Merge "Split BLIND_SPOT_WARNING_STATE into 2 area IDs on emulator" into udc-dev
diff --git a/automotive/can/1.0/tools/configurator/canhalconfigurator.rc b/automotive/can/1.0/tools/configurator/canhalconfigurator.rc
index ff0efd7..8ae7cb2 100644
--- a/automotive/can/1.0/tools/configurator/canhalconfigurator.rc
+++ b/automotive/can/1.0/tools/configurator/canhalconfigurator.rc
@@ -1,3 +1,4 @@
 service canhalconfigurator /system_ext/bin/canhalconfigurator
   class core
+  user root
   oneshot
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
index a92b366..2be76cb 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
@@ -178,6 +178,8 @@
      *   2) A face is rejected, and ISessionCallback#onAuthenticationFailed is invoked.
      *   3) Any non-recoverable error occurs (such as lockout). See the full list of
      *      authentication-specific errors in the Error enum.
+     *   4) ISessionCallback#onLockoutPermanent is invoked.
+     *   5) ISessionCallback#onLockoutTimed is invoked.
      *
      * Note that upon successful authentication, the lockout counter for this (sensorId, userId)
      * pair must be cleared.
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl
index b3c348d..9eb575c 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl
@@ -119,6 +119,8 @@
      * lockout, and authentication can be restarted after a period of time. See
      * ISession#resetLockout.
      *
+     * This ends the authentication lifecycle.
+     *
      * @param sensorId Sensor for which the user is locked out.
      * @param userId User for which the sensor is locked out.
      * @param durationMillis Remaining duration of the lockout.
@@ -131,6 +133,8 @@
      * Authentication is disabled until the user unlocks with their device credential
      * (PIN/Pattern/Password). See ISession#resetLockout.
      *
+     * This ends the authentication lifecycle.
+     *
      * @param sensorId Sensor for which the user is locked out.
      * @param userId User for which the sensor is locked out.
      */
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 622835e..93b5380 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -78,7 +78,7 @@
         "compatibility_matrix.8.xml",
     ],
     kernel_configs: [
-        "kernel_config_current_5.15",
-        "kernel_config_current_6.1",
+        "kernel_config_u_5.15",
+        "kernel_config_u_6.1",
     ],
 }
diff --git a/radio/aidl/vts/radio_modem_test.cpp b/radio/aidl/vts/radio_modem_test.cpp
index c00b238..3454f33 100644
--- a/radio/aidl/vts/radio_modem_test.cpp
+++ b/radio/aidl/vts/radio_modem_test.cpp
@@ -191,6 +191,13 @@
  * Test IRadioModem.getImei() for the response returned.
  */
 TEST_P(RadioModemTest, getImei) {
+    int32_t aidl_version;
+    ndk::ScopedAStatus aidl_status = radio_modem->getInterfaceVersion(&aidl_version);
+    ASSERT_OK(aidl_status);
+    if (aidl_version < 2) {
+        ALOGI("Skipped the test since getImei is not supported on version < 2");
+        GTEST_SKIP();
+    }
     LOG(DEBUG) << "getImei";
     serial = GetRandomSerialNumber();
 
diff --git a/radio/aidl/vts/radio_sim_test.cpp b/radio/aidl/vts/radio_sim_test.cpp
index 44be258..f657142 100644
--- a/radio/aidl/vts/radio_sim_test.cpp
+++ b/radio/aidl/vts/radio_sim_test.cpp
@@ -765,6 +765,14 @@
  * Test IRadioSim.iccCloseLogicalChannelWithSessionInfo() for the response returned.
  */
 TEST_P(RadioSimTest, iccCloseLogicalChannelWithSessionInfo) {
+    int32_t aidl_version;
+    ndk::ScopedAStatus aidl_status = radio_sim->getInterfaceVersion(&aidl_version);
+    ASSERT_OK(aidl_status);
+    if (aidl_version < 2) {
+        ALOGI("Skipped the test since"
+              " iccCloseLogicalChannelWithSessionInfo is not supported on version < 2");
+        GTEST_SKIP();
+    }
     LOG(DEBUG) << "iccCloseLogicalChannelWithSessionInfo";
     serial = GetRandomSerialNumber();
     SessionInfo info;
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index ed3ca74..7a4359d 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp
@@ -63,6 +63,7 @@
     srcs: [
         "AttestKeyTest.cpp",
         "AuthTest.cpp",
+        "BootloaderStateTest.cpp",
         "DeviceUniqueAttestationTest.cpp",
         "KeyBlobUpgradeTest.cpp",
         "KeyMintTest.cpp",
diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
new file mode 100644
index 0000000..fdadad4
--- /dev/null
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "keymint_1_bootloader_test"
+
+#include <memory>
+#include <optional>
+#include <string>
+#include <vector>
+
+#include <android/binder_manager.h>
+#include <remote_prov/remote_prov_utils.h>
+
+#include "KeyMintAidlTestBase.h"
+
+namespace aidl::android::hardware::security::keymint::test {
+
+using ::android::getAidlHalInstanceNames;
+using ::std::string;
+using ::std::vector;
+
+// Since this test needs to talk to KeyMint HAL, it can only run as root. Thus,
+// bootloader can not be locked.
+class BootloaderStateTest : public testing::TestWithParam<std::string> {
+  public:
+    virtual void SetUp() override {
+        ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
+        keyMint_ = IKeyMintDevice::fromBinder(binder);
+        ASSERT_TRUE(keyMint_) << "Failed to get KM device";
+    }
+
+    std::shared_ptr<IKeyMintDevice> keyMint_;
+};
+
+// Check that attested bootloader state is set to unlocked.
+TEST_P(BootloaderStateTest, IsUnlocked) {
+    // Generate a key with attestation.
+    AuthorizationSet keyDesc = AuthorizationSetBuilder()
+                                       .Authorization(TAG_NO_AUTH_REQUIRED)
+                                       .EcdsaSigningKey(EcCurve::P_256)
+                                       .AttestationChallenge("foo")
+                                       .AttestationApplicationId("bar")
+                                       .Digest(Digest::NONE)
+                                       .SetDefaultValidity();
+    KeyCreationResult creationResult;
+    auto kmStatus = keyMint_->generateKey(keyDesc.vector_data(), std::nullopt, &creationResult);
+    ASSERT_TRUE(kmStatus.isOk());
+
+    vector<Certificate> key_cert_chain = std::move(creationResult.certificateChain);
+
+    // Parse attested AVB values.
+    const auto& attestation_cert = key_cert_chain[0].encodedCertificate;
+    X509_Ptr cert(parse_cert_blob(attestation_cert));
+    ASSERT_TRUE(cert.get());
+
+    ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get());
+    ASSERT_TRUE(attest_rec);
+
+    vector<uint8_t> key;
+    VerifiedBoot attestedVbState;
+    bool attestedBootloaderState;
+    vector<uint8_t> attestedVbmetaDigest;
+    auto error = parse_root_of_trust(attest_rec->data, attest_rec->length, &key, &attestedVbState,
+                                     &attestedBootloaderState, &attestedVbmetaDigest);
+    ASSERT_EQ(error, ErrorCode::OK);
+    ASSERT_FALSE(attestedBootloaderState) << "This test runs as root. Bootloader must be unlocked.";
+}
+
+INSTANTIATE_TEST_SUITE_P(PerInstance, BootloaderStateTest,
+                         testing::ValuesIn(getAidlHalInstanceNames(IKeyMintDevice::descriptor)),
+                         ::android::PrintInstanceNameToString);
+
+}  // namespace aidl::android::hardware::security::keymint::test
diff --git a/wifi/aidl/android/hardware/wifi/IWifiStaIface.aidl b/wifi/aidl/android/hardware/wifi/IWifiStaIface.aidl
index 2c81984..6d6afaf 100644
--- a/wifi/aidl/android/hardware/wifi/IWifiStaIface.aidl
+++ b/wifi/aidl/android/hardware/wifi/IWifiStaIface.aidl
@@ -534,14 +534,18 @@
     void stopSendingKeepAlivePackets(in int cmdId);
 
     /**
-     * Set DTIM multiplier used when the system is in the suspended mode.
+     * Set maximum acceptable DTIM multiplier to hardware driver.
+     * Any multiplier larger than this maximum value must not be accepted since it will cause
+     * packet loss higher than what the system can accept, which will cause unexpected behavior
+     * for apps, and may interrupt the network connection.
+     *
      * When STA is in the power saving mode and system is suspended,
      * the wake up interval will be set to:
      *              1) multiplier * DTIM period if multiplier > 0.
      *              2) the driver default value if multiplier <= 0.
      * Some implementations may apply an additional cap to wake up interval in the case of 1).
      *
-     * @param multiplier integer DTIM multiplier value to set.
+     * @param multiplier integer maximum DTIM multiplier value to set.
      * @throws ServiceSpecificException with one of the following values:
      *         |WifiStatusCode.ERROR_WIFI_IFACE_INVALID|,
      *         |WifiStatusCode.ERROR_NOT_SUPPORTED|,
diff --git a/wifi/aidl/default/wifi.cpp b/wifi/aidl/default/wifi.cpp
index e30c38a..d6a85da 100644
--- a/wifi/aidl/default/wifi.cpp
+++ b/wifi/aidl/default/wifi.cpp
@@ -19,6 +19,7 @@
 #include <android-base/logging.h>
 
 #include "aidl_return_util.h"
+#include "aidl_sync_util.h"
 #include "wifi_status_util.h"
 
 namespace {
@@ -32,6 +33,7 @@
 namespace wifi {
 using aidl_return_util::validateAndCall;
 using aidl_return_util::validateAndCallWithLock;
+using aidl_sync_util::acquireGlobalLock;
 
 Wifi::Wifi(const std::shared_ptr<::android::wifi_system::InterfaceTool> iface_tool,
            const std::shared_ptr<legacy_hal::WifiLegacyHalFactory> legacy_hal_factory,
@@ -78,6 +80,7 @@
 }
 
 binder_status_t Wifi::dump(int fd, const char** args, uint32_t numArgs) {
+    const auto lock = acquireGlobalLock();
     LOG(INFO) << "-----------Debug was called----------------";
     if (chips_.size() == 0) {
         LOG(INFO) << "No chips to display.";