Merge "Fuzzer seed corpus for android.hardware.health.IHealth.default" into main
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index 8c53006..de7aa35 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -5,7 +5,6 @@
bpfmt = true
clang_format = true
aidl_format = true
-gofmt = true
[Hook Scripts]
aosp_hook_confirmationui = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} confirmationui
diff --git a/audio/aidl/default/include/core-impl/StreamStub.h b/audio/aidl/default/include/core-impl/StreamStub.h
index f4ee566..22b2020 100644
--- a/audio/aidl/default/include/core-impl/StreamStub.h
+++ b/audio/aidl/default/include/core-impl/StreamStub.h
@@ -44,6 +44,10 @@
const bool mIsInput;
bool mIsInitialized = false; // Used for validating the state machine logic.
bool mIsStandby = true; // Used for validating the state machine logic.
+
+ // Used by the worker thread.
+ int64_t mStartTimeNs = 0;
+ long mFramesSinceStart = 0;
};
class StreamInStub final : public StreamIn, public StreamStub {
diff --git a/audio/aidl/default/stub/StreamStub.cpp b/audio/aidl/default/stub/StreamStub.cpp
index 3b6a85a..a3d99a8 100644
--- a/audio/aidl/default/stub/StreamStub.cpp
+++ b/audio/aidl/default/stub/StreamStub.cpp
@@ -83,7 +83,6 @@
if (!mIsInitialized) {
LOG(FATAL) << __func__ << ": must not happen for an uninitialized driver";
}
- usleep(500);
mIsStandby = true;
return ::android::OK;
}
@@ -92,8 +91,9 @@
if (!mIsInitialized) {
LOG(FATAL) << __func__ << ": must not happen for an uninitialized driver";
}
- usleep(500);
mIsStandby = false;
+ mStartTimeNs = ::android::uptimeNanos();
+ mFramesSinceStart = 0;
return ::android::OK;
}
@@ -105,14 +105,23 @@
if (mIsStandby) {
LOG(FATAL) << __func__ << ": must not happen while in standby";
}
- static constexpr float kMicrosPerSecond = MICROS_PER_SECOND;
- static constexpr float kScaleFactor = .8f;
+ *actualFrameCount = frameCount;
if (mIsAsynchronous) {
usleep(500);
} else {
- const size_t delayUs = static_cast<size_t>(
- std::roundf(kScaleFactor * frameCount * kMicrosPerSecond / mSampleRate));
- usleep(delayUs);
+ mFramesSinceStart += *actualFrameCount;
+ const long bufferDurationUs =
+ (*actualFrameCount) * MICROS_PER_SECOND / mContext.getSampleRate();
+ const auto totalDurationUs =
+ (::android::uptimeNanos() - mStartTimeNs) / NANOS_PER_MICROSECOND;
+ const long totalOffsetUs =
+ mFramesSinceStart * MICROS_PER_SECOND / mContext.getSampleRate() - totalDurationUs;
+ LOG(VERBOSE) << __func__ << ": totalOffsetUs " << totalOffsetUs;
+ if (totalOffsetUs > 0) {
+ const long sleepTimeUs = std::min(totalOffsetUs, bufferDurationUs);
+ LOG(VERBOSE) << __func__ << ": sleeping for " << sleepTimeUs << " us";
+ usleep(sleepTimeUs);
+ }
}
if (mIsInput) {
uint8_t* byteBuffer = static_cast<uint8_t*>(buffer);
@@ -120,7 +129,6 @@
byteBuffer[i] = std::rand() % 255;
}
}
- *actualFrameCount = frameCount;
return ::android::OK;
}
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 6a3fa32..ad42015 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -93,14 +93,6 @@
}
-// Device framework compatibility matrix (common to all FCM versions)
-// Reference: https://source.android.com/docs/core/architecture/vintf/comp-matrices
-vintf_compatibility_matrix {
- name: "framework_compatibility_matrix.device.xml",
- stem: "compatibility_matrix.device.xml",
- type: "device_fcm",
-}
-
// Phony target that installs all system compatibility matrix files
SYSTEM_MATRIX_DEPS = [
"framework_compatibility_matrix.5.xml",
@@ -122,26 +114,3 @@
},
},
}
-
-// Product Compatibility Matrix
-vintf_compatibility_matrix {
- name: "product_compatibility_matrix.xml",
- stem: "compatibility_matrix.xml",
- product_specific: true,
- type: "product_fcm",
-}
-
-// Phony target that installs all framework compatibility matrix files (system + product)
-FRAMEWORK_MATRIX_DEPS = SYSTEM_MATRIX_DEPS + ["product_compatibility_matrix.xml"]
-
-phony {
- name: "framework_compatibility_matrix.xml",
- required: FRAMEWORK_MATRIX_DEPS,
- product_variables: {
- release_aidl_use_unfrozen: {
- required: [
- "framework_compatibility_matrix.202504.xml",
- ],
- },
- },
-}
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
new file mode 100644
index 0000000..338c075
--- /dev/null
+++ b/compatibility_matrices/Android.mk
@@ -0,0 +1,134 @@
+#
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH := $(call my-dir)
+
+BUILD_FRAMEWORK_COMPATIBILITY_MATRIX := $(LOCAL_PATH)/compatibility_matrix.mk
+my_empty_manifest := $(LOCAL_PATH)/manifest.empty.xml
+
+# System Compatibility Matrix (common to all FCM versions)
+
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/clear_vars.mk
+LOCAL_MODULE := framework_compatibility_matrix.device.xml
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
+LOCAL_LICENSE_CONDITIONS := notice
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../NOTICE
+LOCAL_MODULE_STEM := compatibility_matrix.device.xml
+# define LOCAL_MODULE_CLASS for local-generated-sources-dir.
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_RELATIVE_PATH := vintf
+
+ifndef DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE
+LOCAL_SRC_FILES := compatibility_matrix.empty.xml
+else
+
+# DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE specifies absolute paths
+LOCAL_GENERATED_SOURCES := $(DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE)
+
+# Enforce that DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE does not specify required HALs
+# by checking it against an empty manifest. But the empty manifest needs to contain
+# BOARD_SEPOLICY_VERS to be compatible with DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE.
+my_gen_check_manifest := $(local-generated-sources-dir)/manifest.check.xml
+$(my_gen_check_manifest): PRIVATE_SRC_FILE := $(my_empty_manifest)
+$(my_gen_check_manifest): $(my_empty_manifest) $(HOST_OUT_EXECUTABLES)/assemble_vintf
+ BOARD_SEPOLICY_VERS=$(BOARD_SEPOLICY_VERS) \
+ VINTF_IGNORE_TARGET_FCM_VERSION=true \
+ $(HOST_OUT_EXECUTABLES)/assemble_vintf -i $(PRIVATE_SRC_FILE) -o $@
+
+LOCAL_GEN_FILE_DEPENDENCIES += $(my_gen_check_manifest)
+LOCAL_ASSEMBLE_VINTF_FLAGS += -c "$(my_gen_check_manifest)"
+
+my_gen_check_manifest :=
+
+endif # DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE
+
+# TODO(b/296875906): use POLICYVERS from Soong
+POLICYVERS ?= 30
+
+LOCAL_ADD_VBMETA_VERSION := true
+LOCAL_ASSEMBLE_VINTF_ENV_VARS := \
+ POLICYVERS \
+ PLATFORM_SEPOLICY_VERSION \
+ PLATFORM_SEPOLICY_COMPAT_VERSIONS
+
+include $(BUILD_FRAMEWORK_COMPATIBILITY_MATRIX)
+
+# Product Compatibility Matrix
+
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/clear_vars.mk
+LOCAL_MODULE := product_compatibility_matrix.xml
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
+LOCAL_LICENSE_CONDITIONS := notice
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../NOTICE
+
+ifndef DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE
+my_framework_matrix_deps :=
+include $(BUILD_PHONY_PACKAGE)
+else # DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE
+
+LOCAL_MODULE_STEM := compatibility_matrix.xml
+LOCAL_PRODUCT_MODULE := true
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_RELATIVE_PATH := vintf
+
+# DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE specifies absolute paths
+LOCAL_GENERATED_SOURCES := $(DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE)
+
+# Enforce that DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE does not specify required HALs
+# by checking it against an empty manifest.
+LOCAL_GEN_FILE_DEPENDENCIES += $(my_empty_manifest)
+LOCAL_ASSEMBLE_VINTF_FLAGS += -c "$(my_empty_manifest)"
+
+my_framework_matrix_deps := $(LOCAL_MODULE)
+
+include $(BUILD_FRAMEWORK_COMPATIBILITY_MATRIX)
+
+endif # DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE
+
+my_system_matrix_deps := \
+ framework_compatibility_matrix.5.xml \
+ framework_compatibility_matrix.6.xml \
+ framework_compatibility_matrix.7.xml \
+ framework_compatibility_matrix.8.xml \
+ framework_compatibility_matrix.202404.xml \
+ framework_compatibility_matrix.device.xml \
+
+# Only allow the use of the unreleased compatibility matrix when we can use unfrozen
+# interfaces (in the `next` release configuration).
+ifeq ($(RELEASE_AIDL_USE_UNFROZEN),true)
+my_system_matrix_deps += \
+ framework_compatibility_matrix.202504.xml \
+
+endif
+
+my_framework_matrix_deps += \
+ $(my_system_matrix_deps)
+
+# Phony target that installs all framework compatibility matrix files (system + product)
+include $(CLEAR_VARS)
+LOCAL_MODULE := framework_compatibility_matrix.xml
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
+LOCAL_LICENSE_CONDITIONS := notice
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../NOTICE
+LOCAL_REQUIRED_MODULES := $(my_framework_matrix_deps)
+include $(BUILD_PHONY_PACKAGE)
+
+my_system_matrix_deps :=
+my_framework_matrix_deps :=
+my_empty_manifest :=
+BUILD_FRAMEWORK_COMPATIBILITY_MATRIX :=
diff --git a/compatibility_matrices/build/Android.bp b/compatibility_matrices/build/Android.bp
index 6011fcc..79ef36d 100644
--- a/compatibility_matrices/build/Android.bp
+++ b/compatibility_matrices/build/Android.bp
@@ -30,7 +30,6 @@
"kernel-config-soong-rules",
"soong",
"soong-android",
- "soong-selinux",
],
srcs: [
"vintf_compatibility_matrix.go",
diff --git a/compatibility_matrices/build/vintf_compatibility_matrix.go b/compatibility_matrices/build/vintf_compatibility_matrix.go
index b8f2a14..c72cbde 100644
--- a/compatibility_matrices/build/vintf_compatibility_matrix.go
+++ b/compatibility_matrices/build/vintf_compatibility_matrix.go
@@ -24,7 +24,6 @@
"android/soong/android"
"android/soong/kernel/configs"
- "android/soong/selinux"
)
type dependencyTag struct {
@@ -36,10 +35,10 @@
pctx = android.NewPackageContext("android/vintf")
assembleVintfRule = pctx.AndroidStaticRule("assemble_vintf", blueprint.RuleParams{
- Command: `${assembleVintfEnv} ${assembleVintfCmd} -i ${inputs} -o ${out} ${extraArgs}`,
- CommandDeps: []string{"${assembleVintfCmd}", "${AvbToolCmd}"},
+ Command: `${assembleVintfCmd} -i ${inputs} -o ${out}`,
+ CommandDeps: []string{"${assembleVintfCmd}"},
Description: "assemble_vintf -i ${inputs}",
- }, "inputs", "extraArgs", "assembleVintfEnv")
+ }, "inputs")
xmllintXsd = pctx.AndroidStaticRule("xmllint-xsd", blueprint.RuleParams{
Command: `$XmlLintCmd --quiet --schema $xsd $in > /dev/null && touch -a $out`,
@@ -53,11 +52,7 @@
)
const (
- relpath = "vintf"
- emptyManifest = "hardware/interfaces/compatibility_matrices/manifest.empty.xml"
- compatibilityEmptyMatrix = "hardware/interfaces/compatibility_matrices/compatibility_matrix.empty.xml"
- deviceFcmType = "device_fcm"
- productFcmType = "product_fcm"
+ relpath = "vintf"
)
type vintfCompatibilityMatrixProperties struct {
@@ -69,9 +64,6 @@
// list of kernel_config modules to be combined to final output
Kernel_configs []string
-
- // Type of the FCM type, the allowed type are device_fcm and product_fcm and it should only be used under hardware/interfaces/compatibility_matrices
- Type *string
}
type vintfCompatibilityMatrixRule struct {
@@ -80,13 +72,11 @@
genFile android.WritablePath
additionalDependencies android.WritablePaths
- phonyOnly bool
}
func init() {
pctx.HostBinToolVariable("assembleVintfCmd", "assemble_vintf")
pctx.HostBinToolVariable("XmlLintCmd", "xmllint")
- pctx.HostBinToolVariable("AvbToolCmd", "avbtool")
android.RegisterModuleType("vintf_compatibility_matrix", vintfCompatibilityMatrixFactory)
}
@@ -141,20 +131,6 @@
}
func (g *vintfCompatibilityMatrixRule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
- // Types attribute only allow `device_fcm` or `product_fcm` if set and only restricted it being used under
- // `hardware/interfaces/compatibility_matrices` to prevent accidental external usages.
- matrixType := proptools.String(g.properties.Type)
- if matrixType != "" {
- if matrixType != deviceFcmType && matrixType != productFcmType {
- panic(fmt.Errorf("The attribute 'type' value must be either 'device_fcm' or 'product_fcm' if set!"))
- }
- if !strings.HasPrefix(android.PathForModuleSrc(ctx).String(), "hardware/interfaces/compatibility_matrices") {
- panic(fmt.Errorf("Attribute type can only be set for module under `hardware/interfaces/compatibility_matrices`!"))
- }
- if (len(g.properties.Srcs) + len(g.properties.Kernel_configs)) > 0 {
- panic(fmt.Errorf("Attribute 'type' and 'srcs' or 'kernel_configs' should not set simultaneously! To update inputs for this rule, edit vintf_compatibility_matrix.go directly."))
- }
- }
outputFilename := proptools.String(g.properties.Stem)
if outputFilename == "" {
@@ -182,72 +158,15 @@
}
})
- // For product_compatibility_matrix.xml the source is from the product configuration
- // DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE.
- extraArgs := []string{}
- if matrixType == productFcmType {
- productMatrixs := android.PathsForSource(ctx, ctx.Config().DeviceProductCompatibilityMatrixFile())
- if len(productMatrixs) > 0 {
- inputPaths = append(inputPaths, productMatrixs...)
- extraArgs = append(extraArgs, "-c", android.PathForSource(ctx, emptyManifest).String())
- } else {
- // For product_fcm, if DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE not set, treat it as a phony target without any output generated.
- g.phonyOnly = true
- return
- }
- }
-
- // For framework_compatibility_matrix.device.xml the source may come from the product configuration
- // DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE or use compatibilityEmptyMatrix if not set. We can't
- // use a phony target because we still need to install framework_compatibility_matrix.device.xml to
- // include sepolicy versions.
- frameworkRuleImplicits := []android.Path{}
-
- if matrixType == deviceFcmType {
- frameworkMatrixs := android.PathsForSource(ctx, ctx.Config().DeviceFrameworkCompatibilityMatrixFile())
- if len(frameworkMatrixs) > 0 {
- inputPaths = append(inputPaths, frameworkMatrixs...)
-
- // Generate BuildAction for generating the check manifest.
- emptyManifestPath := android.PathForSource(ctx, emptyManifest)
- genCheckManifest := android.PathForModuleGen(ctx, "manifest.check.xml")
- checkManifestInputs := []android.Path{emptyManifestPath}
- genCheckManifestEnvs := []string{
- "BOARD_SEPOLICY_VERS=" + ctx.DeviceConfig().BoardSepolicyVers(),
- "VINTF_IGNORE_TARGET_FCM_VERSION=true",
- }
-
- ctx.Build(pctx, android.BuildParams{
- Rule: assembleVintfRule,
- Description: "Framework Check Manifest",
- Implicits: checkManifestInputs,
- Output: genCheckManifest,
- Args: map[string]string{
- "inputs": android.PathForSource(ctx, emptyManifest).String(),
- "extraArgs": "",
- "assembleVintfEnv": strings.Join(genCheckManifestEnvs, " "),
- },
- })
-
- frameworkRuleImplicits = append(frameworkRuleImplicits, genCheckManifest)
- extraArgs = append(extraArgs, "-c", genCheckManifest.String())
- } else {
- inputPaths = append(inputPaths, android.PathForSource(ctx, compatibilityEmptyMatrix))
- }
- }
-
g.genFile = android.PathForModuleGen(ctx, outputFilename)
- frameworkRuleImplicits = append(frameworkRuleImplicits, inputPaths...)
ctx.Build(pctx, android.BuildParams{
Rule: assembleVintfRule,
Description: "Framework Compatibility Matrix",
- Implicits: frameworkRuleImplicits,
+ Implicits: inputPaths,
Output: g.genFile,
Args: map[string]string{
- "inputs": strings.Join(inputPaths.Strings(), ":"),
- "extraArgs": strings.Join(extraArgs, " "),
- "assembleVintfEnv": g.getAssembleVintfEnv(ctx),
+ "inputs": strings.Join(inputPaths.Strings(), ":"),
},
})
g.generateValidateBuildAction(ctx, g.genFile, schema.Path())
@@ -255,39 +174,7 @@
ctx.InstallFile(android.PathForModuleInstall(ctx, "etc", relpath), outputFilename, g.genFile)
}
-func (g *vintfCompatibilityMatrixRule) getAssembleVintfEnv(ctx android.ModuleContext) string {
- if proptools.String(g.properties.Type) == deviceFcmType {
- assembleVintfEnvs := []string{
- // POLICYVERS defined in system/sepolicy/build/soong/policy.go
- fmt.Sprintf("POLICYVERS=%d", selinux.PolicyVers),
- fmt.Sprintf("PLATFORM_SEPOLICY_VERSION=%s", ctx.DeviceConfig().PlatformSepolicyVersion()),
- fmt.Sprintf("PLATFORM_SEPOLICY_COMPAT_VERSIONS=\"%s\"", strings.Join(ctx.DeviceConfig().PlatformSepolicyCompatVersions(), " ")),
- }
-
- if ctx.Config().BoardAvbEnable() {
- assembleVintfEnvs = append(assembleVintfEnvs, fmt.Sprintf("FRAMEWORK_VBMETA_VERSION=\"$$(${AvbToolCmd} add_hashtree_footer --print_required_libavb_version %s)\"", strings.Join(ctx.Config().BoardAvbSystemAddHashtreeFooterArgs(), " ")))
- } else {
- assembleVintfEnvs = append(assembleVintfEnvs, "FRAMEWORK_VBMETA_VERSION=\"0.0\"")
- }
-
- return strings.Join(assembleVintfEnvs, " ")
- }
-
- return ""
-}
-
func (g *vintfCompatibilityMatrixRule) AndroidMk() android.AndroidMkData {
- if g.phonyOnly {
- return android.AndroidMkData{
- Custom: func(w io.Writer, name, prefix, moduleDir string, data android.AndroidMkData) {
- fmt.Fprintln(w, "\ninclude $(CLEAR_VARS)", " # vintf.vintf_compatibility_matrix")
- fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir)
- fmt.Fprintln(w, "LOCAL_MODULE :=", name)
- fmt.Fprintln(w, "include $(BUILD_PHONY_PACKAGE)")
- },
- }
- }
-
return android.AndroidMkData{
Class: "ETC",
OutputFile: android.OptionalPathForPath(g.genFile),
diff --git a/compatibility_matrices/compatibility_matrix.202404.xml b/compatibility_matrices/compatibility_matrix.202404.xml
index 9ea476a..aa6b8f0 100644
--- a/compatibility_matrices/compatibility_matrix.202404.xml
+++ b/compatibility_matrices/compatibility_matrix.202404.xml
@@ -28,7 +28,7 @@
</hal>
<hal format="aidl">
<name>android.hardware.audio.sounddose</name>
- <version>1-2</version>
+ <version>1-3</version>
<interface>
<name>ISoundDoseFactory</name>
<instance>default</instance>
diff --git a/compatibility_matrices/compatibility_matrix.202504.xml b/compatibility_matrices/compatibility_matrix.202504.xml
index 3e5b74a..73b4193 100644
--- a/compatibility_matrices/compatibility_matrix.202504.xml
+++ b/compatibility_matrices/compatibility_matrix.202504.xml
@@ -26,14 +26,6 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl">
- <name>android.hardware.audio.sounddose</name>
- <version>1-3</version>
- <interface>
- <name>ISoundDoseFactory</name>
- <instance>default</instance>
- </interface>
- </hal>
<hal format="aidl" updatable-via-apex="true">
<name>android.hardware.authsecret</name>
<version>1</version>
@@ -530,6 +522,7 @@
<name>ISharedSecret</name>
<instance>default</instance>
<instance>strongbox</instance>
+ <regex-instance>.*</regex-instance>
</interface>
</hal>
<hal format="aidl">
diff --git a/compatibility_matrices/compatibility_matrix.mk b/compatibility_matrices/compatibility_matrix.mk
new file mode 100644
index 0000000..64cd645
--- /dev/null
+++ b/compatibility_matrices/compatibility_matrix.mk
@@ -0,0 +1,94 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##### Input Variables:
+# LOCAL_MODULE: required. Module name for the build system.
+# LOCAL_MODULE_CLASS: optional. Default is ETC.
+# LOCAL_MODULE_PATH / LOCAL_MODULE_RELATIVE_PATH: required. (Relative) path of output file.
+# If not defined, LOCAL_MODULE_RELATIVE_PATH will be "vintf".
+# LOCAL_MODULE_STEM: optional. Name of output file. Default is $(LOCAL_MODULE).
+# LOCAL_SRC_FILES: required. Local source files provided to assemble_vintf
+# (command line argument -i).
+# LOCAL_GENERATED_SOURCES: optional. Global source files provided to assemble_vintf
+# (command line argument -i).
+#
+# LOCAL_ADD_VBMETA_VERSION: Use AVBTOOL to add avb version to the output matrix
+# (corresponds to <avb><vbmeta-version> tag)
+# LOCAL_ASSEMBLE_VINTF_ENV_VARS: Add a list of environment variable names from global variables in
+# the build system that is lazily evaluated (e.g. PRODUCT_ENFORCE_VINTF_MANIFEST).
+# LOCAL_ASSEMBLE_VINTF_FLAGS: Add additional command line arguments to assemble_vintf invocation.
+# LOCAL_GEN_FILE_DEPENDENCIES: A list of additional dependencies for the generated file.
+
+ifndef LOCAL_MODULE
+$(error LOCAL_MODULE must be defined.)
+endif
+
+ifndef LOCAL_MODULE_STEM
+LOCAL_MODULE_STEM := $(LOCAL_MODULE)
+endif
+
+ifndef LOCAL_MODULE_CLASS
+LOCAL_MODULE_CLASS := ETC
+endif
+
+ifndef LOCAL_MODULE_PATH
+ifndef LOCAL_MODULE_RELATIVE_PATH
+$(error Either LOCAL_MODULE_PATH or LOCAL_MODULE_RELATIVE_PATH must be defined.)
+endif
+endif
+
+GEN := $(local-generated-sources-dir)/$(LOCAL_MODULE_STEM)
+
+$(GEN): PRIVATE_ENV_VARS := $(LOCAL_ASSEMBLE_VINTF_ENV_VARS)
+$(GEN): PRIVATE_FLAGS := $(LOCAL_ASSEMBLE_VINTF_FLAGS)
+
+$(GEN): $(LOCAL_GEN_FILE_DEPENDENCIES)
+
+ifeq (true,$(strip $(LOCAL_ADD_VBMETA_VERSION)))
+ifeq (true,$(BOARD_AVB_ENABLE))
+$(GEN): $(AVBTOOL)
+$(GEN): $(BOARD_AVB_SYSTEM_KEY_PATH)
+# Use deferred assignment (=) instead of immediate assignment (:=).
+# Otherwise, cannot get INTERNAL_AVB_SYSTEM_SIGNING_ARGS.
+$(GEN): FRAMEWORK_VBMETA_VERSION = $$("$(AVBTOOL)" add_hashtree_footer \
+ --print_required_libavb_version \
+ $(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS))
+else
+$(GEN): FRAMEWORK_VBMETA_VERSION := 0.0
+endif # BOARD_AVB_ENABLE
+$(GEN): PRIVATE_ENV_VARS += FRAMEWORK_VBMETA_VERSION
+endif # LOCAL_ADD_VBMETA_VERSION
+
+my_matrix_src_files := \
+ $(addprefix $(LOCAL_PATH)/,$(LOCAL_SRC_FILES)) \
+ $(LOCAL_GENERATED_SOURCES)
+
+$(GEN): PRIVATE_SRC_FILES := $(my_matrix_src_files)
+$(GEN): $(my_matrix_src_files) $(HOST_OUT_EXECUTABLES)/assemble_vintf
+ $(foreach varname,$(PRIVATE_ENV_VARS),$(varname)="$($(varname))") \
+ $(HOST_OUT_EXECUTABLES)/assemble_vintf \
+ -i $(call normalize-path-list,$(PRIVATE_SRC_FILES)) \
+ -o $@ \
+ $(PRIVATE_FLAGS)
+
+LOCAL_PREBUILT_MODULE_FILE := $(GEN)
+LOCAL_SRC_FILES :=
+LOCAL_GENERATED_SOURCES :=
+
+include $(LOCAL_PATH)/clear_vars.mk
+my_matrix_src_files :=
+
+include $(BUILD_PREBUILT)
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index fca9e1c..b86f399 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -167,6 +167,7 @@
"android.hardware.audio.core.sounddose@3",
// Deprecated HALs.
+ "android.hardware.audio.sounddose@3",
"android.hardware.bluetooth.audio@1",
};
diff --git a/health/utils/libhealthloop/HealthLoop.cpp b/health/utils/libhealthloop/HealthLoop.cpp
index 70b7745..d43c2d5 100644
--- a/health/utils/libhealthloop/HealthLoop.cpp
+++ b/health/utils/libhealthloop/HealthLoop.cpp
@@ -61,13 +61,14 @@
EventHandler{this, fd, std::move(func)}))
.get();
- struct epoll_event ev = {
- .events = EPOLLIN | EPOLLERR,
- .data.ptr = reinterpret_cast<void*>(event_handler),
- };
+ struct epoll_event ev;
+
+ ev.events = EPOLLIN;
if (wakeup == EVENT_WAKEUP_FD) ev.events |= EPOLLWAKEUP;
+ ev.data.ptr = reinterpret_cast<void*>(event_handler);
+
if (epoll_ctl(epollfd_, EPOLL_CTL_ADD, fd, &ev) == -1) {
KLOG_ERROR(LOG_TAG, "epoll_ctl failed; errno=%d\n", errno);
return -1;
@@ -121,15 +122,9 @@
}
#define UEVENT_MSG_LEN 2048
-void HealthLoop::UeventEvent(uint32_t epevents) {
+void HealthLoop::UeventEvent(uint32_t /*epevents*/) {
// No need to lock because uevent_fd_ is guaranteed to be initialized.
- if (epevents & EPOLLERR) {
- // The netlink receive buffer overflowed.
- ScheduleBatteryUpdate();
- return;
- }
-
char msg[UEVENT_MSG_LEN + 2];
char* cp;
int n;
diff --git a/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl b/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl
index 8f4dff4..936315c 100644
--- a/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl
+++ b/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl
@@ -17,9 +17,10 @@
* This interface is used by telephony and telecom to talk to cellular radio for the purpose of
* radio configuration, and it is not associated with any specific modem or slot.
* All the functions have minimum one parameter:
- * serial: which corresponds to serial no. of request. Serial numbers must only be memorized for the
- * duration of a method call. If clients provide colliding serials (including passing the same
- * serial to different methods), multiple responses (one for each method call) must still be served.
+ * serial: which corresponds to the serial number of the request. Serial numbers must only be
+ * memorized for the duration of a method call. If clients provide colliding serials (including
+ * passing the same serial to different methods), multiple responses (one for each method call) must
+ * still be served.
*/
package android.hardware.radio.config;
@@ -108,12 +109,12 @@
/**
* Set preferred data modem Id.
- * In a multi-SIM device, notify modem layer which logical modem will be used primarily
- * for data. It helps modem with resource optimization and decisions of what data connections
- * should be satisfied.
+ * In a multi-SIM device, notify the modem layer which logical modem will be used primarily
+ * for data. It helps the modem with resource optimization and decisions of what data
+ * connections should be satisfied.
*
* @param serial Serial number of request.
- * @param modem Id the logical modem ID, which should match one of modem IDs returned
+ * @param modemId the logical modem ID which should match one of the modem IDs returned
* from getPhoneCapability().
*
* Response callback is IRadioConfigResponse.setPreferredDataModemResponse()
@@ -136,30 +137,30 @@
/**
* Set SIM Slot mapping.
*
- * Maps the logical slots to the SlotPortMapping which consist of both physical slot id and port
- * id. Logical slot is the slot that is seen by modem. Physical slot is the actual physical
- * slot. PortId is the id (enumerated value) for the associated port available on the SIM. Each
- * physical slot can have multiple ports which enables multi-enabled profile(MEP). If eUICC
- * physical slot supports 2 ports, then the portId is numbered 0,1 and if eUICC2 supports 4
- * ports then the portID is numbered 0,1,2,3. Each portId is unique within a UICC physical slot
- * but not necessarily unique across UICC’s. SEP(Single enabled profile) eUICC and non-eUICC
- * will only have portId 0.
+ * Maps the logical slots to the SlotPortMapping, which consists of both physical slot id and
+ * port id. Logical slot is the slot that is seen by the modem. Physical slot is the actual
+ * physical slot. PortId is the id (enumerated value) for the associated port available on the
+ * SIM. Each physical slot can have multiple ports, which enables multi-enabled profile(MEP). If
+ * eUICC physical slot supports 2 ports, then the portId is numbered 0,1 and if eUICC2 supports
+ * 4 ports then the portID is numbered 0,1,2,3. Each portId is unique within a UICC physical
+ * slot but not necessarily unique across UICC’s. SEP(Single enabled profile) eUICC and
+ * non-eUICC will only have portId 0.
*
* Logical slots that are already mapped to the requested SlotPortMapping are not impacted.
*
- * Example no. of logical slots 1 and physical slots 2 do not support MEP, each physical slot
- * has one port:
- * The only logical slot (index 0) can be mapped to first physical slot (value 0), port(index
- * 0). or second
- * physical slot(value 1), port (index 0), while the other physical slot remains unmapped and
- * inactive.
+ * Example: There is 1 logical slot, 2 physical slots, MEP is not supported and each physical
+ * slot has one port:
+ * The only logical slot (index 0) can be mapped to the first physical slot (value 0),
+ * port(index 0), or second physical slot(value 1), port (index 0), while the other physical
+ * slot remains unmapped and inactive.
* slotMap[0] = SlotPortMapping{0 //physical slot//, 0 //port//}
* slotMap[0] = SlotPortMapping{1 //physical slot//, 0 //port//}
*
- * Example no. of logical slots 2 and physical slots 2 supports MEP with 2 ports available:
- * Each logical slot must be mapped to a port (physical slot and port combination).
- * First logical slot (index 0) can be mapped to physical slot 1 and the second logical slot
- * can be mapped to either port from physical slot 2.
+ * Example: There are 2 logical slots, 2 physical slots, MEP is supported and there are 2 ports
+ * available:
+ * Each logical slot must be mapped to a port (physical slot and port combination). The first
+ * logical slot (index 0) can be mapped to the physical slot 1 and the second logical slot can
+ * be mapped to either port from physical slot 2.
*
* slotMap[0] = SlotPortMapping{0, 0} and slotMap[1] = SlotPortMapping{1, 0} or
* slotMap[0] = SlotPortMapping{0, 0} and slotMap[1] = SlotPortMapping{1, 1}
@@ -178,10 +179,10 @@
*
* @param serial Serial number of request
* @param slotMap Logical to physical slot and port mapping.
- * Index is mapping to logical slot and value to physical slot and port id, need to
- * provide all the slots mapping when sending request in case of multi slot device.
+ * The index maps to the logical slot, and the value to the physical slot and port id. In
+ * the case of a multi-slot device, provide all the slot mappings when sending a request.
*
- * EX: SlotPortMapping(physical slot, port id)
+ * Example: SlotPortMapping(physical slot, port id)
* index 0 is the first logical_slot number of logical slots is equal to number of Radio
* instances and number of physical slots is equal to size of slotStatus in
* getSimSlotsStatusResponse
diff --git a/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl b/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl
index 9eacb8e..0b60dbb 100644
--- a/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl
+++ b/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl
@@ -27,9 +27,9 @@
/**
* Indicates SIM slot status change.
*
- * This indication must be sent by the modem whenever there is any slot status change, even the
- * slot is inactive. For example, this indication must be triggered if a SIM card is inserted
- * into an inactive slot.
+ * This indication must be sent by the modem whenever there is any slot status change, even if
+ * the slot is inactive. For example, this indication must be triggered if a SIM card is
+ * inserted into an inactive slot.
*
* @param type Type of radio indication
* @param slotStatus new slot status info with size equals to the number of physical slots on
@@ -39,7 +39,7 @@
in android.hardware.radio.RadioIndicationType type, in SimSlotStatus[] slotStatus);
/**
- * The logical slots supporting simultaneous cellular calling has changed.
+ * The logical slots supporting simultaneous cellular calling have changed.
*
* @param enabledLogicalSlots The slots that have simultaneous cellular calling enabled. If
* there is a call active on logical slot X, then a simultaneous cellular call is only possible
diff --git a/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl b/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl
index 33b0ff0..8182cd1 100644
--- a/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl
+++ b/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl
@@ -26,18 +26,18 @@
@VintfStability
oneway interface IRadioConfigResponse {
/**
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
* @param modemReducedFeatureSet1 True indicates that the modem does NOT support the following
- * features.
- * - Providing either LinkCapacityEstimate:secondaryDownlinkCapacityKbps
- * or LinkCapacityEstimate:secondaryUplinkCapacityKbps when given from
- * RadioIndication:currentLinkCapacityEstimate
- * - Calling IRadio.setNrDualConnectivityState or querying
- * IRadio.isNrDualConnectivityEnabled
- * - Requesting IRadio.setDataThrottling()
- * - Providing SlicingConfig through getSlicingConfig()
+ * features:
+ * - Providing either LinkCapacityEstimate#secondaryDownlinkCapacityKbps
+ * or LinkCapacityEstimate#secondaryUplinkCapacityKbps when given from
+ * IRadioNetworkIndication#currentLinkCapacityEstimate
+ * - Calling IRadioNetwork#setNrDualConnectivityState or querying
+ * IRadioNetwork#isNrDualConnectivityEnabled
+ * - Requesting IRadioData#setDataThrottling
+ * - Providing SlicingConfig through IRadioData#getSlicingConfig
* - Providing PhysicalChannelConfig through
- * IRadioIndication.currentPhysicalChannelConfigs_1_6()
+ * IRadioNetworkIndication#currentPhysicalChannelConfigs
*
* Valid errors returned:
* RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony is not defined
@@ -49,7 +49,7 @@
in android.hardware.radio.RadioResponseInfo info, in boolean modemReducedFeatureSet1);
/**
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
* @param numOfLiveModems <byte> indicate the number of live modems i.e. modems that
* are enabled and actively working as part of a working connectivity stack
*
@@ -62,8 +62,8 @@
in android.hardware.radio.RadioResponseInfo info, in byte numOfLiveModems);
/**
- * @param info Response info struct containing response type, serial no. and error
- * @param phoneCapability <PhoneCapability> it defines modem's capability for example
+ * @param info Response info struct containing response type, serial number and error
+ * @param phoneCapability <PhoneCapability> it defines the modem's capability. For example,
* how many logical modems it has, how many data connections it supports.
*
* Valid errors returned:
@@ -76,7 +76,7 @@
in android.hardware.radio.RadioResponseInfo info, in PhoneCapability phoneCapability);
/**
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
* @param slotStatus Sim slot struct containing all the physical SIM slots info with size
* equal to the number of physical slots on the device
*
@@ -93,7 +93,7 @@
in android.hardware.radio.RadioResponseInfo info, in SimSlotStatus[] slotStatus);
/**
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
*
* Valid errors returned:
* RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony is not defined
@@ -104,7 +104,7 @@
void setNumOfLiveModemsResponse(in android.hardware.radio.RadioResponseInfo info);
/**
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
*
* Valid errors returned:
* RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.data is not defined
@@ -116,7 +116,7 @@
void setPreferredDataModemResponse(in android.hardware.radio.RadioResponseInfo info);
/**
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
*
* Valid errors returned:
* RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.subscription is not
@@ -134,7 +134,7 @@
* Response to the asynchronous
* {@link IRadioConfig#getSimultaneousCallingSupport} request.
*
- * @param info Response info struct containing response type, serial no. and error
+ * @param info Response info struct containing response type, serial number and error
* @param enabledLogicalSlots The slots that have simultaneous cellular calling enabled. If
* there is a call active on logical slot X, then a simultaneous cellular call is only possible
* on logical slot Y if BOTH slot X and slot Y are in enabledLogicalSlots. If simultaneous
diff --git a/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl b/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl
index 7936eb6..265ab96 100644
--- a/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl
+++ b/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl
@@ -17,8 +17,8 @@
package android.hardware.radio.config;
/**
- * Phone capability which describes the data connection capability of modem.
- * It's used to evaluate possible phone config change, for example from single
+ * Phone capability which describes the data connection capability of the modem.
+ * It's used to evaluate a possible phone config change, for example, from single
* SIM device to multi-SIM device.
* @hide
*/
@@ -27,21 +27,18 @@
parcelable PhoneCapability {
const byte UNKNOWN = -1;
/**
- * maxActiveData defines how many logical modems can have
- * PS attached simultaneously. For example, for L+L modem it
- * should be 2.
+ * maxActiveData defines how many logical modems can have PS attached simultaneously. For
+ * example, for a L+L modem, it should be 2.
*/
byte maxActiveData;
/**
- * maxActiveData defines how many logical modems can have
- * internet PDN connections simultaneously. For example, for L+L
- * DSDS modem it’s 1, and for DSDA modem it’s 2.
+ * maxActiveInternetData defines how many logical modems can have internet PDN connections
+ * simultaneously. For example, for a L+L DSDS modem, it’s 1, and for a DSDA modem, it’s 2.
*/
byte maxActiveInternetData;
/**
- * Whether modem supports both internet PDN up so
- * that we can do ping test before tearing down the
- * other one.
+ * Whether the modem supports both internet PDNs up, so that we can do a ping test on one PDN
+ * before tearing down the other PDN.
*/
boolean isInternetLingeringSupported;
/**
@@ -49,9 +46,8 @@
*/
byte[] logicalModemIds;
/**
- * maxActiveVoice defines how many logical modems can have
- * cellular voice calls simultaneously. For example, for cellular DSDA
- * with simultaneous calling support, it should be 2.
+ * maxActiveVoice defines how many logical modems can have cellular voice calls simultaneously.
+ * For example, for cellular DSDA with simultaneous calling support, it should be 2.
*/
byte maxActiveVoice = UNKNOWN;
}
diff --git a/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl b/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl
index f579639..380932e 100644
--- a/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl
+++ b/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl
@@ -21,8 +21,8 @@
@JavaDerive(toString=true)
parcelable SimPortInfo {
/**
- * Integrated Circuit Card IDentifier (ICCID) is unique identifier of the SIM card. File is
- * located in the SIM card at EFiccid (0x2FE2) as per ETSI 102.221. The ICCID is defined by
+ * Integrated Circuit Card IDentifier (ICCID) is the unique identifier of the SIM card. The file
+ * is located in the SIM card at EFiccid (0x2FE2) as per ETSI 102.221. The ICCID is defined by
* the ITU-T recommendation E.118 ISO/IEC 7816.
*
* This data is applicable only when cardState is CardStatus.STATE_PRESENT.
@@ -33,13 +33,13 @@
*/
String iccId;
/**
- * Logical slot id is identifier of the active slot
+ * The identifier of the active slot.
*/
int logicalSlotId;
/**
* Port active status in the slot.
- * Inactive means logical modem is no longer associated to the port.
- * Active means logical modem is associated to the port.
+ * Inactive means that the logical modem is no longer associated to the port.
+ * Active means that the logical modem is associated to the port.
*/
boolean portActive;
}
diff --git a/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl b/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl
index 34f98c5..171d97a 100644
--- a/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl
+++ b/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl
@@ -46,12 +46,12 @@
String eid;
/**
* PortInfo contains the ICCID, logical slot ID, and port state.
- * Cardstate has no relationship with whether the slot is active or inactive. Should always
- * report up at least 1 port otherwise the logicalSlotIndex and portActive info will be lost.
+ * Cardstate has no relationship with whether the slot is active or inactive. At least one port
+ * shall always be reported, otherwise the logicalSlotIndex and portActive info will be lost.
* For example, the pSIM can be removed, but the slot can still be active. In that case, the
* SIM_STATUS reported for the corresponding logical stack will show CARDSTATE_ABSENT.
- * Similarly, even if there is no profile enabled on the eSIM, that port can still be the
- * active port in the slot mapping.
+ * Similarly, even if there is no profile enabled on the eSIM, that port can still be the active
+ * port in the slot mapping.
*/
SimPortInfo[] portInfo;
/**
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 2ba75a3..c19ab11 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -236,10 +236,10 @@
/**
* An API to determine device IDs attestation is required or not,
- * which is mandatory for KeyMint version 2 or first_api_level 33 or greater.
+ * which is mandatory for KeyMint version 2 and first_api_level 33 or greater.
*/
bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() {
- return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= __ANDROID_API_T__;
+ return AidlVersion() >= 2 && property_get_int32("ro.vendor.api_level", 0) >= __ANDROID_API_T__;
}
/**
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index 1d7db6a..b7c32ca 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -167,7 +167,8 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge);
+ IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+ bool allowAnyMode = false);
/**
* Verify the CSR as if the device is still early in the factory process and may not
@@ -181,7 +182,8 @@
*/
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge);
+ IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+ bool allowAnyMode = false);
/** Checks whether the CSR has a proper DICE chain. */
ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr);
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 6638775..646037c 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -325,9 +325,16 @@
}
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
- hwtrust::DiceChain::Kind kind) {
+ hwtrust::DiceChain::Kind kind, bool allowAnyMode) {
auto encodedBcc = bcc->encode();
- auto chain = hwtrust::DiceChain::Verify(encodedBcc, kind);
+
+ // Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
+ std::string build_type = ::android::base::GetProperty("ro.build.type", "");
+ if (!build_type.empty() && build_type != "user") {
+ allowAnyMode = true;
+ }
+
+ auto chain = hwtrust::DiceChain::Verify(encodedBcc, kind, allowAnyMode);
if (!chain.ok()) return chain.error().message();
auto keys = chain->CosePublicKeys();
if (!keys.ok()) return keys.error().message();
@@ -638,7 +645,7 @@
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
- bool isFactory) {
+ bool isFactory, bool allowAnyMode = false) {
auto [parsedProtectedData, _, protDataErrMsg] = cppbor::parse(protectedData.protectedData);
if (!parsedProtectedData) {
return protDataErrMsg;
@@ -694,7 +701,7 @@
}
// BCC is [ pubkey, + BccEntry]
- auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13);
+ auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13, allowAnyMode);
if (!bccContents) {
return bccContents.message() + "\n" + prettyPrint(bcc.get());
}
@@ -747,10 +754,11 @@
const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge) {
+ IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+ bool allowAnyMode) {
return verifyProtectedData(deviceInfo, keysToSign, keysToSignMac, protectedData, eekChain,
eekId, supportedEekCurve, provisionable, challenge,
- /*isFactory=*/false);
+ /*isFactory=*/false, allowAnyMode);
}
ErrMsgOr<X509_Ptr> parseX509Cert(const std::vector<uint8_t>& cert) {
@@ -974,20 +982,22 @@
ErrMsgOr<hwtrust::DiceChain::Kind> getDiceChainKind() {
int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
- switch (vendor_api_level) {
- case __ANDROID_API_T__:
- return hwtrust::DiceChain::Kind::kVsr13;
- case __ANDROID_API_U__:
- return hwtrust::DiceChain::Kind::kVsr14;
- case 202404: /* TODO(b/315056516) Use a version macro for vendor API 24Q2 */
- return hwtrust::DiceChain::Kind::kVsr15;
- default:
- return "Unsupported vendor API level: " + std::to_string(vendor_api_level);
+ if (vendor_api_level == __ANDROID_API_T__) {
+ return hwtrust::DiceChain::Kind::kVsr13;
+ } else if (vendor_api_level == __ANDROID_API_U__) {
+ return hwtrust::DiceChain::Kind::kVsr14;
+ } else if (vendor_api_level == 202404) {
+ return hwtrust::DiceChain::Kind::kVsr15;
+ } else if (vendor_api_level > 202404) {
+ return hwtrust::DiceChain::Kind::kVsr16;
+ } else {
+ return "Unsupported vendor API level: " + std::to_string(vendor_api_level);
}
}
ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
- const std::vector<uint8_t>& challenge) {
+ const std::vector<uint8_t>& challenge,
+ bool allowAnyMode = false) {
auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
if (!parsedRequest) {
return csrErrMsg;
@@ -1025,7 +1035,7 @@
return diceChainKind.message();
}
- auto diceContents = validateBcc(diceCertChain, *diceChainKind);
+ auto diceContents = validateBcc(diceCertChain, *diceChainKind, allowAnyMode);
if (!diceContents) {
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}
@@ -1054,7 +1064,7 @@
const std::vector<uint8_t>& csr,
IRemotelyProvisionedComponent* provisionable,
const std::vector<uint8_t>& challenge,
- bool isFactory) {
+ bool isFactory, bool allowAnyMode = false) {
RpcHardwareInfo info;
provisionable->getHardwareInfo(&info);
if (info.versionNumber != 3) {
@@ -1062,7 +1072,7 @@
") does not match expected version (3).";
}
- auto csrPayload = parseAndValidateAuthenticatedRequest(csr, challenge);
+ auto csrPayload = parseAndValidateAuthenticatedRequest(csr, challenge, allowAnyMode);
if (!csrPayload) {
return csrPayload.message();
}
@@ -1078,8 +1088,9 @@
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
- IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge) {
- return verifyCsr(keysToSign, csr, provisionable, challenge, /*isFactory=*/false);
+ IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+ bool allowAnyMode) {
+ return verifyCsr(keysToSign, csr, provisionable, challenge, /*isFactory=*/false, allowAnyMode);
}
ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr) {
@@ -1113,7 +1124,8 @@
}
auto encodedDiceChain = diceCertChain->encode();
- auto chain = hwtrust::DiceChain::Verify(encodedDiceChain, *diceChainKind);
+ auto chain =
+ hwtrust::DiceChain::Verify(encodedDiceChain, *diceChainKind, /*allowAnyMode=*/false);
if (!chain.ok()) return chain.error().message();
return chain->IsProper();
}
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 2dbc73f..f68ff91 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -188,7 +188,8 @@
}
ASSERT_NE(provisionable_, nullptr);
auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo);
- if (GetParam() == RKP_VM_INSTANCE_NAME) {
+ isRkpVmInstance_ = GetParam() == RKP_VM_INSTANCE_NAME;
+ if (isRkpVmInstance_) {
if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
GTEST_SKIP() << "The RKP VM is not supported on this system.";
}
@@ -209,6 +210,7 @@
protected:
std::shared_ptr<IRemotelyProvisionedComponent> provisionable_;
RpcHardwareInfo rpcHardwareInfo;
+ bool isRkpVmInstance_;
};
/**
@@ -765,7 +767,8 @@
provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge);
+ auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge,
+ isRkpVmInstance_);
ASSERT_TRUE(result) << result.message();
}
}
@@ -786,7 +789,8 @@
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge);
+ auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge,
+ isRkpVmInstance_);
ASSERT_TRUE(result) << result.message();
}
}
@@ -816,13 +820,15 @@
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+ auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
+ isRkpVmInstance_);
ASSERT_TRUE(firstCsr) << firstCsr.message();
status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+ auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
+ isRkpVmInstance_);
ASSERT_TRUE(secondCsr) << secondCsr.message();
ASSERT_EQ(**firstCsr, **secondCsr);
@@ -840,7 +846,8 @@
auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
ASSERT_TRUE(status.isOk()) << status.getDescription();
- auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+ auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
+ isRkpVmInstance_);
ASSERT_TRUE(result) << result.message();
}
diff --git a/weaver/vts/VtsHalWeaverTargetTest.cpp b/weaver/vts/VtsHalWeaverTargetTest.cpp
index 40e9558..8952dfc 100644
--- a/weaver/vts/VtsHalWeaverTargetTest.cpp
+++ b/weaver/vts/VtsHalWeaverTargetTest.cpp
@@ -221,7 +221,10 @@
}
}
// Starting in Android 14, the system will always use at least one Weaver slot if Weaver is
- // supported at all. Make sure we saw at least one.
+ // supported at all. This is true even if an LSKF hasn't been set yet, since Weaver is used to
+ // protect the initial binding of each user's synthetic password to ensure that binding can be
+ // securely deleted if an LSKF is set later. Make sure we saw at least one slot, as otherwise
+ // the Weaver implementation must have a bug that makes it not fully usable by Android.
ASSERT_FALSE(used_slots.empty())
<< "Could not determine which Weaver slots are in use by the system";