Merge "Add Wifi HAL supplicant AIDL interface definitions."
diff --git a/authsecret/aidl/default/service.cpp b/authsecret/aidl/default/service.cpp
index efecf10..a7d8678 100644
--- a/authsecret/aidl/default/service.cpp
+++ b/authsecret/aidl/default/service.cpp
@@ -28,7 +28,7 @@
const std::string instance = std::string() + AuthSecret::descriptor + "/default";
binder_status_t status = AServiceManager_addService(authsecret->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return -1; // Should never be reached
diff --git a/automotive/audiocontrol/aidl/default/main.cpp b/automotive/audiocontrol/aidl/default/main.cpp
index 9b259fc..cc15ccb 100644
--- a/automotive/audiocontrol/aidl/default/main.cpp
+++ b/automotive/audiocontrol/aidl/default/main.cpp
@@ -31,7 +31,7 @@
const std::string instance = std::string() + AudioControl::descriptor + "/default";
binder_status_t status =
AServiceManager_addService(audioControl->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
std::shared_ptr<PowerPolicyClient> powerPolicyClient =
::ndk::SharedRefBase::make<PowerPolicyClient>(audioControl);
diff --git a/automotive/evs/OWNERS b/automotive/evs/OWNERS
index 559a372..6fc5024 100644
--- a/automotive/evs/OWNERS
+++ b/automotive/evs/OWNERS
@@ -1 +1,3 @@
changyeon@google.com
+garysungang@google.com
+haoxiangl@google.com
diff --git a/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h b/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h
index f09d75b..8ff4924 100644
--- a/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h
+++ b/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h
@@ -1025,7 +1025,7 @@
.config =
{
.prop = toInt(VehicleProperty::EPOCH_TIME),
- .access = VehiclePropertyAccess::READ_WRITE,
+ .access = VehiclePropertyAccess::WRITE,
.changeMode = VehiclePropertyChangeMode::ON_CHANGE,
},
},
diff --git a/automotive/vehicle/2.0/types.hal b/automotive/vehicle/2.0/types.hal
index 6bfda32..7c8e1f5 100644
--- a/automotive/vehicle/2.0/types.hal
+++ b/automotive/vehicle/2.0/types.hal
@@ -487,8 +487,11 @@
* int64Values[3] = rear right ticks
* int64Values[4] = rear left ticks
*
- * configArray is used to indicate the micrometers-per-wheel-tick value and
- * which wheels are supported. configArray is set as follows:
+ * configArray is used to indicate the micrometers-per-wheel-tick values and
+ * which wheels are supported. Each micrometers-per-wheel-tick value is static (i.e. will not
+ * update based on wheel's status) and a best approximation. For example, if a vehicle has
+ * multiple rim/tire size options, the micrometers-per-wheel-tick values are set to those for
+ * the typically expected rim/tire size. configArray is set as follows:
*
* configArray[0], bits [0:3] = supported wheels. Uses enum Wheel.
* configArray[1] = micrometers per front left wheel tick
@@ -1433,17 +1436,29 @@
* This value denotes the number of milliseconds seconds that have
* elapsed since 1/1/1970 UTC.
*
- * Reading this value will give you the system’s time. This can be
- * useful to synchronize other vehicle systems (dash clock etc).
+ * AAOS will write to this value to give VHAL the Android system's time,
+ * if the VHAL supports this property. This can be useful to synchronize
+ * other vehicle systems (dash clock etc) with Android's time.
*
- * Writing this value will update the ‘ExternalTimeSuggestion’
- * value (if enabled). This value may be consumed by the “Time
- * Detector Service”, if other sources do not have a higher
- * priority. For information on how to adjust time source
- * priorities see Time Detector Service documentation.
+ * AAOS writes to this property once during boot, and
+ * will thereafter write only when some time-source changes are propagated.
+ * AAOS will fill in VehiclePropValue.timestamp correctly.
+ * Note that AAOS will not send updates for natural elapse of time.
+ * int64Values[0] = provided Unix time (in milliseconds)
+ *
+ * Note that the property may take >0 ms to get propagated through the stack
+ * and, having a timestamped property helps reduce any time drift. So,
+ * for all writes to the property, the timestamp can be used to negate this
+ * drift:
+ * drift = currentTimeMillis - PropValue.timestamp
+ * effectiveTime = PropValue.value.int64Values[0] + diff
+ *
+ * Aside, this property could have been better named ANDROID_EPOCH_TIME, but it
+ * continues to be called EPOCH_TIME for legacy reasons. We will try to fix
+ * this naming discrepancy when we migrate to AIDL.
*
* @change_mode VehiclePropertyChangeMode:ON_CHANGE
- * @access VehiclePropertyAccess:READ_WRITE
+ * @access VehiclePropertyAccess:WRITE_ONLY
* @unit VehicleUnit:MILLI_SECS
*/
EPOCH_TIME = (
diff --git a/biometrics/face/aidl/default/main.cpp b/biometrics/face/aidl/default/main.cpp
index 80b153e..b7274e3 100644
--- a/biometrics/face/aidl/default/main.cpp
+++ b/biometrics/face/aidl/default/main.cpp
@@ -29,7 +29,7 @@
const std::string instance = std::string(Face::descriptor) + "/default";
binder_status_t status = AServiceManager_addService(hal->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reach
diff --git a/biometrics/fingerprint/aidl/default/main.cpp b/biometrics/fingerprint/aidl/default/main.cpp
index 4690d73..c985201 100644
--- a/biometrics/fingerprint/aidl/default/main.cpp
+++ b/biometrics/fingerprint/aidl/default/main.cpp
@@ -29,7 +29,7 @@
const std::string instance = std::string(Fingerprint::descriptor) + "/default";
binder_status_t status = AServiceManager_addService(hal->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reach
diff --git a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
index 5c886ee..c89d983 100644
--- a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
+++ b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
@@ -3837,6 +3837,8 @@
getAvailableOutputStreams(staticMeta, outputStreams,
&outputThreshold));
for (auto& outputIter : outputStreams) {
+ V3_2::DataspaceFlags outputDataSpace =
+ getDataspace(static_cast<PixelFormat>(outputIter.format));
V3_2::Stream zslStream = {streamId++,
StreamType::OUTPUT,
static_cast<uint32_t>(input.width),
@@ -3859,7 +3861,7 @@
static_cast<uint32_t>(outputIter.height),
static_cast<PixelFormat>(outputIter.format),
GRALLOC1_CONSUMER_USAGE_HWCOMPOSER,
- 0,
+ outputDataSpace,
StreamRotation::ROTATION_0};
::android::hardware::hidl_vec<V3_2::Stream> streams = {inputStream, zslStream,
diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml
index 85dd756..514d8b8 100644
--- a/compatibility_matrices/compatibility_matrix.current.xml
+++ b/compatibility_matrices/compatibility_matrix.current.xml
@@ -267,16 +267,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="hidl" optional="false">
- <name>android.hardware.health</name>
- <version>2.1</version>
- <interface>
- <name>IHealth</name>
- <instance>default</instance>
- </interface>
- </hal>
- <!-- TODO(b/177269435): require health AIDL HAL and deprecate HIDL HAL -->
- <hal format="aidl" optional="true">
+ <hal format="aidl" optional="false">
<name>android.hardware.health</name>
<version>1</version>
<interface>
@@ -343,7 +334,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.security.keymint</name>
- <version>1</version>
+ <version>1-2</version>
<interface>
<name>IKeyMintDevice</name>
<instance>default</instance>
@@ -352,6 +343,7 @@
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.security.keymint</name>
+ <version>1-2</version>
<interface>
<name>IRemotelyProvisionedComponent</name>
<instance>default</instance>
diff --git a/current.txt b/current.txt
index 59fbfa9..21ee123 100644
--- a/current.txt
+++ b/current.txt
@@ -898,6 +898,8 @@
c8a57364f6ad20842be14f4db284df5304f7521ca8eac6bcc1fa6c5b466fb8a6 android.hardware.wifi.supplicant@1.4::ISupplicantStaNetwork
2123482b69f3b531c88023aa2a007110e130efbf4ed68ac9ce0bc55d5e82bc8b android.hardware.wifi.supplicant@1.4::ISupplicantStaNetworkCallback
0821f516e4d428bc15251969f7e19411c94d8f2ccbd99e1fc8168d8e49e38b0f android.hardware.wifi.supplicant@1.4::types
+4a087a308608d146b022ebc15633de989f5f4dfe1491a83fa41763290a82e40d android.hardware.automotive.vehicle@2.0::types
+70eb14415391f835fb218b43a1e25f5d6495f098f96fa2acaea70985e98e1ce8 android.hardware.automotive.vehicle@2.0::types
# ABI preserving changes to HALs during Android T
62ace52d9c3ff1f60f94118557a2aaf0b953513e59dcd34d5f94ae28d4c7e780 android.hardware.fastboot@1.0::IFastboot
diff --git a/drm/1.4/vts/OWNERS b/drm/1.4/vts/OWNERS
index a652208..3a0672e 100644
--- a/drm/1.4/vts/OWNERS
+++ b/drm/1.4/vts/OWNERS
@@ -1,6 +1,8 @@
+conglin@google.com
edwinwong@google.com
fredgc@google.com
jtinker@google.com
+juce@google.com
kylealexander@google.com
rfrias@google.com
robertshih@google.com
diff --git a/dumpstate/aidl/default/main.cpp b/dumpstate/aidl/default/main.cpp
index 2451752..5bc85b4 100644
--- a/dumpstate/aidl/default/main.cpp
+++ b/dumpstate/aidl/default/main.cpp
@@ -29,7 +29,7 @@
const std::string instance = std::string() + Dumpstate::descriptor + "/default";
binder_status_t status =
AServiceManager_registerLazyService(dumpstate->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // Unreachable
diff --git a/gnss/aidl/default/service.cpp b/gnss/aidl/default/service.cpp
index 09f1ad2..bbe34f1 100644
--- a/gnss/aidl/default/service.cpp
+++ b/gnss/aidl/default/service.cpp
@@ -42,7 +42,7 @@
const std::string instance = std::string() + Gnss::descriptor + "/default";
binder_status_t status =
AServiceManager_addService(gnssAidl->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
sp<IGnss> gnss = new GnssHidlHal(gnssAidl);
configureRpcThreadpool(1, true /* will join */);
diff --git a/gnss/aidl/vts/gnss_hal_test_cases.cpp b/gnss/aidl/vts/gnss_hal_test_cases.cpp
index b484f9c..0cd782e 100644
--- a/gnss/aidl/vts/gnss_hal_test_cases.cpp
+++ b/gnss/aidl/vts/gnss_hal_test_cases.cpp
@@ -53,17 +53,16 @@
/*
* TestPsdsExtension:
- * 1. Gets the PsdsExtension and verifies that it returns a non-null extension.
+ * 1. Gets the PsdsExtension
* 2. Injects empty PSDS data and verifies that it returns an error.
*/
TEST_P(GnssHalTest, TestPsdsExtension) {
sp<IGnssPsds> iGnssPsds;
auto status = aidl_gnss_hal_->getExtensionPsds(&iGnssPsds);
- ASSERT_TRUE(status.isOk());
- ASSERT_TRUE(iGnssPsds != nullptr);
-
- status = iGnssPsds->injectPsdsData(PsdsType::LONG_TERM, std::vector<uint8_t>());
- ASSERT_FALSE(status.isOk());
+ if (status.isOk() && iGnssPsds != nullptr) {
+ status = iGnssPsds->injectPsdsData(PsdsType::LONG_TERM, std::vector<uint8_t>());
+ ASSERT_FALSE(status.isOk());
+ }
}
void CheckSatellitePvt(const SatellitePvt& satellitePvt) {
diff --git a/identity/aidl/default/service.cpp b/identity/aidl/default/service.cpp
index c290c08..78f4fbc 100644
--- a/identity/aidl/default/service.cpp
+++ b/identity/aidl/default/service.cpp
@@ -43,7 +43,7 @@
const std::string instance = std::string() + IdentityCredentialStore::descriptor + "/default";
binder_status_t status = AServiceManager_addService(store->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reach
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 773715e..2449268 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -946,7 +946,11 @@
* UNSUPPORTED_KEY_SIZE.
*/
TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {
+ int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0);
for (auto key_size : InvalidKeySizes(Algorithm::AES)) {
+ if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) {
+ continue;
+ }
ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/light/aidl/default/main.cpp b/light/aidl/default/main.cpp
index a860bf4..54e1316 100644
--- a/light/aidl/default/main.cpp
+++ b/light/aidl/default/main.cpp
@@ -28,7 +28,7 @@
const std::string instance = std::string() + Lights::descriptor + "/default";
binder_status_t status = AServiceManager_addService(lights->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reached
diff --git a/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp b/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
index e73196c..8699de3 100644
--- a/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
+++ b/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
@@ -264,11 +264,13 @@
// Make sure role name follows expected format based on type and
// isEncoder
- const std::string role_name(
- ::android::GetComponentRole(role.isEncoder, role.type.c_str()));
- EXPECT_EQ(role_name, role.role) << "Role \"" << role.role << "\" does not match "
- << (role.isEncoder ? "an encoder " : "a decoder ")
- << "for mime type \"" << role.type << ".";
+ const char* role_name = ::android::GetComponentRole(role.isEncoder, role.type.c_str());
+ if (role_name != nullptr) {
+ EXPECT_EQ(std::string(role_name), role.role)
+ << "Role \"" << role.role << "\" does not match "
+ << (role.isEncoder ? "an encoder " : "a decoder ") << "for media type \""
+ << role.type << ".";
+ }
// Check the nodes for this role
std::set<const std::string> nodeKeys;
diff --git a/memtrack/aidl/default/main.cpp b/memtrack/aidl/default/main.cpp
index d063d2a..5cf5f94 100644
--- a/memtrack/aidl/default/main.cpp
+++ b/memtrack/aidl/default/main.cpp
@@ -29,7 +29,7 @@
const std::string instance = std::string() + Memtrack::descriptor + "/default";
binder_status_t status =
AServiceManager_addService(memtrack->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // Unreachable
diff --git a/oemlock/aidl/default/service.cpp b/oemlock/aidl/default/service.cpp
index af828a0..9fa7d63 100644
--- a/oemlock/aidl/default/service.cpp
+++ b/oemlock/aidl/default/service.cpp
@@ -28,7 +28,7 @@
const std::string instance = std::string() + OemLock::descriptor + "/default";
binder_status_t status = AServiceManager_addService(oemlock->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return -1; // Should never be reached
diff --git a/power/aidl/default/main.cpp b/power/aidl/default/main.cpp
index 964bd96..306b91b 100644
--- a/power/aidl/default/main.cpp
+++ b/power/aidl/default/main.cpp
@@ -28,7 +28,7 @@
const std::string instance = std::string() + Power::descriptor + "/default";
binder_status_t status = AServiceManager_addService(vib->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reach
diff --git a/power/stats/aidl/default/main.cpp b/power/stats/aidl/default/main.cpp
index 2fe3d2e..9e78247 100644
--- a/power/stats/aidl/default/main.cpp
+++ b/power/stats/aidl/default/main.cpp
@@ -73,7 +73,7 @@
const std::string instance = std::string() + PowerStats::descriptor + "/default";
binder_status_t status = AServiceManager_addService(p->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reach
diff --git a/rebootescrow/aidl/default/service.cpp b/rebootescrow/aidl/default/service.cpp
index 8a8086b..dc06c71 100644
--- a/rebootescrow/aidl/default/service.cpp
+++ b/rebootescrow/aidl/default/service.cpp
@@ -34,7 +34,7 @@
auto re = ndk::SharedRefBase::make<RebootEscrow>(rebootEscrowDevicePath);
const std::string instance = std::string() + RebootEscrow::descriptor + "/default";
binder_status_t status = AServiceManager_addService(re->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE;
diff --git a/security/keymint/aidl/Android.bp b/security/keymint/aidl/Android.bp
index 3cf6ff2..dcbe9c1 100644
--- a/security/keymint/aidl/Android.bp
+++ b/security/keymint/aidl/Android.bp
@@ -45,14 +45,14 @@
cc_defaults {
name: "keymint_use_latest_hal_aidl_ndk_static",
static_libs: [
- "android.hardware.security.keymint-V1-ndk",
+ "android.hardware.security.keymint-V2-ndk",
],
}
cc_defaults {
name: "keymint_use_latest_hal_aidl_ndk_shared",
shared_libs: [
- "android.hardware.security.keymint-V1-ndk",
+ "android.hardware.security.keymint-V2-ndk",
],
}
@@ -62,6 +62,6 @@
rust_defaults {
name: "keymint_use_latest_hal_aidl_rust",
rustlibs: [
- "android.hardware.security.keymint-V1-rust",
+ "android.hardware.security.keymint-V2-rust",
],
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl
index 6b4a9ae..ffc7efe 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl
@@ -39,4 +39,5 @@
P_256 = 1,
P_384 = 2,
P_521 = 3,
+ CURVE_25519 = 4,
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl b/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl
index 5b1c10c..e9f81d8 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl
@@ -27,4 +27,5 @@
P_256 = 1,
P_384 = 2,
P_521 = 3,
+ CURVE_25519 = 4,
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index cd8cfc5..9846ee9 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -93,6 +93,11 @@
* P-521. STRONGBOX IKeyMintDevices must support NIST curve P-256.
* - TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256, SHA-2
* 384 and SHA-2 512 digest modes. STRONGBOX IKeyMintDevices must support SHA-2 256.
+ * - TRUSTED_ENVRIONMENT IKeyMintDevices must support curve 25519 for Purpose::SIGN (Ed25519,
+ * as specified in RFC 8032), Purpose::ATTEST_KEY (Ed25519) or for KeyPurpose::AGREE_KEY
+ * (X25519, as specified in RFC 7748). However, a key must have exactly one of these
+ * purpose values; the same key cannot be used for multiple purposes.
+ * STRONGBOX IKeyMintDevices do not support curve 25519.
*
* o AES
*
@@ -287,7 +292,7 @@
* except AGREE_KEY must be supported for RSA keys.
*
* o Tag::DIGEST specifies digest algorithms that may be used with the new key. TEE
- * IKeyMintDevice implementations must support all Digest values (see digest.aidl) for RSA
+ * IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for RSA
* keys. StrongBox IKeyMintDevice implementations must support SHA_2_256.
*
* o Tag::PADDING specifies the padding modes that may be used with the new
@@ -298,13 +303,24 @@
* == ECDSA Keys ==
*
* Tag::EC_CURVE must be provided to generate an ECDSA key. If it is not provided, generateKey
- * must return ErrorCode::UNSUPPORTED_KEY_SIZE. TEE IKeyMintDevice implementations must support
- * all curves. StrongBox implementations must support P_256.
-
+ * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE. TEE
+ * IKeyMintDevice implementations must support all required curves. StrongBox implementations
+ * must support P_256 and no other curves.
+ *
* Tag::CERTIFICATE_NOT_BEFORE and Tag::CERTIFICATE_NOT_AFTER must be provided to specify the
* valid date range for the returned X.509 certificate holding the public key. If omitted,
* generateKey must return ErrorCode::MISSING_NOT_BEFORE or ErrorCode::MISSING_NOT_AFTER.
*
+ * Keys with EC_CURVE of EcCurve::CURVE_25519 must have exactly one purpose in the set
+ * {KeyPurpose::SIGN, KeyPurpose::ATTEST_KEY, KeyPurpose::AGREE_KEY}. Key generation with more
+ * than one purpose should be rejected with ErrorCode::INCOMPATIBLE_PURPOSE.
+ * StrongBox implementation do not support CURVE_25519.
+ *
+ * Tag::DIGEST specifies digest algorithms that may be used with the new key. TEE
+ * IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for ECDSA
+ * keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice implementations must
+ * support SHA_2_256.
+ *
* == AES Keys ==
*
* Only Tag::KEY_SIZE is required to generate an AES key. If omitted, generateKey must return
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl
index da3d521..3faef38 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl
@@ -25,8 +25,10 @@
enum KeyFormat {
/** X.509 certificate format, for public key export. */
X509 = 0,
- /** PCKS#8 format, asymmetric key pair import. */
+ /** PKCS#8 format, asymmetric key pair import. */
PKCS8 = 1,
- /** Raw bytes, for symmetric key import. */
+ /**
+ * Raw bytes, for symmetric key import, and for import of raw asymmetric keys for curve 25519.
+ */
RAW = 3,
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
index e141e55..fd103ef 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
@@ -44,6 +44,10 @@
AGREE_KEY = 6,
/* Usable as an attestation signing key. Keys with this purpose must not have any other
- * purpose. */
+ * purpose; if they do, key generation/import must be rejected with
+ * ErrorCode::INCOMPATIBLE_PURPOSE. (Rationale: If key also included KeyPurpose::SIGN, then
+ * it could be used to sign arbitrary data, including any tbsCertificate, and so an
+ * attestation produced by the key would have no security properties.)
+ */
ATTEST_KEY = 7,
}
diff --git a/security/keymint/aidl/default/service.cpp b/security/keymint/aidl/default/service.cpp
index 8092e34..dc0c618 100644
--- a/security/keymint/aidl/default/service.cpp
+++ b/security/keymint/aidl/default/service.cpp
@@ -39,7 +39,7 @@
LOG(INFO) << "adding keymint service instance: " << instanceName;
binder_status_t status =
AServiceManager_addService(ser->asBinder().get(), instanceName.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
return ser;
}
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 73c3820..0fdf48d 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -175,6 +175,24 @@
}
/*
+ * AttestKeyTest.RsaAttestKeyMultiPurposeFail
+ *
+ * This test attempts to create an RSA attestation key that also allows signing.
+ */
+TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
+ vector<uint8_t> attest_key_blob;
+ vector<KeyCharacteristics> attest_key_characteristics;
+ vector<Certificate> attest_key_cert_chain;
+ ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .AttestKey()
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key_blob,
+ &attest_key_characteristics, &attest_key_cert_chain));
+}
+
+/*
* AttestKeyTest.RsaAttestedAttestKeys
*
* This test creates an RSA attestation key signed by factory keys, and varifies it can be
@@ -412,6 +430,24 @@
}
/*
+ * AttestKeyTest.EcAttestKeyMultiPurposeFail
+ *
+ * This test attempts to create an EC attestation key that also allows signing.
+ */
+TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
+ vector<uint8_t> attest_key_blob;
+ vector<KeyCharacteristics> attest_key_characteristics;
+ vector<Certificate> attest_key_cert_chain;
+ ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+ GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(EcCurve::P_256)
+ .AttestKey()
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key_blob,
+ &attest_key_characteristics, &attest_key_cert_chain));
+}
+
+/*
* AttestKeyTest.AlternateAttestKeyChaining
*
* This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index dc14771..217ea0e 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3352,6 +3352,26 @@
}
/*
+ * ImportKeyTest.RsaAttestMultiPurposeFail
+ *
+ * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
+ */
+TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+ uint32_t key_size = 2048;
+ string key = rsa_2048_key;
+
+ ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+ ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .RsaSigningKey(key_size, 65537)
+ .AttestKey()
+ .Digest(Digest::SHA_2_256)
+ .Padding(PaddingMode::RSA_PSS)
+ .SetDefaultValidity(),
+ KeyFormat::PKCS8, key));
+}
+
+/*
* ImportKeyTest.EcdsaSuccess
*
* Verifies that importing and using an ECDSA P-256 key pair works correctly.
@@ -3470,6 +3490,22 @@
}
/*
+ * ImportKeyTest.EcdsaAttestMultiPurposeFail
+ *
+ * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
+ */
+TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+ ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+ ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(EcCurve::P_256)
+ .AttestKey()
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity(),
+ KeyFormat::PKCS8, ec_256_key));
+}
+
+/*
* ImportKeyTest.AesSuccess
*
* Verifies that importing and using an AES key works.
@@ -6618,7 +6654,7 @@
typedef KeyMintAidlTestBase KeyAgreementTest;
-int CurveToOpenSslCurveName(EcCurve curve) {
+static int EcdhCurveToOpenSslCurveName(EcCurve curve) {
switch (curve) {
case EcCurve::P_224:
return NID_secp224r1;
@@ -6628,6 +6664,8 @@
return NID_secp384r1;
case EcCurve::P_521:
return NID_secp521r1;
+ case EcCurve::CURVE_25519:
+ return NID_X25519;
}
}
@@ -6649,7 +6687,7 @@
for (auto localCurve : ValidCurves()) {
// Generate EC key locally (with access to private key material)
auto ecKey = EC_KEY_Ptr(EC_KEY_new());
- int curveName = CurveToOpenSslCurveName(localCurve);
+ int curveName = EcdhCurveToOpenSslCurveName(localCurve);
auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(curveName));
ASSERT_NE(group, nullptr);
ASSERT_EQ(EC_KEY_set_group(ecKey.get(), group.get()), 1);
diff --git a/tv/tuner/1.0/vts/functional/DvrTests.cpp b/tv/tuner/1.0/vts/functional/DvrTests.cpp
index ba21189..599abfb 100644
--- a/tv/tuner/1.0/vts/functional/DvrTests.cpp
+++ b/tv/tuner/1.0/vts/functional/DvrTests.cpp
@@ -204,6 +204,7 @@
void DvrCallback::stopRecordThread() {
mKeepReadingRecordFMQ = false;
mRecordThreadRunning = false;
+ android::Mutex::Autolock autoLock(mRecordThreadLock);
}
AssertionResult DvrTests::openDvrInDemux(DvrType type, uint32_t bufferSize) {
diff --git a/vibrator/aidl/default/main.cpp b/vibrator/aidl/default/main.cpp
index bd834d2..feba2c7 100644
--- a/vibrator/aidl/default/main.cpp
+++ b/vibrator/aidl/default/main.cpp
@@ -31,14 +31,14 @@
auto vib = ndk::SharedRefBase::make<Vibrator>();
const std::string vibName = std::string() + Vibrator::descriptor + "/default";
binder_status_t status = AServiceManager_addService(vib->asBinder().get(), vibName.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
// make the vibrator manager service with a different vibrator
auto managedVib = ndk::SharedRefBase::make<Vibrator>();
auto vibManager = ndk::SharedRefBase::make<VibratorManager>(std::move(managedVib));
const std::string vibManagerName = std::string() + VibratorManager::descriptor + "/default";
status = AServiceManager_addService(vibManager->asBinder().get(), vibManagerName.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return EXIT_FAILURE; // should not reach
diff --git a/weaver/aidl/default/service.cpp b/weaver/aidl/default/service.cpp
index 1495bc9..2099ffd 100644
--- a/weaver/aidl/default/service.cpp
+++ b/weaver/aidl/default/service.cpp
@@ -28,7 +28,7 @@
const std::string instance = std::string() + Weaver::descriptor + "/default";
binder_status_t status = AServiceManager_addService(weaver->asBinder().get(), instance.c_str());
- CHECK(status == STATUS_OK);
+ CHECK_EQ(status, STATUS_OK);
ABinderProcess_joinThreadPool();
return -1; // Should never be reached
diff --git a/wifi/1.5/default/wifi.cpp b/wifi/1.5/default/wifi.cpp
index b9f20a4..a85b242 100644
--- a/wifi/1.5/default/wifi.cpp
+++ b/wifi/1.5/default/wifi.cpp
@@ -131,8 +131,14 @@
WifiStatus wifi_status =
createWifiStatus(WifiStatusCode::ERROR_UNKNOWN, error);
for (const auto& callback : event_cb_handler_.getCallbacks()) {
+ LOG(INFO) << "Attempting to invoke onSubsystemRestart "
+ "callback";
if (!callback->onSubsystemRestart(wifi_status).isOk()) {
- LOG(ERROR) << "Failed to invoke onFailure callback";
+ LOG(ERROR)
+ << "Failed to invoke onSubsystemRestart callback";
+ } else {
+ LOG(INFO) << "Succeeded to invoke onSubsystemRestart "
+ "callback";
}
}
};
diff --git a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp
index ac39a24..eabbf1b 100644
--- a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp
+++ b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test.cpp
@@ -38,12 +38,15 @@
: public ::testing::TestWithParam<std::tuple<std::string, std::string>> {
public:
virtual void SetUp() override {
+ // Stop Wi-Fi
+ ASSERT_TRUE(stopWifiFramework()); // stop & wait for wifi to shutdown.
+
wifi_instance_name_ = std::get<0>(GetParam());
supplicant_instance_name_ = std::get<1>(GetParam());
+ std::system("/system/bin/start");
+ ASSERT_TRUE(waitForFrameworkReady());
isP2pOn_ =
testing::deviceSupportsFeature("android.hardware.wifi.direct");
- // Stop Framework
- std::system("/system/bin/stop");
stopSupplicant(wifi_instance_name_);
startSupplicantAndWaitForHidlService(wifi_instance_name_,
supplicant_instance_name_);
@@ -53,8 +56,8 @@
virtual void TearDown() override {
stopSupplicant(wifi_instance_name_);
- // Start Framework
- std::system("/system/bin/start");
+ // Start Wi-Fi
+ startWifiFramework();
}
protected:
@@ -220,4 +223,4 @@
android::hardware::getAllHalInstanceNames(IWifi::descriptor)),
testing::ValuesIn(android::hardware::getAllHalInstanceNames(
ISupplicant::descriptor))),
- android::hardware::PrintInstanceTupleNameToString<>);
\ No newline at end of file
+ android::hardware::PrintInstanceTupleNameToString<>);
diff --git a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp
index be6aad9..8cb7e22 100644
--- a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp
+++ b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.cpp
@@ -48,6 +48,26 @@
using ::android::wifi_system::SupplicantManager;
namespace {
+bool waitForSupplicantState(bool is_running) {
+ SupplicantManager supplicant_manager;
+ int count = 50; /* wait at most 5 seconds for completion */
+ while (count-- > 0) {
+ if (supplicant_manager.IsSupplicantRunning() == is_running) {
+ return true;
+ }
+ usleep(100000);
+ }
+ LOG(ERROR) << "Supplicant not " << is_running ? "running" : "stopped";
+ return false;
+}
+
+// Helper function to wait for supplicant to be started by framework on wifi
+// enable.
+bool waitForSupplicantStart() { return waitForSupplicantState(true); }
+
+// Helper function to wait for supplicant to be stopped by framework on wifi
+// disable.
+bool waitForSupplicantStop() { return waitForSupplicantState(false); }
// Helper function to initialize the driver and firmware to STA mode
// using the vendor HAL HIDL interface.
@@ -118,6 +138,18 @@
}
} // namespace
+bool startWifiFramework() {
+ std::system("svc wifi enable");
+ std::system("cmd wifi set-scan-always-available enabled");
+ return waitForSupplicantStart(); // wait for wifi to start.
+}
+
+bool stopWifiFramework() {
+ std::system("svc wifi disable");
+ std::system("cmd wifi set-scan-always-available disabled");
+ return waitForSupplicantStop(); // wait for wifi to shutdown.
+}
+
void stopSupplicant() { stopSupplicant(""); }
void stopSupplicant(const std::string& wifi_instance_name) {
diff --git a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h
index 33945cc..22cea8c 100644
--- a/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h
+++ b/wifi/supplicant/1.0/vts/functional/supplicant_hidl_test_utils.h
@@ -29,9 +29,11 @@
#include "wifi_hidl_test_utils.h"
+// Used to start the android wifi framework after every test.
+bool startWifiFramework();
+
// Used to stop the android wifi framework before every test.
-void stopWifiFramework(const std::string& wifi_instance_name);
-void startWifiFramework(const std::string& wifi_instance_name);
+bool stopWifiFramework();
void stopSupplicant(const std::string& wifi_instance_name);
// Used to configure the chip, driver and start wpa_supplicant before every
@@ -70,16 +72,16 @@
: public ::testing::TestWithParam<std::tuple<std::string, std::string>> {
public:
virtual void SetUp() override {
+ // Stop Wi-Fi
+ ASSERT_TRUE(stopWifiFramework()); // stop & wait for wifi to shutdown.
+
// should always be v1.0 wifi
wifi_v1_0_instance_name_ = std::get<0>(GetParam());
supplicant_instance_name_ = std::get<1>(GetParam());
std::system("/system/bin/start");
ASSERT_TRUE(waitForFrameworkReady());
-
isP2pOn_ =
testing::deviceSupportsFeature("android.hardware.wifi.direct");
- // Stop Framework
- std::system("/system/bin/stop");
stopSupplicant(wifi_v1_0_instance_name_);
startSupplicantAndWaitForHidlService(wifi_v1_0_instance_name_,
supplicant_instance_name_);
@@ -88,8 +90,8 @@
virtual void TearDown() override {
stopSupplicant(wifi_v1_0_instance_name_);
- // Start Framework
- std::system("/system/bin/start");
+ // Start Wi-Fi
+ startWifiFramework();
}
protected:
diff --git a/wifi/supplicant/1.3/vts/functional/Android.bp b/wifi/supplicant/1.3/vts/functional/Android.bp
index ec25de2..4b56336 100644
--- a/wifi/supplicant/1.3/vts/functional/Android.bp
+++ b/wifi/supplicant/1.3/vts/functional/Android.bp
@@ -74,5 +74,4 @@
"general-tests",
"vts",
],
- disable_framework: true,
}