>IBluetoothAudioProviderFactory</name>
<instance>default</instance>
@@ -543,7 +543,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.soundtrigger3</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>ISoundTriggerHw</name>
<instance>default</instance>
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index d92c0b9..2cb4ffa 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -142,6 +142,7 @@
// AIDL
"android.hardware.audio.core.sounddose@1",
+ "android.hardware.audio.core.sounddose@2",
// Deprecated HALs.
"android.hardware.bluetooth.audio@1",
diff --git a/keymaster/4.0/support/fuzzer/Android.bp b/keymaster/4.0/support/fuzzer/Android.bp
index 8bc681a..f61d10f 100644
--- a/keymaster/4.0/support/fuzzer/Android.bp
+++ b/keymaster/4.0/support/fuzzer/Android.bp
@@ -39,9 +39,17 @@
],
fuzz_config: {
cc: [
- "android-media-fuzzing-reports@google.com",
+ "android-hardware-security@google.com",
],
- componentid: 533764,
+ componentid: 1084733,
+ hotlists: [
+ "4593311",
+ ],
+ description: "The fuzzer targets the APIs of libkeymaster4support",
+ vector: "local_no_privileges_required",
+ service_privilege: "privileged",
+ users: "multi_user",
+ fuzzed_code_usage: "shipped",
},
}
diff --git a/security/authgraph/aidl/vts/functional/Android.bp b/security/authgraph/aidl/vts/functional/Android.bp
index fc13759..0e3480f 100644
--- a/security/authgraph/aidl/vts/functional/Android.bp
+++ b/security/authgraph/aidl/vts/functional/Android.bp
@@ -46,3 +46,36 @@
"vts",
],
}
+
+rust_test {
+ name: "VtsAidlAuthGraphRoleTest",
+ srcs: ["role_test.rs"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ defaults: [
+ "authgraph_use_latest_hal_aidl_rust",
+ ],
+ rustlibs: [
+ "libauthgraph_vts_test",
+ "libbinder_rs",
+ ],
+}
+
+rust_library {
+ name: "libauthgraph_vts_test",
+ crate_name: "authgraph_vts_test",
+ srcs: ["lib.rs"],
+ defaults: [
+ "authgraph_use_latest_hal_aidl_rust",
+ ],
+ rustlibs: [
+ "libauthgraph_boringssl",
+ "libauthgraph_core",
+ "libauthgraph_hal",
+ "libauthgraph_nonsecure",
+ "libbinder_rs",
+ "libcoset",
+ ],
+}
diff --git a/security/authgraph/aidl/vts/functional/lib.rs b/security/authgraph/aidl/vts/functional/lib.rs
new file mode 100644
index 0000000..7b9b2b9
--- /dev/null
+++ b/security/authgraph/aidl/vts/functional/lib.rs
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! VTS test library for AuthGraph functionality.
+//!
+//! This test code is bundled as a library, not as `[cfg(test)]`, to allow it to be
+//! re-used inside the (Rust) VTS tests of components that use AuthGraph.
+
+use android_hardware_security_authgraph::aidl::android::hardware::security::authgraph::{
+ Error::Error, IAuthGraphKeyExchange::IAuthGraphKeyExchange, Identity::Identity,
+ PlainPubKey::PlainPubKey, PubKey::PubKey, SessionIdSignature::SessionIdSignature,
+};
+use authgraph_boringssl as boring;
+use authgraph_core::keyexchange as ke;
+use authgraph_core::{arc, key, traits};
+use authgraph_nonsecure::StdClock;
+use coset::CborSerializable;
+
+pub mod sink;
+pub mod source;
+
+/// Return a collection of AuthGraph trait implementations suitable for testing.
+pub fn test_impls() -> traits::TraitImpl {
+ // Note that the local implementation is using a clock with a potentially different epoch than
+ // the implementation under test.
+ boring::trait_impls(
+ Box::<boring::test_device::AgDevice>::default(),
+ Some(Box::new(StdClock::default())),
+ )
+}
+
+fn build_plain_pub_key(pub_key: &Option<Vec<u8>>) -> PubKey {
+ PubKey::PlainKey(PlainPubKey {
+ plainPubKey: pub_key.clone().unwrap(),
+ })
+}
+
+fn extract_plain_pub_key(pub_key: &Option<PubKey>) -> &PlainPubKey {
+ match pub_key {
+ Some(PubKey::PlainKey(pub_key)) => pub_key,
+ Some(PubKey::SignedKey(_)) => panic!("expect unsigned public key"),
+ None => panic!("expect pubKey to be populated"),
+ }
+}
+
+fn verification_key_from_identity(impls: &traits::TraitImpl, identity: &[u8]) -> key::EcVerifyKey {
+ let identity = key::Identity::from_slice(identity).expect("invalid identity CBOR");
+ impls
+ .device
+ .process_peer_cert_chain(&identity.cert_chain, &*impls.ecdsa)
+ .expect("failed to extract signing key")
+}
+
+fn vec_to_identity(data: &[u8]) -> Identity {
+ Identity {
+ identity: data.to_vec(),
+ }
+}
+
+fn vec_to_signature(data: &[u8]) -> SessionIdSignature {
+ SessionIdSignature {
+ signature: data.to_vec(),
+ }
+}
+
+/// Decrypt a pair of AES-256 keys encrypted with the AuthGraph PBK.
+pub fn decipher_aes_keys(imp: &traits::TraitImpl, arc: &[Vec<u8>; 2]) -> [key::AesKey; 2] {
+ [
+ decipher_aes_key(imp, &arc[0]),
+ decipher_aes_key(imp, &arc[1]),
+ ]
+}
+
+/// Decrypt an AES-256 key encrypted with the AuthGraph PBK.
+pub fn decipher_aes_key(imp: &traits::TraitImpl, arc: &[u8]) -> key::AesKey {
+ let pbk = imp.device.get_per_boot_key().expect("no PBK available");
+ let arc::ArcContent {
+ payload,
+ protected_headers: _,
+ unprotected_headers: _,
+ } = arc::decipher_arc(&pbk, arc, &*imp.aes_gcm).expect("failed to decrypt arc");
+ assert_eq!(payload.0.len(), 32);
+ let mut key = key::AesKey([0; 32]);
+ key.0.copy_from_slice(&payload.0);
+ assert_ne!(key.0, [0; 32], "agreed AES-256 key should be non-zero");
+ key
+}
diff --git a/security/authgraph/aidl/vts/functional/role_test.rs b/security/authgraph/aidl/vts/functional/role_test.rs
new file mode 100644
index 0000000..e95361a
--- /dev/null
+++ b/security/authgraph/aidl/vts/functional/role_test.rs
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Tests of individual AuthGraph role (source or sink) functionality.
+
+#![cfg(test)]
+
+use authgraph_vts_test as vts;
+use android_hardware_security_authgraph::aidl::android::hardware::security::authgraph::{
+ IAuthGraphKeyExchange::IAuthGraphKeyExchange,
+};
+
+const AUTH_GRAPH_NONSECURE: &str =
+ "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure";
+
+/// Retrieve the /nonsecure instance of AuthGraph, which supports both sink and source roles.
+fn get_nonsecure() -> Option<binder::Strong<dyn IAuthGraphKeyExchange>> {
+ binder::get_interface(AUTH_GRAPH_NONSECURE).ok()
+}
+
+/// Macro to require availability of a /nonsecure instance of AuthGraph.
+///
+/// Note that this macro triggers `return` if not found.
+macro_rules! require_nonsecure {
+ {} => {
+ match get_nonsecure() {
+ Some(v) => v,
+ None => {
+ eprintln!("Skipping test as no /nonsecure impl found");
+ return;
+ }
+ }
+ }
+}
+
+#[test]
+fn test_nonsecure_source_mainline() {
+ let mut impls = vts::test_impls();
+ vts::source::test_mainline(&mut impls, require_nonsecure!());
+}
+#[test]
+fn test_nonsecure_source_corrupt_sig() {
+ let mut impls = vts::test_impls();
+ vts::source::test_corrupt_sig(&mut impls, require_nonsecure!());
+}
+#[test]
+fn test_nonsecure_source_corrupt_keys() {
+ let mut impls = vts::test_impls();
+ vts::source::test_corrupt_key(&mut impls, require_nonsecure!());
+}
+#[test]
+fn test_nonsecure_sink_mainline() {
+ let mut impls = vts::test_impls();
+ vts::sink::test_mainline(&mut impls, require_nonsecure!());
+}
+#[test]
+fn test_nonsecure_sink_corrupt_sig() {
+ let mut impls = vts::test_impls();
+ vts::sink::test_corrupt_sig(&mut impls, require_nonsecure!());
+}
+#[test]
+fn test_nonsecure_sink_corrupt_keys() {
+ let mut impls = vts::test_impls();
+ vts::sink::test_corrupt_keys(&mut impls, require_nonsecure!());
+}
diff --git a/security/authgraph/aidl/vts/functional/sink.rs b/security/authgraph/aidl/vts/functional/sink.rs
new file mode 100644
index 0000000..5c81593
--- /dev/null
+++ b/security/authgraph/aidl/vts/functional/sink.rs
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! VTS tests for sinks
+use super::*;
+use authgraph_core::traits;
+
+/// Run AuthGraph tests against the provided sink, using a local test source implementation.
+pub fn test(impls: &mut traits::TraitImpl, sink: binder::Strong<dyn IAuthGraphKeyExchange>) {
+ test_mainline(impls, sink.clone());
+ test_corrupt_sig(impls, sink.clone());
+ test_corrupt_keys(impls, sink);
+}
+
+/// Perform mainline AuthGraph key exchange with the provided sink and local implementation.
+/// Return the agreed AES keys in plaintext.
+pub fn test_mainline(
+ impls: &mut traits::TraitImpl,
+ sink: binder::Strong<dyn IAuthGraphKeyExchange>,
+) -> [key::AesKey; 2] {
+ // Step 1: create an ephemeral ECDH key at the (local) source.
+ let source_init_info = ke::create(impls).expect("failed to create() with local impl");
+
+ // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
+ let init_result = sink
+ .init(
+ &build_plain_pub_key(&source_init_info.ke_key.pub_key),
+ &vec_to_identity(&source_init_info.identity),
+ &source_init_info.nonce,
+ source_init_info.version,
+ )
+ .expect("failed to init() with remote impl");
+ let sink_init_info = init_result.sessionInitiationInfo;
+ let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);
+
+ let sink_info = init_result.sessionInfo;
+ assert!(!sink_info.sessionId.is_empty());
+
+ // The AuthGraph core library will verify the session ID signature, but do it here too.
+ let sink_verification_key =
+ verification_key_from_identity(&impls, &sink_init_info.identity.identity);
+ ke::verify_signature_on_session_id(
+ &sink_verification_key,
+ &sink_info.sessionId,
+ &sink_info.signature.signature,
+ &*impls.ecdsa,
+ )
+ .expect("failed verification of signed session ID");
+
+ // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
+ // can calculate the same pair of symmetric keys.
+ let source_info = ke::finish(
+ impls,
+ &sink_pub_key.plainPubKey,
+ &sink_init_info.identity.identity,
+ &sink_info.signature.signature,
+ &sink_init_info.nonce,
+ sink_init_info.version,
+ source_init_info.ke_key,
+ )
+ .expect("failed to finish() with local impl");
+ assert!(!source_info.session_id.is_empty());
+
+ // The AuthGraph core library will verify the session ID signature, but do it here too.
+ let source_verification_key =
+ verification_key_from_identity(&impls, &source_init_info.identity);
+ ke::verify_signature_on_session_id(
+ &source_verification_key,
+ &source_info.session_id,
+ &source_info.session_id_signature,
+ &*impls.ecdsa,
+ )
+ .expect("failed verification of signed session ID");
+
+ // Both ends should agree on the session ID.
+ assert_eq!(source_info.session_id, sink_info.sessionId);
+
+ // Step 4: pass the (local) source's session ID signature back to the sink, so it can check it
+ // and update the symmetric keys so they're marked as authentication complete.
+ let _sink_arcs = sink
+ .authenticationComplete(
+ &vec_to_signature(&source_info.session_id_signature),
+ &sink_info.sharedKeys,
+ )
+ .expect("failed to authenticationComplete() with remote sink");
+
+ // Decrypt and return the session keys.
+ decipher_aes_keys(&impls, &source_info.shared_keys)
+}
+
+/// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
+/// session ID signature.
+pub fn test_corrupt_sig(
+ impls: &mut traits::TraitImpl,
+ sink: binder::Strong<dyn IAuthGraphKeyExchange>,
+) {
+ // Step 1: create an ephemeral ECDH key at the (local) source.
+ let source_init_info = ke::create(impls).expect("failed to create() with local impl");
+
+ // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
+ let init_result = sink
+ .init(
+ &build_plain_pub_key(&source_init_info.ke_key.pub_key),
+ &vec_to_identity(&source_init_info.identity),
+ &source_init_info.nonce,
+ source_init_info.version,
+ )
+ .expect("failed to init() with remote impl");
+ let sink_init_info = init_result.sessionInitiationInfo;
+ let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);
+
+ let sink_info = init_result.sessionInfo;
+ assert!(!sink_info.sessionId.is_empty());
+
+ // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
+ // can calculate the same pair of symmetric keys.
+ let source_info = ke::finish(
+ impls,
+ &sink_pub_key.plainPubKey,
+ &sink_init_info.identity.identity,
+ &sink_info.signature.signature,
+ &sink_init_info.nonce,
+ sink_init_info.version,
+ source_init_info.ke_key,
+ )
+ .expect("failed to finish() with local impl");
+ assert!(!source_info.session_id.is_empty());
+
+ // Build a corrupted version of the (local) source's session ID signature.
+ let mut corrupt_signature = source_info.session_id_signature.clone();
+ let sig_len = corrupt_signature.len();
+ corrupt_signature[sig_len - 1] ^= 0x01;
+
+ // Step 4: pass the (local) source's **invalid** session ID signature back to the sink,
+ // which should reject it.
+ let result =
+ sink.authenticationComplete(&vec_to_signature(&corrupt_signature), &sink_info.sharedKeys);
+ let err = result.expect_err("expect failure with corrupt signature");
+ assert_eq!(
+ err,
+ binder::Status::new_service_specific_error(Error::INVALID_SIGNATURE.0, None)
+ );
+}
+
+/// Perform mainline AuthGraph key exchange with the provided sink, but provide an invalid
+/// Arc for the sink's key.
+pub fn test_corrupt_keys(
+ impls: &mut traits::TraitImpl,
+ sink: binder::Strong<dyn IAuthGraphKeyExchange>,
+) {
+ // Step 1: create an ephemeral ECDH key at the (local) source.
+ let source_init_info = ke::create(impls).expect("failed to create() with local impl");
+
+ // Step 2: pass the source's ECDH public key and other session info to the (remote) sink.
+ let init_result = sink
+ .init(
+ &build_plain_pub_key(&source_init_info.ke_key.pub_key),
+ &vec_to_identity(&source_init_info.identity),
+ &source_init_info.nonce,
+ source_init_info.version,
+ )
+ .expect("failed to init() with remote impl");
+ let sink_init_info = init_result.sessionInitiationInfo;
+ let sink_pub_key = extract_plain_pub_key(&sink_init_info.key.pubKey);
+
+ let sink_info = init_result.sessionInfo;
+ assert!(!sink_info.sessionId.is_empty());
+
+ // Step 3: pass the sink's ECDH public key and other session info to the (local) source, so it
+ // can calculate the same pair of symmetric keys.
+ let source_info = ke::finish(
+ impls,
+ &sink_pub_key.plainPubKey,
+ &sink_init_info.identity.identity,
+ &sink_info.signature.signature,
+ &sink_init_info.nonce,
+ sink_init_info.version,
+ source_init_info.ke_key,
+ )
+ .expect("failed to finish() with local impl");
+ assert!(!source_info.session_id.is_empty());
+
+ // Deliberately corrupt the sink's shared key Arcs before returning them
+ let mut corrupt_keys = sink_info.sharedKeys.clone();
+ let len0 = corrupt_keys[0].arc.len();
+ let len1 = corrupt_keys[1].arc.len();
+ corrupt_keys[0].arc[len0 - 1] ^= 0x01;
+ corrupt_keys[1].arc[len1 - 1] ^= 0x01;
+
+ // Step 4: pass the (local) source's session ID signature back to the sink, but with corrupted
+ // keys, which should be rejected.
+ let result = sink.authenticationComplete(
+ &vec_to_signature(&source_info.session_id_signature),
+ &corrupt_keys,
+ );
+ let err = result.expect_err("expect failure with corrupt keys");
+ assert_eq!(
+ err,
+ binder::Status::new_service_specific_error(Error::INVALID_SHARED_KEY_ARCS.0, None)
+ );
+}
diff --git a/security/authgraph/aidl/vts/functional/source.rs b/security/authgraph/aidl/vts/functional/source.rs
new file mode 100644
index 0000000..9aaaaee
--- /dev/null
+++ b/security/authgraph/aidl/vts/functional/source.rs
@@ -0,0 +1,244 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! VTS tests for sources
+use super::*;
+use authgraph_core::traits;
+
+/// Run AuthGraph tests against the provided source, using a local test sink implementation.
+pub fn test(impls: &mut traits::TraitImpl, source: binder::Strong<dyn IAuthGraphKeyExchange>) {
+ test_mainline(impls, source.clone());
+ test_corrupt_sig(impls, source.clone());
+ test_corrupt_key(impls, source);
+}
+
+/// Perform mainline AuthGraph key exchange with the provided source.
+/// Return the agreed AES keys in plaintext.
+pub fn test_mainline(
+ impls: &mut traits::TraitImpl,
+ source: binder::Strong<dyn IAuthGraphKeyExchange>,
+) -> [key::AesKey; 2] {
+ // Step 1: create an ephemeral ECDH key at the (remote) source.
+ let source_init_info = source
+ .create()
+ .expect("failed to create() with remote impl");
+ assert!(source_init_info.key.pubKey.is_some());
+ assert!(source_init_info.key.arcFromPBK.is_some());
+ let source_pub_key = extract_plain_pub_key(&source_init_info.key.pubKey);
+
+ // Step 2: pass the source's ECDH public key and other session info to the (local) sink.
+ let init_result = ke::init(
+ impls,
+ &source_pub_key.plainPubKey,
+ &source_init_info.identity.identity,
+ &source_init_info.nonce,
+ source_init_info.version,
+ )
+ .expect("failed to init() with local impl");
+ let sink_init_info = init_result.session_init_info;
+ let sink_pub_key = sink_init_info
+ .ke_key
+ .pub_key
+ .expect("expect pub_key to be populated");
+
+ let sink_info = init_result.session_info;
+ assert!(!sink_info.session_id.is_empty());
+
+ // The AuthGraph core library will verify the session ID signature, but do it here too.
+ let sink_verification_key = verification_key_from_identity(&impls, &sink_init_info.identity);
+ ke::verify_signature_on_session_id(
+ &sink_verification_key,
+ &sink_info.session_id,
+ &sink_info.session_id_signature,
+ &*impls.ecdsa,
+ )
+ .expect("failed verification of signed session ID");
+
+ // Step 3: pass the sink's ECDH public key and other session info to the (remote) source, so it
+ // can calculate the same pair of symmetric keys.
+ let source_info = source
+ .finish(
+ &PubKey::PlainKey(PlainPubKey {
+ plainPubKey: sink_pub_key,
+ }),
+ &Identity {
+ identity: sink_init_info.identity,
+ },
+ &vec_to_signature(&sink_info.session_id_signature),
+ &sink_init_info.nonce,
+ sink_init_info.version,
+ &source_init_info.key,
+ )
+ .expect("failed to finish() with remote impl");
+ assert!(!source_info.sessionId.is_empty());
+
+ // The AuthGraph core library will verify the session ID signature, but do it here too.
+ let source_verification_key =
+ verification_key_from_identity(&impls, &source_init_info.identity.identity);
+ ke::verify_signature_on_session_id(
+ &source_verification_key,
+ &source_info.sessionId,
+ &source_info.signature.signature,
+ &*impls.ecdsa,
+ )
+ .expect("failed verification of signed session ID");
+
+ // Both ends should agree on the session ID.
+ assert_eq!(source_info.sessionId, sink_info.session_id);
+
+ // Step 4: pass the (remote) source's session ID signature back to the sink, so it can check it
+ // and update the symmetric keys so they're marked as authentication complete.
+ let sink_arcs = ke::authentication_complete(
+ impls,
+ &source_info.signature.signature,
+ sink_info.shared_keys,
+ )
+ .expect("failed to authenticationComplete() with local sink");
+
+ // Decrypt and return the session keys.
+ decipher_aes_keys(&impls, &sink_arcs)
+}
+
+/// Perform mainline AuthGraph key exchange with the provided source, but provide an invalid session
+/// ID signature.
+pub fn test_corrupt_sig(
+ impls: &mut traits::TraitImpl,
+ source: binder::Strong<dyn IAuthGraphKeyExchange>,
+) {
+ // Step 1: create an ephemeral ECDH key at the (remote) source.
+ let source_init_info = source
+ .create()
+ .expect("failed to create() with remote impl");
+ assert!(source_init_info.key.pubKey.is_some());
+ assert!(source_init_info.key.arcFromPBK.is_some());
+ let source_pub_key = extract_plain_pub_key(&source_init_info.key.pubKey);
+
+ // Step 2: pass the source's ECDH public key and other session info to the (local) sink.
+ let init_result = ke::init(
+ impls,
+ &source_pub_key.plainPubKey,
+ &source_init_info.identity.identity,
+ &source_init_info.nonce,
+ source_init_info.version,
+ )
+ .expect("failed to init() with local impl");
+ let sink_init_info = init_result.session_init_info;
+ let sink_pub_key = sink_init_info
+ .ke_key
+ .pub_key
+ .expect("expect pub_key to be populated");
+ let sink_info = init_result.session_info;
+ assert!(!sink_info.session_id.is_empty());
+
+ // Deliberately corrupt the sink's session ID signature.
+ let mut corrupt_signature = sink_info.session_id_signature.clone();
+ let sig_len = corrupt_signature.len();
+ corrupt_signature[sig_len - 1] ^= 0x01;
+
+ // Step 3: pass the sink's ECDH public key and other session info to the (remote) source, so it
+ // can calculate the same pair of symmetric keys.
+ let result = source.finish(
+ &PubKey::PlainKey(PlainPubKey {
+ plainPubKey: sink_pub_key,
+ }),
+ &Identity {
+ identity: sink_init_info.identity,
+ },
+ &vec_to_signature(&corrupt_signature),
+ &sink_init_info.nonce,
+ sink_init_info.version,
+ &source_init_info.key,
+ );
+ let err = result.expect_err("expect failure with corrupt signature");
+ assert_eq!(
+ err,
+ binder::Status::new_service_specific_error(Error::INVALID_SIGNATURE.0, None)
+ );
+}
+
+/// Perform mainline AuthGraph key exchange with the provided source, but give it back
+/// a corrupted key.
+pub fn test_corrupt_key(
+ impls: &mut traits::TraitImpl,
+ source: binder::Strong<dyn IAuthGraphKeyExchange>,
+) {
+ // Step 1: create an ephemeral ECDH key at the (remote) source.
+ let source_init_info = source
+ .create()
+ .expect("failed to create() with remote impl");
+ assert!(source_init_info.key.pubKey.is_some());
+ assert!(source_init_info.key.arcFromPBK.is_some());
+ let source_pub_key = extract_plain_pub_key(&source_init_info.key.pubKey);
+
+ // Step 2: pass the source's ECDH public key and other session info to the (local) sink.
+ let init_result = ke::init(
+ impls,
+ &source_pub_key.plainPubKey,
+ &source_init_info.identity.identity,
+ &source_init_info.nonce,
+ source_init_info.version,
+ )
+ .expect("failed to init() with local impl");
+ let sink_init_info = init_result.session_init_info;
+ let sink_pub_key = sink_init_info
+ .ke_key
+ .pub_key
+ .expect("expect pub_key to be populated");
+
+ let sink_info = init_result.session_info;
+ assert!(!sink_info.session_id.is_empty());
+
+ // The AuthGraph core library will verify the session ID signature, but do it here too.
+ let sink_verification_key = verification_key_from_identity(&impls, &sink_init_info.identity);
+ ke::verify_signature_on_session_id(
+ &sink_verification_key,
+ &sink_info.session_id,
+ &sink_info.session_id_signature,
+ &*impls.ecdsa,
+ )
+ .expect("failed verification of signed session ID");
+
+ // Deliberately corrupt the source's encrypted key.
+ let mut corrupt_key = source_init_info.key.clone();
+ match &mut corrupt_key.arcFromPBK {
+ Some(a) => {
+ let len = a.arc.len();
+ a.arc[len - 1] ^= 0x01;
+ }
+ None => panic!("no arc data"),
+ }
+
+ // Step 3: pass the sink's ECDH public key and other session info to the (remote) source, but
+ // give it back a corrupted version of its own key.
+ let result = source.finish(
+ &PubKey::PlainKey(PlainPubKey {
+ plainPubKey: sink_pub_key,
+ }),
+ &Identity {
+ identity: sink_init_info.identity,
+ },
+ &vec_to_signature(&sink_info.session_id_signature),
+ &sink_init_info.nonce,
+ sink_init_info.version,
+ &corrupt_key,
+ );
+
+ let err = result.expect_err("expect failure with corrupt signature");
+ assert_eq!(
+ err,
+ binder::Status::new_service_specific_error(Error::INVALID_PRIV_KEY_ARC_IN_KEY.0, None)
+ );
+}
diff --git a/security/authgraph/default/Android.bp b/security/authgraph/default/Android.bp
index 9de3bc1..c481075 100644
--- a/security/authgraph/default/Android.bp
+++ b/security/authgraph/default/Android.bp
@@ -22,6 +22,26 @@
default_applicable_licenses: ["hardware_interfaces_license"],
}
+rust_library {
+ name: "libauthgraph_nonsecure",
+ crate_name: "authgraph_nonsecure",
+ defaults: [
+ "authgraph_use_latest_hal_aidl_rust",
+ ],
+ vendor_available: true,
+ rustlibs: [
+ "libandroid_logger",
+ "libauthgraph_boringssl",
+ "libauthgraph_core",
+ "libauthgraph_hal",
+ "libbinder_rs",
+ "liblibc",
+ "liblog_rust",
+ ],
+ srcs: ["src/lib.rs"],
+
+}
+
rust_binary {
name: "android.hardware.security.authgraph-service.nonsecure",
relative_install_path: "hw",
@@ -33,9 +53,8 @@
],
rustlibs: [
"libandroid_logger",
- "libauthgraph_core",
- "libauthgraph_boringssl",
"libauthgraph_hal",
+ "libauthgraph_nonsecure",
"libbinder_rs",
"liblibc",
"liblog_rust",
@@ -44,3 +63,20 @@
"src/main.rs",
],
}
+
+rust_fuzz {
+ name: "android.hardware.authgraph-service.nonsecure_fuzzer",
+ rustlibs: [
+ "libauthgraph_hal",
+ "libauthgraph_nonsecure",
+ "libbinder_random_parcel_rs",
+ "libbinder_rs",
+ ],
+ srcs: ["src/fuzzer.rs"],
+ fuzz_config: {
+ cc: [
+ "drysdale@google.com",
+ "hasinitg@google.com",
+ ],
+ },
+}
diff --git a/security/authgraph/default/src/fuzzer.rs b/security/authgraph/default/src/fuzzer.rs
new file mode 100644
index 0000000..6a9cfdd
--- /dev/null
+++ b/security/authgraph/default/src/fuzzer.rs
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#![allow(missing_docs)]
+#![no_main]
+extern crate libfuzzer_sys;
+
+use authgraph_hal::service::AuthGraphService;
+use authgraph_nonsecure::LocalTa;
+use binder_random_parcel_rs::fuzz_service;
+use libfuzzer_sys::fuzz_target;
+use std::sync::{Arc, Mutex};
+
+fuzz_target!(|data: &[u8]| {
+ let local_ta = LocalTa::new();
+ let service = AuthGraphService::new_as_binder(Arc::new(Mutex::new(local_ta)));
+ fuzz_service(&mut service.as_binder(), data);
+});
diff --git a/security/authgraph/default/src/lib.rs b/security/authgraph/default/src/lib.rs
new file mode 100644
index 0000000..4cd0cb7
--- /dev/null
+++ b/security/authgraph/default/src/lib.rs
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Common functionality for non-secure/testing instance of AuthGraph.
+
+use authgraph_boringssl as boring;
+use authgraph_core::{
+ key::MillisecondsSinceEpoch,
+ ta::{AuthGraphTa, Role},
+ traits,
+};
+use authgraph_hal::channel::SerializedChannel;
+use std::sync::{Arc, Mutex};
+use std::time::Instant;
+
+/// Monotonic clock with an epoch that starts at the point of construction.
+/// (This makes it unsuitable for use outside of testing, because the epoch
+/// will not match that of any other component.)
+pub struct StdClock(Instant);
+
+impl Default for StdClock {
+ fn default() -> Self {
+ Self(Instant::now())
+ }
+}
+
+impl traits::MonotonicClock for StdClock {
+ fn now(&self) -> MillisecondsSinceEpoch {
+ let millis: i64 = self
+ .0
+ .elapsed()
+ .as_millis()
+ .try_into()
+ .expect("failed to fit timestamp in i64");
+ MillisecondsSinceEpoch(millis)
+ }
+}
+
+/// Implementation of the AuthGraph TA that runs locally in-process (and which is therefore
+/// insecure).
+pub struct LocalTa {
+ ta: Arc<Mutex<AuthGraphTa>>,
+}
+
+impl LocalTa {
+ /// Create a new instance.
+ pub fn new() -> Self {
+ Self {
+ ta: Arc::new(Mutex::new(AuthGraphTa::new(
+ boring::trait_impls(
+ Box::<boring::test_device::AgDevice>::default(),
+ Some(Box::new(StdClock::default())),
+ ),
+ Role::Both,
+ ))),
+ }
+ }
+}
+
+/// Pretend to be a serialized channel to the TA, but actually just directly invoke the TA with
+/// incoming requests.
+impl SerializedChannel for LocalTa {
+ const MAX_SIZE: usize = usize::MAX;
+
+ fn execute(&mut self, req_data: &[u8]) -> binder::Result<Vec<u8>> {
+ Ok(self.ta.lock().unwrap().process(req_data))
+ }
+}
diff --git a/security/authgraph/default/src/main.rs b/security/authgraph/default/src/main.rs
index 2112e58..873eb4e 100644
--- a/security/authgraph/default/src/main.rs
+++ b/security/authgraph/default/src/main.rs
@@ -22,18 +22,10 @@
//! expose an entrypoint that allowed retrieval of the specific IAuthGraphKeyExchange instance that
//! is correlated with the component).
-use android_hardware_security_authgraph::aidl::android::hardware::security::authgraph::{
- Arc::Arc, IAuthGraphKeyExchange::BnAuthGraphKeyExchange,
- IAuthGraphKeyExchange::IAuthGraphKeyExchange, Identity::Identity, KeInitResult::KeInitResult,
- Key::Key, PubKey::PubKey, SessionIdSignature::SessionIdSignature, SessionInfo::SessionInfo,
- SessionInitiationInfo::SessionInitiationInfo,
-};
-use authgraph_boringssl as boring;
-use authgraph_core::{key::MillisecondsSinceEpoch, keyexchange as ke, traits};
-use authgraph_hal::{err_to_binder, Innto, TryInnto};
+use authgraph_hal::service;
+use authgraph_nonsecure::LocalTa;
use log::{error, info};
-use std::ffi::CString;
-use std::sync::Mutex;
+use std::sync::{Arc, Mutex};
static SERVICE_NAME: &str = "android.hardware.security.authgraph.IAuthGraphKeyExchange";
static SERVICE_INSTANCE: &str = "nonsecure";
@@ -73,7 +65,8 @@
binder::ProcessState::start_thread_pool();
// Register the service
- let service = AuthGraphService::new_as_binder();
+ let local_ta = LocalTa::new();
+ let service = service::AuthGraphService::new_as_binder(Arc::new(Mutex::new(local_ta)));
let service_name = format!("{}/{}", SERVICE_NAME, SERVICE_INSTANCE);
binder::add_service(&service_name, service.as_binder()).map_err(|e| {
format!(
@@ -87,141 +80,3 @@
info!("AuthGraph HAL service is terminating."); // should not reach here
Ok(())
}
-
-/// Non-secure implementation of the AuthGraph key exchange service.
-struct AuthGraphService {
- imp: Mutex<traits::TraitImpl>,
-}
-
-impl AuthGraphService {
- /// Create a new instance.
- fn new() -> Self {
- Self {
- imp: Mutex::new(traits::TraitImpl {
- aes_gcm: Box::new(boring::BoringAes),
- ecdh: Box::new(boring::BoringEcDh),
- ecdsa: Box::new(boring::BoringEcDsa),
- hmac: Box::new(boring::BoringHmac),
- hkdf: Box::new(boring::BoringHkdf),
- sha256: Box::new(boring::BoringSha256),
- rng: Box::new(boring::BoringRng),
- device: Box::<boring::test_device::AgDevice>::default(),
- clock: Some(Box::new(StdClock)),
- }),
- }
- }
-
- /// Create a new instance wrapped in a proxy object.
- pub fn new_as_binder() -> binder::Strong<dyn IAuthGraphKeyExchange> {
- BnAuthGraphKeyExchange::new_binder(Self::new(), binder::BinderFeatures::default())
- }
-}
-
-impl binder::Interface for AuthGraphService {}
-
-/// Extract (and require) an unsigned public key as bytes from a [`PubKey`].
-fn unsigned_pub_key(pub_key: &PubKey) -> binder::Result<&[u8]> {
- match pub_key {
- PubKey::PlainKey(key) => Ok(&key.plainPubKey),
- PubKey::SignedKey(_) => Err(binder::Status::new_exception(
- binder::ExceptionCode::ILLEGAL_ARGUMENT,
- Some(&CString::new("expected unsigned public key").unwrap()),
- )),
- }
-}
-
-/// This nonsecure implementation of the AuthGraph HAL interface directly calls the AuthGraph
-/// reference implementation library code; a real implementation requires the AuthGraph
-/// code to run in a secure environment, not within Android.
-impl IAuthGraphKeyExchange for AuthGraphService {
- fn create(&self) -> binder::Result<SessionInitiationInfo> {
- info!("create()");
- let mut imp = self.imp.lock().unwrap();
- let info = ke::create(&mut *imp).map_err(err_to_binder)?;
- Ok(info.innto())
- }
- fn init(
- &self,
- peer_pub_key: &PubKey,
- peer_id: &Identity,
- peer_nonce: &[u8],
- peer_version: i32,
- ) -> binder::Result<KeInitResult> {
- info!("init(v={peer_version})");
- let mut imp = self.imp.lock().unwrap();
- let peer_pub_key = unsigned_pub_key(peer_pub_key)?;
- let result = ke::init(
- &mut *imp,
- peer_pub_key,
- &peer_id.identity,
- &peer_nonce,
- peer_version,
- )
- .map_err(err_to_binder)?;
- Ok(result.innto())
- }
-
- fn finish(
- &self,
- peer_pub_key: &PubKey,
- peer_id: &Identity,
- peer_signature: &SessionIdSignature,
- peer_nonce: &[u8],
- peer_version: i32,
- own_key: &Key,
- ) -> binder::Result<SessionInfo> {
- info!("finish(v={peer_version})");
- let mut imp = self.imp.lock().unwrap();
- let peer_pub_key = unsigned_pub_key(peer_pub_key)?;
- let own_key: Key = own_key.clone();
- let own_key: authgraph_core::key::Key = own_key.try_innto()?;
- let session_info = ke::finish(
- &mut *imp,
- peer_pub_key,
- &peer_id.identity,
- &peer_signature.signature,
- &peer_nonce,
- peer_version,
- own_key,
- )
- .map_err(err_to_binder)?;
- Ok(session_info.innto())
- }
-
- fn authenticationComplete(
- &self,
- peer_signature: &SessionIdSignature,
- shared_keys: &[Arc; 2],
- ) -> binder::Result<[Arc; 2]> {
- info!("authComplete()");
- let mut imp = self.imp.lock().unwrap();
- let shared_keys = [shared_keys[0].arc.clone(), shared_keys[1].arc.clone()];
- let arcs = ke::authentication_complete(&mut *imp, &peer_signature.signature, shared_keys)
- .map_err(err_to_binder)?;
- Ok(arcs.map(|arc| Arc { arc }))
- }
-}
-
-/// Monotonic clock.
-#[derive(Default)]
-pub struct StdClock;
-
-impl traits::MonotonicClock for StdClock {
- fn now(&self) -> authgraph_core::key::MillisecondsSinceEpoch {
- let mut time = libc::timespec {
- tv_sec: 0, // libc::time_t
- tv_nsec: 0, // libc::c_long
- };
- let rc =
- // Safety: `time` is a valid structure.
- unsafe { libc::clock_gettime(libc::CLOCK_BOOTTIME, &mut time as *mut libc::timespec) };
- if rc < 0 {
- log::warn!("failed to get time!");
- return MillisecondsSinceEpoch(0);
- }
- // The types in `libc::timespec` may be different on different architectures,
- // so allow conversion to `i64`.
- #[allow(clippy::unnecessary_cast)]
- MillisecondsSinceEpoch((time.tv_sec as i64 * 1000) + (time.tv_nsec as i64 / 1000 / 1000))
- }
-}
diff --git a/soundtrigger/aidl/Android.bp b/soundtrigger/aidl/Android.bp
index 27d43d3..aa400c1 100644
--- a/soundtrigger/aidl/Android.bp
+++ b/soundtrigger/aidl/Android.bp
@@ -22,8 +22,8 @@
"android/hardware/soundtrigger3/ISoundTriggerHwGlobalCallback.aidl",
],
stability: "vintf",
- imports: [
- "android.media.soundtrigger.types-V1",
+ defaults: [
+ "latest_android_media_soundtrigger_types_import_interface",
],
backend: {
cpp: {
@@ -34,6 +34,7 @@
sdk_version: "module_current",
},
},
+ frozen: false,
versions_with_info: [
{
version: "1",
@@ -45,7 +46,7 @@
}
// Note: This should always be one version ahead of the last frozen version
-latest_android_hardware_soundtrigger3 = "android.hardware.soundtrigger3-V1"
+latest_android_hardware_soundtrigger3 = "android.hardware.soundtrigger3-V2"
// Modules that depend on android.hardware.soundtrigger3 directly can include
// the following java_defaults to avoid explicitly managing dependency versions
@@ -56,3 +57,10 @@
latest_android_hardware_soundtrigger3 + "-java",
],
}
+
+cc_defaults {
+ name: "latest_android_hardware_soundtrigger3_ndk_shared",
+ shared_libs: [
+ latest_android_hardware_soundtrigger3 + "-ndk",
+ ],
+}
diff --git a/wifi/netlinkinterceptor/aidl/default/Android.bp b/wifi/netlinkinterceptor/aidl/default/Android.bp
index 5227e51..c3a0c03 100644
--- a/wifi/netlinkinterceptor/aidl/default/Android.bp
+++ b/wifi/netlinkinterceptor/aidl/default/Android.bp
@@ -25,8 +25,6 @@
cc_binary {
name: "android.hardware.net.nlinterceptor-service.default",
- init_rc: ["nlinterceptor-default.rc"],
- vintf_fragments: ["nlinterceptor-default.xml"],
vendor: true,
relative_install_path: "hw",
defaults: ["nlinterceptor@defaults"],
@@ -45,4 +43,35 @@
"service.cpp",
"util.cpp",
],
+ installable: false, // installed in APEX
+}
+
+apex {
+ name: "com.android.hardware.net.nlinterceptor",
+ vendor: true,
+ manifest: "apex_manifest.json",
+ file_contexts: "apex_file_contexts",
+ key: "com.android.hardware.key",
+ certificate: ":com.android.hardware.certificate",
+ updatable: false,
+ binaries: [
+ "android.hardware.net.nlinterceptor-service.default",
+ ],
+ prebuilts: [
+ "nlinterceptor.rc",
+ "nlinterceptor.xml",
+ ],
+}
+
+prebuilt_etc {
+ name: "nlinterceptor.rc",
+ src: "nlinterceptor.rc",
+ installable: false,
+}
+
+prebuilt_etc {
+ name: "nlinterceptor.xml",
+ src: "nlinterceptor.xml",
+ sub_dir: "vintf",
+ installable: false,
}
diff --git a/wifi/netlinkinterceptor/aidl/default/apex_file_contexts b/wifi/netlinkinterceptor/aidl/default/apex_file_contexts
new file mode 100644
index 0000000..6ee544c
--- /dev/null
+++ b/wifi/netlinkinterceptor/aidl/default/apex_file_contexts
@@ -0,0 +1,3 @@
+(/.*)? u:object_r:vendor_file:s0
+/etc(/.*)? u:object_r:vendor_configs_file:s0
+/bin/hw/android\.hardware\.net\.nlinterceptor-service\.default u:object_r:hal_nlinterceptor_default_exec:s0
diff --git a/wifi/netlinkinterceptor/aidl/default/apex_manifest.json b/wifi/netlinkinterceptor/aidl/default/apex_manifest.json
new file mode 100644
index 0000000..4ffeac5
--- /dev/null
+++ b/wifi/netlinkinterceptor/aidl/default/apex_manifest.json
@@ -0,0 +1,4 @@
+{
+ "name": "com.android.hardware.net.nlinterceptor",
+ "version": 1
+}
diff --git a/wifi/netlinkinterceptor/aidl/default/nlinterceptor-default.rc b/wifi/netlinkinterceptor/aidl/default/nlinterceptor-default.rc
deleted file mode 100644
index 353cb27..0000000
--- a/wifi/netlinkinterceptor/aidl/default/nlinterceptor-default.rc
+++ /dev/null
@@ -1,4 +0,0 @@
-service nlinterceptor /vendor/bin/hw/android.hardware.net.nlinterceptor-service.default
- class hal
- user root
- group system inet
diff --git a/wifi/netlinkinterceptor/aidl/default/nlinterceptor.rc b/wifi/netlinkinterceptor/aidl/default/nlinterceptor.rc
new file mode 100644
index 0000000..ec9baa9
--- /dev/null
+++ b/wifi/netlinkinterceptor/aidl/default/nlinterceptor.rc
@@ -0,0 +1,4 @@
+service nlinterceptor /apex/com.android.hardware.net.nlinterceptor/bin/hw/android.hardware.net.nlinterceptor-service.default
+ class hal
+ user root
+ group system inet
diff --git a/wifi/netlinkinterceptor/aidl/default/nlinterceptor-default.xml b/wifi/netlinkinterceptor/aidl/default/nlinterceptor.xml
similarity index 100%
rename from wifi/netlinkinterceptor/aidl/default/nlinterceptor-default.xml
rename to wifi/netlinkinterceptor/aidl/default/nlinterceptor.xml