Merge "Fuzzer seed corpus for android.hardware.health.IHealth.default" into main
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index 8c53006..de7aa35 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -5,7 +5,6 @@
 bpfmt = true
 clang_format = true
 aidl_format = true
-gofmt = true
 
 [Hook Scripts]
 aosp_hook_confirmationui = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} confirmationui
diff --git a/audio/aidl/default/include/core-impl/StreamStub.h b/audio/aidl/default/include/core-impl/StreamStub.h
index f4ee566..22b2020 100644
--- a/audio/aidl/default/include/core-impl/StreamStub.h
+++ b/audio/aidl/default/include/core-impl/StreamStub.h
@@ -44,6 +44,10 @@
     const bool mIsInput;
     bool mIsInitialized = false;  // Used for validating the state machine logic.
     bool mIsStandby = true;       // Used for validating the state machine logic.
+
+    // Used by the worker thread.
+    int64_t mStartTimeNs = 0;
+    long mFramesSinceStart = 0;
 };
 
 class StreamInStub final : public StreamIn, public StreamStub {
diff --git a/audio/aidl/default/stub/StreamStub.cpp b/audio/aidl/default/stub/StreamStub.cpp
index 3b6a85a..a3d99a8 100644
--- a/audio/aidl/default/stub/StreamStub.cpp
+++ b/audio/aidl/default/stub/StreamStub.cpp
@@ -83,7 +83,6 @@
     if (!mIsInitialized) {
         LOG(FATAL) << __func__ << ": must not happen for an uninitialized driver";
     }
-    usleep(500);
     mIsStandby = true;
     return ::android::OK;
 }
@@ -92,8 +91,9 @@
     if (!mIsInitialized) {
         LOG(FATAL) << __func__ << ": must not happen for an uninitialized driver";
     }
-    usleep(500);
     mIsStandby = false;
+    mStartTimeNs = ::android::uptimeNanos();
+    mFramesSinceStart = 0;
     return ::android::OK;
 }
 
@@ -105,14 +105,23 @@
     if (mIsStandby) {
         LOG(FATAL) << __func__ << ": must not happen while in standby";
     }
-    static constexpr float kMicrosPerSecond = MICROS_PER_SECOND;
-    static constexpr float kScaleFactor = .8f;
+    *actualFrameCount = frameCount;
     if (mIsAsynchronous) {
         usleep(500);
     } else {
-        const size_t delayUs = static_cast<size_t>(
-                std::roundf(kScaleFactor * frameCount * kMicrosPerSecond / mSampleRate));
-        usleep(delayUs);
+        mFramesSinceStart += *actualFrameCount;
+        const long bufferDurationUs =
+                (*actualFrameCount) * MICROS_PER_SECOND / mContext.getSampleRate();
+        const auto totalDurationUs =
+                (::android::uptimeNanos() - mStartTimeNs) / NANOS_PER_MICROSECOND;
+        const long totalOffsetUs =
+                mFramesSinceStart * MICROS_PER_SECOND / mContext.getSampleRate() - totalDurationUs;
+        LOG(VERBOSE) << __func__ << ": totalOffsetUs " << totalOffsetUs;
+        if (totalOffsetUs > 0) {
+            const long sleepTimeUs = std::min(totalOffsetUs, bufferDurationUs);
+            LOG(VERBOSE) << __func__ << ": sleeping for " << sleepTimeUs << " us";
+            usleep(sleepTimeUs);
+        }
     }
     if (mIsInput) {
         uint8_t* byteBuffer = static_cast<uint8_t*>(buffer);
@@ -120,7 +129,6 @@
             byteBuffer[i] = std::rand() % 255;
         }
     }
-    *actualFrameCount = frameCount;
     return ::android::OK;
 }
 
diff --git a/compatibility_matrices/Android.bp b/compatibility_matrices/Android.bp
index 6a3fa32..ad42015 100644
--- a/compatibility_matrices/Android.bp
+++ b/compatibility_matrices/Android.bp
@@ -93,14 +93,6 @@
 
 }
 
-// Device framework compatibility matrix (common to all FCM versions)
-// Reference: https://source.android.com/docs/core/architecture/vintf/comp-matrices
-vintf_compatibility_matrix {
-    name: "framework_compatibility_matrix.device.xml",
-    stem: "compatibility_matrix.device.xml",
-    type: "device_fcm",
-}
-
 // Phony target that installs all system compatibility matrix files
 SYSTEM_MATRIX_DEPS = [
     "framework_compatibility_matrix.5.xml",
@@ -122,26 +114,3 @@
         },
     },
 }
-
-// Product Compatibility Matrix
-vintf_compatibility_matrix {
-    name: "product_compatibility_matrix.xml",
-    stem: "compatibility_matrix.xml",
-    product_specific: true,
-    type: "product_fcm",
-}
-
-// Phony target that installs all framework compatibility matrix files (system + product)
-FRAMEWORK_MATRIX_DEPS = SYSTEM_MATRIX_DEPS + ["product_compatibility_matrix.xml"]
-
-phony {
-    name: "framework_compatibility_matrix.xml",
-    required: FRAMEWORK_MATRIX_DEPS,
-    product_variables: {
-        release_aidl_use_unfrozen: {
-            required: [
-                "framework_compatibility_matrix.202504.xml",
-            ],
-        },
-    },
-}
diff --git a/compatibility_matrices/Android.mk b/compatibility_matrices/Android.mk
new file mode 100644
index 0000000..338c075
--- /dev/null
+++ b/compatibility_matrices/Android.mk
@@ -0,0 +1,134 @@
+#
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH := $(call my-dir)
+
+BUILD_FRAMEWORK_COMPATIBILITY_MATRIX := $(LOCAL_PATH)/compatibility_matrix.mk
+my_empty_manifest := $(LOCAL_PATH)/manifest.empty.xml
+
+# System Compatibility Matrix (common to all FCM versions)
+
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/clear_vars.mk
+LOCAL_MODULE := framework_compatibility_matrix.device.xml
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
+LOCAL_LICENSE_CONDITIONS := notice
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../NOTICE
+LOCAL_MODULE_STEM := compatibility_matrix.device.xml
+# define LOCAL_MODULE_CLASS for local-generated-sources-dir.
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_RELATIVE_PATH := vintf
+
+ifndef DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE
+LOCAL_SRC_FILES := compatibility_matrix.empty.xml
+else
+
+# DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE specifies absolute paths
+LOCAL_GENERATED_SOURCES := $(DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE)
+
+# Enforce that DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE does not specify required HALs
+# by checking it against an empty manifest. But the empty manifest needs to contain
+# BOARD_SEPOLICY_VERS to be compatible with DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE.
+my_gen_check_manifest := $(local-generated-sources-dir)/manifest.check.xml
+$(my_gen_check_manifest): PRIVATE_SRC_FILE := $(my_empty_manifest)
+$(my_gen_check_manifest): $(my_empty_manifest) $(HOST_OUT_EXECUTABLES)/assemble_vintf
+	BOARD_SEPOLICY_VERS=$(BOARD_SEPOLICY_VERS) \
+	VINTF_IGNORE_TARGET_FCM_VERSION=true \
+		$(HOST_OUT_EXECUTABLES)/assemble_vintf -i $(PRIVATE_SRC_FILE) -o $@
+
+LOCAL_GEN_FILE_DEPENDENCIES += $(my_gen_check_manifest)
+LOCAL_ASSEMBLE_VINTF_FLAGS += -c "$(my_gen_check_manifest)"
+
+my_gen_check_manifest :=
+
+endif # DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE
+
+# TODO(b/296875906): use POLICYVERS from Soong
+POLICYVERS ?= 30
+
+LOCAL_ADD_VBMETA_VERSION := true
+LOCAL_ASSEMBLE_VINTF_ENV_VARS := \
+    POLICYVERS \
+    PLATFORM_SEPOLICY_VERSION \
+    PLATFORM_SEPOLICY_COMPAT_VERSIONS
+
+include $(BUILD_FRAMEWORK_COMPATIBILITY_MATRIX)
+
+# Product Compatibility Matrix
+
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/clear_vars.mk
+LOCAL_MODULE := product_compatibility_matrix.xml
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
+LOCAL_LICENSE_CONDITIONS := notice
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../NOTICE
+
+ifndef DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE
+my_framework_matrix_deps :=
+include $(BUILD_PHONY_PACKAGE)
+else # DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE
+
+LOCAL_MODULE_STEM := compatibility_matrix.xml
+LOCAL_PRODUCT_MODULE := true
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_RELATIVE_PATH := vintf
+
+# DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE specifies absolute paths
+LOCAL_GENERATED_SOURCES := $(DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE)
+
+# Enforce that DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE does not specify required HALs
+# by checking it against an empty manifest.
+LOCAL_GEN_FILE_DEPENDENCIES += $(my_empty_manifest)
+LOCAL_ASSEMBLE_VINTF_FLAGS += -c "$(my_empty_manifest)"
+
+my_framework_matrix_deps := $(LOCAL_MODULE)
+
+include $(BUILD_FRAMEWORK_COMPATIBILITY_MATRIX)
+
+endif # DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE
+
+my_system_matrix_deps := \
+    framework_compatibility_matrix.5.xml \
+    framework_compatibility_matrix.6.xml \
+    framework_compatibility_matrix.7.xml \
+    framework_compatibility_matrix.8.xml \
+    framework_compatibility_matrix.202404.xml \
+    framework_compatibility_matrix.device.xml \
+
+# Only allow the use of the unreleased compatibility matrix when we can use unfrozen
+# interfaces (in the `next` release configuration).
+ifeq ($(RELEASE_AIDL_USE_UNFROZEN),true)
+my_system_matrix_deps += \
+    framework_compatibility_matrix.202504.xml \
+
+endif
+
+my_framework_matrix_deps += \
+    $(my_system_matrix_deps)
+
+# Phony target that installs all framework compatibility matrix files (system + product)
+include $(CLEAR_VARS)
+LOCAL_MODULE := framework_compatibility_matrix.xml
+LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
+LOCAL_LICENSE_CONDITIONS := notice
+LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../NOTICE
+LOCAL_REQUIRED_MODULES := $(my_framework_matrix_deps)
+include $(BUILD_PHONY_PACKAGE)
+
+my_system_matrix_deps :=
+my_framework_matrix_deps :=
+my_empty_manifest :=
+BUILD_FRAMEWORK_COMPATIBILITY_MATRIX :=
diff --git a/compatibility_matrices/build/Android.bp b/compatibility_matrices/build/Android.bp
index 6011fcc..79ef36d 100644
--- a/compatibility_matrices/build/Android.bp
+++ b/compatibility_matrices/build/Android.bp
@@ -30,7 +30,6 @@
         "kernel-config-soong-rules",
         "soong",
         "soong-android",
-        "soong-selinux",
     ],
     srcs: [
         "vintf_compatibility_matrix.go",
diff --git a/compatibility_matrices/build/vintf_compatibility_matrix.go b/compatibility_matrices/build/vintf_compatibility_matrix.go
index b8f2a14..c72cbde 100644
--- a/compatibility_matrices/build/vintf_compatibility_matrix.go
+++ b/compatibility_matrices/build/vintf_compatibility_matrix.go
@@ -24,7 +24,6 @@
 
 	"android/soong/android"
 	"android/soong/kernel/configs"
-	"android/soong/selinux"
 )
 
 type dependencyTag struct {
@@ -36,10 +35,10 @@
 	pctx = android.NewPackageContext("android/vintf")
 
 	assembleVintfRule = pctx.AndroidStaticRule("assemble_vintf", blueprint.RuleParams{
-		Command:     `${assembleVintfEnv} ${assembleVintfCmd} -i ${inputs} -o ${out} ${extraArgs}`,
-		CommandDeps: []string{"${assembleVintfCmd}", "${AvbToolCmd}"},
+		Command:     `${assembleVintfCmd} -i ${inputs} -o ${out}`,
+		CommandDeps: []string{"${assembleVintfCmd}"},
 		Description: "assemble_vintf -i ${inputs}",
-	}, "inputs", "extraArgs", "assembleVintfEnv")
+	}, "inputs")
 
 	xmllintXsd = pctx.AndroidStaticRule("xmllint-xsd", blueprint.RuleParams{
 		Command:     `$XmlLintCmd --quiet --schema $xsd $in > /dev/null && touch -a $out`,
@@ -53,11 +52,7 @@
 )
 
 const (
-	relpath                  = "vintf"
-	emptyManifest            = "hardware/interfaces/compatibility_matrices/manifest.empty.xml"
-	compatibilityEmptyMatrix = "hardware/interfaces/compatibility_matrices/compatibility_matrix.empty.xml"
-	deviceFcmType            = "device_fcm"
-	productFcmType           = "product_fcm"
+	relpath = "vintf"
 )
 
 type vintfCompatibilityMatrixProperties struct {
@@ -69,9 +64,6 @@
 
 	// list of kernel_config modules to be combined to final output
 	Kernel_configs []string
-
-	// Type of the FCM type, the allowed type are device_fcm and product_fcm and it should only be used under hardware/interfaces/compatibility_matrices
-	Type *string
 }
 
 type vintfCompatibilityMatrixRule struct {
@@ -80,13 +72,11 @@
 
 	genFile                android.WritablePath
 	additionalDependencies android.WritablePaths
-	phonyOnly              bool
 }
 
 func init() {
 	pctx.HostBinToolVariable("assembleVintfCmd", "assemble_vintf")
 	pctx.HostBinToolVariable("XmlLintCmd", "xmllint")
-	pctx.HostBinToolVariable("AvbToolCmd", "avbtool")
 	android.RegisterModuleType("vintf_compatibility_matrix", vintfCompatibilityMatrixFactory)
 }
 
@@ -141,20 +131,6 @@
 }
 
 func (g *vintfCompatibilityMatrixRule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
-	// Types attribute only allow `device_fcm` or `product_fcm` if set and only restricted it being used under
-	// `hardware/interfaces/compatibility_matrices` to prevent accidental external usages.
-	matrixType := proptools.String(g.properties.Type)
-	if matrixType != "" {
-		if matrixType != deviceFcmType && matrixType != productFcmType {
-			panic(fmt.Errorf("The attribute 'type' value must be either 'device_fcm' or 'product_fcm' if set!"))
-		}
-		if !strings.HasPrefix(android.PathForModuleSrc(ctx).String(), "hardware/interfaces/compatibility_matrices") {
-			panic(fmt.Errorf("Attribute type can only be set for module under `hardware/interfaces/compatibility_matrices`!"))
-		}
-		if (len(g.properties.Srcs) + len(g.properties.Kernel_configs)) > 0 {
-			panic(fmt.Errorf("Attribute 'type' and 'srcs' or 'kernel_configs' should not set simultaneously! To update inputs for this rule, edit vintf_compatibility_matrix.go directly."))
-		}
-	}
 
 	outputFilename := proptools.String(g.properties.Stem)
 	if outputFilename == "" {
@@ -182,72 +158,15 @@
 		}
 	})
 
-	// For product_compatibility_matrix.xml the source is from the product configuration
-	// DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE.
-	extraArgs := []string{}
-	if matrixType == productFcmType {
-		productMatrixs := android.PathsForSource(ctx, ctx.Config().DeviceProductCompatibilityMatrixFile())
-		if len(productMatrixs) > 0 {
-			inputPaths = append(inputPaths, productMatrixs...)
-			extraArgs = append(extraArgs, "-c", android.PathForSource(ctx, emptyManifest).String())
-		} else {
-			// For product_fcm, if DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE not set, treat it as a phony target without any output generated.
-			g.phonyOnly = true
-			return
-		}
-	}
-
-	// For framework_compatibility_matrix.device.xml the source may come from the product configuration
-	// DEVICE_FRAMEWORK_COMPATIBILITY_MATRIX_FILE or use compatibilityEmptyMatrix if not set. We can't
-	// use a phony target because we still need to install framework_compatibility_matrix.device.xml to
-	// include sepolicy versions.
-	frameworkRuleImplicits := []android.Path{}
-
-	if matrixType == deviceFcmType {
-		frameworkMatrixs := android.PathsForSource(ctx, ctx.Config().DeviceFrameworkCompatibilityMatrixFile())
-		if len(frameworkMatrixs) > 0 {
-			inputPaths = append(inputPaths, frameworkMatrixs...)
-
-			// Generate BuildAction for generating the check manifest.
-			emptyManifestPath := android.PathForSource(ctx, emptyManifest)
-			genCheckManifest := android.PathForModuleGen(ctx, "manifest.check.xml")
-			checkManifestInputs := []android.Path{emptyManifestPath}
-			genCheckManifestEnvs := []string{
-				"BOARD_SEPOLICY_VERS=" + ctx.DeviceConfig().BoardSepolicyVers(),
-				"VINTF_IGNORE_TARGET_FCM_VERSION=true",
-			}
-
-			ctx.Build(pctx, android.BuildParams{
-				Rule:        assembleVintfRule,
-				Description: "Framework Check Manifest",
-				Implicits:   checkManifestInputs,
-				Output:      genCheckManifest,
-				Args: map[string]string{
-					"inputs":           android.PathForSource(ctx, emptyManifest).String(),
-					"extraArgs":        "",
-					"assembleVintfEnv": strings.Join(genCheckManifestEnvs, " "),
-				},
-			})
-
-			frameworkRuleImplicits = append(frameworkRuleImplicits, genCheckManifest)
-			extraArgs = append(extraArgs, "-c", genCheckManifest.String())
-		} else {
-			inputPaths = append(inputPaths, android.PathForSource(ctx, compatibilityEmptyMatrix))
-		}
-	}
-
 	g.genFile = android.PathForModuleGen(ctx, outputFilename)
-	frameworkRuleImplicits = append(frameworkRuleImplicits, inputPaths...)
 
 	ctx.Build(pctx, android.BuildParams{
 		Rule:        assembleVintfRule,
 		Description: "Framework Compatibility Matrix",
-		Implicits:   frameworkRuleImplicits,
+		Implicits:   inputPaths,
 		Output:      g.genFile,
 		Args: map[string]string{
-			"inputs":           strings.Join(inputPaths.Strings(), ":"),
-			"extraArgs":        strings.Join(extraArgs, " "),
-			"assembleVintfEnv": g.getAssembleVintfEnv(ctx),
+			"inputs": strings.Join(inputPaths.Strings(), ":"),
 		},
 	})
 	g.generateValidateBuildAction(ctx, g.genFile, schema.Path())
@@ -255,39 +174,7 @@
 	ctx.InstallFile(android.PathForModuleInstall(ctx, "etc", relpath), outputFilename, g.genFile)
 }
 
-func (g *vintfCompatibilityMatrixRule) getAssembleVintfEnv(ctx android.ModuleContext) string {
-	if proptools.String(g.properties.Type) == deviceFcmType {
-		assembleVintfEnvs := []string{
-			// POLICYVERS defined in system/sepolicy/build/soong/policy.go
-			fmt.Sprintf("POLICYVERS=%d", selinux.PolicyVers),
-			fmt.Sprintf("PLATFORM_SEPOLICY_VERSION=%s", ctx.DeviceConfig().PlatformSepolicyVersion()),
-			fmt.Sprintf("PLATFORM_SEPOLICY_COMPAT_VERSIONS=\"%s\"", strings.Join(ctx.DeviceConfig().PlatformSepolicyCompatVersions(), " ")),
-		}
-
-		if ctx.Config().BoardAvbEnable() {
-			assembleVintfEnvs = append(assembleVintfEnvs, fmt.Sprintf("FRAMEWORK_VBMETA_VERSION=\"$$(${AvbToolCmd} add_hashtree_footer --print_required_libavb_version %s)\"", strings.Join(ctx.Config().BoardAvbSystemAddHashtreeFooterArgs(), " ")))
-		} else {
-			assembleVintfEnvs = append(assembleVintfEnvs, "FRAMEWORK_VBMETA_VERSION=\"0.0\"")
-		}
-
-		return strings.Join(assembleVintfEnvs, " ")
-	}
-
-	return ""
-}
-
 func (g *vintfCompatibilityMatrixRule) AndroidMk() android.AndroidMkData {
-	if g.phonyOnly {
-		return android.AndroidMkData{
-			Custom: func(w io.Writer, name, prefix, moduleDir string, data android.AndroidMkData) {
-				fmt.Fprintln(w, "\ninclude $(CLEAR_VARS)", " # vintf.vintf_compatibility_matrix")
-				fmt.Fprintln(w, "LOCAL_PATH :=", moduleDir)
-				fmt.Fprintln(w, "LOCAL_MODULE :=", name)
-				fmt.Fprintln(w, "include $(BUILD_PHONY_PACKAGE)")
-			},
-		}
-	}
-
 	return android.AndroidMkData{
 		Class:      "ETC",
 		OutputFile: android.OptionalPathForPath(g.genFile),
diff --git a/compatibility_matrices/compatibility_matrix.202404.xml b/compatibility_matrices/compatibility_matrix.202404.xml
index 9ea476a..aa6b8f0 100644
--- a/compatibility_matrices/compatibility_matrix.202404.xml
+++ b/compatibility_matrices/compatibility_matrix.202404.xml
@@ -28,7 +28,7 @@
     </hal>
     <hal format="aidl">
         <name>android.hardware.audio.sounddose</name>
-        <version>1-2</version>
+        <version>1-3</version>
         <interface>
             <name>ISoundDoseFactory</name>
             <instance>default</instance>
diff --git a/compatibility_matrices/compatibility_matrix.202504.xml b/compatibility_matrices/compatibility_matrix.202504.xml
index 3e5b74a..73b4193 100644
--- a/compatibility_matrices/compatibility_matrix.202504.xml
+++ b/compatibility_matrices/compatibility_matrix.202504.xml
@@ -26,14 +26,6 @@
             <instance>default</instance>
         </interface>
     </hal>
-    <hal format="aidl">
-        <name>android.hardware.audio.sounddose</name>
-        <version>1-3</version>
-        <interface>
-            <name>ISoundDoseFactory</name>
-            <instance>default</instance>
-        </interface>
-    </hal>
     <hal format="aidl" updatable-via-apex="true">
          <name>android.hardware.authsecret</name>
          <version>1</version>
@@ -530,6 +522,7 @@
             <name>ISharedSecret</name>
             <instance>default</instance>
             <instance>strongbox</instance>
+            <regex-instance>.*</regex-instance>
         </interface>
     </hal>
     <hal format="aidl">
diff --git a/compatibility_matrices/compatibility_matrix.mk b/compatibility_matrices/compatibility_matrix.mk
new file mode 100644
index 0000000..64cd645
--- /dev/null
+++ b/compatibility_matrices/compatibility_matrix.mk
@@ -0,0 +1,94 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##### Input Variables:
+# LOCAL_MODULE: required. Module name for the build system.
+# LOCAL_MODULE_CLASS: optional. Default is ETC.
+# LOCAL_MODULE_PATH / LOCAL_MODULE_RELATIVE_PATH: required. (Relative) path of output file.
+#       If not defined, LOCAL_MODULE_RELATIVE_PATH will be "vintf".
+# LOCAL_MODULE_STEM: optional. Name of output file. Default is $(LOCAL_MODULE).
+# LOCAL_SRC_FILES: required. Local source files provided to assemble_vintf
+#       (command line argument -i).
+# LOCAL_GENERATED_SOURCES: optional. Global source files provided to assemble_vintf
+#       (command line argument -i).
+#
+# LOCAL_ADD_VBMETA_VERSION: Use AVBTOOL to add avb version to the output matrix
+#       (corresponds to <avb><vbmeta-version> tag)
+# LOCAL_ASSEMBLE_VINTF_ENV_VARS: Add a list of environment variable names from global variables in
+#       the build system that is lazily evaluated (e.g. PRODUCT_ENFORCE_VINTF_MANIFEST).
+# LOCAL_ASSEMBLE_VINTF_FLAGS: Add additional command line arguments to assemble_vintf invocation.
+# LOCAL_GEN_FILE_DEPENDENCIES: A list of additional dependencies for the generated file.
+
+ifndef LOCAL_MODULE
+$(error LOCAL_MODULE must be defined.)
+endif
+
+ifndef LOCAL_MODULE_STEM
+LOCAL_MODULE_STEM := $(LOCAL_MODULE)
+endif
+
+ifndef LOCAL_MODULE_CLASS
+LOCAL_MODULE_CLASS := ETC
+endif
+
+ifndef LOCAL_MODULE_PATH
+ifndef LOCAL_MODULE_RELATIVE_PATH
+$(error Either LOCAL_MODULE_PATH or LOCAL_MODULE_RELATIVE_PATH must be defined.)
+endif
+endif
+
+GEN := $(local-generated-sources-dir)/$(LOCAL_MODULE_STEM)
+
+$(GEN): PRIVATE_ENV_VARS := $(LOCAL_ASSEMBLE_VINTF_ENV_VARS)
+$(GEN): PRIVATE_FLAGS := $(LOCAL_ASSEMBLE_VINTF_FLAGS)
+
+$(GEN): $(LOCAL_GEN_FILE_DEPENDENCIES)
+
+ifeq (true,$(strip $(LOCAL_ADD_VBMETA_VERSION)))
+ifeq (true,$(BOARD_AVB_ENABLE))
+$(GEN): $(AVBTOOL)
+$(GEN): $(BOARD_AVB_SYSTEM_KEY_PATH)
+# Use deferred assignment (=) instead of immediate assignment (:=).
+# Otherwise, cannot get INTERNAL_AVB_SYSTEM_SIGNING_ARGS.
+$(GEN): FRAMEWORK_VBMETA_VERSION = $$("$(AVBTOOL)" add_hashtree_footer \
+                           --print_required_libavb_version \
+                           $(BOARD_AVB_SYSTEM_ADD_HASHTREE_FOOTER_ARGS))
+else
+$(GEN): FRAMEWORK_VBMETA_VERSION := 0.0
+endif # BOARD_AVB_ENABLE
+$(GEN): PRIVATE_ENV_VARS += FRAMEWORK_VBMETA_VERSION
+endif # LOCAL_ADD_VBMETA_VERSION
+
+my_matrix_src_files := \
+	$(addprefix $(LOCAL_PATH)/,$(LOCAL_SRC_FILES)) \
+	$(LOCAL_GENERATED_SOURCES)
+
+$(GEN): PRIVATE_SRC_FILES := $(my_matrix_src_files)
+$(GEN): $(my_matrix_src_files) $(HOST_OUT_EXECUTABLES)/assemble_vintf
+	$(foreach varname,$(PRIVATE_ENV_VARS),$(varname)="$($(varname))") \
+		$(HOST_OUT_EXECUTABLES)/assemble_vintf \
+		-i $(call normalize-path-list,$(PRIVATE_SRC_FILES)) \
+		-o $@ \
+		$(PRIVATE_FLAGS)
+
+LOCAL_PREBUILT_MODULE_FILE := $(GEN)
+LOCAL_SRC_FILES :=
+LOCAL_GENERATED_SOURCES :=
+
+include $(LOCAL_PATH)/clear_vars.mk
+my_matrix_src_files :=
+
+include $(BUILD_PREBUILT)
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index fca9e1c..b86f399 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -167,6 +167,7 @@
             "android.hardware.audio.core.sounddose@3",
 
             // Deprecated HALs.
+            "android.hardware.audio.sounddose@3",
             "android.hardware.bluetooth.audio@1",
     };
 
diff --git a/health/utils/libhealthloop/HealthLoop.cpp b/health/utils/libhealthloop/HealthLoop.cpp
index 70b7745..d43c2d5 100644
--- a/health/utils/libhealthloop/HealthLoop.cpp
+++ b/health/utils/libhealthloop/HealthLoop.cpp
@@ -61,13 +61,14 @@
                                           EventHandler{this, fd, std::move(func)}))
                                   .get();
 
-    struct epoll_event ev = {
-            .events = EPOLLIN | EPOLLERR,
-            .data.ptr = reinterpret_cast<void*>(event_handler),
-    };
+    struct epoll_event ev;
+
+    ev.events = EPOLLIN;
 
     if (wakeup == EVENT_WAKEUP_FD) ev.events |= EPOLLWAKEUP;
 
+    ev.data.ptr = reinterpret_cast<void*>(event_handler);
+
     if (epoll_ctl(epollfd_, EPOLL_CTL_ADD, fd, &ev) == -1) {
         KLOG_ERROR(LOG_TAG, "epoll_ctl failed; errno=%d\n", errno);
         return -1;
@@ -121,15 +122,9 @@
 }
 
 #define UEVENT_MSG_LEN 2048
-void HealthLoop::UeventEvent(uint32_t epevents) {
+void HealthLoop::UeventEvent(uint32_t /*epevents*/) {
     // No need to lock because uevent_fd_ is guaranteed to be initialized.
 
-    if (epevents & EPOLLERR) {
-        // The netlink receive buffer overflowed.
-        ScheduleBatteryUpdate();
-        return;
-    }
-
     char msg[UEVENT_MSG_LEN + 2];
     char* cp;
     int n;
diff --git a/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl b/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl
index 8f4dff4..936315c 100644
--- a/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl
+++ b/radio/aidl/android/hardware/radio/config/IRadioConfig.aidl
@@ -17,9 +17,10 @@
  * This interface is used by telephony and telecom to talk to cellular radio for the purpose of
  * radio configuration, and it is not associated with any specific modem or slot.
  * All the functions have minimum one parameter:
- * serial: which corresponds to serial no. of request. Serial numbers must only be memorized for the
- * duration of a method call. If clients provide colliding serials (including passing the same
- * serial to different methods), multiple responses (one for each method call) must still be served.
+ * serial: which corresponds to the serial number of the request. Serial numbers must only be
+ * memorized for the duration of a method call. If clients provide colliding serials (including
+ * passing the same serial to different methods), multiple responses (one for each method call) must
+ * still be served.
  */
 
 package android.hardware.radio.config;
@@ -108,12 +109,12 @@
 
     /**
      * Set preferred data modem Id.
-     * In a multi-SIM device, notify modem layer which logical modem will be used primarily
-     * for data. It helps modem with resource optimization and decisions of what data connections
-     * should be satisfied.
+     * In a multi-SIM device, notify the modem layer which logical modem will be used primarily
+     * for data. It helps the modem with resource optimization and decisions of what data
+     * connections should be satisfied.
      *
      * @param serial Serial number of request.
-     * @param modem Id the logical modem ID, which should match one of modem IDs returned
+     * @param modemId the logical modem ID which should match one of the modem IDs returned
      * from getPhoneCapability().
      *
      * Response callback is IRadioConfigResponse.setPreferredDataModemResponse()
@@ -136,30 +137,30 @@
     /**
      * Set SIM Slot mapping.
      *
-     * Maps the logical slots to the SlotPortMapping which consist of both physical slot id and port
-     * id. Logical slot is the slot that is seen by modem. Physical slot is the actual physical
-     * slot. PortId is the id (enumerated value) for the associated port available on the SIM. Each
-     * physical slot can have multiple ports which enables multi-enabled profile(MEP). If eUICC
-     * physical slot supports 2 ports, then the portId is numbered 0,1 and if eUICC2 supports 4
-     * ports then the portID is numbered 0,1,2,3. Each portId is unique within a UICC physical slot
-     * but not necessarily unique across UICC’s. SEP(Single enabled profile) eUICC and non-eUICC
-     * will only have portId 0.
+     * Maps the logical slots to the SlotPortMapping, which consists of both physical slot id and
+     * port id. Logical slot is the slot that is seen by the modem. Physical slot is the actual
+     * physical slot. PortId is the id (enumerated value) for the associated port available on the
+     * SIM. Each physical slot can have multiple ports, which enables multi-enabled profile(MEP). If
+     * eUICC physical slot supports 2 ports, then the portId is numbered 0,1 and if eUICC2 supports
+     * 4 ports then the portID is numbered 0,1,2,3. Each portId is unique within a UICC physical
+     * slot but not necessarily unique across UICC’s. SEP(Single enabled profile) eUICC and
+     * non-eUICC will only have portId 0.
      *
      * Logical slots that are already mapped to the requested SlotPortMapping are not impacted.
      *
-     * Example no. of logical slots 1 and physical slots 2 do not support MEP, each physical slot
-     * has one port:
-     * The only logical slot (index 0) can be mapped to first physical slot (value 0), port(index
-     * 0). or second
-     * physical slot(value 1), port (index 0), while the other physical slot remains unmapped and
-     * inactive.
+     * Example: There is 1 logical slot, 2 physical slots, MEP is not supported and each physical
+     * slot has one port:
+     * The only logical slot (index 0) can be mapped to the first physical slot (value 0),
+     * port(index 0), or second physical slot(value 1), port (index 0), while the other physical
+     * slot remains unmapped and inactive.
      * slotMap[0] = SlotPortMapping{0 //physical slot//, 0 //port//}
      * slotMap[0] = SlotPortMapping{1 //physical slot//, 0 //port//}
      *
-     * Example no. of logical slots 2 and physical slots 2 supports MEP with 2 ports available:
-     * Each logical slot must be mapped to a port (physical slot and port combination).
-     * First logical slot (index 0) can be mapped to physical slot 1 and the second logical slot
-     * can be mapped to either port from physical slot 2.
+     * Example: There are 2 logical slots, 2 physical slots, MEP is supported and there are 2 ports
+     * available:
+     * Each logical slot must be mapped to a port (physical slot and port combination). The first
+     * logical slot (index 0) can be mapped to the physical slot 1 and the second logical slot can
+     * be mapped to either port from physical slot 2.
      *
      * slotMap[0] = SlotPortMapping{0, 0} and slotMap[1] = SlotPortMapping{1, 0} or
      * slotMap[0] = SlotPortMapping{0, 0} and slotMap[1] = SlotPortMapping{1, 1}
@@ -178,10 +179,10 @@
      *
      * @param serial Serial number of request
      * @param slotMap Logical to physical slot and port mapping.
-     *        Index is mapping to logical slot and value to physical slot and port id, need to
-     *        provide all the slots mapping when sending request in case of multi slot device.
+     *        The index maps to the logical slot, and the value to the physical slot and port id. In
+     *        the case of a multi-slot device, provide all the slot mappings when sending a request.
      *
-     *        EX: SlotPortMapping(physical slot, port id)
+     *        Example: SlotPortMapping(physical slot, port id)
      *        index 0 is the first logical_slot number of logical slots is equal to number of Radio
      *        instances and number of physical slots is equal to size of slotStatus in
      *        getSimSlotsStatusResponse
diff --git a/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl b/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl
index 9eacb8e..0b60dbb 100644
--- a/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl
+++ b/radio/aidl/android/hardware/radio/config/IRadioConfigIndication.aidl
@@ -27,9 +27,9 @@
     /**
      * Indicates SIM slot status change.
      *
-     * This indication must be sent by the modem whenever there is any slot status change, even the
-     * slot is inactive. For example, this indication must be triggered if a SIM card is inserted
-     * into an inactive slot.
+     * This indication must be sent by the modem whenever there is any slot status change, even if
+     * the slot is inactive. For example, this indication must be triggered if a SIM card is
+     * inserted into an inactive slot.
      *
      * @param type Type of radio indication
      * @param slotStatus new slot status info with size equals to the number of physical slots on
@@ -39,7 +39,7 @@
             in android.hardware.radio.RadioIndicationType type, in SimSlotStatus[] slotStatus);
 
     /**
-     * The logical slots supporting simultaneous cellular calling has changed.
+     * The logical slots supporting simultaneous cellular calling have changed.
      *
      * @param enabledLogicalSlots The slots that have simultaneous cellular calling enabled. If
      * there is a call active on logical slot X, then a simultaneous cellular call is only possible
diff --git a/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl b/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl
index 33b0ff0..8182cd1 100644
--- a/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl
+++ b/radio/aidl/android/hardware/radio/config/IRadioConfigResponse.aidl
@@ -26,18 +26,18 @@
 @VintfStability
 oneway interface IRadioConfigResponse {
     /**
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      * @param modemReducedFeatureSet1 True indicates that the modem does NOT support the following
-     *        features.
-     *        - Providing either LinkCapacityEstimate:secondaryDownlinkCapacityKbps
-     *          or LinkCapacityEstimate:secondaryUplinkCapacityKbps when given from
-     *          RadioIndication:currentLinkCapacityEstimate
-     *        - Calling IRadio.setNrDualConnectivityState or querying
-     *          IRadio.isNrDualConnectivityEnabled
-     *        - Requesting IRadio.setDataThrottling()
-     *        - Providing SlicingConfig through getSlicingConfig()
+     *        features:
+     *        - Providing either LinkCapacityEstimate#secondaryDownlinkCapacityKbps
+     *          or LinkCapacityEstimate#secondaryUplinkCapacityKbps when given from
+     *          IRadioNetworkIndication#currentLinkCapacityEstimate
+     *        - Calling IRadioNetwork#setNrDualConnectivityState or querying
+     *          IRadioNetwork#isNrDualConnectivityEnabled
+     *        - Requesting IRadioData#setDataThrottling
+     *        - Providing SlicingConfig through IRadioData#getSlicingConfig
      *        - Providing PhysicalChannelConfig through
-     *          IRadioIndication.currentPhysicalChannelConfigs_1_6()
+     *          IRadioNetworkIndication#currentPhysicalChannelConfigs
      *
      * Valid errors returned:
      *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony is not defined
@@ -49,7 +49,7 @@
             in android.hardware.radio.RadioResponseInfo info, in boolean modemReducedFeatureSet1);
 
     /**
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      * @param numOfLiveModems <byte> indicate the number of live modems i.e. modems that
      *        are enabled and actively working as part of a working connectivity stack
      *
@@ -62,8 +62,8 @@
             in android.hardware.radio.RadioResponseInfo info, in byte numOfLiveModems);
 
     /**
-     * @param info Response info struct containing response type, serial no. and error
-     * @param phoneCapability <PhoneCapability> it defines modem's capability for example
+     * @param info Response info struct containing response type, serial number and error
+     * @param phoneCapability <PhoneCapability> it defines the modem's capability. For example,
      *        how many logical modems it has, how many data connections it supports.
      *
      * Valid errors returned:
@@ -76,7 +76,7 @@
             in android.hardware.radio.RadioResponseInfo info, in PhoneCapability phoneCapability);
 
     /**
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      * @param slotStatus Sim slot struct containing all the physical SIM slots info with size
      *        equal to the number of physical slots on the device
      *
@@ -93,7 +93,7 @@
             in android.hardware.radio.RadioResponseInfo info, in SimSlotStatus[] slotStatus);
 
     /**
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      *
      * Valid errors returned:
      *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony is not defined
@@ -104,7 +104,7 @@
     void setNumOfLiveModemsResponse(in android.hardware.radio.RadioResponseInfo info);
 
     /**
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      *
      * Valid errors returned:
      *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.data is not defined
@@ -116,7 +116,7 @@
     void setPreferredDataModemResponse(in android.hardware.radio.RadioResponseInfo info);
 
     /**
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      *
      * Valid errors returned:
      *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.subscription is not
@@ -134,7 +134,7 @@
      * Response to the asynchronous
      * {@link IRadioConfig#getSimultaneousCallingSupport} request.
      *
-     * @param info Response info struct containing response type, serial no. and error
+     * @param info Response info struct containing response type, serial number and error
      * @param enabledLogicalSlots The slots that have simultaneous cellular calling enabled. If
      * there is a call active on logical slot X, then a simultaneous cellular call is only possible
      * on logical slot Y if BOTH slot X and slot Y are in enabledLogicalSlots. If simultaneous
diff --git a/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl b/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl
index 7936eb6..265ab96 100644
--- a/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl
+++ b/radio/aidl/android/hardware/radio/config/PhoneCapability.aidl
@@ -17,8 +17,8 @@
 package android.hardware.radio.config;
 
 /**
- * Phone capability which describes the data connection capability of modem.
- * It's used to evaluate possible phone config change, for example from single
+ * Phone capability which describes the data connection capability of the modem.
+ * It's used to evaluate a possible phone config change, for example, from single
  * SIM device to multi-SIM device.
  * @hide
  */
@@ -27,21 +27,18 @@
 parcelable PhoneCapability {
     const byte UNKNOWN = -1;
     /**
-     * maxActiveData defines how many logical modems can have
-     * PS attached simultaneously. For example, for L+L modem it
-     * should be 2.
+     * maxActiveData defines how many logical modems can have PS attached simultaneously. For
+     * example, for a L+L modem, it should be 2.
      */
     byte maxActiveData;
     /**
-     * maxActiveData defines how many logical modems can have
-     * internet PDN connections simultaneously. For example, for L+L
-     * DSDS modem it’s 1, and for DSDA modem it’s 2.
+     * maxActiveInternetData defines how many logical modems can have internet PDN connections
+     * simultaneously. For example, for a L+L DSDS modem, it’s 1, and for a DSDA modem, it’s 2.
      */
     byte maxActiveInternetData;
     /**
-     * Whether modem supports both internet PDN up so
-     * that we can do ping test before tearing down the
-     * other one.
+     * Whether the modem supports both internet PDNs up, so that we can do a ping test on one PDN
+     * before tearing down the other PDN.
      */
     boolean isInternetLingeringSupported;
     /**
@@ -49,9 +46,8 @@
      */
     byte[] logicalModemIds;
     /**
-     * maxActiveVoice defines how many logical modems can have
-     * cellular voice calls simultaneously. For example, for cellular DSDA
-     * with simultaneous calling support, it should be 2.
+     * maxActiveVoice defines how many logical modems can have cellular voice calls simultaneously.
+     * For example, for cellular DSDA with simultaneous calling support, it should be 2.
      */
     byte maxActiveVoice = UNKNOWN;
 }
diff --git a/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl b/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl
index f579639..380932e 100644
--- a/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl
+++ b/radio/aidl/android/hardware/radio/config/SimPortInfo.aidl
@@ -21,8 +21,8 @@
 @JavaDerive(toString=true)
 parcelable SimPortInfo {
     /**
-     * Integrated Circuit Card IDentifier (ICCID) is unique identifier of the SIM card. File is
-     * located in the SIM card at EFiccid (0x2FE2) as per ETSI 102.221. The ICCID is defined by
+     * Integrated Circuit Card IDentifier (ICCID) is the unique identifier of the SIM card. The file
+     * is located in the SIM card at EFiccid (0x2FE2) as per ETSI 102.221. The ICCID is defined by
      * the ITU-T recommendation E.118 ISO/IEC 7816.
      *
      * This data is applicable only when cardState is CardStatus.STATE_PRESENT.
@@ -33,13 +33,13 @@
      */
     String iccId;
     /**
-     * Logical slot id is identifier of the active slot
+     * The identifier of the active slot.
      */
     int logicalSlotId;
     /**
      * Port active status in the slot.
-     * Inactive means logical modem is no longer associated to the port.
-     * Active means logical modem is associated to the port.
+     * Inactive means that the logical modem is no longer associated to the port.
+     * Active means that the logical modem is associated to the port.
      */
     boolean portActive;
 }
diff --git a/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl b/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl
index 34f98c5..171d97a 100644
--- a/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl
+++ b/radio/aidl/android/hardware/radio/config/SimSlotStatus.aidl
@@ -46,12 +46,12 @@
     String eid;
     /**
      * PortInfo contains the ICCID, logical slot ID, and port state.
-     * Cardstate has no relationship with whether the slot is active or inactive. Should always
-     * report up at least 1 port otherwise the logicalSlotIndex and portActive info will be lost.
+     * Cardstate has no relationship with whether the slot is active or inactive. At least one port
+     * shall always be reported, otherwise the logicalSlotIndex and portActive info will be lost.
      * For example, the pSIM can be removed, but the slot can still be active. In that case, the
      * SIM_STATUS reported for the corresponding logical stack will show CARDSTATE_ABSENT.
-     * Similarly, even if there is no profile enabled on the eSIM, that port can still be the
-     * active port in the slot mapping.
+     * Similarly, even if there is no profile enabled on the eSIM, that port can still be the active
+     * port in the slot mapping.
      */
     SimPortInfo[] portInfo;
     /**
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 2ba75a3..c19ab11 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -236,10 +236,10 @@
 
 /**
  * An API to determine device IDs attestation is required or not,
- * which is mandatory for KeyMint version 2 or first_api_level 33 or greater.
+ * which is mandatory for KeyMint version 2 and first_api_level 33 or greater.
  */
 bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() {
-    return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= __ANDROID_API_T__;
+    return AidlVersion() >= 2 && property_get_int32("ro.vendor.api_level", 0) >= __ANDROID_API_T__;
 }
 
 /**
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index 1d7db6a..b7c32ca 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -167,7 +167,8 @@
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
         const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge);
+        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+        bool allowAnyMode = false);
 
 /**
  * Verify the CSR as if the device is still early in the factory process and may not
@@ -181,7 +182,8 @@
  */
 ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
         const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge);
+        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+        bool allowAnyMode = false);
 
 /** Checks whether the CSR has a proper DICE chain. */
 ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr);
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 6638775..646037c 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -325,9 +325,16 @@
 }
 
 ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
-                                                hwtrust::DiceChain::Kind kind) {
+                                                hwtrust::DiceChain::Kind kind, bool allowAnyMode) {
     auto encodedBcc = bcc->encode();
-    auto chain = hwtrust::DiceChain::Verify(encodedBcc, kind);
+
+    // Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
+    std::string build_type = ::android::base::GetProperty("ro.build.type", "");
+    if (!build_type.empty() && build_type != "user") {
+        allowAnyMode = true;
+    }
+
+    auto chain = hwtrust::DiceChain::Verify(encodedBcc, kind, allowAnyMode);
     if (!chain.ok()) return chain.error().message();
     auto keys = chain->CosePublicKeys();
     if (!keys.ok()) return keys.error().message();
@@ -638,7 +645,7 @@
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
         const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
         IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
-        bool isFactory) {
+        bool isFactory, bool allowAnyMode = false) {
     auto [parsedProtectedData, _, protDataErrMsg] = cppbor::parse(protectedData.protectedData);
     if (!parsedProtectedData) {
         return protDataErrMsg;
@@ -694,7 +701,7 @@
     }
 
     // BCC is [ pubkey, + BccEntry]
-    auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13);
+    auto bccContents = validateBcc(bcc->asArray(), hwtrust::DiceChain::Kind::kVsr13, allowAnyMode);
     if (!bccContents) {
         return bccContents.message() + "\n" + prettyPrint(bcc.get());
     }
@@ -747,10 +754,11 @@
         const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
         const std::vector<uint8_t>& keysToSignMac, const ProtectedData& protectedData,
         const EekChain& eekChain, const std::vector<uint8_t>& eekId, int32_t supportedEekCurve,
-        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge) {
+        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+        bool allowAnyMode) {
     return verifyProtectedData(deviceInfo, keysToSign, keysToSignMac, protectedData, eekChain,
                                eekId, supportedEekCurve, provisionable, challenge,
-                               /*isFactory=*/false);
+                               /*isFactory=*/false, allowAnyMode);
 }
 
 ErrMsgOr<X509_Ptr> parseX509Cert(const std::vector<uint8_t>& cert) {
@@ -974,20 +982,22 @@
 
 ErrMsgOr<hwtrust::DiceChain::Kind> getDiceChainKind() {
     int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
-    switch (vendor_api_level) {
-        case __ANDROID_API_T__:
-            return hwtrust::DiceChain::Kind::kVsr13;
-        case __ANDROID_API_U__:
-            return hwtrust::DiceChain::Kind::kVsr14;
-        case 202404: /* TODO(b/315056516) Use a version macro for vendor API 24Q2 */
-            return hwtrust::DiceChain::Kind::kVsr15;
-        default:
-            return "Unsupported vendor API level: " + std::to_string(vendor_api_level);
+    if (vendor_api_level == __ANDROID_API_T__) {
+        return hwtrust::DiceChain::Kind::kVsr13;
+    } else if (vendor_api_level == __ANDROID_API_U__) {
+        return hwtrust::DiceChain::Kind::kVsr14;
+    } else if (vendor_api_level == 202404) {
+        return hwtrust::DiceChain::Kind::kVsr15;
+    } else if (vendor_api_level > 202404) {
+        return hwtrust::DiceChain::Kind::kVsr16;
+    } else {
+        return "Unsupported vendor API level: " + std::to_string(vendor_api_level);
     }
 }
 
 ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
-                                                       const std::vector<uint8_t>& challenge) {
+                                                       const std::vector<uint8_t>& challenge,
+                                                       bool allowAnyMode = false) {
     auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
     if (!parsedRequest) {
         return csrErrMsg;
@@ -1025,7 +1035,7 @@
         return diceChainKind.message();
     }
 
-    auto diceContents = validateBcc(diceCertChain, *diceChainKind);
+    auto diceContents = validateBcc(diceCertChain, *diceChainKind, allowAnyMode);
     if (!diceContents) {
         return diceContents.message() + "\n" + prettyPrint(diceCertChain);
     }
@@ -1054,7 +1064,7 @@
                                                    const std::vector<uint8_t>& csr,
                                                    IRemotelyProvisionedComponent* provisionable,
                                                    const std::vector<uint8_t>& challenge,
-                                                   bool isFactory) {
+                                                   bool isFactory, bool allowAnyMode = false) {
     RpcHardwareInfo info;
     provisionable->getHardwareInfo(&info);
     if (info.versionNumber != 3) {
@@ -1062,7 +1072,7 @@
                ") does not match expected version (3).";
     }
 
-    auto csrPayload = parseAndValidateAuthenticatedRequest(csr, challenge);
+    auto csrPayload = parseAndValidateAuthenticatedRequest(csr, challenge, allowAnyMode);
     if (!csrPayload) {
         return csrPayload.message();
     }
@@ -1078,8 +1088,9 @@
 
 ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(
         const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
-        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge) {
-    return verifyCsr(keysToSign, csr, provisionable, challenge, /*isFactory=*/false);
+        IRemotelyProvisionedComponent* provisionable, const std::vector<uint8_t>& challenge,
+        bool allowAnyMode) {
+    return verifyCsr(keysToSign, csr, provisionable, challenge, /*isFactory=*/false, allowAnyMode);
 }
 
 ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr) {
@@ -1113,7 +1124,8 @@
     }
 
     auto encodedDiceChain = diceCertChain->encode();
-    auto chain = hwtrust::DiceChain::Verify(encodedDiceChain, *diceChainKind);
+    auto chain =
+            hwtrust::DiceChain::Verify(encodedDiceChain, *diceChainKind, /*allowAnyMode=*/false);
     if (!chain.ok()) return chain.error().message();
     return chain->IsProper();
 }
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 2dbc73f..f68ff91 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -188,7 +188,8 @@
         }
         ASSERT_NE(provisionable_, nullptr);
         auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo);
-        if (GetParam() == RKP_VM_INSTANCE_NAME) {
+        isRkpVmInstance_ = GetParam() == RKP_VM_INSTANCE_NAME;
+        if (isRkpVmInstance_) {
             if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
                 GTEST_SKIP() << "The RKP VM is not supported on this system.";
             }
@@ -209,6 +210,7 @@
   protected:
     std::shared_ptr<IRemotelyProvisionedComponent> provisionable_;
     RpcHardwareInfo rpcHardwareInfo;
+    bool isRkpVmInstance_;
 };
 
 /**
@@ -765,7 +767,8 @@
                 provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
         ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-        auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge);
+        auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge,
+                                          isRkpVmInstance_);
         ASSERT_TRUE(result) << result.message();
     }
 }
@@ -786,7 +789,8 @@
         auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge, &csr);
         ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-        auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge);
+        auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge,
+                                          isRkpVmInstance_);
         ASSERT_TRUE(result) << result.message();
     }
 }
@@ -816,13 +820,15 @@
     auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-    auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+    auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
+                                        isRkpVmInstance_);
     ASSERT_TRUE(firstCsr) << firstCsr.message();
 
     status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-    auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+    auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
+                                         isRkpVmInstance_);
     ASSERT_TRUE(secondCsr) << secondCsr.message();
 
     ASSERT_EQ(**firstCsr, **secondCsr);
@@ -840,7 +846,8 @@
     auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getDescription();
 
-    auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+    auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_,
+                                      isRkpVmInstance_);
     ASSERT_TRUE(result) << result.message();
 }
 
diff --git a/weaver/vts/VtsHalWeaverTargetTest.cpp b/weaver/vts/VtsHalWeaverTargetTest.cpp
index 40e9558..8952dfc 100644
--- a/weaver/vts/VtsHalWeaverTargetTest.cpp
+++ b/weaver/vts/VtsHalWeaverTargetTest.cpp
@@ -221,7 +221,10 @@
         }
     }
     // Starting in Android 14, the system will always use at least one Weaver slot if Weaver is
-    // supported at all.  Make sure we saw at least one.
+    // supported at all.  This is true even if an LSKF hasn't been set yet, since Weaver is used to
+    // protect the initial binding of each user's synthetic password to ensure that binding can be
+    // securely deleted if an LSKF is set later.  Make sure we saw at least one slot, as otherwise
+    // the Weaver implementation must have a bug that makes it not fully usable by Android.
     ASSERT_FALSE(used_slots.empty())
             << "Could not determine which Weaver slots are in use by the system";