Merge "Added LOCATION_CHARACTERIZATION to HAL layer." into udc-dev
diff --git a/audio/aidl/default/audio_effects_config.xml b/audio/aidl/default/audio_effects_config.xml
index 88c4459..0d1731f 100644
--- a/audio/aidl/default/audio_effects_config.xml
+++ b/audio/aidl/default/audio_effects_config.xml
@@ -40,6 +40,7 @@
<library name="loudness_enhancer" path="libloudnessenhanceraidl.so"/>
<library name="nssw" path="libnssw.so"/>
<library name="env_reverbsw" path="libenvreverbsw.so"/>
+ <library name="pre_processing" path="libpreprocessingaidl.so"/>
<library name="preset_reverbsw" path="libpresetreverbsw.so"/>
<library name="reverb" path="libreverbaidl.so"/>
<library name="virtualizersw" path="libvirtualizersw.so"/>
@@ -68,9 +69,9 @@
-->
<effects>
- <effect name="acoustic_echo_canceler" library="aecsw" uuid="bb392ec0-8d4d-11e0-a896-0002a5d5c51b"/>
- <effect name="automatic_gain_control_v1" library="agc1sw" uuid="aa8130e0-66fc-11e0-bad0-0002a5d5c51b"/>
- <effect name="automatic_gain_control_v2" library="agc2sw" uuid="89f38e65-d4d2-4d64-ad0e-2b3e799ea886"/>
+ <effect name="acoustic_echo_canceler" library="pre_processing" uuid="bb392ec0-8d4d-11e0-a896-0002a5d5c51b"/>
+ <effect name="automatic_gain_control_v1" library="pre_processing" uuid="aa8130e0-66fc-11e0-bad0-0002a5d5c51b"/>
+ <effect name="automatic_gain_control_v2" library="pre_processing" uuid="89f38e65-d4d2-4d64-ad0e-2b3e799ea886"/>
<effectProxy name="bassboost" uuid="14804144-a5ee-4d24-aa88-0002a5d5c51b">
<libsw library="bassboostsw" uuid="fa8181f2-588b-11ed-9b6a-0242ac120002"/>
<libsw library="bundle" uuid="8631f300-72e2-11df-b57e-0002a5d5c51b"/>
@@ -80,7 +81,7 @@
<effect name="haptic_generator" library="haptic_generator" uuid="97c4acd1-8b82-4f2f-832e-c2fe5d7a9931"/>
<effect name="loudness_enhancer" library="loudness_enhancer" uuid="fa415329-2034-4bea-b5dc-5b381c8d1e2c"/>
<effect name="env_reverb" library="env_reverbsw" uuid="fa819886-588b-11ed-9b6a-0242ac120002"/>
- <effect name="noise_suppression" library="nssw" uuid="c06c8400-8e06-11e0-9cb6-0002a5d5c51b"/>
+ <effect name="noise_suppression" library="pre_processing" uuid="c06c8400-8e06-11e0-9cb6-0002a5d5c51b"/>
<effect name="preset_reverb" library="preset_reverbsw" uuid="fa8199c6-588b-11ed-9b6a-0242ac120002"/>
<effect name="reverb_env_aux" library="reverb" uuid="4a387fc0-8ab3-11df-8bad-0002a5d5c51b"/>
<effect name="reverb_env_ins" library="reverb" uuid="c7a511a0-a3bb-11df-860e-0002a5d5c51b"/>
diff --git a/audio/aidl/default/equalizer/EqualizerSw.cpp b/audio/aidl/default/equalizer/EqualizerSw.cpp
index 2814322..8cfe82e 100644
--- a/audio/aidl/default/equalizer/EqualizerSw.cpp
+++ b/audio/aidl/default/equalizer/EqualizerSw.cpp
@@ -76,11 +76,10 @@
const std::vector<Range::EqualizerRange> EqualizerSw::kRanges = {
MAKE_RANGE(Equalizer, preset, 0, EqualizerSw::kPresets.size() - 1),
MAKE_RANGE(Equalizer, bandLevels,
- std::vector<Equalizer::BandLevel>{Equalizer::BandLevel(
- {.index = 0, .levelMb = std::numeric_limits<int>::min()})},
std::vector<Equalizer::BandLevel>{
- Equalizer::BandLevel({.index = EqualizerSwContext::kMaxBandNumber - 1,
- .levelMb = std::numeric_limits<int>::max()})}),
+ Equalizer::BandLevel({.index = 0, .levelMb = -15})},
+ std::vector<Equalizer::BandLevel>{Equalizer::BandLevel(
+ {.index = EqualizerSwContext::kMaxBandNumber - 1, .levelMb = 15})}),
/* capability definition */
MAKE_RANGE(Equalizer, bandFrequencies, EqualizerSw::kBandFrequency,
EqualizerSw::kBandFrequency),
@@ -171,6 +170,14 @@
eqParam.set<Equalizer::centerFreqMh>(mContext->getCenterFreqs());
break;
}
+ case Equalizer::bandFrequencies: {
+ eqParam.set<Equalizer::bandFrequencies>(kBandFrequency);
+ break;
+ }
+ case Equalizer::presets: {
+ eqParam.set<Equalizer::presets>(kPresets);
+ break;
+ }
default: {
LOG(ERROR) << __func__ << " not handled tag: " << toString(tag);
return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
diff --git a/audio/aidl/default/virtualizer/VirtualizerSw.cpp b/audio/aidl/default/virtualizer/VirtualizerSw.cpp
index 5e99cba2..d75e4e0 100644
--- a/audio/aidl/default/virtualizer/VirtualizerSw.cpp
+++ b/audio/aidl/default/virtualizer/VirtualizerSw.cpp
@@ -68,11 +68,7 @@
MAKE_RANGE(Virtualizer, strengthPm, 0, 1000),
/* speakerAngle is get-only, set min > max */
MAKE_RANGE(Virtualizer, speakerAngles, {Virtualizer::ChannelAngle({.channel = 1})},
- {Virtualizer::ChannelAngle({.channel = 0})}),
- /* device is get-only */
- MAKE_RANGE(Virtualizer, device,
- AudioDeviceDescription({.type = AudioDeviceType::IN_DEFAULT}),
- AudioDeviceDescription({.type = AudioDeviceType::NONE}))};
+ {Virtualizer::ChannelAngle({.channel = 0})})};
const Capability VirtualizerSw::kCapability = {
.range = Range::make<Range::virtualizer>(VirtualizerSw::kRanges)};
@@ -174,17 +170,21 @@
ndk::ScopedAStatus VirtualizerSw::getSpeakerAngles(const Virtualizer::SpeakerAnglesPayload payload,
Parameter::Specific* specific) {
std::vector<Virtualizer::ChannelAngle> angles;
- if (::android::hardware::audio::common::getChannelCount(payload.layout) == 1) {
+ const auto chNum = ::android::hardware::audio::common::getChannelCount(payload.layout);
+ if (chNum == 1) {
angles = {{.channel = (int32_t)AudioChannelLayout::CHANNEL_FRONT_LEFT,
.azimuthDegree = 0,
.elevationDegree = 0}};
- } else {
+ } else if (chNum == 2) {
angles = {{.channel = (int32_t)AudioChannelLayout::CHANNEL_FRONT_LEFT,
.azimuthDegree = -90,
.elevationDegree = 0},
{.channel = (int32_t)AudioChannelLayout::CHANNEL_FRONT_RIGHT,
.azimuthDegree = 90,
.elevationDegree = 0}};
+ } else {
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(EX_ILLEGAL_ARGUMENT,
+ "supportUpTo2Ch");
}
Virtualizer param = Virtualizer::make<Virtualizer::speakerAngles>(angles);
diff --git a/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h b/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h
index 98e49a2..478482d 100644
--- a/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h
+++ b/audio/core/all-versions/vts/functional/AudioPrimaryHidlHalTest.h
@@ -1698,26 +1698,6 @@
ASSERT_EQ(0U, framesLost);
}
-TEST_P(InputStreamTest, getCapturePosition) {
- doc::test(
- "The capture position of a non prepared stream should not be "
- "retrievable or 0");
- uint64_t frames;
- uint64_t time;
- ASSERT_OK(stream->getCapturePosition(returnIn(res, frames, time)));
- // Although 'getCapturePosition' is mandatory in V7, legacy implementations
- // may return -ENOSYS (which is translated to NOT_SUPPORTED) in cases when
- // the capture position can't be retrieved, e.g. when the stream isn't
- // running. Because of this, we don't fail when getting NOT_SUPPORTED
- // in this test. Behavior of 'getCapturePosition' for running streams is
- // tested in 'PcmOnlyConfigInputStreamTest' for V7.
- ASSERT_RESULT(okOrInvalidStateOrNotSupported, res);
- if (res == Result::OK) {
- ASSERT_EQ(0U, frames);
- ASSERT_LE(0U, time);
- }
-}
-
//////////////////////////////////////////////////////////////////////////////
///////////////////////////////// StreamOut //////////////////////////////////
//////////////////////////////////////////////////////////////////////////////
diff --git a/automotive/vehicle/2.0/types.hal b/automotive/vehicle/2.0/types.hal
index 83b0d94..00d0452 100644
--- a/automotive/vehicle/2.0/types.hal
+++ b/automotive/vehicle/2.0/types.hal
@@ -829,10 +829,10 @@
/*
* HVAC Properties
*
- * Additional rules for mapping a zoned HVAC property (except
- * HVAC_MAX_DEFROST_ON) to AreaIDs:
- * - Every seat in VehicleAreaSeat that is available in the car, must be
- * part of an AreaID in the AreaID array.
+ * Additional rules for mapping non-GLOBAL VehicleArea type HVAC properties
+ * to AreaIDs:
+ * - Every “area” for a specific VehicleArea type that is affected by the
+ * property, must be included in an area ID for that property.
*
* Example 1: A car has two front seats (ROW_1_LEFT, ROW_1_RIGHT) and three
* back seats (ROW_2_LEFT, ROW_2_CENTER, ROW_2_RIGHT). There are two
@@ -860,6 +860,16 @@
* - ROW_1_LEFT
* - ROW_1_RIGHT
* - ROW_2_LEFT | ROW_2_CENTER | ROW_2_RIGHT | ROW_3_LEFT | ROW_3_CENTER | ROW_3_RIGHT
+ *
+ * Example 3: A car has two front seats (ROW_1_LEFT, ROW_1_RIGHT) and three
+ * back seats (ROW_2_LEFT, ROW_2_CENTER, ROW_2_RIGHT). Suppose the car
+ * supports HVAC_AUTO_ON for just the two front seats.
+ * - A valid mapping set of AreaIDs for HVAC_AUTO_ON would be:
+ * - ROW_1_LEFT | ROW_1_RIGHT
+ * - If HVAC_AUTO_ON had two separate control units for the driver side
+ * and passenger side, an alternative mapping would be:
+ * - ROW_1_LEFT
+ * - ROW_1_RIGHT
*/
/**
diff --git a/automotive/vehicle/aidl/generated_lib/cpp/AccessForVehicleProperty.h b/automotive/vehicle/aidl/generated_lib/cpp/AccessForVehicleProperty.h
index 18b4cfd..d1762c5 100644
--- a/automotive/vehicle/aidl/generated_lib/cpp/AccessForVehicleProperty.h
+++ b/automotive/vehicle/aidl/generated_lib/cpp/AccessForVehicleProperty.h
@@ -267,6 +267,7 @@
{VehicleProperty::CRUISE_CONTROL_STATE, VehiclePropertyAccess::READ},
{VehicleProperty::CRUISE_CONTROL_COMMAND, VehiclePropertyAccess::WRITE},
{VehicleProperty::CRUISE_CONTROL_TARGET_SPEED, VehiclePropertyAccess::READ},
+ {VehicleProperty::ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP, VehiclePropertyAccess::READ_WRITE},
{VehicleProperty::HANDS_ON_DETECTION_ENABLED, VehiclePropertyAccess::READ_WRITE},
{VehicleProperty::HANDS_ON_DETECTION_DRIVER_STATE, VehiclePropertyAccess::READ},
{VehicleProperty::HANDS_ON_DETECTION_WARNING, VehiclePropertyAccess::READ},
diff --git a/automotive/vehicle/aidl/generated_lib/cpp/ChangeModeForVehicleProperty.h b/automotive/vehicle/aidl/generated_lib/cpp/ChangeModeForVehicleProperty.h
index c4087e1..587d8f3 100644
--- a/automotive/vehicle/aidl/generated_lib/cpp/ChangeModeForVehicleProperty.h
+++ b/automotive/vehicle/aidl/generated_lib/cpp/ChangeModeForVehicleProperty.h
@@ -267,6 +267,7 @@
{VehicleProperty::CRUISE_CONTROL_STATE, VehiclePropertyChangeMode::ON_CHANGE},
{VehicleProperty::CRUISE_CONTROL_COMMAND, VehiclePropertyChangeMode::ON_CHANGE},
{VehicleProperty::CRUISE_CONTROL_TARGET_SPEED, VehiclePropertyChangeMode::ON_CHANGE},
+ {VehicleProperty::ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP, VehiclePropertyChangeMode::ON_CHANGE},
{VehicleProperty::HANDS_ON_DETECTION_ENABLED, VehiclePropertyChangeMode::ON_CHANGE},
{VehicleProperty::HANDS_ON_DETECTION_DRIVER_STATE, VehiclePropertyChangeMode::ON_CHANGE},
{VehicleProperty::HANDS_ON_DETECTION_WARNING, VehiclePropertyChangeMode::ON_CHANGE},
diff --git a/automotive/vehicle/aidl/generated_lib/java/AccessForVehicleProperty.java b/automotive/vehicle/aidl/generated_lib/java/AccessForVehicleProperty.java
index a26bbe9..165c1bf 100644
--- a/automotive/vehicle/aidl/generated_lib/java/AccessForVehicleProperty.java
+++ b/automotive/vehicle/aidl/generated_lib/java/AccessForVehicleProperty.java
@@ -259,6 +259,7 @@
Map.entry(VehicleProperty.CRUISE_CONTROL_STATE, VehiclePropertyAccess.READ),
Map.entry(VehicleProperty.CRUISE_CONTROL_COMMAND, VehiclePropertyAccess.WRITE),
Map.entry(VehicleProperty.CRUISE_CONTROL_TARGET_SPEED, VehiclePropertyAccess.READ),
+ Map.entry(VehicleProperty.ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP, VehiclePropertyAccess.READ_WRITE),
Map.entry(VehicleProperty.HANDS_ON_DETECTION_ENABLED, VehiclePropertyAccess.READ_WRITE),
Map.entry(VehicleProperty.HANDS_ON_DETECTION_DRIVER_STATE, VehiclePropertyAccess.READ),
Map.entry(VehicleProperty.HANDS_ON_DETECTION_WARNING, VehiclePropertyAccess.READ),
diff --git a/automotive/vehicle/aidl/generated_lib/java/ChangeModeForVehicleProperty.java b/automotive/vehicle/aidl/generated_lib/java/ChangeModeForVehicleProperty.java
index 2da8dd9..7814a44 100644
--- a/automotive/vehicle/aidl/generated_lib/java/ChangeModeForVehicleProperty.java
+++ b/automotive/vehicle/aidl/generated_lib/java/ChangeModeForVehicleProperty.java
@@ -259,6 +259,7 @@
Map.entry(VehicleProperty.CRUISE_CONTROL_STATE, VehiclePropertyChangeMode.ON_CHANGE),
Map.entry(VehicleProperty.CRUISE_CONTROL_COMMAND, VehiclePropertyChangeMode.ON_CHANGE),
Map.entry(VehicleProperty.CRUISE_CONTROL_TARGET_SPEED, VehiclePropertyChangeMode.ON_CHANGE),
+ Map.entry(VehicleProperty.ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP, VehiclePropertyChangeMode.ON_CHANGE),
Map.entry(VehicleProperty.HANDS_ON_DETECTION_ENABLED, VehiclePropertyChangeMode.ON_CHANGE),
Map.entry(VehicleProperty.HANDS_ON_DETECTION_DRIVER_STATE, VehiclePropertyChangeMode.ON_CHANGE),
Map.entry(VehicleProperty.HANDS_ON_DETECTION_WARNING, VehiclePropertyChangeMode.ON_CHANGE),
diff --git a/automotive/vehicle/aidl/impl/default_config/config/DefaultProperties.json b/automotive/vehicle/aidl/impl/default_config/config/DefaultProperties.json
index b146da3..b6d987e 100644
--- a/automotive/vehicle/aidl/impl/default_config/config/DefaultProperties.json
+++ b/automotive/vehicle/aidl/impl/default_config/config/DefaultProperties.json
@@ -3272,6 +3272,22 @@
]
},
{
+ "property": "VehicleProperty::ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP",
+ "defaultValue": {
+ "int32Values": [
+ 1200
+ ]
+ },
+ "configArray": [
+ 1200,
+ 1400,
+ 1600,
+ 1800,
+ 2000,
+ 2200
+ ]
+ },
+ {
"property": "VehicleProperty::HANDS_ON_DETECTION_ENABLED",
"defaultValue": {
"int32Values": [
diff --git a/automotive/vehicle/aidl_property/aidl_api/android.hardware.automotive.vehicle.property/current/android/hardware/automotive/vehicle/VehicleProperty.aidl b/automotive/vehicle/aidl_property/aidl_api/android.hardware.automotive.vehicle.property/current/android/hardware/automotive/vehicle/VehicleProperty.aidl
index d947a56..f3c8234 100644
--- a/automotive/vehicle/aidl_property/aidl_api/android.hardware.automotive.vehicle.property/current/android/hardware/automotive/vehicle/VehicleProperty.aidl
+++ b/automotive/vehicle/aidl_property/aidl_api/android.hardware.automotive.vehicle.property/current/android/hardware/automotive/vehicle/VehicleProperty.aidl
@@ -265,6 +265,7 @@
CRUISE_CONTROL_STATE = (((0x1011 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.INT32) /* 289411089 */,
CRUISE_CONTROL_COMMAND = (((0x1012 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.INT32) /* 289411090 */,
CRUISE_CONTROL_TARGET_SPEED = (((0x1013 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.FLOAT) /* 291508243 */,
+ ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP = (((0x1014 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.INT32) /* 289411092 */,
HANDS_ON_DETECTION_ENABLED = (((0x1016 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.BOOLEAN) /* 287313942 */,
HANDS_ON_DETECTION_DRIVER_STATE = (((0x1017 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.INT32) /* 289411095 */,
HANDS_ON_DETECTION_WARNING = (((0x1018 + android.hardware.automotive.vehicle.VehiclePropertyGroup.SYSTEM) + android.hardware.automotive.vehicle.VehicleArea.GLOBAL) + android.hardware.automotive.vehicle.VehiclePropertyType.INT32) /* 289411096 */,
diff --git a/automotive/vehicle/aidl_property/android/hardware/automotive/vehicle/VehicleProperty.aidl b/automotive/vehicle/aidl_property/android/hardware/automotive/vehicle/VehicleProperty.aidl
index 7859dee..c29076d 100644
--- a/automotive/vehicle/aidl_property/android/hardware/automotive/vehicle/VehicleProperty.aidl
+++ b/automotive/vehicle/aidl_property/android/hardware/automotive/vehicle/VehicleProperty.aidl
@@ -619,10 +619,10 @@
/**
* HVAC Properties
*
- * Additional rules for mapping a zoned HVAC property (except
- * HVAC_MAX_DEFROST_ON) to AreaIDs:
- * - Every seat in VehicleAreaSeat that is available in the car, must be
- * part of an AreaID in the AreaID array.
+ * Additional rules for mapping non-GLOBAL VehicleArea type HVAC properties
+ * to AreaIDs:
+ * - Every “area” for a specific VehicleArea type that is affected by the
+ * property, must be included in an area ID for that property.
*
* Example 1: A car has two front seats (ROW_1_LEFT, ROW_1_RIGHT) and three
* back seats (ROW_2_LEFT, ROW_2_CENTER, ROW_2_RIGHT). There are two
@@ -651,6 +651,16 @@
* - ROW_1_RIGHT
* - ROW_2_LEFT | ROW_2_CENTER | ROW_2_RIGHT | ROW_3_LEFT | ROW_3_CENTER | ROW_3_RIGHT
*
+ * Example 3: A car has two front seats (ROW_1_LEFT, ROW_1_RIGHT) and three
+ * back seats (ROW_2_LEFT, ROW_2_CENTER, ROW_2_RIGHT). Suppose the car
+ * supports HVAC_AUTO_ON for just the two front seats.
+ * - A valid mapping set of AreaIDs for HVAC_AUTO_ON would be:
+ * - ROW_1_LEFT | ROW_1_RIGHT
+ * - If HVAC_AUTO_ON had two separate control units for the driver side
+ * and passenger side, an alternative mapping would be:
+ * - ROW_1_LEFT
+ * - ROW_1_RIGHT
+ *
*
* Fan speed setting
*
@@ -4029,6 +4039,28 @@
0x1013 + VehiclePropertyGroup.SYSTEM + VehicleArea.GLOBAL + VehiclePropertyType.FLOAT,
/**
+ * Current target time gap for Adaptive Cruise Control (ACC) or Predictive Cruise Control in
+ * milliseconds.
+ *
+ * This property should specify the target time gap to a leading vehicle. This gap is defined as
+ * the time to travel the distance between the leading vehicle's rear-most point to the ACC
+ * vehicle's front-most point. The actual time gap from a leading vehicle can be above or below
+ * this value.
+ *
+ * The possible values to set for the target time gap should be specified in configArray in
+ * ascending order. All values must be positive. If the property is writable, all values must be
+ * writable.
+ *
+ * Writing to this property when it is not available should return StatusCode.NOT_AVAILABLE.
+ *
+ * @change_mode VehiclePropertyChangeMode.ON_CHANGE
+ * @access VehiclePropertyAccess.READ_WRITE
+ * @unit VehicleUnit:MILLI_SECS
+ */
+ ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP =
+ 0x1014 + VehiclePropertyGroup.SYSTEM + VehicleArea.GLOBAL + VehiclePropertyType.INT32,
+
+ /**
* Enable or disable hands on detection (HOD).
*
* Set true to enable HOD and false to disable HOD. When HOD is enabled, a system inside the
diff --git a/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp b/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
index 848ca62..e06647d 100644
--- a/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
+++ b/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
@@ -546,6 +546,12 @@
VehicleArea::GLOBAL, VehiclePropertyType::FLOAT);
}
+TEST_P(VtsHalAutomotiveVehicleTargetTest, verifyAdaptiveCruiseControlTargetTimeGapConfig) {
+ verifyProperty(VehicleProperty::ADAPTIVE_CRUISE_CONTROL_TARGET_TIME_GAP,
+ VehiclePropertyAccess::READ_WRITE, VehiclePropertyChangeMode::ON_CHANGE,
+ VehiclePropertyGroup::SYSTEM, VehicleArea::GLOBAL, VehiclePropertyType::INT32);
+}
+
TEST_P(VtsHalAutomotiveVehicleTargetTest, verifyHandsOnDetectionEnabledConfig) {
verifyProperty(VehicleProperty::HANDS_ON_DETECTION_ENABLED, VehiclePropertyAccess::READ_WRITE,
VehiclePropertyChangeMode::ON_CHANGE, VehiclePropertyGroup::SYSTEM,
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/IDiceDevice.aidl b/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/AuthenticateReason.aidl
similarity index 64%
rename from security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/IDiceDevice.aidl
rename to biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/AuthenticateReason.aidl
index 383f4d1..f639ead 100644
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/IDiceDevice.aidl
+++ b/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/AuthenticateReason.aidl
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2021 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -31,12 +31,33 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.dice;
+package android.hardware.biometrics.common;
/* @hide */
-@SensitiveData @VintfStability
-interface IDiceDevice {
- android.hardware.security.dice.Signature sign(in android.hardware.security.dice.InputValues[] id, in byte[] payload);
- android.hardware.security.dice.Bcc getAttestationChain(in android.hardware.security.dice.InputValues[] inputValues);
- android.hardware.security.dice.BccHandover derive(in android.hardware.security.dice.InputValues[] inputValues);
- void demote(in android.hardware.security.dice.InputValues[] inputValues);
+@VintfStability
+union AuthenticateReason {
+ android.hardware.biometrics.common.AuthenticateReason.Vendor vendorAuthenticateReason;
+ android.hardware.biometrics.common.AuthenticateReason.Face faceAuthenticateReason;
+ android.hardware.biometrics.common.AuthenticateReason.Fingerprint fingerprintAuthenticateReason;
+ @VintfStability
+ parcelable Vendor {
+ ParcelableHolder extension;
+ }
+ @Backing(type="int") @VintfStability
+ enum Fingerprint {
+ UNKNOWN,
+ }
+ @Backing(type="int") @VintfStability
+ enum Face {
+ UNKNOWN,
+ STARTED_WAKING_UP,
+ PRIMARY_BOUNCER_SHOWN,
+ ASSISTANT_VISIBLE,
+ ALTERNATE_BIOMETRIC_BOUNCER_SHOWN,
+ NOTIFICATION_PANEL_CLICKED,
+ OCCLUDING_APP_REQUESTED,
+ PICK_UP_GESTURE_TRIGGERED,
+ QS_EXPANDED,
+ SWIPE_UP_ON_BOUNCER,
+ UDFPS_POINTER_DOWN,
+ }
}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Mode.aidl b/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/DisplayState.aidl
similarity index 87%
rename from security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Mode.aidl
rename to biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/DisplayState.aidl
index 295c32e..176e8d6 100644
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Mode.aidl
+++ b/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/DisplayState.aidl
@@ -1,11 +1,11 @@
/*
- * Copyright 2021, The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
@@ -31,12 +31,13 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
-package android.hardware.security.dice;
+package android.hardware.biometrics.common;
/* @hide */
@Backing(type="int") @VintfStability
-enum Mode {
- NOT_INITIALIZED = 0,
- NORMAL = 1,
- DEBUG = 2,
- RECOVERY = 3,
+enum DisplayState {
+ UNKNOWN,
+ LOCKSCREEN,
+ NO_UI,
+ SCREENSAVER,
+ AOD,
}
diff --git a/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/OperationContext.aidl b/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/OperationContext.aidl
index 305e422..378017e 100644
--- a/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/OperationContext.aidl
+++ b/biometrics/common/aidl/aidl_api/android.hardware.biometrics.common/current/android/hardware/biometrics/common/OperationContext.aidl
@@ -37,7 +37,12 @@
parcelable OperationContext {
int id = 0;
android.hardware.biometrics.common.OperationReason reason = android.hardware.biometrics.common.OperationReason.UNKNOWN;
+ /**
+ * @deprecated use displayState instead.
+ */
boolean isAod = false;
boolean isCrypto = false;
android.hardware.biometrics.common.WakeReason wakeReason = android.hardware.biometrics.common.WakeReason.UNKNOWN;
+ android.hardware.biometrics.common.DisplayState displayState = android.hardware.biometrics.common.DisplayState.UNKNOWN;
+ @nullable android.hardware.biometrics.common.AuthenticateReason authenticateReason;
}
diff --git a/biometrics/common/aidl/android/hardware/biometrics/common/AuthenticateReason.aidl b/biometrics/common/aidl/android/hardware/biometrics/common/AuthenticateReason.aidl
new file mode 100644
index 0000000..fcf5294
--- /dev/null
+++ b/biometrics/common/aidl/android/hardware/biometrics/common/AuthenticateReason.aidl
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.biometrics.common;
+
+/**
+ * Reason for an authenticate operation.
+ *
+ * @hide
+ */
+@VintfStability
+union AuthenticateReason {
+ /** Vendor reason for invoking an authenticate operation. */
+ @VintfStability
+ parcelable Vendor {
+ ParcelableHolder extension;
+ }
+
+ /** Reason for invoking fingerprint authentication. */
+ @VintfStability
+ @Backing(type="int")
+ enum Fingerprint {
+ UNKNOWN,
+ }
+
+ /** Reason for invoking face authentication. */
+ @VintfStability
+ @Backing(type="int")
+ enum Face {
+ UNKNOWN,
+ STARTED_WAKING_UP,
+ PRIMARY_BOUNCER_SHOWN,
+ ASSISTANT_VISIBLE,
+ ALTERNATE_BIOMETRIC_BOUNCER_SHOWN,
+ NOTIFICATION_PANEL_CLICKED,
+ OCCLUDING_APP_REQUESTED,
+ PICK_UP_GESTURE_TRIGGERED,
+ QS_EXPANDED,
+ SWIPE_UP_ON_BOUNCER,
+ UDFPS_POINTER_DOWN,
+ }
+
+ AuthenticateReason.Vendor vendorAuthenticateReason;
+ AuthenticateReason.Face faceAuthenticateReason;
+ AuthenticateReason.Fingerprint fingerprintAuthenticateReason;
+}
diff --git a/biometrics/common/aidl/android/hardware/biometrics/common/DisplayState.aidl b/biometrics/common/aidl/android/hardware/biometrics/common/DisplayState.aidl
new file mode 100644
index 0000000..d01eac8
--- /dev/null
+++ b/biometrics/common/aidl/android/hardware/biometrics/common/DisplayState.aidl
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.biometrics.common;
+
+/**
+ * Display state during an operation.
+ *
+ * @hide
+ */
+@VintfStability
+@Backing(type="int")
+enum DisplayState {
+ /** The display state is unknown. */
+ UNKNOWN,
+
+ /** The display is on and showing the lockscreen (or an occluding app). */
+ LOCKSCREEN,
+
+ /** The display is off or dozing. */
+ NO_UI,
+
+ /** The display is showing a screensaver (dreaming). */
+ SCREENSAVER,
+
+ /** The display is dreaming with always on display. */
+ AOD,
+}
diff --git a/biometrics/common/aidl/android/hardware/biometrics/common/OperationContext.aidl b/biometrics/common/aidl/android/hardware/biometrics/common/OperationContext.aidl
index a8f768d..f4191d7 100644
--- a/biometrics/common/aidl/android/hardware/biometrics/common/OperationContext.aidl
+++ b/biometrics/common/aidl/android/hardware/biometrics/common/OperationContext.aidl
@@ -16,6 +16,8 @@
package android.hardware.biometrics.common;
+import android.hardware.biometrics.common.AuthenticateReason;
+import android.hardware.biometrics.common.DisplayState;
import android.hardware.biometrics.common.OperationReason;
import android.hardware.biometrics.common.WakeReason;
@@ -43,7 +45,7 @@
*/
OperationReason reason = OperationReason.UNKNOWN;
- /* Flag indicating that the display is in AOD mode. */
+ /** @deprecated use displayState instead. */
boolean isAod = false;
/** Flag indicating that crypto was requested. */
@@ -58,4 +60,15 @@
* policy.
*/
WakeReason wakeReason = WakeReason.UNKNOWN;
+
+ /** The current display state. */
+ DisplayState displayState = DisplayState.UNKNOWN;
+
+ /**
+ * An associated reason for an authenticate operation.
+ *
+ * This should be interpreted as a hint to enable optimizations or tracing. The
+ * framework may choose to omit the reason at any time based on the device's policy.
+ */
+ @nullable AuthenticateReason authenticateReason;
}
diff --git a/camera/device/3.2/types.hal b/camera/device/3.2/types.hal
index 276e92a..3989161 100644
--- a/camera/device/3.2/types.hal
+++ b/camera/device/3.2/types.hal
@@ -346,15 +346,18 @@
* An override pixel format for the buffers in this stream.
*
* The HAL must respect the requested format in Stream unless it is
- * IMPLEMENTATION_DEFINED, in which case the override format here must be
- * used by the client instead, for this stream. This allows cross-platform
- * HALs to use a standard format since IMPLEMENTATION_DEFINED formats often
- * require device-specific information. In all other cases, the
+ * IMPLEMENTATION_DEFINED output, in which case the override format
+ * here must be used by the client instead, for this stream. This allows
+ * cross-platform HALs to use a standard format since IMPLEMENTATION_DEFINED
+ * formats often require device-specific information. In all other cases, the
* overrideFormat must match the requested format.
*
* When HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED is used, then the platform
* gralloc module must select a format based on the usage flags provided by
* the camera device and the other endpoint of the stream.
+ *
+ * For private reprocessing, the HAL must not override the input stream's
+ * IMPLEMENTATION_DEFINED format.
*/
android.hardware.graphics.common@1.0::PixelFormat overrideFormat;
diff --git a/camera/device/aidl/android/hardware/camera/device/HalStream.aidl b/camera/device/aidl/android/hardware/camera/device/HalStream.aidl
index b8ec3de..25a80bc 100644
--- a/camera/device/aidl/android/hardware/camera/device/HalStream.aidl
+++ b/camera/device/aidl/android/hardware/camera/device/HalStream.aidl
@@ -38,7 +38,7 @@
* An override pixel format for the buffers in this stream.
*
* The HAL must respect the requested format in Stream unless it is
- * IMPLEMENTATION_DEFINED, in which case the override format here must be
+ * IMPLEMENTATION_DEFINED output, in which case the override format here must be
* used by the client instead, for this stream. This allows cross-platform
* HALs to use a standard format since IMPLEMENTATION_DEFINED formats often
* require device-specific information. In all other cases, the
@@ -47,6 +47,9 @@
* When HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED is used, then the platform
* gralloc module must select a format based on the usage flags provided by
* the camera device and the other endpoint of the stream.
+ *
+ * For private reprocessing, the HAL must not override the input stream's
+ * IMPLEMENTATION_DEFINED format.
*/
android.hardware.graphics.common.PixelFormat overrideFormat;
diff --git a/compatibility_matrices/compatibility_matrix.7.xml b/compatibility_matrices/compatibility_matrix.7.xml
index 5694945..67dd717 100644
--- a/compatibility_matrices/compatibility_matrix.7.xml
+++ b/compatibility_matrices/compatibility_matrix.7.xml
@@ -400,14 +400,6 @@
</interface>
</hal>
<hal format="aidl" optional="true">
- <name>android.hardware.security.dice</name>
- <version>1</version>
- <interface>
- <name>IDiceDevice</name>
- <instance>default</instance>
- </interface>
- </hal>
- <hal format="aidl" optional="true">
<name>android.hardware.security.keymint</name>
<version>1-2</version>
<interface>
diff --git a/compatibility_matrices/compatibility_matrix.8.xml b/compatibility_matrices/compatibility_matrix.8.xml
index 1b0b496..d4fca6a 100644
--- a/compatibility_matrices/compatibility_matrix.8.xml
+++ b/compatibility_matrices/compatibility_matrix.8.xml
@@ -338,14 +338,6 @@
</interface>
</hal>
<hal format="aidl" optional="true">
- <name>android.hardware.security.dice</name>
- <version>1</version>
- <interface>
- <name>IDiceDevice</name>
- <instance>default</instance>
- </interface>
- </hal>
- <hal format="aidl" optional="true">
<name>android.hardware.security.keymint</name>
<version>1-3</version>
<interface>
diff --git a/current.txt b/current.txt
index ef1f65a..c40f9ea 100644
--- a/current.txt
+++ b/current.txt
@@ -934,5 +934,7 @@
42abd285a4293dadb8c89bc63b90cae2872fbffe90c4517aa3ea4965e8aecff7 android.hardware.graphics.common@1.2::types
4f1a02d21a22104c734f71cdbba19b6f7e93d4ee107ff79f0dbdd171a8430e0e android.hardware.automotive.vehicle@2.0::types
a2fbd9747fbb9ceb8c1090b5a24138312246502d5af0654a8c2b603a9bf521fc android.hardware.gnss@1.0::IGnssCallback
+889b59e3e7a59afa67bf19882a44f51a2f9e43b6556ec52baa9ec3efd1ef7fbe android.hardware.camera.device@3.2::types
+db37a1c757e2e69b1ec9c75a981a6987bd87a131d92ab6acc00e04d19f374281 android.hardware.automotive.vehicle@2.0::types
# There will be no more HIDL HALs. Use AIDL instead.
diff --git a/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp b/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
index 70c4e4c..4974e71 100644
--- a/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
+++ b/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
@@ -874,6 +874,13 @@
}
TEST_P(GraphicsComposerAidlTest, GetOverlaySupport) {
+ const auto& [versionStatus, version] = mComposerClient->getInterfaceVersion();
+ ASSERT_TRUE(versionStatus.isOk());
+ if (version == 1) {
+ GTEST_SUCCEED() << "Device does not support the new API for overlay support";
+ return;
+ }
+
const auto& [status, properties] = mComposerClient->getOverlaySupport();
if (!status.isOk() && status.getExceptionCode() == EX_SERVICE_SPECIFIC &&
status.getServiceSpecificError() == IComposerClient::EX_UNSUPPORTED) {
diff --git a/graphics/mapper/2.0/default/passthrough.cpp b/graphics/mapper/2.0/default/passthrough.cpp
index e18b88f..93d6d99 100644
--- a/graphics/mapper/2.0/default/passthrough.cpp
+++ b/graphics/mapper/2.0/default/passthrough.cpp
@@ -19,6 +19,14 @@
using android::hardware::graphics::mapper::V2_0::IMapper;
using android::hardware::graphics::mapper::V2_0::passthrough::GrallocLoader;
+// Preload the gralloc module such that GraphicBufferMapper::preloadHal is
+// meaningful
+class GrallocPreloader {
+public:
+ GrallocPreloader() { GrallocLoader::loadModule(); }
+};
+static GrallocPreloader sGrallocPreloader;
+
extern "C" IMapper* HIDL_FETCH_IMapper(const char* /*name*/) {
return GrallocLoader::load();
}
diff --git a/graphics/mapper/2.1/default/passthrough.cpp b/graphics/mapper/2.1/default/passthrough.cpp
index c7f0cf5..c99c984 100644
--- a/graphics/mapper/2.1/default/passthrough.cpp
+++ b/graphics/mapper/2.1/default/passthrough.cpp
@@ -19,6 +19,14 @@
using android::hardware::graphics::mapper::V2_1::IMapper;
using android::hardware::graphics::mapper::V2_1::passthrough::GrallocLoader;
+// Preload the gralloc module such that GraphicBufferMapper::preloadHal is
+// meaningful
+class GrallocPreloader {
+public:
+ GrallocPreloader() { GrallocLoader::loadModule(); }
+};
+static GrallocPreloader sGrallocPreloader;
+
extern "C" IMapper* HIDL_FETCH_IMapper(const char* /*name*/) {
return GrallocLoader::load();
}
diff --git a/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp b/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
old mode 100755
new mode 100644
index 00e9837..d80e651
--- a/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
+++ b/media/omx/1.0/vts/functional/store/VtsHalMediaOmxV1_0TargetStoreTest.cpp
@@ -374,21 +374,16 @@
}
}
-static int getFirstApiLevel() {
- int boardApiLevel = android::base::GetIntProperty("ro.board.first_api_level", 0);
- if (boardApiLevel != 0) {
- return boardApiLevel;
- }
-
- return android::base::GetIntProperty("ro.product.first_api_level", __ANDROID_API_T__);
-}
-
static bool isTV() {
return testing::deviceSupportsFeature("android.software.leanback");
}
// list components and roles.
TEST_P(StoreHidlTest, OmxCodecAllowedTest) {
+ static int sBoardFirstApiLevel = android::base::GetIntProperty("ro.board.first_api_level", 0);
+ if (sBoardFirstApiLevel == 0) {
+ GTEST_SKIP() << "board first API level not detected";
+ }
hidl_vec<IOmx::ComponentInfo> componentInfos = getComponentInfoList(omx);
for (IOmx::ComponentInfo info : componentInfos) {
for (std::string role : info.mRoles) {
@@ -396,27 +391,27 @@
role.find("video_encoder") != std::string::npos) {
// Codec2 is not mandatory on Android TV devices that launched with Android S
if (isTV()) {
- ASSERT_LT(getFirstApiLevel(), __ANDROID_API_T__)
+ ASSERT_LT(sBoardFirstApiLevel, __ANDROID_API_T__)
<< " Component: " << info.mName.c_str() << " Role: " << role.c_str()
<< " not allowed for devices launching with Android T and above";
} else {
std::string codecName = info.mName;
bool isAndroidCodec = (codecName.rfind("OMX.google", 0) != std::string::npos);
- if (isAndroidCodec && (getFirstApiLevel() <= __ANDROID_API_S__)) {
+ if (isAndroidCodec && (sBoardFirstApiLevel <= __ANDROID_API_S__)) {
// refer b/230582620
// S AOSP build did not remove the OMX.google video codecs
// so it is infeasible to require no OMX.google.* video codecs
// on S launching devices
} else {
- ASSERT_LT(getFirstApiLevel(), __ANDROID_API_S__)
- << " Component: " << info.mName.c_str() << " Role: " << role.c_str()
- << " not allowed for devices launching with Android S and above";
+ ASSERT_LT(sBoardFirstApiLevel, __ANDROID_API_S__)
+ << " Component: " << info.mName.c_str() << " Role: " << role.c_str()
+ << " not allowed for devices launching with Android S and above";
}
}
}
if (role.find("audio_decoder") != std::string::npos ||
role.find("audio_encoder") != std::string::npos) {
- ASSERT_LT(getFirstApiLevel(), __ANDROID_API_T__)
+ ASSERT_LT(sBoardFirstApiLevel, __ANDROID_API_T__)
<< " Component: " << info.mName.c_str() << " Role: " << role.c_str()
<< " not allowed for devices launching with Android T and above";
}
diff --git a/security/dice/aidl/Android.bp b/security/dice/aidl/Android.bp
deleted file mode 100644
index 5625d70..0000000
--- a/security/dice/aidl/Android.bp
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- // See: http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // all of the 'license_kinds' from "hardware_interfaces_license"
- // to get the below license kinds:
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-aidl_interface {
- name: "android.hardware.security.dice",
- vendor_available: true,
- srcs: [
- "android/hardware/security/dice/*.aidl",
- ],
- stability: "vintf",
- backend: {
- java: {
- enabled: false,
- platform_apis: false,
- },
- ndk: {
- apps_enabled: false,
- apex_available: [
- "//apex_available:platform",
- "com.android.compos",
- ],
- },
- rust: {
- enabled: true,
- apex_available: [
- "//apex_available:platform",
- "com.android.compos",
- ],
- },
- },
- versions_with_info: [
- {
- version: "1",
- imports: [],
- },
- ],
-
- // versions: ["1"],
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/.hash b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/.hash
deleted file mode 100644
index 3f08fd8..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/.hash
+++ /dev/null
@@ -1 +0,0 @@
-02994f275fd7b1b40610c10eaeb0573f4312e358
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Bcc.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Bcc.aidl
deleted file mode 100644
index 5af7358..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Bcc.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Bcc {
- byte[] data;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/BccHandover.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/BccHandover.aidl
deleted file mode 100644
index 8baca94..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/BccHandover.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable BccHandover {
- byte[32] cdiAttest;
- byte[32] cdiSeal;
- android.hardware.security.dice.Bcc bcc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Config.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Config.aidl
deleted file mode 100644
index 78dd2f8..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Config.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Config {
- byte[] desc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/InputValues.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/InputValues.aidl
deleted file mode 100644
index e43c429..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/InputValues.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable InputValues {
- byte[64] codeHash;
- android.hardware.security.dice.Config config;
- byte[64] authorityHash;
- @nullable byte[] authorityDescriptor;
- android.hardware.security.dice.Mode mode = android.hardware.security.dice.Mode.NOT_INITIALIZED;
- byte[64] hidden;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/ResponseCode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/ResponseCode.aidl
deleted file mode 100644
index c13afa6..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/ResponseCode.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-@Backing(type="int") @VintfStability
-enum ResponseCode {
- PERMISSION_DENIED = 1,
- SYSTEM_ERROR = 2,
- NOT_IMPLEMENTED = 3,
- DEMOTION_FAILED = 4,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Signature.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Signature.aidl
deleted file mode 100644
index 294170d..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/1/android/hardware/security/dice/Signature.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Signature {
- byte[] data;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Bcc.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Bcc.aidl
deleted file mode 100644
index 5af7358..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Bcc.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Bcc {
- byte[] data;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/BccHandover.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/BccHandover.aidl
deleted file mode 100644
index 8baca94..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/BccHandover.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable BccHandover {
- byte[32] cdiAttest;
- byte[32] cdiSeal;
- android.hardware.security.dice.Bcc bcc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Config.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Config.aidl
deleted file mode 100644
index 78dd2f8..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Config.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Config {
- byte[] desc;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/IDiceDevice.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/IDiceDevice.aidl
deleted file mode 100644
index 383f4d1..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/IDiceDevice.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@SensitiveData @VintfStability
-interface IDiceDevice {
- android.hardware.security.dice.Signature sign(in android.hardware.security.dice.InputValues[] id, in byte[] payload);
- android.hardware.security.dice.Bcc getAttestationChain(in android.hardware.security.dice.InputValues[] inputValues);
- android.hardware.security.dice.BccHandover derive(in android.hardware.security.dice.InputValues[] inputValues);
- void demote(in android.hardware.security.dice.InputValues[] inputValues);
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/InputValues.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/InputValues.aidl
deleted file mode 100644
index e43c429..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/InputValues.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable InputValues {
- byte[64] codeHash;
- android.hardware.security.dice.Config config;
- byte[64] authorityHash;
- @nullable byte[] authorityDescriptor;
- android.hardware.security.dice.Mode mode = android.hardware.security.dice.Mode.NOT_INITIALIZED;
- byte[64] hidden;
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Mode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Mode.aidl
deleted file mode 100644
index 295c32e..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Mode.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum Mode {
- NOT_INITIALIZED = 0,
- NORMAL = 1,
- DEBUG = 2,
- RECOVERY = 3,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/ResponseCode.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/ResponseCode.aidl
deleted file mode 100644
index c13afa6..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/ResponseCode.aidl
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-@Backing(type="int") @VintfStability
-enum ResponseCode {
- PERMISSION_DENIED = 1,
- SYSTEM_ERROR = 2,
- NOT_IMPLEMENTED = 3,
- DEMOTION_FAILED = 4,
-}
diff --git a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Signature.aidl b/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Signature.aidl
deleted file mode 100644
index 294170d..0000000
--- a/security/dice/aidl/aidl_api/android.hardware.security.dice/current/android/hardware/security/dice/Signature.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.dice;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable Signature {
- byte[] data;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Bcc.aidl b/security/dice/aidl/android/hardware/security/dice/Bcc.aidl
deleted file mode 100644
index 983915e..0000000
--- a/security/dice/aidl/android/hardware/security/dice/Bcc.aidl
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * A DICE certificate chain following the Boot Certificate Chain (BCC) specification.
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-parcelable Bcc {
- /**
- * The DICE certificate chain CBOR encoded following the BCC specification. The CDDL
- * specification for BCC can be found here [1].
- *
- * @see <a
- * href="https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl">
- * BCC CDDL specification
- * </a>
- */
- byte[] data;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/BccHandover.aidl b/security/dice/aidl/android/hardware/security/dice/BccHandover.aidl
deleted file mode 100644
index 6ca862c..0000000
--- a/security/dice/aidl/android/hardware/security/dice/BccHandover.aidl
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-import android.hardware.security.dice.Bcc;
-
-/**
- * Represents one set of DICE artifacts.
- *
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-parcelable BccHandover {
- /**
- * CDI_attest. Must be exactly 32 bytes of data.
- */
- byte[32] cdiAttest;
- /**
- * CDI_seal. Must be exactly 32 bytes of data.
- */
- byte[32] cdiSeal;
- /**
- * CBOR encoded BCC.
- *
- * @see <a
- * href="https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl">
- * BCC CDDL specification
- * </a>
- */
- Bcc bcc;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Config.aidl b/security/dice/aidl/android/hardware/security/dice/Config.aidl
deleted file mode 100644
index 6decfc5..0000000
--- a/security/dice/aidl/android/hardware/security/dice/Config.aidl
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * DICE config descriptor as described in at
- * <a
- * href="https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md#input-values">
- * input-values
- * </a>
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-parcelable Config {
- /**
- * A free form descriptor. This should follow the BCC Configuration Descriptor.
- * @see <a
- * href="https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl">
- * BccPayload field -4670548
- * </a>
- */
- byte[] desc;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/IDiceDevice.aidl b/security/dice/aidl/android/hardware/security/dice/IDiceDevice.aidl
deleted file mode 100644
index 709aede..0000000
--- a/security/dice/aidl/android/hardware/security/dice/IDiceDevice.aidl
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-import android.hardware.security.dice.Bcc;
-import android.hardware.security.dice.BccHandover;
-import android.hardware.security.dice.InputValues;
-import android.hardware.security.dice.Signature;
-
-/**
- * IDiceDevice specifies an interface that allows access to the Android instance's DICE artifacts.
- *
- * <h2>Features</h2>
- *
- * The dice device provides access to the component's CDI_SEAL and CDI_ATTEST secrets as well
- * as to its attestation certificate chain. The "component" is the Android instance running this
- * HAL service and the secrets and attestation chain must include all boot stage components,
- * the kernel, and the verified boot information (VBA).
- *
- * Implementations provide the following operations:
- * <li> sign - Signing a payload with a key derived from CDI_ATTEST.
- * <li> getAttestationChain - Retrieve the component's attestation certificate chain.
- * <li> derive - Retrieve the component's DICE artifacts.
- *
- * @see <a
- * href="https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md">
- * Open-dice Specification
- * </a>
- * @see <a
- * href="https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl">
- * Boot Certificate Chain (BCC) CDDL specification
- * </a>
- * @hide
- */
-@SensitiveData
-@VintfStability
-interface IDiceDevice {
- /**
- * Uses the a key derived from the component's, or a child's given by <code>inputValues</code>,
- * attestation secret to sign the payload using RFC 8032 Pure Ed25519 and returns the
- * signature. The payload is limited to 1024 bytes.
- *
- * @see <a href="https://datatracker.ietf.org/doc/html/rfc8032">RFC 8032</a>
- */
- Signature sign(in InputValues[] id, in byte[] payload);
-
- /**
- * Returns the attestation chain of the component if <code>inputValues</code> is empty or the
- * chain to the given child of the component identified by the <code>inputValues</code> vector.
- *
- * ## Error as service specific exception:
- * ResponseCode::PERMISSION_DENIED if the caller is not sufficiently privileged.
- */
- Bcc getAttestationChain(in InputValues[] inputValues);
-
- /**
- * This function allows a client to become a resident node. A resident node is a node that
- * manages its own dice secrets as opposed to using them by proxy, i.e., by calling sign
- * and getAttestationChain. Called with empty <code>inputValues</code> vectors, an
- * implementation returns the component's DICE secrets. If the <code>inputValues</code> vector
- * is given the appropriate derivations are performed starting from the component's level.
- *
- * ## Error as service specific exception:
- * ResponseCode::PERMISSION_DENIED if the implementation does not allow resident nodes
- * at the client's level.
- */
- BccHandover derive(in InputValues[] inputValues);
-
- /**
- * This demotes the implementation of this interface.
- * When called, the implementation performs appropriate derivation steps using
- * <code>inputValues</code>, traversing the vector in ascending order. Then it replaces its
- * stored DICE artifacts with the newly derived ones.
- *
- * IMPORTANT: When the function returns, all remnants of the previous DICE artifacts must
- * have been purged from memory.
- *
- * This operation is not reversible until the next reboot. Further demotion is always
- * possible.
- *
- * ## Error as service specific exception:
- * ResponseCode::DEMOTION_FAILED if the implementation failed to demote itself
- * or was unable to purge previous DICE artifacts from memory.
- */
- void demote(in InputValues[] inputValues);
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/InputValues.aidl b/security/dice/aidl/android/hardware/security/dice/InputValues.aidl
deleted file mode 100644
index 711d523..0000000
--- a/security/dice/aidl/android/hardware/security/dice/InputValues.aidl
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-import android.hardware.security.dice.Config;
-import android.hardware.security.dice.Mode;
-
-/**
- * DICE input values for certificate and CDI generation.
- *
- * @see <a
- * href="https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md#input-values">
- * Open-dice input-values
- * </a>
- * @hide
- */
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-@VintfStability
-parcelable InputValues {
- /**
- * The target code hash. Must be exactly 64 bytes.
- */
- byte[64] codeHash;
- /**
- * The configuration data.
- */
- Config config;
- /**
- * The authority hash. Must be exactly 64 bytes. Must be all zero if unused.
- */
- byte[64] authorityHash;
- /**
- * Optional free form authorityDescriptor.
- */
- @nullable byte[] authorityDescriptor;
- /**
- * The mode of operation. Normal, Debug, Maintenance, or not initialized.
- */
- Mode mode = Mode.NOT_INITIALIZED;
- /**
- * Optional hidden values. Must be exactly 64 bytes. Must be all zero if unused.
- */
- byte[64] hidden;
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Mode.aidl b/security/dice/aidl/android/hardware/security/dice/Mode.aidl
deleted file mode 100644
index 3b3bfdc..0000000
--- a/security/dice/aidl/android/hardware/security/dice/Mode.aidl
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * DICE mode values as defined at
- *
- * @see <a
- * href="https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md#mode-value-details">
- * open-dice mode-value-details
- * </a>
- * @hide
- */
-@Backing(type="int")
-@VintfStability
-enum Mode {
- NOT_INITIALIZED = 0,
- NORMAL = 1,
- DEBUG = 2,
- /**
- * The recovery mode is also referred to as "maintenance" mode.
- */
- RECOVERY = 3,
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/ResponseCode.aidl b/security/dice/aidl/android/hardware/security/dice/ResponseCode.aidl
deleted file mode 100644
index 3e77cf7..0000000
--- a/security/dice/aidl/android/hardware/security/dice/ResponseCode.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-@Backing(type="int")
-/**
- * These response codes are used as service specific exception codes by
- * IDiceDevice.
- * @hide
- */
-@VintfStability
-enum ResponseCode {
- /**
- * The caller has insufficient privilege to access the DICE API.
- */
- PERMISSION_DENIED = 1,
- /**
- * An unexpected error occurred, likely with IO or IPC.
- */
- SYSTEM_ERROR = 2,
- /**
- * Returned if the called function is not implemented.
- */
- NOT_IMPLEMENTED = 3,
- /**
- * An attempt to demote the implementation failed.
- */
- DEMOTION_FAILED = 4,
-}
diff --git a/security/dice/aidl/android/hardware/security/dice/Signature.aidl b/security/dice/aidl/android/hardware/security/dice/Signature.aidl
deleted file mode 100644
index ea3594f..0000000
--- a/security/dice/aidl/android/hardware/security/dice/Signature.aidl
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.dice;
-
-/**
- * This parcelable represents a Signature. It is used as return value of IDiceNode::sign.
- *
- * @hide
- */
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
-@VintfStability
-parcelable Signature {
- /**
- * The RFC 8032 PureEd25519 signature.
- * @see <a href="https://datatracker.ietf.org/doc/html/rfc8032">RFC 8032</a>
- */
- byte[] data;
-}
diff --git a/security/dice/aidl/default/Android.bp b/security/dice/aidl/default/Android.bp
deleted file mode 100644
index 5ff4847..0000000
--- a/security/dice/aidl/default/Android.bp
+++ /dev/null
@@ -1,29 +0,0 @@
-package {
- // See: http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // all of the 'license_kinds' from "hardware_interfaces_license"
- // to get the below license kinds:
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-rust_binary {
- name: "android.hardware.security.dice-service.non-secure-software",
- srcs: ["service.rs"],
- relative_install_path: "hw",
- vendor: true,
- rustlibs: [
- "android.hardware.security.dice-V1-rust",
- "libdiced_sample_inputs",
- "libdiced_vendor",
- "libandroid_logger",
- "libanyhow",
- "libbinder_rs",
- "liblog_rust",
- "libserde",
- ],
- init_rc: ["android.hardware.security.dice-service.non-secure-software.rc"],
- vintf_fragments: [
- "android.hardware.security.dice-service.non-secure-software.xml",
- ],
-}
diff --git a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.rc b/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.rc
deleted file mode 100644
index 28e43c3..0000000
--- a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.rc
+++ /dev/null
@@ -1,9 +0,0 @@
-service vendor.dice /vendor/bin/hw/android.hardware.security.dice-service.non-secure-software
- class early_hal
- user nobody
- # The diced HAL cannot be allowed to restart. When it crashes for any reason.
- # it loses security critical state. The only remedy is to restart the device.
- # This may be implementation depended. It is safe to restart the HAL if the
- # state change during a call to "demote" is is preserved.
- # see android/hardware/security/dice/IDiceDevice.aidl for details on "demote".
- oneshot
diff --git a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.xml b/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.xml
deleted file mode 100644
index 94ef243..0000000
--- a/security/dice/aidl/default/android.hardware.security.dice-service.non-secure-software.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<manifest version="1.0" type="device">
- <hal format="aidl">
- <name>android.hardware.security.dice</name>
- <fqname>IDiceDevice/default</fqname>
- </hal>
-</manifest>
\ No newline at end of file
diff --git a/security/dice/aidl/default/service.rs b/security/dice/aidl/default/service.rs
deleted file mode 100644
index 4363e91..0000000
--- a/security/dice/aidl/default/service.rs
+++ /dev/null
@@ -1,108 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//! Main entry point for the android.hardware.security.dice service.
-
-use anyhow::{anyhow, Result};
-use diced::{
- dice,
- hal_node::{DiceArtifacts, DiceDevice, ResidentHal, UpdatableDiceArtifacts},
-};
-use diced_sample_inputs::make_sample_bcc_and_cdis;
-use serde::{Deserialize, Serialize};
-use std::panic;
-use std::sync::Arc;
-
-static DICE_HAL_SERVICE_NAME: &str = "android.hardware.security.dice.IDiceDevice/default";
-
-#[derive(Debug, Serialize, Deserialize, Clone)]
-struct InsecureSerializableArtifacts {
- cdi_attest: [u8; dice::CDI_SIZE],
- cdi_seal: [u8; dice::CDI_SIZE],
- bcc: Vec<u8>,
-}
-
-impl DiceArtifacts for InsecureSerializableArtifacts {
- fn cdi_attest(&self) -> &[u8; dice::CDI_SIZE] {
- &self.cdi_attest
- }
- fn cdi_seal(&self) -> &[u8; dice::CDI_SIZE] {
- &self.cdi_seal
- }
- fn bcc(&self) -> Option<&[u8]> {
- Some(&self.bcc)
- }
-}
-
-impl UpdatableDiceArtifacts for InsecureSerializableArtifacts {
- fn with_artifacts<F, T>(&self, f: F) -> Result<T>
- where
- F: FnOnce(&dyn DiceArtifacts) -> Result<T>,
- {
- f(self)
- }
- fn update(self, new_artifacts: &impl DiceArtifacts) -> Result<Self> {
- Ok(Self {
- cdi_attest: *new_artifacts.cdi_attest(),
- cdi_seal: *new_artifacts.cdi_seal(),
- bcc: new_artifacts
- .bcc()
- .ok_or_else(|| anyhow!("bcc is none"))?
- .to_vec(),
- })
- }
-}
-
-fn main() {
- android_logger::init_once(
- android_logger::Config::default()
- .with_tag("android.hardware.security.dice")
- .with_min_level(log::Level::Debug),
- );
- // Redirect panic messages to logcat.
- panic::set_hook(Box::new(|panic_info| {
- log::error!("{}", panic_info);
- }));
-
- // Saying hi.
- log::info!("android.hardware.security.dice is starting.");
-
- let dice_artifacts =
- make_sample_bcc_and_cdis().expect("Failed to construct sample dice chain.");
- let mut cdi_attest = [0u8; dice::CDI_SIZE];
- cdi_attest.copy_from_slice(dice_artifacts.cdi_attest());
- let mut cdi_seal = [0u8; dice::CDI_SIZE];
- cdi_seal.copy_from_slice(dice_artifacts.cdi_seal());
- let hal_impl = Arc::new(
- unsafe {
- // Safety: ResidentHal cannot be used in multi threaded processes.
- // This service does not start a thread pool. The main thread is the only thread
- // joining the thread pool, thereby keeping the process single threaded.
- ResidentHal::new(InsecureSerializableArtifacts {
- cdi_attest,
- cdi_seal,
- bcc: dice_artifacts.bcc().expect("bcc is none").to_vec(),
- })
- }
- .expect("Failed to create ResidentHal implementation."),
- );
-
- let hal = DiceDevice::new_as_binder(hal_impl).expect("Failed to construct hal service.");
-
- binder::add_service(DICE_HAL_SERVICE_NAME, hal.as_binder())
- .expect("Failed to register IDiceDevice Service");
-
- log::info!("Joining thread pool now.");
- binder::ProcessState::join_thread_pool();
-}
diff --git a/security/dice/aidl/vts/functional/Android.bp b/security/dice/aidl/vts/functional/Android.bp
deleted file mode 100644
index 2a85a19..0000000
--- a/security/dice/aidl/vts/functional/Android.bp
+++ /dev/null
@@ -1,54 +0,0 @@
-package {
- // See: http://go/android-license-faq
- // A large-scale-change added 'default_applicable_licenses' to import
- // all of the 'license_kinds' from "hardware_interfaces_license"
- // to get the below license kinds:
- // SPDX-license-identifier-Apache-2.0
- default_applicable_licenses: ["hardware_interfaces_license"],
-}
-
-rust_test {
- name: "VtsAidlDiceTargetTest",
- srcs: [
- "dice_test.rs",
- ],
- require_root: true,
- auto_gen_config: true,
- test_suites: [
- "general-tests",
- "vts",
- ],
-
- rustlibs: [
- "android.hardware.security.dice-V1-rust",
- "libanyhow",
- "libbinder_rs",
- "libdiced_open_dice",
- "libdiced_sample_inputs",
- "libdiced_utils",
- "libkeystore2_vintf_rust",
- ],
-}
-
-rust_test {
- name: "VtsAidlDiceDemoteTargetTest",
- srcs: [
- "dice_demote_test.rs",
- ],
-
- test_config: "VtsAidlDiceDemoteTargetTest.xml",
- test_suites: [
- "general-tests",
- "vts",
- ],
-
- rustlibs: [
- "android.hardware.security.dice-V1-rust",
- "libanyhow",
- "libbinder_rs",
- "libdiced_open_dice",
- "libdiced_sample_inputs",
- "libdiced_utils",
- "libkeystore2_vintf_rust",
- ],
-}
diff --git a/security/dice/aidl/vts/functional/VtsAidlDiceDemoteTargetTest.xml b/security/dice/aidl/vts/functional/VtsAidlDiceDemoteTargetTest.xml
deleted file mode 100644
index 2991580..0000000
--- a/security/dice/aidl/vts/functional/VtsAidlDiceDemoteTargetTest.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2019 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<configuration description="Config to run VtsAidlDiceDemoteTargetTest device tests.">
-
- <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer">
- </target_preparer>
-
- <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
- <option name="cleanup" value="true" />
- <option name="push" value="VtsAidlDiceDemoteTargetTest->/data/local/tmp/VtsAidlDiceDemoteTargetTest" />
- </target_preparer>
-
- <test class="com.android.tradefed.testtype.rust.RustBinaryTest" >
- <option name="test-device-path" value="/data/local/tmp" />
- <option name="module-name" value="VtsAidlDiceDemoteTargetTest" />
- </test>
- <target_preparer class="com.android.tradefed.targetprep.RebootTargetPreparer" />
-
-</configuration>
\ No newline at end of file
diff --git a/security/dice/aidl/vts/functional/dice_demote_test.rs b/security/dice/aidl/vts/functional/dice_demote_test.rs
deleted file mode 100644
index 49aea67..0000000
--- a/security/dice/aidl/vts/functional/dice_demote_test.rs
+++ /dev/null
@@ -1,59 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use diced_open_dice::DiceArtifacts;
-use diced_sample_inputs;
-use diced_utils;
-use std::convert::TryInto;
-
-mod utils;
-use utils::with_connection;
-
-// This test calls derive with an empty argument vector, then demotes the HAL using
-// a set of three input values, and then calls derive with empty argument vector again.
-// It then performs the same three derivation steps on the result of the former and compares
-// the result to the result of the latter.
-#[test]
-fn demote_test() {
- with_connection(|device| {
- let input_values = diced_sample_inputs::get_input_values_vector();
- let former = device.derive(&[]).expect("Trying to call derive.");
- device
- .demote(&input_values)
- .expect("Trying to call demote with input values.");
-
- let latter = device
- .derive(&[])
- .expect("Trying to call derive after demote.");
-
- let artifacts = diced_utils::ResidentArtifacts::new(
- former.cdiAttest[..].try_into().unwrap(),
- former.cdiSeal[..].try_into().unwrap(),
- &former.bcc.data,
- )
- .unwrap();
-
- let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let from_former = diced_utils::make_bcc_handover(
- artifacts.cdi_attest(),
- artifacts.cdi_seal(),
- artifacts.bcc().expect("bcc is none"),
- )
- .unwrap();
- // TODO b/204938506 when we have a parser/verifier, check equivalence rather
- // than bit by bit equality.
- assert_eq!(latter, from_former);
- Ok(())
- })
-}
diff --git a/security/dice/aidl/vts/functional/dice_test.rs b/security/dice/aidl/vts/functional/dice_test.rs
deleted file mode 100644
index fbbdd81..0000000
--- a/security/dice/aidl/vts/functional/dice_test.rs
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use diced_open_dice::DiceArtifacts;
-use diced_sample_inputs;
-use diced_utils;
-
-mod utils;
-use utils::with_connection;
-
-static TEST_MESSAGE: &[u8] = &[
- // "My test message!"
- 0x4d, 0x79, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x21,
- 0x0a,
-];
-
-// This test calls derive with an empty argument vector and with a set of three input values.
-// It then performs the same three derivation steps on the result of the former and compares
-// the result to the result of the latter.
-#[test]
-fn equivalence_test() {
- with_connection(|device| {
- let input_values = diced_sample_inputs::get_input_values_vector();
- let former = device.derive(&[]).expect("Trying to call derive.");
- let latter = device
- .derive(&input_values)
- .expect("Trying to call derive with input values.");
- let artifacts = diced_utils::ResidentArtifacts::new(
- former.cdiAttest[..].try_into().unwrap(),
- former.cdiSeal[..].try_into().unwrap(),
- &former.bcc.data,
- )
- .unwrap();
-
- let artifacts = artifacts.execute_steps(input_values.iter()).unwrap();
- let from_former = diced_utils::make_bcc_handover(
- artifacts.cdi_attest(),
- artifacts.cdi_seal(),
- artifacts.bcc().expect("bcc is none"),
- )
- .unwrap();
- // TODO b/204938506 when we have a parser/verifier, check equivalence rather
- // than bit by bit equality.
- assert_eq!(latter, from_former);
- Ok(())
- })
-}
-
-#[test]
-fn sign_and_verify() {
- with_connection(|device| {
- let _signature = device
- .sign(&[], TEST_MESSAGE)
- .expect("Trying to call sign.");
-
- let _bcc = device
- .getAttestationChain(&[])
- .expect("Trying to call getAttestationChain.");
- // TODO b/204938506 check the signature with the bcc when the verifier is available.
- Ok(())
- })
-}
diff --git a/security/dice/aidl/vts/functional/utils.rs b/security/dice/aidl/vts/functional/utils.rs
deleted file mode 100644
index 4e6708e..0000000
--- a/security/dice/aidl/vts/functional/utils.rs
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2021, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-use android_hardware_security_dice::aidl::android::hardware::security::dice::IDiceDevice::IDiceDevice;
-use anyhow::Result;
-use binder::Strong;
-use keystore2_vintf::get_aidl_instances;
-use std::sync::Arc;
-
-static DICE_DEVICE_SERVICE_NAME: &str = &"android.hardware.security.dice";
-static DICE_DEVICE_INTERFACE_NAME: &str = &"IDiceDevice";
-
-/// This function iterates through all announced IDiceDevice services and runs the given test
-/// closure against connections to each of them. It also modifies the panic hook to indicate
-/// on which instance the test failed in case the test closure panics.
-pub fn with_connection<R, F>(test: F)
-where
- F: Fn(&Strong<dyn IDiceDevice>) -> Result<R>,
-{
- let instances = get_aidl_instances(DICE_DEVICE_SERVICE_NAME, 1, DICE_DEVICE_INTERFACE_NAME);
- let panic_hook = Arc::new(std::panic::take_hook());
- for i in instances.into_iter() {
- let panic_hook_clone = panic_hook.clone();
- let instance_clone = i.clone();
- std::panic::set_hook(Box::new(move |v| {
- println!("While testing instance: \"{}\"", instance_clone);
- panic_hook_clone(v)
- }));
- let connection: Strong<dyn IDiceDevice> = binder::get_interface(&format!(
- "{}.{}/{}",
- DICE_DEVICE_SERVICE_NAME, DICE_DEVICE_INTERFACE_NAME, i
- ))
- .unwrap();
- test(&connection).unwrap();
- drop(std::panic::take_hook());
- }
- // Cannot call unwrap here because the panic hook is not Debug.
- std::panic::set_hook(match Arc::try_unwrap(panic_hook) {
- Ok(hook) => hook,
- _ => panic!("Failed to unwrap and reset previous panic hook."),
- })
-}
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index cdcaaf3..bbf3633 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -106,7 +106,7 @@
// with any other key purpose, but the original VTS tests incorrectly did exactly that.
// This means that a device that launched prior to Android T (API level 33) may
// accept or even require KeyPurpose::SIGN too.
- if (property_get_int32("ro.board.first_api_level", 0) < 33) {
+ if (property_get_int32("ro.board.first_api_level", 0) < __ANDROID_API_T__) {
AuthorizationSet key_desc_plus_sign = key_desc;
key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
@@ -142,11 +142,14 @@
return false;
}
- // Check if chipset has received a waiver allowing it to be launched with
- // Android S (or later) with Keymaster 4.0 in StrongBox
+ // Check if chipset has received a waiver allowing it to be launched with Android S or T with
+ // Keymaster 4.0 in StrongBox.
bool is_chipset_allowed_km4_strongbox(void) const {
std::array<char, PROPERTY_VALUE_MAX> buffer;
+ const int32_t first_api_level = property_get_int32("ro.board.first_api_level", 0);
+ if (first_api_level <= 0 || first_api_level > __ANDROID_API_T__) return false;
+
auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);
if (res <= 0) return false;
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index dce4fc8..fb5ef49 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -108,27 +108,6 @@
return true;
}
-// Extract attestation record from cert. Returned object is still part of cert; don't free it
-// separately.
-ASN1_OCTET_STRING* get_attestation_record(X509* certificate) {
- ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */));
- EXPECT_TRUE(!!oid.get());
- if (!oid.get()) return nullptr;
-
- int location = X509_get_ext_by_OBJ(certificate, oid.get(), -1 /* search from beginning */);
- EXPECT_NE(-1, location) << "Attestation extension not found in certificate";
- if (location == -1) return nullptr;
-
- X509_EXTENSION* attest_rec_ext = X509_get_ext(certificate, location);
- EXPECT_TRUE(!!attest_rec_ext)
- << "Found attestation extension but couldn't retrieve it? Probably a BoringSSL bug.";
- if (!attest_rec_ext) return nullptr;
-
- ASN1_OCTET_STRING* attest_rec = X509_EXTENSION_get_data(attest_rec_ext);
- EXPECT_TRUE(!!attest_rec) << "Attestation extension contained no data";
- return attest_rec;
-}
-
void check_attestation_version(uint32_t attestation_version, int32_t aidl_version) {
// Version numbers in attestation extensions should be a multiple of 100.
EXPECT_EQ(attestation_version % 100, 0);
@@ -214,7 +193,7 @@
* which is mandatory for KeyMint version 2 or first_api_level 33 or greater.
*/
bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() {
- return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= 33;
+ return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= __ANDROID_API_T__;
}
/**
@@ -222,7 +201,7 @@
* which is supported for KeyMint version 3 or first_api_level greater than 33.
*/
bool KeyMintAidlTestBase::isSecondImeiIdAttestationRequired() {
- return AidlVersion() >= 3 && property_get_int32("ro.vendor.api_level", 0) > 33;
+ return AidlVersion() >= 3 && property_get_int32("ro.vendor.api_level", 0) > __ANDROID_API_T__;
}
bool KeyMintAidlTestBase::Curve25519Supported() {
@@ -847,7 +826,7 @@
int vendor_api_level = property_get_int32("ro.vendor.api_level", 0);
if (SecLevel() == SecurityLevel::STRONGBOX) {
// This is known to be broken on older vendor implementations.
- if (vendor_api_level < 33) {
+ if (vendor_api_level < __ANDROID_API_T__) {
compare_output = false;
} else {
additional_information = " (b/194134359) ";
@@ -1901,6 +1880,27 @@
return X509_Ptr(d2i_X509(nullptr /* allocate new */, &p, blob.size()));
}
+// Extract attestation record from cert. Returned object is still part of cert; don't free it
+// separately.
+ASN1_OCTET_STRING* get_attestation_record(X509* certificate) {
+ ASN1_OBJECT_Ptr oid(OBJ_txt2obj(kAttestionRecordOid, 1 /* dotted string format */));
+ EXPECT_TRUE(!!oid.get());
+ if (!oid.get()) return nullptr;
+
+ int location = X509_get_ext_by_OBJ(certificate, oid.get(), -1 /* search from beginning */);
+ EXPECT_NE(-1, location) << "Attestation extension not found in certificate";
+ if (location == -1) return nullptr;
+
+ X509_EXTENSION* attest_rec_ext = X509_get_ext(certificate, location);
+ EXPECT_TRUE(!!attest_rec_ext)
+ << "Found attestation extension but couldn't retrieve it? Probably a BoringSSL bug.";
+ if (!attest_rec_ext) return nullptr;
+
+ ASN1_OCTET_STRING* attest_rec = X509_EXTENSION_get_data(attest_rec_ext);
+ EXPECT_TRUE(!!attest_rec) << "Attestation extension contained no data";
+ return attest_rec;
+}
+
vector<uint8_t> make_name_from_str(const string& name) {
X509_NAME_Ptr x509_name(X509_NAME_new());
EXPECT_TRUE(x509_name.get() != nullptr);
@@ -2045,7 +2045,7 @@
}
void device_id_attestation_vsr_check(const ErrorCode& result) {
- if (get_vsr_api_level() >= 34) {
+ if (get_vsr_api_level() > __ANDROID_API_T__) {
ASSERT_FALSE(result == ErrorCode::INVALID_TAG)
<< "It is a specification violation for INVALID_TAG to be returned due to ID "
<< "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index ce76dc0..a6a9df6 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -401,6 +401,7 @@
string bin2hex(const vector<uint8_t>& data);
X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
+ASN1_OCTET_STRING* get_attestation_record(X509* certificate);
vector<uint8_t> make_name_from_str(const string& name);
void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
vector<uint8_t>* payload_value);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 357405f..9e66f08 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -1136,7 +1136,7 @@
* that has been generated using an associate IRemotelyProvisionedComponent.
*/
TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {
- if (get_vsr_api_level() < 32 || AidlVersion() < 2) {
+ if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {
GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
}
@@ -1214,7 +1214,7 @@
* that has been generated using an associate IRemotelyProvisionedComponent.
*/
TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) {
- if (get_vsr_api_level() <= 32 || AidlVersion() < 2) {
+ if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {
GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
}
@@ -8629,7 +8629,7 @@
TEST_P(VsrRequirementTest, Vsr13Test) {
int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < 33) {
+ if (vsr_api_level < __ANDROID_API_T__) {
GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;
}
EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2";
@@ -8637,7 +8637,7 @@
TEST_P(VsrRequirementTest, Vsr14Test) {
int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < 34) {
+ if (vsr_api_level < __ANDROID_API_U__) {
GTEST_SKIP() << "Applies only to VSR API level 34, this device is: " << vsr_api_level;
}
EXPECT_GE(AidlVersion(), 3) << "VSR 14+ requires KeyMint version 3";
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 573f10b..bf40976 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -23,6 +23,7 @@
#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
#include <android/binder_manager.h>
#include <binder/IServiceManager.h>
+#include <cppbor.h>
#include <cppbor_parse.h>
#include <gmock/gmock.h>
#include <keymaster/cppcose/cppcose.h>
@@ -797,6 +798,128 @@
BnRemotelyProvisionedComponent::STATUS_TEST_KEY_IN_PRODUCTION_REQUEST);
}
+void parse_root_of_trust(const vector<uint8_t>& attestation_cert,
+ vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state,
+ bool* device_locked, vector<uint8_t>* verified_boot_hash) {
+ X509_Ptr cert(parse_cert_blob(attestation_cert));
+ ASSERT_TRUE(cert.get());
+
+ ASN1_OCTET_STRING* attest_rec = get_attestation_record(cert.get());
+ ASSERT_TRUE(attest_rec);
+
+ auto error = parse_root_of_trust(attest_rec->data, attest_rec->length, verified_boot_key,
+ verified_boot_state, device_locked, verified_boot_hash);
+ ASSERT_EQ(error, ErrorCode::OK);
+}
+
+/**
+ * Generate a CSR and verify DeviceInfo against IDs attested by KeyMint.
+ */
+TEST_P(CertificateRequestV2Test, DeviceInfo) {
+ // See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent.
+ std::shared_ptr<IKeyMintDevice> keyMint;
+ if (!matching_keymint_device(GetParam(), &keyMint)) {
+ // No matching IKeyMintDevice.
+ GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found";
+ return;
+ }
+ KeyMintHardwareInfo info;
+ ASSERT_TRUE(keyMint->getHardwareInfo(&info).isOk());
+
+ // Get IDs attested by KeyMint.
+ MacedPublicKey macedPubKey;
+ bytevec privateKeyBlob;
+ auto irpcStatus =
+ provisionable_->generateEcdsaP256KeyPair(false, &macedPubKey, &privateKeyBlob);
+ ASSERT_TRUE(irpcStatus.isOk());
+
+ AttestationKey attestKey;
+ attestKey.keyBlob = std::move(privateKeyBlob);
+ attestKey.issuerSubjectName = make_name_from_str("Android Keystore Key");
+
+ // Generate an ECDSA key that is attested by the generated P256 keypair.
+ AuthorizationSet keyDesc = AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(EcCurve::P_256)
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Digest(Digest::NONE)
+ .SetDefaultValidity();
+ KeyCreationResult creationResult;
+ auto kmStatus = keyMint->generateKey(keyDesc.vector_data(), attestKey, &creationResult);
+ ASSERT_TRUE(kmStatus.isOk());
+
+ vector<KeyCharacteristics> key_characteristics = std::move(creationResult.keyCharacteristics);
+ vector<Certificate> key_cert_chain = std::move(creationResult.certificateChain);
+ // We didn't provision the attestation key.
+ ASSERT_EQ(key_cert_chain.size(), 1);
+
+ // Parse attested patch levels.
+ auto auths = HwEnforcedAuthorizations(key_characteristics);
+
+ auto attestedSystemPatchLevel = auths.GetTagValue(TAG_OS_PATCHLEVEL);
+ auto attestedVendorPatchLevel = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
+ auto attestedBootPatchLevel = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
+
+ ASSERT_TRUE(attestedSystemPatchLevel.has_value());
+ ASSERT_TRUE(attestedVendorPatchLevel.has_value());
+ ASSERT_TRUE(attestedBootPatchLevel.has_value());
+
+ // Parse attested AVB values.
+ vector<uint8_t> key;
+ VerifiedBoot attestedVbState;
+ bool attestedBootloaderState;
+ vector<uint8_t> attestedVbmetaDigest;
+ parse_root_of_trust(key_cert_chain[0].encodedCertificate, &key, &attestedVbState,
+ &attestedBootloaderState, &attestedVbmetaDigest);
+
+ // Get IDs from DeviceInfo.
+ bytevec csr;
+ irpcStatus =
+ provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge_, &csr);
+ ASSERT_TRUE(irpcStatus.isOk()) << irpcStatus.getMessage();
+
+ auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge_);
+ ASSERT_TRUE(result) << result.message();
+
+ std::unique_ptr<cppbor::Array> csrPayload = std::move(*result);
+ ASSERT_TRUE(csrPayload);
+
+ auto deviceInfo = csrPayload->get(2)->asMap();
+ ASSERT_TRUE(deviceInfo);
+
+ auto vbState = deviceInfo->get("vb_state")->asTstr();
+ auto bootloaderState = deviceInfo->get("bootloader_state")->asTstr();
+ auto vbmetaDigest = deviceInfo->get("vbmeta_digest")->asBstr();
+ auto systemPatchLevel = deviceInfo->get("system_patch_level")->asUint();
+ auto vendorPatchLevel = deviceInfo->get("vendor_patch_level")->asUint();
+ auto bootPatchLevel = deviceInfo->get("boot_patch_level")->asUint();
+ auto securityLevel = deviceInfo->get("security_level")->asTstr();
+
+ ASSERT_TRUE(vbState);
+ ASSERT_TRUE(bootloaderState);
+ ASSERT_TRUE(vbmetaDigest);
+ ASSERT_TRUE(systemPatchLevel);
+ ASSERT_TRUE(vendorPatchLevel);
+ ASSERT_TRUE(bootPatchLevel);
+ ASSERT_TRUE(securityLevel);
+
+ auto kmDeviceName = device_suffix(GetParam());
+
+ // Compare DeviceInfo against IDs attested by KeyMint.
+ ASSERT_TRUE((securityLevel->value() == "tee" && kmDeviceName == "default") ||
+ (securityLevel->value() == "strongbox" && kmDeviceName == "strongbox"));
+ ASSERT_TRUE((vbState->value() == "green" && attestedVbState == VerifiedBoot::VERIFIED) ||
+ (vbState->value() == "yellow" && attestedVbState == VerifiedBoot::SELF_SIGNED) ||
+ (vbState->value() == "orange" && attestedVbState == VerifiedBoot::UNVERIFIED));
+ ASSERT_TRUE((bootloaderState->value() == "locked" && attestedBootloaderState) ||
+ (bootloaderState->value() == "unlocked" && !attestedBootloaderState));
+ ASSERT_EQ(vbmetaDigest->value(), attestedVbmetaDigest);
+ ASSERT_EQ(systemPatchLevel->value(), attestedSystemPatchLevel.value());
+ ASSERT_EQ(vendorPatchLevel->value(), attestedVendorPatchLevel.value());
+ ASSERT_EQ(bootPatchLevel->value(), attestedBootPatchLevel.value());
+}
+
INSTANTIATE_REM_PROV_AIDL_TEST(CertificateRequestV2Test);
using VsrRequirementTest = VtsRemotelyProvisionedComponentTests;
diff --git a/staging/threadnetwork/aidl/Android.bp b/staging/threadnetwork/aidl/Android.bp
index fcd3ab8..b59d6da 100644
--- a/staging/threadnetwork/aidl/Android.bp
+++ b/staging/threadnetwork/aidl/Android.bp
@@ -1,3 +1,12 @@
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
aidl_interface {
name: "android.hardware.threadnetwork",
host_supported: true,
diff --git a/staging/threadnetwork/aidl/default/Android.bp b/staging/threadnetwork/aidl/default/Android.bp
index c701295..8fc22ad 100644
--- a/staging/threadnetwork/aidl/default/Android.bp
+++ b/staging/threadnetwork/aidl/default/Android.bp
@@ -12,6 +12,15 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
cc_defaults {
name: "threadnetwork_service_default",
vendor: true,
diff --git a/staging/threadnetwork/aidl/vts/Android.bp b/staging/threadnetwork/aidl/vts/Android.bp
index 70386d9..e2609ed 100644
--- a/staging/threadnetwork/aidl/vts/Android.bp
+++ b/staging/threadnetwork/aidl/vts/Android.bp
@@ -14,6 +14,15 @@
// limitations under the License.
//
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
cc_test {
name: "VtsHalThreadNetworkTargetTest",
defaults: [
diff --git a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/.hash b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/.hash
index 856fa7c..42772bb 100644
--- a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/.hash
+++ b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/.hash
@@ -1 +1 @@
-39791e3a4bb9892a340e94e44860048624d2f66e
+590d9f45625a2c353011cf85f18d1d08593b8a0a
diff --git a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
index e2c06e5..0cc01c5 100644
--- a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
+++ b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/2/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
@@ -49,7 +49,7 @@
SUPPORTED_RANGE_DATA_NTF_CONFIG = 229,
SUPPORTED_RSSI_REPORTING = 230,
SUPPORTED_DIAGNOSTICS = 231,
- SUPPORTED_MIN_SLOT_DURATION_MS = 232,
+ SUPPORTED_MIN_SLOT_DURATION_RSTU = 232,
SUPPORTED_MAX_RANGING_SESSION_NUMBER = 233,
SUPPORTED_CHANNELS_AOA = 234,
}
diff --git a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
index e2c06e5..0cc01c5 100644
--- a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
+++ b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
@@ -49,7 +49,7 @@
SUPPORTED_RANGE_DATA_NTF_CONFIG = 229,
SUPPORTED_RSSI_REPORTING = 230,
SUPPORTED_DIAGNOSTICS = 231,
- SUPPORTED_MIN_SLOT_DURATION_MS = 232,
+ SUPPORTED_MIN_SLOT_DURATION_RSTU = 232,
SUPPORTED_MAX_RANGING_SESSION_NUMBER = 233,
SUPPORTED_CHANNELS_AOA = 234,
}
diff --git a/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl b/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
index bf59318..891b6f0 100644
--- a/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
+++ b/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
@@ -186,9 +186,9 @@
SUPPORTED_DIAGNOSTICS = 0xE7,
/**
- * 4 byte value to indicate supported min slot duration in ms.
+ * 4 byte value to indicate supported min slot duration in rstu.
*/
- SUPPORTED_MIN_SLOT_DURATION_MS = 0xE8,
+ SUPPORTED_MIN_SLOT_DURATION_RSTU = 0xE8,
/**
* Int value to indicate supported max number of fira ranging sessions
diff --git a/wifi/aidl/android/hardware/wifi/MacAddress.aidl b/wifi/aidl/android/hardware/wifi/MacAddress.aidl
index d59dfe3..d238565 100644
--- a/wifi/aidl/android/hardware/wifi/MacAddress.aidl
+++ b/wifi/aidl/android/hardware/wifi/MacAddress.aidl
@@ -20,8 +20,6 @@
* Byte array representing a Mac Address. Use when we need to
* pass an array of Mac Addresses to a method, as variable-sized
* 2D arrays are not supported in AIDL.
- *
- * TODO (b/210705533): Replace this type with a 2D byte array.
*/
@VintfStability
parcelable MacAddress {
diff --git a/wifi/aidl/android/hardware/wifi/NanMatchInd.aidl b/wifi/aidl/android/hardware/wifi/NanMatchInd.aidl
index be2fa31..314d599 100644
--- a/wifi/aidl/android/hardware/wifi/NanMatchInd.aidl
+++ b/wifi/aidl/android/hardware/wifi/NanMatchInd.aidl
@@ -123,7 +123,7 @@
NanRangingIndication rangingIndicationType;
/**
* Security Context Identifier attribute contains PMKID. Shall be included in NDP setup and
- * response messages. Security Context Identifie identifies the Security Context. For NAN
+ * response messages. Security Context Identifier identifies the Security Context. For NAN
* Shared Key Cipher Suite, this field contains the 16 octet PMKID identifying the PMK used for
* setting up the Secure Data Path.
*/
diff --git a/wifi/aidl/android/hardware/wifi/NanPairingAkm.aidl b/wifi/aidl/android/hardware/wifi/NanPairingAkm.aidl
index 31eeb2b..a823a3f 100644
--- a/wifi/aidl/android/hardware/wifi/NanPairingAkm.aidl
+++ b/wifi/aidl/android/hardware/wifi/NanPairingAkm.aidl
@@ -17,6 +17,6 @@
package android.hardware.wifi;
/**
- * THe AKM used of NAN pairing
+ * The AKM used in the NAN pairing.
*/
@VintfStability @Backing(type="int") enum NanPairingAkm { SAE = 0, PASN=1 }
diff --git a/wifi/aidl/android/hardware/wifi/NpkSecurityAssociation.aidl b/wifi/aidl/android/hardware/wifi/NpkSecurityAssociation.aidl
index 32e8409..6d85eea 100644
--- a/wifi/aidl/android/hardware/wifi/NpkSecurityAssociation.aidl
+++ b/wifi/aidl/android/hardware/wifi/NpkSecurityAssociation.aidl
@@ -20,7 +20,7 @@
import android.hardware.wifi.NanPairingAkm;
/**
- * The security sssociation info after Aware Pairing setup.
+ * The security association info after Aware Pairing setup.
*/
@VintfStability
parcelable NpkSecurityAssociation {
@@ -37,7 +37,7 @@
*/
byte[32] npk;
/**
- * The AKM is used for key exchange in this security sssociation
+ * The AKM is used for key exchange in this security association
*/
NanPairingAkm akm;
/**
diff --git a/wifi/aidl/android/hardware/wifi/Ssid.aidl b/wifi/aidl/android/hardware/wifi/Ssid.aidl
index fd985a3..230cef6 100644
--- a/wifi/aidl/android/hardware/wifi/Ssid.aidl
+++ b/wifi/aidl/android/hardware/wifi/Ssid.aidl
@@ -20,8 +20,6 @@
* Byte array representing an Ssid. Use when we need to
* pass an array of Ssid's to a method, as variable-sized
* 2D arrays are not supported in AIDL.
- *
- * TODO (b/210705533): Replace this type with a 2D byte array.
*/
@VintfStability
parcelable Ssid {