Merge "Avoid sub_overflow_minimal in AIDL effects VTS" into main
diff --git a/atrace/1.0/vts/functional/OWNERS b/atrace/OWNERS
similarity index 97%
rename from atrace/1.0/vts/functional/OWNERS
rename to atrace/OWNERS
index 31043aa..d76ffa6 100644
--- a/atrace/1.0/vts/functional/OWNERS
+++ b/atrace/OWNERS
@@ -1,2 +1,3 @@
# Bug component: 837454
+
wvw@google.com
diff --git a/audio/aidl/default/Module.cpp b/audio/aidl/default/Module.cpp
index f81095e..b7761bf 100644
--- a/audio/aidl/default/Module.cpp
+++ b/audio/aidl/default/Module.cpp
@@ -454,16 +454,15 @@
LOG(ERROR) << __func__ << ": port id " << templateId << " is not a device port";
return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
}
- if (!templateIt->profiles.empty()) {
- LOG(ERROR) << __func__ << ": port id " << templateId
- << " does not have dynamic profiles";
- return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
- }
auto& templateDevicePort = templateIt->ext.get<AudioPortExt::Tag::device>();
if (templateDevicePort.device.type.connection.empty()) {
LOG(ERROR) << __func__ << ": port id " << templateId << " is permanently attached";
return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
}
+ if (mConnectedDevicePorts.find(templateId) != mConnectedDevicePorts.end()) {
+ LOG(ERROR) << __func__ << ": port id " << templateId << " is a connected device port";
+ return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
+ }
// Postpone id allocation until we ensure that there are no client errors.
connectedPort = *templateIt;
connectedPort.extraAudioDescriptors = in_templateIdAndAdditionalData.extraAudioDescriptors;
@@ -486,19 +485,23 @@
}
}
- if (!mDebug.simulateDeviceConnections) {
- RETURN_STATUS_IF_ERROR(populateConnectedDevicePort(&connectedPort));
- } else {
- auto& connectedProfiles = getConfig().connectedProfiles;
- if (auto connectedProfilesIt = connectedProfiles.find(templateId);
- connectedProfilesIt != connectedProfiles.end()) {
- connectedPort.profiles = connectedProfilesIt->second;
- }
- }
if (connectedPort.profiles.empty()) {
- LOG(ERROR) << "Profiles of a connected port still empty after connecting external device "
- << connectedPort.toString();
- return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
+ if (!mDebug.simulateDeviceConnections) {
+ RETURN_STATUS_IF_ERROR(populateConnectedDevicePort(&connectedPort));
+ } else {
+ auto& connectedProfiles = getConfig().connectedProfiles;
+ if (auto connectedProfilesIt = connectedProfiles.find(templateId);
+ connectedProfilesIt != connectedProfiles.end()) {
+ connectedPort.profiles = connectedProfilesIt->second;
+ }
+ }
+ if (connectedPort.profiles.empty()) {
+ LOG(ERROR) << __func__
+ << ": profiles of a connected port still empty after connecting external "
+ "device "
+ << connectedPort.toString();
+ return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
+ }
}
for (auto profile : connectedPort.profiles) {
diff --git a/audio/aidl/default/include/effect-impl/EffectWorker.h b/audio/aidl/default/include/effect-impl/EffectWorker.h
deleted file mode 100644
index 421429a..0000000
--- a/audio/aidl/default/include/effect-impl/EffectWorker.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (C) 2022 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-#include <algorithm>
-#include <memory>
-#include <mutex>
-#include <string>
-
-#include "EffectContext.h"
-#include "EffectThread.h"
-
-namespace aidl::android::hardware::audio::effect {
-
-std::string toString(RetCode& code);
-
-class EffectWorker : public EffectThread {
- public:
- // set effect context for worker, suppose to only happen once here
- void setContext(std::shared_ptr<EffectContext> context) {
- std::call_once(mOnceFlag, [&]() { mContext = context; });
- };
-
- // handle FMQ and call effect implemented virtual function
- void process() override {
- RETURN_VALUE_IF(!mContext, void(), "nullContext");
- std::shared_ptr<EffectContext::StatusMQ> statusMQ = mContext->getStatusFmq();
- std::shared_ptr<EffectContext::DataMQ> inputMQ = mContext->getInputDataFmq();
- std::shared_ptr<EffectContext::DataMQ> outputMQ = mContext->getOutputDataFmq();
-
- // Only this worker will read from input data MQ and write to output data MQ.
- auto readSamples = inputMQ->availableToRead(), writeSamples = outputMQ->availableToWrite();
- if (readSamples && writeSamples) {
- auto processSamples = std::min(readSamples, writeSamples);
- LOG(VERBOSE) << __func__ << " available to read " << readSamples
- << " available to write " << writeSamples << " process " << processSamples;
-
- auto buffer = mContext->getWorkBuffer();
- inputMQ->read(buffer, processSamples);
-
- IEffect::Status status = effectProcessImpl(buffer, buffer, processSamples);
- outputMQ->write(buffer, status.fmqProduced);
- statusMQ->writeBlocking(&status, 1);
- LOG(VERBOSE) << __func__ << " done processing, effect consumed " << status.fmqConsumed
- << " produced " << status.fmqProduced;
- } else {
- // TODO: maybe add some sleep here to avoid busy waiting
- }
- }
-
- // must implement by each effect implementation
- // TODO: consider if this interface need adjustment to handle in-place processing
- virtual IEffect::Status effectProcessImpl(float* in, float* out, int samples) = 0;
-
- private:
- // make sure the context only set once.
- std::once_flag mOnceFlag;
- std::shared_ptr<EffectContext> mContext;
-};
-
-} // namespace aidl::android::hardware::audio::effect
diff --git a/automotive/evs/OWNERS b/automotive/evs/OWNERS
index 15de48f..4787f0b 100644
--- a/automotive/evs/OWNERS
+++ b/automotive/evs/OWNERS
@@ -1,2 +1,2 @@
ankitarora@google.com
-jwhpryor@google.com
+changyeon@google.com
diff --git a/cas/1.0/default/TypeConvert.cpp b/cas/1.0/default/TypeConvert.cpp
index cd0efdb..cc25cf5 100644
--- a/cas/1.0/default/TypeConvert.cpp
+++ b/cas/1.0/default/TypeConvert.cpp
@@ -82,7 +82,7 @@
for (size_t i = 0; i < sessionId.size(); i++) {
result.appendFormat("%02x ", sessionId[i]);
}
- if (result.isEmpty()) {
+ if (result.empty()) {
result.append("(null)");
}
return result;
diff --git a/cas/1.1/default/TypeConvert.cpp b/cas/1.1/default/TypeConvert.cpp
index 09ef41a..2ffc79a 100644
--- a/cas/1.1/default/TypeConvert.cpp
+++ b/cas/1.1/default/TypeConvert.cpp
@@ -81,7 +81,7 @@
for (size_t i = 0; i < sessionId.size(); i++) {
result.appendFormat("%02x ", sessionId[i]);
}
- if (result.isEmpty()) {
+ if (result.empty()) {
result.append("(null)");
}
return result;
diff --git a/cas/1.2/default/TypeConvert.cpp b/cas/1.2/default/TypeConvert.cpp
index c4bd0dd..7d27fa1 100644
--- a/cas/1.2/default/TypeConvert.cpp
+++ b/cas/1.2/default/TypeConvert.cpp
@@ -108,7 +108,7 @@
for (size_t i = 0; i < sessionId.size(); i++) {
result.appendFormat("%02x ", sessionId[i]);
}
- if (result.isEmpty()) {
+ if (result.empty()) {
result.append("(null)");
}
return result;
diff --git a/compatibility_matrices/compatibility_matrix.7.xml b/compatibility_matrices/compatibility_matrix.7.xml
index 14c330e..fe424bd 100644
--- a/compatibility_matrices/compatibility_matrix.7.xml
+++ b/compatibility_matrices/compatibility_matrix.7.xml
@@ -404,7 +404,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.light</name>
- <version>2</version>
+ <version>1-2</version>
<interface>
<name>ILights</name>
<instance>default</instance>
diff --git a/security/README.md b/security/README.md
new file mode 100644
index 0000000..c5b5ba8
--- /dev/null
+++ b/security/README.md
@@ -0,0 +1,109 @@
+# Security-Related HALs
+
+The `security/` subdirectory holds various security-related HALs. (The final two sections of this
+document also describe security-related HALs that are in other places under `hardware/interfaces/`.)
+
+The most significant HAL is KeyMint (**`IKeyMintDevice`** in the
+`hardware/interfaces/security/keymint/` directory), which allows access to cryptographic
+functionality where the key material is restricted to a secure environment. This functionality is
+used by Android system services, and is also made available to apps via Android Keystore.
+
+A KeyMint implementation (or an implementation of its predecessor, Keymaster) that runs in an
+isolated execution environment (e.g. ARM TrustZone) is required for most Android devices; see [CDD
+9.11](https://source.android.com/docs/compatibility/13/android-13-cdd#911_keys_and_credentials).
+
+A device may optionally also support a second KeyMint instance, running in a dedicated secure
+processor; this is known as StrongBox ([CDD
+9.11.2](https://source.android.com/docs/compatibility/13/android-13-cdd#9112_strongbox)).
+
+Two specific features of KeyMint are worth highlighting, as they have an impact on the other
+security-related HALs:
+
+- KeyMint supports keys that can only be used when the operation is authenticated by the user,
+ either by their lock screen knowledge factor (LSKF, e.g. PIN or pattern) or by a strong biometric
+ (e.g. fingerprint).
+- KeyMint supports *attestation* of public keys: when an asymmetric keypair is created, the secure
+ environment produces a chain of signed certificates:
+ - starting from a trusted root certificate
+ - terminating in a leaf certificate that holds the public key; this leaf certificate may also
+ describe the state of the device and the policies attached to the key.
+
+## Authentication Verification
+
+User authentication must also take place in a secure environment (see the final section below), but
+the results of that authentication are communicated to KeyMint via Android. As such, the
+authentication result (a *hardware auth token*) is signed with a per-boot shared HMAC key known only
+to the secure components, so that it's authenticity can be verified.
+
+If an authenticator, for example GateKeeper (described by the **`IGatekeeper`** HAL in
+`hardware/interfaces/gatekeeper/`), is co-located in the same secure environment as KeyMint, it can
+use a local, vendor-specific, method to communicate the shared HMAC key.
+
+However, if the authenticator is in a different environment than the KeyMint instance then a local
+communication mechanism may not be possible. For example, a StrongBox KeyMint instance running in a
+separate secure processor may not have a communication channel with a TEE on the main processor.
+
+To allow for this, the **`ISharedSecret`** HAL (in `hardware/interfaces/security/sharedsecret`)
+describes an N-party shared key agreement protocol for per-boot derivation of the shared HMAC key,
+based on a pre-provisioned shared secret. This HAL can be implemented by any security component
+– whether KeyMint instance or authenticator – that needs access to the shared HMAC key.
+
+User authentication operations are also timestamped, but a StrongBox KeyMint instance may not have
+access to a secure time source that is aligned with the authenticator's time source.
+
+To allow for this, the **`ISecureClock`** HAL (in `hardware/interfaces/secureclock`) describes a
+challenge-based timestamp authentication protocol. This HAL is optional; it need only be
+implemented if there is a KeyMint instance without a secure source of time.
+
+## Attestation Key Provisioning
+
+As noted above, key generation may also generate an attestation certificate chain, which requires
+that the secure environment have access to a signing key which in turn chains back to the Google
+root.
+
+Historically these signing keys were created by Google and provided to vendors for installation in
+batches of devices (to prevent their use as unique device identifiers). However, this mechanism had
+significant disadvantages, as it required secure handling of key material and only allowed for
+coarse-grained revocation.
+
+The remote key provisioning HAL (**`IRemotelyProvisionedComponent`** in
+`hardware/interfaces/security/rkp/`) provides a mechanism whereby signing certificates for
+attestation can be retrieved at runtime from Google servers based on pre-registered device identity
+information. This mechanism is used to provision certificates for KeyMint's signing keys, but is
+not restricted to that purpose; it can also be used in other scenarios where keys need to be
+provisioned (for example, for [Widevine](https://developers.google.com/widevine/drm/overview)).
+
+## Keymaster
+
+The Keymaster HAL (**`IKeymasterDevice`** in `hardware/interfaces/keymaster/`) is the historical
+ancestor of many of the HALs here (and may still be present on older devices). Its functionality is
+effectively the union of the following current HALs:
+
+- **`IKeyMintDevice`**
+- **`ISharedSecret`**
+- **`ISecureClock`**
+
+## Related Authentication HALs
+
+Authentication of users needs to happen in a secure environment, using vendor-specific
+functionality, and so involves the use of one of the following HALs (all of which are outside the
+`security/` subdirectory).
+
+- The **`IGatekeeper`** HAL (in `hardware/interfaces/gatekeeper/`) provides user authentication
+ functionality based on the user's lock-screen knowledge factor (LSKF), including throttling
+ behaviour to prevent attacks. Authentication tokens produced by this HAL are consumed by KeyMint,
+ validated using the shared HMAC key described above.
+ - The optional **`IWeaver`** HAL (in `hardware/interfaces/weaver`) improves the security of LSKF
+ authentication by converting the user's LSKF into a *synthetic password* via hashing and
+ stretching. This is required to be implemented on a separate secure element, which prevents
+ offline attacks on Gatekeeper storage. Note that Weaver does not directly interact with KeyMint;
+ the synthetic password is fed into Gatekeeper in place of the plain user password, and then
+ Gatekeeper interacts with KeyMint as normal.
+- The **`IFingerprint`** and **`IFace`** HAL definitions (under `hardware/interfaces/biometrics/`)
+ allow access to biometric authentication functionality that is implemented in a secure
+ environment. Authentication tokens produced by these HALs are consumed by KeyMint, validated
+ using the shared HMAC key described above.
+- The optional **`IConfirmationUI`** HAL (in `hardware/interfaces/confirmationui`) supports
+ functionality where the user confirms that they have seen a specific message in a secure manner.
+ Confirmation tokens produced by this HAL are consumed by KeyMint, validated using the shared HMAC
+ key described above.
diff --git a/security/rkp/aidl/Android.bp b/security/rkp/aidl/Android.bp
index 5285477..0ebc3b7 100644
--- a/security/rkp/aidl/Android.bp
+++ b/security/rkp/aidl/Android.bp
@@ -28,6 +28,10 @@
},
rust: {
enabled: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.virt",
+ ],
},
},
versions_with_info: [
diff --git a/wifi/1.0/vts/functional/wifi_hidl_test_utils.cpp b/wifi/1.0/vts/functional/wifi_hidl_test_utils.cpp
index 02f8209..fae30c0 100644
--- a/wifi/1.0/vts/functional/wifi_hidl_test_utils.cpp
+++ b/wifi/1.0/vts/functional/wifi_hidl_test_utils.cpp
@@ -89,6 +89,24 @@
ChipModeId mode_id;
return configureChipToSupportIfaceTypeInternal(wifi_chip, type, &mode_id);
}
+
+bool doesChipSupportIfaceTypeInternal(const sp<IWifiChip>& wifi_chip,
+ IfaceType type) {
+ ChipModeId mode_id;
+ if (!wifi_chip.get()) {
+ return false;
+ }
+ const auto& status_and_modes = HIDL_INVOKE(wifi_chip, getAvailableModes);
+ if (status_and_modes.first.code != WifiStatusCode::SUCCESS) {
+ return false;
+ }
+ if (!findAnyModeSupportingIfaceType(type, status_and_modes.second,
+ &mode_id)) {
+ return false;
+ }
+
+ return true;
+}
} // namespace
sp<IWifi> getWifi(const std::string& instance_name) {
@@ -205,6 +223,11 @@
configured_mode_id);
}
+bool doesChipSupportIfaceType(const sp<IWifiChip>& wifi_chip,
+ IfaceType type) {
+ return doesChipSupportIfaceTypeInternal(wifi_chip, type);
+}
+
void stopWifi(const std::string& instance_name) {
sp<IWifi> wifi = IWifi::getService(instance_name);
ASSERT_NE(wifi, nullptr);
diff --git a/wifi/1.0/vts/functional/wifi_hidl_test_utils.h b/wifi/1.0/vts/functional/wifi_hidl_test_utils.h
index 62c015c..876c316 100644
--- a/wifi/1.0/vts/functional/wifi_hidl_test_utils.h
+++ b/wifi/1.0/vts/functional/wifi_hidl_test_utils.h
@@ -49,6 +49,10 @@
const android::sp<android::hardware::wifi::V1_0::IWifiChip>& wifi_chip,
android::hardware::wifi::V1_0::IfaceType type,
android::hardware::wifi::V1_0::ChipModeId* configured_mode_id);
+// Check whether wifi chip supports given interface type mode
+bool doesChipSupportIfaceType(
+ const android::sp<android::hardware::wifi::V1_0::IWifiChip>& wifi_chip,
+ android::hardware::wifi::V1_0::IfaceType type);
// Used to trigger IWifi.stop() at the end of every test.
void stopWifi(const std::string& instance_name);
uint32_t getChipCapabilitiesLatest(
diff --git a/wifi/1.5/vts/functional/wifi_ap_iface_hidl_test.cpp b/wifi/1.5/vts/functional/wifi_ap_iface_hidl_test.cpp
index 424f934..c3bd4d7 100644
--- a/wifi/1.5/vts/functional/wifi_ap_iface_hidl_test.cpp
+++ b/wifi/1.5/vts/functional/wifi_ap_iface_hidl_test.cpp
@@ -58,12 +58,16 @@
"wifi_softap_bridged_ap_supported");
// Make sure to start with a clean state
stopWifi(GetInstanceName());
+ // Read AP mode capabilities from the wifi chip modes
+ sp<IWifiChip> wifi_chip_ = getWifiChip_1_5(GetInstanceName());
+ isApModeSupport_ = doesChipSupportIfaceType(wifi_chip_, IfaceType::AP);
}
virtual void TearDown() override { stopWifi(GetInstanceName()); }
protected:
bool isBridgedSupport_ = false;
+ bool isApModeSupport_ = false;
std::string GetInstanceName() { return GetParam(); }
};
@@ -83,6 +87,7 @@
* resetToFactoryMacAddress in non-bridged mode
*/
TEST_P(WifiApIfaceHidlTest, resetToFactoryMacAddressTest) {
+ if (!isApModeSupport_) GTEST_SKIP() << "Missing AP support";
sp<IWifiApIface> wifi_ap_iface = getWifiApIface_1_5(GetInstanceName());
ASSERT_NE(nullptr, wifi_ap_iface.get());
const auto& status = HIDL_INVOKE(wifi_ap_iface, resetToFactoryMacAddress);
@@ -93,6 +98,7 @@
* getBridgedInstances in non-bridged mode
*/
TEST_P(WifiApIfaceHidlTest, getBridgedInstancesTest) {
+ if (!isApModeSupport_) GTEST_SKIP() << "Missing AP support";
sp<IWifiApIface> wifi_ap_iface = getWifiApIface_1_5(GetInstanceName());
ASSERT_NE(nullptr, wifi_ap_iface.get());
const auto& status_and_instances =
diff --git a/wifi/1.6/default/wifi_feature_flags.cpp b/wifi/1.6/default/wifi_feature_flags.cpp
index e80a3cd..ff23e7c 100644
--- a/wifi/1.6/default/wifi_feature_flags.cpp
+++ b/wifi/1.6/default/wifi_feature_flags.cpp
@@ -136,6 +136,7 @@
#define AP IfaceConcurrencyType::AP
#define AP_BRIDGED IfaceConcurrencyType::AP_BRIDGED
#define P2P IfaceConcurrencyType::P2P
+#undef NAN // undefine NAN from math.h
#define NAN IfaceConcurrencyType::NAN
static const std::vector<V1_6::IWifiChip::ChipMode> kChipModesPrimary{
{kMainModeId, ChipConcurrencyCombination::make_vec({WIFI_HAL_INTERFACE_COMBINATIONS})},
diff --git a/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp b/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp
index d95bd03..6f8fde6 100644
--- a/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp
+++ b/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp
@@ -524,16 +524,12 @@
* Connect
*/
TEST_P(SupplicantP2pIfaceAidlTest, Connect) {
- /*
- * Auto-join is not enabled before R. After enabling auto-join,
- * this should always succeed.
- */
- std::string pin;
- EXPECT_TRUE(p2p_iface_
- ->connect(kTestMacAddr, WpsProvisionMethod::PBC,
- kTestConnectPin, false, false,
- kTestConnectGoIntent, &pin)
- .isOk());
+ std::string pin;
+ EXPECT_TRUE(p2p_iface_
+ ->connect(kTestMacAddr, WpsProvisionMethod::PBC,
+ kTestConnectPin, true, false, kTestConnectGoIntent,
+ &pin)
+ .isOk());
}
/*
@@ -543,7 +539,7 @@
std::string pin;
EXPECT_TRUE(p2p_iface_
->connect(kTestMacAddr, WpsProvisionMethod::PBC,
- kTestConnectPin, false, false,
+ kTestConnectPin, true, false,
kTestConnectGoIntent, &pin)
.isOk());
EXPECT_TRUE(p2p_iface_->cancelConnect().isOk());