Merge "IFingerprint: update comments" into sc-dev
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/EnrollmentType.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/EnrollmentType.aidl
index d7f3175..c960933 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/EnrollmentType.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/EnrollmentType.aidl
@@ -19,6 +19,15 @@
@VintfStability
@Backing(type="byte")
enum EnrollmentType {
+ /**
+ * Default enrollment type.
+ */
DEFAULT,
+
+ /**
+ * Enrollment type for people with limited vision or mobility. For example,
+ * enrollment of this type will not ask the user to move their head or
+ * look directly at the device.
+ */
ACCESSIBILITY,
}
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/FaceSensorType.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/FaceSensorType.aidl
index 57f39d4..a5ed2e8 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/FaceSensorType.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/FaceSensorType.aidl
@@ -16,4 +16,23 @@
package android.hardware.biometrics.face;
-@VintfStability @Backing(type="byte") enum FaceSensorType { UNKNOWN, RGB, IR }
+@VintfStability
+@Backing(type="byte")
+enum FaceSensorType {
+ /**
+ * Placeholder value used for default initialization of FaceSensorType.
+ * This value means FaceSensorType wasn't explicitly initialized and must
+ * be discarded by the recipient.
+ */
+ UNKNOWN,
+
+ /**
+ * The face sensor is an RGB camera.
+ */
+ RGB,
+
+ /**
+ * The face sensor is an infrared camera.
+ */
+ IR,
+}
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/IFace.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/IFace.aidl
index 11cdf77..4d7e59e 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/IFace.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/IFace.aidl
@@ -25,28 +25,30 @@
/**
* getSensorProps:
*
- * @return A list of properties for all face sensors available to the HAL.
+ * @return A list of properties for all of the face sensors supported by the HAL.
*/
SensorProps[] getSensorProps();
/**
* createSession:
*
- * Creates a session that can be used by the framework to perform operations such as
- * enroll, authenticate, etc. for the given sensorId and userId.
+ * Creates an instance of ISession that can be used by the framework to perform operations such
+ * as ISession#enroll, ISession#authenticate, etc. for the given sensorId and userId.
*
- * Calling this method while there is an active session is considered an error. If the
- * framework is in a bad state and for some reason cannot close its session, it should use
- * the reset method below.
+ * Calling this method while there is an active session is considered an error. If the framework
+ * wants to create a new session when it already has an active session, it must first cancel the
+ * current operation if it's cancellable or wait until it completes. Then, the framework must
+ * explicitly close the session with ISession#close. Once the framework receives
+ * ISessionCallback#onSessionClosed, a new session can be created.
*
* Implementations must store user-specific state or metadata in /data/vendor_de/<user>/facedata
* as specified by the SELinux policy. The directory /data/vendor_de is managed by vold (see
* vold_prepare_subdirs.cpp). Implementations may store additional user-specific data, such as
- * embeddings or templates in StrongBox.
+ * embeddings or templates, in StrongBox.
*
- * @param sensorId The sensorId with which this session is being created.
- * @param userId The userId with which this session is being created.
- * @param cb A callback to notify the framework about the session's results and events.
+ * @param sensorId The sensorId for which this session is being created.
+ * @param userId The userId for which this session is being created.
+ * @param cb A callback to notify the framework about the session's events.
* @return A new session.
*/
ISession createSession(in int sensorId, in int userId, in ISessionCallback cb);
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
index a9a8c16..2a57e3a 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
@@ -24,13 +24,12 @@
import android.hardware.keymaster.HardwareAuthToken;
/**
- * Operations that can be performed for unique sessions retrieved via IFace#createSession.
* Operations defined within this interface can be divided into the following categories:
* 1) Cancellable operations. These are usually the operations that can execute for several
- * minutes. To allow for cancellation, they return an instance of ICancellationSignal that
- * lets the framework cancel them by calling ICancellationSignal#cancel. If such an operation
- * is cancelled, it must notify the framework by calling ISessionCallback#onError with
- * Error::CANCELED.
+ * minutes. To allow for cancellation, they return an instance of ICancellationSignal that
+ * lets the framework cancel them by calling ICancellationSignal#cancel. If such an operation
+ * is cancelled, it must notify the framework by calling ISessionCallback#onError with
+ * Error::CANCELED.
* 2) Non-cancellable operations. Such operations cannot be cancelled once started.
*
* The lifecycle of an operation ends when one of its terminal callbacks is called. For example,
@@ -83,15 +82,20 @@
* | 0 | 10 | <Time4> | <Random4> |
* ----------------------------------------------
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onChallengeGenerated
+ *
*/
void generateChallenge();
/**
* revokeChallenge:
*
- * Revokes a challenge that was previously generated. Note that if an invalid combination of
- * parameters is requested, the implementation must still notify the framework using the
- * provided callback.
+ * Revokes a challenge that was previously generated. Note that if a non-existent challenge is
+ * provided, the HAL must still notify the framework using ISessionCallback#onChallengeRevoked.
+ *
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onChallengeRevoked
*
* @param challenge Challenge that should be revoked.
*/
@@ -100,9 +104,9 @@
/**
* getEnrollmentConfig:
*
- * Returns the enrollment configuration depending on the provided enrollment type. Enrollment
- * configuration determines how many stages the enrollment will have and the requirements for
- * each of the stages.
+ * Returns the enrollment configuration for the provided enrollment type. Enrollment
+ * configuration determines how many stages the enrollment will have and the requirements
+ * for each of the stages.
*
* @param enrollmentType See the EnrollmentType enum.
* @return An EnrollmentStageConfig array that describes each enrollment stage.
@@ -117,22 +121,28 @@
* At any point during enrollment, if a non-recoverable error occurs, the HAL must notify the
* framework via ISessionCallback#onError with the applicable enrollment-specific error.
*
- * Before capturing face data, the implementation must first verify the authenticity and
- * integrity of the provided HardwareAuthToken. In addition, it must check that the challenge
- * within the provided HardwareAuthToken is valid. See ISession#generateChallenge. If any of
- * the above checks fail, the framework must be notified using ISessionCallback#onError with
- * Error::UNABLE_TO_PROCESS.
+ * Before capturing face data, the HAL must first verify the authenticity and integrity of the
+ * provided HardwareAuthToken. In addition, it must check that the challenge within the provided
+ * HardwareAuthToken is valid. See ISession#generateChallenge. If any of the above checks fail,
+ * the framework must be notified using ISessionCallback#onError with Error::UNABLE_TO_PROCESS.
*
- * During enrollment, the implementation may notify the framework via
- * ISessionCallback#onAcquired with messages that may be used to guide the user. This callback
- * can be invoked multiple times if necessary. Similarly, the framework may be notified of
- * enrollment progress changes via ISessionCallback#onEnrollmentProgress. Once the framework is
- * notified that there are 0 "remaining" steps, the framework may cache the "enrollmentId". See
+ * During enrollment, the HAL may notify the framework via ISessionCallback#onAcquired with
+ * messages that may be used to guide the user. This callback can be invoked multiple times if
+ * necessary. Similarly, the framework may be notified of enrollment progress changes via
+ * ISessionCallback#onEnrollmentProgress. Once the framework is notified that there are 0
+ * "remaining" steps, the framework may cache the "enrollmentId". See
* ISessionCallback#onEnrollmentProgress for more info.
*
* When a face is successfully added and before the framework is notified of remaining=0, the
- * implementation MUST update and associate this (sensorId, userId) pair with a new
- * entropy-encoded random identifier. See ISession#getAuthenticatorId for more information.
+ * HAL must update and associate this (sensorId, userId) pair with a new entropy-encoded random
+ * identifier. See ISession#getAuthenticatorId for more information.
+ *
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onError
+ * - ISessionCallback#onEnrollmentProgress(enrollmentId, remaining=0)
+ *
+ * Other applicable callbacks:
+ * - ISessionCallback#onAcquired
*
* @param hat See above documentation.
* @param enrollmentType See the EnrollmentType enum.
@@ -154,15 +164,18 @@
* At any point during authentication, if a non-recoverable error occurs, the HAL must notify
* the framework via ISessionCallback#onError with the applicable authentication-specific error.
*
- * During authentication, the implementation may notify the framework via
- * ISessionCallback#onAcquired with messages that may be used to guide the user. This callback
- * can be invoked multiple times if necessary.
+ * During authentication, the HAL may notify the framework via ISessionCallback#onAcquired with
+ * messages that may be used to guide the user. This callback can be invoked multiple times if
+ * necessary.
*
- * The HAL must notify the framework of accepts/rejects via ISessionCallback#onAuthentication*.
+ * The HAL must notify the framework of accepts/rejects via
+ * ISessionCallback#onAuthenticationSucceeded and ISessionCallback#onAuthenticationFailed,
+ * correspondingly.
*
- * The authentication lifecycle ends when either
- * 1) A face is accepted, and ISessionCallback#onAuthenticationSucceeded is invoked, or
- * 2) Any non-recoverable error occurs (such as lockout). See the full list of
+ * The authentication lifecycle ends when any of the following happens:
+ * 1) A face is accepted, and ISessionCallback#onAuthenticationSucceeded is invoked.
+ * 2) A face is rejected, and ISessionCallback#onAuthenticationFailed is invoked.
+ * 3) Any non-recoverable error occurs (such as lockout). See the full list of
* authentication-specific errors in the Error enum.
*
* Note that upon successful authentication, the lockout counter for this (sensorId, userId)
@@ -174,16 +187,26 @@
* must be set with the operationId passed in during #authenticate. If the sensor is NOT
* SensorStrength::STRONG, the HardwareAuthToken MUST be null.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onError
+ * - ISessionCallback#onAuthenticationSucceeded
+ * - ISessionCallback#onAuthenticationFailed
+ *
+ * Other applicable callbacks:
+ * - ISessionCallback#onAcquired
+ * - ISessionCallback#onLockoutTimed
+ * - ISessionCallback#onLockoutPermanent
+ *
* @param operationId For sensors configured as SensorStrength::STRONG, this must be used ONLY
* upon successful authentication and wrapped in the HardwareAuthToken's
* "challenge" field and sent to the framework via
- * ISessionCallback#onAuthenticated. The operationId is an opaque identifier
- * created from a separate secure subsystem such as, but not limited to
- * KeyStore/KeyMaster. The HardwareAuthToken can then be used as an
- * attestation for the provided operation. For example, this is used
- * to unlock biometric-bound auth-per-use keys (see
+ * ISessionCallback#onAuthenticationSucceeded. The operationId is an opaque
+ * identifier created from a separate secure subsystem such as, but not
+ * limited to KeyStore/KeyMaster. The HardwareAuthToken can then be used as
+ * an attestation for the provided operation. For example, this is used to
+ * unlock biometric-bound auth-per-use keys (see
* setUserAuthenticationParameters in KeyGenParameterSpec.Builder and
- * KeyProtection.Builder.
+ * KeyProtection.Builder).
* @return ICancellationSignal An object that can be used by the framework to cancel this
* operation.
*/
@@ -193,32 +216,36 @@
* detectInteraction:
*
* A request to start looking for faces without performing matching. Must only be called if
- * SensorProps#supportsDetectInteraction is true. If invoked on implementations that do not
- * support this functionality, the HAL must respond with ISession#onError(UNABLE_TO_PROCESS, 0).
+ * SensorProps#supportsDetectInteraction is true. If invoked on HALs that do not support this
+ * functionality, the HAL must respond with ISession#onError(UNABLE_TO_PROCESS, 0).
*
- * The framework will use this method in cases where determing user presence is required, but
- * identifying/authentication is not. For example, when the device is encrypted (first boot) or
- * in lockdown mode.
+ * The framework will use this operation in cases where determining user presence is required,
+ * but identifying/authenticating is not. For example, when the device is encrypted (first boot)
+ * or in lockdown mode.
*
* At any point during detectInteraction, if a non-recoverable error occurs, the HAL must notify
* the framework via ISessionCallback#onError with the applicable error.
*
- * The implementation must only check for a face-like image was detected (e.g. to
- * minimize interactions due to non-face objects), and the lockout counter must not
- * be modified.
+ * The HAL must only check whether a face-like image was detected (e.g. to minimize interactions
+ * due to non-face objects), and the lockout counter must not be modified.
*
- * Upon detecting any face, the implementation must invoke
- * ISessionCallback#onInteractionDetected.
+ * Upon detecting any face, the HAL must invoke ISessionCallback#onInteractionDetected.
*
- * The lifecycle of this operation ends when either
+ * The lifecycle of this operation ends when either:
* 1) Any face is detected and the framework is notified via
- * ISessionCallback#onInteractiondetected
- * 2) The operation was cancelled by the framework (see ICancellationSignal)
- * 3) An error occurred, for example ERROR::TIMEOUT
+ * ISessionCallback#onInteractionDetected.
+ * 2) An error occurrs, for example Error::TIMEOUT.
*
- * Note that if the operation is canceled, the implementation must notify the framework via
+ * Note that if the operation is canceled, the HAL must notify the framework via
* ISessionCallback#onError with Error::CANCELED.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onError
+ * - ISessionCallback#onInteractionDetected
+ *
+ * Other applicable callbacks:
+ * - ISessionCallback#onAcquired
+ *
* @return ICancellationSignal An object that can be used by the framework to cancel this
* operation.
*/
@@ -227,12 +254,14 @@
/*
* enumerateEnrollments:
*
- * A request to enumerate (list) the enrollments for this (sensorId, userId) pair. The
- * framework typically uses this to ensure that its cache is in sync with the HAL.
+ * A request to enumerate (list) the enrollments for this (sensorId, userId) pair. The framework
+ * typically uses this to ensure that its cache is in sync with the HAL.
*
- * The implementation must then notify the framework with a list of enrollments applicable
- * for the current session via ISessionCallback#onEnrollmentsEnumerated.
+ * The HAL must then notify the framework with a list of enrollments applicable for the current
+ * session via ISessionCallback#onEnrollmentsEnumerated.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onEnrollmentsEnumerated
*/
void enumerateEnrollments();
@@ -242,8 +271,12 @@
* A request to remove the enrollments for this (sensorId, userId) pair.
*
* After removing the enrollmentIds from everywhere necessary (filesystem, secure subsystems,
- * etc), the implementation must notify the framework via ISessionCallback#onEnrollmentsRemoved.
+ * etc), the HAL must notify the framework via ISessionCallback#onEnrollmentsRemoved.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onEnrollmentsRemoved
+ *
+ * @param enrollmentIds a list of enrollments that should be removed.
*/
void removeEnrollments(in int[] enrollmentIds);
@@ -257,6 +290,10 @@
*
* The HAL must notify the framework about the result by calling
* ISessionCallback#onFeaturesRetrieved.
+ *
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onError
+ * - ISessionCallback#onFeaturesRetrieved
*/
void getFeatures();
@@ -264,15 +301,19 @@
* setFeature:
*
* Enables or disables a feature for this (sensorId, userId) pair. Because certain features may
- * decrease security, the user must enter their password before this method is invoked
- * (see @param hat). The HAL must verify the hat before changing any feature state.
+ * decrease security, the user must enter their password before this operation is invoked
+ * (see @param hat). The HAL must verify the HAT before changing any feature state.
*
- * If the hat is invalid or if the user is not enrolled, the HAL must invoke
+ * If the HAT is invalid or if the user is not enrolled, the HAL must invoke
* ISessionCallback#onError with Error::UNABLE_TO_PROCESS.
*
* After the feature is successfully set, the HAL must notify the framework by calling
* ISessionCallback#onFeatureSet.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onError
+ * - ISessionCallback#onFeatureSet
+ *
* @param hat HardwareAuthToken See above documentation.
* @param feature The feature to be enabled or disabled.
* @param enabled Whether the provided features should be enabled or disabled.
@@ -295,8 +336,8 @@
* KeyProtection.Builder.setInvalidatedByBiometricEnrollment.
*
* In addition, upon successful face authentication, the signed HAT that is returned to
- * the framework via ISessionCallback#onAuthenticated must contain this identifier in the
- * authenticatorId field.
+ * the framework via ISessionCallback#onAuthenticationSucceeded must contain this identifier in
+ * the authenticatorId field.
*
* Returns an entropy-encoded random identifier associated with the current set of enrollments
* via ISessionCallback#onAuthenticatorIdRetrieved. The authenticatorId
@@ -305,20 +346,21 @@
* 3) MUST not change if a face is deleted.
* 4) MUST be an entropy-encoded random number
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onAuthenticatorIdRetrieved
*/
void getAuthenticatorId();
/**
* invalidateAuthenticatorId:
*
- * This method only applies to sensors that are configured as SensorStrength::STRONG. If invoked
- * by the framework for sensor of other strengths, the HAL should immediately invoke
+ * This operation only applies to sensors that are configured as SensorStrength::STRONG. If
+ * invoked by the framework for sensors of other strengths, the HAL should immediately invoke
* ISessionCallback#onAuthenticatorIdInvalidated.
*
* The following only applies to sensors that are configured as SensorStrength::STRONG.
*
- * When invoked by the framework, the implementation must perform the following sequence of
- * events:
+ * When invoked by the framework, the HAL must perform the following sequence of events:
* 1) Update the authenticatorId with a new entropy-encoded random number
* 2) Persist the new authenticatorId to non-ephemeral storage
* 3) Notify the framework that the above is completed, via
@@ -326,18 +368,20 @@
*
* A practical use case of invalidation would be when the user adds a new enrollment to a sensor
* managed by a different HAL instance. The public android.security.keystore APIs bind keys to
- * "all biometrics" rather than "face-only" or "face-only" (see #getAuthenticatorId
- * for more details). As such, the framework would coordinate invalidation across multiple
- * biometric HALs as necessary.
+ * "all biometrics" rather than "fingerprint-only" or "face-only" (see #getAuthenticatorId for
+ * more details). As such, the framework would coordinate invalidation across multiple biometric
+ * HALs as necessary.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onAuthenticatorIdInvalidated
*/
void invalidateAuthenticatorId();
/**
* resetLockout:
*
- * Requests the implementation to clear the lockout counter. Upon receiving this request, the
- * implementation must perform the following:
+ * Requests the HAL to clear the lockout counter. Upon receiving this request, the HAL must
+ * perform the following:
* 1) Verify the authenticity and integrity of the provided HAT
* 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the
* order of minutes, not hours).
@@ -373,6 +417,9 @@
* See the Android CDD section 7.3.10 for the full set of lockout and rate-limiting
* requirements.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onLockoutCleared
+ *
* @param hat HardwareAuthToken See above documentation.
*/
void resetLockout(in HardwareAuthToken hat);
@@ -384,9 +431,14 @@
* If the HAL is busy performing a cancellable operation, the operation must be explicitly
* cancelled with a call to ICancellationSignal#cancel before the session can be closed.
*
+ * After a session is closed, the HAL must notify the framework by calling
+ * ISessionCallback#onSessionClosed.
+ *
* All sessions must be explicitly closed. Calling IFace#createSession while there is an active
* session is considered an error.
*
+ * Callbacks that signify the end of this operation's lifecycle:
+ * - ISessionCallback#onSessionClosed
*/
void close();
}
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl
index 23570bd..b3c348d 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl
@@ -37,11 +37,11 @@
/**
* This method must only be used to notify the framework during the following operations:
- * 1) ISession#authenticate
- * 2) ISession#detectInteraction
+ * - ISession#authenticate
+ * - ISession#detectInteraction
*
- * These messages may be used to provide user guidance multiple times if necessary per
- * operation.
+ * These messages may be used to provide user guidance multiple times per operation if
+ * necessary.
*
* @param frame See the AuthenticationFrame enum.
*/
@@ -51,8 +51,8 @@
* This method must only be used to notify the framework during the ISession#enroll
* operation.
*
- * These messages may be used to provide user guidance multiple times if necessary per
- * operation.
+ * These messages may be used to provide user guidance multiple times per operation if
+ * necessary.
*
* @param frame See the EnrollmentFrame enum.
*/
@@ -60,18 +60,18 @@
/**
* This method must only be used to notify the framework during the following operations:
- * 1) ISession#enroll
- * 2) ISession#authenticate
- * 3) ISession#detectInteraction
- * 4) ISession#invalidateAuthenticatorId
- * 5) ISession#resetLockout
+ * - ISession#enroll
+ * - ISession#authenticate
+ * - ISession#detectInteraction
+ * - ISession#invalidateAuthenticatorId
+ * - ISession#resetLockout
*
* These messages may be used to notify the framework or user that a non-recoverable error
* has occurred. The operation is finished, and the HAL must proceed with the next operation
* or return to the idling state.
*
- * Note that cancellation (see common::ICancellationSignal) and preemption must be followed with
- * an Error::CANCELED message.
+ * Note that cancellation (see common::ICancellationSignal) must be followed with an
+ * Error::CANCELED message.
*
* @param error See the Error enum.
* @param vendorCode Only valid if error == Error::VENDOR. The vendorCode must be used to index
diff --git a/memtrack/aidl/android/hardware/memtrack/IMemtrack.aidl b/memtrack/aidl/android/hardware/memtrack/IMemtrack.aidl
index e78d4d7..13c3389 100644
--- a/memtrack/aidl/android/hardware/memtrack/IMemtrack.aidl
+++ b/memtrack/aidl/android/hardware/memtrack/IMemtrack.aidl
@@ -31,12 +31,14 @@
* accounting for stride, bit depth, rounding up to page size, etc.
*
* The following getMemory() categories are important for memory accounting in
- * `dumpsys meminfo` and should be reported as described below:
+ * Android frameworks (e.g. `dumpsys meminfo`) and should be reported as described
+ * below:
*
* - MemtrackType::GRAPHICS and MemtrackRecord::FLAG_SMAPS_UNACCOUNTED
- * This should report the PSS of all DMA buffers mapped by the process
- * with the specified PID. This PSS can be calculated using ReadDmaBufPss()
- * form libdmabufinfo.
+ * This should report the PSS of all CPU-Mapped DMA-BUFs (buffers mapped into
+ * the process address space) and all GPU-Mapped DMA-BUFs (buffers mapped into
+ * the GPU device address space on behalf of the process), removing any overlap
+ * between the CPU-mapped and GPU-mapped sets.
*
* - MemtrackType::GL and MemtrackRecord::FLAG_SMAPS_UNACCOUNTED
* This category should report all GPU private allocations for the specified
@@ -46,6 +48,10 @@
* Any other memory not accounted for in /proc/<pid>/smaps if any, otherwise
* this should return 0.
*
+ * SMAPS_UNACCOUNTED memory should also include memory that is mapped with
+ * VM_PFNMAP flag set. For these mappings PSS and RSS are reported as 0 in smaps.
+ * Such mappings have no backing page structs from which PSS/RSS can be calculated.
+ *
* Constructor for the interface should be used to perform memtrack management
* setup actions and must be called once before any calls to getMemory().
*/
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index ff08ce6..386029f 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp
@@ -23,16 +23,11 @@
default_applicable_licenses: ["hardware_interfaces_license"],
}
-cc_test {
- name: "VtsAidlKeyMintTargetTest",
+cc_defaults {
+ name: "keymint_vts_defaults",
defaults: [
- "VtsHalTargetTestDefaults",
"use_libaidlvintf_gtest_helper_static",
- ],
- srcs: [
- "AttestKeyTest.cpp",
- "DeviceUniqueAttestationTest.cpp",
- "KeyMintTest.cpp",
+ "VtsHalTargetTestDefaults",
],
shared_libs: [
"libbinder_ndk",
@@ -43,9 +38,24 @@
"android.hardware.security.secureclock-V1-ndk_platform",
"libcppbor_external",
"libcppcose_rkp",
+ "libjsoncpp",
"libkeymint",
"libkeymint_remote_prov_support",
"libkeymint_support",
+ ],
+}
+
+cc_test {
+ name: "VtsAidlKeyMintTargetTest",
+ defaults: [
+ "keymint_vts_defaults",
+ ],
+ srcs: [
+ "AttestKeyTest.cpp",
+ "DeviceUniqueAttestationTest.cpp",
+ "KeyMintTest.cpp",
+ ],
+ static_libs: [
"libkeymint_vts_test_utils",
],
test_suites: [
@@ -57,8 +67,7 @@
cc_test_library {
name: "libkeymint_vts_test_utils",
defaults: [
- "VtsHalTargetTestDefaults",
- "use_libaidlvintf_gtest_helper_static",
+ "keymint_vts_defaults",
],
srcs: [
"KeyMintAidlTestBase.cpp",
@@ -66,45 +75,22 @@
export_include_dirs: [
".",
],
- shared_libs: [
- "libbinder_ndk",
- "libcrypto",
- ],
static_libs: [
- "android.hardware.security.keymint-V1-ndk_platform",
- "android.hardware.security.secureclock-V1-ndk_platform",
- "libcppbor_external",
- "libcppcose_rkp",
"libgmock_ndk",
- "libkeymint",
- "libkeymint_remote_prov_support",
- "libkeymint_support",
],
}
cc_test {
name: "VtsHalRemotelyProvisionedComponentTargetTest",
defaults: [
- "VtsHalTargetTestDefaults",
- "use_libaidlvintf_gtest_helper_static",
+ "keymint_vts_defaults",
],
srcs: [
"VtsRemotelyProvisionedComponentTests.cpp",
],
- shared_libs: [
- "libbinder_ndk",
- "libcrypto",
- ],
static_libs: [
- "android.hardware.security.keymint-V1-ndk_platform",
- "android.hardware.security.secureclock-V1-ndk_platform",
- "libcppbor_external",
- "libcppcose_rkp",
"libgmock_ndk",
"libkeymaster_portable",
- "libkeymint",
- "libkeymint_support",
- "libkeymint_remote_prov_support",
"libkeymint_vts_test_utils",
"libpuresoftkeymasterdevice",
],
diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp
index c2dba04..9e218b6 100644
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -57,9 +57,11 @@
"include",
],
shared_libs: [
+ "libbase",
"libcppbor_external",
"libcppcose_rkp",
"libcrypto",
+ "libjsoncpp",
],
}
@@ -71,9 +73,11 @@
"libgtest_main",
],
shared_libs: [
+ "libbase",
"libcppbor_external",
"libcppcose_rkp",
"libcrypto",
+ "libjsoncpp",
"libkeymaster_portable",
"libkeymint_remote_prov_support",
],
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index b02d273..406b7a9 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -87,4 +87,26 @@
*/
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc);
+struct JsonOutput {
+ static JsonOutput Ok(std::string json) { return {std::move(json), ""}; }
+ static JsonOutput Error(std::string error) { return {"", std::move(error)}; }
+
+ std::string output;
+ std::string error; // if non-empty, this describes what went wrong
+};
+
+/**
+ * Take a given certificate request and output a JSON blob containing both the
+ * build fingerprint and certificate request. This data may be serialized, then
+ * later uploaded to the remote provisioning service. The input csr is not
+ * validated, only encoded.
+ *
+ * Output format:
+ * {
+ * "build_fingerprint": <string>
+ * "csr": <base64 CBOR CSR>
+ * }
+ */
+JsonOutput jsonEncodeCsrWithBuild(const cppbor::Array& csr);
+
} // namespace aidl::android::hardware::security::keymint::remote_prov
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 982a1eb..0cbee51 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -14,13 +14,15 @@
* limitations under the License.
*/
+#include <iterator>
#include <tuple>
-#include <remote_prov/remote_prov_utils.h>
-
-#include <openssl/rand.h>
-
+#include <android-base/properties.h>
#include <cppbor.h>
+#include <json/json.h>
+#include <openssl/base64.h>
+#include <openssl/rand.h>
+#include <remote_prov/remote_prov_utils.h>
namespace aidl::android::hardware::security::keymint::remote_prov {
@@ -180,4 +182,36 @@
return result;
}
+JsonOutput jsonEncodeCsrWithBuild(const cppbor::Array& csr) {
+ const std::string kFingerprintProp = "ro.build.fingerprint";
+
+ if (!::android::base::WaitForPropertyCreation(kFingerprintProp)) {
+ return JsonOutput::Error("Unable to read build fingerprint");
+ }
+
+ bytevec csrCbor = csr.encode();
+ size_t base64Length;
+ int rc = EVP_EncodedLength(&base64Length, csrCbor.size());
+ if (!rc) {
+ return JsonOutput::Error("Error getting base64 length. Size overflow?");
+ }
+
+ std::vector<char> base64(base64Length);
+ rc = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(base64.data()), csrCbor.data(), csrCbor.size());
+ ++rc; // Account for NUL, which BoringSSL does not for some reason.
+ if (rc != base64Length) {
+ return JsonOutput::Error("Error writing base64. Expected " + std::to_string(base64Length) +
+ " bytes to be written, but " + std::to_string(rc) +
+ " bytes were actually written.");
+ }
+
+ Json::Value json(Json::objectValue);
+ json["build_fingerprint"] = ::android::base::GetProperty(kFingerprintProp, /*default=*/"");
+ json["csr"] = base64.data(); // Boring writes a NUL-terminated c-string
+
+ Json::StreamWriterBuilder factory;
+ factory["indentation"] = ""; // disable pretty formatting
+ return JsonOutput::Ok(Json::writeString(factory, json));
+}
+
} // namespace aidl::android::hardware::security::keymint::remote_prov
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index c360c06..8697c51 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -14,6 +14,7 @@
* limitations under the License.
*/
+#include <android-base/properties.h>
#include <cppbor_parse.h>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
@@ -23,6 +24,7 @@
#include <openssl/curve25519.h>
#include <remote_prov/remote_prov_utils.h>
#include <cstdint>
+#include "cppbor.h"
#include "keymaster/cppcose/cppcose.h"
namespace aidl::android::hardware::security::keymint::remote_prov {
@@ -80,5 +82,20 @@
EXPECT_THAT(eekPub, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_X).value_or(empty)));
}
+TEST(RemoteProvUtilsTest, JsonEncodeCsr) {
+ cppbor::Array array;
+ array.add(1);
+
+ auto [json, error] = jsonEncodeCsrWithBuild(array);
+
+ ASSERT_TRUE(error.empty()) << error;
+
+ std::string expected = R"({"build_fingerprint":")" +
+ ::android::base::GetProperty("ro.build.fingerprint", /*default=*/"") +
+ R"(","csr":"gQE="})";
+
+ ASSERT_EQ(json, expected);
+}
+
} // namespace
} // namespace aidl::android::hardware::security::keymint::remote_prov