Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / de7a266c9a49bcf1a583e99f73c6adb7a7d1f621^1..de7a266c9a49bcf1a583e99f73c6adb7a7d1f621 / .
commitde7a266c9a49bcf1a583e99f73c6adb7a7d1f621[log] [tgz]
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Nov 28 00:19:48 2024 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Nov 28 00:19:48 2024 +0000
treee409dd7e623a60a45eb0c938ea609e3239bdfed9
parent9ccd8b26311d75329c6d449dff3bbafd7cc9b06d [diff]
parente948872d49c1b48efd80b66677f78ab0c6ca27a8 [diff]
Snap for 12722466 from e948872d49c1b48efd80b66677f78ab0c6ca27a8 to 25Q1-release

Change-Id: If20544e27f70068f46f8d0d356d7b09f5d238b76

diff --git a/libutils/OWNERS b/libutils/OWNERS
index 40164aa..4ce6893 100644
--- a/libutils/OWNERS
+++ b/libutils/OWNERS

@@ -1 +1,2 @@
+shayba@google.com
 smoreland@google.com

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 1986374..060395d 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -997,16 +997,8 @@
     wait_for_prop apexd.status activated
     perform_apex_config
 
-    # See flag enable_system_aconfigd_rust, which toggles these processes.
-    exec_start aconfigd-mainline-init
     exec_start system_aconfigd_mainline_init
-
-    # system_aconfigd_socket_service is replacing aconfigd:
-    #   - A flag (enable_system_aconfigd_rust) toggles which socket executes.
-    #   - When enabled, aconfigd is a no-op, system_aconfigd_socket_service executes.
-    #   - Conversely, when disabled, aconfigd executes, and system_aconfigd_socket_service is a no-op.
     start system_aconfigd_socket_service
-    start aconfigd
 
     # Create directories for boot animation.
     mkdir /data/misc/bootanim 0755 system system

diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 5a1e420..8ebfc1a 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp

@@ -106,11 +106,11 @@
         "keymint/service.cpp",
     ],
     shared_libs: [
-        "android.hardware.security.keymint-V3-ndk",
+        "android.hardware.security.keymint-V4-ndk",
         "android.hardware.security.rkp-V3-ndk",
         "android.hardware.security.secureclock-V1-ndk",
         "android.hardware.security.sharedsecret-V1-ndk",
-        "lib_android_keymaster_keymint_utils_V3",
+        "lib_android_keymaster_keymint_utils",
         "libbase",
         "libbinder_ndk",
         "libhardware",
@@ -120,9 +120,10 @@
         "libtrusty",
         "libutils",
     ],
-    required: [
-        "android.hardware.hardware_keystore_V3.xml",
-    ],
+    required: select(release_flag("RELEASE_AIDL_USE_UNFROZEN"), {
+        true: ["android.hardware.hardware_keystore.xml"],
+        default: ["android.hardware.hardware_keystore_V3.xml"],
+    }),
 }
 
 prebuilt_etc {

diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
index b118a20..723229d 100644
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp

@@ -295,6 +295,13 @@
     return response;
 }
 
+SetAdditionalAttestationInfoResponse TrustyKeymaster::SetAdditionalAttestationInfo(
+        const SetAdditionalAttestationInfoRequest& request) {
+    SetAdditionalAttestationInfoResponse response(message_version());
+    ForwardCommand(KM_SET_ADDITIONAL_ATTESTATION_INFO, request, &response);
+    return response;
+}
+
 GetHwInfoResponse TrustyKeymaster::GetHwInfo() {
     GetHwInfoResponse response(message_version());
     ForwardCommand(KM_GET_HW_INFO, GetHwInfoRequest(message_version()), &response);

diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
index c8d8932..5e876d3 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h

@@ -85,6 +85,7 @@
     ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge,
                                  vector<uint8_t>* rootOfTrust) override;
     ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override;
+    ScopedAStatus setAdditionalAttestationInfo(const vector<KeyParameter>& info) override;
 
   protected:
     std::shared_ptr<TrustyKeymaster> impl_;

diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
index c50178b..65d7217 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h

@@ -70,6 +70,8 @@
     ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
             const ConfigureVendorPatchlevelRequest& request);
     GetRootOfTrustResponse GetRootOfTrust(const GetRootOfTrustRequest& request);
+    SetAdditionalAttestationInfoResponse SetAdditionalAttestationInfo(
+            const SetAdditionalAttestationInfoRequest& request);
     GetHwInfoResponse GetHwInfo();
 
     uint32_t message_version() const { return message_version_; }

diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index 822e933..721315d 100644
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h

@@ -62,6 +62,7 @@
     KM_GET_ROOT_OF_TRUST            = (34 << KEYMASTER_REQ_SHIFT),
     KM_GET_HW_INFO                  = (35 << KEYMASTER_REQ_SHIFT),
     KM_GENERATE_CSR_V2              = (36 << KEYMASTER_REQ_SHIFT),
+    KM_SET_ADDITIONAL_ATTESTATION_INFO = (37 << KEYMASTER_REQ_SHIFT),
 
     // Bootloader/provisioning calls.
     KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),

diff --git a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
index fec4c60..154597f 100644
--- a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp

@@ -349,4 +349,18 @@
     return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
 }
 
+ScopedAStatus TrustyKeyMintDevice::setAdditionalAttestationInfo(const vector<KeyParameter>& info) {
+    keymaster::SetAdditionalAttestationInfoRequest request(impl_->message_version());
+    request.info.Reinitialize(KmParamSet(info));
+
+    keymaster::SetAdditionalAttestationInfoResponse response =
+            impl_->SetAdditionalAttestationInfo(request);
+
+    if (response.error != KM_ERROR_OK) {
+        return kmError2ScopedAStatus(response.error);
+    } else {
+        return ScopedAStatus::ok();
+    }
+}
+
 }  // namespace aidl::android::hardware::security::keymint::trusty

diff --git a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
index 3dc9c88..f74d212 100644
--- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml

@@ -1,7 +1,7 @@
 <manifest version="1.0" type="device">
     <hal format="aidl">
         <name>android.hardware.security.keymint</name>
-        <version>3</version>
+        <version>4</version>
         <fqname>IKeyMintDevice/default</fqname>
     </hal>
     <hal format="aidl">