Merge changes from topic "ch_hal_v4" into main
* changes:
Update contexhub stub impl to V4
Introduce new endpoint lifecycle interfaces for ContextHub v4
Introduce new interfaces for ContextHub v4
diff --git a/audio/aidl/vts/EffectHelper.h b/audio/aidl/vts/EffectHelper.h
index 3877c60..f0622a8 100644
--- a/audio/aidl/vts/EffectHelper.h
+++ b/audio/aidl/vts/EffectHelper.h
@@ -84,6 +84,7 @@
}
static constexpr float kMaxAudioSampleValue = 1;
+static constexpr int kSamplingFrequency = 44100;
class EffectHelper {
public:
diff --git a/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp b/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
index 9fe5801..6bfba65 100644
--- a/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
@@ -80,6 +80,7 @@
using aidl::android::hardware::audio::core::VendorParameter;
using aidl::android::hardware::audio::core::sounddose::ISoundDose;
using aidl::android::hardware::common::fmq::SynchronizedReadWrite;
+using aidl::android::media::audio::common::AudioChannelLayout;
using aidl::android::media::audio::common::AudioContentType;
using aidl::android::media::audio::common::AudioDevice;
using aidl::android::media::audio::common::AudioDeviceAddress;
@@ -1514,7 +1515,7 @@
const int defaultDeviceFlag = 1 << AudioPortDeviceExt::FLAG_INDEX_DEFAULT_DEVICE;
for (const auto& port : ports) {
if (port.ext.getTag() != AudioPortExt::Tag::device) continue;
- const auto& devicePort = port.ext.get<AudioPortExt::Tag::device>();
+ const AudioPortDeviceExt& devicePort = port.ext.get<AudioPortExt::Tag::device>();
EXPECT_NE(AudioDeviceType::NONE, devicePort.device.type.type);
EXPECT_NE(AudioDeviceType::IN_DEFAULT, devicePort.device.type.type);
EXPECT_NE(AudioDeviceType::OUT_DEFAULT, devicePort.device.type.type);
@@ -1549,6 +1550,15 @@
FAIL() << "Invalid AudioIoFlags Tag: " << toString(port.flags.getTag());
}
}
+ // Speaker layout can be null or layoutMask variant.
+ if (devicePort.speakerLayout.has_value()) {
+ // Should only be set for output ports.
+ EXPECT_EQ(AudioIoFlags::Tag::output, port.flags.getTag());
+ const auto speakerLayoutTag = devicePort.speakerLayout.value().getTag();
+ EXPECT_EQ(AudioChannelLayout::Tag::layoutMask, speakerLayoutTag)
+ << "If set, speaker layout must be layoutMask. Received: "
+ << toString(speakerLayoutTag);
+ }
}
}
diff --git a/audio/aidl/vts/VtsHalBassBoostTargetTest.cpp b/audio/aidl/vts/VtsHalBassBoostTargetTest.cpp
index 5ce2a20..4c54043 100644
--- a/audio/aidl/vts/VtsHalBassBoostTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalBassBoostTargetTest.cpp
@@ -113,7 +113,6 @@
}
}
- static constexpr int kSamplingFrequency = 44100;
static constexpr int kDurationMilliSec = 720;
static constexpr int kInputSize = kSamplingFrequency * kDurationMilliSec / 1000;
long mInputFrameCount, mOutputFrameCount;
diff --git a/audio/aidl/vts/VtsHalEnvironmentalReverbTargetTest.cpp b/audio/aidl/vts/VtsHalEnvironmentalReverbTargetTest.cpp
index e31aae6..1e4e735 100644
--- a/audio/aidl/vts/VtsHalEnvironmentalReverbTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalEnvironmentalReverbTargetTest.cpp
@@ -226,7 +226,6 @@
void generateSineWaveInput(std::vector<float>& input) {
int frequency = 1000;
- size_t kSamplingFrequency = 44100;
for (size_t i = 0; i < input.size(); i++) {
input[i] = sin(2 * M_PI * frequency * i / kSamplingFrequency);
}
@@ -286,7 +285,6 @@
}
}
- static constexpr int kSamplingFrequency = 44100;
static constexpr int kDurationMilliSec = 500;
static constexpr int kBufferSize = kSamplingFrequency * kDurationMilliSec / 1000;
diff --git a/audio/aidl/vts/VtsHalPresetReverbTargetTest.cpp b/audio/aidl/vts/VtsHalPresetReverbTargetTest.cpp
index 542f0d8..8b82427 100644
--- a/audio/aidl/vts/VtsHalPresetReverbTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalPresetReverbTargetTest.cpp
@@ -81,7 +81,6 @@
<< "\ngetParam:" << getParam.toString();
}
- static constexpr int kSamplingFrequency = 44100;
static constexpr int kDurationMilliSec = 500;
static constexpr int kBufferSize = kSamplingFrequency * kDurationMilliSec / 1000;
int mStereoChannelCount =
diff --git a/audio/aidl/vts/VtsHalVirtualizerTargetTest.cpp b/audio/aidl/vts/VtsHalVirtualizerTargetTest.cpp
index b449f3c..1b7dd67 100644
--- a/audio/aidl/vts/VtsHalVirtualizerTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalVirtualizerTargetTest.cpp
@@ -94,7 +94,6 @@
}
}
- static constexpr int kSamplingFrequency = 44100;
static constexpr int kDefaultChannelLayout = AudioChannelLayout::LAYOUT_STEREO;
static constexpr int kDurationMilliSec = 720;
static constexpr int kBufferSize = kSamplingFrequency * kDurationMilliSec / 1000;
diff --git a/audio/aidl/vts/VtsHalVolumeTargetTest.cpp b/audio/aidl/vts/VtsHalVolumeTargetTest.cpp
index 4300801..14ebc4a 100644
--- a/audio/aidl/vts/VtsHalVolumeTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalVolumeTargetTest.cpp
@@ -93,7 +93,6 @@
}
}
- static constexpr int kSamplingFrequency = 44100;
static constexpr int kDurationMilliSec = 720;
static constexpr int kBufferSize = kSamplingFrequency * kDurationMilliSec / 1000;
static constexpr int kMinLevel = -96;
diff --git a/compatibility_matrices/compatibility_matrix.202504.xml b/compatibility_matrices/compatibility_matrix.202504.xml
index ca62108..cd8fe2d 100644
--- a/compatibility_matrices/compatibility_matrix.202504.xml
+++ b/compatibility_matrices/compatibility_matrix.202504.xml
@@ -313,7 +313,7 @@
</hal>
<hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.keymint</name>
- <version>1-3</version>
+ <version>1-4</version>
<interface>
<name>IKeyMintDevice</name>
<instance>default</instance>
diff --git a/confirmationui/aidl/Android.bp b/confirmationui/aidl/Android.bp
index 51bde0a..1f17866 100644
--- a/confirmationui/aidl/Android.bp
+++ b/confirmationui/aidl/Android.bp
@@ -19,8 +19,8 @@
aidl_interface {
name: "android.hardware.confirmationui",
vendor_available: true,
- imports: [
- "android.hardware.security.keymint-V3",
+ defaults: [
+ "android.hardware.security.keymint-latest-defaults",
],
srcs: ["android/hardware/confirmationui/*.aidl"],
stability: "vintf",
@@ -38,7 +38,7 @@
versions_with_info: [
{
version: "1",
- imports: ["android.hardware.security.keymint-V3"],
+ imports: ["android.hardware.security.keymint-V4"],
},
],
frozen: true,
diff --git a/contexthub/OWNERS b/contexthub/OWNERS
index f35961a..ccd385b 100644
--- a/contexthub/OWNERS
+++ b/contexthub/OWNERS
@@ -1,2 +1,3 @@
# Bug component: 156070
bduddie@google.com
+arthuri@google.com
diff --git a/gatekeeper/aidl/Android.bp b/gatekeeper/aidl/Android.bp
index 169a7d5..88c10b7 100644
--- a/gatekeeper/aidl/Android.bp
+++ b/gatekeeper/aidl/Android.bp
@@ -10,8 +10,8 @@
aidl_interface {
name: "android.hardware.gatekeeper",
vendor_available: true,
- imports: [
- "android.hardware.security.keymint-V3",
+ defaults: [
+ "android.hardware.security.keymint-latest-defaults",
],
srcs: ["android/hardware/gatekeeper/*.aidl"],
stability: "vintf",
@@ -32,7 +32,7 @@
versions_with_info: [
{
version: "1",
- imports: ["android.hardware.security.keymint-V3"],
+ imports: ["android.hardware.security.keymint-V4"],
},
],
frozen: true,
diff --git a/power/1.0/vts/functional/Android.bp b/power/1.0/vts/functional/Android.bp
index 7d90a83..0bb1420 100644
--- a/power/1.0/vts/functional/Android.bp
+++ b/power/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/power/1.1/vts/functional/Android.bp b/power/1.1/vts/functional/Android.bp
index 4270ab7..83f1e6d 100644
--- a/power/1.1/vts/functional/Android.bp
+++ b/power/1.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/power/1.2/vts/functional/Android.bp b/power/1.2/vts/functional/Android.bp
index ab4b601..82184e8 100644
--- a/power/1.2/vts/functional/Android.bp
+++ b/power/1.2/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/power/1.3/vts/functional/Android.bp b/power/1.3/vts/functional/Android.bp
index c1186e3..c164901 100644
--- a/power/1.3/vts/functional/Android.bp
+++ b/power/1.3/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/power/aidl/vts/Android.bp b/power/aidl/vts/Android.bp
index c9285f4..e3e72d8 100644
--- a/power/aidl/vts/Android.bp
+++ b/power/aidl/vts/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/power/stats/1.0/vts/functional/Android.bp b/power/stats/1.0/vts/functional/Android.bp
index 5a448d8..c11f848 100644
--- a/power/stats/1.0/vts/functional/Android.bp
+++ b/power/stats/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/power/stats/aidl/vts/Android.bp b/power/stats/aidl/vts/Android.bp
index b9a395b..4fdc184 100644
--- a/power/stats/aidl/vts/Android.bp
+++ b/power/stats/aidl/vts/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_powermanager_framework",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/radio/aidl/android/hardware/radio/network/CellIdentityLte.aidl b/radio/aidl/android/hardware/radio/network/CellIdentityLte.aidl
index 27c2580..c4c76cf 100644
--- a/radio/aidl/android/hardware/radio/network/CellIdentityLte.aidl
+++ b/radio/aidl/android/hardware/radio/network/CellIdentityLte.aidl
@@ -53,7 +53,7 @@
*/
OperatorInfo operatorNames;
/**
- * Cell bandwidth, in kHz.
+ * Cell bandwidth, in kHz. Must be valid as described in TS 36.101 5.6.
*/
int bandwidth;
/**
diff --git a/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl b/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl
index 7870a74..1e010b9 100644
--- a/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl
+++ b/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl
@@ -257,7 +257,7 @@
* Request APDU exchange on the basic channel. This command reflects TS 27.007
* "generic SIM access" operation (+CSIM). The modem must ensure proper function of GSM/CDMA,
* and filter commands appropriately. It must filter channel management and SELECT by DF
- * name commands. "sessionid" field must be ignored.
+ * name commands. "sessionId" field is always 0 (for aid="") and may be ignored.
*
* @param serial Serial number of request.
* @param message SimApdu to be sent
diff --git a/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl b/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl
index 91b5729..cf08bad 100644
--- a/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl
+++ b/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl
@@ -263,6 +263,8 @@
* RadioError:NONE
* RadioError:RADIO_NOT_AVAILABLE
* RadioError:INTERNAL_ERR
+ * RadioError:INVALID_ARGUMENTS when given channel is invalid or basic (channel 0)
+ * RadioError:MISSING_RESOURCE when given channel is not open
* RadioError:NO_MEMORY
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
@@ -325,6 +327,7 @@
* RadioError:NONE
* RadioError:RADIO_NOT_AVAILABLE
* RadioError:INTERNAL_ERR
+ * RadioError:INVALID_ARGUMENTS
* RadioError:NO_MEMORY
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
diff --git a/renderscript/1.0/vts/functional/Android.bp b/renderscript/1.0/vts/functional/Android.bp
index 4b665b1..64c4aab 100644
--- a/renderscript/1.0/vts/functional/Android.bp
+++ b/renderscript/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_renderscript_nnapi",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/security/keymint/aidl/Android.bp b/security/keymint/aidl/Android.bp
index e346610..a2e58ac 100644
--- a/security/keymint/aidl/Android.bp
+++ b/security/keymint/aidl/Android.bp
@@ -17,7 +17,7 @@
"android.hardware.security.secureclock-V1",
],
stability: "vintf",
- frozen: true,
+ frozen: false,
backend: {
java: {
platform_apis: true,
@@ -51,34 +51,42 @@
}
+// An aidl_interface_defaults that includes the latest KeyMint AIDL interface.
+// aidl_interface modules that depend on KeyMint directly can include this
+// aidl_interface_defaults to avoid managing dependency versions explicitly.
+aidl_interface_defaults {
+ name: "android.hardware.security.keymint-latest-defaults",
+ imports: ["android.hardware.security.keymint-V4"],
+}
+
// cc_defaults that includes the latest KeyMint AIDL library.
// Modules that depend on KeyMint directly can include this cc_defaults to avoid
// managing dependency versions explicitly.
cc_defaults {
name: "keymint_use_latest_hal_aidl_ndk_static",
static_libs: [
- "android.hardware.security.keymint-V3-ndk",
+ "android.hardware.security.keymint-V4-ndk",
],
}
cc_defaults {
name: "keymint_use_latest_hal_aidl_ndk_shared",
shared_libs: [
- "android.hardware.security.keymint-V3-ndk",
+ "android.hardware.security.keymint-V4-ndk",
],
}
cc_defaults {
name: "keymint_use_latest_hal_aidl_cpp_static",
static_libs: [
- "android.hardware.security.keymint-V3-cpp",
+ "android.hardware.security.keymint-V4-cpp",
],
}
cc_defaults {
name: "keymint_use_latest_hal_aidl_cpp_shared",
shared_libs: [
- "android.hardware.security.keymint-V3-cpp",
+ "android.hardware.security.keymint-V4-cpp",
],
}
@@ -88,6 +96,6 @@
rust_defaults {
name: "keymint_use_latest_hal_aidl_rust",
rustlibs: [
- "android.hardware.security.keymint-V3-rust",
+ "android.hardware.security.keymint-V4-rust",
],
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
index b05a0f3..71d3651 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
@@ -36,90 +36,91 @@
@Backing(type="int") @VintfStability
enum ErrorCode {
OK = 0,
- ROOT_OF_TRUST_ALREADY_SET = -1,
- UNSUPPORTED_PURPOSE = -2,
- INCOMPATIBLE_PURPOSE = -3,
- UNSUPPORTED_ALGORITHM = -4,
- INCOMPATIBLE_ALGORITHM = -5,
- UNSUPPORTED_KEY_SIZE = -6,
- UNSUPPORTED_BLOCK_MODE = -7,
- INCOMPATIBLE_BLOCK_MODE = -8,
- UNSUPPORTED_MAC_LENGTH = -9,
- UNSUPPORTED_PADDING_MODE = -10,
- INCOMPATIBLE_PADDING_MODE = -11,
- UNSUPPORTED_DIGEST = -12,
- INCOMPATIBLE_DIGEST = -13,
- INVALID_EXPIRATION_TIME = -14,
- INVALID_USER_ID = -15,
- INVALID_AUTHORIZATION_TIMEOUT = -16,
- UNSUPPORTED_KEY_FORMAT = -17,
- INCOMPATIBLE_KEY_FORMAT = -18,
- UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19,
- UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20,
- INVALID_INPUT_LENGTH = -21,
- KEY_EXPORT_OPTIONS_INVALID = -22,
- DELEGATION_NOT_ALLOWED = -23,
- KEY_NOT_YET_VALID = -24,
- KEY_EXPIRED = -25,
- KEY_USER_NOT_AUTHENTICATED = -26,
- OUTPUT_PARAMETER_NULL = -27,
- INVALID_OPERATION_HANDLE = -28,
- INSUFFICIENT_BUFFER_SPACE = -29,
- VERIFICATION_FAILED = -30,
- TOO_MANY_OPERATIONS = -31,
- UNEXPECTED_NULL_POINTER = -32,
- INVALID_KEY_BLOB = -33,
- IMPORTED_KEY_NOT_ENCRYPTED = -34,
- IMPORTED_KEY_DECRYPTION_FAILED = -35,
- IMPORTED_KEY_NOT_SIGNED = -36,
- IMPORTED_KEY_VERIFICATION_FAILED = -37,
- INVALID_ARGUMENT = -38,
- UNSUPPORTED_TAG = -39,
- INVALID_TAG = -40,
- MEMORY_ALLOCATION_FAILED = -41,
- IMPORT_PARAMETER_MISMATCH = -44,
- SECURE_HW_ACCESS_DENIED = -45,
- OPERATION_CANCELLED = -46,
- CONCURRENT_ACCESS_CONFLICT = -47,
- SECURE_HW_BUSY = -48,
- SECURE_HW_COMMUNICATION_FAILED = -49,
- UNSUPPORTED_EC_FIELD = -50,
- MISSING_NONCE = -51,
- INVALID_NONCE = -52,
- MISSING_MAC_LENGTH = -53,
- KEY_RATE_LIMIT_EXCEEDED = -54,
- CALLER_NONCE_PROHIBITED = -55,
- KEY_MAX_OPS_EXCEEDED = -56,
- INVALID_MAC_LENGTH = -57,
- MISSING_MIN_MAC_LENGTH = -58,
- UNSUPPORTED_MIN_MAC_LENGTH = -59,
- UNSUPPORTED_KDF = -60,
- UNSUPPORTED_EC_CURVE = -61,
- KEY_REQUIRES_UPGRADE = -62,
- ATTESTATION_CHALLENGE_MISSING = -63,
- KEYMINT_NOT_CONFIGURED = -64,
- ATTESTATION_APPLICATION_ID_MISSING = -65,
- CANNOT_ATTEST_IDS = -66,
- ROLLBACK_RESISTANCE_UNAVAILABLE = -67,
- HARDWARE_TYPE_UNAVAILABLE = -68,
- PROOF_OF_PRESENCE_REQUIRED = -69,
- CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = -70,
- NO_USER_CONFIRMATION = -71,
- DEVICE_LOCKED = -72,
- EARLY_BOOT_ENDED = -73,
- ATTESTATION_KEYS_NOT_PROVISIONED = -74,
- ATTESTATION_IDS_NOT_PROVISIONED = -75,
- INVALID_OPERATION = -76,
- STORAGE_KEY_UNSUPPORTED = -77,
- INCOMPATIBLE_MGF_DIGEST = -78,
- UNSUPPORTED_MGF_DIGEST = -79,
- MISSING_NOT_BEFORE = -80,
- MISSING_NOT_AFTER = -81,
- MISSING_ISSUER_SUBJECT = -82,
- INVALID_ISSUER_SUBJECT = -83,
- BOOT_LEVEL_EXCEEDED = -84,
- HARDWARE_NOT_YET_AVAILABLE = -85,
- UNIMPLEMENTED = -100,
- VERSION_MISMATCH = -101,
- UNKNOWN_ERROR = -1000,
+ ROOT_OF_TRUST_ALREADY_SET = (-1) /* -1 */,
+ UNSUPPORTED_PURPOSE = (-2) /* -2 */,
+ INCOMPATIBLE_PURPOSE = (-3) /* -3 */,
+ UNSUPPORTED_ALGORITHM = (-4) /* -4 */,
+ INCOMPATIBLE_ALGORITHM = (-5) /* -5 */,
+ UNSUPPORTED_KEY_SIZE = (-6) /* -6 */,
+ UNSUPPORTED_BLOCK_MODE = (-7) /* -7 */,
+ INCOMPATIBLE_BLOCK_MODE = (-8) /* -8 */,
+ UNSUPPORTED_MAC_LENGTH = (-9) /* -9 */,
+ UNSUPPORTED_PADDING_MODE = (-10) /* -10 */,
+ INCOMPATIBLE_PADDING_MODE = (-11) /* -11 */,
+ UNSUPPORTED_DIGEST = (-12) /* -12 */,
+ INCOMPATIBLE_DIGEST = (-13) /* -13 */,
+ INVALID_EXPIRATION_TIME = (-14) /* -14 */,
+ INVALID_USER_ID = (-15) /* -15 */,
+ INVALID_AUTHORIZATION_TIMEOUT = (-16) /* -16 */,
+ UNSUPPORTED_KEY_FORMAT = (-17) /* -17 */,
+ INCOMPATIBLE_KEY_FORMAT = (-18) /* -18 */,
+ UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = (-19) /* -19 */,
+ UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = (-20) /* -20 */,
+ INVALID_INPUT_LENGTH = (-21) /* -21 */,
+ KEY_EXPORT_OPTIONS_INVALID = (-22) /* -22 */,
+ DELEGATION_NOT_ALLOWED = (-23) /* -23 */,
+ KEY_NOT_YET_VALID = (-24) /* -24 */,
+ KEY_EXPIRED = (-25) /* -25 */,
+ KEY_USER_NOT_AUTHENTICATED = (-26) /* -26 */,
+ OUTPUT_PARAMETER_NULL = (-27) /* -27 */,
+ INVALID_OPERATION_HANDLE = (-28) /* -28 */,
+ INSUFFICIENT_BUFFER_SPACE = (-29) /* -29 */,
+ VERIFICATION_FAILED = (-30) /* -30 */,
+ TOO_MANY_OPERATIONS = (-31) /* -31 */,
+ UNEXPECTED_NULL_POINTER = (-32) /* -32 */,
+ INVALID_KEY_BLOB = (-33) /* -33 */,
+ IMPORTED_KEY_NOT_ENCRYPTED = (-34) /* -34 */,
+ IMPORTED_KEY_DECRYPTION_FAILED = (-35) /* -35 */,
+ IMPORTED_KEY_NOT_SIGNED = (-36) /* -36 */,
+ IMPORTED_KEY_VERIFICATION_FAILED = (-37) /* -37 */,
+ INVALID_ARGUMENT = (-38) /* -38 */,
+ UNSUPPORTED_TAG = (-39) /* -39 */,
+ INVALID_TAG = (-40) /* -40 */,
+ MEMORY_ALLOCATION_FAILED = (-41) /* -41 */,
+ IMPORT_PARAMETER_MISMATCH = (-44) /* -44 */,
+ SECURE_HW_ACCESS_DENIED = (-45) /* -45 */,
+ OPERATION_CANCELLED = (-46) /* -46 */,
+ CONCURRENT_ACCESS_CONFLICT = (-47) /* -47 */,
+ SECURE_HW_BUSY = (-48) /* -48 */,
+ SECURE_HW_COMMUNICATION_FAILED = (-49) /* -49 */,
+ UNSUPPORTED_EC_FIELD = (-50) /* -50 */,
+ MISSING_NONCE = (-51) /* -51 */,
+ INVALID_NONCE = (-52) /* -52 */,
+ MISSING_MAC_LENGTH = (-53) /* -53 */,
+ KEY_RATE_LIMIT_EXCEEDED = (-54) /* -54 */,
+ CALLER_NONCE_PROHIBITED = (-55) /* -55 */,
+ KEY_MAX_OPS_EXCEEDED = (-56) /* -56 */,
+ INVALID_MAC_LENGTH = (-57) /* -57 */,
+ MISSING_MIN_MAC_LENGTH = (-58) /* -58 */,
+ UNSUPPORTED_MIN_MAC_LENGTH = (-59) /* -59 */,
+ UNSUPPORTED_KDF = (-60) /* -60 */,
+ UNSUPPORTED_EC_CURVE = (-61) /* -61 */,
+ KEY_REQUIRES_UPGRADE = (-62) /* -62 */,
+ ATTESTATION_CHALLENGE_MISSING = (-63) /* -63 */,
+ KEYMINT_NOT_CONFIGURED = (-64) /* -64 */,
+ ATTESTATION_APPLICATION_ID_MISSING = (-65) /* -65 */,
+ CANNOT_ATTEST_IDS = (-66) /* -66 */,
+ ROLLBACK_RESISTANCE_UNAVAILABLE = (-67) /* -67 */,
+ HARDWARE_TYPE_UNAVAILABLE = (-68) /* -68 */,
+ PROOF_OF_PRESENCE_REQUIRED = (-69) /* -69 */,
+ CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = (-70) /* -70 */,
+ NO_USER_CONFIRMATION = (-71) /* -71 */,
+ DEVICE_LOCKED = (-72) /* -72 */,
+ EARLY_BOOT_ENDED = (-73) /* -73 */,
+ ATTESTATION_KEYS_NOT_PROVISIONED = (-74) /* -74 */,
+ ATTESTATION_IDS_NOT_PROVISIONED = (-75) /* -75 */,
+ INVALID_OPERATION = (-76) /* -76 */,
+ STORAGE_KEY_UNSUPPORTED = (-77) /* -77 */,
+ INCOMPATIBLE_MGF_DIGEST = (-78) /* -78 */,
+ UNSUPPORTED_MGF_DIGEST = (-79) /* -79 */,
+ MISSING_NOT_BEFORE = (-80) /* -80 */,
+ MISSING_NOT_AFTER = (-81) /* -81 */,
+ MISSING_ISSUER_SUBJECT = (-82) /* -82 */,
+ INVALID_ISSUER_SUBJECT = (-83) /* -83 */,
+ BOOT_LEVEL_EXCEEDED = (-84) /* -84 */,
+ HARDWARE_NOT_YET_AVAILABLE = (-85) /* -85 */,
+ MODULE_HASH_ALREADY_SET = (-86) /* -86 */,
+ UNIMPLEMENTED = (-100) /* -100 */,
+ VERSION_MISMATCH = (-101) /* -101 */,
+ UNKNOWN_ERROR = (-1000) /* -1000 */,
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl
index dfc98f0..eb4f621 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl
@@ -36,7 +36,7 @@
@Backing(type="int") @VintfStability
enum HardwareAuthenticatorType {
NONE = 0,
- PASSWORD = 1,
- FINGERPRINT = 2,
- ANY = -1,
+ PASSWORD = (1 << 0) /* 1 */,
+ FINGERPRINT = (1 << 1) /* 2 */,
+ ANY = 0xFFFFFFFF,
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
index dcc22c4..2945dab 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -52,5 +52,6 @@
byte[16] getRootOfTrustChallenge();
byte[] getRootOfTrust(in byte[16] challenge);
void sendRootOfTrust(in byte[] rootOfTrust);
+ void setAdditionalAttestationInfo(in android.hardware.security.keymint.KeyParameter[] info);
const int AUTH_TOKEN_MAC_LENGTH = 32;
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
index 6ae2369..79341ee 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
@@ -36,69 +36,70 @@
@Backing(type="int") @VintfStability
enum Tag {
INVALID = 0,
- PURPOSE = 536870913,
- ALGORITHM = 268435458,
- KEY_SIZE = 805306371,
- BLOCK_MODE = 536870916,
- DIGEST = 536870917,
- PADDING = 536870918,
- CALLER_NONCE = 1879048199,
- MIN_MAC_LENGTH = 805306376,
- EC_CURVE = 268435466,
- RSA_PUBLIC_EXPONENT = 1342177480,
- INCLUDE_UNIQUE_ID = 1879048394,
- RSA_OAEP_MGF_DIGEST = 536871115,
- BOOTLOADER_ONLY = 1879048494,
- ROLLBACK_RESISTANCE = 1879048495,
- HARDWARE_TYPE = 268435760,
- EARLY_BOOT_ONLY = 1879048497,
- ACTIVE_DATETIME = 1610613136,
- ORIGINATION_EXPIRE_DATETIME = 1610613137,
- USAGE_EXPIRE_DATETIME = 1610613138,
- MIN_SECONDS_BETWEEN_OPS = 805306771,
- MAX_USES_PER_BOOT = 805306772,
- USAGE_COUNT_LIMIT = 805306773,
- USER_ID = 805306869,
- USER_SECURE_ID = -1610612234,
- NO_AUTH_REQUIRED = 1879048695,
- USER_AUTH_TYPE = 268435960,
- AUTH_TIMEOUT = 805306873,
- ALLOW_WHILE_ON_BODY = 1879048698,
- TRUSTED_USER_PRESENCE_REQUIRED = 1879048699,
- TRUSTED_CONFIRMATION_REQUIRED = 1879048700,
- UNLOCKED_DEVICE_REQUIRED = 1879048701,
- APPLICATION_ID = -1879047591,
- APPLICATION_DATA = -1879047492,
- CREATION_DATETIME = 1610613437,
- ORIGIN = 268436158,
- ROOT_OF_TRUST = -1879047488,
- OS_VERSION = 805307073,
- OS_PATCHLEVEL = 805307074,
- UNIQUE_ID = -1879047485,
- ATTESTATION_CHALLENGE = -1879047484,
- ATTESTATION_APPLICATION_ID = -1879047483,
- ATTESTATION_ID_BRAND = -1879047482,
- ATTESTATION_ID_DEVICE = -1879047481,
- ATTESTATION_ID_PRODUCT = -1879047480,
- ATTESTATION_ID_SERIAL = -1879047479,
- ATTESTATION_ID_IMEI = -1879047478,
- ATTESTATION_ID_MEID = -1879047477,
- ATTESTATION_ID_MANUFACTURER = -1879047476,
- ATTESTATION_ID_MODEL = -1879047475,
- VENDOR_PATCHLEVEL = 805307086,
- BOOT_PATCHLEVEL = 805307087,
- DEVICE_UNIQUE_ATTESTATION = 1879048912,
- IDENTITY_CREDENTIAL_KEY = 1879048913,
- STORAGE_KEY = 1879048914,
- ATTESTATION_ID_SECOND_IMEI = -1879047469,
- ASSOCIATED_DATA = -1879047192,
- NONCE = -1879047191,
- MAC_LENGTH = 805307371,
- RESET_SINCE_ID_ROTATION = 1879049196,
- CONFIRMATION_TOKEN = -1879047187,
- CERTIFICATE_SERIAL = -2147482642,
- CERTIFICATE_SUBJECT = -1879047185,
- CERTIFICATE_NOT_BEFORE = 1610613744,
- CERTIFICATE_NOT_AFTER = 1610613745,
- MAX_BOOT_LEVEL = 805307378,
+ PURPOSE = (android.hardware.security.keymint.TagType.ENUM_REP | 1) /* 536870913 */,
+ ALGORITHM = (android.hardware.security.keymint.TagType.ENUM | 2) /* 268435458 */,
+ KEY_SIZE = (android.hardware.security.keymint.TagType.UINT | 3) /* 805306371 */,
+ BLOCK_MODE = (android.hardware.security.keymint.TagType.ENUM_REP | 4) /* 536870916 */,
+ DIGEST = (android.hardware.security.keymint.TagType.ENUM_REP | 5) /* 536870917 */,
+ PADDING = (android.hardware.security.keymint.TagType.ENUM_REP | 6) /* 536870918 */,
+ CALLER_NONCE = (android.hardware.security.keymint.TagType.BOOL | 7) /* 1879048199 */,
+ MIN_MAC_LENGTH = (android.hardware.security.keymint.TagType.UINT | 8) /* 805306376 */,
+ EC_CURVE = (android.hardware.security.keymint.TagType.ENUM | 10) /* 268435466 */,
+ RSA_PUBLIC_EXPONENT = (android.hardware.security.keymint.TagType.ULONG | 200) /* 1342177480 */,
+ INCLUDE_UNIQUE_ID = (android.hardware.security.keymint.TagType.BOOL | 202) /* 1879048394 */,
+ RSA_OAEP_MGF_DIGEST = (android.hardware.security.keymint.TagType.ENUM_REP | 203) /* 536871115 */,
+ BOOTLOADER_ONLY = (android.hardware.security.keymint.TagType.BOOL | 302) /* 1879048494 */,
+ ROLLBACK_RESISTANCE = (android.hardware.security.keymint.TagType.BOOL | 303) /* 1879048495 */,
+ HARDWARE_TYPE = (android.hardware.security.keymint.TagType.ENUM | 304) /* 268435760 */,
+ EARLY_BOOT_ONLY = (android.hardware.security.keymint.TagType.BOOL | 305) /* 1879048497 */,
+ ACTIVE_DATETIME = (android.hardware.security.keymint.TagType.DATE | 400) /* 1610613136 */,
+ ORIGINATION_EXPIRE_DATETIME = (android.hardware.security.keymint.TagType.DATE | 401) /* 1610613137 */,
+ USAGE_EXPIRE_DATETIME = (android.hardware.security.keymint.TagType.DATE | 402) /* 1610613138 */,
+ MIN_SECONDS_BETWEEN_OPS = (android.hardware.security.keymint.TagType.UINT | 403) /* 805306771 */,
+ MAX_USES_PER_BOOT = (android.hardware.security.keymint.TagType.UINT | 404) /* 805306772 */,
+ USAGE_COUNT_LIMIT = (android.hardware.security.keymint.TagType.UINT | 405) /* 805306773 */,
+ USER_ID = (android.hardware.security.keymint.TagType.UINT | 501) /* 805306869 */,
+ USER_SECURE_ID = (android.hardware.security.keymint.TagType.ULONG_REP | 502) /* -1610612234 */,
+ NO_AUTH_REQUIRED = (android.hardware.security.keymint.TagType.BOOL | 503) /* 1879048695 */,
+ USER_AUTH_TYPE = (android.hardware.security.keymint.TagType.ENUM | 504) /* 268435960 */,
+ AUTH_TIMEOUT = (android.hardware.security.keymint.TagType.UINT | 505) /* 805306873 */,
+ ALLOW_WHILE_ON_BODY = (android.hardware.security.keymint.TagType.BOOL | 506) /* 1879048698 */,
+ TRUSTED_USER_PRESENCE_REQUIRED = (android.hardware.security.keymint.TagType.BOOL | 507) /* 1879048699 */,
+ TRUSTED_CONFIRMATION_REQUIRED = (android.hardware.security.keymint.TagType.BOOL | 508) /* 1879048700 */,
+ UNLOCKED_DEVICE_REQUIRED = (android.hardware.security.keymint.TagType.BOOL | 509) /* 1879048701 */,
+ APPLICATION_ID = (android.hardware.security.keymint.TagType.BYTES | 601) /* -1879047591 */,
+ APPLICATION_DATA = (android.hardware.security.keymint.TagType.BYTES | 700) /* -1879047492 */,
+ CREATION_DATETIME = (android.hardware.security.keymint.TagType.DATE | 701) /* 1610613437 */,
+ ORIGIN = (android.hardware.security.keymint.TagType.ENUM | 702) /* 268436158 */,
+ ROOT_OF_TRUST = (android.hardware.security.keymint.TagType.BYTES | 704) /* -1879047488 */,
+ OS_VERSION = (android.hardware.security.keymint.TagType.UINT | 705) /* 805307073 */,
+ OS_PATCHLEVEL = (android.hardware.security.keymint.TagType.UINT | 706) /* 805307074 */,
+ UNIQUE_ID = (android.hardware.security.keymint.TagType.BYTES | 707) /* -1879047485 */,
+ ATTESTATION_CHALLENGE = (android.hardware.security.keymint.TagType.BYTES | 708) /* -1879047484 */,
+ ATTESTATION_APPLICATION_ID = (android.hardware.security.keymint.TagType.BYTES | 709) /* -1879047483 */,
+ ATTESTATION_ID_BRAND = (android.hardware.security.keymint.TagType.BYTES | 710) /* -1879047482 */,
+ ATTESTATION_ID_DEVICE = (android.hardware.security.keymint.TagType.BYTES | 711) /* -1879047481 */,
+ ATTESTATION_ID_PRODUCT = (android.hardware.security.keymint.TagType.BYTES | 712) /* -1879047480 */,
+ ATTESTATION_ID_SERIAL = (android.hardware.security.keymint.TagType.BYTES | 713) /* -1879047479 */,
+ ATTESTATION_ID_IMEI = (android.hardware.security.keymint.TagType.BYTES | 714) /* -1879047478 */,
+ ATTESTATION_ID_MEID = (android.hardware.security.keymint.TagType.BYTES | 715) /* -1879047477 */,
+ ATTESTATION_ID_MANUFACTURER = (android.hardware.security.keymint.TagType.BYTES | 716) /* -1879047476 */,
+ ATTESTATION_ID_MODEL = (android.hardware.security.keymint.TagType.BYTES | 717) /* -1879047475 */,
+ VENDOR_PATCHLEVEL = (android.hardware.security.keymint.TagType.UINT | 718) /* 805307086 */,
+ BOOT_PATCHLEVEL = (android.hardware.security.keymint.TagType.UINT | 719) /* 805307087 */,
+ DEVICE_UNIQUE_ATTESTATION = (android.hardware.security.keymint.TagType.BOOL | 720) /* 1879048912 */,
+ IDENTITY_CREDENTIAL_KEY = (android.hardware.security.keymint.TagType.BOOL | 721) /* 1879048913 */,
+ STORAGE_KEY = (android.hardware.security.keymint.TagType.BOOL | 722) /* 1879048914 */,
+ ATTESTATION_ID_SECOND_IMEI = (android.hardware.security.keymint.TagType.BYTES | 723) /* -1879047469 */,
+ MODULE_HASH = (android.hardware.security.keymint.TagType.BYTES | 724) /* -1879047468 */,
+ ASSOCIATED_DATA = (android.hardware.security.keymint.TagType.BYTES | 1000) /* -1879047192 */,
+ NONCE = (android.hardware.security.keymint.TagType.BYTES | 1001) /* -1879047191 */,
+ MAC_LENGTH = (android.hardware.security.keymint.TagType.UINT | 1003) /* 805307371 */,
+ RESET_SINCE_ID_ROTATION = (android.hardware.security.keymint.TagType.BOOL | 1004) /* 1879049196 */,
+ CONFIRMATION_TOKEN = (android.hardware.security.keymint.TagType.BYTES | 1005) /* -1879047187 */,
+ CERTIFICATE_SERIAL = (android.hardware.security.keymint.TagType.BIGNUM | 1006) /* -2147482642 */,
+ CERTIFICATE_SUBJECT = (android.hardware.security.keymint.TagType.BYTES | 1007) /* -1879047185 */,
+ CERTIFICATE_NOT_BEFORE = (android.hardware.security.keymint.TagType.DATE | 1008) /* 1610613744 */,
+ CERTIFICATE_NOT_AFTER = (android.hardware.security.keymint.TagType.DATE | 1009) /* 1610613745 */,
+ MAX_BOOT_LEVEL = (android.hardware.security.keymint.TagType.UINT | 1010) /* 805307378 */,
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl
index a7d1de5..ca19e7e 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl
@@ -35,15 +35,15 @@
/* @hide */
@Backing(type="int") @VintfStability
enum TagType {
- INVALID = 0,
- ENUM = 268435456,
- ENUM_REP = 536870912,
- UINT = 805306368,
- UINT_REP = 1073741824,
- ULONG = 1342177280,
- DATE = 1610612736,
- BOOL = 1879048192,
- BIGNUM = -2147483648,
- BYTES = -1879048192,
- ULONG_REP = -1610612736,
+ INVALID = (0 << 28) /* 0 */,
+ ENUM = (1 << 28) /* 268435456 */,
+ ENUM_REP = (2 << 28) /* 536870912 */,
+ UINT = (3 << 28) /* 805306368 */,
+ UINT_REP = (4 << 28) /* 1073741824 */,
+ ULONG = (5 << 28) /* 1342177280 */,
+ DATE = (6 << 28) /* 1610612736 */,
+ BOOL = (7 << 28) /* 1879048192 */,
+ BIGNUM = (8 << 28) /* -2147483648 */,
+ BYTES = (9 << 28) /* -1879048192 */,
+ ULONG_REP = (10 << 28) /* -1610612736 */,
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl b/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
index 137e6b6..72fa773 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
@@ -108,6 +108,7 @@
INVALID_ISSUER_SUBJECT = -83,
BOOT_LEVEL_EXCEEDED = -84,
HARDWARE_NOT_YET_AVAILABLE = -85,
+ MODULE_HASH_ALREADY_SET = -86,
UNIMPLEMENTED = -100,
VERSION_MISMATCH = -101,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 4ebafee..e8eed71 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -959,4 +959,17 @@
* not implemented. TEE KeyMint implementations must return ErrorCode::UNIMPLEMENTED.
*/
void sendRootOfTrust(in byte[] rootOfTrust);
+
+ /**
+ * Called by Android to deliver additional attestation information to the IKeyMintDevice.
+ *
+ * IKeyMintDevice must ignore KeyParameters with tags not included in the following list:
+ *
+ * o Tag::MODULE_HASH: holds a hash that must be included in attestations in the moduleHash
+ * field of the software enforced authorization list. If Tag::MODULE_HASH is included in more
+ * than one setAdditionalAttestationInfo call, the implementation should compare the initial
+ * KeyParamValue with the more recent one. If they differ, the implementation should fail with
+ * ErrorCode::MODULE_HASH_ALREADY_SET. If they are the same, no action needs to be taken.
+ */
+ void setAdditionalAttestationInfo(in KeyParameter[] info);
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 996e4e3..e56c193 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -901,6 +901,17 @@
ATTESTATION_ID_SECOND_IMEI = TagType.BYTES | 723,
/**
+ * Tag::MODULE_HASH specifies the SHA-256 hash of the DER-encoded module information (see
+ * KeyCreationResult.aidl for the ASN.1 schema).
+ *
+ * This tag is never provided or returned from KeyMint in the key characteristics. It exists
+ * only to define the tag for use in the attestation record.
+ *
+ * Must never appear in KeyCharacteristics.
+ */
+ MODULE_HASH = TagType.BYTES | 724,
+
+ /**
* OBSOLETE: Do not use.
*
* This tag value is included for historical reasons -- in Keymaster it was used to hold
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore.xml
index 4c75596..1ab2133 100644
--- a/security/keymint/aidl/default/android.hardware.hardware_keystore.xml
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore.xml
@@ -14,5 +14,5 @@
limitations under the License.
-->
<permissions>
- <feature name="android.hardware.hardware_keystore" version="300" />
+ <feature name="android.hardware.hardware_keystore" version="400" />
</permissions>
diff --git a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml b/security/keymint/aidl/default/android.hardware.security.keymint-service.xml
index 0568ae6..6bdd33e 100644
--- a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml
+++ b/security/keymint/aidl/default/android.hardware.security.keymint-service.xml
@@ -1,7 +1,7 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.security.keymint</name>
- <version>3</version>
+ <version>4</version>
<fqname>IKeyMintDevice/default</fqname>
</hal>
<hal format="aidl">
diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
index c1f6aee..083a9aa 100644
--- a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
@@ -109,7 +109,7 @@
}
}
-// Check that attested vbmeta digest is correct.
+// Check that the attested VBMeta digest is correct.
TEST_P(BootloaderStateTest, VbmetaDigest) {
AvbSlotVerifyData* avbSlotData;
auto suffix = fs_mgr_get_slot_suffix();
@@ -125,21 +125,29 @@
AVB_HASHTREE_ERROR_MODE_EIO, &avbSlotData);
ASSERT_TRUE(avb_slot_data_loaded(result)) << "Failed to load avb slot data";
- // Unfortunately, bootloader is not required to report the algorithm used
- // to calculate the digest. There are only two supported options though,
- // SHA256 and SHA512. Attested VBMeta digest must match one of these.
- vector<uint8_t> digest256(AVB_SHA256_DIGEST_SIZE);
- vector<uint8_t> digest512(AVB_SHA512_DIGEST_SIZE);
-
+ vector<uint8_t> sha256Digest(AVB_SHA256_DIGEST_SIZE);
avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256,
- digest256.data());
- avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA512,
- digest512.data());
+ sha256Digest.data());
- ASSERT_TRUE((attestedVbmetaDigest_ == digest256) || (attestedVbmetaDigest_ == digest512))
- << "Attested vbmeta digest (" << bin2hex(attestedVbmetaDigest_)
- << ") does not match computed digest (sha256: " << bin2hex(digest256)
- << ", sha512: " << bin2hex(digest512) << ").";
+ if (get_vsr_api_level() >= __ANDROID_API_V__) {
+ ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest)
+ << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_)
+ << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest)
+ << ").";
+ } else {
+ // Prior to VSR-V, there was no MUST requirement for the algorithm used by the bootloader
+ // to calculate the VBMeta digest. However, the only two supported options are SHA-256 and
+ // SHA-512, so we expect the attested VBMeta digest to match one of these.
+ vector<uint8_t> sha512Digest(AVB_SHA512_DIGEST_SIZE);
+ avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA512,
+ sha512Digest.data());
+
+ ASSERT_TRUE((attestedVbmetaDigest_ == sha256Digest) ||
+ (attestedVbmetaDigest_ == sha512Digest))
+ << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_)
+ << ") does not match the expected digest (SHA-256: " << bin2hex(sha256Digest)
+ << " or SHA-512: " << bin2hex(sha512Digest) << ").";
+ }
}
INSTANTIATE_KEYMINT_AIDL_TEST(BootloaderStateTest);
diff --git a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
index 49fd0c9..781b7a6 100644
--- a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
+++ b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
@@ -294,6 +294,7 @@
ErrorCode DeleteKey() {
Status result = keymint_->deleteKey(key_blob_);
key_blob_ = vector<uint8_t>();
+ key_transform_ = "";
return GetReturnErrorCode(result);
}
diff --git a/thermal/1.0/vts/functional/Android.bp b/thermal/1.0/vts/functional/Android.bp
index c73008a..d3db67c 100644
--- a/thermal/1.0/vts/functional/Android.bp
+++ b/thermal/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_games",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/thermal/1.1/vts/functional/Android.bp b/thermal/1.1/vts/functional/Android.bp
index 89fef1b..6e4e003 100644
--- a/thermal/1.1/vts/functional/Android.bp
+++ b/thermal/1.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_games",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/thermal/2.0/vts/functional/Android.bp b/thermal/2.0/vts/functional/Android.bp
index 29dffcb..e959bc8 100644
--- a/thermal/2.0/vts/functional/Android.bp
+++ b/thermal/2.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_games",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/thermal/aidl/vts/Android.bp b/thermal/aidl/vts/Android.bp
index 0812811..35f7649 100644
--- a/thermal/aidl/vts/Android.bp
+++ b/thermal/aidl/vts/Android.bp
@@ -13,6 +13,7 @@
// limitations under the License.
package {
+ default_team: "trendy_team_games",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/usb/1.0/vts/functional/Android.bp b/usb/1.0/vts/functional/Android.bp
index d976a06..09bbeec 100644
--- a/usb/1.0/vts/functional/Android.bp
+++ b/usb/1.0/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_usb",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/usb/1.1/vts/functional/Android.bp b/usb/1.1/vts/functional/Android.bp
index f514009..48e36f0 100644
--- a/usb/1.1/vts/functional/Android.bp
+++ b/usb/1.1/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_usb",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/usb/1.2/vts/functional/Android.bp b/usb/1.2/vts/functional/Android.bp
index 688e725..62442be 100644
--- a/usb/1.2/vts/functional/Android.bp
+++ b/usb/1.2/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_usb",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/usb/1.3/vts/functional/Android.bp b/usb/1.3/vts/functional/Android.bp
index 6a1ce1e..a345128 100644
--- a/usb/1.3/vts/functional/Android.bp
+++ b/usb/1.3/vts/functional/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_usb",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"
diff --git a/usb/OWNERS b/usb/OWNERS
index 3611b4d..647d626 100644
--- a/usb/OWNERS
+++ b/usb/OWNERS
@@ -1,8 +1,8 @@
# Bug component: 175220
-aprasath@google.com
-kumarashishg@google.com
-sarup@google.com
anothermark@google.com
+febinthattil@google.com
+aprasath@google.com
albertccwang@google.com
badhri@google.com
+kumarashishg@google.com
\ No newline at end of file
diff --git a/usb/aidl/vts/Android.bp b/usb/aidl/vts/Android.bp
index cf9299e..d41116a 100644
--- a/usb/aidl/vts/Android.bp
+++ b/usb/aidl/vts/Android.bp
@@ -15,6 +15,7 @@
//
package {
+ default_team: "trendy_team_android_usb",
// See: http://go/android-license-faq
// A large-scale-change added 'default_applicable_licenses' to import
// all of the 'license_kinds' from "hardware_interfaces_license"