Snap for 8242241 from 6d1224944a2ea1b6a84b92a6f827b4e654c6e82d to tm-d1-release (4e7b1974) · Commits · e / os / android_hardware_interfaces

camera/device/3.7/ICameraInjectionSession.hal

+4 −1

Original line number	Diff line number	Diff line
		@@ -24,7 +24,10 @@ import @3.6::HalStreamConfiguration;
		import @3.7::ICameraDeviceSession;

		/**
		* Injection Camera device active session interface.
		* Injection camera device active session interface.
		*
		* Note that this is implemented on a special camera injection hal, if it is a
		* general camera hal, it is not necessary to implement this interface.
		*
		* When an external camera is injected to replace the internal camera session, the
		* injection session will be established in camera framework, and then

current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -910,5 +910,6 @@ f767a132ef28275294db15353f14f3876a4048770751931a77d038d4228f2cb7 android.hardwar
		d0fb32f3ddeb9af7115ab32905225ea69b930d2472be8e9610f0cf136c15aefb android.hardware.keymaster@4.0::IKeymasterDevice # b/210424594
		ca62a2a95d173ed323309e5e00f653ad3cceec82a6e5e4976a249cb5aafe2515 android.hardware.neuralnetworks@1.2::types
		fa76bced6b1b71c40fc706c508a9011284c57f57831cd0cf5f45653ed4ea463e android.hardware.neuralnetworks@1.3::types
		700d9de9b47984898789f5706e59285ea6fe83aa5744dccf8491c4b881033ae7 android.hardware.camera.device@3.7::ICameraInjectionSession

		# There should be no more HIDL HALs - please use AIDL instead.

graphics/composer/aidl/vts/VtsHalGraphicsComposer3_ReadbackTest.cpp

+4 −1

Original line number	Diff line number	Diff line
		@@ -1051,7 +1051,10 @@ class GraphicsBlendModeCompositionTest
		SetUpBase(std::get<0>(GetParam()));
		// TODO(b/219590743) we should remove the below SRGB color mode
		// once we have the BlendMode test fix for all the versions of the ColorMode
		mTestColorModes = {ColorMode::SRGB};
		mTestColorModes.erase(
		std::remove_if(mTestColorModes.begin(), mTestColorModes.end(),
		[](ColorMode mode) { return mode != ColorMode::SRGB; }),
		mTestColorModes.end());
		mBackgroundColor = BLACK;
		mTopLayerColor = RED;
		}

security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

+29 −14

Original line number	Diff line number	Diff line
		@@ -185,6 +185,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParam<std::
		provisionable_ = IRemotelyProvisionedComponent::fromBinder(binder);
		}
		ASSERT_NE(provisionable_, nullptr);
		ASSERT_TRUE(provisionable_->getHardwareInfo(&rpcHardwareInfo).isOk());
		}

		static vector<string> build_params() {
		@@ -194,6 +195,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParam<std::

		protected:
		std::shared_ptr<IRemotelyProvisionedComponent> provisionable_;
		RpcHardwareInfo rpcHardwareInfo;
		};

		/**
		@@ -357,11 +359,10 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) {
		class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		protected:
		CertificateRequestTest() : eekId_(string_to_bytevec("eekid")), challenge_(randomBytes(32)) {
		generateTestEekChain(3);
		}

		void generateTestEekChain(size_t eekLength) {
		auto chain = generateEekChain(eekLength, eekId_);
		auto chain = generateEekChain(rpcHardwareInfo.supportedEekCurve, eekLength, eekId_);
		EXPECT_TRUE(chain) << chain.message();
		if (chain) testEekChain_ = chain.moveValue();
		testEekLength_ = eekLength;
		@@ -382,6 +383,17 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		}
		}

		ErrMsgOr<bytevec> getSessionKey(ErrMsgOr<std::pair<bytevec, bytevec>>& senderPubkey) {
		if (rpcHardwareInfo.supportedEekCurve == RpcHardwareInfo::CURVE_25519 \|\|
		rpcHardwareInfo.supportedEekCurve == RpcHardwareInfo::CURVE_NONE) {
		return x25519_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey,
		senderPubkey->first, false /* senderIsA */);
		} else {
		return ECDH_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey,
		senderPubkey->first, false /* senderIsA */);
		}
		}

		void checkProtectedData(const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,
		const bytevec& keysToSignMac, const ProtectedData& protectedData,
		std::vector<BccEntryData>* bccOutput = nullptr) {
		@@ -394,9 +406,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		ASSERT_TRUE(senderPubkey) << senderPubkey.message();
		EXPECT_EQ(senderPubkey->second, eekId_);

		auto sessionKey =
		x25519_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey,
		senderPubkey->first, false /* senderIsA */);
		auto sessionKey = getSessionKey(senderPubkey);
		ASSERT_TRUE(sessionKey) << sessionKey.message();

		auto protectedDataPayload =
		@@ -406,7 +416,8 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		auto [parsedPayload, __, payloadErrMsg] = cppbor::parse(*protectedDataPayload);
		ASSERT_TRUE(parsedPayload) << "Failed to parse payload: " << payloadErrMsg;
		ASSERT_TRUE(parsedPayload->asArray());
		EXPECT_EQ(parsedPayload->asArray()->size(), 2U);
		// Strongbox may contain additional certificate chain.
		EXPECT_LE(parsedPayload->asArray()->size(), 3U);

		auto& signedMac = parsedPayload->asArray()->get(0);
		auto& bcc = parsedPayload->asArray()->get(1);
		@@ -566,6 +577,7 @@ TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) {
		bytevec keysToSignMac;
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		generateTestEekChain(3);
		auto status = provisionable_->generateCertificateRequest(
		testMode, {} /* keysToSign */, testEekChain_.chain, challenge_, &deviceInfo,
		&protectedData, &keysToSignMac);
		@@ -605,8 +617,8 @@ TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_prodMode) {
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		auto status = provisionable_->generateCertificateRequest(
		testMode, {} /* keysToSign */, getProdEekChain(), challenge_, &deviceInfo,
		&protectedData, &keysToSignMac);
		testMode, {} /* keysToSign */, getProdEekChain(rpcHardwareInfo.supportedEekCurve),
		challenge_, &deviceInfo, &protectedData, &keysToSignMac);
		EXPECT_TRUE(status.isOk());
		}

		@@ -646,8 +658,8 @@ TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) {
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		auto status = provisionable_->generateCertificateRequest(
		testMode, keysToSign_, getProdEekChain(), challenge_, &deviceInfo, &protectedData,
		&keysToSignMac);
		testMode, keysToSign_, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_,
		&deviceInfo, &protectedData, &keysToSignMac);
		EXPECT_TRUE(status.isOk());
		}

		@@ -662,6 +674,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) {
		bytevec keysToSignMac;
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		generateTestEekChain(3);
		auto status = provisionable_->generateCertificateRequest(
		testMode, {keyWithCorruptMac}, testEekChain_.chain, challenge_, &deviceInfo,
		&protectedData, &keysToSignMac);
		@@ -681,8 +694,8 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_prodMode) {
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		auto status = provisionable_->generateCertificateRequest(
		testMode, {keyWithCorruptMac}, getProdEekChain(), challenge_, &deviceInfo,
		&protectedData, &keysToSignMac);
		testMode, {keyWithCorruptMac}, getProdEekChain(rpcHardwareInfo.supportedEekCurve),
		challenge_, &deviceInfo, &protectedData, &keysToSignMac);
		ASSERT_FALSE(status.isOk()) << status.getMessage();
		EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_INVALID_MAC);
		}
		@@ -695,7 +708,7 @@ TEST_P(CertificateRequestTest, NonEmptyCorruptEekRequest_prodMode) {
		bool testMode = false;
		generateKeys(testMode, 4 /* numKeys */);

		auto prodEekChain = getProdEekChain();
		auto prodEekChain = getProdEekChain(rpcHardwareInfo.supportedEekCurve);
		auto [parsedChain, _, parseErr] = cppbor::parse(prodEekChain);
		ASSERT_NE(parsedChain, nullptr) << parseErr;
		ASSERT_NE(parsedChain->asArray(), nullptr);
		@@ -726,7 +739,7 @@ TEST_P(CertificateRequestTest, NonEmptyIncompleteEekRequest_prodMode) {

		// Build an EEK chain that omits the first self-signed cert.
		auto truncatedChain = cppbor::Array();
		auto [chain, _, parseErr] = cppbor::parse(getProdEekChain());
		auto [chain, _, parseErr] = cppbor::parse(getProdEekChain(rpcHardwareInfo.supportedEekCurve));
		ASSERT_TRUE(chain);
		auto eekChain = chain->asArray();
		ASSERT_NE(eekChain, nullptr);
		@@ -754,6 +767,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_prodKeyInTestCert) {
		bytevec keysToSignMac;
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		generateTestEekChain(3);
		auto status = provisionable_->generateCertificateRequest(
		true /* testMode */, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo,
		&protectedData, &keysToSignMac);
		@@ -772,6 +786,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testKeyInProdCert) {
		bytevec keysToSignMac;
		DeviceInfo deviceInfo;
		ProtectedData protectedData;
		generateTestEekChain(3);
		auto status = provisionable_->generateCertificateRequest(
		false /* testMode */, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo,
		&protectedData, &keysToSignMac);

security/keymint/support/Android.bp

+7 −0

Original line number	Diff line number	Diff line
		@@ -60,11 +60,15 @@ cc_library {
		export_include_dirs: [
		"include",
		],
		defaults: [
		"keymint_use_latest_hal_aidl_ndk_shared",
		],
		shared_libs: [
		"libbase",
		"libcppbor_external",
		"libcppcose_rkp",
		"libcrypto",
		"libkeymaster_portable",
		"libjsoncpp",
		],
		}
		@@ -76,6 +80,9 @@ cc_test {
		"libgmock",
		"libgtest_main",
		],
		defaults: [
		"keymint_use_latest_hal_aidl_ndk_shared",
		],
		shared_libs: [
		"libbase",
		"libcppbor_external",