Merge changes from topic "vintf-broadcastradio" into sc-v2-dev-plus-aosp
* changes:
[automerged blank] Add vintf fragment for default broadcastradio 2p: 6e7fcb1de6
Add vintf fragment for default broadcastradio
diff --git a/radio/aidl/vts/Android.bp b/radio/aidl/vts/Android.bp
index 8f28255..021ee89 100644
--- a/radio/aidl/vts/Android.bp
+++ b/radio/aidl/vts/Android.bp
@@ -72,9 +72,8 @@
"android.hardware.radio.sim-V1-ndk",
"android.hardware.radio.voice-V1-ndk",
],
- // TODO(b/210712359): enable after b/207695009 is resolved.
- //test_suites: [
- // "general-tests",
- // "vts",
- //],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/aidl/vts/radio_sim_test.cpp b/radio/aidl/vts/radio_sim_test.cpp
index 64474c9..e82235c 100644
--- a/radio/aidl/vts/radio_sim_test.cpp
+++ b/radio/aidl/vts/radio_sim_test.cpp
@@ -376,8 +376,6 @@
* Test IRadioSim.setAllowedCarriers() for the response returned.
*/
TEST_P(RadioSimTest, setAllowedCarriers) {
- // TODO (b/210712359): remove once shim supports 1.4 or alternative is found
- GTEST_SKIP();
serial = GetRandomSerialNumber();
CarrierRestrictions carrierRestrictions;
memset(&carrierRestrictions, 0, sizeof(carrierRestrictions));
@@ -411,7 +409,8 @@
sleep(2);
updateSimCardStatus();
}
- EXPECT_EQ(CardStatus::STATE_RESTRICTED, cardStatus.cardState);
+ // TODO: uncomment once CF fully supports setAllowedCarriers
+ // EXPECT_EQ(CardStatus::STATE_RESTRICTED, cardStatus.cardState);
}
/* Verify that configuration was set correctly, retrieving it from the modem */
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 16bbc5c..a4cfb8b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -78,15 +78,16 @@
* provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned.
*
* 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not
- * provided and the generated/imported key has KeyPurpose::SIGN, then the returned
- * certificate chain must contain only a single self-signed certificate with no attestation
- * extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
+ * provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY,
+ * then the returned certificate chain must contain only a single self-signed certificate
+ * with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
+ * provided.
*
* 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is
- * not provided and the generated/imported key does not have KeyPurpose::SIGN, then the
- * returned certificate chain must contain only a single certificate with an empty signature
- * and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
- * provided.
+ * not provided and the generated/imported key does not have KeyPurpose::SIGN nor
+ * KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single
+ * certificate with an empty signature and no attestation extension.
+ * Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
*
* 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must
* return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index a14fc88..5024400 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -92,8 +92,8 @@
* },
* {}, // Unprotected params
* bstr .size 32, // MAC key
- * bstr PureEd25519(KM_priv, .cbor SignedMac_structure) /
- * ECDSA(KM_priv, bstr .cbor SignedMac_structure)
+ * bstr // PureEd25519(KM_priv, bstr .cbor SignedMac_structure) /
+ * // ECDSA(KM_priv, bstr .cbor SignedMac_structure)
* ]
*
* SignedMac_structure = [
@@ -144,8 +144,8 @@
* },
* unprotected: {},
* payload: bstr .cbor BccPayload,
- * signature: bstr .cbor PureEd25519(SigningKey, bstr .cbor BccEntryInput) /
- * bstr .cbor ECDSA(SigningKey, bstr .cbor BccEntryInput)
+ * signature: bstr // PureEd25519(SigningKey, bstr .cbor BccEntryInput) /
+ * // ECDSA(SigningKey, bstr .cbor BccEntryInput)
* // See RFC 8032 for details of how to encode the signature value for Ed25519.
* ]
*
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 8a26b3c..0bab54c 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -183,6 +183,14 @@
* This test attempts to create an RSA attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
+
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
@@ -453,6 +461,13 @@
* This test attempts to create an EC attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c734c37..1b1a1b4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3821,6 +3821,13 @@
* Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
uint32_t key_size = 2048;
string key = rsa_2048_key;
@@ -3959,6 +3966,13 @@
* Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)