Merge "Sk VTS: Use libdice_policy_builder" into main
diff --git a/bluetooth/finder/aidl/default/service.cpp b/bluetooth/finder/aidl/default/service.cpp
index a117df8..fe8904b 100644
--- a/bluetooth/finder/aidl/default/service.cpp
+++ b/bluetooth/finder/aidl/default/service.cpp
@@ -35,12 +35,16 @@
ndk::SharedRefBase::make<BluetoothFinder>();
std::string instance =
std::string() + BluetoothFinder::descriptor + "/default";
- auto result =
- AServiceManager_addService(service->asBinder().get(), instance.c_str());
- if (result == STATUS_OK) {
- ABinderProcess_joinThreadPool();
+ if (AServiceManager_isDeclared(instance.c_str())) {
+ auto result =
+ AServiceManager_addService(service->asBinder().get(), instance.c_str());
+ if (result != STATUS_OK) {
+ ALOGE("Could not register as a service!");
+ }
} else {
- ALOGE("Could not register as a service!");
+ ALOGE("Could not register as a service because it's not declared.");
}
+ // Keep running
+ ABinderProcess_joinThreadPool();
return 0;
}
diff --git a/bluetooth/lmp_event/aidl/default/src/main.rs b/bluetooth/lmp_event/aidl/default/src/main.rs
index cbdd4d1..dfb097f 100644
--- a/bluetooth/lmp_event/aidl/default/src/main.rs
+++ b/bluetooth/lmp_event/aidl/default/src/main.rs
@@ -41,10 +41,11 @@
let lmp_event_service = lmp_event::LmpEvent::new();
let lmp_event_service_binder = BnBluetoothLmpEvent::new_binder(lmp_event_service, BinderFeatures::default());
- binder::add_service(
- &format!("{}/default", lmp_event::LmpEvent::get_descriptor()),
- lmp_event_service_binder.as_binder(),
- ).expect("Failed to register service");
-
+ let descriptor = format!("{}/default", lmp_event::LmpEvent::get_descriptor());
+ if binder::is_declared(&descriptor).expect("Failed to check if declared") {
+ binder::add_service(&descriptor, lmp_event_service_binder.as_binder()).expect("Failed to register service");
+ } else {
+ info!("{LOG_TAG}: Failed to register service. Not declared.");
+ }
binder::ProcessState::join_thread_pool()
}
diff --git a/bluetooth/ranging/aidl/default/service.cpp b/bluetooth/ranging/aidl/default/service.cpp
index 83e539e..35a3f55 100644
--- a/bluetooth/ranging/aidl/default/service.cpp
+++ b/bluetooth/ranging/aidl/default/service.cpp
@@ -37,12 +37,16 @@
ndk::SharedRefBase::make<BluetoothChannelSounding>();
std::string instance =
std::string() + BluetoothChannelSounding::descriptor + "/default";
- auto result =
- AServiceManager_addService(service->asBinder().get(), instance.c_str());
- if (result == STATUS_OK) {
- ABinderProcess_joinThreadPool();
+ if (AServiceManager_isDeclared(instance.c_str())) {
+ auto result =
+ AServiceManager_addService(service->asBinder().get(), instance.c_str());
+ if (result != STATUS_OK) {
+ ALOGE("Could not register as a service!");
+ }
} else {
- ALOGE("Could not register as a service!");
+ ALOGE("Could not register as a service because it's not declared.");
}
+ // Keep running
+ ABinderProcess_joinThreadPool();
return 0;
}
diff --git a/contexthub/OWNERS b/contexthub/OWNERS
index d5cfc2e..ee25833 100644
--- a/contexthub/OWNERS
+++ b/contexthub/OWNERS
@@ -1,4 +1,3 @@
# Bug component: 156070
arthuri@google.com
bduddie@google.com
-stange@google.com
diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
index 54f187c..808ed18 100644
--- a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
@@ -149,7 +149,9 @@
digest512.data());
ASSERT_TRUE((attestedVbmetaDigest_ == digest256) || (attestedVbmetaDigest_ == digest512))
- << "Attested digest does not match computed digest.";
+ << "Attested vbmeta digest (" << bin2hex(attestedVbmetaDigest_)
+ << ") does not match computed digest (sha256: " << bin2hex(digest256)
+ << ", sha512: " << bin2hex(digest512) << ").";
}
INSTANTIATE_KEYMINT_AIDL_TEST(BootloaderStateTest);
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index d3f6ae3..087f763 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -64,6 +64,13 @@
namespace {
+// Possible values for the feature version. Assumes that future KeyMint versions
+// will continue with the 100 * AIDL_version numbering scheme.
+//
+// Must be kept in numerically increasing order.
+const int32_t kFeatureVersions[] = {10, 11, 20, 30, 40, 41, 100, 200,
+ 300, 400, 500, 600, 700, 800, 900};
+
// Invalid value for a patchlevel (which is of form YYYYMMDD).
const uint32_t kInvalidPatchlevel = 99998877;
@@ -2278,6 +2285,43 @@
return hasFeature;
}
+// Return the numeric value associated with a feature.
+std::optional<int32_t> keymint_feature_value(bool strongbox) {
+ std::string name = strongbox ? FEATURE_STRONGBOX_KEYSTORE : FEATURE_HARDWARE_KEYSTORE;
+ ::android::String16 name16(name.c_str());
+ ::android::sp<::android::IServiceManager> sm(::android::defaultServiceManager());
+ ::android::sp<::android::IBinder> binder(
+ sm->waitForService(::android::String16("package_native")));
+ if (binder == nullptr) {
+ GTEST_LOG_(ERROR) << "waitForService package_native failed";
+ return std::nullopt;
+ }
+ ::android::sp<::android::content::pm::IPackageManagerNative> packageMgr =
+ ::android::interface_cast<::android::content::pm::IPackageManagerNative>(binder);
+ if (packageMgr == nullptr) {
+ GTEST_LOG_(ERROR) << "Cannot find package manager";
+ return std::nullopt;
+ }
+
+ // Package manager has no mechanism to retrieve the version of a feature,
+ // only to indicate whether a certain version or above is present.
+ std::optional<int32_t> result = std::nullopt;
+ for (auto version : kFeatureVersions) {
+ bool hasFeature = false;
+ auto status = packageMgr->hasSystemFeature(name16, version, &hasFeature);
+ if (!status.isOk()) {
+ GTEST_LOG_(ERROR) << "hasSystemFeature('" << name << "', " << version
+ << ") failed: " << status;
+ return result;
+ } else if (hasFeature) {
+ result = version;
+ } else {
+ break;
+ }
+ }
+ return result;
+}
+
} // namespace test
} // namespace aidl::android::hardware::security::keymint
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 4fb711c..4ed7698 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -56,6 +56,7 @@
const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
+const string FEATURE_HARDWARE_KEYSTORE = "android.hardware.hardware_keystore";
// RAII class to ensure that a keyblob is deleted regardless of how a test exits.
class KeyBlobDeleter {
@@ -444,6 +445,7 @@
void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result);
bool check_feature(const std::string& name);
+std::optional<int32_t> keymint_feature_value(bool strongbox);
AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 4dc303c..e098aca 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -21,6 +21,7 @@
#include <algorithm>
#include <iostream>
+#include <map>
#include <openssl/curve25519.h>
#include <openssl/ec.h>
@@ -8794,6 +8795,90 @@
INSTANTIATE_KEYMINT_AIDL_TEST(VsrRequirementTest);
+class InstanceTest : public testing::Test {
+ protected:
+ static void SetUpTestSuite() {
+ auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
+ for (auto& param : params) {
+ ASSERT_TRUE(AServiceManager_isDeclared(param.c_str()))
+ << "IKeyMintDevice instance " << param << " found but not declared.";
+ ::ndk::SpAIBinder binder(AServiceManager_waitForService(param.c_str()));
+ auto keymint = IKeyMintDevice::fromBinder(binder);
+ ASSERT_NE(keymint, nullptr) << "Failed to get IKeyMintDevice instance " << param;
+
+ KeyMintHardwareInfo info;
+ ASSERT_TRUE(keymint->getHardwareInfo(&info).isOk());
+ ASSERT_EQ(keymints_.count(info.securityLevel), 0)
+ << "There must be exactly one IKeyMintDevice with security level "
+ << info.securityLevel;
+
+ keymints_[info.securityLevel] = std::move(keymint);
+ }
+ }
+
+ int32_t AidlVersion(shared_ptr<IKeyMintDevice> keymint) {
+ int32_t version = 0;
+ auto status = keymint->getInterfaceVersion(&version);
+ if (!status.isOk()) {
+ ADD_FAILURE() << "Failed to determine interface version";
+ }
+ return version;
+ }
+
+ static std::map<SecurityLevel, shared_ptr<IKeyMintDevice>> keymints_;
+};
+
+std::map<SecurityLevel, shared_ptr<IKeyMintDevice>> InstanceTest::keymints_;
+
+// @VsrTest = VSR-3.10-017
+// Check that the AIDL version advertised by the HAL service matches
+// the value in the package manager feature version.
+TEST_F(InstanceTest, AidlVersionInFeature) {
+ if (is_gsi_image()) {
+ GTEST_SKIP() << "Versions not required to match under GSI";
+ }
+ if (keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT) == 1) {
+ auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second;
+ int32_t tee_aidl_version = AidlVersion(tee) * 100;
+ std::optional<int32_t> tee_feature_version = keymint_feature_value(/* strongbox */ false);
+ ASSERT_TRUE(tee_feature_version.has_value());
+ EXPECT_EQ(tee_aidl_version, tee_feature_version.value());
+ }
+ if (keymints_.count(SecurityLevel::STRONGBOX) == 1) {
+ auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second;
+ int32_t sb_aidl_version = AidlVersion(sb) * 100;
+ std::optional<int32_t> sb_feature_version = keymint_feature_value(/* strongbox */ true);
+ ASSERT_TRUE(sb_feature_version.has_value());
+ EXPECT_EQ(sb_aidl_version, sb_feature_version.value());
+ }
+}
+
+// @VsrTest = VSR-3.10-017
+// Check that if package manager advertises support for KeyMint of a particular version, that
+// version is present as a HAL service.
+TEST_F(InstanceTest, FeatureVersionInAidl) {
+ if (is_gsi_image()) {
+ GTEST_SKIP() << "Versions not required to match under GSI";
+ }
+ std::optional<int32_t> tee_feature_version = keymint_feature_value(/* strongbox */ false);
+ if (tee_feature_version.has_value() && tee_feature_version.value() >= 100) {
+ // Feature flag advertises the existence of KeyMint; check it is present.
+ ASSERT_EQ(keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT), 1);
+ auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second;
+ int32_t tee_aidl_version = AidlVersion(tee) * 100;
+ EXPECT_EQ(tee_aidl_version, tee_feature_version.value());
+ }
+
+ std::optional<int32_t> sb_feature_version = keymint_feature_value(/* strongbox */ true);
+ if (sb_feature_version.has_value() && sb_feature_version.value() >= 100) {
+ // Feature flag advertises the existence of KeyMint; check it is present.
+ ASSERT_EQ(keymints_.count(SecurityLevel::STRONGBOX), 1);
+ auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second;
+ int32_t sb_aidl_version = AidlVersion(sb) * 100;
+ EXPECT_EQ(sb_aidl_version, sb_feature_version.value());
+ }
+}
+
} // namespace aidl::android::hardware::security::keymint::test
using aidl::android::hardware::security::keymint::test::KeyMintAidlTestBase;
diff --git a/tv/tuner/aidl/vts/functional/VtsHalTvTunerTestConfigurations.h b/tv/tuner/aidl/vts/functional/VtsHalTvTunerTestConfigurations.h
index 5c13ed0..ff94639 100644
--- a/tv/tuner/aidl/vts/functional/VtsHalTvTunerTestConfigurations.h
+++ b/tv/tuner/aidl/vts/functional/VtsHalTvTunerTestConfigurations.h
@@ -731,9 +731,20 @@
if (videoFilterIds.empty() || audioFilterIds.empty() || frontendMap.empty()) {
return;
}
- if (hasSwFe && !hasHwFe && dvrMap.empty()) {
- ALOGD("Cannot configure Live. Only software frontends and no dvr connections");
- return;
+ if (!hasHwFe) {
+ if (hasSwFe) {
+ if (dvrMap.empty()) {
+ ALOGD("Cannot configure Live. Only software frontends and no dvr connections.");
+ return;
+ }
+ // Live is available if there is SW FE and some DVR is attached.
+ } else {
+ // We will arrive here because frontendMap won't be empty since
+ // there will be at least a default frontend declared. But the
+ // default frontend doesn't count as "hasSwFe".
+ ALOGD("Cannot configure Live. No frontend declared at all.");
+ return;
+ }
}
ALOGD("Can support live");
live.hasFrontendConnection = true;