Merge "Cast to the underlying type for union tags"
diff --git a/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h b/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h
index 82746d6..952b69a 100644
--- a/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h
+++ b/identity/support/include/android/hardware/identity/support/IdentityCredentialSupport.h
@@ -407,6 +407,10 @@
// may be smaller than |maxChunkSize|.
vector<vector<uint8_t>> chunkVector(const vector<uint8_t>& content, size_t maxChunkSize);
+// Extract the issuer subject name from the leaf cert in the given chain,
+// returning it as DER-encoded bytes.
+optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate);
+
} // namespace support
} // namespace identity
} // namespace hardware
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index 36ecdb0..4c2f186 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp
@@ -209,38 +209,6 @@
return keyPair;
}
-// Extract the issuer subject name from the leaf cert in the given chain,
-// returning it as DER-encoded bytes.
-optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate) {
- const uint8_t* input = certificate.data();
- X509_Ptr cert(d2i_X509(/*cert=*/nullptr, &input, certificate.size()));
- if (!cert) {
- LOG(ERROR) << "Failed to parse certificate";
- return std::nullopt;
- }
-
- X509_NAME* subject = X509_get_subject_name(cert.get());
- if (!subject) {
- LOG(ERROR) << "Failed to retrieve subject name";
- return std::nullopt;
- }
-
- int encodedSubjectLength = i2d_X509_NAME(subject, /*out=*/nullptr);
- if (encodedSubjectLength < 0) {
- LOG(ERROR) << "Error obtaining encoded subject name length";
- return std::nullopt;
- }
-
- vector<uint8_t> encodedSubject(encodedSubjectLength);
- uint8_t* out = encodedSubject.data();
- if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) {
- LOG(ERROR) << "Error encoding subject name";
- return std::nullopt;
- }
-
- return encodedSubject;
-}
-
// Generates the attestation certificate with the parameters passed in. Note
// that the passed in |activeTimeMilliSeconds| |expireTimeMilliSeconds| are in
// milli seconds since epoch. We are setting them to milliseconds due to
@@ -900,7 +868,7 @@
}
optional<vector<uint8_t>> derIssuerSubject =
- extractDerSubjectFromCertificate(attestationKeyCert);
+ support::extractDerSubjectFromCertificate(attestationKeyCert);
if (!derIssuerSubject) {
LOG(ERROR) << "Error error extracting issuer name from the given certificate chain";
return std::nullopt;
@@ -2325,6 +2293,36 @@
return testHardwareBoundKey;
}
+optional<vector<uint8_t>> extractDerSubjectFromCertificate(const vector<uint8_t>& certificate) {
+ const uint8_t* input = certificate.data();
+ X509_Ptr cert(d2i_X509(/*cert=*/nullptr, &input, certificate.size()));
+ if (!cert) {
+ LOG(ERROR) << "Failed to parse certificate";
+ return std::nullopt;
+ }
+
+ X509_NAME* subject = X509_get_subject_name(cert.get());
+ if (!subject) {
+ LOG(ERROR) << "Failed to retrieve subject name";
+ return std::nullopt;
+ }
+
+ int encodedSubjectLength = i2d_X509_NAME(subject, /*out=*/nullptr);
+ if (encodedSubjectLength < 0) {
+ LOG(ERROR) << "Error obtaining encoded subject name length";
+ return std::nullopt;
+ }
+
+ vector<uint8_t> encodedSubject(encodedSubjectLength);
+ uint8_t* out = encodedSubject.data();
+ if (encodedSubjectLength != i2d_X509_NAME(subject, &out)) {
+ LOG(ERROR) << "Error encoding subject name";
+ return std::nullopt;
+ }
+
+ return encodedSubject;
+}
+
} // namespace support
} // namespace identity
} // namespace hardware
diff --git a/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp b/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
index 8699de3..d9a6363 100644
--- a/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
+++ b/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
@@ -20,7 +20,9 @@
#endif
#include <android-base/logging.h>
+#include <android-base/properties.h>
#include <android-base/strings.h>
+#include <android/api-level.h>
#include <android/hardware/media/omx/1.0/IOmx.h>
#include <android/hardware/media/omx/1.0/IOmxNode.h>
@@ -371,6 +373,31 @@
}
}
+static int getFirstApiLevel() {
+ return android::base::GetIntProperty("ro.product.first_api_level", __ANDROID_API_T__);
+}
+
+// list components and roles.
+TEST_P(StoreHidlTest, OmxCodecAllowedTest) {
+ hidl_vec<IOmx::ComponentInfo> componentInfos = getComponentInfoList(omx);
+ for (IOmx::ComponentInfo info : componentInfos) {
+ for (std::string role : info.mRoles) {
+ if (role.find("video_decoder") != std::string::npos ||
+ role.find("video_encoder") != std::string::npos) {
+ ASSERT_LT(getFirstApiLevel(), __ANDROID_API_S__)
+ << " Component: " << info.mName.c_str() << " Role: " << role.c_str()
+ << " not allowed for devices launching with Android S and above";
+ }
+ if (role.find("audio_decoder") != std::string::npos ||
+ role.find("audio_encoder") != std::string::npos) {
+ ASSERT_LT(getFirstApiLevel(), __ANDROID_API_T__)
+ << " Component: " << info.mName.c_str() << " Role: " << role.c_str()
+ << " not allowed for devices launching with Android T and above";
+ }
+ }
+ }
+}
+
// list components and roles.
TEST_P(StoreHidlTest, ListNodes) {
description("enumerate component and roles");
diff --git a/security/keymint/aidl/default/TEST_MAPPING b/security/keymint/aidl/default/TEST_MAPPING
new file mode 100644
index 0000000..2400ccd
--- /dev/null
+++ b/security/keymint/aidl/default/TEST_MAPPING
@@ -0,0 +1,7 @@
+{
+ "presubmit" : [
+ {
+ "name" : "vts_treble_vintf_framework_test"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml b/security/keymint/aidl/default/android.hardware.security.keymint-service.xml
index 4aa05ef..a4d0302 100644
--- a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml
+++ b/security/keymint/aidl/default/android.hardware.security.keymint-service.xml
@@ -1,10 +1,12 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.security.keymint</name>
+ <version>2</version>
<fqname>IKeyMintDevice/default</fqname>
</hal>
<hal format="aidl">
<name>android.hardware.security.keymint</name>
+ <version>2</version>
<fqname>IRemotelyProvisionedComponent/default</fqname>
</hal>
</manifest>