Merge "Do not require fs-verity built-in signature"
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
index 1e6d4dc..e3961da 100644
--- a/keystore2/aidl/Android.bp
+++ b/keystore2/aidl/Android.bp
@@ -128,7 +128,7 @@
name: "android.security.maintenance",
srcs: [ "android/security/maintenance/*.aidl" ],
imports: [
- "android.system.keystore2-V2",
+ "android.system.keystore2-V3",
],
unstable: true,
backend: {
@@ -167,7 +167,7 @@
name: "android.security.metrics",
srcs: [ "android/security/metrics/*.aidl" ],
imports: [
- "android.system.keystore2-V2",
+ "android.system.keystore2-V3",
],
unstable: true,
backend: {
@@ -184,29 +184,68 @@
},
}
+// java_defaults that includes the latest Keystore2 AIDL library.
+// Modules that depend on KeyMint directly can include this java_defaults to avoid
+// managing dependency versions explicitly.
+java_defaults {
+ name: "keystore2_use_latest_aidl_java_static",
+ static_libs: [
+ "android.system.keystore2-V3-java-source"
+ ],
+}
+
+java_defaults {
+ name: "keystore2_use_latest_aidl_java_shared",
+ libs: [
+ "android.system.keystore2-V3-java-source"
+ ],
+}
+
+java_defaults {
+ name: "keystore2_use_latest_aidl_java",
+ libs: [
+ "android.system.keystore2-V3-java"
+ ],
+}
+
// cc_defaults that includes the latest Keystore2 AIDL library.
// Modules that depend on KeyMint directly can include this cc_defaults to avoid
// managing dependency versions explicitly.
cc_defaults {
name: "keystore2_use_latest_aidl_ndk_static",
static_libs: [
- "android.system.keystore2-V2-ndk",
+ "android.system.keystore2-V3-ndk",
],
}
cc_defaults {
name: "keystore2_use_latest_aidl_ndk_shared",
shared_libs: [
- "android.system.keystore2-V2-ndk",
+ "android.system.keystore2-V3-ndk",
],
}
+cc_defaults {
+ name: "keystore2_use_latest_aidl_cpp_shared",
+ shared_libs: [
+ "android.system.keystore2-V3-cpp",
+ ],
+}
+
+cc_defaults {
+ name: "keystore2_use_latest_aidl_cpp_static",
+ static_libs: [
+ "android.system.keystore2-V3-cpp",
+ ],
+}
+
+
// A rust_defaults that includes the latest Keystore2 AIDL library.
// Modules that depend on Keystore2 directly can include this rust_defaults to avoid
// managing dependency versions explicitly.
rust_defaults {
name: "keystore2_use_latest_aidl_rust",
rustlibs: [
- "android.system.keystore2-V2-rust",
+ "android.system.keystore2-V3-rust",
],
}
diff --git a/keystore2/android.system.keystore2-service.xml b/keystore2/android.system.keystore2-service.xml
index 20c2fba..45f995c 100644
--- a/keystore2/android.system.keystore2-service.xml
+++ b/keystore2/android.system.keystore2-service.xml
@@ -1,7 +1,7 @@
<manifest version="1.0" type="framework">
<hal format="aidl">
<name>android.system.keystore2</name>
- <version>2</version>
+ <version>3</version>
<interface>
<name>IKeystoreService</name>
<instance>default</instance>
diff --git a/keystore2/src/km_compat/lib.rs b/keystore2/src/km_compat/lib.rs
index 13f7760..2632ec4 100644
--- a/keystore2/src/km_compat/lib.rs
+++ b/keystore2/src/km_compat/lib.rs
@@ -450,6 +450,10 @@
)));
assert!(sec_level_enforced.iter().any(|kp| matches!(
kp,
+ KeyParameter { tag: Tag::VENDOR_PATCHLEVEL, value: KeyParameterValue::Integer(_) }
+ )));
+ assert!(sec_level_enforced.iter().any(|kp| matches!(
+ kp,
KeyParameter { tag: Tag::BOOT_PATCHLEVEL, value: KeyParameterValue::Integer(_) }
)));
}