Merge "Blocklist strongest Sv of each constellation" into main
diff --git a/camera/provider/aidl/vts/device_cb.cpp b/camera/provider/aidl/vts/device_cb.cpp
index bfd1cd1..940b4af 100644
--- a/camera/provider/aidl/vts/device_cb.cpp
+++ b/camera/provider/aidl/vts/device_cb.cpp
@@ -421,12 +421,19 @@
}
for (const auto& buffer : results.outputBuffers) {
+ std::unique_lock<std::mutex> l(mLock);
CameraAidlTest::InFlightRequest::StreamBufferAndTimestamp streamBufferAndTimestamp;
- auto outstandingBuffers = mUseHalBufManager ? mOutstandingBufferIds :
+ auto& outstandingBuffers = mUseHalBufManager ? mOutstandingBufferIds :
request->mOutstandingBufferIds;
auto bufferId = mUseHalBufManager ? buffer.bufferId : results.frameNumber;
- auto outputBuffer = outstandingBuffers.empty() ? ::android::makeFromAidl(buffer.buffer) :
- outstandingBuffers[buffer.streamId][bufferId];
+ const native_handle_t *outputBuffer = nullptr;
+ if (outstandingBuffers.empty()) {
+ outputBuffer = ::android::makeFromAidl(buffer.buffer);
+ } else if (outstandingBuffers[buffer.streamId].contains(bufferId)) {
+ outputBuffer = outstandingBuffers[buffer.streamId][bufferId];
+ } else {
+ ALOGV("%s: Invalid bufferId: %" PRId64, __FUNCTION__, bufferId);
+ }
streamBufferAndTimestamp.buffer = {buffer.streamId,
bufferId,
outputBuffer,
diff --git a/configstore/1.1/default/Android.bp b/configstore/1.1/default/Android.bp
new file mode 100644
index 0000000..34470ad
--- /dev/null
+++ b/configstore/1.1/default/Android.bp
@@ -0,0 +1,142 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//###############################################################################
+package {
+ // See: http://go/android-license-faq
+ default_applicable_licenses: [
+ "hardware_interfaces_license",
+ ],
+}
+
+soong_config_module_type {
+ name: "surfaceflinger_cc_defaults_type",
+ module_type: "cc_defaults",
+ config_namespace: "surfaceflinger",
+ value_variables: [
+ "vsync_event_phase_offset_ns",
+ "sf_vsync_event_phase_offset_ns",
+ "present_time_offset_from_vsync_ns",
+ "max_virtual_displat_dimension",
+ "num_framebuffer_surface_buffers",
+ "sf_primary_display_orientation",
+ ],
+ bool_variables: [
+ "use_context_priority",
+ "has_wide_color_display",
+ "has_hdr_display",
+ "force_hwc_copy_for_virtual_displays",
+ "running_without_sync_framework",
+ "use_vr_flinger",
+ "sf_start_graphics_allocator_service",
+ ],
+ properties: [
+ "cflags",
+ ],
+}
+
+surfaceflinger_cc_defaults_type {
+ name: "surfaceflinger_cc_defaults",
+ srcs: [
+ "SurfaceFlingerConfigs.cpp",
+ ],
+ soong_config_variables: {
+ vsync_event_phase_offset_ns: {
+ cflags: ["-DVSYNC_EVENT_PHASE_OFFSET_NS=%s"],
+ },
+ sf_vsync_event_phase_offset_ns: {
+ cflags: ["-DSF_VSYNC_EVENT_PHASE_OFFSET_NS=%s"],
+ },
+ present_time_offset_from_vsync_ns: {
+ cflags: ["-DPRESENT_TIME_OFFSET_FROM_VSYNC_NS=%s"],
+ },
+ max_virtual_displat_dimension: {
+ cflags: ["-DMAX_VIRTUAL_DISPLAY_DIMENSION=%s"],
+ },
+ num_framebuffer_surface_buffers: {
+ cflags: ["-DNUM_FRAMEBUFFER_SURFACE_BUFFERS=%s"],
+ },
+ sf_primary_display_orientation: {
+ cflags: ["-DPRIMARY_DISPLAY_ORIENTATION=%s"],
+ },
+ use_context_priority: {
+ cflags: ["-DUSE_CONTEXT_PRIORITY=1"],
+ },
+ has_wide_color_display: {
+ cflags: ["-DHAS_WIDE_COLOR_DISPLAY"],
+ },
+ has_hdr_display: {
+ cflags: ["-DHAS_HDR_DISPLAY"],
+ },
+ force_hwc_copy_for_virtual_displays: {
+ cflags: ["-DFORCE_HWC_COPY_FOR_VIRTUAL_DISPLAYS"],
+ },
+ running_without_sync_framework: {
+ cflags: ["-DRUNNING_WITHOUT_SYNC_FRAMEWORK"],
+ },
+ use_vr_flinger: {
+ cflags: ["-DUSE_VR_FLINGER"],
+ },
+ sf_start_graphics_allocator_service: {
+ cflags: ["-DSTART_GRAPHICS_ALLOCATOR_SERVICE"],
+ },
+ },
+}
+
+cc_binary {
+ name: "android.hardware.configstore@1.1-service",
+ srcs: ["service.cpp"],
+ vendor: true,
+ relative_install_path: "hw",
+ init_rc: ["android.hardware.configstore@1.1-service.rc"],
+ shared_libs: [
+ "libhidlbase",
+ "libbase",
+ "libhwminijail",
+ "liblog",
+ "libutils",
+ "android.hardware.configstore@1.0",
+ "android.hardware.configstore@1.1",
+ ],
+ defaults: [
+ "surfaceflinger_cc_defaults",
+ ],
+ required: select((arch(), soong_config_variable("ANDROID", "GCOV_COVERAGE")), {
+ ("arm64", false): ["configstore@1.1.policy"],
+ (default, default): [],
+ }),
+}
+
+// Only build for arm64
+prebuilt_etc {
+ name: "configstore@1.1.policy",
+ relative_install_path: "seccomp_policy",
+ proprietary: true,
+ enabled: false,
+ arch: {
+ arm64: {
+ src: "seccomp_policy/configstore@1.1-arm64.policy",
+ enabled: true,
+ },
+ },
+}
+
+// disable configstore
+cc_binary {
+ name: "disable_configstore",
+ installable: false,
+ srcs: ["disable_configstore.cpp"],
+ overrides: ["android.hardware.configstore@1.1-service"],
+ vendor: true,
+}
diff --git a/configstore/1.1/default/Android.mk b/configstore/1.1/default/Android.mk
deleted file mode 100644
index 9a6f0fc..0000000
--- a/configstore/1.1/default/Android.mk
+++ /dev/null
@@ -1,57 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-################################################################################
-include $(CLEAR_VARS)
-LOCAL_MODULE := android.hardware.configstore@1.1-service
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../../NOTICE
-# seccomp is not required for coverage build.
-ifneq ($(NATIVE_COVERAGE),true)
-LOCAL_REQUIRED_MODULES_arm64 := configstore@1.1.policy
-endif
-LOCAL_VENDOR_MODULE := true
-LOCAL_MODULE_CLASS := EXECUTABLES
-LOCAL_MODULE_RELATIVE_PATH := hw
-LOCAL_INIT_RC := android.hardware.configstore@1.1-service.rc
-LOCAL_SRC_FILES:= service.cpp
-
-include $(LOCAL_PATH)/surfaceflinger.mk
-
-LOCAL_SHARED_LIBRARIES := \
- libhidlbase \
- libbase \
- libhwminijail \
- liblog \
- libutils \
- android.hardware.configstore@1.0 \
- android.hardware.configstore@1.1
-
-include $(BUILD_EXECUTABLE)
-
-# seccomp filter for configstore
-ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm64))
-include $(CLEAR_VARS)
-LOCAL_MODULE := configstore@1.1.policy
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../../NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/seccomp_policy
-LOCAL_SRC_FILES := seccomp_policy/configstore@1.1-$(TARGET_ARCH).policy
-include $(BUILD_PREBUILT)
-endif
-
-# disable configstore
-include $(CLEAR_VARS)
-LOCAL_MODULE := disable_configstore
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../../NOTICE
-LOCAL_MODULE_CLASS := EXECUTABLES
-LOCAL_SRC_FILES:= disable_configstore.cpp
-LOCAL_OVERRIDES_MODULES := android.hardware.configstore@1.1-service
-LOCAL_VENDOR_MODULE := true
-LOCAL_UNINSTALLABLE_MODULE := true
-
-include $(BUILD_EXECUTABLE)
diff --git a/configstore/1.1/default/surfaceflinger.mk b/configstore/1.1/default/surfaceflinger.mk
index 35922eb..462fe85 100644
--- a/configstore/1.1/default/surfaceflinger.mk
+++ b/configstore/1.1/default/surfaceflinger.mk
@@ -2,55 +2,69 @@
LOCAL_SRC_FILES += SurfaceFlingerConfigs.cpp
ifneq ($(VSYNC_EVENT_PHASE_OFFSET_NS),)
+ $(call soong_config_set,surfaceflinger,vsync_event_phase_offset_ns,$(VSYNC_EVENT_PHASE_OFFSET_NS))
LOCAL_CFLAGS += -DVSYNC_EVENT_PHASE_OFFSET_NS=$(VSYNC_EVENT_PHASE_OFFSET_NS)
endif
ifneq ($(SF_VSYNC_EVENT_PHASE_OFFSET_NS),)
+ $(call soong_config_set,surfaceflinger,sf_vsync_event_phase_offset_ns,$(SF_VSYNC_EVENT_PHASE_OFFSET_NS))
LOCAL_CFLAGS += -DSF_VSYNC_EVENT_PHASE_OFFSET_NS=$(SF_VSYNC_EVENT_PHASE_OFFSET_NS)
endif
ifeq ($(TARGET_USE_CONTEXT_PRIORITY),true)
+ $(call soong_config_set_bool,surfaceflinger,use_context_priority,true)
LOCAL_CFLAGS += -DUSE_CONTEXT_PRIORITY=1
endif
ifeq ($(TARGET_HAS_WIDE_COLOR_DISPLAY),true)
+ $(call soong_config_set_bool,surfaceflinger,has_wide_color_display,true)
LOCAL_CFLAGS += -DHAS_WIDE_COLOR_DISPLAY
endif
ifeq ($(TARGET_HAS_HDR_DISPLAY),true)
+ $(call soong_config_set_bool,surfaceflinger,has_hdr_display,true)
LOCAL_CFLAGS += -DHAS_HDR_DISPLAY
endif
ifneq ($(PRESENT_TIME_OFFSET_FROM_VSYNC_NS),)
+ $(call soong_config_set,surfaceflinger,present_time_offset_from_vsync_ns,$(PRESENT_TIME_OFFSET_FROM_VSYNC_NS))
LOCAL_CFLAGS += -DPRESENT_TIME_OFFSET_FROM_VSYNC_NS=$(PRESENT_TIME_OFFSET_FROM_VSYNC_NS)
else
+ $(call soong_config_set,surfaceflinger,present_time_offset_from_vsync_ns,0)
LOCAL_CFLAGS += -DPRESENT_TIME_OFFSET_FROM_VSYNC_NS=0
endif
ifeq ($(TARGET_FORCE_HWC_FOR_VIRTUAL_DISPLAYS),true)
+ $(call soong_config_set_bool,surfaceflinger,force_hwc_copy_for_virtual_displays,true)
LOCAL_CFLAGS += -DFORCE_HWC_COPY_FOR_VIRTUAL_DISPLAYS
endif
ifneq ($(MAX_VIRTUAL_DISPLAY_DIMENSION),)
+ $(call soong_config_set,surfaceflinger,max_virtual_displat_dimension,$(MAX_VIRTUAL_DISPLAY_DIMENSION))
LOCAL_CFLAGS += -DMAX_VIRTUAL_DISPLAY_DIMENSION=$(MAX_VIRTUAL_DISPLAY_DIMENSION)
endif
ifeq ($(TARGET_RUNNING_WITHOUT_SYNC_FRAMEWORK),true)
+ $(call soong_config_set_bool,surfaceflinger,running_without_sync_framework,true)
LOCAL_CFLAGS += -DRUNNING_WITHOUT_SYNC_FRAMEWORK
endif
ifneq ($(USE_VR_FLINGER),)
+ $(call soong_config_set_bool,surfaceflinger,use_vr_flinger,true)
LOCAL_CFLAGS += -DUSE_VR_FLINGER
endif
ifneq ($(NUM_FRAMEBUFFER_SURFACE_BUFFERS),)
+ $(call soong_config_set,surfaceflinger,num_framebuffer_surface_buffers,$(NUM_FRAMEBUFFER_SURFACE_BUFFERS))
LOCAL_CFLAGS += -DNUM_FRAMEBUFFER_SURFACE_BUFFERS=$(NUM_FRAMEBUFFER_SURFACE_BUFFERS)
endif
ifneq ($(SF_START_GRAPHICS_ALLOCATOR_SERVICE),)
+ $(call soong_config_set_bool,surfaceflinger,sf_start_graphics_allocator_service,true)
LOCAL_CFLAGS += -DSTART_GRAPHICS_ALLOCATOR_SERVICE
endif
ifneq ($(SF_PRIMARY_DISPLAY_ORIENTATION),)
+ $(call soong_config_set,surfaceflinger,sf_primary_display_orientation,$(SF_PRIMARY_DISPLAY_ORIENTATION))
LOCAL_CFLAGS += -DPRIMARY_DISPLAY_ORIENTATION=$(SF_PRIMARY_DISPLAY_ORIENTATION)
endif
diff --git a/contexthub/aidl/default/ContextHub.cpp b/contexthub/aidl/default/ContextHub.cpp
index c1af0a3..7eb51d0 100644
--- a/contexthub/aidl/default/ContextHub.cpp
+++ b/contexthub/aidl/default/ContextHub.cpp
@@ -15,6 +15,7 @@
*/
#include "contexthub-impl/ContextHub.h"
+#include "aidl/android/hardware/contexthub/IContextHubCallback.h"
#ifndef LOG_TAG
#define LOG_TAG "CHRE"
@@ -22,6 +23,8 @@
#include <inttypes.h>
#include <log/log.h>
+#include <optional>
+#include <thread>
using ::ndk::ScopedAStatus;
@@ -62,6 +65,9 @@
},
};
+//! Mutex used to ensure callbacks are called after the initial function returns.
+std::mutex gCallbackMutex;
+
} // anonymous namespace
ScopedAStatus ContextHub::getContextHubs(std::vector<ContextHubInfo>* out_contextHubInfos) {
@@ -297,8 +303,8 @@
mMaxValidSessionId = in_size;
}
- _aidl_return->at(0) = 0;
- _aidl_return->at(1) = in_size;
+ (*_aidl_return)[0] = 0;
+ (*_aidl_return)[1] = in_size;
return ScopedAStatus::ok();
};
@@ -308,7 +314,7 @@
// We are not calling onCloseEndpointSession on failure because the remote endpoints (our
// mock endpoints) always accept the session.
- std::shared_ptr<IEndpointCallback> callback = nullptr;
+ std::weak_ptr<IEndpointCallback> callback;
{
std::unique_lock<std::mutex> lock(mEndpointMutex);
if (in_sessionId > mMaxValidSessionId) {
@@ -355,23 +361,27 @@
.serviceDescriptor = in_serviceDescriptor,
});
- if (mEndpointCallback != nullptr) {
- callback = mEndpointCallback;
+ if (mEndpointCallback == nullptr) {
+ return ScopedAStatus::ok();
}
+ callback = mEndpointCallback;
}
- if (callback != nullptr) {
- callback->onEndpointSessionOpenComplete(in_sessionId);
- }
+ std::unique_lock<std::mutex> lock(gCallbackMutex);
+ std::thread{[callback, in_sessionId]() {
+ std::unique_lock<std::mutex> lock(gCallbackMutex);
+ if (auto cb = callback.lock(); cb != nullptr) {
+ cb->onEndpointSessionOpenComplete(in_sessionId);
+ }
+ }}.detach();
return ScopedAStatus::ok();
};
ScopedAStatus ContextHub::sendMessageToEndpoint(int32_t in_sessionId, const Message& in_msg) {
- bool foundSession = false;
- std::shared_ptr<IEndpointCallback> callback = nullptr;
+ std::weak_ptr<IEndpointCallback> callback;
{
std::unique_lock<std::mutex> lock(mEndpointMutex);
-
+ bool foundSession = false;
for (const EndpointSession& session : mEndpointSessions) {
if (session.sessionId == in_sessionId) {
foundSession = true;
@@ -379,27 +389,38 @@
}
}
- if (mEndpointCallback != nullptr) {
- callback = mEndpointCallback;
- }
- }
-
- if (!foundSession) {
- ALOGE("sendMessageToEndpoint: session ID %" PRId32 " is invalid", in_sessionId);
- return ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
- }
-
- if (callback != nullptr) {
- if (in_msg.flags & Message::FLAG_REQUIRES_DELIVERY_STATUS) {
- MessageDeliveryStatus msgStatus = {};
- msgStatus.messageSequenceNumber = in_msg.sequenceNumber;
- msgStatus.errorCode = ErrorCode::OK;
- callback->onMessageDeliveryStatusReceived(in_sessionId, msgStatus);
+ if (!foundSession) {
+ ALOGE("sendMessageToEndpoint: session ID %" PRId32 " is invalid", in_sessionId);
+ return ScopedAStatus::fromExceptionCode(EX_ILLEGAL_ARGUMENT);
}
- // Echo the message back
- callback->onMessageReceived(in_sessionId, in_msg);
+ if (mEndpointCallback == nullptr) {
+ return ScopedAStatus::ok();
+ }
+ callback = mEndpointCallback;
}
+
+ std::unique_lock<std::mutex> lock(gCallbackMutex);
+ if ((in_msg.flags & Message::FLAG_REQUIRES_DELIVERY_STATUS) != 0) {
+ MessageDeliveryStatus msgStatus = {};
+ msgStatus.messageSequenceNumber = in_msg.sequenceNumber;
+ msgStatus.errorCode = ErrorCode::OK;
+
+ std::thread{[callback, in_sessionId, msgStatus]() {
+ std::unique_lock<std::mutex> lock(gCallbackMutex);
+ if (auto cb = callback.lock(); cb != nullptr) {
+ cb->onMessageDeliveryStatusReceived(in_sessionId, msgStatus);
+ }
+ }}.detach();
+ }
+
+ // Echo the message back
+ std::thread{[callback, in_sessionId, in_msg]() {
+ std::unique_lock<std::mutex> lock(gCallbackMutex);
+ if (auto cb = callback.lock(); cb != nullptr) {
+ cb->onMessageReceived(in_sessionId, in_msg);
+ }
+ }}.detach();
return ScopedAStatus::ok();
};
diff --git a/contexthub/aidl/vts/VtsAidlHalContextHubTargetTest.cpp b/contexthub/aidl/vts/VtsAidlHalContextHubTargetTest.cpp
index 090d4fe..02f0653 100644
--- a/contexthub/aidl/vts/VtsAidlHalContextHubTargetTest.cpp
+++ b/contexthub/aidl/vts/VtsAidlHalContextHubTargetTest.cpp
@@ -492,7 +492,11 @@
}
Status onMessageReceived(int32_t /* sessionId */, const Message& message) override {
- mMessages.push_back(message);
+ {
+ std::unique_lock<std::mutex> lock(mMutex);
+ mMessages.push_back(message);
+ }
+ mCondVar.notify_one();
return Status::ok();
}
@@ -513,21 +517,30 @@
}
Status onEndpointSessionOpenComplete(int32_t /* sessionId */) override {
- mWasOnEndpointSessionOpenCompleteCalled = true;
+ {
+ std::unique_lock<std::mutex> lock(mMutex);
+ mWasOnEndpointSessionOpenCompleteCalled = true;
+ }
+ mCondVar.notify_one();
return Status::ok();
}
- std::vector<Message> getMessages() { return mMessages; }
-
bool wasOnEndpointSessionOpenCompleteCalled() {
return mWasOnEndpointSessionOpenCompleteCalled;
}
+
void resetWasOnEndpointSessionOpenCompleteCalled() {
mWasOnEndpointSessionOpenCompleteCalled = false;
}
+ std::mutex& getMutex() { return mMutex; }
+ std::condition_variable& getCondVar() { return mCondVar; }
+ std::vector<Message> getMessages() { return mMessages; }
+
private:
std::vector<Message> mMessages;
+ std::mutex mMutex;
+ std::condition_variable mCondVar;
bool mWasOnEndpointSessionOpenCompleteCalled = false;
};
@@ -690,14 +703,12 @@
EXPECT_GE(range[1] - range[0] + 1, requestedRange);
// Open the session
- cb->resetWasOnEndpointSessionOpenCompleteCalled();
int32_t sessionId = range[1] + 10; // invalid
EXPECT_FALSE(contextHub
->openEndpointSession(sessionId, destinationEndpoint->id,
initiatorEndpoint.id,
/* in_serviceDescriptor= */ String16("ECHO"))
.isOk());
- EXPECT_FALSE(cb->wasOnEndpointSessionOpenCompleteCalled());
}
TEST_P(ContextHubAidl, OpenEndpointSessionAndSendMessageEchoesBack) {
@@ -710,6 +721,8 @@
EXPECT_TRUE(status.isOk());
}
+ std::unique_lock<std::mutex> lock(cb->getMutex());
+
// Register the endpoint
EndpointInfo initiatorEndpoint;
initiatorEndpoint.id.id = 8;
@@ -750,6 +763,7 @@
initiatorEndpoint.id,
/* in_serviceDescriptor= */ String16("ECHO"))
.isOk());
+ cb->getCondVar().wait(lock);
EXPECT_TRUE(cb->wasOnEndpointSessionOpenCompleteCalled());
// Send the message
@@ -760,6 +774,7 @@
ASSERT_TRUE(contextHub->sendMessageToEndpoint(sessionId, message).isOk());
// Check for echo
+ cb->getCondVar().wait(lock);
EXPECT_FALSE(cb->getMessages().empty());
EXPECT_EQ(cb->getMessages().back().content.back(), 42);
}
diff --git a/graphics/composer/aidl/include/android/hardware/graphics/composer3/ComposerServiceWriter.h b/graphics/composer/aidl/include/android/hardware/graphics/composer3/ComposerServiceWriter.h
index b50b84b..9dce140 100644
--- a/graphics/composer/aidl/include/android/hardware/graphics/composer3/ComposerServiceWriter.h
+++ b/graphics/composer/aidl/include/android/hardware/graphics/composer3/ComposerServiceWriter.h
@@ -116,6 +116,13 @@
mCommandsResults.emplace_back(std::move(clientTargetPropertyWithBrightness));
}
+ void setDisplayLuts(int64_t display, std::vector<DisplayLuts::LayerLut> layerLuts) {
+ DisplayLuts displayLuts;
+ displayLuts.display = display;
+ displayLuts.layerLuts = std::move(layerLuts);
+ mCommandsResults.emplace_back(std::move(displayLuts));
+ }
+
std::vector<CommandResultPayload> getPendingCommandResults() {
return std::move(mCommandsResults);
}
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index 3fa23cc..cfc31b3 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -222,6 +222,11 @@
const std::vector<uint8_t>& csr2,
std::string_view instanceName2);
+/** Checks whether the component name in the configuration descriptor in the leaf certificate
+ * of the primary KeyMint instance's DICE certificate chain contains "keymint"
+ */
+ErrMsgOr<bool> verifyComponentNameInKeyMintDiceChain(const std::vector<uint8_t>& csr);
+
/** Verify the DICE chain. */
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
hwtrust::DiceChain::Kind kind, bool allowAnyMode,
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 15b2144..0f7cda6 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -45,6 +45,7 @@
constexpr int32_t kBccPayloadKeyUsage = -4670553;
constexpr int kP256AffinePointSize = 32;
constexpr uint32_t kNumTeeDeviceInfoEntries = 14;
+constexpr std::string_view kKeyMintComponentName = "keymint";
using EC_KEY_Ptr = bssl::UniquePtr<EC_KEY>;
using EVP_PKEY_Ptr = bssl::UniquePtr<EVP_PKEY>;
@@ -882,7 +883,7 @@
return diceChain->IsProper();
}
-std::string hexlify(const std::vector<unsigned char>& bytes) {
+std::string hexlify(const std::vector<uint8_t>& bytes) {
std::stringstream ss;
ss << std::hex << std::setfill('0');
@@ -944,4 +945,29 @@
return *result;
}
+ErrMsgOr<bool> verifyComponentNameInKeyMintDiceChain(const std::vector<uint8_t>& encodedCsr) {
+ auto diceChainKind = getDiceChainKind();
+ if (!diceChainKind) {
+ return diceChainKind.message();
+ }
+
+ auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
+ false /*allowAnyMode*/, deviceSuffix(DEFAULT_INSTANCE_NAME));
+ if (!csr.ok()) {
+ return csr.error().message();
+ }
+
+ auto diceChain = csr->getDiceChain();
+ if (!diceChain.ok()) {
+ return diceChain.error().message();
+ }
+
+ auto satisfied = diceChain->componentNameContains(kKeyMintComponentName);
+ if (!satisfied.ok()) {
+ return satisfied.error().message();
+ }
+
+ return *satisfied;
+}
+
} // namespace aidl::android::hardware::security::keymint::remote_prov
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index c6080cd..8e3600c 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -408,6 +408,82 @@
0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61,
0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+inline const std::vector<uint8_t> kCsrWithKeyMintInComponentName{
+ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x44,
+ 0xfd, 0xdd, 0xf1, 0x8a, 0x78, 0xa0, 0xbe, 0x37, 0x49, 0x51, 0x85, 0xfb, 0x7a, 0x16, 0xca,
+ 0xc1, 0x00, 0xb3, 0x78, 0x13, 0x4a, 0x90, 0x4c, 0x5a, 0xa1, 0x3b, 0xfc, 0xea, 0xb6, 0xf3,
+ 0x16, 0x22, 0x58, 0x20, 0x12, 0x7f, 0xf5, 0xe2, 0x14, 0xbd, 0x5d, 0x51, 0xd3, 0x7f, 0x2f,
+ 0x1f, 0x9c, 0xc2, 0x18, 0x31, 0x94, 0x13, 0x52, 0x31, 0x3d, 0x43, 0xc9, 0x39, 0xbc, 0xc9,
+ 0x06, 0xb0, 0xb2, 0xa9, 0x0e, 0x59, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x0e,
+ 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47,
+ 0x44, 0x52, 0x58, 0x20, 0x88, 0x44, 0x82, 0xb6, 0x6c, 0x9c, 0xcb, 0x2e, 0xe8, 0xdc, 0xb4,
+ 0xe9, 0xd3, 0xf7, 0x87, 0x63, 0x03, 0xaa, 0x90, 0x9d, 0xd9, 0xcb, 0xc3, 0x81, 0x03, 0x5b,
+ 0xa9, 0xa2, 0x75, 0xe8, 0xfa, 0x50, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x58, 0x1e, 0xa1, 0x3a,
+ 0x00, 0x01, 0x11, 0x71, 0x77, 0x4d, 0x6f, 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20,
+ 0x6a, 0x75, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0x3f, 0x3a, 0x00,
+ 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a,
+ 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58,
+ 0x20, 0xe7, 0x0e, 0x4b, 0xcb, 0x8d, 0x4a, 0xd0, 0x36, 0x7f, 0xbf, 0x19, 0xdd, 0x9a, 0xd9,
+ 0x43, 0x62, 0xab, 0x29, 0x13, 0x1e, 0x14, 0x98, 0x68, 0xee, 0x5d, 0xae, 0xfa, 0x2f, 0x49,
+ 0x99, 0xfa, 0x0b, 0x22, 0x58, 0x20, 0xfb, 0x9f, 0xd3, 0xd8, 0x67, 0x86, 0x81, 0x5f, 0xb3,
+ 0x84, 0x00, 0x32, 0xc4, 0xe8, 0x7e, 0x9b, 0xb2, 0x4c, 0x1d, 0xd7, 0x71, 0x0d, 0x8f, 0xe0,
+ 0x26, 0xc6, 0x73, 0xb1, 0x8f, 0x2d, 0x02, 0xf8, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20,
+ 0x58, 0x40, 0x8f, 0xb9, 0x41, 0x5f, 0xa7, 0x48, 0xe4, 0xe3, 0xfb, 0x80, 0xbf, 0x2e, 0x30,
+ 0xb8, 0xc9, 0x2c, 0xe4, 0x74, 0x4f, 0x4c, 0xb1, 0x79, 0xfb, 0x42, 0x43, 0x1e, 0xb4, 0x6c,
+ 0x6a, 0x37, 0xaf, 0x3a, 0x76, 0x15, 0x16, 0x1f, 0x25, 0x26, 0x27, 0x1b, 0x9c, 0x5c, 0xcf,
+ 0x9a, 0xfd, 0xb0, 0x82, 0xad, 0xe4, 0xd1, 0xd9, 0x04, 0x80, 0x80, 0x1a, 0x21, 0x12, 0x3e,
+ 0x81, 0xff, 0x0c, 0x23, 0x3d, 0x0a, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x10,
+ 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+ 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xea, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d,
+ 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67,
+ 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c,
+ 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64,
+ 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70,
+ 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67,
+ 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+ 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65,
+ 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61,
+ 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69,
+ 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f,
+ 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a,
+ 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72,
+ 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73,
+ 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76,
+ 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f,
+ 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c,
+ 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x40, 0x9a, 0x39,
+ 0x4d, 0xe2, 0xc5, 0x48, 0x58, 0x6e, 0xaa, 0x17, 0x81, 0x8a, 0xba, 0xc4, 0xea, 0x20, 0x23,
+ 0xc4, 0xf3, 0xdc, 0xfa, 0x78, 0x9f, 0x5b, 0x7d, 0x30, 0xd2, 0x3d, 0x6f, 0x42, 0xa8, 0x22,
+ 0x58, 0x20, 0x3e, 0x85, 0x73, 0xe5, 0x86, 0x57, 0x45, 0x72, 0xcd, 0xf2, 0xe8, 0x62, 0x93,
+ 0xf3, 0xea, 0xbf, 0x21, 0x57, 0xa9, 0x25, 0xe7, 0xa8, 0x2a, 0xa0, 0xd0, 0x0a, 0x1d, 0xa5,
+ 0x81, 0x22, 0xd0, 0xe1, 0x23, 0x58, 0x21, 0x00, 0x95, 0x00, 0xea, 0x43, 0x32, 0x8d, 0x2e,
+ 0x1c, 0x18, 0x6d, 0x73, 0x34, 0xa2, 0xe4, 0x53, 0x64, 0x20, 0x95, 0x25, 0x8d, 0x4b, 0x97,
+ 0x71, 0x13, 0xdf, 0xa6, 0x0e, 0xdc, 0x5b, 0x66, 0x66, 0x0b, 0xa6, 0x01, 0x02, 0x03, 0x26,
+ 0x20, 0x01, 0x21, 0x58, 0x20, 0xa4, 0x81, 0xd9, 0xa0, 0x37, 0x89, 0xb1, 0x5d, 0x22, 0xf1,
+ 0x22, 0x7e, 0x19, 0x00, 0xf1, 0x87, 0xdf, 0x10, 0x88, 0x1f, 0x64, 0xc5, 0x46, 0x6d, 0x91,
+ 0x9d, 0x6c, 0x86, 0x3b, 0x67, 0x07, 0x14, 0x22, 0x58, 0x20, 0x3c, 0x42, 0x1f, 0x47, 0x62,
+ 0x2c, 0x4f, 0x08, 0x29, 0xe9, 0xc6, 0x0c, 0x7c, 0xe5, 0x11, 0xc6, 0x39, 0x69, 0xc9, 0x9d,
+ 0xdf, 0x69, 0x18, 0x8e, 0xdb, 0x99, 0x87, 0x52, 0x2f, 0x6b, 0xb4, 0x6a, 0x23, 0x58, 0x21,
+ 0x00, 0x83, 0xa2, 0x6f, 0x5b, 0x3a, 0x71, 0x7c, 0x66, 0x3c, 0x96, 0x3f, 0x4e, 0x42, 0x6f,
+ 0x98, 0x45, 0x1f, 0x59, 0x50, 0x03, 0x48, 0x9b, 0x57, 0xf5, 0x0e, 0x0f, 0x96, 0x30, 0xa4,
+ 0xd6, 0xc3, 0x45, 0x58, 0x40, 0x8b, 0xdf, 0xc8, 0xc7, 0x6d, 0xa4, 0x02, 0xec, 0x3c, 0x5d,
+ 0x90, 0x73, 0x0f, 0x8c, 0x10, 0x0f, 0x99, 0xd2, 0x85, 0x6e, 0x03, 0x45, 0x55, 0x28, 0xf7,
+ 0x64, 0x0b, 0xbd, 0x7c, 0x3a, 0x69, 0xf1, 0x80, 0x1a, 0xf3, 0x93, 0x7e, 0x82, 0xfc, 0xa5,
+ 0x3b, 0x69, 0x98, 0xf1, 0xde, 0x06, 0xb6, 0x72, 0x78, 0x0b, 0xdb, 0xbb, 0x97, 0x20, 0x04,
+ 0x98, 0xb0, 0xd4, 0x07, 0x83, 0x65, 0xfb, 0xf8, 0x9c, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67,
+ 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31,
+ 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63,
+ 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38,
+ 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65,
+ 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+
inline const std::vector<uint8_t> kCsrWithSharedUdsRoot1{
0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca,
@@ -930,6 +1006,16 @@
ASSERT_FALSE(*notEqual) << "Root public keys in DICE chains match.";
}
+TEST(RemoteProvUtilsTest, componentNameInLeafCertificateOfDiceChainContainsKeyMint) {
+ auto result = verifyComponentNameInKeyMintDiceChain(kCsrWithKeyMintInComponentName);
+ ASSERT_TRUE(result) << result.message();
+ ASSERT_TRUE(*result) << "Leaf Certificate in CSR does not contain 'keymint' in component name";
+
+ auto result2 = verifyComponentNameInKeyMintDiceChain(kCsrWithUdsCerts);
+ ASSERT_TRUE(result2) << result2.message();
+ ASSERT_FALSE(*result2) << "Leaf Certificate in CSR contains 'keymint' in component name";
+}
+
TEST(RemoteProvUtilsTest, parseFullyQualifiedInstanceNames) {
ASSERT_EQ(deviceSuffix(RKPVM_INSTANCE_NAME), "avf");
ASSERT_EQ(deviceSuffix(DEFAULT_INSTANCE_NAME), "default");
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index d9bd0d8..11abd45 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -238,6 +238,7 @@
* on the device.
*/
// @VsrTest = 3.10-015
+// @VsrTest = 3.10-018.001
TEST(NonParameterizedTests, requireDiceOnDefaultInstanceIfStrongboxPresent) {
int vsr_api_level = get_vsr_api_level();
if (vsr_api_level < 35) {
@@ -270,12 +271,10 @@
// @VsrTest = 7.1-003.001
TEST(NonParameterizedTests, equalUdsPubInDiceCertChainForRkpVmAndPrimaryKeyMintInstances) {
int apiLevel = get_vsr_api_level();
- if (apiLevel < 202504) {
- if (!AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) {
- GTEST_SKIP() << "The RKP VM (" << RKPVM_INSTANCE_NAME
- << ") is not present on this device.";
- }
- } else {
+ if (apiLevel < 202504 && !AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) {
+ GTEST_SKIP() << "The RKP VM (" << RKPVM_INSTANCE_NAME << ") is not present on this device.";
+ }
+ if (apiLevel >= 202504) {
ASSERT_TRUE(AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str()));
}
@@ -311,6 +310,40 @@
ASSERT_TRUE(*equal) << "Primary KeyMint and RKP VM RPCs have different UDS public keys";
}
+/**
+ * Suppose that there is a StrongBox KeyMint instance on the device.
+ *
+ * Then, this test verifies that "keymint" is a substring of the component name in the configuration
+ * descriptor in the leaf certificate of the DICE chain for the primary ("default") KeyMint
+ * instance.
+ */
+// @VsrTest = 3.10-018.003
+TEST(NonParameterizedTests, componentNameInConfigurationDescriptorForPrimaryKeyMintInstance) {
+ int vsr_api_level = get_vsr_api_level();
+ if (vsr_api_level < 202504) {
+ GTEST_SKIP() << "Applies only to VSR API level 202504 or newer, this device is: "
+ << vsr_api_level;
+ }
+
+ if (!AServiceManager_isDeclared(KEYMINT_STRONGBOX_INSTANCE_NAME.c_str())) {
+ GTEST_SKIP() << "Strongbox is not present on this device.";
+ }
+
+ ::ndk::SpAIBinder binder(AServiceManager_waitForService(DEFAULT_INSTANCE_NAME.c_str()));
+ std::shared_ptr<IRemotelyProvisionedComponent> rpc =
+ IRemotelyProvisionedComponent::fromBinder(binder);
+ ASSERT_NE(rpc, nullptr);
+
+ bytevec challenge = randomBytes(64);
+ bytevec csr;
+ auto status = rpc->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
+ EXPECT_TRUE(status.isOk()) << status.getDescription();
+
+ auto result = verifyComponentNameInKeyMintDiceChain(csr);
+ ASSERT_TRUE(result) << result.message();
+ ASSERT_TRUE(*result);
+}
+
using GetHardwareInfoTests = VtsRemotelyProvisionedComponentTests;
INSTANTIATE_REM_PROV_AIDL_TEST(GetHardwareInfoTests);
diff --git a/thermal/aidl/android/hardware/thermal/IThermal.aidl b/thermal/aidl/android/hardware/thermal/IThermal.aidl
index 87f7637..7c0ee24 100644
--- a/thermal/aidl/android/hardware/thermal/IThermal.aidl
+++ b/thermal/aidl/android/hardware/thermal/IThermal.aidl
@@ -227,12 +227,12 @@
void unregisterCoolingDeviceChangedCallback(in ICoolingDeviceChangedCallback callback);
/**
- * Retrieves the forecasted skin temperature in Celsius.
+ * Retrieves the forecasted {@link TemperatureType#SKIN} type temperature in Celsius.
*
* @param forecastSeconds the number of seconds to forecast the skin temperature, it should
- * at least support superset of [0, 60] seconds range.
+ * support any value from a superset of range [0, 60] seconds.
*
- * @return forecasted skin temperature in Celsius.
+ * @return forecasted skin temperature in Celsius unit at the forecasted seconds in future.
*
* @throws EX_ILLEGAL_STATE If the Thermal HAL is not initialized successfully
* @throws EX_ILLEGAL_ARGUMENT If the provided forecastSeconds is negative
diff --git a/thermal/aidl/android/hardware/thermal/IThermalChangedCallback.aidl b/thermal/aidl/android/hardware/thermal/IThermalChangedCallback.aidl
index 1ff4b7a..b40b7c2 100644
--- a/thermal/aidl/android/hardware/thermal/IThermalChangedCallback.aidl
+++ b/thermal/aidl/android/hardware/thermal/IThermalChangedCallback.aidl
@@ -26,8 +26,7 @@
@VintfStability
interface IThermalChangedCallback {
/**
- * Send a thermal throttling event to all Thermal HAL
- * thermal event listeners.
+ * Send a thermal throttling event to all Thermal HAL thermal event listeners.
*
* @param temperature The temperature associated with the
* throttling event.
@@ -35,8 +34,14 @@
oneway void notifyThrottling(in Temperature temperature);
/**
- * Send a thermal threshold change event to all Thermal HAL
- * thermal event listeners.
+ * Send a thermal threshold change event to all Thermal HAL thermal event listeners.
+ *
+ * Some devices may change the thresholds based on hardware state or app workload changes.
+ * While this is generally not recommended, it should be used with caution at low frequency
+ * especially for the {@link TemperatureType#SKIN} type temperature thresholds. Since such
+ * a skin type callback to system may trigger notifications to apps that have preivously
+ * registered thermal headroom listeners with a new set of headroom and thresholds in case
+ * any of them changed.
*
* @param threshold The temperature threshold that changed.
*/