Merge "Fix GraphicsMapperStableCTests#LockUnlockNoCPUUsage" into main
diff --git a/audio/aidl/android/hardware/audio/core/IStreamOut.aidl b/audio/aidl/android/hardware/audio/core/IStreamOut.aidl
index f26dc1c..111969f 100644
--- a/audio/aidl/android/hardware/audio/core/IStreamOut.aidl
+++ b/audio/aidl/android/hardware/audio/core/IStreamOut.aidl
@@ -214,7 +214,8 @@
*
* The range of supported values for speed and pitch factors is provided by
* the 'IModule.getSupportedPlaybackRateFactors' method. Out of range speed
- * and pitch values must not be rejected if the fallback mode is 'MUTE'.
+ * and pitch values may result in silent playback instead of returning an
+ * error in the case when the fallback mode is 'MUTE'.
*
* @param playbackRate Playback parameters to set.
* @throws EX_ILLEGAL_ARGUMENT If provided parameters are out of acceptable range.
diff --git a/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp b/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
index 6bce107..93c2a61 100644
--- a/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioCoreModuleTargetTest.cpp
@@ -376,7 +376,8 @@
template <typename PropType, class Instance, typename Getter, typename Setter>
void TestAccessors(Instance* inst, Getter getter, Setter setter,
const std::vector<PropType>& validValues,
- const std::vector<PropType>& invalidValues, bool* isSupported) {
+ const std::vector<PropType>& invalidValues, bool* isSupported,
+ const std::vector<PropType>* ambivalentValues = nullptr) {
PropType initialValue{};
ScopedAStatus status = (inst->*getter)(&initialValue);
if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
@@ -395,6 +396,15 @@
EXPECT_STATUS(EX_ILLEGAL_ARGUMENT, (inst->*setter)(v))
<< "for an invalid value: " << ::testing::PrintToString(v);
}
+ if (ambivalentValues != nullptr) {
+ for (const auto v : *ambivalentValues) {
+ const auto status = (inst->*setter)(v);
+ if (!status.isOk()) {
+ EXPECT_STATUS(EX_ILLEGAL_ARGUMENT, status)
+ << "for an ambivalent value: " << ::testing::PrintToString(v);
+ }
+ }
+ }
EXPECT_IS_OK((inst->*setter)(initialValue)) << "Failed to restore the initial value";
}
@@ -3936,11 +3946,6 @@
AudioPlaybackRate{1.0f, 1.0f, tsVoice, fbFail},
AudioPlaybackRate{factors.maxSpeed, factors.maxPitch, tsVoice, fbMute},
AudioPlaybackRate{factors.minSpeed, factors.minPitch, tsVoice, fbMute},
- // Out of range speed / pitch values must not be rejected if the fallback mode is "mute"
- AudioPlaybackRate{factors.maxSpeed * 2, factors.maxPitch * 2, tsDefault, fbMute},
- AudioPlaybackRate{factors.minSpeed / 2, factors.minPitch / 2, tsDefault, fbMute},
- AudioPlaybackRate{factors.maxSpeed * 2, factors.maxPitch * 2, tsVoice, fbMute},
- AudioPlaybackRate{factors.minSpeed / 2, factors.minPitch / 2, tsVoice, fbMute},
};
const std::vector<AudioPlaybackRate> invalidValues = {
AudioPlaybackRate{factors.maxSpeed, factors.maxPitch * 2, tsDefault, fbFail},
@@ -3956,6 +3961,14 @@
AudioPlaybackRate{1.0f, 1.0f, tsDefault,
AudioPlaybackRate::TimestretchFallbackMode::SYS_RESERVED_DEFAULT},
};
+ const std::vector<AudioPlaybackRate> ambivalentValues = {
+ // Out of range speed / pitch values may optionally be rejected if the fallback mode
+ // is "mute".
+ AudioPlaybackRate{factors.maxSpeed * 2, factors.maxPitch * 2, tsDefault, fbMute},
+ AudioPlaybackRate{factors.minSpeed / 2, factors.minPitch / 2, tsDefault, fbMute},
+ AudioPlaybackRate{factors.maxSpeed * 2, factors.maxPitch * 2, tsVoice, fbMute},
+ AudioPlaybackRate{factors.minSpeed / 2, factors.minPitch / 2, tsVoice, fbMute},
+ };
bool atLeastOneSupports = false;
for (const auto& port : offloadMixPorts) {
const auto portConfig = moduleConfig->getSingleConfigForMixPort(false, port);
@@ -3965,7 +3978,8 @@
bool isSupported = false;
EXPECT_NO_FATAL_FAILURE(TestAccessors<AudioPlaybackRate>(
stream.get(), &IStreamOut::getPlaybackRateParameters,
- &IStreamOut::setPlaybackRateParameters, validValues, invalidValues, &isSupported));
+ &IStreamOut::setPlaybackRateParameters, validValues, invalidValues, &isSupported,
+ &ambivalentValues));
if (isSupported) atLeastOneSupports = true;
}
if (!atLeastOneSupports) {
diff --git a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
index 6e8d410..3b1f3d9 100644
--- a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
+++ b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
@@ -116,6 +116,10 @@
bool isAllParamsValid();
+ void setParamsAndProcess(std::vector<float>& input, std::vector<float>& output);
+
+ float calculateDb(const std::vector<float>& input, size_t startSamplePos);
+
// enqueue test parameters
void addEngineConfig(const DynamicsProcessing::EngineArchitecture& cfg);
void addPreEqChannelConfig(const std::vector<DynamicsProcessing::ChannelConfig>& cfg);
@@ -131,6 +135,9 @@
static constexpr int kBandCount = 5;
static constexpr int kSamplingFrequency = 44100;
static constexpr int kFrameCount = 2048;
+ static constexpr int kInputFrequency = 1000;
+ static constexpr size_t kStartIndex = 15 * kSamplingFrequency / 1000; // skip 15ms
+ static constexpr float kToleranceDb = 0.05;
std::shared_ptr<IFactory> mFactory;
std::shared_ptr<IEffect> mEffect;
Descriptor mDescriptor;
@@ -390,6 +397,22 @@
return true;
}
+float DynamicsProcessingTestHelper::calculateDb(const std::vector<float>& input,
+ size_t startSamplePos = 0) {
+ return audio_utils_compute_power_mono(input.data() + startSamplePos, AUDIO_FORMAT_PCM_FLOAT,
+ input.size() - startSamplePos);
+}
+
+void DynamicsProcessingTestHelper::setParamsAndProcess(std::vector<float>& input,
+ std::vector<float>& output) {
+ ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
+ if (isAllParamsValid()) {
+ ASSERT_NO_FATAL_FAILURE(
+ processAndWriteToOutput(input, output, mEffect, &mOpenEffectReturn));
+ ASSERT_GT(output.size(), kStartIndex);
+ }
+}
+
void DynamicsProcessingTestHelper::addEngineConfig(
const DynamicsProcessing::EngineArchitecture& cfg) {
DynamicsProcessing dp;
@@ -593,6 +616,66 @@
});
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(DynamicsProcessingTestInputGain);
+class DynamicsProcessingInputGainDataTest
+ : public ::testing::TestWithParam<std::pair<std::shared_ptr<IFactory>, Descriptor>>,
+ public DynamicsProcessingTestHelper {
+ public:
+ DynamicsProcessingInputGainDataTest()
+ : DynamicsProcessingTestHelper((GetParam()), AudioChannelLayout::LAYOUT_MONO) {
+ mInput.resize(kFrameCount * mChannelCount);
+ generateSineWave(kInputFrequency /*Input Frequency*/, mInput);
+ mInputDb = calculateDb(mInput);
+ }
+
+ void SetUp() override {
+ SetUpDynamicsProcessingEffect();
+ SKIP_TEST_IF_DATA_UNSUPPORTED(mDescriptor.common.flags);
+ }
+
+ void TearDown() override { TearDownDynamicsProcessingEffect(); }
+
+ void cleanUpInputGainConfig() {
+ CleanUp();
+ mInputGain.clear();
+ }
+
+ std::vector<DynamicsProcessing::InputGain> mInputGain;
+ std::vector<float> mInput;
+ float mInputDb;
+};
+
+TEST_P(DynamicsProcessingInputGainDataTest, SetAndGetInputGain) {
+ std::vector<float> gainDbValues = {-85, -40, 0, 40, 85};
+ for (float gainDb : gainDbValues) {
+ cleanUpInputGainConfig();
+ for (int i = 0; i < mChannelCount; i++) {
+ mInputGain.push_back(DynamicsProcessing::InputGain(i, gainDb));
+ }
+ std::vector<float> output(mInput.size());
+ EXPECT_NO_FATAL_FAILURE(addInputGain(mInputGain));
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(mInput, output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+ EXPECT_NEAR(outputDb, mInputDb + gainDb, kToleranceDb)
+ << "InputGain: " << gainDb << ", OutputDb: " << outputDb;
+ }
+}
+
+INSTANTIATE_TEST_SUITE_P(DynamicsProcessingTest, DynamicsProcessingInputGainDataTest,
+ testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
+ IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
+ [](const auto& info) {
+ auto descriptor = info.param;
+ std::string name = getPrefix(descriptor.second);
+ std::replace_if(
+ name.begin(), name.end(),
+ [](const char c) { return !std::isalnum(c); }, '_');
+ return name;
+ });
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(DynamicsProcessingInputGainDataTest);
+
/**
* Test DynamicsProcessing Limiter Config
*/
@@ -686,11 +769,6 @@
void TearDown() override { TearDownDynamicsProcessingEffect(); }
- float calculateDb(std::vector<float> input, size_t start = 0) {
- return audio_utils_compute_power_mono(input.data() + start, AUDIO_FORMAT_PCM_FLOAT,
- input.size() - start);
- }
-
void computeThreshold(float ratio, float outputDb, float& threshold) {
EXPECT_NE(ratio, 0);
threshold = (mInputDb - (ratio * outputDb)) / (1 - ratio);
@@ -703,16 +781,10 @@
ratio = inputOverThreshold / outputOverThreshold;
}
- void setParamsAndProcess(std::vector<float>& output) {
+ void setLimiterParamsAndProcess(std::vector<float>& input, std::vector<float>& output) {
EXPECT_NO_FATAL_FAILURE(addEngineConfig(mEngineConfigPreset));
EXPECT_NO_FATAL_FAILURE(addLimiterConfig(mLimiterConfigList));
- ASSERT_NO_FATAL_FAILURE(SetAndGetDynamicsProcessingParameters());
- if (isAllParamsValid()) {
- ASSERT_NO_FATAL_FAILURE(
- processAndWriteToOutput(mInput, output, mEffect, &mOpenEffectReturn));
- EXPECT_GT(output.size(), kStartIndex);
- }
- cleanUpLimiterConfig();
+ EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(input, output));
}
void cleanUpLimiterConfig() {
@@ -723,10 +795,8 @@
static constexpr float kDefaultAttackTime = 0;
static constexpr float kDefaultReleaseTime = 0;
static constexpr float kDefaultRatio = 4;
- static constexpr float kDefaultThreshold = 0;
+ static constexpr float kDefaultThreshold = -10;
static constexpr float kDefaultPostGain = 0;
- static constexpr int kInputFrequency = 1000;
- static constexpr size_t kStartIndex = 15 * kSamplingFrequency / 1000; // skip 15ms
std::vector<DynamicsProcessing::LimiterConfig> mLimiterConfigList;
std::vector<float> mInput;
float mInputDb;
@@ -738,17 +808,18 @@
std::vector<float> output(mInput.size());
float previousThreshold = -FLT_MAX;
for (float threshold : thresholdValues) {
+ cleanUpLimiterConfig();
for (int i = 0; i < mChannelCount; i++) {
fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
kDefaultReleaseTime, kDefaultRatio, threshold, kDefaultPostGain);
}
- EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ EXPECT_NO_FATAL_FAILURE(setLimiterParamsAndProcess(mInput, output));
if (!isAllParamsValid()) {
continue;
}
float outputDb = calculateDb(output, kStartIndex);
if (threshold >= mInputDb || kDefaultRatio == 1) {
- EXPECT_EQ(std::round(mInputDb), std::round(outputDb));
+ EXPECT_NEAR(mInputDb, outputDb, kToleranceDb);
} else {
float calculatedThreshold = 0;
EXPECT_NO_FATAL_FAILURE(computeThreshold(kDefaultRatio, outputDb, calculatedThreshold));
@@ -761,48 +832,68 @@
TEST_P(DynamicsProcessingLimiterConfigDataTest, IncreasingRatio) {
std::vector<float> ratioValues = {1, 10, 20, 30, 40, 50};
std::vector<float> output(mInput.size());
- float threshold = -10;
float previousRatio = 0;
for (float ratio : ratioValues) {
+ cleanUpLimiterConfig();
for (int i = 0; i < mChannelCount; i++) {
fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
- kDefaultReleaseTime, ratio, threshold, kDefaultPostGain);
+ kDefaultReleaseTime, ratio, kDefaultThreshold, kDefaultPostGain);
}
- EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ EXPECT_NO_FATAL_FAILURE(setLimiterParamsAndProcess(mInput, output));
if (!isAllParamsValid()) {
continue;
}
float outputDb = calculateDb(output, kStartIndex);
- if (threshold >= mInputDb) {
- EXPECT_EQ(std::round(mInputDb), std::round(outputDb));
+ if (kDefaultThreshold >= mInputDb) {
+ EXPECT_NEAR(mInputDb, outputDb, kToleranceDb);
} else {
float calculatedRatio = 0;
- EXPECT_NO_FATAL_FAILURE(computeRatio(threshold, outputDb, calculatedRatio));
+ EXPECT_NO_FATAL_FAILURE(computeRatio(kDefaultThreshold, outputDb, calculatedRatio));
ASSERT_GT(calculatedRatio, previousRatio);
previousRatio = calculatedRatio;
}
}
}
+TEST_P(DynamicsProcessingLimiterConfigDataTest, IncreasingPostGain) {
+ std::vector<float> postGainDbValues = {-85, -40, 0, 40, 85};
+ std::vector<float> output(mInput.size());
+ for (float postGainDb : postGainDbValues) {
+ cleanUpLimiterConfig();
+ for (int i = 0; i < mChannelCount; i++) {
+ fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup, kDefaultAttackTime,
+ kDefaultReleaseTime, kDefaultRatio, -1, postGainDb);
+ }
+ EXPECT_NO_FATAL_FAILURE(setLimiterParamsAndProcess(mInput, output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+ EXPECT_NEAR(outputDb, mInputDb + postGainDb, kToleranceDb)
+ << "PostGain: " << postGainDb << ", OutputDb: " << outputDb;
+ }
+}
+
TEST_P(DynamicsProcessingLimiterConfigDataTest, LimiterEnableDisable) {
std::vector<bool> limiterEnableValues = {false, true};
std::vector<float> output(mInput.size());
for (bool isEnabled : limiterEnableValues) {
+ cleanUpLimiterConfig();
for (int i = 0; i < mChannelCount; i++) {
// Set non-default values
fillLimiterConfig(mLimiterConfigList, i, isEnabled, kDefaultLinkerGroup,
5 /*attack time*/, 5 /*release time*/, 10 /*ratio*/,
-10 /*threshold*/, 5 /*postgain*/);
}
- EXPECT_NO_FATAL_FAILURE(setParamsAndProcess(output));
+ EXPECT_NO_FATAL_FAILURE(setLimiterParamsAndProcess(mInput, output));
if (!isAllParamsValid()) {
continue;
}
if (isEnabled) {
EXPECT_NE(mInputDb, calculateDb(output, kStartIndex));
} else {
- EXPECT_NEAR(mInputDb, calculateDb(output, kStartIndex), 0.05);
+ EXPECT_NEAR(mInputDb, calculateDb(output, kStartIndex), kToleranceDb);
}
}
}
diff --git a/biometrics/face/aidl/default/Android.bp b/biometrics/face/aidl/default/Android.bp
index bed0405..dc11af6 100644
--- a/biometrics/face/aidl/default/Android.bp
+++ b/biometrics/face/aidl/default/Android.bp
@@ -78,7 +78,7 @@
vendor: true,
relative_install_path: "hw",
init_rc: ["face-default.rc"],
- vintf_fragments: ["face-default.xml"],
+ vintf_fragment_modules: ["android.hardware.biometrics.face-service.default.vintf"],
shared_libs: [
"libbinder_ndk",
"liblog",
@@ -89,6 +89,12 @@
],
}
+vintf_fragment {
+ name: "android.hardware.biometrics.face-service.default.vintf",
+ src: "face-default.xml",
+ vendor: true,
+}
+
sysprop_library {
name: "android.hardware.biometrics.face.VirtualProps",
srcs: ["face.sysprop"],
diff --git a/biometrics/fingerprint/aidl/default/Android.bp b/biometrics/fingerprint/aidl/default/Android.bp
index faaa9c6..c6ffc51 100644
--- a/biometrics/fingerprint/aidl/default/Android.bp
+++ b/biometrics/fingerprint/aidl/default/Android.bp
@@ -83,7 +83,7 @@
vendor: true,
relative_install_path: "hw",
init_rc: ["fingerprint-default.rc"],
- vintf_fragments: ["fingerprint-default.xml"],
+ vintf_fragment_modules: ["android.hardware.biometrics.fingerprint-service.default.vintf"],
local_include_dirs: ["include"],
srcs: [
],
@@ -105,6 +105,12 @@
],
}
+vintf_fragment {
+ name: "android.hardware.biometrics.fingerprint-service.default.vintf",
+ src: "fingerprint-default.xml",
+ vendor: true,
+}
+
cc_test {
name: "android.hardware.biometrics.fingerprint.FakeFingerprintEngineTest",
local_include_dirs: ["include"],
diff --git a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
index 4d90058..51931e7 100644
--- a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
+++ b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp
@@ -397,12 +397,18 @@
while (!event_queue.empty()) {
std::vector<uint8_t> event;
event_queue.front(event);
- auto complete_view = ::bluetooth::hci::CommandCompleteView::Create(
+
+ auto event_view =
::bluetooth::hci::EventView::Create(::bluetooth::hci::PacketView<true>(
- std::make_shared<std::vector<uint8_t>>(event))));
- auto status_view = ::bluetooth::hci::CommandCompleteView::Create(
- ::bluetooth::hci::EventView::Create(::bluetooth::hci::PacketView<true>(
- std::make_shared<std::vector<uint8_t>>(event))));
+ std::make_shared<std::vector<uint8_t>>(event)));
+ if (!event_view.IsValid()) {
+ break;
+ }
+
+ auto status_view = ::bluetooth::hci::CommandStatusView::Create(event_view);
+ auto complete_view =
+ ::bluetooth::hci::CommandCompleteView::Create(event_view);
+
bool is_complete_no_op =
complete_view.IsValid() &&
complete_view.GetCommandOpCode() == ::bluetooth::hci::OpCode::NONE;
diff --git a/broadcastradio/aidl/vts/src/VtsHalBroadcastradioAidlTargetTest.cpp b/broadcastradio/aidl/vts/src/VtsHalBroadcastradioAidlTargetTest.cpp
index 3da19cc..4627ec9 100644
--- a/broadcastradio/aidl/vts/src/VtsHalBroadcastradioAidlTargetTest.cpp
+++ b/broadcastradio/aidl/vts/src/VtsHalBroadcastradioAidlTargetTest.cpp
@@ -783,12 +783,13 @@
}
ProgramSelector sel = {};
- uint64_t freq = 0;
+ uint64_t dabSidExt = 0;
bool dabStationPresent = false;
for (auto&& programInfo : *programList) {
if (!utils::hasId(programInfo.selector, IdentifierType::DAB_FREQUENCY_KHZ)) {
continue;
}
+ uint64_t freq = 0;
for (auto&& config_entry : config) {
if (config_entry.frequencyKhz ==
utils::getId(programInfo.selector, IdentifierType::DAB_FREQUENCY_KHZ, 0)) {
@@ -801,7 +802,7 @@
if (freq == 0) {
continue;
}
- int64_t dabSidExt = utils::getId(programInfo.selector, IdentifierType::DAB_SID_EXT, 0);
+ dabSidExt = utils::getId(programInfo.selector, IdentifierType::DAB_SID_EXT, 0);
int64_t dabEns = utils::getId(programInfo.selector, IdentifierType::DAB_ENSEMBLE, 0);
sel = makeSelectorDab(dabSidExt, (int32_t)dabEns, freq);
dabStationPresent = true;
@@ -830,9 +831,9 @@
LOG(DEBUG) << "Current program info: " << infoCb.toString();
// it should tune exactly to what was requested
- vector<int64_t> freqs = bcutils::getAllIds(infoCb.selector, IdentifierType::DAB_FREQUENCY_KHZ);
- EXPECT_NE(freqs.end(), find(freqs.begin(), freqs.end(), freq))
- << "DAB freq " << freq << " kHz is not sent back by callback.";
+ vector<int64_t> sidExts = bcutils::getAllIds(infoCb.selector, IdentifierType::DAB_SID_EXT);
+ EXPECT_NE(sidExts.end(), find(sidExts.begin(), sidExts.end(), dabSidExt))
+ << "DAB SID ext " << std::hex << dabSidExt << " is not sent back by callback.";
}
/**
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index eec5a75..1d5b2bd 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -170,6 +170,7 @@
"android.hardware.audio.core.sounddose@3",
// This is only used by a trusty VM
"android.hardware.security.see.authmgr@1",
+ "android.hardware.security.see.hdcp@1",
// Deprecated HALs.
"android.hardware.audio.sounddose@3",
diff --git a/drm/Android.bp b/drm/Android.bp
new file mode 100644
index 0000000..35c1b03
--- /dev/null
+++ b/drm/Android.bp
@@ -0,0 +1,5 @@
+dirgroup {
+ name: "trusty_dirgroup_hardware_interfaces_drm",
+ dirs: ["."],
+ visibility: ["//trusty/vendor/google/aosp/scripts"],
+}
diff --git a/drm/aidl/Android.bp b/drm/aidl/Android.bp
index 827621c..7ee8c34 100644
--- a/drm/aidl/Android.bp
+++ b/drm/aidl/Android.bp
@@ -27,6 +27,9 @@
ndk: {
min_sdk_version: "34",
},
+ rust: {
+ enabled: true,
+ },
},
double_loadable: true,
versions_with_info: [
diff --git a/neuralnetworks/aidl/Android.bp b/neuralnetworks/aidl/Android.bp
index 45b34e6..e7583aa 100644
--- a/neuralnetworks/aidl/Android.bp
+++ b/neuralnetworks/aidl/Android.bp
@@ -33,7 +33,6 @@
apex_available: [
"//apex_available:platform",
"com.android.neuralnetworks",
- "test_com.android.neuralnetworks",
],
min_sdk_version: "30",
},
diff --git a/radio/1.6/vts/functional/radio_hidl_hal_api.cpp b/radio/1.6/vts/functional/radio_hidl_hal_api.cpp
index 9f530b3..f909676 100644
--- a/radio/1.6/vts/functional/radio_hidl_hal_api.cpp
+++ b/radio/1.6/vts/functional/radio_hidl_hal_api.cpp
@@ -239,18 +239,13 @@
EXPECT_EQ(std::cv_status::no_timeout, wait());
EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_v1_6->rspInfo.type);
EXPECT_EQ(serial, radioRsp_v1_6->rspInfo.serial);
- if (getRadioHalCapabilities()) {
- ASSERT_TRUE(CheckAnyOfErrors(
- radioRsp_v1_6->rspInfo.error,
- {::android::hardware::radio::V1_6::RadioError::REQUEST_NOT_SUPPORTED}));
- } else {
- ASSERT_TRUE(
- CheckAnyOfErrors(radioRsp_v1_6->rspInfo.error,
- {::android::hardware::radio::V1_6::RadioError::NONE,
- ::android::hardware::radio::V1_6::RadioError::RADIO_NOT_AVAILABLE,
- ::android::hardware::radio::V1_6::RadioError::INTERNAL_ERR,
- ::android::hardware::radio::V1_6::RadioError::MODEM_ERR}));
- }
+ ASSERT_TRUE(CheckAnyOfErrors(
+ radioRsp_v1_6->rspInfo.error,
+ {::android::hardware::radio::V1_6::RadioError::NONE,
+ ::android::hardware::radio::V1_6::RadioError::REQUEST_NOT_SUPPORTED,
+ ::android::hardware::radio::V1_6::RadioError::RADIO_NOT_AVAILABLE,
+ ::android::hardware::radio::V1_6::RadioError::INTERNAL_ERR,
+ ::android::hardware::radio::V1_6::RadioError::MODEM_ERR}));
}
/*
diff --git a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
index 62215f3..a799ab1 100644
--- a/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
+++ b/security/keymint/aidl/vts/functional/BootloaderStateTest.cpp
@@ -99,7 +99,7 @@
// Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked.
TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) {
// Gate this test to avoid waiver issues.
- if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ if (get_vendor_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
return;
}
@@ -142,13 +142,13 @@
avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256,
sha256Digest.data());
- if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ if (get_vendor_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest)
<< "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_)
<< ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest)
<< ").";
} else {
- // Prior to VSR-V, there was no MUST requirement for the algorithm used by the bootloader
+ // Prior to VSR-15, there was no MUST requirement for the algorithm used by the bootloader
// to calculate the VBMeta digest. However, the only two supported options are SHA-256 and
// SHA-512, so we expect the attested VBMeta digest to match one of these.
vector<uint8_t> sha512Digest(AVB_SHA512_DIGEST_SIZE);
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 4429816..06e0f58 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -1435,12 +1435,11 @@
}
bool KeyMintAidlTestBase::IsRkpSupportRequired() const {
- // This is technically not a match to the requirements for S chipsets,
- // however when S shipped there was a bug in the test that skipped the
- // tests if KeyMint 2 was not on the system. So we allowed many chipests
- // to ship without RKP support. In T we hardened the requirements around
- // support for RKP, so relax the test to match.
- return get_vsr_api_level() >= __ANDROID_API_T__;
+ // This is technically weaker than the VSR-12 requirements, but when
+ // Android 12 shipped, there was a bug that skipped the tests if KeyMint
+ // 2 was not present. As a result, many chipsets were allowed to ship
+ // without RKP support. The RKP requirements were hardened in VSR-13.
+ return get_vendor_api_level() >= __ANDROID_API_T__;
}
vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {
@@ -1691,11 +1690,11 @@
vector<uint8_t>* key_blob,
vector<KeyCharacteristics>* key_characteristics,
vector<Certificate>* cert_chain) {
- // The original specification for KeyMint v1 required ATTEST_KEY not be combined
- // with any other key purpose, but the original VTS tests incorrectly did exactly that.
- // This means that a device that launched prior to Android T (API level 33) may
- // accept or even require KeyPurpose::SIGN too.
- if (get_vsr_api_level() < __ANDROID_API_T__) {
+ // The original specification for KeyMint v1 (introduced in Android 12) required ATTEST_KEY not
+ // be combined with any other key purpose, but the original VTS-12 tests incorrectly did exactly
+ // that. The tests were fixed in VTS-13 (vendor API level 33). This means that devices with
+ // vendor API level < 33 may accept or even require KeyPurpose::SIGN too.
+ if (get_vendor_api_level() < __ANDROID_API_T__) {
AuthorizationSet key_desc_plus_sign = key_desc;
key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN);
@@ -1820,13 +1819,19 @@
OPENSSL_free(cert_issuer);
}
-int get_vsr_api_level() {
+int get_vendor_api_level() {
+ // Android 13+ builds have the `ro.vendor.api_level` system property. See
+ // https://source.android.com/docs/core/architecture/api-flags#determine_vendor_api_level_android_13.
int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
if (vendor_api_level != -1) {
return vendor_api_level;
}
- // Android S and older devices do not define ro.vendor.api_level
+ // Android 12 builds have the `ro.board.api_level` and `ro.board.first_api_level` system
+ // properties, which are only expected to be populated for GRF SoCs on Android 12 builds. Note
+ // that they are populated automatically by the build system starting in Android 15, but we use
+ // `ro.vendor.api_level` on such builds (see above). For details, see
+ // https://docs.partner.android.com/gms/building/integrating/extending-os-upgrade-support-windows#new-system-properties.
vendor_api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);
if (vendor_api_level == -1) {
vendor_api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);
@@ -1838,11 +1843,12 @@
EXPECT_NE(product_api_level, -1) << "Could not find ro.build.version.sdk";
}
- // VSR API level is the minimum of vendor_api_level and product_api_level.
- if (vendor_api_level == -1 || vendor_api_level > product_api_level) {
+ // If the `ro.board.api_level` and `ro.board.first_api_level` properties aren't populated, it
+ // means the build doesn't have a GRF SoC, so the product API level should be used.
+ if (vendor_api_level == -1) {
return product_api_level;
}
- return vendor_api_level;
+ return std::min(product_api_level, vendor_api_level);
}
bool is_gsi_image() {
@@ -1909,13 +1915,13 @@
}
}
- if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ if (get_vendor_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
// The Verified Boot key field should be exactly 32 bytes since it
// contains the SHA-256 hash of the key on locked devices or 32 bytes
// of zeroes on unlocked devices. This wasn't checked for earlier
- // versions of the KeyMint HAL, so only only be strict for VSR-16+.
+ // versions of the KeyMint HAL, so we version-gate the strict check.
EXPECT_EQ(verified_boot_key.size(), 32);
- } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ } else if (get_vendor_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
// The Verified Boot key field should be:
// - Exactly 32 bytes on locked devices since it should contain
// the SHA-256 hash of the key, or
@@ -1924,7 +1930,7 @@
// specification).
// Thus, we can't check for strict equality in case unlocked devices
// report values with less than 32 bytes. This wasn't checked for
- // earlier versions of the KeyMint HAL, so only check on VSR-15.
+ // earlier versions of the KeyMint HAL, so we version-gate the check.
EXPECT_LE(verified_boot_key.size(), 32);
}
@@ -2416,7 +2422,7 @@
} else if (result == ErrorCode::INVALID_TAG) {
// Depending on the situation, other error codes may be acceptable. First, allow older
// implementations to use INVALID_TAG.
- ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__)
+ ASSERT_FALSE(get_vendor_api_level() > __ANDROID_API_T__)
<< "It is a specification violation for INVALID_TAG to be returned due to ID "
<< "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
<< "be used for a case where updateAad() is called after update(). As of "
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 1c12136..6c327bb 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -406,8 +406,8 @@
add_tag(tags, ttag, ::android::base::GetProperty(prop, /* default= */ ""));
}
-// Return the VSR API level for this device.
-int get_vsr_api_level();
+// Return the vendor API level for this device.
+int get_vendor_api_level();
// Indicate whether the test is running on a GSI image.
bool is_gsi_image();
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index e8a767b..743928e 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4158,13 +4158,15 @@
* when the EC_CURVE is not explicitly specified.
*/
TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {
- if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
/*
* The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import
- * of EC keys. However, this was not checked at the time so we can only be strict about
- * checking this for implementations at VSR-V or later.
+ * of EC keys. However, this was not checked at the time, so we version-gate the strict
+ * check.
*/
- GTEST_SKIP() << "Skipping EC_CURVE on import only strict >= VSR-V";
+ GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: "
+ << vendor_api_level;
}
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
@@ -5316,15 +5318,15 @@
"8564");
TEST_P(ImportWrappedKeyTest, RsaKey) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
/*
* The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to
* just symmetric keys. However, the import of asymmetric wrapped keys was not tested
- * at the time, so we can only be strict about checking this for implementations claiming
- * support for VSR API level 35 and above.
+ * at the time, so we version-gate the strict check.
*/
- GTEST_SKIP() << "Applies only to VSR API level 35, this device is: " << vsr_api_level;
+ GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: "
+ << vendor_api_level;
}
auto wrapping_key_desc = AuthorizationSetBuilder()
@@ -5347,15 +5349,15 @@
}
TEST_P(ImportWrappedKeyTest, EcKey) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
/*
* The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to
* just symmetric keys. However, the import of asymmetric wrapped keys was not tested
- * at the time, so we can only be strict about checking this for implementations claiming
- * support for VSR API level 35 and above.
+ * at the time, so we version-gate the strict check.
*/
- GTEST_SKIP() << "Applies only to VSR API level 35, this device is: " << vsr_api_level;
+ GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: "
+ << vendor_api_level;
}
auto wrapping_key_desc = AuthorizationSetBuilder()
@@ -8945,27 +8947,30 @@
// @VsrTest = VSR-3.10-008
TEST_P(VsrRequirementTest, Vsr13Test) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < __ANDROID_API_T__) {
- GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < __ANDROID_API_T__) {
+ GTEST_SKIP() << "Applies only to vendor API level >= 33, but this device is: "
+ << vendor_api_level;
}
EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2";
}
// @VsrTest = VSR-3.10-013.001
TEST_P(VsrRequirementTest, Vsr14Test) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < __ANDROID_API_U__) {
- GTEST_SKIP() << "Applies only to VSR API level 34, this device is: " << vsr_api_level;
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < __ANDROID_API_U__) {
+ GTEST_SKIP() << "Applies only to vendor API level >= 34, but this device is: "
+ << vendor_api_level;
}
EXPECT_GE(AidlVersion(), 3) << "VSR 14+ requires KeyMint version 3";
}
// @VsrTest = GMS-VSR-3.10-019
TEST_P(VsrRequirementTest, Vsr16Test) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
- GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level;
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ GTEST_SKIP() << "Applies only to vendor API level > 202404, but this device is: "
+ << vendor_api_level;
}
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Applies only to TEE KeyMint, not StrongBox KeyMint";
diff --git a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
index 1f09328..5888644 100644
--- a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
+++ b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp
@@ -115,13 +115,14 @@
const auto& vbKey = rot->asArray()->get(pos++);
ASSERT_TRUE(vbKey);
ASSERT_TRUE(vbKey->asBstr());
- if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ if (get_vendor_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
// The Verified Boot key field should be exactly 32 bytes since it
// contains the SHA-256 hash of the key on locked devices or 32 bytes
// of zeroes on unlocked devices. This wasn't checked for earlier
- // versions of the KeyMint HAL, so only only be strict for VSR-16+.
+ // versions of the KeyMint HAL, so we version-gate the strict check.
ASSERT_EQ(vbKey->asBstr()->value().size(), 32);
- } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ } else if (get_vendor_api_level() ==
+ AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
// The Verified Boot key field should be:
// - Exactly 32 bytes on locked devices since it should contain
// the SHA-256 hash of the key, or
@@ -130,7 +131,7 @@
// specification).
// Thus, we can't check for strict equality in case unlocked devices
// report values with less than 32 bytes. This wasn't checked for
- // earlier versions of the KeyMint HAL, so only check on VSR-15.
+ // earlier versions of the KeyMint HAL, so we version-gate the check.
ASSERT_LE(vbKey->asBstr()->value().size(), 32);
}
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index d86a678..e3c1e58 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -99,7 +99,7 @@
0x02, 0xb4, 0x8a, 0xd2, 0x4c, 0xc4, 0x70, 0x6b, 0x88, 0x98, 0x23, 0x9e, 0xb3, 0x52, 0xb1};
inline const std::vector<uint8_t> kCsrWithDegenerateDiceChain{
- 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf2,
+ 0x84, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf2,
0xc6, 0x50, 0xd2, 0x42, 0x59, 0xe0, 0x4e, 0x7b, 0xc0, 0x75, 0x41, 0xa2, 0xe9, 0xd0, 0xe8,
0x18, 0xd7, 0xd7, 0x63, 0x7e, 0x41, 0x04, 0x7e, 0x52, 0x1a, 0xb1, 0xb7, 0xdc, 0x13, 0xb3,
0x0f, 0x22, 0x58, 0x20, 0x1a, 0xf3, 0x8b, 0x0f, 0x7a, 0xc6, 0xf2, 0xb8, 0x31, 0x0b, 0x40,
@@ -157,12 +157,7 @@
0xe2, 0xfe, 0x7c, 0x0d, 0x2c, 0x88, 0x3b, 0x23, 0x66, 0x93, 0x7b, 0x94, 0x59, 0xc4, 0x87,
0x16, 0xc4, 0x3a, 0x85, 0x60, 0xe3, 0x62, 0x45, 0x53, 0xa8, 0x1d, 0x4e, 0xa4, 0x2b, 0x61,
0x33, 0x17, 0x71, 0xb6, 0x40, 0x11, 0x7d, 0x23, 0x64, 0xe6, 0x49, 0xbe, 0xa6, 0x85, 0x32,
- 0x1a, 0x89, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74,
- 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
- 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69,
- 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75,
- 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79,
- 0x73};
+ 0x1a, 0x89};
// The challenge that is in kKeysToSignForCsrWithUdsCerts and kCsrWithUdsCerts
inline const std::vector<uint8_t> kChallenge{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
@@ -189,7 +184,7 @@
0xc9, 0x0a};
inline const std::vector<uint8_t> kCsrWithUdsCerts{
- 0x85, 0x01, 0xa1, 0x70, 0x74, 0x65, 0x73, 0x74, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72,
+ 0x84, 0x01, 0xa1, 0x70, 0x74, 0x65, 0x73, 0x74, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72,
0x2d, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0x59, 0x01, 0x6c, 0x30, 0x82, 0x01, 0x68, 0x30, 0x82,
0x01, 0x1a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x7b, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
@@ -310,12 +305,7 @@
0x48, 0x3c, 0xab, 0xd3, 0x74, 0xf8, 0x41, 0x88, 0x9b, 0x48, 0xf3, 0x93, 0x06, 0x40, 0x1b,
0x5f, 0x60, 0x7b, 0xbe, 0xd8, 0xa6, 0x65, 0xff, 0x6a, 0x89, 0x24, 0x12, 0x1b, 0xac, 0xa3,
0xd5, 0x37, 0x85, 0x6e, 0x53, 0x8d, 0xa5, 0x07, 0xe7, 0xe7, 0x44, 0x2c, 0xba, 0xa0, 0xbe,
- 0x1a, 0x43, 0xde, 0x28, 0x59, 0x65, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70,
- 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72,
- 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a,
- 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e,
- 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65,
- 0x2d, 0x6b, 0x65, 0x79, 0x73};
+ 0x1a, 0x43, 0xde, 0x28, 0x59, 0x65};
inline const std::vector<uint8_t> kKeysToSignForCsrWithoutUdsCerts = {
0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x11, 0x29, 0x11, 0x96,
@@ -409,7 +399,7 @@
0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
inline const std::vector<uint8_t> kCsrWithKeyMintInComponentName{
- 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x44,
+ 0x84, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x44,
0xfd, 0xdd, 0xf1, 0x8a, 0x78, 0xa0, 0xbe, 0x37, 0x49, 0x51, 0x85, 0xfb, 0x7a, 0x16, 0xca,
0xc1, 0x00, 0xb3, 0x78, 0x13, 0x4a, 0x90, 0x4c, 0x5a, 0xa1, 0x3b, 0xfc, 0xea, 0xb6, 0xf3,
0x16, 0x22, 0x58, 0x20, 0x12, 0x7f, 0xf5, 0xe2, 0x14, 0xbd, 0x5d, 0x51, 0xd3, 0x7f, 0x2f,
@@ -477,15 +467,10 @@
0x90, 0x73, 0x0f, 0x8c, 0x10, 0x0f, 0x99, 0xd2, 0x85, 0x6e, 0x03, 0x45, 0x55, 0x28, 0xf7,
0x64, 0x0b, 0xbd, 0x7c, 0x3a, 0x69, 0xf1, 0x80, 0x1a, 0xf3, 0x93, 0x7e, 0x82, 0xfc, 0xa5,
0x3b, 0x69, 0x98, 0xf1, 0xde, 0x06, 0xb6, 0x72, 0x78, 0x0b, 0xdb, 0xbb, 0x97, 0x20, 0x04,
- 0x98, 0xb0, 0xd4, 0x07, 0x83, 0x65, 0xfb, 0xf8, 0x9c, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67,
- 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31,
- 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63,
- 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38,
- 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65,
- 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+ 0x98, 0xb0, 0xd4, 0x07, 0x83, 0x65, 0xfb, 0xf8, 0x9c};
inline std::vector<uint8_t> kCsrWithDebugMode{
- 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x03,
+ 0x84, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x03,
0x09, 0xad, 0x0d, 0x07, 0xec, 0x59, 0xfc, 0x14, 0x31, 0x21, 0x1f, 0xbc, 0x8e, 0x44, 0xe7,
0x0f, 0xa9, 0xb7, 0x5a, 0x57, 0x38, 0x5f, 0x76, 0x8a, 0xa3, 0x38, 0x2c, 0xf0, 0x1b, 0x37,
0x15, 0x22, 0x58, 0x20, 0x82, 0xae, 0x09, 0x76, 0x9c, 0x1d, 0x18, 0x39, 0x5d, 0x09, 0xf8,
@@ -552,15 +537,10 @@
0x26, 0x7f, 0xdd, 0x9c, 0xac, 0xe2, 0xbf, 0xe2, 0xfb, 0x3c, 0x3f, 0xd6, 0x6f, 0x9a, 0x97,
0xc3, 0x2a, 0x60, 0xfe, 0x0e, 0x9f, 0x11, 0xc9, 0x04, 0xa7, 0xdf, 0xe1, 0x21, 0x1e, 0xc1,
0x10, 0x10, 0x64, 0xf7, 0xeb, 0xcc, 0x3a, 0x4c, 0xa6, 0xdf, 0xd8, 0xf5, 0xcc, 0x0d, 0x34,
- 0xa4, 0x32, 0xf4, 0x0a, 0xd7, 0x83, 0x1e, 0x30, 0x0d, 0x68, 0x6a, 0xb4, 0xc1, 0xa1, 0x6b,
- 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72,
- 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64,
- 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30,
- 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f,
- 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+ 0xa4, 0x32, 0xf4, 0x0a, 0xd7, 0x83, 0x1e, 0x30, 0x0d, 0x68, 0x6a, 0xb4, 0xc1};
inline const std::vector<uint8_t> kCsrWithSharedUdsRoot1{
- 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
+ 0x84, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca,
0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3,
0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08,
@@ -627,15 +607,10 @@
0x08, 0x8a, 0x5b, 0xb9, 0xef, 0x28, 0x5a, 0xe0, 0x02, 0x40, 0xf5, 0x68, 0x49, 0x8b, 0xa7,
0xf7, 0x9d, 0xa3, 0xb3, 0x37, 0x72, 0x79, 0xa9, 0x32, 0x47, 0xf6, 0x8d, 0x5d, 0x08, 0xe7,
0xec, 0x00, 0x19, 0x09, 0x6f, 0x0a, 0x4d, 0x7c, 0x62, 0x6c, 0x2b, 0xaa, 0x33, 0x61, 0xe5,
- 0xa5, 0x3f, 0x2a, 0xfe, 0xcc, 0xdf, 0x8e, 0x62, 0x1c, 0x31, 0xe1, 0x56, 0x6b, 0xa1, 0x6b,
- 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72,
- 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64,
- 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30,
- 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f,
- 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+ 0xa5, 0x3f, 0x2a, 0xfe, 0xcc, 0xdf, 0x8e, 0x62, 0x1c, 0x31, 0xe1, 0x56, 0x6b};
inline const std::vector<uint8_t> kCsrWithSharedUdsRoot2{
- 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
+ 0x84, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca,
0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3,
0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08,
@@ -702,12 +677,7 @@
0xbf, 0xd5, 0x06, 0x2c, 0xac, 0x18, 0x3c, 0xbb, 0xc6, 0x77, 0x99, 0x2f, 0x4e, 0x71, 0xcd,
0x7a, 0x9b, 0x93, 0xc7, 0x08, 0xa3, 0x71, 0x89, 0xb5, 0xb2, 0x04, 0xbe, 0x69, 0x22, 0xf3,
0x66, 0xb8, 0xa9, 0xc6, 0x5e, 0x7c, 0x45, 0xf6, 0x2f, 0x8a, 0xa9, 0x3e, 0xee, 0x6f, 0x92,
- 0x2a, 0x9c, 0x91, 0xe2, 0x1d, 0x4a, 0x4e, 0x4a, 0xb4, 0xcc, 0x87, 0xd2, 0x85, 0x5f, 0xa1,
- 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62,
- 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f,
- 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32,
- 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72,
- 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+ 0x2a, 0x9c, 0x91, 0xe2, 0x1d, 0x4a, 0x4e, 0x4a, 0xb4, 0xcc, 0x87, 0xd2, 0x85, 0x5f};
const RpcHardwareInfo kRpcHardwareInfo = {.versionNumber = 3};
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index f40a752..810cc38 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -186,10 +186,10 @@
if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
GTEST_SKIP() << "The RKP VM is not supported on this system.";
}
- int apiLevel = get_vsr_api_level();
- if (apiLevel < __ANDROID_API_V__) {
- GTEST_SKIP() << "The RKP VM is supported only on V+ devices. Vendor API level: "
- << apiLevel;
+ int vendorApiLevel = get_vendor_api_level();
+ if (vendorApiLevel < __ANDROID_API_V__) {
+ GTEST_SKIP() << "The RKP VM is supported only on vendor API level >= 202404. This "
+ << "device has vendor API level: " << vendorApiLevel;
}
}
ASSERT_TRUE(status.isOk());
@@ -240,10 +240,10 @@
// @VsrTest = 3.10-015
// @VsrTest = 3.10-018.001
TEST(NonParameterizedTests, requireDiceOnDefaultInstanceIfStrongboxPresent) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < 35) {
- GTEST_SKIP() << "Applies only to VSR API level 35 or newer, this device is: "
- << vsr_api_level;
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < __ANDROID_API_V__) {
+ GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: "
+ << vendor_api_level;
}
if (!AServiceManager_isDeclared(KEYMINT_STRONGBOX_INSTANCE_NAME.c_str())) {
@@ -270,11 +270,11 @@
*/
// @VsrTest = 7.1-003.001
TEST(NonParameterizedTests, equalUdsPubInDiceCertChainForRkpVmAndPrimaryKeyMintInstances) {
- int apiLevel = get_vsr_api_level();
- if (apiLevel < 202504 && !AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) {
+ int vendorApiLevel = get_vendor_api_level();
+ if (vendorApiLevel < 202504 && !AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) {
GTEST_SKIP() << "The RKP VM (" << RKPVM_INSTANCE_NAME << ") is not present on this device.";
}
- if (apiLevel >= 202504) {
+ if (vendorApiLevel >= 202504) {
ASSERT_TRUE(AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str()));
}
@@ -319,10 +319,10 @@
*/
// @VsrTest = 3.10-018.003
TEST(NonParameterizedTests, componentNameInConfigurationDescriptorForPrimaryKeyMintInstance) {
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < 202504) {
- GTEST_SKIP() << "Applies only to VSR API level 202504 or newer, this device is: "
- << vsr_api_level;
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < 202504) {
+ GTEST_SKIP() << "Applies only to vendor API level >= 202504, but this device is: "
+ << vendor_api_level;
}
if (!AServiceManager_isDeclared(KEYMINT_STRONGBOX_INSTANCE_NAME.c_str())) {
@@ -1155,10 +1155,10 @@
TEST_P(VsrRequirementTest, VsrEnforcementTest) {
RpcHardwareInfo hwInfo;
ASSERT_TRUE(provisionable_->getHardwareInfo(&hwInfo).isOk());
- int vsr_api_level = get_vsr_api_level();
- if (vsr_api_level < 34) {
- GTEST_SKIP() << "Applies only to VSR API level 34 or newer, this device is: "
- << vsr_api_level;
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level < __ANDROID_API_U__) {
+ GTEST_SKIP() << "Applies only to vendor API level >= 34, but this device is: "
+ << vendor_api_level;
}
EXPECT_GE(hwInfo.versionNumber, 3)
<< "VSR 14+ requires IRemotelyProvisionedComponent v3 or newer.";
diff --git a/security/see/hdcp/README.md b/security/see/hdcp/README.md
new file mode 100644
index 0000000..76b8670
--- /dev/null
+++ b/security/see/hdcp/README.md
@@ -0,0 +1,65 @@
+# IHDCPAuthControl as a Trusted HAL service
+
+IHDCPAuthControl is expected to be a service implemented in a TEE.
+We provide a default reference implementation and its integration in Trusty
+as an example.
+
+The VTS test for a Trusted HAL service ought to run in the VM.
+We provide an integration of the VTS test in a Trusty VM,
+and later in a Microdroid VM (b/380632474).
+
+This interface shall not be exposed to the host and thus shall be part of
+the list of excluded interfaces from
+[compatibility_matrices/exclude/fcm_exclude.cpp](../../../compatibility_matrices/exclude/fcm_exclude.cpp)
+
+## 1. Mock Implementation
+
+The mock implementation under default/src/lib.rs is expected to be integrated in a
+TEE. For AOSP testing we offer two virtual device testing options:
+
+- Cuttlefish AVD, where the reference implementation is integrated in an AVF VM, emulating a TEE.
+- Trusty QEMU AVD, where the reference implementation is integrated in a Trusty TEE image (executed in secure world)
+
+### 1.1. Cuttlefish: Integrate in an AVF HAL pVM (Trusty)
+
+In Cuttlefish, we emulate a TEE with an AVF Trusty pVM.
+The VM2TZ IPC is emulated with a vsock port forward utility (b/379582767).
+
+Until vsock port forwarding is supported, the trusty_test_vm is used temporarily.
+(VTS tests and HAL implementation will be in same pVM).
+
+TODO: complete when trusty_hal_vm is created
+
+In order to add the mock HdcpAuthControlService to the trusty_test_vm, make sure
+that `hardware/interfaces/security/see/hdcp/default` is added to the
+trusty_test_vm makefile, by adding it to
+[trusty/device/x86/generic-x86_64/project/generic-x86_64-inc.mk](../../../../../trusty/device/x86/generic-x86_64/project/generic-x86_64-inc.mk)
+
+### 1.2. Trusty QEMU AVD: Integrate as a TA in Trusty TEE
+
+In order to add the mock HdcpAuthControlService to the Trusty TEE, make sure
+that `hardware/interfaces/security/see/hdcp/default` is added to
+[trusty/device/arm/generic-arm64/project/generic-arm-inc.mk](../../../../../trusty/device/arm/generic-arm64/project/generic-arm-inc.mk)
+
+
+## 2. VTS Tests
+
+IHdcpAuthControl service is expected to only be exposed to AVF pVM.
+
+The VTS tests shall verify:
+
+- IHdcpAuthControl cannot be accessed from the Android Host:
+
+ see [aidl/vts/src/host_test.rs](aidl/vts/host_test.rs)
+
+- IHdcpAuthControl can be accessed from an AVF pVM:
+
+ see [aidl/vts/src/vm_test.rs](aidl/vts/src/vm_test.rs)
+ see [aidl/vts/AndroidTest.xml](aidl/vts/AndroidTest.xml)
+
+
+To integrate the VTS test in the trusty_test_vm:
+
+1.
+1. add the test to [hardware/interfaces/security/see/usertests-rust-inc.mk](../usertests-rust-inc.mk)
+
diff --git a/security/see/hdcp/aidl/Android.bp b/security/see/hdcp/aidl/Android.bp
new file mode 100644
index 0000000..ad1db37
--- /dev/null
+++ b/security/see/hdcp/aidl/Android.bp
@@ -0,0 +1,57 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_team: "trendy_team_trusty",
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+aidl_interface {
+ name: "android.hardware.security.see.hdcp",
+ vendor_available: true,
+ srcs: ["android/hardware/security/see/hdcp/*.aidl"],
+ imports: [
+ "android.hardware.drm.common-V1",
+ ],
+ stability: "vintf",
+ frozen: false,
+ backend: {
+ java: {
+ enabled: false,
+ },
+ cpp: {
+ enabled: false,
+ },
+ ndk: {
+ min_sdk_version: "34",
+ },
+ rust: {
+ enabled: true,
+ gen_mockall: true,
+ additional_rustlibs: [
+ "libmockall",
+ ],
+ },
+ },
+}
+
+// A rust_defaults that includes the latest hdcp AIDL library.
+// Modules that depend on hdcp directly can include this rust_defaults to avoid
+// managing dependency versions explicitly.
+rust_defaults {
+ name: "hdcp_use_latest_hal_aidl_rust",
+ rustlibs: [
+ "android.hardware.security.see.hdcp-V1-rust",
+ ],
+}
diff --git a/security/see/hdcp/aidl/aidl_api/android.hardware.security.see.hdcp/current/android/hardware/security/see/hdcp/IHdcpAuthControl.aidl b/security/see/hdcp/aidl/aidl_api/android.hardware.security.see.hdcp/current/android/hardware/security/see/hdcp/IHdcpAuthControl.aidl
new file mode 100644
index 0000000..b73d554
--- /dev/null
+++ b/security/see/hdcp/aidl/aidl_api/android.hardware.security.see.hdcp/current/android/hardware/security/see/hdcp/IHdcpAuthControl.aidl
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hdcp;
+@VintfStability
+interface IHdcpAuthControl {
+ android.hardware.drm.HdcpLevels getHdcpLevels();
+ void trySetHdcpLevel(in android.hardware.drm.HdcpLevel level);
+ android.hardware.security.see.hdcp.IHdcpAuthControl.PendingHdcpLevelResult getPendingHdcpLevel();
+ parcelable HalErrorCode {
+ const int NO_ERROR = 0;
+ const int GENERIC_ERROR = (-1) /* -1 */;
+ const int BAD_STATE = (-2) /* -2 */;
+ const int UNSUPPORTED = (-3) /* -3 */;
+ const int SERIALIZATION_ERROR = (-4) /* -4 */;
+ const int ALLOCATION_ERROR = (-5) /* -5 */;
+ const int BAD_PARAMETER = (-7) /* -7 */;
+ const int UNAUTHORIZED = (-8) /* -8 */;
+ }
+ parcelable PendingHdcpLevelResult {
+ android.hardware.security.see.hdcp.IHdcpAuthControl.PendingHdcpLevelResult.Status status;
+ android.hardware.drm.HdcpLevel level;
+ enum Status {
+ NONE,
+ PENDING,
+ }
+ }
+}
diff --git a/security/see/hdcp/aidl/android/hardware/security/see/hdcp/IHdcpAuthControl.aidl b/security/see/hdcp/aidl/android/hardware/security/see/hdcp/IHdcpAuthControl.aidl
new file mode 100644
index 0000000..b9a1fe5
--- /dev/null
+++ b/security/see/hdcp/aidl/android/hardware/security/see/hdcp/IHdcpAuthControl.aidl
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hdcp;
+
+/**
+ * IHdcpAuthControl is used by the OEMCrypto Trusted Application to interact
+ * with a HDCP Encryption Trusted Application in order to control the
+ * HDCP Authentication Levels.
+ */
+@VintfStability
+interface IHdcpAuthControl {
+ /*
+ * Service error codes. Will be returned as service specific errors.
+ */
+ parcelable HalErrorCode {
+ /* Success */
+ const int NO_ERROR = 0;
+
+ /* Generic error */
+ const int GENERIC_ERROR = -1;
+
+ /* Desired operation cannot be performed because of the server current state */
+ const int BAD_STATE = -2;
+
+ /* Operation or parameters are not supported by the server */
+ const int UNSUPPORTED = -3;
+
+ /* Error encountered when parsing parameters */
+ const int SERIALIZATION_ERROR = -4;
+
+ /* Server ran out of memory when performing operation */
+ const int ALLOCATION_ERROR = -5;
+
+ /* Bad parameter supplied for the desired operation */
+ const int BAD_PARAMETER = -7;
+
+ /* Caller is not authorized to make this call */
+ const int UNAUTHORIZED = -8;
+ }
+ /**
+ * Result returned from the getPendingHdcpLevelResult API.
+ */
+ parcelable PendingHdcpLevelResult {
+ enum Status {
+ /**
+ * No pending HdcpLevel request
+ */
+ NONE,
+ /**
+ * a HdcpLevel request is pending, its level is provided in the
+ * |level| attribute
+ */
+ PENDING,
+ }
+ Status status;
+ android.hardware.drm.HdcpLevel level;
+ }
+
+ /**
+ * Return the currently negotiated and max supported HDCP levels.
+ *
+ * The current level is based on the display(s) the device is connected to.
+ * If multiple HDCP-capable displays are simultaneously connected to
+ * separate interfaces, this method returns the lowest negotiated HDCP level
+ * of all interfaces.
+ *
+ * The maximum HDCP level is the highest level that can potentially be
+ * negotiated. It is a constant for any device, i.e. it does not depend on
+ * downstream receiving devices that could be connected. For example, if
+ * the device has HDCP 1.x keys and is capable of negotiating HDCP 1.x, but
+ * does not have HDCP 2.x keys, then the maximum HDCP capability would be
+ * reported as 1.x. If multiple HDCP-capable interfaces are present, it
+ * indicates the highest of the maximum HDCP levels of all interfaces.
+ *
+ * This method should only be used for informational purposes, not for
+ * enforcing compliance with HDCP requirements. Trusted enforcement of HDCP
+ * policies must be handled by the DRM system.
+ *
+ * @return HdcpLevels parcelable
+ */
+ android.hardware.drm.HdcpLevels getHdcpLevels();
+
+ /**
+ * Attempts to set the device's HDCP auth level to |level|.
+ *
+ * @param level: desired HDCP level
+ *
+ * @return:
+ * a service specific error based on <code>HalErrorCode</code>,
+ * specifically:
+ * + BAD_PARAMETER: when HDCP_UNKNOWN is requested
+ * + UNSUPPORTED: when |level| is greater than the MaxLevel supported
+ * + BAD_STATE: when the HDCP's service currentLevel is HDCP_NO_OUTPUT
+ *
+ */
+ void trySetHdcpLevel(in android.hardware.drm.HdcpLevel level);
+
+ /**
+ * Retrieve the pending level currently being processed by the HDCP service.
+ * The pending HDCP protection level might be higher than the level initially
+ * requested. This can occur when multiple applications or services are
+ * using HDCP concurrently, and a higher level is needed to satisfy
+ * all requirements.
+ *
+ * @return:
+ * PendingHdcpLevelResult on success, which contains a status
+ * and an optional level; on error a service specific error based on
+ * <code>HalErrorCode</code> otherwise.
+ *
+ */
+ PendingHdcpLevelResult getPendingHdcpLevel();
+}
diff --git a/security/see/hdcp/aidl/trusty/drm/rust/rules.mk b/security/see/hdcp/aidl/trusty/drm/rust/rules.mk
new file mode 100644
index 0000000..742b6ab
--- /dev/null
+++ b/security/see/hdcp/aidl/trusty/drm/rust/rules.mk
@@ -0,0 +1,39 @@
+# Copyright (C) 2024 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+AIDL_DIR := hardware/interfaces/drm/aidl
+
+MODULE_AIDL_FLAGS := \
+ --stability=vintf \
+ --version=1 \
+
+MODULE_CRATE_NAME := android_hardware_drm
+
+MODULE_AIDL_LANGUAGE := rust
+
+MODULE_AIDL_PACKAGE := android/hardware/drm
+
+MODULE_AIDL_INCLUDES := \
+ -I $(AIDL_DIR) \
+
+MODULE_AIDLS := \
+ $(AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/HdcpLevel.aidl \
+ $(AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/HdcpLevels.aidl \
+
+include make/aidl.mk
diff --git a/security/see/hdcp/aidl/trusty/hdcp/rust/rules.mk b/security/see/hdcp/aidl/trusty/hdcp/rust/rules.mk
new file mode 100644
index 0000000..beab655
--- /dev/null
+++ b/security/see/hdcp/aidl/trusty/hdcp/rust/rules.mk
@@ -0,0 +1,47 @@
+# Copyright (C) 2024 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+AIDL_DIR := hardware/interfaces/security/see/hdcp/aidl
+DRM_AIDL_DIR := hardware/interfaces/drm/aidl
+
+MODULE_AIDL_FLAGS := \
+ --mockall \
+ --version=1 \
+
+MODULE_CRATE_NAME := android_hardware_security_see_hdcp
+
+MODULE_AIDL_LANGUAGE := rust
+
+MODULE_AIDL_PACKAGE := android/hardware/security/see/hdcp
+
+MODULE_AIDL_INCLUDES := \
+ -I $(AIDL_DIR) \
+ -I $(DRM_AIDL_DIR) \
+
+MODULE_AIDLS := \
+ $(AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/IHdcpAuthControl.aidl \
+
+MODULE_AIDL_RUST_DEPS := \
+ android_hardware_drm
+
+MODULE_LIBRARY_DEPS := \
+ hardware/interfaces/security/see/hdcp/aidl/trusty/drm/rust \
+ $(call FIND_CRATE,mockall) \
+
+include make/aidl.mk
diff --git a/security/see/hdcp/aidl/vts/Android.bp b/security/see/hdcp/aidl/vts/Android.bp
new file mode 100644
index 0000000..eadb9cd
--- /dev/null
+++ b/security/see/hdcp/aidl/vts/Android.bp
@@ -0,0 +1,36 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["Android-Apache-2.0"],
+ default_team: "trendy_team_trusty",
+}
+
+rust_test {
+ name: "VtsAidlHdcpNonExistentTest",
+ srcs: ["src/host_test.rs"],
+ require_root: true,
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ rustlibs: [
+ "libbinder_rs",
+ ],
+}
diff --git a/security/see/hdcp/aidl/vts/src/host_test.rs b/security/see/hdcp/aidl/vts/src/host_test.rs
new file mode 100644
index 0000000..f64de20
--- /dev/null
+++ b/security/see/hdcp/aidl/vts/src/host_test.rs
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Test for asserting the non-existence of an IHdcpAuthControl.aidl
+
+#![cfg(test)]
+
+use binder;
+
+const HDCP_INTERFACE_NAME: &str = "android.hardware.security.see.hdcp.IHdcpAuthControl";
+
+#[test]
+fn test_hdcp_auth_control_non_existence() {
+ let hdcp_instances = match binder::get_declared_instances(HDCP_INTERFACE_NAME) {
+ Ok(vec) => vec,
+ Err(e) => {
+ panic!("failed to retrieve the declared interfaces for HdcpAuthControl: {:?}", e);
+ }
+ };
+ assert!(hdcp_instances.is_empty());
+}