Merge "Create vendor apex for cuttlefish audio and audio effect" into main
diff --git a/compatibility_matrices/compatibility_matrix.202404.xml b/compatibility_matrices/compatibility_matrix.202404.xml
index 4498f90..490498e 100644
--- a/compatibility_matrices/compatibility_matrix.202404.xml
+++ b/compatibility_matrices/compatibility_matrix.202404.xml
@@ -1,5 +1,5 @@
<compatibility-matrix version="1.0" type="framework" level="202404">
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.audio.core</name>
<version>1-2</version>
<interface>
@@ -18,7 +18,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.audio.effect</name>
<version>1-2</version>
<interface>
@@ -26,7 +26,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.audio.sounddose</name>
<version>1-2</version>
<interface>
@@ -34,7 +34,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.authsecret</name>
<version>1</version>
<interface>
@@ -42,7 +42,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.audiocontrol</name>
<version>2-4</version>
<interface>
@@ -50,7 +50,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.can</name>
<version>1</version>
<interface>
@@ -58,7 +58,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.evs</name>
<version>1-2</version>
<interface>
@@ -66,7 +66,7 @@
<regex-instance>[a-z]+/[0-9]+</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.occupant_awareness</name>
<version>1</version>
<interface>
@@ -74,7 +74,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.vehicle</name>
<version>1-2</version>
<interface>
@@ -82,21 +82,21 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.remoteaccess</name>
<interface>
<name>IRemoteAccess</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.automotive.ivn</name>
<interface>
<name>IIvnAndroidDevice</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.biometrics.face</name>
<version>3</version>
<interface>
@@ -104,7 +104,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.biometrics.fingerprint</name>
<version>3</version>
<interface>
@@ -113,14 +113,14 @@
<instance>virtual</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.bluetooth</name>
<interface>
<name>IBluetoothHci</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.bluetooth.audio</name>
<version>3-4</version>
<interface>
@@ -128,7 +128,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.bluetooth.ranging</name>
<version>1</version>
<interface>
@@ -136,7 +136,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.bluetooth.finder</name>
<version>1</version>
<interface>
@@ -144,7 +144,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.bluetooth.lmp_event</name>
<version>1</version>
<interface>
@@ -152,21 +152,21 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.boot</name>
<interface>
<name>IBootControl</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.broadcastradio</name>
<interface>
<name>IBroadcastRadio</name>
<regex-instance>.*</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.camera.provider</name>
<version>1-2</version>
<interface>
@@ -174,14 +174,14 @@
<regex-instance>[^/]+/[0-9]+</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.cas</name>
<interface>
<name>IMediaCasService</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.confirmationui</name>
<version>1</version>
<interface>
@@ -189,7 +189,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.contexthub</name>
<version>2</version>
<interface>
@@ -197,7 +197,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.drm</name>
<version>1</version>
<interface>
@@ -205,14 +205,14 @@
<regex-instance>.*</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.dumpstate</name>
<interface>
<name>IDumpstateDevice</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.gatekeeper</name>
<version>1</version>
<interface>
@@ -220,7 +220,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.gnss</name>
<version>2-3</version>
<interface>
@@ -228,7 +228,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.graphics.allocator</name>
<version>1-2</version>
<interface>
@@ -236,7 +236,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.graphics.composer3</name>
<version>2</version>
<interface>
@@ -245,7 +245,7 @@
</interface>
</hal>
<!-- Either the native or the HIDL mapper HAL must exist on the device -->
- <hal format="hidl" optional="true">
+ <hal format="hidl">
<name>android.hardware.graphics.mapper</name>
<version>4.0</version>
<interface>
@@ -253,7 +253,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.health</name>
<version>3</version>
<interface>
@@ -261,7 +261,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.health.storage</name>
<version>1</version>
<interface>
@@ -269,7 +269,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.identity</name>
<version>1-5</version>
<interface>
@@ -277,14 +277,14 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.net.nlinterceptor</name>
<interface>
<name>IInterceptor</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.oemlock</name>
<version>1</version>
<interface>
@@ -292,7 +292,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.ir</name>
<version>1</version>
<interface>
@@ -300,7 +300,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.input.processor</name>
<version>1</version>
<interface>
@@ -308,7 +308,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.security.secretkeeper</name>
<version>1</version>
<interface>
@@ -317,7 +317,7 @@
<instance>nonsecure</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.keymint</name>
<version>1-3</version>
<interface>
@@ -326,7 +326,7 @@
<instance>strongbox</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.keymint</name>
<version>1-3</version>
<interface>
@@ -335,7 +335,7 @@
<instance>strongbox</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.light</name>
<version>2</version>
<interface>
@@ -343,7 +343,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="hidl" optional="true">
+ <hal format="hidl">
<name>android.hardware.media.c2</name>
<version>1.0-2</version>
<interface>
@@ -353,7 +353,7 @@
<regex-instance>vendor[0-9]*_software</regex-instance>
</interface>
</hal>
- <hal format="hidl" optional="true">
+ <hal format="hidl">
<name>android.hardware.media.c2</name>
<version>1.0</version>
<interface>
@@ -362,7 +362,7 @@
<instance>software</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.media.c2</name>
<version>1</version>
<interface>
@@ -371,7 +371,7 @@
<regex-instance>vendor[0-9]*_software</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.memtrack</name>
<version>1</version>
<interface>
@@ -379,7 +379,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.neuralnetworks</name>
<version>1-4</version>
<interface>
@@ -387,14 +387,14 @@
<regex-instance>.*</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.nfc</name>
<interface>
<name>INfc</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.power</name>
<version>4</version>
<interface>
@@ -402,7 +402,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.power.stats</name>
<version>2</version>
<interface>
@@ -410,7 +410,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.config</name>
<version>2</version>
<interface>
@@ -418,7 +418,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.data</name>
<version>2</version>
<interface>
@@ -428,7 +428,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.messaging</name>
<version>2</version>
<interface>
@@ -438,7 +438,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.modem</name>
<version>2</version>
<interface>
@@ -448,7 +448,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.network</name>
<version>2</version>
<interface>
@@ -458,7 +458,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.sim</name>
<version>2</version>
<interface>
@@ -468,7 +468,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.sap</name>
<version>1</version>
<interface>
@@ -478,7 +478,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.voice</name>
<version>2</version>
<interface>
@@ -488,7 +488,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.ims</name>
<version>1</version>
<interface>
@@ -498,7 +498,7 @@
<instance>slot3</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.radio.ims.media</name>
<version>1</version>
<interface>
@@ -506,7 +506,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.rebootescrow</name>
<version>1</version>
<interface>
@@ -514,7 +514,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.secure_element</name>
<version>1</version>
<interface>
@@ -523,7 +523,7 @@
<regex-instance>SIM[1-9][0-9]*</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.authgraph</name>
<version>1</version>
<interface>
@@ -531,7 +531,7 @@
<instance>nonsecure</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.secureclock</name>
<version>1</version>
<interface>
@@ -539,7 +539,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.sharedsecret</name>
<version>1</version>
<interface>
@@ -548,7 +548,7 @@
<instance>strongbox</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.sensors</name>
<version>2</version>
<interface>
@@ -556,7 +556,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.soundtrigger3</name>
<version>1-2</version>
<interface>
@@ -564,7 +564,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.tetheroffload</name>
<version>1</version>
<interface>
@@ -572,7 +572,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.thermal</name>
<version>1</version>
<interface>
@@ -580,7 +580,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.threadnetwork</name>
<version>1</version>
<interface>
@@ -588,7 +588,7 @@
<regex-instance>chip[0-9]+</regex-instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.threadnetwork</name>
<version>1</version>
<interface>
@@ -596,7 +596,7 @@
<instance>chip0</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.tv.hdmi.cec</name>
<version>1</version>
<interface>
@@ -604,7 +604,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.tv.hdmi.earc</name>
<version>1</version>
<interface>
@@ -612,7 +612,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.tv.hdmi.connection</name>
<version>1</version>
<interface>
@@ -620,7 +620,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.tv.tuner</name>
<version>1-2</version>
<interface>
@@ -628,7 +628,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.tv.input</name>
<version>1</version>
<interface>
@@ -636,7 +636,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.usb</name>
<version>1-2</version>
<interface>
@@ -644,14 +644,14 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.usb.gadget</name>
<interface>
<name>IUsbGadget</name>
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.vibrator</name>
<version>1-2</version>
<interface>
@@ -659,7 +659,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.vibrator</name>
<version>1-2</version>
<interface>
@@ -667,7 +667,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.weaver</name>
<version>2</version>
<interface>
@@ -675,7 +675,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.wifi</name>
<version>1</version>
<interface>
@@ -683,7 +683,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true" updatable-via-apex="true">
+ <hal format="aidl" updatable-via-apex="true">
<name>android.hardware.uwb</name>
<version>1</version>
<interface>
@@ -691,7 +691,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.wifi.hostapd</name>
<version>1</version>
<interface>
@@ -699,7 +699,7 @@
<instance>default</instance>
</interface>
</hal>
- <hal format="aidl" optional="true">
+ <hal format="aidl">
<name>android.hardware.wifi.supplicant</name>
<version>2</version>
<interface>
@@ -708,7 +708,7 @@
</interface>
</hal>
<!-- Either the native or the HIDL mapper HAL must exist on the device -->
- <hal format="native" optional="true">
+ <hal format="native">
<name>mapper</name>
<version>5.0</version>
<interface>
diff --git a/health/OWNERS b/health/OWNERS
index 1d4d086..e540d55 100644
--- a/health/OWNERS
+++ b/health/OWNERS
@@ -1,6 +1,6 @@
# Bug component: 30545
apelosi@google.com
-elsk@google.com
+dvander@google.com
smoreland@google.com
wjack@google.com
diff --git a/radio/aidl/vts/radio_network_test.cpp b/radio/aidl/vts/radio_network_test.cpp
index a48abb8..0cb8ba7 100644
--- a/radio/aidl/vts/radio_network_test.cpp
+++ b/radio/aidl/vts/radio_network_test.cpp
@@ -733,7 +733,7 @@
ALOGI("setLinkCapacityReportingCriteria_invalidHysteresisDlKbps, rspInfo.error = %s\n",
toString(radioRsp_network->rspInfo.error).c_str());
- ASSERT_TRUE(CheckAnyOfErrors(radioRsp_network->rspInfo.error, {RadioError::INVALID_ARGUMENTS}));
+ ASSERT_TRUE(CheckAnyOfErrors(radioRsp_network->rspInfo.error, {RadioError::INVALID_ARGUMENTS, RadioError::REQUEST_NOT_SUPPORTED}));
}
/*
@@ -752,7 +752,7 @@
ALOGI("setLinkCapacityReportingCriteria_invalidHysteresisUlKbps, rspInfo.error = %s\n",
toString(radioRsp_network->rspInfo.error).c_str());
- ASSERT_TRUE(CheckAnyOfErrors(radioRsp_network->rspInfo.error, {RadioError::INVALID_ARGUMENTS}));
+ ASSERT_TRUE(CheckAnyOfErrors(radioRsp_network->rspInfo.error, {RadioError::INVALID_ARGUMENTS, RadioError::REQUEST_NOT_SUPPORTED}));
}
/*
@@ -770,7 +770,7 @@
ALOGI("setLinkCapacityReportingCriteria_emptyParams, rspInfo.error = %s\n",
toString(radioRsp_network->rspInfo.error).c_str());
- ASSERT_TRUE(CheckAnyOfErrors(radioRsp_network->rspInfo.error, {RadioError::NONE}));
+ ASSERT_TRUE(CheckAnyOfErrors(radioRsp_network->rspInfo.error, {RadioError::NONE, RadioError::REQUEST_NOT_SUPPORTED}));
}
/*
diff --git a/security/secretkeeper/aidl/vts/Android.bp b/security/secretkeeper/aidl/vts/Android.bp
index 720b8a2..9d1701a 100644
--- a/security/secretkeeper/aidl/vts/Android.bp
+++ b/security/secretkeeper/aidl/vts/Android.bp
@@ -18,6 +18,19 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
+rust_library {
+ name: "libsecretkeeper_test",
+ crate_name: "secretkeeper_test",
+ srcs: ["lib.rs"],
+ rustlibs: [
+ "libciborium",
+ "libcoset",
+ "libdiced_open_dice",
+ "liblog_rust",
+ "libsecretkeeper_client",
+ ],
+}
+
rust_test {
name: "VtsSecretkeeperTargetTest",
srcs: ["secretkeeper_test_client.rs"],
@@ -30,20 +43,40 @@
],
test_config: "AndroidTest.xml",
rustlibs: [
- "libdiced_open_dice",
- "libdice_policy",
- "libsecretkeeper_client",
- "libsecretkeeper_comm_nostd",
- "libsecretkeeper_core_nostd",
"android.hardware.security.secretkeeper-V1-rust",
"libauthgraph_boringssl",
"libauthgraph_core",
- "libcoset",
"libauthgraph_vts_test",
"libbinder_rs",
"libciborium",
"libcoset",
+ "libdice_policy",
"liblog_rust",
+ "libsecretkeeper_client",
+ "libsecretkeeper_comm_nostd",
+ "libsecretkeeper_core_nostd",
+ "libsecretkeeper_test",
],
require_root: true,
}
+
+rust_binary {
+ name: "secretkeeper_cli",
+ srcs: ["secretkeeper_cli.rs"],
+ lints: "android",
+ rlibs: [
+ "android.hardware.security.secretkeeper-V1-rust",
+ "libanyhow",
+ "libauthgraph_boringssl",
+ "libauthgraph_core",
+ "libbinder_rs",
+ "libclap",
+ "libcoset",
+ "libdice_policy",
+ "libhex",
+ "liblog_rust",
+ "libsecretkeeper_client",
+ "libsecretkeeper_comm_nostd",
+ "libsecretkeeper_test",
+ ],
+}
diff --git a/security/secretkeeper/aidl/vts/lib.rs b/security/secretkeeper/aidl/vts/lib.rs
new file mode 100644
index 0000000..9f98165
--- /dev/null
+++ b/security/secretkeeper/aidl/vts/lib.rs
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Test helper functions.
+
+pub mod dice_sample;
+
+// Constants for DICE map keys.
+
+/// Map key for authority hash.
+pub const AUTHORITY_HASH: i64 = -4670549;
+/// Map key for config descriptor.
+pub const CONFIG_DESC: i64 = -4670548;
+/// Map key for component name.
+pub const COMPONENT_NAME: i64 = -70002;
+/// Map key for component version.
+pub const COMPONENT_VERSION: i64 = -70003;
+/// Map key for security version.
+pub const SECURITY_VERSION: i64 = -70005;
+/// Map key for mode.
+pub const MODE: i64 = -4670551;
diff --git a/security/secretkeeper/aidl/vts/secretkeeper_cli.rs b/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
new file mode 100644
index 0000000..5f08482
--- /dev/null
+++ b/security/secretkeeper/aidl/vts/secretkeeper_cli.rs
@@ -0,0 +1,347 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Command line test tool for interacting with Secretkeeper.
+
+use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::{
+ ISecretkeeper::ISecretkeeper, SecretId::SecretId,
+};
+use anyhow::{anyhow, bail, Context, Result};
+use authgraph_boringssl::BoringSha256;
+use authgraph_core::traits::Sha256;
+use clap::{Args, Parser, Subcommand};
+use coset::CborSerializable;
+use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy, MissingAction};
+use secretkeeper_client::{dice::OwnedDiceArtifactsWithExplicitKey, SkSession};
+use secretkeeper_comm::data_types::{
+ error::SecretkeeperError,
+ packet::{ResponsePacket, ResponseType},
+ request::Request,
+ request_response_impl::{GetSecretRequest, GetSecretResponse, StoreSecretRequest},
+ response::Response,
+ {Id, Secret},
+};
+use secretkeeper_test::{
+ dice_sample::make_explicit_owned_dice, AUTHORITY_HASH, CONFIG_DESC, MODE, SECURITY_VERSION,
+};
+use std::io::Write;
+
+#[derive(Parser, Debug)]
+#[command(about = "Interact with Secretkeeper HAL")]
+#[command(version = "0.1")]
+#[command(propagate_version = true)]
+struct Cli {
+ #[command(subcommand)]
+ command: Command,
+
+ /// Secretkeeper instance to connect to.
+ #[arg(long, short)]
+ instance: Option<String>,
+
+ /// Security version in leaf DICE node.
+ #[clap(default_value_t = 100)]
+ #[arg(long, short = 'v')]
+ dice_version: u64,
+
+ /// Show hex versions of secrets and their IDs.
+ #[clap(default_value_t = false)]
+ #[arg(long, short = 'v')]
+ hex: bool,
+}
+
+#[derive(Subcommand, Debug)]
+enum Command {
+ /// Store a secret value.
+ Store(StoreArgs),
+ /// Get a secret value.
+ Get(GetArgs),
+ /// Delete a secret value.
+ Delete(DeleteArgs),
+ /// Delete all secret values.
+ DeleteAll(DeleteAllArgs),
+}
+
+#[derive(Args, Debug)]
+struct StoreArgs {
+ /// Identifier for the secret, as either a short (< 32 byte) string, or as 32 bytes of hex.
+ id: String,
+ /// Value to use as the secret value. If specified as 32 bytes of hex, the decoded value
+ /// will be used as-is; otherwise, a string (less than 31 bytes in length) will be encoded
+ /// as the secret.
+ value: String,
+}
+
+#[derive(Args, Debug)]
+struct GetArgs {
+ /// Identifier for the secret, as either a short (< 32 byte) string, or as 32 bytes of hex.
+ id: String,
+}
+
+#[derive(Args, Debug)]
+struct DeleteArgs {
+ /// Identifier for the secret, as either a short (< 32 byte) string, or as 32 bytes of hex.
+ id: String,
+}
+
+#[derive(Args, Debug)]
+struct DeleteAllArgs {
+ /// Confirm deletion of all secrets.
+ yes: bool,
+}
+
+const SECRETKEEPER_SERVICE: &str = "android.hardware.security.secretkeeper.ISecretkeeper";
+
+/// Secretkeeper client information.
+struct SkClient {
+ sk: binder::Strong<dyn ISecretkeeper>,
+ session: SkSession,
+ dice_artifacts: OwnedDiceArtifactsWithExplicitKey,
+}
+
+impl SkClient {
+ fn new(instance: &str, dice_artifacts: OwnedDiceArtifactsWithExplicitKey) -> Self {
+ let sk: binder::Strong<dyn ISecretkeeper> =
+ binder::get_interface(&format!("{SECRETKEEPER_SERVICE}/{instance}")).unwrap();
+ let session = SkSession::new(sk.clone(), &dice_artifacts).unwrap();
+ Self { sk, session, dice_artifacts }
+ }
+
+ fn secret_management_request(&mut self, req_data: &[u8]) -> Result<Vec<u8>> {
+ self.session
+ .secret_management_request(req_data)
+ .map_err(|e| anyhow!("secret management: {e:?}"))
+ }
+
+ /// Construct a sealing policy on the DICE chain with constraints:
+ /// 1. `ExactMatch` on `AUTHORITY_HASH` (non-optional).
+ /// 2. `ExactMatch` on `MODE` (non-optional).
+ /// 3. `GreaterOrEqual` on `SECURITY_VERSION` (optional).
+ fn sealing_policy(&self) -> Result<Vec<u8>> {
+ let dice =
+ self.dice_artifacts.explicit_key_dice_chain().context("extract explicit DICE chain")?;
+
+ let constraint_spec = [
+ ConstraintSpec::new(
+ ConstraintType::ExactMatch,
+ vec![AUTHORITY_HASH],
+ MissingAction::Fail,
+ ),
+ ConstraintSpec::new(ConstraintType::ExactMatch, vec![MODE], MissingAction::Fail),
+ ConstraintSpec::new(
+ ConstraintType::GreaterOrEqual,
+ vec![CONFIG_DESC, SECURITY_VERSION],
+ MissingAction::Ignore,
+ ),
+ ];
+ DicePolicy::from_dice_chain(dice, &constraint_spec)
+ .unwrap()
+ .to_vec()
+ .context("serialize DICE policy")
+ }
+
+ fn store(&mut self, id: &Id, secret: &Secret) -> Result<()> {
+ let store_request = StoreSecretRequest {
+ id: id.clone(),
+ secret: secret.clone(),
+ sealing_policy: self.sealing_policy().context("build sealing policy")?,
+ };
+ let store_request =
+ store_request.serialize_to_packet().to_vec().context("serialize StoreSecretRequest")?;
+
+ let store_response = self.secret_management_request(&store_request)?;
+ let store_response =
+ ResponsePacket::from_slice(&store_response).context("deserialize ResponsePacket")?;
+ let response_type = store_response.response_type().unwrap();
+ if response_type == ResponseType::Success {
+ Ok(())
+ } else {
+ let err = *SecretkeeperError::deserialize_from_packet(store_response).unwrap();
+ Err(anyhow!("STORE failed: {err:?}"))
+ }
+ }
+
+ fn get(&mut self, id: &Id) -> Result<Option<Secret>> {
+ let get_request = GetSecretRequest { id: id.clone(), updated_sealing_policy: None }
+ .serialize_to_packet()
+ .to_vec()
+ .context("serialize GetSecretRequest")?;
+
+ let get_response = self.secret_management_request(&get_request).context("secret mgmt")?;
+ let get_response =
+ ResponsePacket::from_slice(&get_response).context("deserialize ResponsePacket")?;
+
+ if get_response.response_type().unwrap() == ResponseType::Success {
+ let get_response = *GetSecretResponse::deserialize_from_packet(get_response).unwrap();
+ Ok(Some(Secret(get_response.secret.0)))
+ } else {
+ // Only expect a not-found failure.
+ let err = *SecretkeeperError::deserialize_from_packet(get_response).unwrap();
+ if err == SecretkeeperError::EntryNotFound {
+ Ok(None)
+ } else {
+ Err(anyhow!("GET failed: {err:?}"))
+ }
+ }
+ }
+
+ /// Helper method to delete secrets.
+ fn delete(&self, ids: &[&Id]) -> Result<()> {
+ let ids: Vec<SecretId> = ids.iter().map(|id| SecretId { id: id.0 }).collect();
+ self.sk.deleteIds(&ids).context("deleteIds")
+ }
+
+ /// Helper method to delete everything.
+ fn delete_all(&self) -> Result<()> {
+ self.sk.deleteAll().context("deleteAll")
+ }
+}
+
+/// Convert a string input into an `Id`. Input can be 64 bytes of hex, or a string
+/// that will be hashed to give the `Id` value. Returns the `Id` and a display string.
+fn string_to_id(s: &str, show_hex: bool) -> (Id, String) {
+ if let Ok(data) = hex::decode(s) {
+ if data.len() == 64 {
+ // Assume something that parses as 64 bytes of hex is it.
+ return (Id(data.try_into().unwrap()), s.to_string().to_lowercase());
+ }
+ }
+ // Create a secret ID by repeating the SHA-256 hash of the string twice.
+ let hash = BoringSha256.compute_sha256(s.as_bytes()).unwrap();
+ let mut id = Id([0; 64]);
+ id.0[..32].copy_from_slice(&hash);
+ id.0[32..].copy_from_slice(&hash);
+ if show_hex {
+ let hex_id = hex::encode(&id.0);
+ (id, format!("'{s}' (as {hex_id})"))
+ } else {
+ (id, format!("'{s}'"))
+ }
+}
+
+/// Convert a string input into a `Secret`. Input can be 32 bytes of hex, or a short string
+/// that will be encoded as the `Secret` value. Returns the `Secret` and a display string.
+fn value_to_secret(s: &str, show_hex: bool) -> Result<(Secret, String)> {
+ if let Ok(data) = hex::decode(s) {
+ if data.len() == 32 {
+ // Assume something that parses as 32 bytes of hex is it.
+ return Ok((Secret(data.try_into().unwrap()), s.to_string().to_lowercase()));
+ }
+ }
+ let data = s.as_bytes();
+ if data.len() > 31 {
+ return Err(anyhow!("secret too long"));
+ }
+ let mut secret = Secret([0; 32]);
+ secret.0[0] = data.len() as u8;
+ secret.0[1..1 + data.len()].copy_from_slice(data);
+ Ok(if show_hex {
+ let hex_secret = hex::encode(&secret.0);
+ (secret, format!("'{s}' (as {hex_secret})"))
+ } else {
+ (secret, format!("'{s}'"))
+ })
+}
+
+/// Convert a `Secret` into a displayable string. If the secret looks like an encoded
+/// string, show that, otherwise show the value in hex.
+fn secret_to_value_display(secret: &Secret, show_hex: bool) -> String {
+ let hex = hex::encode(&secret.0);
+ secret_to_value(secret)
+ .map(|s| if show_hex { format!("'{s}' (from {hex})") } else { format!("'{s}'") })
+ .unwrap_or_else(|_e| format!("{hex}"))
+}
+
+/// Attempt to convert a `Secret` back to a string.
+fn secret_to_value(secret: &Secret) -> Result<String> {
+ let len = secret.0[0] as usize;
+ if len > 31 {
+ return Err(anyhow!("too long"));
+ }
+ std::str::from_utf8(&secret.0[1..1 + len]).map(|s| s.to_string()).context("not UTF-8 string")
+}
+
+fn main() -> Result<()> {
+ let cli = Cli::parse();
+
+ // Figure out which Secretkeeper instance is desired, and connect to it.
+ let instance = if let Some(instance) = &cli.instance {
+ // Explicitly specified.
+ instance.clone()
+ } else {
+ // If there's only one instance, use that.
+ let instances: Vec<String> = binder::get_declared_instances(SECRETKEEPER_SERVICE)
+ .unwrap_or_default()
+ .into_iter()
+ .collect();
+ match instances.len() {
+ 0 => bail!("No Secretkeeper instances available on device!"),
+ 1 => instances[0].clone(),
+ _ => {
+ bail!(
+ concat!(
+ "Multiple Secretkeeper instances available on device: {}\n",
+ "Use --instance <instance> to specify one."
+ ),
+ instances.join(", ")
+ );
+ }
+ }
+ };
+ let dice = make_explicit_owned_dice(cli.dice_version);
+ let mut sk_client = SkClient::new(&instance, dice);
+
+ match cli.command {
+ Command::Get(args) => {
+ let (id, display_id) = string_to_id(&args.id, cli.hex);
+ print!("GET key {display_id}: ");
+ match sk_client.get(&id).context("GET") {
+ Ok(None) => println!("not found"),
+ Ok(Some(s)) => println!("{}", secret_to_value_display(&s, cli.hex)),
+ Err(e) => {
+ println!("failed!");
+ return Err(e);
+ }
+ }
+ }
+ Command::Store(args) => {
+ let (id, display_id) = string_to_id(&args.id, cli.hex);
+ let (secret, display_secret) = value_to_secret(&args.value, cli.hex)?;
+ println!("STORE key {display_id}: {display_secret}");
+ sk_client.store(&id, &secret).context("STORE")?;
+ }
+ Command::Delete(args) => {
+ let (id, display_id) = string_to_id(&args.id, cli.hex);
+ println!("DELETE key {display_id}");
+ sk_client.delete(&[&id]).context("DELETE")?;
+ }
+ Command::DeleteAll(args) => {
+ if !args.yes {
+ // Request confirmation.
+ println!("Confirm delete all secrets: [y/N]");
+ let _ = std::io::stdout().flush();
+ let mut input = String::new();
+ std::io::stdin().read_line(&mut input)?;
+ let c = input.chars().next();
+ if c != Some('y') && c != Some('Y') {
+ bail!("DELETE_ALL not confirmed");
+ }
+ }
+ println!("DELETE_ALL");
+ sk_client.delete_all().context("DELETE_ALL")?;
+ }
+ }
+ Ok(())
+}
diff --git a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
index 26fdb56..8c33f04 100644
--- a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
+++ b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
@@ -14,12 +14,6 @@
* limitations under the License.
*/
-#![cfg(test)]
-mod dice_sample;
-
-use crate::dice_sample::make_explicit_owned_dice;
-
-use rdroidtest_macro::{ignore_if, rdroidtest};
use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::ISecretkeeper;
use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::SecretId::SecretId;
use authgraph_vts_test as ag_vts;
@@ -27,6 +21,7 @@
use authgraph_core::key;
use coset::{CborSerializable, CoseEncrypt0};
use dice_policy::{ConstraintSpec, ConstraintType, DicePolicy, MissingAction};
+use rdroidtest::{ignore_if, rdroidtest};
use secretkeeper_client::dice::OwnedDiceArtifactsWithExplicitKey;
use secretkeeper_client::SkSession;
use secretkeeper_core::cipher;
@@ -38,6 +33,10 @@
use secretkeeper_comm::data_types::{Id, Secret, SeqNum};
use secretkeeper_comm::data_types::response::Response;
use secretkeeper_comm::data_types::packet::{ResponsePacket, ResponseType};
+use secretkeeper_test::{
+ AUTHORITY_HASH, MODE, CONFIG_DESC, SECURITY_VERSION,
+ dice_sample::make_explicit_owned_dice
+};
const SECRETKEEPER_SERVICE: &str = "android.hardware.security.secretkeeper.ISecretkeeper";
const CURRENT_VERSION: u64 = 1;
@@ -246,20 +245,15 @@
/// Construct a sealing policy on the dice chain. This method uses the following set of
/// constraints which are compatible with sample DICE chains used in VTS.
/// 1. ExactMatch on AUTHORITY_HASH (non-optional).
-/// 2. ExactMatch on KEY_MODE (non-optional).
+/// 2. ExactMatch on MODE (non-optional).
/// 3. GreaterOrEqual on SECURITY_VERSION (optional).
fn sealing_policy(dice: &[u8]) -> Vec<u8> {
- let authority_hash: i64 = -4670549;
- let key_mode: i64 = -4670551;
- let config_desc: i64 = -4670548;
- let security_version: i64 = -70005;
-
let constraint_spec = [
- ConstraintSpec::new(ConstraintType::ExactMatch, vec![authority_hash], MissingAction::Fail),
- ConstraintSpec::new(ConstraintType::ExactMatch, vec![key_mode], MissingAction::Fail),
+ ConstraintSpec::new(ConstraintType::ExactMatch, vec![AUTHORITY_HASH], MissingAction::Fail),
+ ConstraintSpec::new(ConstraintType::ExactMatch, vec![MODE], MissingAction::Fail),
ConstraintSpec::new(
ConstraintType::GreaterOrEqual,
- vec![config_desc, security_version],
+ vec![CONFIG_DESC, SECURITY_VERSION],
MissingAction::Ignore,
),
];
diff --git a/threadnetwork/aidl/vts/VtsHalThreadNetworkTargetTest.cpp b/threadnetwork/aidl/vts/VtsHalThreadNetworkTargetTest.cpp
index 5925b54..2f71b2f 100644
--- a/threadnetwork/aidl/vts/VtsHalThreadNetworkTargetTest.cpp
+++ b/threadnetwork/aidl/vts/VtsHalThreadNetworkTargetTest.cpp
@@ -87,11 +87,16 @@
}
TEST_P(ThreadNetworkAidl, Reset) {
+ ndk::ScopedAStatus status;
std::shared_ptr<ThreadChipCallback> callback =
ndk::SharedRefBase::make<ThreadChipCallback>([](auto /* data */) {});
EXPECT_TRUE(thread_chip->open(callback).isOk());
- EXPECT_TRUE(thread_chip->hardwareReset().isOk());
+ status = thread_chip->hardwareReset();
+ EXPECT_TRUE(status.isOk() || (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION));
+ if (status.getExceptionCode() == EX_UNSUPPORTED_OPERATION) {
+ GTEST_SKIP() << "Hardware reset is not supported";
+ }
}
TEST_P(ThreadNetworkAidl, SendSpinelFrame) {