Merge "Added debug statement and refresh in default vehicle hal" into udc-dev am: 9368d6dc23 am: 85488e6ce4 am: c8fc5bced8
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/22531494
Change-Id: I1c9b288149f68e56b4540b415f01e185cac4064d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/audio/aidl/common/include/Utils.h b/audio/aidl/common/include/Utils.h
index 305c924..652d63c 100644
--- a/audio/aidl/common/include/Utils.h
+++ b/audio/aidl/common/include/Utils.h
@@ -111,30 +111,6 @@
device == ::aidl::android::media::audio::common::AudioDeviceType::OUT_TELEPHONY_TX;
}
-constexpr bool isUsbInputDeviceType(::aidl::android::media::audio::common::AudioDeviceType type) {
- switch (type) {
- case ::aidl::android::media::audio::common::AudioDeviceType::IN_DOCK:
- case ::aidl::android::media::audio::common::AudioDeviceType::IN_ACCESSORY:
- case ::aidl::android::media::audio::common::AudioDeviceType::IN_DEVICE:
- case ::aidl::android::media::audio::common::AudioDeviceType::IN_HEADSET:
- return true;
- default:
- return false;
- }
-}
-
-constexpr bool isUsbOutputtDeviceType(::aidl::android::media::audio::common::AudioDeviceType type) {
- switch (type) {
- case ::aidl::android::media::audio::common::AudioDeviceType::OUT_DOCK:
- case ::aidl::android::media::audio::common::AudioDeviceType::OUT_ACCESSORY:
- case ::aidl::android::media::audio::common::AudioDeviceType::OUT_DEVICE:
- case ::aidl::android::media::audio::common::AudioDeviceType::OUT_HEADSET:
- return true;
- default:
- return false;
- }
-}
-
constexpr bool isValidAudioMode(::aidl::android::media::audio::common::AudioMode mode) {
return std::find(kValidAudioModes.begin(), kValidAudioModes.end(), mode) !=
kValidAudioModes.end();
diff --git a/audio/aidl/default/usb/ModuleUsb.cpp b/audio/aidl/default/usb/ModuleUsb.cpp
index ecdbd5c..28116ae 100644
--- a/audio/aidl/default/usb/ModuleUsb.cpp
+++ b/audio/aidl/default/usb/ModuleUsb.cpp
@@ -30,13 +30,13 @@
#include "alsa_device_profile.h"
}
-using aidl::android::hardware::audio::common::isUsbInputDeviceType;
using aidl::android::media::audio::common::AudioChannelLayout;
using aidl::android::media::audio::common::AudioDeviceAddress;
using aidl::android::media::audio::common::AudioDeviceDescription;
using aidl::android::media::audio::common::AudioDeviceType;
using aidl::android::media::audio::common::AudioFormatDescription;
using aidl::android::media::audio::common::AudioFormatType;
+using aidl::android::media::audio::common::AudioIoFlags;
using aidl::android::media::audio::common::AudioPort;
using aidl::android::media::audio::common::AudioPortConfig;
using aidl::android::media::audio::common::AudioPortExt;
@@ -117,7 +117,7 @@
return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
}
- const bool isInput = isUsbInputDeviceType(devicePort.device.type.type);
+ const bool isInput = audioPort->flags.getTag() == AudioIoFlags::input;
alsa_device_profile profile;
profile_init(&profile, isInput ? PCM_IN : PCM_OUT);
profile.card = alsaAddress[0];
diff --git a/bluetooth/aidl/TEST_MAPPING b/bluetooth/aidl/TEST_MAPPING
index d1de251..18958d2 100644
--- a/bluetooth/aidl/TEST_MAPPING
+++ b/bluetooth/aidl/TEST_MAPPING
@@ -1,24 +1,12 @@
{
"presubmit" : [
{
- "name" : "VtsHalBluetoothTargetTest",
- "options": [
- {
- // TODO(b/275847929)
- "exclude-filter": "VtsHalBluetoothTargetTest.PerInstance/BluetoothAidlTest#Cdd_C_12_1_Bluetooth5Requirements/0_android_hardware_bluetooth_IBluetoothHci_default"
- }
- ]
+ "name" : "VtsHalBluetoothTargetTest"
}
],
"hwasan-presubmit" : [
{
- "name" : "VtsHalBluetoothTargetTest",
- "options": [
- {
- // TODO(b/275847929)
- "exclude-filter": "VtsHalBluetoothTargetTest.PerInstance/BluetoothAidlTest#Cdd_C_12_1_Bluetooth5Requirements/0_android_hardware_bluetooth_IBluetoothHci_default"
- }
- ]
+ "name" : "VtsHalBluetoothTargetTest"
}
]
}
diff --git a/bluetooth/aidl/default/BluetoothHci.cpp b/bluetooth/aidl/default/BluetoothHci.cpp
index ac2eabc..18a371d 100644
--- a/bluetooth/aidl/default/BluetoothHci.cpp
+++ b/bluetooth/aidl/default/BluetoothHci.cpp
@@ -174,7 +174,10 @@
mFdWatcher.WatchFdForNonBlockingReads(mFd,
[this](int) { mH4->OnDataReady(); });
- send(PacketType::COMMAND, reset);
+ ndk::ScopedAStatus result = send(PacketType::COMMAND, reset);
+ if (!result.isOk()) {
+ ALOGE("Error sending reset command");
+ }
auto status = resetFuture.wait_for(std::chrono::seconds(1));
mFdWatcher.StopWatchingFileDescriptors();
if (status == std::future_status::ready) {
@@ -301,30 +304,35 @@
ndk::ScopedAStatus BluetoothHci::sendHciCommand(
const std::vector<uint8_t>& packet) {
- send(PacketType::COMMAND, packet);
- return ndk::ScopedAStatus::ok();
+ return send(PacketType::COMMAND, packet);
}
ndk::ScopedAStatus BluetoothHci::sendAclData(
const std::vector<uint8_t>& packet) {
- send(PacketType::ACL_DATA, packet);
- return ndk::ScopedAStatus::ok();
+ return send(PacketType::ACL_DATA, packet);
}
ndk::ScopedAStatus BluetoothHci::sendScoData(
const std::vector<uint8_t>& packet) {
- send(PacketType::SCO_DATA, packet);
- return ndk::ScopedAStatus::ok();
+ return send(PacketType::SCO_DATA, packet);
}
ndk::ScopedAStatus BluetoothHci::sendIsoData(
const std::vector<uint8_t>& packet) {
- send(PacketType::ISO_DATA, packet);
- return ndk::ScopedAStatus::ok();
+ return send(PacketType::ISO_DATA, packet);
}
-void BluetoothHci::send(PacketType type, const std::vector<uint8_t>& v) {
+ndk::ScopedAStatus BluetoothHci::send(PacketType type,
+ const std::vector<uint8_t>& v) {
+ if (mH4 == nullptr) {
+ return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
+ }
+ if (v.empty()) {
+ ALOGE("Packet is empty, no data was found to be sent");
+ return ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
+ }
mH4->Send(type, v);
+ return ndk::ScopedAStatus::ok();
}
} // namespace aidl::android::hardware::bluetooth::impl
diff --git a/bluetooth/aidl/default/BluetoothHci.h b/bluetooth/aidl/default/BluetoothHci.h
index 85aafc8..477cc5c 100644
--- a/bluetooth/aidl/default/BluetoothHci.h
+++ b/bluetooth/aidl/default/BluetoothHci.h
@@ -66,8 +66,9 @@
::android::hardware::bluetooth::async::AsyncFdWatcher mFdWatcher;
int getFdFromDevPath();
- void send(::android::hardware::bluetooth::hci::PacketType type,
- const std::vector<uint8_t>& packet);
+ [[nodiscard]] ndk::ScopedAStatus send(
+ ::android::hardware::bluetooth::hci::PacketType type,
+ const std::vector<uint8_t>& packet);
std::unique_ptr<NetBluetoothMgmt> management_{};
// Send a reset command and discard all packets until a reset is received.
diff --git a/bluetooth/hci/h4_protocol.cc b/bluetooth/hci/h4_protocol.cc
index 51a624f..5f6d86e 100644
--- a/bluetooth/hci/h4_protocol.cc
+++ b/bluetooth/hci/h4_protocol.cc
@@ -105,15 +105,12 @@
buffer_offset += 1;
} else {
bool packet_ready = hci_packetizer_.OnDataReady(
- hci_packet_type_, input_buffer, buffer_offset);
+ hci_packet_type_, input_buffer, &buffer_offset);
if (packet_ready) {
- // Call packet callback and move offset.
- buffer_offset += OnPacketReady(hci_packetizer_.GetPacket());
+ // Call packet callback.
+ OnPacketReady(hci_packetizer_.GetPacket());
// Get ready for the next type byte.
hci_packet_type_ = PacketType::UNKNOWN;
- } else {
- // The data was consumed, but there wasn't a packet.
- buffer_offset = input_buffer.size();
}
}
}
diff --git a/bluetooth/hci/hci_packetizer.cc b/bluetooth/hci/hci_packetizer.cc
index 5b6c443..4135920 100644
--- a/bluetooth/hci/hci_packetizer.cc
+++ b/bluetooth/hci/hci_packetizer.cc
@@ -51,9 +51,10 @@
bool HciPacketizer::OnDataReady(PacketType packet_type,
const std::vector<uint8_t>& buffer,
- size_t offset) {
+ size_t* offset) {
bool packet_completed = false;
- size_t bytes_available = buffer.size() - offset;
+ size_t bytes_available = buffer.size() - *offset;
+
switch (state_) {
case HCI_HEADER: {
size_t header_size =
@@ -62,18 +63,20 @@
bytes_remaining_ = header_size;
packet_.clear();
}
+
size_t bytes_to_copy = std::min(bytes_remaining_, bytes_available);
- packet_.insert(packet_.end(), buffer.begin() + offset,
- buffer.begin() + offset + bytes_to_copy);
+ packet_.insert(packet_.end(), buffer.begin() + *offset,
+ buffer.begin() + *offset + bytes_to_copy);
bytes_remaining_ -= bytes_to_copy;
bytes_available -= bytes_to_copy;
+ *offset += bytes_to_copy;
+
if (bytes_remaining_ == 0) {
bytes_remaining_ = HciGetPacketLengthForType(packet_type, packet_);
if (bytes_remaining_ > 0) {
state_ = HCI_PAYLOAD;
if (bytes_available > 0) {
- packet_completed =
- OnDataReady(packet_type, buffer, offset + bytes_to_copy);
+ packet_completed = OnDataReady(packet_type, buffer, offset);
}
} else {
packet_completed = true;
@@ -84,9 +87,10 @@
case HCI_PAYLOAD: {
size_t bytes_to_copy = std::min(bytes_remaining_, bytes_available);
- packet_.insert(packet_.end(), buffer.begin() + offset,
- buffer.begin() + offset + bytes_to_copy);
+ packet_.insert(packet_.end(), buffer.begin() + *offset,
+ buffer.begin() + *offset + bytes_to_copy);
bytes_remaining_ -= bytes_to_copy;
+ *offset += bytes_to_copy;
if (bytes_remaining_ == 0) {
state_ = HCI_HEADER;
packet_completed = true;
@@ -94,6 +98,7 @@
break;
}
}
+
return packet_completed;
}
diff --git a/bluetooth/hci/hci_packetizer.h b/bluetooth/hci/hci_packetizer.h
index ba3e841..0d9319f 100644
--- a/bluetooth/hci/hci_packetizer.h
+++ b/bluetooth/hci/hci_packetizer.h
@@ -28,7 +28,7 @@
public:
HciPacketizer() = default;
bool OnDataReady(PacketType packet_type, const std::vector<uint8_t>& data,
- size_t offset);
+ size_t* offset);
const std::vector<uint8_t>& GetPacket() const;
protected:
diff --git a/bluetooth/hci/test/h4_protocol_unittest.cc b/bluetooth/hci/test/h4_protocol_unittest.cc
index d3fab61..f0c49b5 100644
--- a/bluetooth/hci/test/h4_protocol_unittest.cc
+++ b/bluetooth/hci/test/h4_protocol_unittest.cc
@@ -31,7 +31,6 @@
#include <vector>
#include "async_fd_watcher.h"
-#include "log/log.h"
using android::hardware::bluetooth::async::AsyncFdWatcher;
using namespace android::hardware::bluetooth::hci;
@@ -49,6 +48,7 @@
static char event_data[100] = "The edges of a surface are lines.";
static char iso_data[100] =
"A plane angle is the inclination to one another of two lines in a ...";
+static char short_payload[10] = "12345";
// 5 seconds. Just don't hang.
static constexpr size_t kTimeoutMs = 5000;
@@ -225,6 +225,49 @@
CallDataReady();
}
+ void WriteAndExpectManyAclDataPacketsDifferentOffsetsShort() {
+ std::promise<void> last_packet_promise;
+ size_t kNumPackets = 30;
+ // h4 type[1] + handle[2] + size[2]
+ char preamble[5] = {static_cast<uint8_t>(PacketType::ACL_DATA), 19, 92, 0,
+ 0};
+ int length = strlen(short_payload);
+ preamble[3] = length & 0xFF;
+ preamble[4] = 0;
+
+ EXPECT_CALL(acl_cb_, Call(PacketMatches(preamble + 1, kAclHeaderSize,
+ short_payload)))
+ .Times(kNumPackets);
+ ExpectInboundEvent(event_data, &last_packet_promise);
+
+ char all_packets[kNumPackets * 10];
+ size_t total_bytes = 0;
+
+ for (size_t packet = 0; packet < kNumPackets; packet++) {
+ for (size_t i = 0; i < sizeof(preamble); i++) {
+ all_packets[total_bytes++] = preamble[i];
+ }
+ for (size_t i = 0; i < length; i++) {
+ all_packets[total_bytes++] = short_payload[i];
+ }
+ }
+
+ size_t written_bytes = 0;
+ size_t partial_size = 1;
+ while (written_bytes < total_bytes) {
+ size_t to_write = std::min(partial_size, total_bytes - written_bytes);
+ TEMP_FAILURE_RETRY(
+ write(chip_uart_fd_, all_packets + written_bytes, to_write));
+ written_bytes += to_write;
+ CallDataReady();
+ partial_size++;
+ partial_size = partial_size % 5 + 1;
+ }
+ WriteInboundEvent(event_data);
+ CallDataReady();
+ WaitForTimeout(&last_packet_promise);
+ }
+
testing::MockFunction<void(const std::vector<uint8_t>&)> cmd_cb_;
testing::MockFunction<void(const std::vector<uint8_t>&)> event_cb_;
testing::MockFunction<void(const std::vector<uint8_t>&)> acl_cb_;
@@ -276,6 +319,10 @@
WriteAndExpectManyInboundAclDataPackets(sco_data);
}
+TEST_F(H4ProtocolTest, TestMultipleWritesPacketsShortWrites) {
+ WriteAndExpectManyAclDataPacketsDifferentOffsetsShort();
+}
+
TEST_F(H4ProtocolTest, TestDisconnect) {
EXPECT_CALL(disconnect_cb_, Call());
close(chip_uart_fd_);
@@ -332,10 +379,8 @@
void TearDown() override { fd_watcher_.StopWatchingFileDescriptors(); }
- void CallDataReady() override {
- // The Async test can't call data ready.
- FAIL();
- }
+ // Calling CallDataReady() has no effect in the AsyncTest
+ void CallDataReady() override {}
void SendAndReadUartOutbound(PacketType type, char* data) {
ALOGD("%s sending", __func__);
@@ -434,6 +479,10 @@
WriteAndExpectManyInboundAclDataPackets(sco_data);
}
+TEST_F(H4ProtocolAsyncTest, TestMultipleWritesPacketsShortWrites) {
+ WriteAndExpectManyAclDataPacketsDifferentOffsetsShort();
+}
+
TEST_F(H4ProtocolAsyncTest, TestDisconnect) {
std::promise<void> promise;
EXPECT_CALL(disconnect_cb_, Call()).WillOnce(Notify(&promise));
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 93b5380..b3ca293 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -82,3 +82,15 @@
"kernel_config_u_6.1",
],
}
+
+vintf_compatibility_matrix {
+ name: "framework_compatibility_matrix.9.xml",
+ stem: "compatibility_matrix.9.xml",
+ srcs: [
+ "compatibility_matrix.9.xml",
+ ],
+ kernel_configs: [
+ "kernel_config_v_5.15",
+ "kernel_config_v_6.1",
+ ],
+}
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
index 6e4c419..a82a421 100644
--- a/compatibility_matrices/Android.mk
+++ b/compatibility_matrices/Android.mk
@@ -103,6 +103,7 @@
framework_compatibility_matrix.6.xml \
framework_compatibility_matrix.7.xml \
framework_compatibility_matrix.8.xml \
+ framework_compatibility_matrix.9.xml \
framework_compatibility_matrix.device.xml \
my_framework_matrix_deps += \
diff --git a/compatibility_matrices/compatibility_matrix.9.xml b/compatibility_matrices/compatibility_matrix.9.xml
index 188746d..f9b795e 100644
--- a/compatibility_matrices/compatibility_matrix.9.xml
+++ b/compatibility_matrices/compatibility_matrix.9.xml
@@ -1,4 +1,3 @@
-<!-- WARNING: This file is unused in the Android 14 branch. -->
<compatibility-matrix version="1.0" type="framework" level="9">
<hal format="hidl" optional="true">
<name>android.hardware.audio</name>
@@ -493,16 +492,6 @@
</interface>
</hal>
<hal format="aidl" optional="true">
- <name>android.hardware.radio.satellite</name>
- <version>1</version>
- <interface>
- <name>IRadioSatellite</name>
- <instance>slot1</instance>
- <instance>slot2</instance>
- <instance>slot3</instance>
- </interface>
- </hal>
- <hal format="aidl" optional="true">
<name>android.hardware.radio.ims.media</name>
<version>1</version>
<interface>
@@ -510,14 +499,6 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="hidl" optional="true">
- <name>android.hardware.renderscript</name>
- <version>1.0</version>
- <interface>
- <name>IDevice</name>
- <instance>default</instance>
- </interface>
- </hal>
<hal format="aidl" optional="true">
<name>android.hardware.rebootescrow</name>
<version>1</version>
diff --git a/drm/1.3/vts/OWNERS b/drm/1.3/vts/OWNERS
index 3a0672e..744827c 100644
--- a/drm/1.3/vts/OWNERS
+++ b/drm/1.3/vts/OWNERS
@@ -1,9 +1,11 @@
+# Bug component: 49079
conglin@google.com
-edwinwong@google.com
fredgc@google.com
-jtinker@google.com
juce@google.com
+kelzhan@google.com
kylealexander@google.com
+mattfedd@google.com
rfrias@google.com
robertshih@google.com
sigquit@google.com
+vickymin@google.com
\ No newline at end of file
diff --git a/gnss/aidl/OWNERS b/gnss/aidl/OWNERS
index b7b4a2e..e5b585e 100644
--- a/gnss/aidl/OWNERS
+++ b/gnss/aidl/OWNERS
@@ -1,3 +1,5 @@
+# Bug component: 393449
+
gomo@google.com
smalkos@google.com
wyattriley@google.com
diff --git a/health/storage/aidl/vts/functional/OWNERS b/health/storage/aidl/vts/functional/OWNERS
new file mode 100644
index 0000000..a15ed7c
--- /dev/null
+++ b/health/storage/aidl/vts/functional/OWNERS
@@ -0,0 +1,2 @@
+# Bug component: 30545
+file:platform/hardware/interfaces:/health/aidl/OWNERS
\ No newline at end of file
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
index 82c8a0d..a4fab55 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -126,8 +126,8 @@
*
* o The HMAC field must validate correctly.
*
- * o The challenge field in the auth token must contain the challenge value contained in the
- * BeginResult returned from IKeyMintDevice::begin().
+ * o The challenge field in the timestamp token must contain the challenge value contained in
+ * the BeginResult returned from IKeyMintDevice::begin().
*
* The resulting secure time value is then used to authenticate the HardwareAuthToken. For the
* auth token to be valid, all of the following has to be true:
@@ -139,9 +139,6 @@
*
* o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.
*
- * o The challenge field in the auth token must contain the challenge value contained in the
- * BeginResult returned from IKeyMintDevice::begin().
- *
* o The timestamp in the auth token plus the value of the Tag::AUTH_TIMEOUT must be greater
* than the provided secure timestamp.
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index 7a4359d..41b161d 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp
@@ -43,8 +43,11 @@
"android.hardware.gatekeeper-V1-ndk",
"android.hardware.security.rkp-V3-ndk",
"android.hardware.security.secureclock-V1-ndk",
+ "libavb_user",
+ "libavb",
"libcppbor_external",
"libcppcose_rkp",
+ "libfs_mgr",
"libjsoncpp",
"libkeymint",
"libkeymint_remote_prov_support",
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index e759123..c035f19 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -88,96 +88,9 @@
class AttestKeyTest : public KeyMintAidlTestBase {
public:
void SetUp() override {
- check_skip_test();
+ skipAttestKeyTest();
KeyMintAidlTestBase::SetUp();
}
-
- protected:
- const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
-
- const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
-
- ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
- const optional<AttestationKey>& attest_key,
- vector<uint8_t>* key_blob,
- vector<KeyCharacteristics>* key_characteristics,
- vector<Certificate>* cert_chain) {
- // The original specification for KeyMint v1 required ATTEST_KEY not be combined
- // with any other key purpose, but the original VTS tests incorrectly did exactly that.
- // This means that a device that launched prior to Android T (API level 33) may
- // accept or even require KeyPurpose::SIGN too.
- if (property_get_int32("ro.board.first_api_level", 0) < __ANDROID_API_T__) {
- AuthorizationSet key_desc_plus_sign = key_desc;
- key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
-
- auto result = GenerateKey(key_desc_plus_sign, attest_key, key_blob, key_characteristics,
- cert_chain);
- if (result == ErrorCode::OK) {
- return result;
- }
- // If the key generation failed, it may be because the device is (correctly)
- // rejecting the combination of ATTEST_KEY+SIGN. Fall through to try again with
- // just ATTEST_KEY.
- }
- return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
- }
-
- // Check if ATTEST_KEY feature is disabled
- bool is_attest_key_feature_disabled(void) const {
- if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) {
- GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled";
- return true;
- }
-
- return false;
- }
-
- // Check if StrongBox KeyStore is enabled
- bool is_strongbox_enabled(void) const {
- if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) {
- GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled";
- return true;
- }
-
- return false;
- }
-
- // Check if chipset has received a waiver allowing it to be launched with Android S or T with
- // Keymaster 4.0 in StrongBox.
- bool is_chipset_allowed_km4_strongbox(void) const {
- std::array<char, PROPERTY_VALUE_MAX> buffer;
-
- const int32_t first_api_level = property_get_int32("ro.board.first_api_level", 0);
- if (first_api_level <= 0 || first_api_level > __ANDROID_API_T__) return false;
-
- auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);
- if (res <= 0) return false;
-
- const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"};
-
- for (const string model : allowed_soc_models) {
- if (model.compare(buffer.data()) == 0) {
- GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0";
- return true;
- }
- }
-
- return false;
- }
-
- // Skip the test if all the following conditions hold:
- // 1. ATTEST_KEY feature is disabled
- // 2. STRONGBOX is enabled
- // 3. The device is running one of the chipsets that have received a waiver
- // allowing it to be launched with Android S (or later) with Keymaster 4.0
- // in StrongBox
- void check_skip_test(void) const {
- // Check the chipset first as that doesn't require a round-trip to Package Manager.
- if (is_chipset_allowed_km4_strongbox() && is_strongbox_enabled() &&
- is_attest_key_feature_disabled()) {
- GTEST_SKIP() << "Test is not applicable";
- }
- }
};
/*
diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
index 723edee..54f187c 100644
--- a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
@@ -21,7 +21,11 @@
#include <string>
#include <vector>
+#include <android-base/properties.h>
#include <android/binder_manager.h>
+#include <fstab/fstab.h>
+#include <libavb/libavb.h>
+#include <libavb_user/avb_ops_user.h>
#include <remote_prov/remote_prov_utils.h>
#include "KeyMintAidlTestBase.h"
@@ -34,49 +38,118 @@
// Since this test needs to talk to KeyMint HAL, it can only run as root. Thus,
// bootloader can not be locked.
-class BootloaderStateTest : public testing::TestWithParam<std::string> {
+class BootloaderStateTest : public KeyMintAidlTestBase {
public:
virtual void SetUp() override {
- ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
- keyMint_ = IKeyMintDevice::fromBinder(binder);
- ASSERT_TRUE(keyMint_) << "Failed to get KM device";
+ KeyMintAidlTestBase::SetUp();
+
+ // Generate a key with attestation.
+ vector<uint8_t> key_blob;
+ vector<KeyCharacteristics> key_characteristics;
+ AuthorizationSet keyDesc = AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(EcCurve::P_256)
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Digest(Digest::NONE)
+ .SetDefaultValidity();
+ auto result = GenerateKey(keyDesc, &key_blob, &key_characteristics);
+ // If factory provisioned attestation key is not supported by Strongbox,
+ // then create a key with self-signed attestation and use it as the
+ // attestation key instead.
+ if (SecLevel() == SecurityLevel::STRONGBOX &&
+ result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) {
+ result = GenerateKeyWithSelfSignedAttestKey(
+ AuthorizationSetBuilder()
+ .EcdsaKey(EcCurve::P_256)
+ .AttestKey()
+ .SetDefaultValidity(), /* attest key params */
+ keyDesc, &key_blob, &key_characteristics);
+ }
+ ASSERT_EQ(ErrorCode::OK, result);
+
+ // Parse attested AVB values.
+ X509_Ptr cert(parse_cert_blob(cert_chain_[0].encodedCertificate));
+ ASSERT_TRUE(cert.get());
+
+ ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get());
+ ASSERT_TRUE(attest_rec);
+
+ auto error = parse_root_of_trust(attest_rec->data, attest_rec->length, &attestedVbKey_,
+ &attestedVbState_, &attestedBootloaderState_,
+ &attestedVbmetaDigest_);
+ ASSERT_EQ(error, ErrorCode::OK);
}
- std::shared_ptr<IKeyMintDevice> keyMint_;
+ vector<uint8_t> attestedVbKey_;
+ VerifiedBoot attestedVbState_;
+ bool attestedBootloaderState_;
+ vector<uint8_t> attestedVbmetaDigest_;
};
// Check that attested bootloader state is set to unlocked.
-TEST_P(BootloaderStateTest, IsUnlocked) {
- // Generate a key with attestation.
- AuthorizationSet keyDesc = AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .EcdsaSigningKey(EcCurve::P_256)
- .AttestationChallenge("foo")
- .AttestationApplicationId("bar")
- .Digest(Digest::NONE)
- .SetDefaultValidity();
- KeyCreationResult creationResult;
- auto kmStatus = keyMint_->generateKey(keyDesc.vector_data(), std::nullopt, &creationResult);
- ASSERT_TRUE(kmStatus.isOk());
+TEST_P(BootloaderStateTest, BootloaderIsUnlocked) {
+ ASSERT_FALSE(attestedBootloaderState_)
+ << "This test runs as root. Bootloader must be unlocked.";
+}
- vector<Certificate> key_cert_chain = std::move(creationResult.certificateChain);
+// Check that verified boot state is set to "unverified", i.e. "orange".
+TEST_P(BootloaderStateTest, VbStateIsUnverified) {
+ // Unlocked bootloader implies that verified boot state must be "unverified".
+ ASSERT_EQ(attestedVbState_, VerifiedBoot::UNVERIFIED)
+ << "Verified boot state must be \"UNVERIFIED\" aka \"orange\".";
- // Parse attested AVB values.
- const auto& attestation_cert = key_cert_chain[0].encodedCertificate;
- X509_Ptr cert(parse_cert_blob(attestation_cert));
- ASSERT_TRUE(cert.get());
+ // AVB spec stipulates that bootloader must set "androidboot.verifiedbootstate" parameter
+ // on the kernel command-line. This parameter is exposed to userspace as
+ // "ro.boot.verifiedbootstate" property.
+ auto vbStateProp = ::android::base::GetProperty("ro.boot.verifiedbootstate", "");
+ ASSERT_EQ(vbStateProp, "orange")
+ << "Verified boot state must be \"UNVERIFIED\" aka \"orange\".";
+}
- ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get());
- ASSERT_TRUE(attest_rec);
+// Following error codes from avb_slot_data() mean that slot data was loaded
+// (even if verification failed).
+static inline bool avb_slot_data_loaded(AvbSlotVerifyResult result) {
+ switch (result) {
+ case AVB_SLOT_VERIFY_RESULT_OK:
+ case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:
+ case AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX:
+ case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:
+ return true;
+ default:
+ return false;
+ }
+}
- vector<uint8_t> key;
- VerifiedBoot attestedVbState;
- bool attestedBootloaderState;
- vector<uint8_t> attestedVbmetaDigest;
- auto error = parse_root_of_trust(attest_rec->data, attest_rec->length, &key, &attestedVbState,
- &attestedBootloaderState, &attestedVbmetaDigest);
- ASSERT_EQ(error, ErrorCode::OK);
- ASSERT_FALSE(attestedBootloaderState) << "This test runs as root. Bootloader must be unlocked.";
+// Check that attested vbmeta digest is correct.
+TEST_P(BootloaderStateTest, VbmetaDigest) {
+ AvbSlotVerifyData* avbSlotData;
+ auto suffix = fs_mgr_get_slot_suffix();
+ const char* partitions[] = {nullptr};
+ auto avbOps = avb_ops_user_new();
+
+ // For VTS, devices run with vendor_boot-debug.img, which is not release key
+ // signed. Use AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR to bypass avb
+ // verification errors. This is OK since we only care about the digest for
+ // this test case.
+ auto result = avb_slot_verify(avbOps, partitions, suffix.c_str(),
+ AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR,
+ AVB_HASHTREE_ERROR_MODE_EIO, &avbSlotData);
+ ASSERT_TRUE(avb_slot_data_loaded(result)) << "Failed to load avb slot data";
+
+ // Unfortunately, bootloader is not required to report the algorithm used
+ // to calculate the digest. There are only two supported options though,
+ // SHA256 and SHA512. Attested VBMeta digest must match one of these.
+ vector<uint8_t> digest256(AVB_SHA256_DIGEST_SIZE);
+ vector<uint8_t> digest512(AVB_SHA512_DIGEST_SIZE);
+
+ avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256,
+ digest256.data());
+ avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA512,
+ digest512.data());
+
+ ASSERT_TRUE((attestedVbmetaDigest_ == digest256) || (attestedVbmetaDigest_ == digest512))
+ << "Attested digest does not match computed digest.";
}
INSTANTIATE_KEYMINT_AIDL_TEST(BootloaderStateTest);
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 5e27bd0..a8ea407 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -322,12 +322,13 @@
const AuthorizationSet& attest_key_desc, const AuthorizationSet& key_desc,
vector<uint8_t>* key_blob, vector<KeyCharacteristics>* key_characteristics,
vector<Certificate>* cert_chain) {
+ skipAttestKeyTest();
AttestationKey attest_key;
vector<Certificate> attest_cert_chain;
vector<KeyCharacteristics> attest_key_characteristics;
// Generate a key with self signed attestation.
- auto error = GenerateKey(attest_key_desc, std::nullopt, &attest_key.keyBlob,
- &attest_key_characteristics, &attest_cert_chain);
+ auto error = GenerateAttestKey(attest_key_desc, std::nullopt, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_cert_chain);
if (error != ErrorCode::OK) {
return error;
}
@@ -1548,6 +1549,88 @@
return result;
}
+ErrorCode KeyMintAidlTestBase::GenerateAttestKey(const AuthorizationSet& key_desc,
+ const optional<AttestationKey>& attest_key,
+ vector<uint8_t>* key_blob,
+ vector<KeyCharacteristics>* key_characteristics,
+ vector<Certificate>* cert_chain) {
+ // The original specification for KeyMint v1 required ATTEST_KEY not be combined
+ // with any other key purpose, but the original VTS tests incorrectly did exactly that.
+ // This means that a device that launched prior to Android T (API level 33) may
+ // accept or even require KeyPurpose::SIGN too.
+ if (property_get_int32("ro.board.first_api_level", 0) < __ANDROID_API_T__) {
+ AuthorizationSet key_desc_plus_sign = key_desc;
+ key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
+
+ auto result = GenerateKey(key_desc_plus_sign, attest_key, key_blob, key_characteristics,
+ cert_chain);
+ if (result == ErrorCode::OK) {
+ return result;
+ }
+ // If the key generation failed, it may be because the device is (correctly)
+ // rejecting the combination of ATTEST_KEY+SIGN. Fall through to try again with
+ // just ATTEST_KEY.
+ }
+ return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
+}
+
+// Check if ATTEST_KEY feature is disabled
+bool KeyMintAidlTestBase::is_attest_key_feature_disabled(void) const {
+ if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) {
+ GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled";
+ return true;
+ }
+
+ return false;
+}
+
+// Check if StrongBox KeyStore is enabled
+bool KeyMintAidlTestBase::is_strongbox_enabled(void) const {
+ if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) {
+ GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled";
+ return true;
+ }
+
+ return false;
+}
+
+// Check if chipset has received a waiver allowing it to be launched with Android S or T with
+// Keymaster 4.0 in StrongBox.
+bool KeyMintAidlTestBase::is_chipset_allowed_km4_strongbox(void) const {
+ std::array<char, PROPERTY_VALUE_MAX> buffer;
+
+ const int32_t first_api_level = property_get_int32("ro.board.first_api_level", 0);
+ if (first_api_level <= 0 || first_api_level > __ANDROID_API_T__) return false;
+
+ auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);
+ if (res <= 0) return false;
+
+ const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"};
+
+ for (const string model : allowed_soc_models) {
+ if (model.compare(buffer.data()) == 0) {
+ GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0";
+ return true;
+ }
+ }
+
+ return false;
+}
+
+// Skip the test if all the following conditions hold:
+// 1. ATTEST_KEY feature is disabled
+// 2. STRONGBOX is enabled
+// 3. The device is running one of the chipsets that have received a waiver
+// allowing it to be launched with Android S (or later) with Keymaster 4.0
+// in StrongBox
+void KeyMintAidlTestBase::skipAttestKeyTest(void) const {
+ // Check the chipset first as that doesn't require a round-trip to Package Manager.
+ if (is_chipset_allowed_km4_strongbox() && is_strongbox_enabled() &&
+ is_attest_key_feature_disabled()) {
+ GTEST_SKIP() << "Test is not applicable";
+ }
+}
+
void verify_serial(X509* cert, const uint64_t expected_serial) {
BIGNUM_Ptr ser(BN_new());
EXPECT_TRUE(ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), ser.get()));
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 3245ca9..30ac452 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -54,6 +54,9 @@
constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF;
+const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";
+const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";
+
class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
public:
struct KeyData {
@@ -347,6 +350,17 @@
ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
+ ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,
+ const optional<AttestationKey>& attest_key,
+ vector<uint8_t>* key_blob,
+ vector<KeyCharacteristics>* key_characteristics,
+ vector<Certificate>* cert_chain);
+
+ bool is_attest_key_feature_disabled(void) const;
+ bool is_strongbox_enabled(void) const;
+ bool is_chipset_allowed_km4_strongbox(void) const;
+ void skipAttestKeyTest(void) const;
+
protected:
std::shared_ptr<IKeyMintDevice> keymint_;
uint32_t os_version_;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index e99149b..bdec4d3 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3119,7 +3119,7 @@
*/
TEST_P(SigningOperationsTest, NoUserConfirmation) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/uwb/aidl/default/src/uwb_chip.rs b/uwb/aidl/default/src/uwb_chip.rs
index 7c2c300..cf32694 100644
--- a/uwb/aidl/default/src/uwb_chip.rs
+++ b/uwb/aidl/default/src/uwb_chip.rs
@@ -6,8 +6,8 @@
use async_trait::async_trait;
use binder::{Result, Strong};
-use tokio::fs::File;
-use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use tokio::fs::{self, File};
+use tokio::io::AsyncReadExt;
use tokio::sync::Mutex;
use std::os::fd::AsRawFd;
@@ -22,7 +22,6 @@
callbacks: Strong<dyn IUwbClientCallback>,
#[allow(dead_code)]
tasks: tokio::task::JoinSet<()>,
- write: File,
},
}
@@ -65,17 +64,11 @@
async fn open(&self, callbacks: &Strong<dyn IUwbClientCallback>) -> Result<()> {
log::debug!("open: {:?}", &self.path);
- let serial = File::open(&self.path)
+ let mut serial = File::open(&self.path)
.await
.and_then(makeraw)
.map_err(|_| binder::StatusCode::UNKNOWN_ERROR)?;
- let mut read = serial
- .try_clone()
- .await
- .map_err(|_| binder::StatusCode::UNKNOWN_ERROR)?;
- let write = serial;
-
let mut state = self.state.lock().await;
if let State::Closed = *state {
@@ -88,14 +81,16 @@
const UWB_HEADER_SIZE: usize = 4;
let mut buffer = vec![0; UWB_HEADER_SIZE];
- read.read_exact(&mut buffer[0..UWB_HEADER_SIZE])
+ serial
+ .read_exact(&mut buffer[0..UWB_HEADER_SIZE])
.await
.unwrap();
let length = buffer[3] as usize + UWB_HEADER_SIZE;
buffer.resize(length, 0);
- read.read_exact(&mut buffer[UWB_HEADER_SIZE..length])
+ serial
+ .read_exact(&mut buffer[UWB_HEADER_SIZE..length])
.await
.unwrap();
@@ -108,7 +103,6 @@
*state = State::Opened {
callbacks: callbacks.clone(),
tasks,
- write,
};
Ok(())
@@ -155,11 +149,10 @@
async fn sendUciMessage(&self, data: &[u8]) -> Result<i32> {
log::debug!("sendUciMessage");
- if let State::Opened { write, .. } = &mut *self.state.lock().await {
- write
- .write(data)
+ if let State::Opened { .. } = &mut *self.state.lock().await {
+ fs::write(&self.path, data)
.await
- .map(|written| written as i32)
+ .map(|_| data.len() as i32)
.map_err(|_| binder::StatusCode::UNKNOWN_ERROR.into())
} else {
Err(binder::ExceptionCode::ILLEGAL_STATE.into())