Merge "Add max-level to android.hardware.cas manifest files" into main
diff --git a/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp b/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
index 4ea6dfe..80b069a 100644
--- a/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
+++ b/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
@@ -603,6 +603,7 @@
<< "skip testing";
}
+ // Subscribe to PERF_VEHICLE_SPEED using the max sample rate.
auto client = mVhalClient->getSubscriptionClient(mCallback);
ASSERT_NE(client, nullptr) << "Failed to get subscription client";
SubscribeOptionsBuilder builder(propId);
@@ -616,18 +617,17 @@
", error: %s",
propId, result.error().message().c_str());
- ASSERT_TRUE(mCallback->waitForExpectedEvents(propId, 1, std::chrono::seconds(2)))
- << "Must get at least 1 events within 2 seconds after subscription for rate: "
- << maxSampleRate;
-
// Sleep for 1 seconds to wait for more possible events to arrive.
std::this_thread::sleep_for(std::chrono::seconds(1));
client->unsubscribe({propId});
auto events = mCallback->getEvents(propId);
- if (events.size() == 1) {
- // We only received one event, the value is not changing so nothing to check here.
+ if (events.size() <= 1) {
+ // We received 0 or 1 event, the value is not changing so nothing to check here.
+ // If all VHAL clients are subscribing to PERF_VEHICLE_SPEED with VUR on, then we
+ // will receive 0 event. If there are other VHAL clients subscribing to PERF_VEHICLE_SPEED
+ // with VUR off, then we will receive 1 event which is the initial value.
return;
}
diff --git a/common/aidl/Android.bp b/common/aidl/Android.bp
index 1f5742d..904a3d9 100644
--- a/common/aidl/Android.bp
+++ b/common/aidl/Android.bp
@@ -20,16 +20,18 @@
backend: {
java: {
sdk_version: "module_current",
+ apex_available: [
+ "//apex_available:anyapex",
+ "//apex_available:platform",
+ ],
},
cpp: {
enabled: false,
},
ndk: {
apex_available: [
+ "//apex_available:anyapex",
"//apex_available:platform",
- "com.android.btservices",
- "com.android.media.swcodec",
- "com.android.neuralnetworks",
],
min_sdk_version: "29",
},
diff --git a/common/support/Android.bp b/common/support/Android.bp
index 56700fa..aba5d6b 100644
--- a/common/support/Android.bp
+++ b/common/support/Android.bp
@@ -24,9 +24,8 @@
"libcutils",
],
apex_available: [
+ "//apex_available:anyapex",
"//apex_available:platform",
- "com.android.neuralnetworks",
- "com.android.media.swcodec",
],
min_sdk_version: "29",
}
diff --git a/graphics/common/aidl/Android.bp b/graphics/common/aidl/Android.bp
index 4f5c3d9..c28da4c 100644
--- a/graphics/common/aidl/Android.bp
+++ b/graphics/common/aidl/Android.bp
@@ -24,15 +24,18 @@
java: {
enabled: true,
platform_apis: true,
+ apex_available: [
+ "//apex_available:anyapex",
+ "//apex_available:platform",
+ ],
},
cpp: {
enabled: false,
},
ndk: {
apex_available: [
+ "//apex_available:anyapex",
"//apex_available:platform",
- "com.android.media.swcodec",
- "com.android.neuralnetworks",
],
min_sdk_version: "29",
},
diff --git a/keymaster/3.0/default/Android.bp b/keymaster/3.0/default/Android.bp
new file mode 100644
index 0000000..4018cc0
--- /dev/null
+++ b/keymaster/3.0/default/Android.bp
@@ -0,0 +1,57 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ default_applicable_licenses: [
+ "hardware_interfaces_license",
+ ],
+}
+
+cc_library_shared {
+ name: "android.hardware.keymaster@3.0-impl",
+ proprietary: true,
+ relative_install_path: "hw",
+ srcs: ["KeymasterDevice.cpp"],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "libcrypto",
+ "libhardware",
+ "libhidlbase",
+ "libkeymaster_portable",
+ "libkeymaster3device",
+ "liblog",
+ "libpuresoftkeymasterdevice",
+ "libsoftkeymasterdevice",
+ "libutils",
+ ],
+}
+
+cc_binary {
+ name: "android.hardware.keymaster@3.0-service",
+ relative_install_path: "hw",
+ proprietary: true,
+ init_rc: ["android.hardware.keymaster@3.0-service.rc"],
+ srcs: ["service.cpp"],
+ shared_libs: [
+ "android.hardware.keymaster@3.0",
+ "libbase",
+ "libcutils",
+ "libdl",
+ "libhardware",
+ "libhidlbase",
+ "liblog",
+ "libutils",
+ ],
+}
diff --git a/keymaster/3.0/default/Android.mk b/keymaster/3.0/default/Android.mk
deleted file mode 100644
index 053ad67..0000000
--- a/keymaster/3.0/default/Android.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := android.hardware.keymaster@3.0-impl
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../../NOTICE
-LOCAL_PROPRIETARY_MODULE := true
-LOCAL_MODULE_RELATIVE_PATH := hw
-LOCAL_SRC_FILES := \
- KeymasterDevice.cpp \
-
-LOCAL_SHARED_LIBRARIES := \
- liblog \
- libsoftkeymasterdevice \
- libcrypto \
- libkeymaster_portable \
- libpuresoftkeymasterdevice \
- libkeymaster3device \
- libhidlbase \
- libutils \
- libhardware \
- android.hardware.keymaster@3.0
-
-include $(BUILD_SHARED_LIBRARY)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE_RELATIVE_PATH := hw
-LOCAL_PROPRIETARY_MODULE := true
-LOCAL_MODULE := android.hardware.keymaster@3.0-service
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../../NOTICE
-LOCAL_INIT_RC := android.hardware.keymaster@3.0-service.rc
-LOCAL_SRC_FILES := \
- service.cpp
-
-LOCAL_SHARED_LIBRARIES := \
- liblog \
- libcutils \
- libdl \
- libbase \
- libutils \
- libhardware \
- libhidlbase \
- android.hardware.keymaster@3.0
-
-include $(BUILD_EXECUTABLE)
diff --git a/security/keymint/support/fuzzer/Android.bp b/security/keymint/support/fuzzer/Android.bp
index 1b1a580..5b1bdb2 100644
--- a/security/keymint/support/fuzzer/Android.bp
+++ b/security/keymint/support/fuzzer/Android.bp
@@ -48,6 +48,20 @@
],
}
+cc_defaults {
+ name: "keymint_remote_fuzzer_defaults",
+ static_libs: [
+ "libkeymint_remote_prov_support",
+ "android.hardware.security.rkp-V3-ndk",
+ ],
+ shared_libs: [
+ "libcppbor",
+ "libcppcose_rkp",
+ "libjsoncpp",
+ "libkeymaster_portable",
+ ],
+}
+
cc_fuzz {
name: "keymint_attestation_fuzzer",
srcs: [
@@ -67,3 +81,14 @@
"keymint_fuzzer_defaults",
],
}
+
+cc_fuzz {
+ name: "keymint_remote_prov_fuzzer",
+ srcs: [
+ "keymint_remote_prov_fuzzer.cpp",
+ ],
+ defaults: [
+ "keymint_fuzzer_defaults",
+ "keymint_remote_fuzzer_defaults",
+ ],
+}
diff --git a/security/keymint/support/fuzzer/README.md b/security/keymint/support/fuzzer/README.md
index d41af08..13d3f34 100644
--- a/security/keymint/support/fuzzer/README.md
+++ b/security/keymint/support/fuzzer/README.md
@@ -12,6 +12,7 @@
## Table of contents
+ [keymint_attestation_fuzzer](#KeyMintAttestation)
+ [keymint_authSet_fuzzer](#KeyMintAuthSet)
++ [keymint_remote_prov_fuzzer](#KeyMintRemoteProv)
# <a name="KeyMintAttestation"></a> Fuzzer for KeyMintAttestation
KeyMintAttestation supports the following parameters:
@@ -77,3 +78,26 @@
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_authSet_fuzzer/keymint_authSet_fuzzer
```
+
+# <a name="KeyMintRemoteProv"></a> Fuzzer for KeyMintRemoteProv
+KeyMintRemoteProv supports the following parameters:
+1. ChallengeSize(parameter name: "challengeSize")
+2. Challenge(parameter name: "challenge")
+3. NumKeys(parameter name: "numKeys")
+
+| Parameter| Valid Values| Configured Value|
+|------------- |--------------| -------------------- |
+|`challengeSize`| `uint8_t` |Value obtained from FuzzedDataProvider|
+|`challenge`| `std::vector<uint8_t>` |Value obtained from FuzzedDataProvider|
+|`numKeys`| `uint8_t` |Value obtained from FuzzedDataProvider|
+
+#### Steps to run
+1. Build the fuzzer
+```
+$ mm -j$(nproc) keymint_remote_prov_fuzzer
+```
+2. Run on device
+```
+$ adb sync data
+$ adb shell /data/fuzz/arm64/keymint_remote_prov_fuzzer/keymint_remote_prov_fuzzer
+```
diff --git a/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp b/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
new file mode 100644
index 0000000..6bd986c
--- /dev/null
+++ b/security/keymint/support/fuzzer/keymint_remote_prov_fuzzer.cpp
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+#include <android/binder_manager.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <remote_prov/remote_prov_utils.h>
+#include <utils/Log.h>
+
+namespace android::hardware::security::keymint_support::fuzzer {
+
+using namespace cppcose;
+using namespace aidl::android::hardware::security::keymint;
+using namespace aidl::android::hardware::security::keymint::remote_prov;
+
+constexpr size_t kMinSize = 0;
+constexpr size_t kSupportedNumKeys = 4;
+constexpr size_t kChallengeSize = 64;
+constexpr size_t kMaxBytes = 128;
+const std::string kServiceName =
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default";
+
+std::shared_ptr<IRemotelyProvisionedComponent> gRPC = nullptr;
+
+class KeyMintRemoteProv {
+ public:
+ KeyMintRemoteProv(const uint8_t* data, size_t size) : mFdp(data, size){};
+ void process();
+
+ private:
+ std::vector<uint8_t> ExtractPayloadValue(const MacedPublicKey& macedPubKey);
+ FuzzedDataProvider mFdp;
+};
+
+std::vector<uint8_t> KeyMintRemoteProv::ExtractPayloadValue(const MacedPublicKey& macedPubKey) {
+ std::vector<uint8_t> payloadValue;
+
+ auto [coseMac0, _, mac0ParseErr] = cppbor::parse(macedPubKey.macedKey);
+ if (coseMac0) {
+ // The payload is a bstr holding an encoded COSE_Key
+ auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
+ if (payload != nullptr) {
+ payloadValue = payload->value();
+ }
+ }
+ return payloadValue;
+}
+
+void KeyMintRemoteProv::process() {
+ std::vector<MacedPublicKey> keysToSign = std::vector<MacedPublicKey>(
+ mFdp.ConsumeIntegralInRange<uint8_t>(kMinSize, kSupportedNumKeys));
+ cppbor::Array cborKeysToSign;
+ for (auto& key : keysToSign) {
+ // TODO: b/350649166 - Randomize keysToSign
+ std::vector<uint8_t> privateKeyBlob;
+ gRPC->generateEcdsaP256KeyPair(false /* testMode */, &key, &privateKeyBlob);
+
+ std::vector<uint8_t> payloadValue = ExtractPayloadValue(key);
+ cborKeysToSign.add(cppbor::EncodedItem(payloadValue));
+ }
+
+ uint8_t challengeSize = mFdp.ConsumeIntegralInRange<uint8_t>(kMinSize, kChallengeSize);
+ std::vector<uint8_t> challenge = mFdp.ConsumeBytes<uint8_t>(challengeSize);
+
+ std::vector<uint8_t> csr;
+ gRPC->generateCertificateRequestV2(keysToSign, challenge, &csr);
+
+ while (mFdp.remaining_bytes()) {
+ auto invokeProvAPI = mFdp.PickValueInArray<const std::function<void()>>({
+ [&]() { verifyFactoryCsr(cborKeysToSign, csr, gRPC.get(), challenge); },
+ [&]() { verifyProductionCsr(cborKeysToSign, csr, gRPC.get(), challenge); },
+ [&]() { isCsrWithProperDiceChain(csr); },
+ });
+ invokeProvAPI();
+ }
+}
+
+extern "C" int LLVMFuzzerInitialize(int /* *argc */, char /* ***argv */) {
+ ::ndk::SpAIBinder binder(AServiceManager_waitForService(kServiceName.c_str()));
+ gRPC = IRemotelyProvisionedComponent::fromBinder(binder);
+ LOG_ALWAYS_FATAL_IF(!gRPC, "Failed to get IRemotelyProvisionedComponent instance.");
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ KeyMintRemoteProv kmRemoteProv(data, size);
+ kmRemoteProv.process();
+ return 0;
+}
+
+} // namespace android::hardware::security::keymint_support::fuzzer
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index b74fd59..6638775 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -65,9 +65,9 @@
return privKey;
}
-ErrMsgOr<bytevec> ecKeyGetPublicKey(const EC_KEY* ecKey) {
+ErrMsgOr<bytevec> ecKeyGetPublicKey(const EC_KEY* ecKey, const int nid) {
// Extract public key.
- auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(nid));
if (group.get() == nullptr) {
return "Error creating EC group by curve name";
}
@@ -123,11 +123,12 @@
int keyType = EVP_PKEY_base_id(pubKey.get());
switch (keyType) {
case EVP_PKEY_EC: {
+ int nid = EVP_PKEY_bits(pubKey.get()) == 384 ? NID_secp384r1 : NID_X9_62_prime256v1;
auto ecKey = EC_KEY_Ptr(EVP_PKEY_get1_EC_KEY(pubKey.get()));
if (ecKey.get() == nullptr) {
return "Failed to get ec key";
- }
- return ecKeyGetPublicKey(ecKey.get());
+ }
+ return ecKeyGetPublicKey(ecKey.get(), nid);
}
case EVP_PKEY_ED25519: {
bytevec rawPubKey;
@@ -165,7 +166,7 @@
auto privKey = ecKeyGetPrivateKey(ec_key.get());
if (!privKey) return privKey.moveMessage();
- auto pubKey = ecKeyGetPublicKey(ec_key.get());
+ auto pubKey = ecKeyGetPublicKey(ec_key.get(), NID_X9_62_prime256v1);
if (!pubKey) return pubKey.moveMessage();
return std::make_tuple(pubKey.moveValue(), privKey.moveValue());
@@ -824,7 +825,7 @@
}
if (i == chain.size() - 1) {
auto key = getRawPublicKey(pubKey);
- if (!key) key.moveMessage();
+ if (!key) return key.moveMessage();
rawPubKey = key.moveValue();
}
}