Merge "Fix IC vts bugs and add tests for IC IWritableIdentityCredential.aidl interface."
diff --git a/audio/common/all-versions/test/utility/include/utility/ValidateXml.h b/audio/common/all-versions/test/utility/include/utility/ValidateXml.h
index ee206f7..274a10b 100644
--- a/audio/common/all-versions/test/utility/include/utility/ValidateXml.h
+++ b/audio/common/all-versions/test/utility/include/utility/ValidateXml.h
@@ -51,8 +51,31 @@
  */
 template <bool atLeastOneRequired = true>
 ::testing::AssertionResult validateXmlMultipleLocations(
-    const char* xmlFileNameExpr, const char* xmlFileLocationsExpr, const char* xsdFilePathExpr,
-    const char* xmlFileName, std::vector<const char*> xmlFileLocations, const char* xsdFilePath);
+        const char* xmlFileNameExpr, const char* xmlFileLocationsExpr, const char* xsdFilePathExpr,
+        const char* xmlFileName, const std::vector<std::string>& xmlFileLocations,
+        const char* xsdFilePath);
+template <bool atLeastOneRequired = true>
+::testing::AssertionResult validateXmlMultipleLocations(
+        const char* xmlFileNameExpr, const char* xmlFileLocationsExpr, const char* xsdFilePathExpr,
+        const char* xmlFileName, std::initializer_list<const char*> xmlFileLocations,
+        const char* xsdFilePath) {
+    return validateXmlMultipleLocations<atLeastOneRequired>(
+            xmlFileNameExpr, xmlFileLocationsExpr, xsdFilePathExpr, xmlFileName,
+            std::vector<std::string>(xmlFileLocations.begin(), xmlFileLocations.end()),
+            xsdFilePath);
+}
+template <bool atLeastOneRequired = true>
+::testing::AssertionResult validateXmlMultipleLocations(const char* xmlFileNameExpr,
+                                                        const char* xmlFileLocationsExpr,
+                                                        const char* xsdFilePathExpr,
+                                                        const char* xmlFileName,
+                                                        std::vector<const char*> xmlFileLocations,
+                                                        const char* xsdFilePath) {
+    return validateXmlMultipleLocations<atLeastOneRequired>(
+            xmlFileNameExpr, xmlFileLocationsExpr, xsdFilePathExpr, xmlFileName,
+            std::vector<std::string>(xmlFileLocations.begin(), xmlFileLocations.end()),
+            xsdFilePath);
+}
 
 /** ASSERT that all found XML are valid according to an xsd. */
 #define ASSERT_VALID_XML_MULTIPLE_LOCATIONS(xmlFileName, xmlFileLocations, xsdFilePath)         \
diff --git a/audio/common/all-versions/test/utility/src/ValidateXml.cpp b/audio/common/all-versions/test/utility/src/ValidateXml.cpp
index bdafa82..a866104 100644
--- a/audio/common/all-versions/test/utility/src/ValidateXml.cpp
+++ b/audio/common/all-versions/test/utility/src/ValidateXml.cpp
@@ -131,14 +131,15 @@
 
 template <bool atLeastOneRequired>
 ::testing::AssertionResult validateXmlMultipleLocations(
-    const char* xmlFileNameExpr, const char* xmlFileLocationsExpr, const char* xsdFilePathExpr,
-    const char* xmlFileName, std::vector<const char*> xmlFileLocations, const char* xsdFilePath) {
+        const char* xmlFileNameExpr, const char* xmlFileLocationsExpr, const char* xsdFilePathExpr,
+        const char* xmlFileName, const std::vector<std::string>& xmlFileLocations,
+        const char* xsdFilePath) {
     using namespace std::string_literals;
 
     std::vector<std::string> errors;
     std::vector<std::string> foundFiles;
 
-    for (const char* location : xmlFileLocations) {
+    for (const auto& location : xmlFileLocations) {
         std::string xmlFilePath = location + "/"s + xmlFileName;
         if (access(xmlFilePath.c_str(), F_OK) != 0) {
             // If the file does not exist ignore this location and fallback on the next one
@@ -166,14 +167,12 @@
                                   : "\nWhere no file might exist.");
 }
 
-template ::testing::AssertionResult validateXmlMultipleLocations<true>(const char*, const char*,
-                                                                       const char*, const char*,
-                                                                       std::vector<const char*>,
-                                                                       const char*);
-template ::testing::AssertionResult validateXmlMultipleLocations<false>(const char*, const char*,
-                                                                        const char*, const char*,
-                                                                        std::vector<const char*>,
-                                                                        const char*);
+template ::testing::AssertionResult validateXmlMultipleLocations<true>(
+        const char*, const char*, const char*, const char*, const std::vector<std::string>&,
+        const char*);
+template ::testing::AssertionResult validateXmlMultipleLocations<false>(
+        const char*, const char*, const char*, const char*, const std::vector<std::string>&,
+        const char*);
 
 }  // namespace utility
 }  // namespace test
diff --git a/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h b/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h
index da30ade..af6e9e8 100644
--- a/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h
+++ b/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h
@@ -35,6 +35,7 @@
 #include <hwbinder/IPCThreadState.h>
 
 #include <android-base/logging.h>
+#include <system/audio_config.h>
 
 #include PATH(android/hardware/audio/FILE_VERSION/IDevice.h)
 #include PATH(android/hardware/audio/FILE_VERSION/IDevicesFactory.h)
@@ -133,7 +134,6 @@
 ////////////////////////// Audio policy configuration ////////////////////////
 //////////////////////////////////////////////////////////////////////////////
 
-static const std::vector<const char*> kConfigLocations = {"/odm/etc", "/vendor/etc", "/system/etc"};
 static constexpr char kConfigFileName[] = "audio_policy_configuration.xml";
 
 // Stringify the argument.
@@ -152,8 +152,8 @@
     PolicyConfig()
         : AudioPolicyConfig(hwModules, availableOutputDevices, availableInputDevices,
                             defaultOutputDevice) {
-        for (const char* location : kConfigLocations) {
-            std::string path = std::string(location) + '/' + kConfigFileName;
+        for (const auto& location : android::audio_get_configuration_paths()) {
+            std::string path = location + '/' + kConfigFileName;
             if (access(path.c_str(), F_OK) == 0) {
                 mFilePath = path;
                 break;
@@ -186,7 +186,7 @@
     std::string getError() const {
         if (mFilePath.empty()) {
             return std::string{"Could not find "} + kConfigFileName +
-                   " file in: " + testing::PrintToString(kConfigLocations);
+                   " file in: " + testing::PrintToString(android::audio_get_configuration_paths());
         } else {
             return "Invalid config file: " + mFilePath;
         }
@@ -302,7 +302,8 @@
                    "is valid according to the schema");
 
     const char* xsd = "/data/local/tmp/audio_policy_configuration_" STRINGIFY(CPP_VERSION) ".xsd";
-    EXPECT_ONE_VALID_XML_MULTIPLE_LOCATIONS(kConfigFileName, kConfigLocations, xsd);
+    EXPECT_ONE_VALID_XML_MULTIPLE_LOCATIONS(kConfigFileName,
+                                            android::audio_get_configuration_paths(), xsd);
 }
 
 class AudioPolicyConfigTest : public AudioHidlTestWithDeviceParameter {
diff --git a/audio/effect/all-versions/vts/functional/ValidateAudioEffectsConfiguration.cpp b/audio/effect/all-versions/vts/functional/ValidateAudioEffectsConfiguration.cpp
index 9c0135b..f251634 100644
--- a/audio/effect/all-versions/vts/functional/ValidateAudioEffectsConfiguration.cpp
+++ b/audio/effect/all-versions/vts/functional/ValidateAudioEffectsConfiguration.cpp
@@ -18,6 +18,7 @@
 #include <iterator>
 
 #include <media/EffectsConfig.h>
+#include <system/audio_config.h>
 // clang-format off
 #include PATH(android/hardware/audio/effect/FILE_VERSION/IEffectsFactory.h)
 // clang-format on
@@ -41,13 +42,14 @@
         GTEST_SKIP() << "No Effects HAL version " STRINGIFY(CPP_VERSION) " on this device";
     }
 
-    std::vector<const char*> locations(std::begin(DEFAULT_LOCATIONS), std::end(DEFAULT_LOCATIONS));
     const char* xsd = "/data/local/tmp/audio_effects_conf_" STRINGIFY(CPP_VERSION) ".xsd";
 #if MAJOR_VERSION == 2
     // In V2, audio effect XML is not required. .conf is still allowed though deprecated
-    EXPECT_VALID_XML_MULTIPLE_LOCATIONS(DEFAULT_NAME, locations, xsd);
+    EXPECT_VALID_XML_MULTIPLE_LOCATIONS(DEFAULT_NAME, android::audio_get_configuration_paths(),
+                                        xsd);
 #elif MAJOR_VERSION >= 4
     // Starting with V4, audio effect XML is required
-    EXPECT_ONE_VALID_XML_MULTIPLE_LOCATIONS(DEFAULT_NAME, locations, xsd);
+    EXPECT_ONE_VALID_XML_MULTIPLE_LOCATIONS(DEFAULT_NAME, android::audio_get_configuration_paths(),
+                                            xsd);
 #endif
 }
diff --git a/audio/policy/1.0/vts/functional/ValidateEngineConfiguration.cpp b/audio/policy/1.0/vts/functional/ValidateEngineConfiguration.cpp
index a0aaa6e..5741fa9 100644
--- a/audio/policy/1.0/vts/functional/ValidateEngineConfiguration.cpp
+++ b/audio/policy/1.0/vts/functional/ValidateEngineConfiguration.cpp
@@ -23,7 +23,8 @@
 #include <string>
 #include "utility/ValidateXml.h"
 
-static const std::vector<const char*> locations = {"/odm/etc", "/vendor/etc", "/system/etc"};
+#include <system/audio_config.h>
+
 static const std::string config = "audio_policy_engine_configuration.xml";
 static const std::string schema =
         std::string(XSD_DIR) + "/audio_policy_engine_configuration_V1_0.xsd";
@@ -42,7 +43,8 @@
     RecordProperty("description",
                    "Verify that the audio policy engine configuration file "
                    "is valid according to the schemas");
-    EXPECT_VALID_XML_MULTIPLE_LOCATIONS(config.c_str(), locations, schema.c_str());
+    EXPECT_VALID_XML_MULTIPLE_LOCATIONS(config.c_str(), android::audio_get_configuration_paths(),
+                                        schema.c_str());
 }
 
 /**
@@ -52,9 +54,11 @@
  */
 static bool deviceUsesConfigurableEngine() {
     return android::hardware::audio::common::test::utility::validateXmlMultipleLocations<true>(
-                   "", "", "", config.c_str(), locations, schema.c_str()) &&
+                   "", "", "", config.c_str(), android::audio_get_configuration_paths(),
+                   schema.c_str()) &&
            android::hardware::audio::common::test::utility::validateXmlMultipleLocations<true>(
-                   "", "", "", configurableConfig.c_str(), locations, configurableSchemas.c_str());
+                   "", "", "", configurableConfig.c_str(), android::audio_get_configuration_paths(),
+                   configurableSchemas.c_str());
 }
 
 TEST(ValidateConfiguration, audioPolicyEngineConfigurable) {
diff --git a/automotive/vehicle/2.0/manifest.vehicle.xml b/automotive/vehicle/2.0/manifest.vehicle.xml
new file mode 100644
index 0000000..832b302
--- /dev/null
+++ b/automotive/vehicle/2.0/manifest.vehicle.xml
@@ -0,0 +1,11 @@
+<manifest version="1.0" type="device" target-level="3">
+    <hal format="hidl">
+        <name>android.hardware.automotive.vehicle</name>
+        <transport>hwbinder</transport>
+        <version>2.0</version>
+        <interface>
+            <name>IVehicle</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
+</manifest>
diff --git a/camera/device/1.0/default/CameraDevice.cpp b/camera/device/1.0/default/CameraDevice.cpp
index 2dd6094..80733d1 100644
--- a/camera/device/1.0/default/CameraDevice.cpp
+++ b/camera/device/1.0/default/CameraDevice.cpp
@@ -15,6 +15,9 @@
  */
 
 #define LOG_TAG "CamDev@1.0-impl"
+
+#include <fcntl.h>
+
 #include <hardware/camera.h>
 #include <hardware/gralloc1.h>
 #include <hidlmemory/mapping.h>
diff --git a/compatibility_matrices/build/vintf_compatibility_matrix.go b/compatibility_matrices/build/vintf_compatibility_matrix.go
index e48f993..2772ba3 100644
--- a/compatibility_matrices/build/vintf_compatibility_matrix.go
+++ b/compatibility_matrices/build/vintf_compatibility_matrix.go
@@ -40,7 +40,15 @@
 		Description: "assemble_vintf -i ${inputs}",
 	}, "inputs")
 
-	kernelConfigTag = dependencyTag{name: "kernel-config"}
+	xmllintXsd = pctx.AndroidStaticRule("xmllint-xsd", blueprint.RuleParams{
+		Command:     `$XmlLintCmd --schema $xsd $in > /dev/null && touch -a $out`,
+		CommandDeps: []string{"$XmlLintCmd"},
+		Restat:      true,
+	}, "xsd")
+
+	kernelConfigTag  = dependencyTag{name: "kernel-config"}
+	schemaTag        = dependencyTag{name: "matrix-schema"}
+	schemaModuleName = "compatibility_matrix_schema"
 )
 
 const (
@@ -62,11 +70,13 @@
 	android.ModuleBase
 	properties vintfCompatibilityMatrixProperties
 
-	genFile android.WritablePath
+	genFile                android.WritablePath
+	additionalDependencies android.WritablePaths
 }
 
 func init() {
 	pctx.HostBinToolVariable("assembleVintfCmd", "assemble_vintf")
+	pctx.HostBinToolVariable("XmlLintCmd", "xmllint")
 	android.RegisterModuleType("vintf_compatibility_matrix", vintfCompatibilityMatrixFactory)
 }
 
@@ -82,6 +92,42 @@
 func (g *vintfCompatibilityMatrixRule) DepsMutator(ctx android.BottomUpMutatorContext) {
 	android.ExtractSourcesDeps(ctx, g.properties.Srcs)
 	ctx.AddDependency(ctx.Module(), kernelConfigTag, g.properties.Kernel_configs...)
+	ctx.AddDependency(ctx.Module(), schemaTag, schemaModuleName)
+}
+
+func (g *vintfCompatibilityMatrixRule) timestampFilePath(ctx android.ModuleContext, path android.Path) android.WritablePath {
+	return android.GenPathWithExt(ctx, "vintf-xmllint", path, "ts")
+}
+
+func (g *vintfCompatibilityMatrixRule) generateValidateBuildAction(ctx android.ModuleContext, path android.Path, schema android.Path) {
+	timestamp := g.timestampFilePath(ctx, path)
+	ctx.Build(pctx, android.BuildParams{
+		Rule:        xmllintXsd,
+		Description: "xmllint-xsd",
+		Input:       path,
+		Output:      timestamp,
+		Implicit:    schema,
+		Args: map[string]string{
+			"xsd": schema.String(),
+		},
+	})
+	g.additionalDependencies = append(g.additionalDependencies, timestamp)
+}
+
+func (g *vintfCompatibilityMatrixRule) getSchema(ctx android.ModuleContext) android.OptionalPath {
+	schemaModule := ctx.GetDirectDepWithTag(schemaModuleName, schemaTag)
+	sfp, ok := schemaModule.(android.SourceFileProducer)
+	if !ok {
+		ctx.ModuleErrorf("Implicit dependency %q has no srcs", ctx.OtherModuleName(schemaModule))
+		return android.OptionalPath{}
+	}
+
+	schemaSrcs := sfp.Srcs()
+	if len(schemaSrcs) != 1 {
+		ctx.PropertyErrorf(`srcs of implicit dependency %q has length %d != 1`, ctx.OtherModuleName(schemaModule), len(schemaSrcs))
+		return android.OptionalPath{}
+	}
+	return android.OptionalPathForPath(schemaSrcs[0])
 }
 
 func (g *vintfCompatibilityMatrixRule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
@@ -91,7 +137,18 @@
 		outputFilename = g.Name()
 	}
 
+	schema := g.getSchema(ctx)
+	if !schema.Valid() {
+		return
+	}
+
 	inputPaths := android.PathsForModuleSrc(ctx, g.properties.Srcs)
+	for _, srcPath := range inputPaths {
+		g.generateValidateBuildAction(ctx, srcPath, schema.Path())
+	}
+
+	// No need to validate matrices from kernel configs because they are generated by
+	// assemble_vintf.
 	ctx.VisitDirectDepsWithTag(kernelConfigTag, func(m android.Module) {
 		if k, ok := m.(*configs.KernelConfigRule); ok {
 			inputPaths = append(inputPaths, k.OutputPath())
@@ -112,6 +169,7 @@
 			"inputs": strings.Join(inputPaths.Strings(), ":"),
 		},
 	})
+	g.generateValidateBuildAction(ctx, g.genFile, schema.Path())
 
 	ctx.InstallFile(android.PathForModuleInstall(ctx, "etc", relpath), outputFilename, g.genFile)
 }
@@ -126,6 +184,9 @@
 				if proptools.String(g.properties.Stem) != "" {
 					fmt.Fprintln(w, "LOCAL_MODULE_STEM :=", proptools.String(g.properties.Stem))
 				}
+				for _, path := range g.additionalDependencies {
+					fmt.Fprintln(w, "LOCAL_ADDITIONAL_DEPENDENCIES +=", path.String())
+				}
 			},
 		},
 	}
diff --git a/current.txt b/current.txt
index becbf9b..99da427 100644
--- a/current.txt
+++ b/current.txt
@@ -584,11 +584,11 @@
 # ABI preserving changes to HALs during Android R
 b69a7615c508acf5c5201efd1bfa3262167874fc3594e2db5a3ff93addd8ac75 android.hardware.keymaster@4.0::IKeymasterDevice
 eb2fa0c883c2185d514be0b84c179b283753ef0c1b77b45b4f359bd23bba8b75 android.hardware.neuralnetworks@1.0::IPreparedModel
-8eac60e1f724d141c71c69f06d4544acb720a55dfbbcd97fa01bb3d25ee4e2f5 android.hardware.neuralnetworks@1.0::types
+92e101b30e47bdf526a01c52cecfbe730def5997b8260ab497eb949eb2a6dcdf android.hardware.neuralnetworks@1.0::types
 5f6d3097ba84cb63c430787123f4de1b31c11f90b531b98eae9a8623a5ae962a android.hardware.neuralnetworks@1.1::types
 fb382e986c10b8fbb797a8546e8f9ea6d1107bfe6f3fb7e57f6bbbf1f807a906 android.hardware.neuralnetworks@1.2::IDevice
 40e71cd693de5b832325c5d8f081f2ff20a7ba2b89d401cee5b4b3eb0e241681 android.hardware.neuralnetworks@1.2::IPreparedModel
-00649d29680f2c47edf60000c3ae7ae906ba638f0616947147e3676a83cf36fa android.hardware.neuralnetworks@1.2::types
+ee1a0dee5be00a6fe2d4d3270068c78016dcb194d768fe07ed894ea20904037f android.hardware.neuralnetworks@1.2::types
 a785a57447a81e9c130eef6904c3a5c256076c6a04588c40620ebd6fa2660d77 android.hardware.radio@1.2::types
 1a6e2bd289f22931c526b21916910f1d4c436b7acb9556e4243de4ce8e6cc2e4 android.hardware.soundtrigger@2.0::ISoundTriggerHwCallback
 fd65298e1e09e0e3c781ab18305920d757dbe55a3b459ce17814ec5cf6dfee99 android.hardware.wifi@1.0::IWifiP2pIface
@@ -637,16 +637,16 @@
 278817920bfd5292a7713f97f1832cca53de3de640f7670e413d97c6e7fd581c android.hardware.neuralnetworks@1.3::IDevice
 127ba11efb8220dc3aec9a8f441b59eaf1c68d7f03f577833e1824de75a36b17 android.hardware.neuralnetworks@1.3::IExecutionCallback
 6e904be0ddca5ae1de8eba020e6c38ed935ea7d80cd08f47787f137a0ca58555 android.hardware.neuralnetworks@1.3::IFencedExecutionCallback
-2b0b10d2ea7a18a4048cd0eb83d35c19a817aeee95f65807fc31f4ef21381397 android.hardware.neuralnetworks@1.3::IPreparedModel
+ee9dc34b9925b8367b1111c72bd6d9d375432735e451572ca5a665d8516a7744 android.hardware.neuralnetworks@1.3::IPreparedModel
 eee3430cc86c97c7b407495863d8fb61da6f1a64b7721e77b9b4909b11b174e9 android.hardware.neuralnetworks@1.3::IPreparedModelCallback
-c9320b04ec302624985180a02d591bea5e435601fc411a6cabb58878e4e1ad68 android.hardware.neuralnetworks@1.3::types
+acf84925f8ee0a651f2ec547ac334034de266479b93af5434f6c1f25e66aba96 android.hardware.neuralnetworks@1.3::types
 3e01d4446cd69fd1c48f8572efd97487bc179564b32bd795800b97bbe10be37b android.hardware.wifi@1.4::IWifi
 a64467bae843569f0d465c5be7f0c7a5b987985b55a3ef4794dd5afc68538650 android.hardware.wifi.supplicant@1.3::ISupplicant
 44445b8a03d7b9e68b2fbd954672c18a8fce9e32851b0692f4f4ab3407f86ecb android.hardware.wifi.supplicant@1.3::ISupplicantStaIface
 619fc9839ec6e369cfa9b28e3e9412e6885720ff8f9b5750c1b6ffb905120391 android.hardware.wifi.supplicant@1.3::ISupplicantStaIfaceCallback
 c9273429fcf98d797d3bb07fdba6f1be95bf960f9255cde169fd1ca4db85f856 android.hardware.wifi.supplicant@1.3::ISupplicantStaNetwork
 9b0a3ab6f4f74b971ed094426d8a443e29b512ff03e1ab50c07156396cdb2483 android.hardware.wifi.supplicant@1.3::types
-6b8dcd5e3e33a524cc7ebb14671a76ad3a2d333467397ce82acc4024346386f8 android.hardware.radio@1.5::types
+a5bcd595a5108312fe2eb402e716d0b7dab8eb689a2a5f54fdef3ff71f3babd5 android.hardware.radio@1.5::types
 b454df853441c12f6e425e8a60dd29fda20f5e6e39b93d1103e4b37495db38aa android.hardware.radio@1.5::IRadio
 fcbb0742a88215ee7a6d7ce0825d253eb2b50391fc6c8c48667f9fd7f6d4549e android.hardware.radio@1.5::IRadioIndication
 b809193970a91ca637a4b0184767315601d32e3ef3d5992ffbc7a8d14a14f015 android.hardware.radio@1.5::IRadioResponse
@@ -654,4 +654,5 @@
 # ABI preserving changes to HALs during Android S
 
 # HALs released in Android S
+# NOTE: waiting to freeze HALs until later in the release
 # NOTE: new HALs are recommended to be in AIDL
diff --git a/identity/aidl/android/hardware/identity/CipherSuite.aidl b/identity/aidl/android/hardware/identity/CipherSuite.aidl
index 20b02a8..f38134b 100644
--- a/identity/aidl/android/hardware/identity/CipherSuite.aidl
+++ b/identity/aidl/android/hardware/identity/CipherSuite.aidl
@@ -24,13 +24,15 @@
 enum CipherSuite {
     /**
      * Specifies that the cipher suite that will be used to secure communications between the reader
-     * is:
+     * and the prover is using the following primitives
      *
-     * - ECDHE with HKDF-SHA-256 for key agreement.
-     * - AES-256 with GCM block mode for authenticated encryption (nonces are incremented by
-     *   one for every message).
-     * - ECDSA with SHA-256 for signing (used for signing session transcripts to defeat
-     *   man-in-the-middle attacks), signing keys are not ephemeral.
+     *  - ECKA-DH (Elliptic Curve Key Agreement Algorithm - Diffie-Hellman, see BSI TR-03111)
+     *  - HKDF-SHA-256 (see RFC 5869)
+     *  - AES-256-GCM (see NIST SP 800-38D)
+     *  - HMAC-SHA-256 (see RFC 2104)
+     *
+     * The exact way these primitives are combined to derive the session key is specified in
+     * section 9.2.1.4 of ISO/IEC 18013-5 (see description of cipher suite '1').
      *
      * At present this is the only supported cipher suite and it is mandatory for all
      * implementations to support it.
diff --git a/identity/aidl/android/hardware/identity/IIdentityCredential.aidl b/identity/aidl/android/hardware/identity/IIdentityCredential.aidl
index cc14271..7d14f03 100644
--- a/identity/aidl/android/hardware/identity/IIdentityCredential.aidl
+++ b/identity/aidl/android/hardware/identity/IIdentityCredential.aidl
@@ -48,6 +48,8 @@
      * with the reader.  The reason for generating the key pair in the secure environment is so that
      * the secure environment knows what public key to expect to find in the session transcript.
      *
+     * The generated key must be an EC key using the P-256 curve.
+     *
      * This method may only be called once per instance. If called more than once, STATUS_FAILED
      * will be returned.
      *
@@ -61,7 +63,8 @@
      * This method may only be called once per instance. If called more than once, STATUS_FAILED
      * will be returned.
      *
-     * @param publicKey contains the reader's ephemeral public key, in uncompressed form.
+     * @param publicKey contains the reader's ephemeral public key, in uncompressed
+     *        form (e.g. 0x04 || X || Y).
      */
     void setReaderEphemeralPublicKey(in byte[] publicKey);
 
@@ -82,9 +85,9 @@
      * This method be called after createEphemeralKeyPair(), setReaderEphemeralPublicKey(),
      * createAuthChallenge() and before startRetrieveEntry(). This method call is followed by
      * multiple calls of startRetrieveEntryValue(), retrieveEntryValue(), and finally
-     * finishRetrieval().This whole process is called a "credential presentation".
+     * finishRetrieval().
      *
-     * It is permissible to perform multiple credential presentations using the same instance (e.g.
+     * It is permissible to perform data retrievals multiple times using the same instance (e.g.
      * startRetrieval(), then multiple calls of startRetrieveEntryValue(), retrieveEntryValue(),
      * then finally finishRetrieval()) but if this is done, the sessionTranscript parameter
      * must be identical for each startRetrieval() invocation. If this is not the case, this call
@@ -148,6 +151,8 @@
      *     EReaderKeyBytes = #6.24(bstr .cbor EReaderKey.Pub)
      *     ItemsRequestBytes = #6.24(bstr .cbor ItemsRequest)
      *
+     *     EReaderKey.Pub = COSE_Key    ; Ephemeral public key provided by reader
+     *
      * The public key corresponding to the key used to made signature, can be found in the
      * 'x5chain' unprotected header element of the COSE_Sign1 structure (as as described
      * in 'draft-ietf-cose-x509-04'). There will be at least one certificate in said element
@@ -220,13 +225,11 @@
      *
      * It is permissible to keep retrieving values if an access control check fails.
      *
-     * @param nameSpace is the namespace of the element, e.g. "org.iso.18013"
+     * @param nameSpace is the namespace of the element, e.g. "org.iso.18013.5.1"
      *
-     * @param name is the name of the element.
+     * @param name is the name of the element, e.g. "driving_privileges".
      *
-     * @param entrySize is the size of the entry value, if it's a text string or a byte string.
-     *     It must be zero if the entry value is an integer or boolean. If this requirement
-     *     is not met the call fails with STATUS_INVALID_DATA.
+     * @param entrySize is the size of the entry value encoded in CBOR.
      *
      * @param accessControlProfileIds specifies the set of access control profiles that can
      *     authorize access to the provisioned element. If an identifier of a profile
@@ -260,14 +263,12 @@
      * @param out mac is empty if signingKeyBlob or the sessionTranscript passed to
      *    startRetrieval() is empty. Otherwise it is a COSE_Mac0 with empty payload
      *    and the detached content is set to DeviceAuthentication as defined below.
-     *    The key used for the MAC operation is EMacKey and is derived as follows:
-     *
-     *     KDF(ECDH(SDeviceKey.Priv, EReaderKey.Pub))
-     *
-     *    where SDeviceKey.Priv is the key identified by signingKeyBlob. The KDF
-     *    and ECDH functions shall be the same as the ciphersuite selected and
-     *    passed to IIdentityStore.getCredential(). The EMacKey shall be derived
-     *    using a salt of 0x00.
+     *    This code is produced by using the key agreement and key derivation function
+     *    from the ciphersuite with the authentication private key and the reader
+     *    ephemeral public key to compute a shared message authentication code (MAC)
+     *    key, then using the MAC function from the ciphersuite to compute a MAC of
+     *    the authenticated data. See section 9.2.3.5 of ISO/IEC 18013-5 for details
+     *    of this operation.
      *
      *        DeviceAuthentication = [
      *            "DeviceAuthentication",
@@ -308,6 +309,34 @@
     /**
      * Generate a key pair to be used for signing session data and retrieved data items.
      *
+     * The generated key must be an EC key using the P-256 curve.
+     *
+     * This method shall return just a single X.509 certificate which is signed by CredentialKey.
+     * When combined with the certificate chain returned at provisioning time by
+     * getAttestationCertificate() on IWritableIdentityCredential (for the credential key), this
+     * forms a chain all the way from the root of trust to the generated key.
+     *
+     * The public part of a signing key is usually included in issuer-signed data and is
+     * used for anti-cloning purposes or as a mechanism for the issuer to attest to data
+     * generated on the device.
+     *
+     * The following non-optional fields for the X.509 certificate shall be set as follows:
+     *
+     *  - version: INTEGER 2 (means v3 certificate).
+     *
+     *  - serialNumber: INTEGER 1 (fixed value: same on all certs).
+     *
+     *  - signature: must be set to ECDSA.
+     *
+     *  - subject: CN shall be set to "Android Identity Credential Authentication Key".
+     *
+     *  - issuer: shall be set to "credentialStoreName (credentialStoreAuthorName)" using the
+     *    values returned in HardwareInformation.
+     *
+     *  - validity: should be from current time and one year in the future.
+     *
+     *  - subjectPublicKeyInfo: must contain attested public key.
+     *
      * @param out signingKeyBlob contains an encrypted copy of the newly-generated private
      *     signing key.
      *
diff --git a/identity/aidl/android/hardware/identity/IIdentityCredentialStore.aidl b/identity/aidl/android/hardware/identity/IIdentityCredentialStore.aidl
index 23cb1b7..bd664e8 100644
--- a/identity/aidl/android/hardware/identity/IIdentityCredentialStore.aidl
+++ b/identity/aidl/android/hardware/identity/IIdentityCredentialStore.aidl
@@ -55,8 +55,8 @@
  *
  * - For each namespase, a set of name/value pairs, each with an associated set of access control
  *   profile IDs.  Names are UTF-8 strings of up to 256 bytes in length (most should be much
- *   shorter).  Values stored must be encoed as valid CBOR (https://tools.ietf.org/html/rfc7049) and
- *   the encoeded size is is limited to at most 512 KiB.
+ *   shorter).  Values stored must be encoded as CBOR (https://tools.ietf.org/html/rfc7049) and
+ *   the encoded size is is limited to at most 512 KiB.
  *
  * - A set of access control profiles, each with a profile ID and a specification of the
  *   conditions which satisfy the profile's requirements.
@@ -108,12 +108,13 @@
 @VintfStability
 interface IIdentityCredentialStore {
     /**
-     * Success.
+     * Success. This is never returned but included for completeness and for use by code
+     * using these statuses for internal use.
      */
     const int STATUS_OK = 0;
 
     /**
-     * The operation failed. This is used as a generic catch-all for errors that don't belong
+     * The operation failed.  This is used as a generic catch-all for errors that don't belong
      * in other categories, including memory/resource allocation failures and I/O errors.
      */
     const int STATUS_FAILED = 1;
@@ -124,7 +125,7 @@
     const int STATUS_CIPHER_SUITE_NOT_SUPPORTED = 2;
 
     /**
-     * The passed data was invalid. This is a generic catch all for errors that don't belong
+     * The passed data was invalid.  This is a generic catch all for errors that don't belong
      * in other categories related to parameter validation.
      */
     const int STATUS_INVALID_DATA = 3;
@@ -186,16 +187,19 @@
     HardwareInformation getHardwareInformation();
 
     /**
-     * createCredential creates a new Credential.  When a Credential is created, two cryptographic
+     * createCredential creates a new credential.  When a credential is created, two cryptographic
      * keys are created: StorageKey, an AES key used to secure the externalized Credential
-     * contents, and CredentialKeyPair, an EC key pair used to authenticate the store to the IA.  In
-     * addition, all of the Credential data content is imported and a certificate for the
-     * CredentialKeyPair and a signature produced with the CredentialKeyPair are created.  These
+     * contents, and CredentialKey, an EC key pair used to authenticate the store to the IA.
+     *
+     * CredentialKey must be an EC key using the P-256 curve.
+     *
+     * In addition, all of the Credential data content is imported and a certificate for the
+     * CredentialKey and a signature produced with the CredentialKey are created.  These
      * latter values may be checked by an issuing authority to verify that the data was imported
      * into secure hardware and that it was imported unmodified.
      *
      * @param docType is an optional name (may be an empty string) that identifies the type of
-     *     credential being created, e.g. "org.iso.18013-5.2019.mdl" (the doc type of the ISO
+     *     credential being created, e.g. "org.iso.18013.5.1.mDL" (the doc type of the ISO
      *     driving license standard).
      *
      * @param testCredential indicates if this is a test store.  Test credentials must use an
@@ -213,15 +217,8 @@
      * Credential.
      *
      * The cipher suite used to communicate with the remote verifier must also be specified. Currently
-     * only a single cipher-suite is supported and the details of this are as follow:
-     *
-     *  - ECDHE with HKDF-SHA-256 for key agreement.
-     *  - AES-256 with GCM block mode for authenticated encryption (nonces are incremented by one
-     *    for every message).
-     *  - ECDSA with SHA-256 for signing (used for signing session transcripts to defeat
-     *    man-in-the-middle attacks), signing keys are not ephemeral.
-     *
-     * Support for other cipher suites may be added in a future version of this HAL.
+     * only a single cipher-suite is supported. Support for other cipher suites may be added in a
+     * future version of this HAL.
      *
      * This method fails with STATUS_INVALID_DATA if the passed in credentialData cannot be
      * decoded or decrypted.
@@ -233,7 +230,7 @@
      *     return argument of the same name in finishAddingEntries(), in
      *     IWritableIdentityCredential.
      *
-     * @return an IIdentityCredential HIDL interface that provides operations on the Credential.
+     * @return an IIdentityCredential interface that provides operations on the Credential.
      */
     IIdentityCredential getCredential(in CipherSuite cipherSuite, in byte[] credentialData);
 }
diff --git a/identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl b/identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl
index 483b0c7..9673821 100644
--- a/identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl
+++ b/identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl
@@ -60,12 +60,50 @@
      *    attestationApplicationId.
      *
      *  - The teeEnforced field in the attestation extension must include
-     *    Tag::IDENTITY_CREDENTIAL_KEY. This tag indicates that the key is an Identity
-     *    Credential key (which can only sign/MAC very specific messages) and not an Android
-     *    Keystore key (which can be used to sign/MAC anything).
+     *
+     *    - Tag::IDENTITY_CREDENTIAL_KEY which indicates that the key is an Identity
+     *      Credential key (which can only sign/MAC very specific messages) and not an Android
+     *      Keystore key (which can be used to sign/MAC anything).
+     *
+     *    - Tag::PURPOSE must be set to SIGN
+     *
+     *    - Tag::KEY_SIZE must be set to the appropriate key size, in bits (e.g. 256)
+     *
+     *    - Tag::ALGORITHM must be set to EC
+     *
+     *    - Tag::NO_AUTH_REQUIRED must be set
+     *
+     *    - Tag::DIGEST must be set to SHA_2_256
+     *
+     *    - Tag::EC_CURVE must be set to P_256
      *
      * Additional authorizations may be needed in the softwareEnforced and teeEnforced
-     * fields - the above is not an exhaustive list.
+     * fields - the above is not an exhaustive list. Specifically, authorizations containing
+     * information about the root of trust, OS version, verified boot state, and so on should
+     * be included.
+     *
+     * Since the chain is required to be generated using Keymaster Attestation, the returned
+     * certificate chain has the following properties:
+     *
+     *  - The certificate chain is of at least length three.
+     *
+     *  - The root of trust is the same as for Keymaster Attestation. This is usually
+     *    a certificate owned by Google but depending on the specific Android device it may
+     *    be another certificate.
+     *
+     * As with any user of attestation, the Issuing Authority (as a relying party) wishing
+     * to issue a credential to a device using these APIs, must carefully examine the
+     * returned certificate chain for all of the above (and more). In particular, the Issuing
+     * Authority should check the root of trust, verified boot state, patch level,
+     * application id, etc.
+     *
+     * This all depends on the needs of the Issuing Authority and the kind of credential but
+     * in general an Issuing Authority should never issue a credential to a device without
+     * verified boot enabled, to an unrecognized application, or if it appears the device
+     * hasn't been updated for a long time.
+     *
+     * See https://github.com/google/android-key-attestation for an example of how to
+     * examine attestations generated from Android devices.
      *
      * @param attestationApplicationId is the DER encoded value to be stored
      *     in Tag::ATTESTATION_APPLICATION_ID. This schema is described in
@@ -105,7 +143,7 @@
      *     be used to reference the profile. If this is not satisfied the call fails with
      *     STATUS_INVALID_DATA.
      *
-     * @param readerCertificate if non-empty, specifies a X.509 certificate (or chain of
+     * @param readerCertificate if non-empty, specifies a single X.509 certificate (not a chain of
      *     certificates) that must be used to authenticate requests (see the readerSignature
      *     parameter in IIdentityCredential.startRetrieval).
      *
@@ -142,7 +180,7 @@
      * @param accessControlProfileIds specifies the set of access control profiles that can
      *     authorize access to the provisioned element.
      *
-     * @param nameSpace is the namespace of the element, e.g. "org.iso.18013"
+     * @param nameSpace is the namespace of the element, e.g. "org.iso.18013.5.1"
      *
      * @param name is the name of the element.
      *
diff --git a/identity/aidl/android/hardware/identity/SecureAccessControlProfile.aidl b/identity/aidl/android/hardware/identity/SecureAccessControlProfile.aidl
index 01d312d..13f0c6d 100644
--- a/identity/aidl/android/hardware/identity/SecureAccessControlProfile.aidl
+++ b/identity/aidl/android/hardware/identity/SecureAccessControlProfile.aidl
@@ -29,7 +29,7 @@
     /**
      * readerCertificate, if non-empty, specifies a single X.509 certificate (not a chain
      * of certificates) that must be used to authenticate requests. For details about how
-     * this is done, see the readerSignature paremter of IIdentityCredential.startRetrieval.
+     * this is done, see the readerSignature parameter of IIdentityCredential.startRetrieval.
      */
     Certificate readerCertificate;
 
diff --git a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
index bc7f311..8d6e74a 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
@@ -112,6 +112,11 @@
 DECLARE_TYPED_TAG(ASSOCIATED_DATA);
 DECLARE_TYPED_TAG(ATTESTATION_APPLICATION_ID);
 DECLARE_TYPED_TAG(ATTESTATION_CHALLENGE);
+DECLARE_TYPED_TAG(ATTESTATION_ID_BRAND);
+DECLARE_TYPED_TAG(ATTESTATION_ID_DEVICE);
+DECLARE_TYPED_TAG(ATTESTATION_ID_PRODUCT);
+DECLARE_TYPED_TAG(ATTESTATION_ID_MANUFACTURER);
+DECLARE_TYPED_TAG(ATTESTATION_ID_MODEL);
 DECLARE_TYPED_TAG(AUTH_TIMEOUT);
 DECLARE_TYPED_TAG(BLOB_USAGE_REQUIREMENTS);
 DECLARE_TYPED_TAG(BLOCK_MODE);
@@ -155,21 +160,22 @@
 template <typename... Elems>
 struct MetaList {};
 
-using all_tags_t =
-    MetaList<TAG_INVALID_t, TAG_KEY_SIZE_t, TAG_MAC_LENGTH_t, TAG_CALLER_NONCE_t,
-             TAG_MIN_MAC_LENGTH_t, TAG_RSA_PUBLIC_EXPONENT_t, TAG_INCLUDE_UNIQUE_ID_t,
-             TAG_ACTIVE_DATETIME_t, TAG_ORIGINATION_EXPIRE_DATETIME_t, TAG_USAGE_EXPIRE_DATETIME_t,
-             TAG_MIN_SECONDS_BETWEEN_OPS_t, TAG_MAX_USES_PER_BOOT_t, TAG_USER_ID_t,
-             TAG_USER_SECURE_ID_t, TAG_NO_AUTH_REQUIRED_t, TAG_AUTH_TIMEOUT_t,
-             TAG_ALLOW_WHILE_ON_BODY_t, TAG_UNLOCKED_DEVICE_REQUIRED_t, TAG_APPLICATION_ID_t,
-             TAG_APPLICATION_DATA_t, TAG_CREATION_DATETIME_t, TAG_ROLLBACK_RESISTANCE_t,
-             TAG_HARDWARE_TYPE_t, TAG_ROOT_OF_TRUST_t, TAG_ASSOCIATED_DATA_t, TAG_NONCE_t,
-             TAG_BOOTLOADER_ONLY_t, TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t,
-             TAG_ATTESTATION_CHALLENGE_t, TAG_ATTESTATION_APPLICATION_ID_t,
-             TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t, TAG_ALGORITHM_t, TAG_BLOCK_MODE_t,
-             TAG_DIGEST_t, TAG_PADDING_t, TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t,
-             TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t, TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t,
-             TAG_TRUSTED_CONFIRMATION_REQUIRED_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>;
+using all_tags_t = MetaList<
+        TAG_INVALID_t, TAG_KEY_SIZE_t, TAG_MAC_LENGTH_t, TAG_CALLER_NONCE_t, TAG_MIN_MAC_LENGTH_t,
+        TAG_RSA_PUBLIC_EXPONENT_t, TAG_INCLUDE_UNIQUE_ID_t, TAG_ACTIVE_DATETIME_t,
+        TAG_ORIGINATION_EXPIRE_DATETIME_t, TAG_USAGE_EXPIRE_DATETIME_t,
+        TAG_MIN_SECONDS_BETWEEN_OPS_t, TAG_MAX_USES_PER_BOOT_t, TAG_USER_ID_t, TAG_USER_SECURE_ID_t,
+        TAG_NO_AUTH_REQUIRED_t, TAG_AUTH_TIMEOUT_t, TAG_ALLOW_WHILE_ON_BODY_t,
+        TAG_UNLOCKED_DEVICE_REQUIRED_t, TAG_APPLICATION_ID_t, TAG_APPLICATION_DATA_t,
+        TAG_CREATION_DATETIME_t, TAG_ROLLBACK_RESISTANCE_t, TAG_HARDWARE_TYPE_t,
+        TAG_ROOT_OF_TRUST_t, TAG_ASSOCIATED_DATA_t, TAG_NONCE_t, TAG_BOOTLOADER_ONLY_t,
+        TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t, TAG_ATTESTATION_CHALLENGE_t,
+        TAG_ATTESTATION_APPLICATION_ID_t, TAG_ATTESTATION_ID_BRAND_t, TAG_ATTESTATION_ID_DEVICE_t,
+        TAG_ATTESTATION_ID_PRODUCT_t, TAG_ATTESTATION_ID_MANUFACTURER_t, TAG_ATTESTATION_ID_MODEL_t,
+        TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t, TAG_ALGORITHM_t, TAG_BLOCK_MODE_t,
+        TAG_DIGEST_t, TAG_PADDING_t, TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t,
+        TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t, TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t,
+        TAG_TRUSTED_CONFIRMATION_REQUIRED_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>;
 
 template <typename TypedTagType>
 struct TypedTag2ValueType;
diff --git a/neuralnetworks/1.0/types.hal b/neuralnetworks/1.0/types.hal
index 1175a30..620eefb 100644
--- a/neuralnetworks/1.0/types.hal
+++ b/neuralnetworks/1.0/types.hal
@@ -261,7 +261,7 @@
      *      filter.
      * * 2: A 1-D tensor, of shape [depth_out], specifying the bias. For input
      *      tensor of type {@link OperandType::TENSOR_FLOAT32}
-     *      the bias must be of the same type.
+     *       the bias must be of the same type.
      *      For filter tensor of {@link OperandType::TENSOR_QUANT8_ASYMM},
      *      the bias should be of {@link OperandType::TENSOR_INT32}, with zeroPoint
      *      of 0 and bias_scale == input_scale * filter_scale.
@@ -289,7 +289,7 @@
      *      filter.
      * * 2: A 1-D tensor, of shape [depth_out], specifying the bias. For input
      *      tensor of type {@link OperandType::TENSOR_FLOAT32}
-     *      the bias must be of the same
+     *       the bias must be of the same
      *      type.
      *      For filter tensor of {@link OperandType::TENSOR_QUANT8_ASYMM},
      *      the bias should be of {@link OperandType::TENSOR_INT32}, with zeroPoint
@@ -356,7 +356,7 @@
      *      specifying the filter.
      * * 2: A 1-D tensor, of shape [depth_out], specifying the bias. For input
      *      tensor of type {@link OperandType::TENSOR_FLOAT32}
-     *      the bias must be of the same type.
+     *       the bias must be of the same type.
      *      For filter tensor of {@link OperandType::TENSOR_QUANT8_ASYMM},
      *      the bias should be of {@link OperandType::TENSOR_INT32}, with zeroPoint
      *      of 0 and bias_scale == input_scale * filter_scale.
@@ -385,7 +385,7 @@
      *      specifying the filter.
      * * 2: A 1-D tensor, of shape [depth_out], specifying the bias. For input
      *      tensor of type {@link OperandType::TENSOR_FLOAT32}
-     *      the bias must be of the same type.
+     *       the bias must be of the same type.
      *      For filter tensor of {@link OperandType::TENSOR_QUANT8_ASYMM},
      *      the bias should be of {@link OperandType::TENSOR_INT32}, with zeroPoint
      *      of 0 and bias_scale == input_scale * filter_scale.
@@ -628,7 +628,7 @@
     HASHTABLE_LOOKUP = 10,
 
     /**
-     * Applies L2 normalization along the depth dimension.
+     * Applies L2 normalization along the axis dimension.
      *
      * The values in the output tensor are computed as:
      *
diff --git a/neuralnetworks/1.2/types.hal b/neuralnetworks/1.2/types.hal
index f0fd769..2c3c599 100644
--- a/neuralnetworks/1.2/types.hal
+++ b/neuralnetworks/1.2/types.hal
@@ -846,7 +846,7 @@
     HASHTABLE_LOOKUP = @1.1::OperationType:HASHTABLE_LOOKUP,
 
     /**
-     * Applies L2 normalization along the depth dimension.
+     * Applies L2 normalization along the axis dimension.
      *
      * The values in the output tensor are computed as:
      *
@@ -854,8 +854,7 @@
      *         input[batch, row, col, channel] /
      *         sqrt(sum_{c} pow(input[batch, row, col, c], 2))
      *
-     * For input tensor with rank less than 4, independently normalizes each
-     * 1-D slice along dimension dim.
+     * By default the axis dimension is the last dimension of the input tensor.
      *
      * Supported tensor {@link OperandType}:
      * * {@link OperandType::TENSOR_FLOAT16} (since HAL version 1.2)
@@ -3843,7 +3842,8 @@
      * * 1: A scalar {@link OperandType::INT32}, specifying the number of
      *      independent samples to draw for each row slice.
      * * 2: A 1-D {@link OperandType::TENSOR_INT32} tensor with shape [2],
-     *      specifying seeds used to initialize the random distribution.
+     *      specifying seeds used to initialize the random distribution. If both
+     *      provided seeds are 0, both will be randomly generated.
      * Outputs:
      * * 0: A 2-D {@link OperandType::TENSOR_INT32} tensor with shape
      *      [batches, samples], containing the drawn samples.
diff --git a/neuralnetworks/1.2/vts/functional/GeneratedTestHarness.cpp b/neuralnetworks/1.2/vts/functional/GeneratedTestHarness.cpp
index 35275b4..56f3c0b 100644
--- a/neuralnetworks/1.2/vts/functional/GeneratedTestHarness.cpp
+++ b/neuralnetworks/1.2/vts/functional/GeneratedTestHarness.cpp
@@ -350,7 +350,7 @@
         outputTypesList = {OutputType::FULLY_SPECIFIED};
         measureTimingList = {MeasureTiming::NO, MeasureTiming::YES};
         executorList = {Executor::ASYNC, Executor::SYNC, Executor::BURST};
-        memoryTypeList = {MemoryType::ASHMEM, MemoryType::BLOB_AHWB};
+        memoryTypeList = {MemoryType::ASHMEM};
     }
 
     for (const OutputType outputType : outputTypesList) {
diff --git a/neuralnetworks/1.3/IPreparedModel.hal b/neuralnetworks/1.3/IPreparedModel.hal
index a1814b5..e7d63f4 100644
--- a/neuralnetworks/1.3/IPreparedModel.hal
+++ b/neuralnetworks/1.3/IPreparedModel.hal
@@ -92,13 +92,11 @@
      *                            executing a {@link OperationType::WHILE}
      *                            operation. If a loop condition model does not
      *                            output false within this duration, the
-     *                            execution must be aborted. If the model
-     *                            contains a {@link OperationType::WHILE}
-     *                            operation and no loop timeout duration is
-     *                            provided, the maximum amount of time is {@link
-     *                            LoopTimeoutDurationNs::DEFAULT}. When
-     *                            provided, the duration must not exceed {@link
-     *                            LoopTimeoutDurationNs::MAXIMUM}.
+     *                            execution must be aborted. If no loop timeout
+     *                            duration is provided, the maximum amount of
+     *                            time is {@link LoopTimeoutDurationNs::DEFAULT}.
+     *                            When provided, the duration must not exceed
+     *                            {@link LoopTimeoutDurationNs::MAXIMUM}.
      * @param callback A callback object used to return the error status of
      *                 the execution, shape information of model output operands, and
      *                 duration of execution. The callback object's notify function must
@@ -170,13 +168,11 @@
      *                            executing a {@link OperationType::WHILE}
      *                            operation. If a loop condition model does not
      *                            output false within this duration, the
-     *                            execution must be aborted. If the model
-     *                            contains a {@link OperationType::WHILE}
-     *                            operation and no loop timeout duration is
-     *                            provided, the maximum amount of time is {@link
-     *                            LoopTimeoutDurationNs::DEFAULT}. When
-     *                            provided, the duration must not exceed {@link
-     *                            LoopTimeoutDurationNs::MAXIMUM}.
+     *                            execution must be aborted. If no loop timeout
+     *                            duration is provided, the maximum amount of
+     *                            time is {@link LoopTimeoutDurationNs::DEFAULT}.
+     *                            When provided, the duration must not exceed
+     *                            {@link LoopTimeoutDurationNs::MAXIMUM}.
      * @return status Error status of the execution, must be:
      *                - NONE if execution is performed successfully
      *                - DEVICE_UNAVAILABLE if driver is offline or busy
@@ -258,13 +254,11 @@
      *                            executing a {@link OperationType::WHILE}
      *                            operation. If a loop condition model does not
      *                            output false within this duration, the
-     *                            execution must be aborted. If the model
-     *                            contains a {@link OperationType::WHILE}
-     *                            operation and no loop timeout duration is
-     *                            provided, the maximum amount of time is {@link
-     *                            LoopTimeoutDurationNs::DEFAULT}. When
-     *                            provided, the duration must not exceed {@link
-     *                            LoopTimeoutDurationNs::MAXIMUM}.
+     *                            execution must be aborted. If no loop timeout
+     *                            duration is provided, the maximum amount of
+     *                            time is {@link LoopTimeoutDurationNs::DEFAULT}.
+     *                            When provided, the duration must not exceed
+     *                            {@link LoopTimeoutDurationNs::MAXIMUM}.
      * @param duration The length of time within which the execution is expected
      *                 to complete after all sync fences in waitFor are signaled.
      *                 If the execution cannot be finished within the duration,
diff --git a/neuralnetworks/1.3/types.hal b/neuralnetworks/1.3/types.hal
index daaf22e..56930c2 100644
--- a/neuralnetworks/1.3/types.hal
+++ b/neuralnetworks/1.3/types.hal
@@ -833,7 +833,7 @@
     HASHTABLE_LOOKUP = @1.2::OperationType:HASHTABLE_LOOKUP,
 
     /**
-     * Applies L2 normalization along the depth dimension.
+     * Applies L2 normalization along the axis dimension.
      *
      * The values in the output tensor are computed as:
      *
@@ -841,8 +841,7 @@
      *         input[batch, row, col, channel] /
      *         sqrt(sum_{c} pow(input[batch, row, col, c], 2))
      *
-     * For input tensor with rank less than 4, independently normalizes each
-     * 1-D slice along dimension dim.
+     * By default the axis dimension is the last dimension of the input tensor.
      *
      * Supported tensor {@link OperandType}:
      * * {@link OperandType::TENSOR_FLOAT16} (since HAL version 1.2)
@@ -867,6 +866,10 @@
      *      the scale must be 1.f / 128 and the zeroPoint must be 128.
      *      For {@link OperandType::TENSOR_QUANT8_ASYMM_SIGNED},
      *      the scale must be 1.f / 128 and the zeroPoint must be 0.
+     *
+     *      NOTE: Before HAL version 1.3, if the elements along an axis are all zeros,
+     *      the result is undefined. Since HAL version 1.3, if the elements along an axis
+     *      are all zeros, the result is logical zero.
      */
     L2_NORMALIZATION = @1.2::OperationType:L2_NORMALIZATION,
 
@@ -4063,7 +4066,8 @@
      * * 1: A scalar {@link OperandType::INT32}, specifying the number of
      *      independent samples to draw for each row slice.
      * * 2: A 1-D {@link OperandType::TENSOR_INT32} tensor with shape [2],
-     *      specifying seeds used to initialize the random distribution.
+     *      specifying seeds used to initialize the random distribution. If both
+     *      provided seeds are 0, both will be randomly generated.
      * Outputs:
      * * 0: A 2-D {@link OperandType::TENSOR_INT32} tensor with shape
      *      [batches, samples], containing the drawn samples.
@@ -5168,6 +5172,8 @@
      * * {@link OperandType::TENSOR_FLOAT16}
      * * {@link OperandType::TENSOR_FLOAT32}
      *
+     * Supported tensor rank: from 1.
+     *
      * Inputs:
      * * 0: A tensor, specifying the input. May be zero-sized.
      * * 1: A scalar, specifying the alpha parameter.
@@ -5197,6 +5203,8 @@
      * * {@link OperandType::TENSOR_QUANT8_ASYMM}
      * * {@link OperandType::TENSOR_QUANT8_ASYMM_SIGNED}
      *
+     * Supported tensor rank: from 1.
+     *
      * Inputs:
      * * 0: A tensor, specifying the input. May be zero-sized.
      *
@@ -5215,6 +5223,8 @@
      * * {@link OperandType::TENSOR_FLOAT32}
      * * {@link OperandType::TENSOR_INT32}
      *
+     * Supported tensor rank: from 1.
+     *
      * Inputs:
      * * 0: A 1-D tensor, specifying the desired output tensor shape.
      * * 1: A scalar, specifying the value to fill the output tensors with.
@@ -5248,6 +5258,8 @@
      * * {@link OperandType::TENSOR_QUANT8_SYMM}
      * * {@link OperandType::TENSOR_QUANT8_ASYMM_SIGNED}
      *
+     * Supported tensor rank: from 1.
+     *
      * Inputs:
      * * 0: The input tensor.
      *
diff --git a/neuralnetworks/1.3/vts/functional/ValidateModel.cpp b/neuralnetworks/1.3/vts/functional/ValidateModel.cpp
index 4c0100e..e590fda 100644
--- a/neuralnetworks/1.3/vts/functional/ValidateModel.cpp
+++ b/neuralnetworks/1.3/vts/functional/ValidateModel.cpp
@@ -535,13 +535,18 @@
     removeValueAndDecrementGreaterValues(&model->main.outputIndexes, index);
 }
 
-static bool removeOperandSkip(size_t operand, const Model& model) {
+static bool removeOperandSkip(size_t operandIndex, const Model& model) {
+    const Operand& operand = model.main.operands[operandIndex];
+    if (operand.numberOfConsumers == 0) {
+        // Removing an unused operand has no effect.
+        return true;
+    }
     for (const Operation& operation : model.main.operations) {
         // Skip removeOperandTest for the following operations.
         // - SPLIT's outputs are not checked during prepareModel.
         if (operation.type == OperationType::SPLIT) {
-            for (const size_t outOprand : operation.outputs) {
-                if (operand == outOprand) {
+            for (const size_t index : operation.outputs) {
+                if (index == operandIndex) {
                     return true;
                 }
             }
@@ -556,8 +561,8 @@
             operation.type == OperationType::UNIDIRECTIONAL_SEQUENCE_RNN ||
             operation.type == OperationType::BIDIRECTIONAL_SEQUENCE_LSTM ||
             operation.type == OperationType::BIDIRECTIONAL_SEQUENCE_RNN) {
-            for (const size_t outOprand : operation.outputs) {
-                if (operand == outOprand) {
+            for (const size_t index : operation.outputs) {
+                if (index == operandIndex) {
                     return true;
                 }
             }
diff --git a/radio/1.3/vts/functional/radio_hidl_hal_test.cpp b/radio/1.3/vts/functional/radio_hidl_hal_test.cpp
index 4581350..c6e5550 100644
--- a/radio/1.3/vts/functional/radio_hidl_hal_test.cpp
+++ b/radio/1.3/vts/functional/radio_hidl_hal_test.cpp
@@ -38,9 +38,6 @@
     EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_v1_3->rspInfo.type);
     EXPECT_EQ(serial, radioRsp_v1_3->rspInfo.serial);
     EXPECT_EQ(RadioError::NONE, radioRsp_v1_3->rspInfo.error);
-
-    /* Enforce Vts Testing with Sim Status Present only. */
-    EXPECT_EQ(CardState::PRESENT, cardStatus.base.cardState);
 }
 
 /*
diff --git a/radio/1.5/types.hal b/radio/1.5/types.hal
index 248f56e..b061bd5 100644
--- a/radio/1.5/types.hal
+++ b/radio/1.5/types.hal
@@ -203,6 +203,9 @@
     vec<int32_t> channels;
 };
 
+/**
+ * IRadio 1.5 supports NGRAN bands up to V16.2.0
+ */
 enum NgranBands : int32_t {
     /** 3GPP TS 38.101-1, Table 5.2-1: FR1 bands */
     BAND_1 = 1,
@@ -243,7 +246,13 @@
     BAND_83 = 83,
     BAND_84 = 84,
     BAND_86 = 86,
+    BAND_89 = 89,
     BAND_90 = 90,
+    BAND_91 = 91,
+    BAND_92 = 92,
+    BAND_93 = 93,
+    BAND_94 = 94,
+    BAND_95 = 95,
     /** 3GPP TS 38.101-2, Table 5.2-1: FR2 bands */
     BAND_257 = 257,
     BAND_258 = 258,
@@ -251,6 +260,10 @@
     BAND_261 = 261,
 };
 
+/**
+ * Extended from @1.1 UtranBands to add TD-SCDMA bands
+ * IRadio 1.5 supports UTRAN bands up to V15.0.0
+ */
 enum UtranBands : @1.1::UtranBands {
     /** TD-SCDMA bands. 3GPP TS 25.102, Table 5.2: Frequency bands */
     BAND_A = 101,
@@ -262,6 +275,25 @@
 };
 
 /**
+ * Extended from @1.1 EutranBands to add more bands from 3GPP TS 36.101, Table 5.5: Operating bands
+ * IRadio 1.5 supports EUTRAN bands up to V16.4.0
+ */
+enum EutranBands : @1.1::EutranBands {
+    BAND_49 = 49,
+    BAND_50 = 50,
+    BAND_51 = 51,
+    BAND_52 = 52,
+    BAND_53 = 53,
+    BAND_71 = 71,
+    BAND_72 = 72,
+    BAND_73 = 73,
+    BAND_74 = 74,
+    BAND_85 = 85,
+    BAND_87 = 87,
+    BAND_88 = 88,
+};
+
+/**
  * Overwritten from @1.2::NetworkScanRequest to update RadioAccessSpecifier to 1.5 version.
  */
 struct NetworkScanRequest {
diff --git a/sensors/2.0/vts/functional/Android.bp b/sensors/2.0/vts/functional/Android.bp
index 4765fa2..7755ef5 100644
--- a/sensors/2.0/vts/functional/Android.bp
+++ b/sensors/2.0/vts/functional/Android.bp
@@ -33,5 +33,9 @@
         "libfmq",
         "VtsHalSensorsTargetTestUtils",
     ],
+    test_suites: [
+        "general-tests",
+        "vts",
+    ],
 }
 
diff --git a/sensors/2.0/vts/functional/VtsHalSensorsV2_0TargetTest.cpp b/sensors/2.0/vts/functional/VtsHalSensorsV2_0TargetTest.cpp
index 540529d..d0ebe4d 100644
--- a/sensors/2.0/vts/functional/VtsHalSensorsV2_0TargetTest.cpp
+++ b/sensors/2.0/vts/functional/VtsHalSensorsV2_0TargetTest.cpp
@@ -898,6 +898,8 @@
     callback.waitForEvents(sensors, kFiveHundredMs + (5 * maxMinDelay));
     activateAllSensors(false);
 
+    getEnvironment()->unregisterCallback();
+
     for (const SensorInfo& sensor : sensors) {
         // Skip sensors that did not previously report an event
         if (lastEventTimestampMap.find(sensor.sensorHandle) == lastEventTimestampMap.end()) {
diff --git a/vibrator/aidl/default/Vibrator.cpp b/vibrator/aidl/default/Vibrator.cpp
index 9236b95..1a8fd3b 100644
--- a/vibrator/aidl/default/Vibrator.cpp
+++ b/vibrator/aidl/default/Vibrator.cpp
@@ -163,6 +163,10 @@
             }
             LOG(INFO) << "triggering primitive " << static_cast<int>(e.primitive) << " @ scale "
                       << e.scale;
+
+            int32_t durationMs;
+            getPrimitiveDuration(e.primitive, &durationMs);
+            usleep(durationMs * 1000);
         }
 
         if (callback != nullptr) {
diff --git a/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp b/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
index 411fe7a..9a1b660 100644
--- a/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
+++ b/vibrator/aidl/vts/VtsHalVibratorTargetTest.cpp
@@ -33,6 +33,7 @@
 using android::hardware::vibrator::Effect;
 using android::hardware::vibrator::EffectStrength;
 using android::hardware::vibrator::IVibrator;
+using std::chrono::high_resolution_clock;
 
 const std::vector<Effect> kEffects{android::enum_range<Effect>().begin(),
                                    android::enum_range<Effect>().end()};
@@ -381,26 +382,52 @@
 }
 
 TEST_P(VibratorAidl, ComposeCallback) {
+    constexpr std::chrono::milliseconds allowedLatency{10};
+
     if (capabilities & IVibrator::CAP_COMPOSE_EFFECTS) {
-        std::promise<void> completionPromise;
-        std::future<void> completionFuture{completionPromise.get_future()};
-        sp<CompletionCallback> callback =
-                new CompletionCallback([&completionPromise] { completionPromise.set_value(); });
-        CompositePrimitive primitive = CompositePrimitive::CLICK;
-        CompositeEffect effect;
-        std::vector<CompositeEffect> composite;
-        int32_t duration;
+        std::vector<CompositePrimitive> supported;
 
-        effect.delayMs = 0;
-        effect.primitive = primitive;
-        effect.scale = 1.0f;
-        composite.emplace_back(effect);
+        ASSERT_TRUE(vibrator->getSupportedPrimitives(&supported).isOk());
 
-        EXPECT_EQ(Status::EX_NONE,
-                  vibrator->getPrimitiveDuration(primitive, &duration).exceptionCode());
-        EXPECT_EQ(Status::EX_NONE, vibrator->compose(composite, callback).exceptionCode());
-        EXPECT_EQ(completionFuture.wait_for(std::chrono::milliseconds(duration * 2)),
-                  std::future_status::ready);
+        for (auto primitive : supported) {
+            if (primitive == CompositePrimitive::NOOP) {
+                continue;
+            }
+
+            std::promise<void> completionPromise;
+            std::future<void> completionFuture{completionPromise.get_future()};
+            sp<CompletionCallback> callback =
+                    new CompletionCallback([&completionPromise] { completionPromise.set_value(); });
+            CompositeEffect effect;
+            std::vector<CompositeEffect> composite;
+            int32_t durationMs;
+            std::chrono::milliseconds duration;
+            std::chrono::time_point<high_resolution_clock> start, end;
+            std::chrono::milliseconds elapsed;
+
+            effect.delayMs = 0;
+            effect.primitive = primitive;
+            effect.scale = 1.0f;
+            composite.emplace_back(effect);
+
+            EXPECT_EQ(Status::EX_NONE,
+                      vibrator->getPrimitiveDuration(primitive, &durationMs).exceptionCode())
+                    << toString(primitive);
+            duration = std::chrono::milliseconds(durationMs);
+
+            EXPECT_EQ(Status::EX_NONE, vibrator->compose(composite, callback).exceptionCode())
+                    << toString(primitive);
+            start = high_resolution_clock::now();
+
+            EXPECT_EQ(completionFuture.wait_for(duration + allowedLatency),
+                      std::future_status::ready)
+                    << toString(primitive);
+            end = high_resolution_clock::now();
+
+            elapsed = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
+            EXPECT_LE(elapsed.count(), (duration + allowedLatency).count()) << toString(primitive);
+            EXPECT_GE(elapsed.count(), (duration - allowedLatency).count()) << toString(primitive);
+        }
     }
 }