Merge "Secretkeeper: Disable a replay protection VTS" into main
diff --git a/audio/aidl/android/hardware/audio/core/IModule.aidl b/audio/aidl/android/hardware/audio/core/IModule.aidl
index 2d4d283..3c5f7f6 100644
--- a/audio/aidl/android/hardware/audio/core/IModule.aidl
+++ b/audio/aidl/android/hardware/audio/core/IModule.aidl
@@ -928,7 +928,10 @@
* using 'connectExternalDevice' method. 'disconnectExternalDevice' method will be called
* soon after this method with the same 'portId'.
*
- * @param portId The ID of the audio port that is about to disconnect
+ * Note: This method is called after the external device is disconnected. The system does
+ * not try to predict the disconnection event.
+ *
+ * @param portId The ID of the audio port corresponding to the disconnected device
* @throws EX_ILLEGAL_ARGUMENT In the following cases:
* - If the port can not be found by the ID.
* - If this is not a connected device port.
diff --git a/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp b/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
index 18d36e4..323e358 100644
--- a/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
+++ b/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
@@ -1554,6 +1554,7 @@
}
TEST_P(GraphicsComposerAidlCommandTest, SetDisplayBrightness) {
+ EXPECT_TRUE(mComposerClient->setPowerMode(getPrimaryDisplayId(), PowerMode::ON).isOk());
const auto& [status, capabilities] =
mComposerClient->getDisplayCapabilities(getPrimaryDisplayId());
ASSERT_TRUE(status.isOk());
diff --git a/security/rkp/README.md b/security/rkp/README.md
index 2180d0f..2d00b83 100644
--- a/security/rkp/README.md
+++ b/security/rkp/README.md
@@ -210,10 +210,10 @@
describes an RKP VM. If there are further certificates without the RKP VM
marker, then the chain does not describe an RKP VM.
- Implementations must include the first RPK VM marker as early as possible
+ Implementations must include the first RKP VM marker as early as possible
after the point of divergence between TEE and non-TEE components in the DICE
chain, prior to loading the Android Bootloader (ABL).
2. "widevine" or "keymint": If there are no certificates with the RKP VM
marker then it describes a TEE component.
3. None: Any component described by a DICE chain that does not match the above
- two categories.
\ No newline at end of file
+ two categories.
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index a1de93e..68b966c 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -402,7 +402,7 @@
for (auto& key : keysToSign_) {
bytevec privateKeyBlob;
auto status = provisionable_->generateEcdsaP256KeyPair(testMode, &key, &privateKeyBlob);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
vector<uint8_t> payload_value;
check_maced_pubkey(key, testMode, &payload_value);
@@ -447,7 +447,7 @@
auto status = provisionable_->generateCertificateRequest(
testMode, {} /* keysToSign */, testEekChain_.chain, challenge_, &deviceInfo,
&protectedData, &keysToSignMac);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto result = verifyProductionProtectedData(
deviceInfo, cppbor::Array(), keysToSignMac, protectedData, testEekChain_, eekId_,
@@ -472,7 +472,7 @@
auto status = provisionable_->generateCertificateRequest(
testMode, {} /* keysToSign */, testEekChain_.chain, challenge_, &deviceInfo,
&protectedData, &keysToSignMac);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto firstBcc = verifyProductionProtectedData(
deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData, testEekChain_,
@@ -482,7 +482,7 @@
status = provisionable_->generateCertificateRequest(
testMode, {} /* keysToSign */, testEekChain_.chain, challenge_, &deviceInfo,
&protectedData, &keysToSignMac);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto secondBcc = verifyProductionProtectedData(
deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData, testEekChain_,
@@ -532,7 +532,7 @@
auto status = provisionable_->generateCertificateRequest(
testMode, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo, &protectedData,
&keysToSignMac);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto result = verifyProductionProtectedData(
deviceInfo, cborKeysToSign_, keysToSignMac, protectedData, testEekChain_, eekId_,
@@ -576,7 +576,7 @@
auto status = provisionable_->generateCertificateRequest(
testMode, {keyWithCorruptMac}, testEekChain_.chain, challenge_, &deviceInfo,
&protectedData, &keysToSignMac);
- ASSERT_FALSE(status.isOk()) << status.getMessage();
+ ASSERT_FALSE(status.isOk()) << status.getDescription();
EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_INVALID_MAC);
}
@@ -596,7 +596,7 @@
auto status = provisionable_->generateCertificateRequest(
testMode, {keyWithCorruptMac}, getProdEekChain(rpcHardwareInfo.supportedEekCurve),
challenge_, &deviceInfo, &protectedData, &keysToSignMac);
- ASSERT_FALSE(status.isOk()) << status.getMessage();
+ ASSERT_FALSE(status.isOk()) << status.getDescription();
EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_INVALID_MAC);
}
@@ -722,7 +722,7 @@
auto challenge = randomBytes(size);
auto status =
provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge);
ASSERT_TRUE(result) << result.message();
@@ -743,7 +743,7 @@
SCOPED_TRACE(testing::Message() << "challenge[" << size << "]");
auto challenge = randomBytes(size);
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge, &csr);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge);
ASSERT_TRUE(result) << result.message();
@@ -758,7 +758,7 @@
auto status = provisionable_->generateCertificateRequestV2(
/* keysToSign */ {}, randomBytes(MAX_CHALLENGE_SIZE + 1), &csr);
- EXPECT_FALSE(status.isOk()) << status.getMessage();
+ EXPECT_FALSE(status.isOk()) << status.getDescription();
EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_FAILED);
}
@@ -773,13 +773,13 @@
bytevec csr;
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
ASSERT_TRUE(firstCsr) << firstCsr.message();
status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
ASSERT_TRUE(secondCsr) << secondCsr.message();
@@ -797,7 +797,7 @@
bytevec csr;
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
- ASSERT_TRUE(status.isOk()) << status.getMessage();
+ ASSERT_TRUE(status.isOk()) << status.getDescription();
auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
ASSERT_TRUE(result) << result.message();
@@ -815,7 +815,7 @@
bytevec csr;
auto status =
provisionable_->generateCertificateRequestV2({keyWithCorruptMac}, challenge_, &csr);
- ASSERT_FALSE(status.isOk()) << status.getMessage();
+ ASSERT_FALSE(status.isOk()) << status.getDescription();
EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_INVALID_MAC);
}
@@ -829,7 +829,7 @@
auto status = provisionable_->generateCertificateRequest(
false /* testMode */, {} /* keysToSign */, {} /* EEK chain */, challenge_, &deviceInfo,
&protectedData, &keysToSignMac);
- ASSERT_FALSE(status.isOk()) << status.getMessage();
+ ASSERT_FALSE(status.isOk()) << status.getDescription();
EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_REMOVED);
}
@@ -843,7 +843,7 @@
auto status = provisionable_->generateCertificateRequest(
true /* testMode */, {} /* keysToSign */, {} /* EEK chain */, challenge_, &deviceInfo,
&protectedData, &keysToSignMac);
- ASSERT_FALSE(status.isOk()) << status.getMessage();
+ ASSERT_FALSE(status.isOk()) << status.getDescription();
EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_REMOVED);
}
@@ -927,7 +927,7 @@
bytevec csr;
irpcStatus =
provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge_, &csr);
- ASSERT_TRUE(irpcStatus.isOk()) << irpcStatus.getMessage();
+ ASSERT_TRUE(irpcStatus.isOk()) << irpcStatus.getDescription();
auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge_);
ASSERT_TRUE(result) << result.message();
diff --git a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
index 49c3446..b07dba8 100644
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
@@ -39,9 +39,14 @@
/**
* Retrieve the instance of the `IAuthGraphKeyExchange` HAL that should be used for shared
- * session key establishment. These keys are used to perform encryption of messages as
+ * session key establishment. These keys are used to perform encryption of messages as
* described in SecretManagement.cddl, allowing the client and Secretkeeper to have a
- * cryptographically secure channel.
+ * cryptographically secure channel. In the key exchange protocol the client acts as P1
+ * (source) and Secretkeeper as P2 (sink). The interface returned here can be used to invoke
+ * methods on the sink.
+ *
+ * The client's identity is its DICE chain; Secretkeeper's identity is a
+ * per-boot key pair.
*/
IAuthGraphKeyExchange getAuthGraphKe();
@@ -56,8 +61,8 @@
* ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between
* the client & service. This cryptographic protection is required because the messages are
* ferried via Android, which is allowed to be outside the TCB of clients (for example protected
- * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which
- * is critical for establishing the secure channel.
+ * Virtual Machines). For this, service (& client) must implement the AuthGraph key exchange
+ * protocol to establish a secure channel between them.
*
* If an encrypted response cannot be generated, then a service-specific Binder error using one
* of the ERROR_ codes above will be returned.
diff --git a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
index 3f823df..6a824c9 100644
--- a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
@@ -91,7 +91,7 @@
; Requested Entry not found.
ErrorCode_EntryNotFound: 3,
; Error happened while serialization or deserialization.
- SerializationError: 4,
+ ErrorCode_SerializationError: 4,
; Indicates that Dice Policy matching did not succeed & hence access not granted.
ErrorCode_DicePolicyError: 5,
)
@@ -104,7 +104,7 @@
GetSecretResult,
)
-GetVersionResult = (version : uint)
+GetVersionResult = (1)
StoreSecretResult = ()
diff --git a/tv/tuner/1.1/vts/functional/VtsHalTvTunerV1_1TargetTest.cpp b/tv/tuner/1.1/vts/functional/VtsHalTvTunerV1_1TargetTest.cpp
index fccd2ed..3d60e89 100644
--- a/tv/tuner/1.1/vts/functional/VtsHalTvTunerV1_1TargetTest.cpp
+++ b/tv/tuner/1.1/vts/functional/VtsHalTvTunerV1_1TargetTest.cpp
@@ -35,6 +35,7 @@
ASSERT_TRUE(mFrontendTests.setFrontendCallback());
ASSERT_TRUE(mDemuxTests.openDemux(demux, demuxId));
ASSERT_TRUE(mDemuxTests.setDemuxFrontendDataSource(feId));
+ mFrontendTests.setDemux(demux);
mFilterTests.setDemux(demux);
ASSERT_TRUE(mFilterTests.openFilterInDemux(filterConf.config1_0.type,
filterConf.config1_0.bufferSize));
diff --git a/tv/tuner/aidl/vts/functional/VtsHalTvTunerTargetTest.cpp b/tv/tuner/aidl/vts/functional/VtsHalTvTunerTargetTest.cpp
index 3664b6c..6987588 100644
--- a/tv/tuner/aidl/vts/functional/VtsHalTvTunerTargetTest.cpp
+++ b/tv/tuner/aidl/vts/functional/VtsHalTvTunerTargetTest.cpp
@@ -48,6 +48,7 @@
ASSERT_TRUE(mFrontendTests.setFrontendCallback());
ASSERT_TRUE(mDemuxTests.openDemux(demux, demuxId));
ASSERT_TRUE(mDemuxTests.setDemuxFrontendDataSource(feId));
+ mFrontendTests.setDemux(demux);
mFilterTests.setDemux(demux);
ASSERT_TRUE(mFilterTests.openFilterInDemux(filterConf.type, filterConf.bufferSize));
ASSERT_TRUE(mFilterTests.getNewlyOpenedFilterId_64bit(filterId));