Merge "Move SecureStorage interface out of staging" into main
diff --git a/audio/aidl/vts/Android.bp b/audio/aidl/vts/Android.bp
index 467ad62..4a71be9 100644
--- a/audio/aidl/vts/Android.bp
+++ b/audio/aidl/vts/Android.bp
@@ -115,6 +115,9 @@
defaults: ["VtsHalAudioEffectTargetTestDefaults"],
static_libs: ["libaudioaidlranges"],
srcs: ["VtsHalDynamicsProcessingTest.cpp"],
+ shared_libs: [
+ "libaudioutils",
+ ],
}
cc_test {
diff --git a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
index 0c201cc..f106d83 100644
--- a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
+++ b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
@@ -20,6 +20,8 @@
#define LOG_TAG "VtsHalDynamicsProcessingTest"
#include <android-base/logging.h>
+#include <audio_utils/power.h>
+#include <audio_utils/primitives.h>
#include <Utils.h>
@@ -44,26 +46,25 @@
class DynamicsProcessingTestHelper : public EffectHelper {
public:
DynamicsProcessingTestHelper(std::pair<std::shared_ptr<IFactory>, Descriptor> pair,
- int32_t channelLayOut = AudioChannelLayout::LAYOUT_STEREO) {
+ int32_t channelLayOut = AudioChannelLayout::LAYOUT_STEREO)
+ : mChannelLayout(channelLayOut),
+ mChannelCount(::aidl::android::hardware::audio::common::getChannelCount(
+ AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout))) {
std::tie(mFactory, mDescriptor) = pair;
- mChannelLayout = channelLayOut;
- mChannelCount = ::aidl::android::hardware::audio::common::getChannelCount(
- AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout));
}
// setup
void SetUpDynamicsProcessingEffect() {
ASSERT_NE(nullptr, mFactory);
ASSERT_NO_FATAL_FAILURE(create(mFactory, mEffect, mDescriptor));
-
Parameter::Specific specific = getDefaultParamSpecific();
Parameter::Common common = createParamCommon(
- 0 /* session */, 1 /* ioHandle */, 44100 /* iSampleRate */, 44100 /* oSampleRate */,
- 0x100 /* iFrameCount */, 0x100 /* oFrameCount */,
+ 0 /* session */, 1 /* ioHandle */, kSamplingFrequency /* iSampleRate */,
+ kSamplingFrequency /* oSampleRate */, kFrameCount /* iFrameCount */,
+ kFrameCount /* oFrameCount */,
AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout),
AudioChannelLayout::make<AudioChannelLayout::layoutMask>(mChannelLayout));
- IEffect::OpenEffectReturn ret;
- ASSERT_NO_FATAL_FAILURE(open(mEffect, common, specific, &ret, EX_NONE));
+ ASSERT_NO_FATAL_FAILURE(open(mEffect, common, specific, &mOpenEffectReturn, EX_NONE));
ASSERT_NE(nullptr, mEffect);
mEngineConfigApplied = mEngineConfigPreset;
}
@@ -113,6 +114,8 @@
// get set params and validate
void SetAndGetDynamicsProcessingParameters();
+ bool isAllParamsValid();
+
// enqueue test parameters
void addEngineConfig(const DynamicsProcessing::EngineArchitecture& cfg);
void addPreEqChannelConfig(const std::vector<DynamicsProcessing::ChannelConfig>& cfg);
@@ -126,9 +129,12 @@
static constexpr float kPreferredProcessingDurationMs = 10.0f;
static constexpr int kBandCount = 5;
+ static constexpr int kSamplingFrequency = 44100;
+ static constexpr int kFrameCount = 2048;
std::shared_ptr<IFactory> mFactory;
std::shared_ptr<IEffect> mEffect;
Descriptor mDescriptor;
+ IEffect::OpenEffectReturn mOpenEffectReturn;
DynamicsProcessing::EngineArchitecture mEngineConfigApplied;
DynamicsProcessing::EngineArchitecture mEngineConfigPreset{
.resolutionPreference =
@@ -148,12 +154,12 @@
static const std::set<DynamicsProcessing::StageEnablement> kStageEnablementTestSet;
static const std::set<std::vector<DynamicsProcessing::InputGain>> kInputGainTestSet;
- protected:
- int mChannelCount;
-
private:
- int32_t mChannelLayout;
+ const int32_t mChannelLayout;
std::vector<std::pair<DynamicsProcessing::Tag, DynamicsProcessing>> mTags;
+
+ protected:
+ const int mChannelCount;
void CleanUp() {
mTags.clear();
mPreEqChannelEnable.clear();
@@ -329,10 +335,7 @@
}
void DynamicsProcessingTestHelper::SetAndGetDynamicsProcessingParameters() {
- for (auto& it : mTags) {
- auto& tag = it.first;
- auto& dp = it.second;
-
+ for (const auto& [tag, dp] : mTags) {
// validate parameter
Descriptor desc;
ASSERT_STATUS(EX_NONE, mEffect->getDescriptor(&desc));
@@ -371,6 +374,22 @@
}
}
+bool DynamicsProcessingTestHelper::isAllParamsValid() {
+ if (mTags.empty()) {
+ return false;
+ }
+ for (const auto& [tag, dp] : mTags) {
+ // validate parameter
+ if (!isParamInRange(dp, mDescriptor.capability.range.get<Range::dynamicsProcessing>())) {
+ return false;
+ }
+ if (!isParamValid(tag, dp)) {
+ return false;
+ }
+ }
+ return true;
+}
+
void DynamicsProcessingTestHelper::addEngineConfig(
const DynamicsProcessing::EngineArchitecture& cfg) {
DynamicsProcessing dp;
@@ -446,6 +465,21 @@
mTags.push_back({DynamicsProcessing::inputGain, dp});
}
+void fillLimiterConfig(std::vector<DynamicsProcessing::LimiterConfig>& limiterConfigList,
+ int channelIndex, bool enable, int linkGroup, float attackTime,
+ float releaseTime, float ratio, float threshold, float postGain) {
+ DynamicsProcessing::LimiterConfig cfg;
+ cfg.channel = channelIndex;
+ cfg.enable = enable;
+ cfg.linkGroup = linkGroup;
+ cfg.attackTimeMs = attackTime;
+ cfg.releaseTimeMs = releaseTime;
+ cfg.ratio = ratio;
+ cfg.thresholdDb = threshold;
+ cfg.postGainDb = postGain;
+ limiterConfigList.push_back(cfg);
+}
+
/**
* Test DynamicsProcessing Engine Configuration
*/
@@ -486,7 +520,7 @@
TEST_P(DynamicsProcessingTestEngineArchitecture, SetAndGetEngineArch) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
@@ -527,7 +561,7 @@
public:
DynamicsProcessingTestInputGain()
: DynamicsProcessingTestHelper(std::get<INPUT_GAIN_INSTANCE_NAME>(GetParam())),
- mInputGain(std::get<INPUT_GAIN_PARAM>(GetParam())){};
+ mInputGain(std::get<INPUT_GAIN_PARAM>(GetParam())) {};
void SetUp() override { SetUpDynamicsProcessingEffect(); }
@@ -538,7 +572,7 @@
TEST_P(DynamicsProcessingTestInputGain, SetAndGetInputGain) {
EXPECT_NO_FATAL_FAILURE(addInputGain(mInputGain));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
@@ -565,40 +599,23 @@
enum LimiterConfigTestParamName {
LIMITER_INSTANCE_NAME,
LIMITER_CHANNEL,
- LIMITER_ENABLE,
LIMITER_LINK_GROUP,
- LIMITER_ADDITIONAL,
-};
-enum LimiterConfigTestAdditionalParam {
LIMITER_ATTACK_TIME,
LIMITER_RELEASE_TIME,
LIMITER_RATIO,
LIMITER_THRESHOLD,
LIMITER_POST_GAIN,
- LIMITER_MAX_NUM,
};
-using LimiterConfigTestAdditional = std::array<float, LIMITER_MAX_NUM>;
-// attackTime, releaseTime, ratio, thresh, postGain
-static constexpr std::array<LimiterConfigTestAdditional, 4> kLimiterConfigTestAdditionalParam = {
- {{-1, -60, -2.5, -2, -3.14},
- {-1, 60, -2.5, 2, -3.14},
- {1, -60, 2.5, -2, 3.14},
- {1, 60, 2.5, -2, 3.14}}};
using LimiterConfigTestParams = std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>,
- int32_t, bool, int32_t, LimiterConfigTestAdditional>;
+ int32_t, int32_t, float, float, float, float, float>;
-void fillLimiterConfig(DynamicsProcessing::LimiterConfig& cfg,
+void fillLimiterConfig(std::vector<DynamicsProcessing::LimiterConfig>& cfg,
const LimiterConfigTestParams& params) {
- const std::array<float, LIMITER_MAX_NUM> additional = std::get<LIMITER_ADDITIONAL>(params);
- cfg.channel = std::get<LIMITER_CHANNEL>(params);
- cfg.enable = std::get<LIMITER_ENABLE>(params);
- cfg.linkGroup = std::get<LIMITER_LINK_GROUP>(params);
- cfg.attackTimeMs = additional[LIMITER_ATTACK_TIME];
- cfg.releaseTimeMs = additional[LIMITER_RELEASE_TIME];
- cfg.ratio = additional[LIMITER_RATIO];
- cfg.thresholdDb = additional[LIMITER_THRESHOLD];
- cfg.postGainDb = additional[LIMITER_POST_GAIN];
+ fillLimiterConfig(cfg, std::get<LIMITER_CHANNEL>(params), true,
+ std::get<LIMITER_LINK_GROUP>(params), std::get<LIMITER_ATTACK_TIME>(params),
+ std::get<LIMITER_RELEASE_TIME>(params), std::get<LIMITER_RATIO>(params),
+ std::get<LIMITER_THRESHOLD>(params), std::get<LIMITER_POST_GAIN>(params));
}
class DynamicsProcessingTestLimiterConfig
@@ -607,7 +624,7 @@
public:
DynamicsProcessingTestLimiterConfig()
: DynamicsProcessingTestHelper(std::get<LIMITER_INSTANCE_NAME>(GetParam())) {
- fillLimiterConfig(mCfg, GetParam());
+ fillLimiterConfig(mLimiterConfigList, GetParam());
}
void SetUp() override { SetUpDynamicsProcessingEffect(); }
@@ -615,36 +632,193 @@
void TearDown() override { TearDownDynamicsProcessingEffect(); }
DynamicsProcessing::LimiterConfig mCfg;
+ std::vector<DynamicsProcessing::LimiterConfig> mLimiterConfigList;
};
TEST_P(DynamicsProcessingTestLimiterConfig, SetAndGetLimiterConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
- EXPECT_NO_FATAL_FAILURE(addLimiterConfig({mCfg}));
- SetAndGetDynamicsProcessingParameters();
+ EXPECT_NO_FATAL_FAILURE(addLimiterConfig(mLimiterConfigList));
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
DynamicsProcessingTest, DynamicsProcessingTestLimiterConfig,
::testing::Combine(testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
- testing::Values(-1, 0, 1, 2), // channel count
- testing::Bool(), // enable
- testing::Values(3), // link group
- testing::ValuesIn(kLimiterConfigTestAdditionalParam)), // Additional
+ testing::Values(-1, 0, 1, 2), // channel index
+ testing::Values(3), // link group
+ testing::Values(-1, 1), // attackTime
+ testing::Values(-60, 60), // releaseTime
+ testing::Values(-2.5, 2.5), // ratio
+ testing::Values(-2, 2), // thresh
+ testing::Values(-3.14, 3.14) // postGain
+ ),
[](const auto& info) {
auto descriptor = std::get<LIMITER_INSTANCE_NAME>(info.param).second;
- DynamicsProcessing::LimiterConfig cfg;
+ std::vector<DynamicsProcessing::LimiterConfig> cfg;
fillLimiterConfig(cfg, info.param);
- std::string name = "Implementor_" + descriptor.common.implementor + "_name_" +
- descriptor.common.name + "_UUID_" +
- toString(descriptor.common.id.uuid) + "_limiterConfig_" +
- cfg.toString();
+ std::string name =
+ "Implementer_" + getPrefix(descriptor) + "_limiterConfig_" + cfg[0].toString();
std::replace_if(
name.begin(), name.end(), [](const char c) { return !std::isalnum(c); }, '_');
return name;
});
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(DynamicsProcessingTestLimiterConfig);
+using LimiterConfigDataTestParams = std::pair<std::shared_ptr<IFactory>, Descriptor>;
+
+class DynamicsProcessingLimiterConfigDataTest
+ : public ::testing::TestWithParam<LimiterConfigDataTestParams>,
+ public DynamicsProcessingTestHelper {
+ public:
+ DynamicsProcessingLimiterConfigDataTest()
+ : DynamicsProcessingTestHelper(GetParam(), AudioChannelLayout::LAYOUT_MONO) {
+ mBufferSize = kFrameCount * mChannelCount;
+ mInput.resize(mBufferSize);
+ generateSineWave(1000 /*Input Frequency*/, mInput);
+ mInputDb = calculateDb(mInput);
+ }
+
+ void SetUp() override {
+ SetUpDynamicsProcessingEffect();
+ SKIP_TEST_IF_DATA_UNSUPPORTED(mDescriptor.common.flags);
+ }
+
+ void TearDown() override { TearDownDynamicsProcessingEffect(); }
+
+ float calculateDb(std::vector<float> input, size_t start = 0) {
+ return audio_utils_compute_power_mono(input.data() + start, AUDIO_FORMAT_PCM_FLOAT,
+ input.size() - start);
+ }
+
+ void computeThreshold(float ratio, float outputDb, float& threshold) {
+ EXPECT_NE(ratio, 0);
+ threshold = (mInputDb - (ratio * outputDb)) / (1 - ratio);
+ }
+
+ void computeRatio(float threshold, float outputDb, float& ratio) {
+ float inputOverThreshold = mInputDb - threshold;
+ float outputOverThreshold = outputDb - threshold;
+ EXPECT_NE(outputOverThreshold, 0);
+ ratio = inputOverThreshold / outputOverThreshold;
+ }
+
+ void setParamsAndProcess(std::vector<float>& output) {
+ EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
+ EXPECT_NO_FATAL_FAILURE(addLimiterConfig(mLimiterConfigList));
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
+ if (isAllParamsValid()) {
+ ASSERT_NO_FATAL_FAILURE(
+ processAndWriteToOutput(mInput, output, mEffect, &mOpenEffectReturn));
+ EXPECT_GT(output.size(), kStartIndex);
+ }
+ cleanUpLimiterConfig();
+ }
+
+ void cleanUpLimiterConfig() {
+ CleanUp();
+ mLimiterConfigList.clear();
+ }
+ static constexpr float kDefaultLinkerGroup = 3;
+ static constexpr float kDefaultAttackTime = 0;
+ static constexpr float kDefaultReleaseTime = 0;
+ static constexpr float kDefaultRatio = 4;
+ static constexpr float kDefaultThreshold = 0;
+ static constexpr float kDefaultPostGain = 0;
+ static constexpr int kInputFrequency = 1000;
+ static constexpr size_t kStartIndex = 15 * kSamplingFrequency / 1000; // skip 15ms
+ std::vector<DynamicsProcessing::LimiterConfig> mLimiterConfigList;
+ std::vector<float> mInput;
+ float mInputDb;
+ int mBufferSize;
+};
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, IncreasingThresholdDb) {
+ std::vector<float> thresholdValues = {-200, -150, -100, -50, -5, 0};
+ std::vector<float> output(mInput.size());
+ float previousThreshold = -FLT_MAX;
+ for (float threshold : thresholdValues) {
+ for (int i = 0; i < mChannelCount; i++) {
+ fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
+ kDefaultReleaseTime, kDefaultRatio, threshold, kDefaultPostGain);
+ }
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+ if (threshold >= mInputDb || kDefaultRatio == 1) {
+ EXPECT_EQ(std::round(mInputDb), std::round(outputDb));
+ } else {
+ float calculatedThreshold = 0;
+ EXPECT_NO_FATAL_FAILURE(computeThreshold(kDefaultRatio, outputDb, calculatedThreshold));
+ ASSERT_GT(calculatedThreshold, previousThreshold);
+ previousThreshold = calculatedThreshold;
+ }
+ }
+}
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, IncreasingRatio) {
+ std::vector<float> ratioValues = {1, 10, 20, 30, 40, 50};
+ std::vector<float> output(mInput.size());
+ float threshold = -10;
+ float previousRatio = 0;
+ for (float ratio : ratioValues) {
+ for (int i = 0; i < mChannelCount; i++) {
+ fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
+ kDefaultReleaseTime, ratio, threshold, kDefaultPostGain);
+ }
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+
+ if (threshold >= mInputDb) {
+ EXPECT_EQ(std::round(mInputDb), std::round(outputDb));
+ } else {
+ float calculatedRatio = 0;
+ EXPECT_NO_FATAL_FAILURE(computeRatio(threshold, outputDb, calculatedRatio));
+ ASSERT_GT(calculatedRatio, previousRatio);
+ previousRatio = calculatedRatio;
+ }
+ }
+}
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, LimiterEnableDisable) {
+ std::vector<bool> limiterEnableValues = {false, true};
+ std::vector<float> output(mInput.size());
+ for (bool isEnabled : limiterEnableValues) {
+ for (int i = 0; i < mChannelCount; i++) {
+ // Set non-default values
+ fillLimiterConfig(mLimiterConfigList, i, isEnabled, kDefaultLinkerGroup,
+ 5 /*attack time*/, 5 /*release time*/, 10 /*ratio*/,
+ -10 /*threshold*/, 5 /*postgain*/);
+ }
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ if (isEnabled) {
+ EXPECT_NE(mInputDb, calculateDb(output, kStartIndex));
+ } else {
+ EXPECT_NEAR(mInputDb, calculateDb(output, kStartIndex), 0.05);
+ }
+ }
+}
+
+INSTANTIATE_TEST_SUITE_P(DynamicsProcessingTest, DynamicsProcessingLimiterConfigDataTest,
+ testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
+ IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
+ [](const auto& info) {
+ auto descriptor = info.param;
+ std::string name = getPrefix(descriptor.second);
+ std::replace_if(
+ name.begin(), name.end(),
+ [](const char c) { return !std::isalnum(c); }, '_');
+ return name;
+ });
+
/**
* Test DynamicsProcessing ChannelConfig
*/
@@ -673,19 +847,19 @@
TEST_P(DynamicsProcessingTestChannelConfig, SetAndGetPreEqChannelConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addPreEqChannelConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
TEST_P(DynamicsProcessingTestChannelConfig, SetAndGetPostEqChannelConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addPostEqChannelConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
TEST_P(DynamicsProcessingTestChannelConfig, SetAndGetMbcChannelConfig) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addMbcChannelConfig(mCfg));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
@@ -715,12 +889,11 @@
enum EqBandConfigTestParamName {
EQ_BAND_INSTANCE_NAME,
EQ_BAND_CHANNEL,
- EQ_BAND_ENABLE,
EQ_BAND_CUT_OFF_FREQ,
EQ_BAND_GAIN
};
using EqBandConfigTestParams = std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>, int32_t,
- bool, std::vector<std::pair<int, float>>, float>;
+ std::vector<std::pair<int, float>>, float>;
void fillEqBandConfig(std::vector<DynamicsProcessing::EqBandConfig>& cfgs,
const EqBandConfigTestParams& params) {
@@ -730,7 +903,7 @@
for (int i = 0; i < bandCount; i++) {
cfgs[i].channel = std::get<EQ_BAND_CHANNEL>(params);
cfgs[i].band = cutOffFreqs[i].first;
- cfgs[i].enable = std::get<EQ_BAND_ENABLE>(params);
+ cfgs[i].enable = true /*Eqband Enable*/;
cfgs[i].cutoffFrequencyHz = cutOffFreqs[i].second;
cfgs[i].gainDb = std::get<EQ_BAND_GAIN>(params);
}
@@ -761,7 +934,7 @@
}
EXPECT_NO_FATAL_FAILURE(addPreEqChannelConfig(cfgs));
EXPECT_NO_FATAL_FAILURE(addPreEqBandConfigs(mCfgs));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
TEST_P(DynamicsProcessingTestEqBandConfig, SetAndGetPostEqBandConfig) {
@@ -774,7 +947,7 @@
}
EXPECT_NO_FATAL_FAILURE(addPostEqChannelConfig(cfgs));
EXPECT_NO_FATAL_FAILURE(addPostEqBandConfigs(mCfgs));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
std::vector<std::vector<std::pair<int, float>>> kBands{
@@ -825,9 +998,8 @@
DynamicsProcessingTest, DynamicsProcessingTestEqBandConfig,
::testing::Combine(testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
- testing::Values(-1, 0, 10), // channel ID
- testing::Bool(), // band enable
- testing::ValuesIn(kBands), // cut off frequencies
+ testing::Values(-1, 0, 10), // channel index
+ testing::ValuesIn(kBands), // band index, cut off frequencies
testing::Values(-3.14f, 3.14f) // gain
),
[](const auto& info) {
@@ -851,7 +1023,6 @@
enum MbcBandConfigParamName {
MBC_BAND_INSTANCE_NAME,
MBC_BAND_CHANNEL,
- MBC_BAND_ENABLE,
MBC_BAND_CUTOFF_FREQ,
MBC_BAND_ADDITIONAL
};
@@ -877,7 +1048,7 @@
{3, 10, 2, -2, -5, 90, 2.5, 2, 2}}};
using TestParamsMbcBandConfig =
- std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>, int32_t, bool,
+ std::tuple<std::pair<std::shared_ptr<IFactory>, Descriptor>, int32_t,
std::vector<std::pair<int, float>>, TestParamsMbcBandConfigAdditional>;
void fillMbcBandConfig(std::vector<DynamicsProcessing::MbcBandConfig>& cfgs,
@@ -890,7 +1061,7 @@
cfgs[i] = DynamicsProcessing::MbcBandConfig{
.channel = std::get<MBC_BAND_CHANNEL>(params),
.band = cutOffFreqs[i].first,
- .enable = std::get<MBC_BAND_ENABLE>(params),
+ .enable = true /*Mbc Band Enable*/,
.cutoffFrequencyHz = cutOffFreqs[i].second,
.attackTimeMs = additional[MBC_ADD_ATTACK_TIME],
.releaseTimeMs = additional[MBC_ADD_RELEASE_TIME],
@@ -930,16 +1101,15 @@
}
EXPECT_NO_FATAL_FAILURE(addMbcChannelConfig(cfgs));
EXPECT_NO_FATAL_FAILURE(addMbcBandConfigs(mCfgs));
- SetAndGetDynamicsProcessingParameters();
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
}
INSTANTIATE_TEST_SUITE_P(
DynamicsProcessingTest, DynamicsProcessingTestMbcBandConfig,
::testing::Combine(testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
- testing::Values(-1, 0, 10), // channel count
- testing::Bool(), // enable
- testing::ValuesIn(kBands), // cut off frequencies
+ testing::Values(-1, 0, 10), // channel index
+ testing::ValuesIn(kBands), // band index, cut off frequencies
testing::ValuesIn(kMbcBandConfigAdditionalParam)), // Additional
[](const auto& info) {
auto descriptor = std::get<MBC_BAND_INSTANCE_NAME>(info.param).second;
diff --git a/common/aidl/Android.bp b/common/aidl/Android.bp
index 904a3d9..0ce52e7 100644
--- a/common/aidl/Android.bp
+++ b/common/aidl/Android.bp
@@ -26,7 +26,7 @@
],
},
cpp: {
- enabled: false,
+ enabled: true,
},
ndk: {
apex_available: [
diff --git a/common/fmq/aidl/Android.bp b/common/fmq/aidl/Android.bp
index 4a3658e..7fb6368 100644
--- a/common/fmq/aidl/Android.bp
+++ b/common/fmq/aidl/Android.bp
@@ -28,9 +28,8 @@
sdk_version: "module_current",
},
cpp: {
- // FMQ will not be supported in the cpp backend because the parcelables
- // are not stable enough for use in shared memory
- enabled: false,
+ // FMQ is only supported for PODs with the cpp backend
+ enabled: true,
},
ndk: {
apex_available: [
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index b7d1e76..79dd0bb 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -166,6 +166,8 @@
"android.hardware.audio.core.sounddose@1",
"android.hardware.audio.core.sounddose@2",
"android.hardware.audio.core.sounddose@3",
+ // This is only used by a trusty VM
+ "android.hardware.security.see.authmgr@1",
// Deprecated HALs.
"android.hardware.audio.sounddose@3",
diff --git a/drm/aidl/vts/drm_hal_common.cpp b/drm/aidl/vts/drm_hal_common.cpp
index f0445a5..3636250 100644
--- a/drm/aidl/vts/drm_hal_common.cpp
+++ b/drm/aidl/vts/drm_hal_common.cpp
@@ -27,6 +27,7 @@
#include <android/binder_process.h>
#include <android/sharedmem.h>
#include <cutils/native_handle.h>
+#include <cutils/properties.h>
#include "drm_hal_clearkey_module.h"
#include "drm_hal_common.h"
@@ -193,6 +194,13 @@
GTEST_SKIP() << "No vendor module installed";
}
+ char bootloader_state[PROPERTY_VALUE_MAX] = {};
+ if (property_get("ro.boot.vbmeta.device_state", bootloader_state, "") != 0) {
+ if (!strcmp(bootloader_state, "unlocked")) {
+ GTEST_SKIP() << "Skip test because bootloader is unlocked";
+ }
+ }
+
if (drmInstance.find("IDrmFactory") != std::string::npos) {
drmFactory = IDrmFactory::fromBinder(
::ndk::SpAIBinder(AServiceManager_waitForService(drmInstance.c_str())));
diff --git a/security/see/authmgr/aidl/Android.bp b/security/see/authmgr/aidl/Android.bp
new file mode 100644
index 0000000..a32d4e9
--- /dev/null
+++ b/security/see/authmgr/aidl/Android.bp
@@ -0,0 +1,57 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.security.see.authmgr",
+ vendor_available: true,
+ srcs: [
+ "android/hardware/security/see/authmgr/*.aidl",
+ ],
+ stability: "vintf",
+ frozen: false,
+ backend: {
+ java: {
+ platform_apis: true,
+ },
+ ndk: {
+ enabled: true,
+ },
+ rust: {
+ enabled: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.virt",
+ ],
+ },
+ },
+}
+
+// A rust_defaults that includes the latest authmgr AIDL library.
+// Modules that depend on authmgr directly can include this rust_defaults to avoid
+// managing dependency versions explicitly.
+rust_defaults {
+ name: "authmgr_use_latest_hal_aidl_rust",
+ rustlibs: [
+ "android.hardware.security.see.authmgr-V1-rust",
+ ],
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
new file mode 100644
index 0000000..b775f95
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DiceChainEntry {
+ byte[] diceChainEntry;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
new file mode 100644
index 0000000..0f61900
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DiceLeafArtifacts {
+ android.hardware.security.see.authmgr.DiceChainEntry diceLeaf;
+ android.hardware.security.see.authmgr.DicePolicy diceLeafPolicy;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
new file mode 100644
index 0000000..f434c3c
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DicePolicy {
+ byte[] dicePolicy;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
new file mode 100644
index 0000000..9e6a501
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@Backing(type="int") @VintfStability
+enum Error {
+ OK = 0,
+ AUTHENTICATION_ALREADY_STARTED = (-1) /* -1 */,
+ INSTANCE_ALREADY_AUTHENTICATED = (-2) /* -2 */,
+ INVALID_DICE_CERT_CHAIN = (-3) /* -3 */,
+ INVALID_DICE_LEAF = (-4) /* -4 */,
+ INVALID_DICE_POLICY = (-5) /* -5 */,
+ DICE_POLICY_MATCHING_FAILED = (-6) /* -6 */,
+ SIGNATURE_VERIFICATION_FAILED = (-7) /* -7 */,
+ CONNECTION_HANDOVER_FAILED = (-8) /* -8 */,
+ CONNECTION_NOT_AUTHENTICATED = (-9) /* -9 */,
+ NO_CONNECTION_TO_AUTHORIZE = (-10) /* -10 */,
+ INVALID_INSTANCE_IDENTIFIER = (-11) /* -11 */,
+ MEMORY_ALLOCATION_FAILED = (-12) /* -12 */,
+ INSTANCE_PENDING_DELETION = (-13) /* -13 */,
+ CLIENT_PENDING_DELETION = (-14) /* -14 */,
+ AUTHENTICATION_NOT_STARTED = (-15) /* -15 */,
+ INSTANCE_CONTEXT_CREATION_DENIED = (-16) /* -16 */,
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
new file mode 100644
index 0000000..18d90eb
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable ExplicitKeyDiceCertChain {
+ byte[] diceCertChain;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
new file mode 100644
index 0000000..a120b49
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@VintfStability
+interface IAuthMgrAuthorization {
+ byte[32] initAuthentication(in android.hardware.security.see.authmgr.ExplicitKeyDiceCertChain diceCertChain, in @nullable byte[] instanceIdentifier);
+ void completeAuthentication(in android.hardware.security.see.authmgr.SignedConnectionRequest signedConnectionRequest, in android.hardware.security.see.authmgr.DicePolicy dicePolicy);
+ void authorizeAndConnectClientToTrustedService(in byte[] clientID, String serviceName, in byte[32] token, in android.hardware.security.see.authmgr.DiceLeafArtifacts clientDiceArtifacts);
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
new file mode 100644
index 0000000..46d8373
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable SignedConnectionRequest {
+ byte[] signedConnectionRequest;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl
new file mode 100644
index 0000000..3b4a35b
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * A CBOR encoded DICE certificate.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DiceChainEntry {
+ /**
+ * Data is CBOR encoded according to the `DiceChainEntry` CDDL in
+ * hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/
+ * generateCertificateRequestV2.cddl
+ */
+ byte[] diceChainEntry;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
new file mode 100644
index 0000000..333096f
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+import android.hardware.security.see.authmgr.DiceChainEntry;
+import android.hardware.security.see.authmgr.DicePolicy;
+
+/**
+ * This contains the DICE certificate and the DICE policy created for the client by the AuthMgr FE.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DiceLeafArtifacts {
+ DiceChainEntry diceLeaf;
+ DicePolicy diceLeafPolicy;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl
new file mode 100644
index 0000000..4b55330
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * DICE policy - CBOR encoded according to DicePolicy.cddl.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DicePolicy {
+ /**
+ * Data is CBOR encoded according to the `DicePolicy` CDDL in
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * DicePolicy.cddl
+ */
+ byte[] dicePolicy;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl
new file mode 100644
index 0000000..f7c3592
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * AuthMgr error codes. Aidl will return these error codes as service specific errors in
+ * EX_SERVICE_SPECIFIC.
+ */
+@VintfStability
+@Backing(type="int")
+enum Error {
+ /** Success */
+ OK = 0,
+
+ /** Duplicated attempt to start authentication from the same transport ID */
+ AUTHENTICATION_ALREADY_STARTED = -1,
+
+ /** Duplicated authenticated attempt with the same instance ID */
+ INSTANCE_ALREADY_AUTHENTICATED = -2,
+
+ /** Invalid DICE certificate chain of the AuthMgr FE */
+ INVALID_DICE_CERT_CHAIN = -3,
+
+ /** Invalid DICE leaf of the client */
+ INVALID_DICE_LEAF = -4,
+
+ /** Invalid DICE policy */
+ INVALID_DICE_POLICY = -5,
+
+ /** The DICE chain to policy matching failed */
+ DICE_POLICY_MATCHING_FAILED = -6,
+
+ /** Invalid signature */
+ SIGNATURE_VERIFICATION_FAILED = -7,
+
+ /** Failed to handover the connection to the trusted service */
+ CONNECTION_HANDOVER_FAILED = -8,
+
+ /**
+ * An authentication required request (e.g. phase 2) is invoked on a non-authenticated
+ * connection
+ */
+ CONNECTION_NOT_AUTHENTICATED = -9,
+
+ /** There is no pending connection with a matching token to authorize in phase 2 */
+ NO_CONNECTION_TO_AUTHORIZE = -10,
+
+ /** Invalid instance identifier */
+ INVALID_INSTANCE_IDENTIFIER = -11,
+
+ /** Failed to allocate memory */
+ MEMORY_ALLOCATION_FAILED = -12,
+
+ /** An instance which is pending deletion is trying to authenticate */
+ INSTANCE_PENDING_DELETION = -13,
+
+ /** A client which is pending deletion is trying to authorize */
+ CLIENT_PENDING_DELETION = -14,
+
+ /** Trying to complete authentication for an instance for which authentication is not started */
+ AUTHENTICATION_NOT_STARTED = -15,
+
+ /** Creation of the pVM instance's context in the secure storage is not allowed */
+ INSTANCE_CONTEXT_CREATION_DENIED = -16,
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
new file mode 100644
index 0000000..de23530
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * DICE certificate chain - CBOR encoded according to ExplicitKeyDiceCertChain.cddl.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable ExplicitKeyDiceCertChain {
+ /**
+ * Data is CBOR encoded according to the `ExplicitKeyDiceCertChain` CDDL in
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * ExplicitKeyDiceCertChain.cddl
+ */
+ byte[] diceCertChain;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
new file mode 100644
index 0000000..43c3bde
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
@@ -0,0 +1,276 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+import android.hardware.security.see.authmgr.DiceLeafArtifacts;
+import android.hardware.security.see.authmgr.DicePolicy;
+import android.hardware.security.see.authmgr.ExplicitKeyDiceCertChain;
+import android.hardware.security.see.authmgr.SignedConnectionRequest;
+
+/**
+ * This is the interface to be implemented by an AuthMgr backend component (AuthMgr BE), in order to
+ * allow the AuthMgr frontend component (AuthMgr FE) in a pVM instance to authenticate itself and
+ * to authorize one or more clients in the pVM instance, in order to let the clients access
+ * trusted services in the Trusted Execution Environment (TEE).
+ *
+ * The following assumptions must be true for the underlying IPC mechanism and the transport layer:
+ * 1. Both parties should be able to retrieve a non-spoofable identifier of the other party from
+ * the transport layer (a.k.a transport ID or vM ID), which stays the same throughout a given
+ * boot cycle of a pVM instance. This is important to prevent person-in-the-middle (PITM)
+ * attacks and to authorize a new connection from a pVM instance based on an already
+ * authenicated connection from the same pVM instance.
+ *
+ * 2. Each of AuthMgr FE and the AuthMgr BE should be able to hand over a connection that is
+ * setup between them to another party so that such connection can be used for communication
+ * between the two new parties subsequently. This is important to be able to handover an
+ * authorized connection established between the AuthMgr FE and the AuthMgr BE to a client in
+ * in a pVM instance and a trusted service in TEE respectively.
+ *
+ * 3. This API should be exposed over an IPC mechanism that supports statefull connections. This
+ * is important for the AuthMgr FE to setup an authenicated connection once per boot cycle
+ * and reuse it to authorize multiple client connections afterwards, if needed.
+ *
+ * 4. AuthMgr FE has a mechanism for discovering and establishing a connection to the trusted
+ * AuthMgr BE. Based on this assumptionson, mutual authentication is not covered by this
+ * API.
+ *
+ * The AuthMgr authorization protocol consists of two phases:
+ * 1. Phase 1 authenticates the AuthMgr FE to the AuthMgr BE via the first two methods of this
+ * API: `initAuthentication` and `completeAuthentication`. At the end of the successful
+ * excecution of phase 1, the AuthMgr FE and the AuthMgr BE have an authenticated connection
+ * established between them. Phase 1 also enforces rollback protection on AuthMgr FE in
+ * addition to authentication.
+ *
+ * Authentication is performed by verifying the AuthMgr FE's signature on the challenge
+ * issued by the AuthMgr BE. The public signing key of the AuthMgr FE is obtained from the
+ * validated DICE certificate chain for verifying the signature. Rollback protection is
+ * enforced by matching the DICE certificate chain against the stored DICE policy.
+ * AuthMgr FE uses this authenticated connection throughout the boot cycle of the pVM to send
+ * phase 2 requests to the AuthMgr BE. Therefore, phase 1 needs to be executed only once per
+ * boot cycle of the pVM. AuthMgr BE should take measures to prevent any duplicate
+ * authentication attempts from the same instance or from any impersonating instances.
+ *
+ * 2. Phase 2 authorizes a client in the pVM to access trusted service(s) in the TEE and
+ * establishes a new connection between the client and the trusted service based on the trust
+ * in the authenticated connection established in phase 1. The client and the trusted service
+ * can communicate independently from the AuthMgr(s) after the successful execution of
+ * phase 2 of the authorization protocol.
+ *
+ * The AuthMgr FE first opens a new vsock connection to the AuthMgr BE and sends a one-time
+ * token over that connection. The AuthMgr FE then invokes the third method of this API
+ * (`authorizeAndConnectClientToTrustedService`) on the authenticated connection established
+ * with the AuthMgr BE in phase 1. Rollback protection is enforced on the client by matching
+ * the client's DICE certificate against the stored DICE policy. The new connection is
+ * authorized by matching the token sent over the new connection and the token sent over the
+ * authenicated connection.
+ *
+ * AuthMgr BE should make sure that "use-after-destroy" threats are prevented in the implementation
+ * of this authorization protocol. This means that even if a client/pVM instance is created with the
+ * same identifier(s) of a deleted client/pVM instance, the new client should not be able to access
+ * the deleted client's secrets/resources created in the trusted services. The following
+ * requirements should be addressed in order to ensure this:
+ * 1) Each client should be identified by a unique identifier at the AuthMgr BE. The uniqueness
+ * should be guaranteed across factory resets.
+ * 2) The client's unique identifier should be used when constructing the file path to store the
+ * client's context, including the client's DICE policy, in the AuthMgr BE's secure storage.
+ * 3) The client's unique identifier should be conveyed to the trusted service(s) that the client
+ * accesses, when an authorized connection is setup between the client and the trusted service in
+ * phase 2. The trusted service(s) should mix in this unique client identifier when providing the
+ * critical services to the clients (e.g. deriving HW-backed keys by the HWCrypto service,
+ * storing data by the SecureStorage service).
+ *
+ * An example approach to build a unique identifier for a client is as follows:
+ * The AuthMgr BE stores a `global sequence number` in the secure storage that does not get
+ * wiped upon factory reset. Everytime the AuthMgr BE sees a new instance or a client, it assigns
+ * the current `global sequence number` as the unique sequence number of the instance or the client
+ * and increments the `global sequence number`.
+ */
+@VintfStability
+interface IAuthMgrAuthorization {
+ /**
+ * AuthMgr FE initiates the challenge-response protocol with the AuthMgr BE in order to
+ * authenticate the AuthMgr FE to the AuthMgr BE. AuthMgr BE creates and returns a challenge
+ * (a cryptographic random of 32 bytes) to the AuthMgr FE.
+ *
+ * The AuthMgr BE extracts the instance identifier from the DICE certificate chain of the
+ * AuthMgr FE (given in the input: `diceCertChain`). If the instance identifier is not included
+ * in the DICE certificate chain, then it should be sent in the optional
+ * input: `instanceIdentifier`. The instance identifier is used by the AuthMgr BE in this step
+ * to detect and reject any duplicate authentication attempts.
+ * The instance identifier is used in step 2 to build the file path in the secure storage to
+ * store the instance's context.
+ *
+ * If authentication is already started (but not completed) from the same transport ID, return
+ * the error code `AUTHENTICATION_ALREADY_STARTED`.
+ *
+ * @param diceCertChain - DICE certificate chain of the AuthMgr FE.
+ *
+ * @param instanceIdentifier - optional parameter to send the instance identifier, if it is not
+ * included in the DICE certificate chain
+ *
+ * @return challenge to be included in the signed response sent by the AuthMgr FE in
+ * `completeAuthentication`
+ *
+ * @throws ServiceSpecificException:
+ * Error::INSTANCE_ALREADY_AUTHENTICATED - when a pVM instance with the same
+ * `instanceIdentifier` or the same transport id has already been authenticated.
+ * Error::AUTHENTICATION_ALREADY_STARTED - when a pVM instance with the same
+ * the same transport id has already started authentication
+ */
+ byte[32] initAuthentication(in ExplicitKeyDiceCertChain diceCertChain,
+ in @nullable byte[] instanceIdentifier);
+
+ /**
+ * AuthMgr FE invokes this method to complete phase 1 of the authorization protocol. The AuthMgr
+ * BE verifies the signature in `signedConnectionRequest` with the public signing key of the
+ * AuthMgr FE obtained from the DICE certificate chain.
+ *
+ * As per the CDDL for `SignedConnectionRequest` in SignedConnectionRequest.cddl, the AuthMgr FE
+ * includes the challenge sent by the AuthMgr BE and the unique transport IDs of the AuthMgr FE
+ * and AuthMgr BE in the signed response. This is to prevent replay attacks in the presence of
+ * more than one AuthMgr BE, where one AuthMgr BE may impersonate a pVM instance/AuthMgr FE to
+ * another AuthMgr BE. Both transport IDs are included for completeness, although it is
+ * sufficient to include either of them for the purpose of preventing such attacks.
+ *
+ * AuthMgr BE validates the DICE certificate chain by verifying all the signatures in the chain
+ * and by checking wither the root public key is trusted.
+ *
+ * The AuthMgr BE matches the DICE certificate chain of the AuthMgr FE to the DICE policy given
+ * in the input: `dicePolicy`. If this is the first invocation of this method during the
+ * lifetime of the AuthMgr FE, the AuthMgr BE stores the DICE policy in the secure storage as
+ * part of the pVM instance's context, upon successful matching of DICE chain to the policy.
+ * The file path for the storage of the pVM context is constructed using the instance
+ * identifier. Note that the creation of a pVM instance's context in the secure storage is
+ * allowed only during the factory, for the first version of this API. In the future, we expect
+ * to allow the creation of a pVM instance's context in the secure storage even after the device
+ * leaves the factory, based on hard-coded DICE policies and/or via a separate
+ * `IAuthMgrInstanceContextMaintenance` API.
+ *
+ * In the subsequent invocations of this method, the AuthMgr BE matches the given DICE chain
+ * to the stored DICE policy in order to enforce rollback protection. If that succeeds and if
+ * the given DICE poliy is different from the stored DICE policy, the AuthMgr BE replaces the
+ * stored DICE policy with the given DICE policy.
+ *
+ * Upon successful execution of this method, the AuthMgr BE should store some state associated
+ * with the connection, in order to distinguish authenicated connections from any
+ * non-authenticated connections. The state associated with the connection may cache certain
+ * artifacts such as instance identifier, instance sequence number, transport ID, DICE chain
+ * and DICE policy of the AuthMgr FE, so that they can be reused when serving phase 2 requests.
+ * The requests for phase 2 of the authorization protocol are allowed only on authenticated
+ * connections.
+ *
+ * @param signedConnectionRequest - signature from AuthMgr FE (CBOR encoded according to
+ * SignedConnectionRequest.cddl)
+ *
+ * @param dicePolicy - DICE policy of the AuthMgr FE
+ *
+ * @throws ServiceSpecificException:
+ * Error::AUTHENTICATION_NOT_STARTED - when the authentication process has not been
+ * started for the pVM instance.
+ * Error::INSTANCE_ALREADY_AUTHENTICATED - when a pVM instance with the same
+ * `instanceIdentifier` or the same transport id has already been authenticated.
+ * Error::SIGNATURE_VERIFICATION_FAILED - when the signature verification fails.
+ * Error::INVALID_DICE_CERT_CHAIN - when the DICE certificate chain validation fails.
+ * Error::DICE_POLICY_MATCHING_FAILED - when the DICE certificate chain to DICE policy
+ * matching fails for the pVM instance.
+ * Error::INSTANCE_CONTEXT_CREATION_DENIED - when the creation of the pVM instances's
+ * context in the AuthMgr BE is not allowed.
+ * Error::INSTANCE_PENDING_DELETION - when a pVM that is being deleted is trying to
+ * authenticate.
+ *
+ */
+ void completeAuthentication(
+ in SignedConnectionRequest signedConnectionRequest, in DicePolicy dicePolicy);
+
+ /**
+ * When the AuthMgr FE receives a request from a client to access a trusted service, the
+ * AuthMgr FE first creates a new (out-of-band) connection with the AuthMgr BE and sends a
+ * one-time cryptographic token of 32 bytes over that new connection.
+ *
+ * The AuthMgr FE then invokes this method on the authenticated connection established with the
+ * AuthMgr BE in phase 1. When this method is invoked, the AuthMgr BE checks whether the
+ * underlying connection of this method call is already authenticated.
+ *
+ * The AuthMgr FE acts as the DICE manager for all the clients in the pVM and generates the DICE
+ * leaf certificate and the DICE leaf policy for the client, which are sent in the input:
+ * `clientDiceArtifacts`.
+ *
+ * The AuthMgr BE matches the client's DICE leaf certificate to the client's DICE policy.
+ * If this is the first invocation of this method in the lifetime of the client, the AuthMgr BE
+ * stores the client's DICE policy in the secure storage as part of the client's context, upon
+ * successful matching of the DICE certificate to the policy. The file path for the storage of
+ * the client's context should be constructed using the unique id assigned to the pVM instance
+ * by the AuthMgr BE (e.g. instance sequence number) and the client ID. There is no use
+ * case for deleting a client context or a pVM context created in the secure storage, for the
+ * first version of this API, outside of the factory reset. In the future, we expect to
+ * expose APIs for those tasks.
+ *
+ * In the subsequent invocations of this method, the AuthMgr BE matches the given DICE leaf
+ * certificate to the stored DICE policy in order to enforce rollback protection. If that
+ * succeeds and if the given DICE policy is different from the stored DICE policy, the AuthMgr
+ * BE replaces the stored DICE policy with the given DICE policy.
+ *
+ * If the same client requests multiple trusted services or connects to the same trusted service
+ * multiple times during the same boot cycle of the pVM instance, it is recommended to validate
+ * the client's DICE artifacts only once for a given client as an optimization.
+ *
+ * The AuthMgr BE keeps track of the aforementioned new connections that are pending
+ * authorization along with the tokens sent over them and the transport ID of the pVM instance
+ * which created those connections.
+ *
+ * The AuthMgr FE sends the same token that was sent over an aforementioned new connection
+ * in the input: `token` of this method call, in order to authorize the new connection, based on
+ * the trust in the authenticated connection established in phase 1.
+ *
+ * Once the validation of the client's DICE artifacts is completed, the AuthMgr BE retrieves the
+ * pending new connection to be authorized, which is associated with a token that matches the
+ * token sent in this method call and a transport ID that matches the transport ID associated
+ * with the connection underlying this method call.
+ *
+ * Next the AuthMgr BE connects to the trusted service requested by the client in order to
+ * handover the new authorized connection to the trusted service. Once the connection
+ * handover is successful, the AuthMgr BE returns OK to the AuthMgr FE. Then the AuthMgr FE
+ * returns to the client a handle to the new connection (created at the beginning of phase 2).
+ * At this point, an authorized connection is setup between the client and the trusted service,
+ * which they can use to communicate independently of the AuthMgr FE and the AuthMgr BE.
+ *
+ * @param clientID - the identifier of the client in the pVM instance, which is unique in the
+ * context of the pVM instance
+ *
+ * @param service name - the name of the trusted service requested by the client
+ *
+ * @param token - the one-time token used to authorize the new connection created between the
+ * AuthMgr FE and the AuthMgr BE
+ *
+ * @param clientDiceArtifacts - DICE leaf certificate and the DICE leaf policy of the client
+ *
+ * @throws ServiceSpecificException:
+ * Error::CONNECTION_NOT_AUTHENTICATED - when the underlying connection of this method
+ * call is not authenticated.
+ * Error::DICE_POLICY_MATCHING_FAILED - when the DICE certificate chain to DICE policy
+ * matching fails for the client.
+ * Error::NO_CONNECTION_TO_AUTHORIZE - when there is no pending new connection that
+ * is associated with a token and a transport ID that matches those of this
+ * method call.
+ * Error::CONNECTION_HANDOVER_FAILED - when the hanover of the authorized connection to
+ * the trusted service fails.
+ * Error::CLIENT_PENDING_DELETION - when a client that is being deleted is trying to be
+ * authorized.
+ */
+ void authorizeAndConnectClientToTrustedService(in byte[] clientID, String serviceName,
+ in byte[32] token, in DiceLeafArtifacts clientDiceArtifacts);
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
new file mode 100644
index 0000000..f258603
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * The response from the AuthMgr FE which includes the challenge sent by the AuthMgr BE and other
+ * information signed by the AuthMgr FE's signing key.
+ */
+
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable SignedConnectionRequest {
+ /* Data is CBOR encoded according the CDDL in ./SignedConnectionRequest.cddl */
+ byte[] signedConnectionRequest;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl
new file mode 100644
index 0000000..a74ccd7
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+SignedConnectionRequestProtected = {
+ 1 : AlgorithmEdDSA / AlgorithmES256,
+}
+
+SignedConnectionRequest = [ ; COSE_Sign1 (untagged) [RFC9052 s4.2]
+ protected: bstr .cbor SignedConnectionRequesProtected,
+ unprotected: {},
+ payload: bstr .cbor ConnectionRequest,
+ signature: bstr ; PureEd25519(privateKey, SignedResponseSigStruct) /
+ ; ECDSA(privateKey, SignedResponseSigStruct)
+]
+
+ConnectionRequestSigStruct = [ ; Sig_structure for SignedConnectionRequest [ RFC9052 s4.4]
+ context: "Signature1",
+ body_protected: bstr .cbor SignedConnectionRequesProtected,
+ external_aad: bstr .cbor ExternalAADForDICESignedConnectionRequest,
+ payload: bstr .cbor ConnectionRequest,
+]
+
+; The payload structure signed by the DICE signing key
+ConnectionRequest [
+ challenge: bstr .size 32,
+ transport_type: TransportType, ; this indicates what CBOR structure should be exected for the
+ ; next element (i.e. transport_id_info)
+ transport_id_info: TransportIdInfo, ; this information is used to detect person-in-the-middle
+ ; attacks
+]
+
+; The unique id assigned to the `ConnectionRequest` payload structure
+ConnectionRequestUuid = h'34c82916 9579 4d86 baef 592a066419e4' ; bstr .size 16 (UUID v4 - RFC 9562)
+
+; An integer that identifies the type of the transport used for communication between clients and
+; trusted services
+TransportType = &(
+ FFA: 1,
+ ; Any other transport type(s) also be defined here
+)
+
+; Identity information of the peers provided by the transport layer
+TransportIdInfo = &(
+ FFATransportId,
+ ; Any other type(s) containing transport layer identity information should also be defiend here
+)
+
+; Transport ids (a.k.a VM IDs) provided by the FFA transport
+FFATransportId = [
+ feID: uint .size 2, ; FF-A partition ID of the AuthMgr FE
+ beID: uint .size 2, ; FF-A partition ID of the AuthMgr BE
+]
+
+; External AAD to be added to any Sig_structure signed by the DICE signing key, with the mandatory
+; field of `uuid_of_payload_struct` of type UUID v4 (RFC 9562). This field is required to ensure
+; that both the signer and the verifier refer to the same payload structure, given that there are
+; various payload structures signed by the DICE signing key in different protocols in Android.
+ExternalAADForDICESigned = [
+ uuid_of_payload_struct: buuid,
+]
+
+; RFC8610 - Section 3.6
+buuid = #6.37(bstr .size 16)
+
+ExternalAADForDICESignedConnectionRequest = [ ; ExternalAADForDICESigned for ConnectionRequest
+ uuid_of_payload_struct: #6.37(ConnectionRequestUuid),
+]
+
+AlgorithmES256 = -7 ; [RFC9053 s2.1]
+AlgorithmEdDSA = -8 ; [RFC9053 s2.2]
diff --git a/security/see/authmgr/aidl/vts/Android.bp b/security/see/authmgr/aidl/vts/Android.bp
new file mode 100644
index 0000000..3d6fce2
--- /dev/null
+++ b/security/see/authmgr/aidl/vts/Android.bp
@@ -0,0 +1,36 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["Android-Apache-2.0"],
+ default_team: "trendy_team_trusty",
+}
+
+rust_test {
+ name: "VtsAidlAuthMgrNonExistentTest",
+ srcs: ["test.rs"],
+ require_root: true,
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ rustlibs: [
+ "libbinder_rs",
+ ],
+}
diff --git a/security/see/authmgr/aidl/vts/test.rs b/security/see/authmgr/aidl/vts/test.rs
new file mode 100644
index 0000000..45533a7
--- /dev/null
+++ b/security/see/authmgr/aidl/vts/test.rs
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Test for asserting the non-existence of an IAuthMgrAuthorization.aidl
+
+#![cfg(test)]
+
+use binder;
+
+const AUTHMGR_INTERFACE_NAME: &str = "android.hardware.security.see.authmgr.IAuthMgrAuthorization";
+
+#[test]
+fn test_authmgr_non_existence() {
+ let authmgr_instances = match binder::get_declared_instances(AUTHMGR_INTERFACE_NAME) {
+ Ok(vec) => vec,
+ Err(e) => {
+ panic!("failed to retrieve the declared interfaces for AuthMgr: {:?}", e);
+ }
+ };
+ assert!(authmgr_instances.is_empty());
+}