Merge "Set correct API level for NNAPI AIDL service discovery."
diff --git a/current.txt b/current.txt
index eb5cf00..454d43e 100644
--- a/current.txt
+++ b/current.txt
@@ -778,6 +778,8 @@
f729ee6a5f136b25d79ea6895d24700fce413df555baaecf2c39e4440d15d043 android.hardware.neuralnetworks@1.0::types
a84f8dac7a9b75de1cc2936a9b429b9b62b32a31ea88ca52c29f98f5ddc0fa95 android.hardware.neuralnetworks@1.2::types
cd331b92312d16ab89f475c39296abbf539efc4114a8c5c2b136ad99b904ef33 android.hardware.neuralnetworks@1.3::types
+c3fec5bd470984402997f78a74b6511efc4063b270f2bd9ee7b78f48b683a1bb android.hardware.neuralnetworks@1.3::IDevice
+0fdfad62c2ec33b52e6687004e5a1971c02d10b93ee4d26df5ccff7ce032494a android.hardware.neuralnetworks@1.3::IPreparedModel
e8c86c69c438da8d1549856c1bb3e2d1b8da52722f8235ff49a30f2cce91742c android.hardware.soundtrigger@2.1::ISoundTriggerHwCallback
b9fbb6e2e061ed0960939d48b785e9700210add1f13ed32ecd688d0f1ca20ef7 android.hardware.renderscript@1.0::types
0f53d70e1eadf8d987766db4bf6ae2048004682168f4cab118da576787def3fa android.hardware.radio@1.0::types
diff --git a/identity/aidl/default/Android.bp b/identity/aidl/default/Android.bp
index 05b3662..a124b1e 100644
--- a/identity/aidl/default/Android.bp
+++ b/identity/aidl/default/Android.bp
@@ -31,7 +31,7 @@
],
static_libs: [
"libbase",
- "libcppbor",
+ "libcppbor_external",
"libutils",
"libsoft_attestation_cert",
"libkeymaster_portable",
@@ -91,7 +91,7 @@
],
static_libs: [
"libbase",
- "libcppbor",
+ "libcppbor_external",
"libutils",
"libsoft_attestation_cert",
"libkeymaster_portable",
diff --git a/identity/aidl/default/common/IdentityCredential.cpp b/identity/aidl/default/common/IdentityCredential.cpp
index c8ee0dd..95557b5 100644
--- a/identity/aidl/default/common/IdentityCredential.cpp
+++ b/identity/aidl/default/common/IdentityCredential.cpp
@@ -488,7 +488,7 @@
}
for (size_t n = 0; n < nsMap->size(); n++) {
- auto [nsKeyItem, nsValueItem] = (*nsMap)[n];
+ auto& [nsKeyItem, nsValueItem] = (*nsMap)[n];
const cppbor::Tstr* nsKey = nsKeyItem->asTstr();
const cppbor::Map* nsInnerMap = nsValueItem->asMap();
if (nsKey == nullptr || nsInnerMap == nullptr) {
diff --git a/identity/aidl/default/common/IdentityCredential.h b/identity/aidl/default/common/IdentityCredential.h
index 9913b86..ef9d133 100644
--- a/identity/aidl/default/common/IdentityCredential.h
+++ b/identity/aidl/default/common/IdentityCredential.h
@@ -27,7 +27,7 @@
#include <string>
#include <vector>
-#include <cppbor/cppbor.h>
+#include <cppbor.h>
#include "IdentityCredentialStore.h"
#include "SecureHardwareProxy.h"
diff --git a/identity/aidl/default/common/WritableIdentityCredential.cpp b/identity/aidl/default/common/WritableIdentityCredential.cpp
index 2d897c7..25f129b 100644
--- a/identity/aidl/default/common/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/common/WritableIdentityCredential.cpp
@@ -23,8 +23,8 @@
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
-#include <cppbor/cppbor.h>
-#include <cppbor/cppbor_parse.h>
+#include <cppbor.h>
+#include <cppbor_parse.h>
#include <utility>
diff --git a/identity/aidl/vts/Android.bp b/identity/aidl/vts/Android.bp
index 82c4011..3592d3e 100644
--- a/identity/aidl/vts/Android.bp
+++ b/identity/aidl/vts/Android.bp
@@ -34,7 +34,7 @@
"libcrypto",
],
static_libs: [
- "libcppbor",
+ "libcppbor_external",
"libkeymaster_portable",
"libpuresoftkeymasterdevice",
"android.hardware.keymaster@4.0",
diff --git a/identity/aidl/vts/AuthenticationKeyTests.cpp b/identity/aidl/vts/AuthenticationKeyTests.cpp
index bda3e70..25d74d4 100644
--- a/identity/aidl/vts/AuthenticationKeyTests.cpp
+++ b/identity/aidl/vts/AuthenticationKeyTests.cpp
@@ -118,7 +118,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/aidl/vts/DeleteCredentialTests.cpp b/identity/aidl/vts/DeleteCredentialTests.cpp
index 1d30067..d3addf4 100644
--- a/identity/aidl/vts/DeleteCredentialTests.cpp
+++ b/identity/aidl/vts/DeleteCredentialTests.cpp
@@ -126,7 +126,7 @@
optional<vector<uint8_t>> proofOfDeletion =
support::coseSignGetPayload(proofOfDeletionSignature);
ASSERT_TRUE(proofOfDeletion);
- string cborPretty = support::cborPrettyPrint(proofOfDeletion.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {});
EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', true, ]", cborPretty);
EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data
credentialPubKey_));
@@ -153,7 +153,7 @@
optional<vector<uint8_t>> proofOfDeletion =
support::coseSignGetPayload(proofOfDeletionSignature);
ASSERT_TRUE(proofOfDeletion);
- string cborPretty = support::cborPrettyPrint(proofOfDeletion.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {});
EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {0x41, 0x42, 0x43}, true, ]",
cborPretty);
EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data
diff --git a/identity/aidl/vts/EndToEndTests.cpp b/identity/aidl/vts/EndToEndTests.cpp
index 5798b4c..67db915 100644
--- a/identity/aidl/vts/EndToEndTests.cpp
+++ b/identity/aidl/vts/EndToEndTests.cpp
@@ -231,7 +231,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
+ cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
@@ -339,8 +339,8 @@
vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
cppbor::Array sessionTranscript = cppbor::Array()
- .add(cppbor::Semantic(24, deviceEngagementBytes))
- .add(cppbor::Semantic(24, eReaderPubBytes));
+ .add(cppbor::SemanticTag(24, deviceEngagementBytes))
+ .add(cppbor::SemanticTag(24, eReaderPubBytes));
vector<uint8_t> sessionTranscriptEncoded = sessionTranscript.encode();
vector<uint8_t> itemsRequestBytes =
@@ -353,7 +353,7 @@
.add("Home address", true))
.add("Image", cppbor::Map().add("Portrait image", false)))
.encode();
- cborPretty = support::cborPrettyPrint(itemsRequestBytes, 32, {"EphemeralPublicKey"});
+ cborPretty = cppbor::prettyPrint(itemsRequestBytes, 32, {"EphemeralPublicKey"});
EXPECT_EQ(
"{\n"
" 'nameSpaces' : {\n"
@@ -373,10 +373,10 @@
cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
vector<uint8_t> encodedReaderAuthenticationBytes =
- cppbor::Semantic(24, encodedReaderAuthentication).encode();
+ cppbor::SemanticTag(24, encodedReaderAuthentication).encode();
optional<vector<uint8_t>> readerSignature =
support::coseSignEcDsa(readerKey, {}, // content
encodedReaderAuthenticationBytes, // detached content
@@ -443,7 +443,7 @@
vector<uint8_t> mac;
vector<uint8_t> deviceNameSpacesEncoded;
ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk());
- cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {});
+ cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {});
ASSERT_EQ(
"{\n"
" 'PersonalData' : {\n"
@@ -462,10 +462,11 @@
string docType = "org.iso.18013-5.2019.mdl";
optional<vector<uint8_t>> readerEphemeralPrivateKey =
support::ecKeyPairGetPrivateKey(readerEphemeralKeyPair.value());
- optional<vector<uint8_t>> eMacKey = support::calcEMacKey(
- readerEphemeralPrivateKey.value(), // Private Key
- signingPubKey.value(), // Public Key
- cppbor::Semantic(24, sessionTranscript.encode()).encode()); // SessionTranscriptBytes
+ optional<vector<uint8_t>> eMacKey =
+ support::calcEMacKey(readerEphemeralPrivateKey.value(), // Private Key
+ signingPubKey.value(), // Public Key
+ cppbor::SemanticTag(24, sessionTranscript.encode())
+ .encode()); // SessionTranscriptBytes
optional<vector<uint8_t>> calculatedMac =
support::calcMac(sessionTranscript.encode(), // SessionTranscript
docType, // DocType
@@ -486,7 +487,7 @@
testEntriesEntryCounts)
.isOk());
ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk());
- cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {});
+ cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {});
ASSERT_EQ("{}", cborPretty);
// Calculate DeviceAuthentication and MAC (MACing key hasn't changed)
calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript
@@ -508,7 +509,7 @@
testEntriesEntryCounts)
.isOk());
ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk());
- cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {});
+ cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {});
ASSERT_EQ("{}", cborPretty);
// Calculate DeviceAuthentication and MAC (MACing key hasn't changed)
calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript
diff --git a/identity/aidl/vts/ProveOwnershipTests.cpp b/identity/aidl/vts/ProveOwnershipTests.cpp
index d1a3d39..fa0e293 100644
--- a/identity/aidl/vts/ProveOwnershipTests.cpp
+++ b/identity/aidl/vts/ProveOwnershipTests.cpp
@@ -131,7 +131,7 @@
optional<vector<uint8_t>> proofOfOwnership =
support::coseSignGetPayload(proofOfOwnershipSignature);
ASSERT_TRUE(proofOfOwnership);
- string cborPretty = support::cborPrettyPrint(proofOfOwnership.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfOwnership.value(), 32, {});
EXPECT_EQ("['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {0x11, 0x12}, true, ]", cborPretty);
EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfOwnershipSignature, {}, // Additional data
credentialPubKey_));
diff --git a/identity/aidl/vts/ReaderAuthTests.cpp b/identity/aidl/vts/ReaderAuthTests.cpp
index 7656c8e..c4a58c3 100644
--- a/identity/aidl/vts/ReaderAuthTests.cpp
+++ b/identity/aidl/vts/ReaderAuthTests.cpp
@@ -262,8 +262,8 @@
vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
cppbor::Array sessionTranscript = cppbor::Array()
- .add(cppbor::Semantic(24, deviceEngagementBytes))
- .add(cppbor::Semantic(24, eReaderPubBytes));
+ .add(cppbor::SemanticTag(24, deviceEngagementBytes))
+ .add(cppbor::SemanticTag(24, eReaderPubBytes));
vector<uint8_t> sessionTranscriptBytes = sessionTranscript.encode();
vector<uint8_t> itemsRequestBytes;
@@ -293,10 +293,10 @@
cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
vector<uint8_t> encodedReaderAuthenticationBytes =
- cppbor::Semantic(24, encodedReaderAuthentication).encode();
+ cppbor::SemanticTag(24, encodedReaderAuthentication).encode();
optional<vector<uint8_t>> readerSignature =
support::coseSignEcDsa(readerPrivateKey, // private key for reader
@@ -517,8 +517,8 @@
vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
cppbor::Array sessionTranscript = cppbor::Array()
- .add(cppbor::Semantic(24, deviceEngagementBytes))
- .add(cppbor::Semantic(24, eReaderPubBytes));
+ .add(cppbor::SemanticTag(24, deviceEngagementBytes))
+ .add(cppbor::SemanticTag(24, eReaderPubBytes));
vector<uint8_t> sessionTranscriptBytes = sessionTranscript.encode();
vector<uint8_t> itemsRequestBytes;
@@ -535,10 +535,10 @@
cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
vector<uint8_t> encodedReaderAuthenticationBytes =
- cppbor::Semantic(24, encodedReaderAuthentication).encode();
+ cppbor::SemanticTag(24, encodedReaderAuthentication).encode();
vector<vector<uint8_t>> readerCertChain = {cert_reader_SelfSigned_};
optional<vector<uint8_t>> readerSignature =
diff --git a/identity/aidl/vts/TestCredentialTests.cpp b/identity/aidl/vts/TestCredentialTests.cpp
index d53de3b..46c2229 100644
--- a/identity/aidl/vts/TestCredentialTests.cpp
+++ b/identity/aidl/vts/TestCredentialTests.cpp
@@ -114,7 +114,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/aidl/vts/UpdateCredentialTests.cpp b/identity/aidl/vts/UpdateCredentialTests.cpp
index 9c5ca55..e05bb3b 100644
--- a/identity/aidl/vts/UpdateCredentialTests.cpp
+++ b/identity/aidl/vts/UpdateCredentialTests.cpp
@@ -114,7 +114,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
@@ -195,7 +195,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/aidl/vts/UserAuthTests.cpp b/identity/aidl/vts/UserAuthTests.cpp
index ef89d1c..edd1725 100644
--- a/identity/aidl/vts/UserAuthTests.cpp
+++ b/identity/aidl/vts/UserAuthTests.cpp
@@ -160,8 +160,8 @@
// Let SessionTranscript be a map here (it's an array in EndToEndTest) just
// to check that the implementation can deal with either.
cppbor::Map sessionTranscript;
- sessionTranscript.add(42, cppbor::Semantic(24, deviceEngagementBytes));
- sessionTranscript.add(43, cppbor::Semantic(24, eReaderPubBytes));
+ sessionTranscript.add(42, cppbor::SemanticTag(24, deviceEngagementBytes));
+ sessionTranscript.add(43, cppbor::SemanticTag(24, eReaderPubBytes));
return sessionTranscript;
}
@@ -209,7 +209,7 @@
vector<uint8_t> dataToSign = cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript_.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
}
diff --git a/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp b/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
index cc63c48..bc37020 100644
--- a/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
+++ b/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
@@ -338,8 +338,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty =
- support::cborPrettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
@@ -449,9 +448,9 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(),
- 32, //
- {"readerCertificate"});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(),
+ 32, //
+ {"readerCertificate"});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/support/Android.bp b/identity/support/Android.bp
index d00f59a..774bc40 100644
--- a/identity/support/Android.bp
+++ b/identity/support/Android.bp
@@ -42,7 +42,7 @@
"libpuresoftkeymasterdevice",
],
static_libs: [
- "libcppbor",
+ "libcppbor_external",
],
}
@@ -59,7 +59,7 @@
"libhardware",
],
static_libs: [
- "libcppbor",
+ "libcppbor_external",
"libgmock",
],
test_suites: ["general-tests"],
@@ -89,7 +89,7 @@
"tests/cppbor_test.cpp",
],
shared_libs: [
- "libcppbor",
+ "libcppbor_external",
"libbase",
],
static_libs: [
@@ -104,7 +104,7 @@
"tests/cppbor_test.cpp",
],
shared_libs: [
- "libcppbor",
+ "libcppbor_external",
"libbase",
],
static_libs: [
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index aba89c1..4547624 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp
@@ -148,199 +148,6 @@
}
// ---------------------------------------------------------------------------
-// CBOR utilities.
-// ---------------------------------------------------------------------------
-
-static bool cborAreAllElementsNonCompound(const cppbor::CompoundItem* compoundItem) {
- if (compoundItem->type() == cppbor::ARRAY) {
- const cppbor::Array* array = compoundItem->asArray();
- for (size_t n = 0; n < array->size(); n++) {
- const cppbor::Item* entry = (*array)[n].get();
- switch (entry->type()) {
- case cppbor::ARRAY:
- case cppbor::MAP:
- return false;
- default:
- break;
- }
- }
- } else {
- const cppbor::Map* map = compoundItem->asMap();
- for (size_t n = 0; n < map->size(); n++) {
- auto [keyEntry, valueEntry] = (*map)[n];
- switch (keyEntry->type()) {
- case cppbor::ARRAY:
- case cppbor::MAP:
- return false;
- default:
- break;
- }
- switch (valueEntry->type()) {
- case cppbor::ARRAY:
- case cppbor::MAP:
- return false;
- default:
- break;
- }
- }
- }
- return true;
-}
-
-static bool cborPrettyPrintInternal(const cppbor::Item* item, string& out, size_t indent,
- size_t maxBStrSize, const vector<string>& mapKeysToNotPrint) {
- char buf[80];
-
- string indentString(indent, ' ');
-
- switch (item->type()) {
- case cppbor::UINT:
- snprintf(buf, sizeof(buf), "%" PRIu64, item->asUint()->unsignedValue());
- out.append(buf);
- break;
-
- case cppbor::NINT:
- snprintf(buf, sizeof(buf), "%" PRId64, item->asNint()->value());
- out.append(buf);
- break;
-
- case cppbor::BSTR: {
- const cppbor::Bstr* bstr = item->asBstr();
- const vector<uint8_t>& value = bstr->value();
- if (value.size() > maxBStrSize) {
- unsigned char digest[SHA_DIGEST_LENGTH];
- SHA_CTX ctx;
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, value.data(), value.size());
- SHA1_Final(digest, &ctx);
- char buf2[SHA_DIGEST_LENGTH * 2 + 1];
- for (size_t n = 0; n < SHA_DIGEST_LENGTH; n++) {
- snprintf(buf2 + n * 2, 3, "%02x", digest[n]);
- }
- snprintf(buf, sizeof(buf), "<bstr size=%zd sha1=%s>", value.size(), buf2);
- out.append(buf);
- } else {
- out.append("{");
- for (size_t n = 0; n < value.size(); n++) {
- if (n > 0) {
- out.append(", ");
- }
- snprintf(buf, sizeof(buf), "0x%02x", value[n]);
- out.append(buf);
- }
- out.append("}");
- }
- } break;
-
- case cppbor::TSTR:
- out.append("'");
- {
- // TODO: escape "'" characters
- out.append(item->asTstr()->value().c_str());
- }
- out.append("'");
- break;
-
- case cppbor::ARRAY: {
- const cppbor::Array* array = item->asArray();
- if (array->size() == 0) {
- out.append("[]");
- } else if (cborAreAllElementsNonCompound(array)) {
- out.append("[");
- for (size_t n = 0; n < array->size(); n++) {
- if (!cborPrettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- out.append(", ");
- }
- out.append("]");
- } else {
- out.append("[\n" + indentString);
- for (size_t n = 0; n < array->size(); n++) {
- out.append(" ");
- if (!cborPrettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- out.append(",\n" + indentString);
- }
- out.append("]");
- }
- } break;
-
- case cppbor::MAP: {
- const cppbor::Map* map = item->asMap();
-
- if (map->size() == 0) {
- out.append("{}");
- } else {
- out.append("{\n" + indentString);
- for (size_t n = 0; n < map->size(); n++) {
- out.append(" ");
-
- auto [map_key, map_value] = (*map)[n];
-
- if (!cborPrettyPrintInternal(map_key.get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- out.append(" : ");
- if (map_key->type() == cppbor::TSTR &&
- std::find(mapKeysToNotPrint.begin(), mapKeysToNotPrint.end(),
- map_key->asTstr()->value()) != mapKeysToNotPrint.end()) {
- out.append("<not printed>");
- } else {
- if (!cborPrettyPrintInternal(map_value.get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- }
- out.append(",\n" + indentString);
- }
- out.append("}");
- }
- } break;
-
- case cppbor::SEMANTIC: {
- const cppbor::Semantic* semantic = item->asSemantic();
- snprintf(buf, sizeof(buf), "tag %" PRIu64 " ", semantic->value());
- out.append(buf);
- cborPrettyPrintInternal(semantic->child().get(), out, indent, maxBStrSize,
- mapKeysToNotPrint);
- } break;
-
- case cppbor::SIMPLE:
- const cppbor::Bool* asBool = item->asSimple()->asBool();
- const cppbor::Null* asNull = item->asSimple()->asNull();
- if (asBool != nullptr) {
- out.append(asBool->value() ? "true" : "false");
- } else if (asNull != nullptr) {
- out.append("null");
- } else {
- LOG(ERROR) << "Only boolean/null is implemented for SIMPLE";
- return false;
- }
- break;
- }
-
- return true;
-}
-
-string cborPrettyPrint(const vector<uint8_t>& encodedCbor, size_t maxBStrSize,
- const vector<string>& mapKeysToNotPrint) {
- auto [item, _, message] = cppbor::parse(encodedCbor);
- if (item == nullptr) {
- LOG(ERROR) << "Data to pretty print is not valid CBOR: " << message;
- return "";
- }
-
- string out;
- cborPrettyPrintInternal(item.get(), out, 0, maxBStrSize, mapKeysToNotPrint);
- return out;
-}
-
-// ---------------------------------------------------------------------------
// Crypto functionality / abstraction.
// ---------------------------------------------------------------------------
@@ -2140,7 +1947,7 @@
}
for (size_t n = 0; n < protectedHeaders->size(); n++) {
- auto [keyItem, valueItem] = (*protectedHeaders)[n];
+ auto& [keyItem, valueItem] = (*protectedHeaders)[n];
const cppbor::Int* number = keyItem->asInt();
if (number == nullptr) {
LOG(ERROR) << "Key item in top-level map is not a number";
@@ -2183,7 +1990,7 @@
}
for (size_t n = 0; n < unprotectedHeaders->size(); n++) {
- auto [keyItem, valueItem] = (*unprotectedHeaders)[n];
+ auto& [keyItem, valueItem] = (*unprotectedHeaders)[n];
const cppbor::Int* number = keyItem->asInt();
if (number == nullptr) {
LOG(ERROR) << "Key item in top-level map is not a number";
@@ -2335,9 +2142,9 @@
.add("DeviceAuthentication")
.add(std::move(sessionTranscriptItem))
.add(docType)
- .add(cppbor::Semantic(kSemanticTagEncodedCbor, deviceNameSpacesEncoded));
+ .add(cppbor::SemanticTag(kSemanticTagEncodedCbor, deviceNameSpacesEncoded));
vector<uint8_t> deviceAuthenticationBytes =
- cppbor::Semantic(kSemanticTagEncodedCbor, deviceAuthentication.encode()).encode();
+ cppbor::SemanticTag(kSemanticTagEncodedCbor, deviceAuthentication.encode()).encode();
optional<vector<uint8_t>> calculatedMac =
support::coseMac0(eMacKey, {}, // payload
deviceAuthenticationBytes); // detached content
diff --git a/identity/support/tests/IdentityCredentialSupportTest.cpp b/identity/support/tests/IdentityCredentialSupportTest.cpp
index 509133c..4c9b87a 100644
--- a/identity/support/tests/IdentityCredentialSupportTest.cpp
+++ b/identity/support/tests/IdentityCredentialSupportTest.cpp
@@ -55,99 +55,6 @@
EXPECT_FALSE(support::decodeHex("012"));
}
-TEST(IdentityCredentialSupport, CborPrettyPrint) {
- EXPECT_EQ("'Some text'", support::cborPrettyPrint(cppbor::Tstr("Some text").encode()));
-
- EXPECT_EQ("''", support::cborPrettyPrint(cppbor::Tstr("").encode()));
-
- EXPECT_EQ("{0x01, 0x00, 0x02, 0xf0, 0xff, 0x40}",
- support::cborPrettyPrint(
- cppbor::Bstr(vector<uint8_t>({1, 0, 2, 240, 255, 64})).encode()));
-
- EXPECT_EQ("{}", support::cborPrettyPrint(cppbor::Bstr(vector<uint8_t>()).encode()));
-
- EXPECT_EQ("true", support::cborPrettyPrint(cppbor::Bool(true).encode()));
-
- EXPECT_EQ("false", support::cborPrettyPrint(cppbor::Bool(false).encode()));
-
- EXPECT_EQ("42", support::cborPrettyPrint(cppbor::Uint(42).encode()));
-
- EXPECT_EQ("9223372036854775807", // 0x7fff ffff ffff ffff
- support::cborPrettyPrint(cppbor::Uint(std::numeric_limits<int64_t>::max()).encode()));
-
- EXPECT_EQ("-42", support::cborPrettyPrint(cppbor::Nint(-42).encode()));
-
- EXPECT_EQ("-9223372036854775808", // -0x8000 0000 0000 0000
- support::cborPrettyPrint(cppbor::Nint(std::numeric_limits<int64_t>::min()).encode()));
-}
-
-TEST(IdentityCredentialSupport, CborPrettyPrintCompound) {
- cppbor::Array array = cppbor::Array("foo", "bar", "baz");
- EXPECT_EQ("['foo', 'bar', 'baz', ]", support::cborPrettyPrint(array.encode()));
-
- cppbor::Map map = cppbor::Map().add("foo", 42).add("bar", 43).add("baz", 44);
- EXPECT_EQ(
- "{\n"
- " 'foo' : 42,\n"
- " 'bar' : 43,\n"
- " 'baz' : 44,\n"
- "}",
- support::cborPrettyPrint(map.encode()));
-
- cppbor::Array array2 = cppbor::Array(cppbor::Tstr("Some text"), cppbor::Nint(-42));
- EXPECT_EQ("['Some text', -42, ]", support::cborPrettyPrint(array2.encode()));
-
- cppbor::Map map2 = cppbor::Map().add(42, "foo").add(43, "bar").add(44, "baz");
- EXPECT_EQ(
- "{\n"
- " 42 : 'foo',\n"
- " 43 : 'bar',\n"
- " 44 : 'baz',\n"
- "}",
- support::cborPrettyPrint(map2.encode()));
-
- cppbor::Array deeplyNestedArrays =
- cppbor::Array(cppbor::Array(cppbor::Array("a", "b", "c")),
- cppbor::Array(cppbor::Array("d", "e", cppbor::Array("f", "g"))));
- EXPECT_EQ(
- "[\n"
- " ['a', 'b', 'c', ],\n"
- " [\n 'd',\n"
- " 'e',\n"
- " ['f', 'g', ],\n"
- " ],\n"
- "]",
- support::cborPrettyPrint(deeplyNestedArrays.encode()));
-
- EXPECT_EQ(
- "[\n"
- " {0x0a, 0x0b},\n"
- " 'foo',\n"
- " 42,\n"
- " ['foo', 'bar', 'baz', ],\n"
- " {\n"
- " 'foo' : 42,\n"
- " 'bar' : 43,\n"
- " 'baz' : 44,\n"
- " },\n"
- " {\n"
- " 'deep1' : ['Some text', -42, ],\n"
- " 'deep2' : {\n"
- " 42 : 'foo',\n"
- " 43 : 'bar',\n"
- " 44 : 'baz',\n"
- " },\n"
- " },\n"
- "]",
- support::cborPrettyPrint(cppbor::Array(cppbor::Bstr(vector<uint8_t>{10, 11}),
- cppbor::Tstr("foo"), cppbor::Uint(42),
- std::move(array), std::move(map),
- (cppbor::Map()
- .add("deep1", std::move(array2))
- .add("deep2", std::move(map2))))
- .encode()));
-}
-
TEST(IdentityCredentialSupport, Signatures) {
vector<uint8_t> data = {1, 2, 3};
@@ -219,7 +126,7 @@
ASSERT_EQ(data, payload.value());
// Finally, check that |coseSign1| are the bytes of a valid COSE_Sign1 message
- string out = support::cborPrettyPrint(coseSign1.value());
+ string out = cppbor::prettyPrint(coseSign1.value());
out = replaceLine(out, -2, " [] // Signature Removed");
EXPECT_EQ(
"[\n"
@@ -250,7 +157,7 @@
ASSERT_EQ(0, payload.value().size());
// Finally, check that |coseSign1| are the bytes of a valid COSE_Sign1 message
- string out = support::cborPrettyPrint(coseSign1.value());
+ string out = cppbor::prettyPrint(coseSign1.value());
out = replaceLine(out, -2, " [] // Signature Removed");
EXPECT_EQ(
"[\n"
@@ -411,7 +318,7 @@
"0x86, 0x5c, 0x28, 0x2c, 0xd5, 0xa5, 0x13, 0xff, 0x3b, 0xd1, 0xde, 0x70, 0x5e, 0xbb, "
"0xe2, 0x2d, 0x42, 0xbe, 0x53},\n"
"]",
- support::cborPrettyPrint(mac.value()));
+ cppbor::prettyPrint(mac.value()));
}
TEST(IdentityCredentialSupport, CoseMac0DetachedContent) {
@@ -433,7 +340,7 @@
"0x86, 0x5c, 0x28, 0x2c, 0xd5, 0xa5, 0x13, 0xff, 0x3b, 0xd1, 0xde, 0x70, 0x5e, 0xbb, "
"0xe2, 0x2d, 0x42, 0xbe, 0x53},\n"
"]",
- support::cborPrettyPrint(mac.value()));
+ cppbor::prettyPrint(mac.value()));
}
// Generates a private key in DER format for a small value of 'd'.
@@ -460,8 +367,8 @@
const cppbor::Item* findValueForTstr(const cppbor::Map* map, const string& keyValue) {
// TODO: Need cast until libcppbor's Map::get() is marked as const
- auto [item, found] = ((cppbor::Map*)map)->get(keyValue);
- if (!found) {
+ const auto& item = map->get(keyValue);
+ if (!item) {
return nullptr;
}
return item.get();
@@ -483,12 +390,13 @@
return item->asMap();
}
-const cppbor::Semantic* findSemanticValueForTstr(const cppbor::Map* map, const string& keyValue) {
+const cppbor::SemanticTag* findSemanticValueForTstr(const cppbor::Map* map,
+ const string& keyValue) {
const cppbor::Item* item = findValueForTstr(map, keyValue);
if (item == nullptr) {
return nullptr;
}
- return item->asSemantic();
+ return item->asSemanticTag();
}
const std::string findStringValueForTstr(const cppbor::Map* map, const string& keyValue) {
@@ -576,11 +484,11 @@
auto [sessionEstablishmentItem, _se, _se2] = cppbor::parse(sessionEstablishmentEncoded.value());
const cppbor::Map* sessionEstablishment = sessionEstablishmentItem->asMap();
ASSERT_NE(sessionEstablishment, nullptr);
- const cppbor::Semantic* eReaderKeyBytes =
+ const cppbor::SemanticTag* eReaderKeyBytes =
findSemanticValueForTstr(sessionEstablishment, "eReaderKeyBytes");
ASSERT_NE(eReaderKeyBytes, nullptr);
- ASSERT_EQ(eReaderKeyBytes->value(), 24);
- const cppbor::Bstr* eReaderKeyBstr = eReaderKeyBytes->child()->asBstr();
+ ASSERT_EQ(eReaderKeyBytes->semanticTag(), 24);
+ const cppbor::Bstr* eReaderKeyBstr = eReaderKeyBytes->asBstr();
ASSERT_NE(eReaderKeyBstr, nullptr);
vector<uint8_t> eReaderKeyEncoded = eReaderKeyBstr->value();
// TODO: verify this agrees with ephemeralReaderKeyX and ephemeralReaderKeyY
@@ -605,12 +513,12 @@
// SessionTranscriptBytes = #6.24(bstr .cbor SessionTranscript)
//
cppbor::Array sessionTranscript;
- sessionTranscript.add(cppbor::Semantic(24, deviceEngagementEncoded));
- sessionTranscript.add(cppbor::Semantic(24, eReaderKeyEncoded));
+ sessionTranscript.add(cppbor::SemanticTag(24, deviceEngagementEncoded));
+ sessionTranscript.add(cppbor::SemanticTag(24, eReaderKeyEncoded));
sessionTranscript.add(cppbor::Null());
vector<uint8_t> sessionTranscriptEncoded = sessionTranscript.encode();
vector<uint8_t> sessionTranscriptBytes =
- cppbor::Semantic(24, sessionTranscriptEncoded).encode();
+ cppbor::SemanticTag(24, sessionTranscriptEncoded).encode();
// The expected EMacKey is 4c1ebb8aacc633465390fa44edfdb49cb57f2e079aaa771d812584699c0b97e2
//
@@ -696,11 +604,11 @@
// Dig out the encoded form of DeviceNameSpaces
//
- const cppbor::Semantic* deviceNameSpacesBytes =
+ const cppbor::SemanticTag* deviceNameSpacesBytes =
findSemanticValueForTstr(deviceSigned, "nameSpaces");
ASSERT_NE(deviceNameSpacesBytes, nullptr);
- ASSERT_EQ(deviceNameSpacesBytes->value(), 24);
- const cppbor::Bstr* deviceNameSpacesBstr = deviceNameSpacesBytes->child()->asBstr();
+ ASSERT_EQ(deviceNameSpacesBytes->semanticTag(), 24);
+ const cppbor::Bstr* deviceNameSpacesBstr = deviceNameSpacesBytes->asBstr();
ASSERT_NE(deviceNameSpacesBstr, nullptr);
vector<uint8_t> deviceNameSpacesEncoded = deviceNameSpacesBstr->value();
diff --git a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
index 8d6e74a..ea40971 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
@@ -117,6 +117,9 @@
DECLARE_TYPED_TAG(ATTESTATION_ID_PRODUCT);
DECLARE_TYPED_TAG(ATTESTATION_ID_MANUFACTURER);
DECLARE_TYPED_TAG(ATTESTATION_ID_MODEL);
+DECLARE_TYPED_TAG(ATTESTATION_ID_SERIAL);
+DECLARE_TYPED_TAG(ATTESTATION_ID_IMEI);
+DECLARE_TYPED_TAG(ATTESTATION_ID_MEID);
DECLARE_TYPED_TAG(AUTH_TIMEOUT);
DECLARE_TYPED_TAG(BLOB_USAGE_REQUIREMENTS);
DECLARE_TYPED_TAG(BLOCK_MODE);
diff --git a/neuralnetworks/1.3/IDevice.hal b/neuralnetworks/1.3/IDevice.hal
index e0b04a8..de889e4 100644
--- a/neuralnetworks/1.3/IDevice.hal
+++ b/neuralnetworks/1.3/IDevice.hal
@@ -131,6 +131,14 @@
* ErrorStatus::MISSED_DEADLINE_TRANSIENT} or {@link
* ErrorStatus::MISSED_DEADLINE_PERSISTENT} may be returned. The error due
* to an abort must be sent the same way as other errors, described above.
+ * The deadline is represented as nanoseconds since the epoch of the steady
+ * clock (as if from std::chrono::steady_clock::time_point), but the service
+ * may convert it to the nanoseconds since boot time (as if from
+ * clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * android::base::boot_clock::time_point) to account for time when the
+ * system is suspended. This conversion can by done by finding the timeout
+ * duration remaining compared to the steady_clock and adding it to the
+ * current boot_clock time.
*
* Optionally, the driver may save the prepared model to cache during the
* asynchronous preparation. Any error that occurs when saving to cache must
@@ -249,7 +257,15 @@
* ErrorStatus::MISSED_DEADLINE_TRANSIENT}
* or {@link ErrorStatus::MISSED_DEADLINE_PERSISTENT} may be returned. The
* error due to an abort must be sent the same way as other errors,
- * described above.
+ * described above. The deadline is represented as nanoseconds since the
+ * epoch of the steady clock (as if from
+ * std::chrono::steady_clock::time_point), but the service may convert it to
+ * the nanoseconds since boot time (as if from
+ * clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * android::base::boot_clock::time_point) to account for time when the
+ * system is suspended. This conversion can by done by finding the timeout
+ * duration remaining compared to the steady_clock and adding it to the
+ * current boot_clock time.
*
* The only information that may be unknown to the model at this stage is
* the shape of the tensors, which may only be known at execution time. As
diff --git a/neuralnetworks/1.3/IPreparedModel.hal b/neuralnetworks/1.3/IPreparedModel.hal
index e7d63f4..8b86a1a 100644
--- a/neuralnetworks/1.3/IPreparedModel.hal
+++ b/neuralnetworks/1.3/IPreparedModel.hal
@@ -74,6 +74,14 @@
* ErrorStatus::MISSED_DEADLINE_TRANSIENT} or {@link
* ErrorStatus::MISSED_DEADLINE_PERSISTENT} may be returned. The error due
* to an abort must be sent the same way as other errors, described above.
+ * The deadline is represented as nanoseconds since the epoch of the steady
+ * clock (as if from std::chrono::steady_clock::time_point), but the service
+ * may convert it to the nanoseconds since boot time (as if from
+ * clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * android::base::boot_clock::time_point) to account for time when the
+ * system is suspended. This conversion can by done by finding the timeout
+ * duration remaining compared to the steady_clock and adding it to the
+ * current boot_clock time.
*
* Any number of calls to the execute* and executeSynchronously* functions,
* in any combination, may be made concurrently, even on the same
@@ -150,6 +158,14 @@
* ErrorStatus::MISSED_DEADLINE_TRANSIENT} or {@link
* ErrorStatus::MISSED_DEADLINE_PERSISTENT} may be returned. The error due
* to an abort must be sent the same way as other errors, described above.
+ * The deadline is represented as nanoseconds since the epoch of the steady
+ * clock (as if from std::chrono::steady_clock::time_point), but the service
+ * may convert it to the nanoseconds since boot time (as if from
+ * clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * android::base::boot_clock::time_point) to account for time when the
+ * system is suspended. This conversion can by done by finding the timeout
+ * duration remaining compared to the steady_clock and adding it to the
+ * current boot_clock time.
*
* Any number of calls to the execute* and executeSynchronously* functions,
* in any combination, may be made concurrently, even on the same
@@ -231,6 +247,14 @@
* {@link ErrorStatus::MISSED_DEADLINE_TRANSIENT} or {@link
* ErrorStatus::MISSED_DEADLINE_PERSISTENT} may be returned. The error due
* to an abort must be sent the same way as other errors, described above.
+ * The deadline is represented as nanoseconds since the epoch of the steady
+ * clock (as if from std::chrono::steady_clock::time_point), but the service
+ * may convert it to the nanoseconds since boot time (as if from
+ * clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * android::base::boot_clock::time_point) to account for time when the
+ * system is suspended. This conversion can by done by finding the timeout
+ * duration remaining compared to the steady_clock and adding it to the
+ * current boot_clock time.
*
* If any of the sync fences in waitFor changes to error status after the executeFenced
* call succeeds, or the execution is aborted because it cannot finish before the deadline
diff --git a/neuralnetworks/1.3/utils/src/Conversions.cpp b/neuralnetworks/1.3/utils/src/Conversions.cpp
index 8083ae4..e8a4f55 100644
--- a/neuralnetworks/1.3/utils/src/Conversions.cpp
+++ b/neuralnetworks/1.3/utils/src/Conversions.cpp
@@ -42,6 +42,23 @@
namespace {
+std::chrono::nanoseconds makeNanosFromUint64(uint64_t nanoseconds) {
+ constexpr auto kMaxCount = std::chrono::nanoseconds::max().count();
+ using CommonType = std::common_type_t<std::chrono::nanoseconds::rep, uint64_t>;
+ const auto count = std::min<CommonType>(kMaxCount, nanoseconds);
+ return std::chrono::nanoseconds{static_cast<std::chrono::nanoseconds::rep>(count)};
+}
+
+uint64_t makeUint64FromNanos(std::chrono::nanoseconds nanoseconds) {
+ if (nanoseconds < std::chrono::nanoseconds::zero()) {
+ return 0;
+ }
+ constexpr auto kMaxCount = std::numeric_limits<uint64_t>::max();
+ using CommonType = std::common_type_t<std::chrono::nanoseconds::rep, uint64_t>;
+ const auto count = std::min<CommonType>(kMaxCount, nanoseconds.count());
+ return static_cast<uint64_t>(count);
+}
+
template <typename Type>
constexpr std::underlying_type_t<Type> underlyingType(Type value) {
return static_cast<std::underlying_type_t<Type>>(value);
@@ -237,8 +254,32 @@
switch (optionalTimePoint.getDiscriminator()) {
case Discriminator::none:
return {};
- case Discriminator::nanosecondsSinceEpoch:
- return TimePoint{Duration{optionalTimePoint.nanosecondsSinceEpoch()}};
+ case Discriminator::nanosecondsSinceEpoch: {
+ const auto currentSteadyTime = std::chrono::steady_clock::now();
+ const auto currentBootTime = Clock::now();
+
+ const auto timeSinceEpoch =
+ makeNanosFromUint64(optionalTimePoint.nanosecondsSinceEpoch());
+ const auto steadyTimePoint = std::chrono::steady_clock::time_point{timeSinceEpoch};
+
+ // Both steadyTimePoint and currentSteadyTime are guaranteed to be non-negative, so this
+ // subtraction will never overflow or underflow.
+ const auto timeRemaining = steadyTimePoint - currentSteadyTime;
+
+ // currentBootTime is guaranteed to be non-negative, so this code only protects against
+ // an overflow.
+ nn::TimePoint bootTimePoint;
+ constexpr auto kZeroNano = std::chrono::nanoseconds::zero();
+ constexpr auto kMaxTime = nn::TimePoint::max();
+ if (timeRemaining > kZeroNano && currentBootTime > kMaxTime - timeRemaining) {
+ bootTimePoint = kMaxTime;
+ } else {
+ bootTimePoint = currentBootTime + timeRemaining;
+ }
+
+ constexpr auto kZeroTime = nn::TimePoint{};
+ return std::max(bootTimePoint, kZeroTime);
+ }
}
return NN_ERROR(nn::ErrorStatus::GENERAL_FAILURE)
<< "Invalid OptionalTimePoint discriminator "
@@ -549,9 +590,33 @@
nn::GeneralResult<OptionalTimePoint> unvalidatedConvert(
const nn::OptionalTimePoint& optionalTimePoint) {
+ const auto currentSteadyTime = std::chrono::steady_clock::now();
+ const auto currentBootTime = nn::Clock::now();
+
OptionalTimePoint ret;
if (optionalTimePoint.has_value()) {
- const auto count = optionalTimePoint.value().time_since_epoch().count();
+ const auto bootTimePoint = optionalTimePoint.value();
+
+ if (bootTimePoint < nn::TimePoint{}) {
+ return NN_ERROR() << "Trying to cast invalid time point";
+ }
+
+ // Both bootTimePoint and currentBootTime are guaranteed to be non-negative, so this
+ // subtraction will never overflow or underflow.
+ const auto timeRemaining = bootTimePoint - currentBootTime;
+
+ // currentSteadyTime is guaranteed to be non-negative, so this code only protects against an
+ // overflow.
+ std::chrono::steady_clock::time_point steadyTimePoint;
+ constexpr auto kZeroNano = std::chrono::nanoseconds::zero();
+ constexpr auto kMaxTime = std::chrono::steady_clock::time_point::max();
+ if (timeRemaining > kZeroNano && currentSteadyTime > kMaxTime - timeRemaining) {
+ steadyTimePoint = kMaxTime;
+ } else {
+ steadyTimePoint = currentSteadyTime + timeRemaining;
+ }
+
+ const uint64_t count = makeUint64FromNanos(steadyTimePoint.time_since_epoch());
ret.nanosecondsSinceEpoch(count);
}
return ret;
diff --git a/neuralnetworks/aidl/android/hardware/neuralnetworks/IDevice.aidl b/neuralnetworks/aidl/android/hardware/neuralnetworks/IDevice.aidl
index e17e0cd..c5b4ab1 100644
--- a/neuralnetworks/aidl/android/hardware/neuralnetworks/IDevice.aidl
+++ b/neuralnetworks/aidl/android/hardware/neuralnetworks/IDevice.aidl
@@ -307,10 +307,10 @@
* @param priority The priority of the prepared model relative to other prepared models owned by
* the client.
* @param deadline The time by which the model is expected to be prepared. The time is measured
- * in nanoseconds since epoch of the steady clock (as from
- * std::chrono::steady_clock). If the model cannot be prepared by the deadline,
- * the preparation may be aborted. Passing -1 means the deadline is omitted.
- * Other negative values are invalid.
+ * in nanoseconds since boot (as from clock_gettime(CLOCK_BOOTTIME, &ts)
+ * or ::android::base::boot_clock). If the model cannot be prepared by the
+ * deadline, the preparation may be aborted. Passing -1 means the deadline is
+ * omitted. Other negative values are invalid.
* @param modelCache A vector of file descriptors for the security-sensitive cache. The length
* of the vector must either be 0 indicating that caching information is not
* provided, or match the numModelCache returned from
@@ -396,10 +396,10 @@
* different shapes of inputs on different (possibly concurrent) executions.
*
* @param deadline The time by which the model is expected to be prepared. The time is measured
- * in nanoseconds since epoch of the steady clock (as from
- * std::chrono::steady_clock). If the model cannot be prepared by the deadline,
- * the preparation may be aborted. Passing -1 means the deadline is omitted.
- * Other negative values are invalid.
+ * in nanoseconds since boot (as from clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * ::android::base::boot_clock). If the model cannot be prepared by the
+ * deadline, the preparation may be aborted. Passing -1 means the deadline is
+ * omitted. Other negative values are invalid.
* @param modelCache A vector of file descriptors for the security-sensitive cache. The length
* of the vector must match the numModelCache returned from
* getNumberOfCacheFilesNeeded. The cache file descriptors will be provided in
diff --git a/neuralnetworks/aidl/android/hardware/neuralnetworks/IPreparedModel.aidl b/neuralnetworks/aidl/android/hardware/neuralnetworks/IPreparedModel.aidl
index 2a9757b..bfab906 100644
--- a/neuralnetworks/aidl/android/hardware/neuralnetworks/IPreparedModel.aidl
+++ b/neuralnetworks/aidl/android/hardware/neuralnetworks/IPreparedModel.aidl
@@ -73,8 +73,8 @@
* runs from the time the driver sees the call to the executeSynchronously
* function to the time the driver returns from the function.
* @param deadline The time by which the execution is expected to complete. The time is measured
- * in nanoseconds since epoch of the steady clock (as from
- * std::chrono::steady_clock). If the execution cannot be finished by the
+ * in nanoseconds since boot (as from clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * ::android::base::boot_clock). If the execution cannot be finished by the
* deadline, the execution may be aborted. Passing -1 means the deadline is
* omitted. Other negative values are invalid.
* @param loopTimeoutDuration The maximum amount of time in nanoseconds that should be spent
@@ -138,8 +138,8 @@
* sync fences have been signaled.
* @param measure Specifies whether or not to measure duration of the execution.
* @param deadline The time by which the execution is expected to complete. The time is measured
- * in nanoseconds since epoch of the steady clock (as from
- * std::chrono::steady_clock).If the execution cannot be finished by the
+ * in nanoseconds since boot (as from clock_gettime(CLOCK_BOOTTIME, &ts) or
+ * ::android::base::boot_clock). If the execution cannot be finished by the
* deadline, the execution may be aborted. Passing -1 means the deadline is
* omitted. Other negative values are invalid.
* @param loopTimeoutDuration The maximum amount of time in nanoseconds that should be spent
diff --git a/neuralnetworks/aidl/utils/src/Conversions.cpp b/neuralnetworks/aidl/utils/src/Conversions.cpp
index c74c509..d5f7f81 100644
--- a/neuralnetworks/aidl/utils/src/Conversions.cpp
+++ b/neuralnetworks/aidl/utils/src/Conversions.cpp
@@ -931,11 +931,12 @@
}
nn::GeneralResult<int64_t> unvalidatedConvert(const nn::Duration& duration) {
- const uint64_t nanoseconds = duration.count();
- if (nanoseconds > std::numeric_limits<int64_t>::max()) {
- return std::numeric_limits<int64_t>::max();
+ if (duration < nn::Duration::zero()) {
+ return NN_ERROR() << "Unable to convert invalid (negative) duration";
}
- return static_cast<int64_t>(nanoseconds);
+ constexpr std::chrono::nanoseconds::rep kIntMax = std::numeric_limits<int64_t>::max();
+ const auto count = duration.count();
+ return static_cast<int64_t>(std::min(count, kIntMax));
}
nn::GeneralResult<int64_t> unvalidatedConvert(const nn::OptionalDuration& optionalDuration) {
diff --git a/neuralnetworks/aidl/vts/functional/QualityOfServiceTests.cpp b/neuralnetworks/aidl/vts/functional/QualityOfServiceTests.cpp
index 9ace1a9..e803e38 100644
--- a/neuralnetworks/aidl/vts/functional/QualityOfServiceTests.cpp
+++ b/neuralnetworks/aidl/vts/functional/QualityOfServiceTests.cpp
@@ -14,10 +14,10 @@
* limitations under the License.
*/
+#include <android-base/chrono_utils.h>
#include <android/binder_enums.h>
#include <android/binder_interface_utils.h>
#include <android/binder_status.h>
-
#include <nnapi/hal/aidl/Conversions.h>
#include "Callbacks.h"
@@ -61,16 +61,16 @@
return std::chrono::duration_cast<std::chrono::nanoseconds>(timeSinceEpoch).count();
};
- std::chrono::steady_clock::time_point timePoint;
+ ::android::base::boot_clock::time_point timePoint;
switch (deadlineBoundType) {
case DeadlineBoundType::NOW:
- timePoint = std::chrono::steady_clock::now();
+ timePoint = ::android::base::boot_clock::now();
break;
case DeadlineBoundType::UNLIMITED:
- timePoint = std::chrono::steady_clock::time_point::max();
+ timePoint = ::android::base::boot_clock::time_point::max();
break;
case DeadlineBoundType::SHORT:
- timePoint = std::chrono::steady_clock::now() + kShortDuration;
+ timePoint = ::android::base::boot_clock::now() + kShortDuration;
break;
}
diff --git a/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp b/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp
index bed3fdf..c7ba96c 100644
--- a/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp
+++ b/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp
@@ -40,6 +40,12 @@
using ndk::SpAIBinder;
+#define ASSERT_OK(a) \
+ do { \
+ auto ret = a; \
+ ASSERT_TRUE(ret.isOk()) << ret.getDescription(); \
+ } while (0)
+
class PowerStatsAidl : public testing::TestWithParam<std::string> {
public:
virtual void SetUp() override {
@@ -108,7 +114,7 @@
// Each PowerEntity must have a valid name
TEST_P(PowerStatsAidl, ValidatePowerEntityNames) {
std::vector<PowerEntity> infos;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&infos).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&infos));
for (auto info : infos) {
testNameValid(info.name);
@@ -118,7 +124,7 @@
// Each power entity must have a unique name
TEST_P(PowerStatsAidl, ValidatePowerEntityUniqueNames) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
testUnique(entities, &PowerEntity::name);
}
@@ -126,7 +132,7 @@
// Each PowerEntity must have a unique ID
TEST_P(PowerStatsAidl, ValidatePowerEntityIds) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
testUnique(entities, &PowerEntity::id);
}
@@ -134,7 +140,7 @@
// Each power entity must have at least one state
TEST_P(PowerStatsAidl, ValidateStateSize) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
EXPECT_GT(entity.states.size(), 0);
@@ -144,7 +150,7 @@
// Each state must have a valid name
TEST_P(PowerStatsAidl, ValidateStateNames) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
for (auto state : entity.states) {
@@ -156,7 +162,7 @@
// Each state must have a name that is unique to the given PowerEntity
TEST_P(PowerStatsAidl, ValidateStateUniqueNames) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
testUnique(entity.states, &State::name);
@@ -166,7 +172,7 @@
// Each state must have an ID that is unique to the given PowerEntity
TEST_P(PowerStatsAidl, ValidateStateUniqueIds) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
testUnique(entity.states, &State::id);
@@ -176,16 +182,16 @@
// State residency must return a valid status
TEST_P(PowerStatsAidl, TestGetStateResidency) {
std::vector<StateResidencyResult> results;
- ASSERT_TRUE(powerstats->getStateResidency({}, &results).isOk());
+ ASSERT_OK(powerstats->getStateResidency({}, &results));
}
// State residency must return all results
TEST_P(PowerStatsAidl, TestGetStateResidencyAllResults) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
std::vector<StateResidencyResult> results;
- ASSERT_TRUE(powerstats->getStateResidency({}, &results).isOk());
+ ASSERT_OK(powerstats->getStateResidency({}, &results));
testMatching(entities, &PowerEntity::id, results, &StateResidencyResult::id);
}
@@ -193,10 +199,10 @@
// Each result must contain all state residencies
TEST_P(PowerStatsAidl, TestGetStateResidencyAllStateResidencies) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
std::vector<StateResidencyResult> results;
- ASSERT_TRUE(powerstats->getStateResidency({}, &results).isOk());
+ ASSERT_OK(powerstats->getStateResidency({}, &results));
for (auto entity : entities) {
auto it = std::find_if(results.begin(), results.end(),
@@ -210,7 +216,7 @@
// State residency must return results for each requested power entity
TEST_P(PowerStatsAidl, TestGetStateResidencySelectedResults) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
if (entities.empty()) {
return;
}
@@ -222,7 +228,7 @@
}
std::vector<StateResidencyResult> selectedResults;
- ASSERT_TRUE(powerstats->getStateResidency(selectedIds, &selectedResults).isOk());
+ ASSERT_OK(powerstats->getStateResidency(selectedIds, &selectedResults));
testMatching(selectedEntities, &PowerEntity::id, selectedResults, &StateResidencyResult::id);
}
@@ -230,15 +236,25 @@
// Energy meter info must return a valid status
TEST_P(PowerStatsAidl, TestGetEnergyMeterInfo) {
std::vector<Channel> info;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&info).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&info));
}
-// Each channel must have a valid name and subsystem
+// Each channel must have a valid name
TEST_P(PowerStatsAidl, ValidateChannelNames) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
+
for (auto channel : channels) {
testNameValid(channel.name);
+ }
+}
+
+// Each channel must have a valid subsystem
+TEST_P(PowerStatsAidl, ValidateSubsystemNames) {
+ std::vector<Channel> channels;
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
+
+ for (auto channel : channels) {
testNameValid(channel.subsystem);
}
}
@@ -246,7 +262,7 @@
// Each channel must have a unique name
TEST_P(PowerStatsAidl, ValidateChannelUniqueNames) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
testUnique(channels, &Channel::name);
}
@@ -254,7 +270,7 @@
// Each channel must have a unique ID
TEST_P(PowerStatsAidl, ValidateChannelUniqueIds) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
testUnique(channels, &Channel::id);
}
@@ -262,16 +278,16 @@
// Reading energy meter must return a valid status
TEST_P(PowerStatsAidl, TestReadEnergyMeter) {
std::vector<EnergyMeasurement> data;
- ASSERT_TRUE(powerstats->readEnergyMeter({}, &data).isOk());
+ ASSERT_OK(powerstats->readEnergyMeter({}, &data));
}
// Reading energy meter must return results for all available channels
TEST_P(PowerStatsAidl, TestGetAllEnergyMeasurements) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
std::vector<EnergyMeasurement> measurements;
- ASSERT_TRUE(powerstats->readEnergyMeter({}, &measurements).isOk());
+ ASSERT_OK(powerstats->readEnergyMeter({}, &measurements));
testMatching(channels, &Channel::id, measurements, &EnergyMeasurement::id);
}
@@ -279,7 +295,7 @@
// Reading energy must must return results for each selected channel
TEST_P(PowerStatsAidl, TestGetSelectedEnergyMeasurements) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
if (channels.empty()) {
return;
}
@@ -291,7 +307,7 @@
}
std::vector<EnergyMeasurement> selectedMeasurements;
- ASSERT_TRUE(powerstats->readEnergyMeter(selectedIds, &selectedMeasurements).isOk());
+ ASSERT_OK(powerstats->readEnergyMeter(selectedIds, &selectedMeasurements));
testMatching(selectedChannels, &Channel::id, selectedMeasurements, &EnergyMeasurement::id);
}
@@ -299,13 +315,13 @@
// Energy consumer info must return a valid status
TEST_P(PowerStatsAidl, TestGetEnergyConsumerInfo) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
}
// Each energy consumer must have a unique id
TEST_P(PowerStatsAidl, TestGetEnergyConsumerUniqueId) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
testUnique(consumers, &EnergyConsumer::id);
}
@@ -313,7 +329,7 @@
// Each energy consumer must have a valid name
TEST_P(PowerStatsAidl, ValidateEnergyConsumerNames) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
for (auto consumer : consumers) {
testNameValid(consumer.name);
@@ -323,7 +339,7 @@
// Each energy consumer must have a unique name
TEST_P(PowerStatsAidl, ValidateEnergyConsumerUniqueNames) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
testUnique(consumers, &EnergyConsumer::name);
}
@@ -331,7 +347,7 @@
// Energy consumers of the same type must have ordinals that are 0,1,2,..., N - 1
TEST_P(PowerStatsAidl, ValidateEnergyConsumerOrdinals) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
std::unordered_map<EnergyConsumerType, std::set<int32_t>> ordinalMap;
@@ -350,16 +366,16 @@
// Energy consumed must return a valid status
TEST_P(PowerStatsAidl, TestGetEnergyConsumed) {
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
}
// Energy consumed must return data for all energy consumers
TEST_P(PowerStatsAidl, TestGetAllEnergyConsumed) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
testMatching(consumers, &EnergyConsumer::id, results, &EnergyConsumerResult::id);
}
@@ -367,7 +383,7 @@
// Energy consumed must return data for each selected energy consumer
TEST_P(PowerStatsAidl, TestGetSelectedEnergyConsumed) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
if (consumers.empty()) {
return;
}
@@ -379,7 +395,7 @@
}
std::vector<EnergyConsumerResult> selectedResults;
- ASSERT_TRUE(powerstats->getEnergyConsumed(selectedIds, &selectedResults).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed(selectedIds, &selectedResults));
testMatching(selectedConsumers, &EnergyConsumer::id, selectedResults,
&EnergyConsumerResult::id);
@@ -388,7 +404,7 @@
// Energy consumed attribution uids must be unique for a given energy consumer
TEST_P(PowerStatsAidl, ValidateEnergyConsumerAttributionUniqueUids) {
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
for (auto result : results) {
testUnique(result.attribution, &EnergyConsumerAttribution::uid);
@@ -398,7 +414,7 @@
// Energy consumed total energy >= sum total of uid-attributed energy
TEST_P(PowerStatsAidl, TestGetEnergyConsumedAttributedEnergy) {
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
for (auto result : results) {
int64_t totalAttributedEnergyUWs = 0;
diff --git a/security/keymint/aidl/Android.bp b/security/keymint/aidl/Android.bp
index 6766d99..0c11f3b 100644
--- a/security/keymint/aidl/Android.bp
+++ b/security/keymint/aidl/Android.bp
@@ -26,6 +26,7 @@
vndk: {
enabled: true,
},
+ apps_enabled: false,
},
rust: {
enabled: true,
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
index 69ec4ce..b05a0f3 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
@@ -118,6 +118,7 @@
MISSING_ISSUER_SUBJECT = -82,
INVALID_ISSUER_SUBJECT = -83,
BOOT_LEVEL_EXCEEDED = -84,
+ HARDWARE_NOT_YET_AVAILABLE = -85,
UNIMPLEMENTED = -100,
VERSION_MISMATCH = -101,
UNKNOWN_ERROR = -1000,
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
index 4f6fb28..bf30999 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -33,7 +33,7 @@
package android.hardware.security.keymint;
/* @hide */
-@VintfStability
+@SensitiveData @VintfStability
interface IKeyMintDevice {
android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
void addRngEntropy(in byte[] data);
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
index 5ac2b4a..4ab4ffe 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -33,7 +33,7 @@
package android.hardware.security.keymint;
/* @hide */
-@VintfStability
+@SensitiveData @VintfStability
interface IKeyMintOperation {
void updateAad(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken);
byte[] update(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken);
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl b/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
index 0e2c5f2..137e6b6 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
@@ -107,6 +107,7 @@
MISSING_ISSUER_SUBJECT = -82,
INVALID_ISSUER_SUBJECT = -83,
BOOT_LEVEL_EXCEEDED = -84,
+ HARDWARE_NOT_YET_AVAILABLE = -85,
UNIMPLEMENTED = -100,
VERSION_MISMATCH = -101,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 5aa3070..1c503c2 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -214,6 +214,7 @@
* @hide
*/
@VintfStability
+@SensitiveData
interface IKeyMintDevice {
const int AUTH_TOKEN_MAC_LENGTH = 32;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
index 5ad54cd..d2a993f 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -22,6 +22,7 @@
/** @hide */
@VintfStability
+@SensitiveData
interface IKeyMintOperation {
/**
* Provides additional authentication data (AAD) to a cryptographic operation begun with
diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp
index fe04ede..4c4258b 100644
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -66,6 +66,7 @@
cc_library {
name: "libcppcose",
vendor_available: true,
+ host_supported: true,
srcs: [
"cppcose.cpp",
],
@@ -73,13 +74,8 @@
"include",
],
shared_libs: [
- "libbinder_ndk",
"libcppbor_external",
"libcrypto",
"liblog",
],
- static_libs: [
- // TODO(swillden): Remove keymint NDK
- "android.hardware.security.keymint-V1-ndk_platform",
- ],
}
diff --git a/sensors/2.1/default/SensorsV2_1.cpp b/sensors/2.1/default/SensorsV2_1.cpp
index 4c5386a..06446a2 100644
--- a/sensors/2.1/default/SensorsV2_1.cpp
+++ b/sensors/2.1/default/SensorsV2_1.cpp
@@ -46,7 +46,8 @@
mSensorInfo.fifoMaxEventCount = 0;
mSensorInfo.requiredPermission = "";
mSensorInfo.flags = static_cast<uint32_t>(V1_0::SensorFlagBits::ON_CHANGE_MODE |
- V1_0::SensorFlagBits::WAKE_UP);
+ V1_0::SensorFlagBits::WAKE_UP |
+ V1_0::SensorFlagBits::DATA_INJECTION);
}
};