Merge "Remove Secure Storage AIDL tamper and A/B update" into main

package android.hardware.security.see.storage;

/** Determines how early during the boot process file is able to be accessed. */

enum FileAvailability {

enum Availability {

    /** Available before userdata is mounted, but after android has booted. */

    BEFORE_USERDATA,

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.see.storage;

import android.hardware.security.see.storage.ReadIntegrity;

parcelable DeleteOptions {

    /**

     * Set to acknowledge possible files tampering.

     *

     * If unacknowledged tampering is detected, the operation will fail with an ERR_FS_*

     * service-specific code.

     */

    ReadIntegrity readIntegrity = ReadIntegrity.NO_TAMPER;

    /**

     * Allow writes to succeed while the filesystem is in the middle of an A/B update.

     *

     * If the A/B update fails, the operation will be rolled back. This rollback will not

     * cause subsequent operations fail with any ERR_FS_* code nor will need to be

     * acknowledged by setting the `readIntegrity`.

     */

    boolean allowWritesDuringAbUpdate = false;

}

 */

package android.hardware.security.see.storage;

import android.hardware.security.see.storage.FileAvailability;

import android.hardware.security.see.storage.FileIntegrity;

import android.hardware.security.see.storage.Availability;

import android.hardware.security.see.storage.Integrity;

parcelable FileProperties {

    FileIntegrity integrity = FileIntegrity.TAMPER_PROOF_AT_REST;

    FileAvailability availability = FileAvailability.BEFORE_USERDATA;

/**

 * Specifies minimum security requirements for a Secure Storage filesystem.

 */

parcelable Filesystem {

    Integrity integrity = Integrity.TAMPER_PROOF_AT_REST;

    Availability availability = Availability.BEFORE_USERDATA;

    /** Whether the file is reset when user data is wiped. */

    /**

     * Whether the file is reset on factory resets. Factory resets will not be reported as

     * tampering.

     */

    boolean persistent;

}

     *     less than or equal to @maxCount.

     *

     * May return service-specific errors:

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the `readIntegrity` the

     *       dir was opened with does not acknowledge

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the session did not

     *       acknowledge

     */

    @utf8InCpp String[] readNextFilenames(int maxCount);

}

     *     the sequence of bytes at [offset, offset + size) in the file

     *

     * May return service-specific errors:

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the `readIntegrity` the

     *       file was opened with does not acknowledge

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the session did not

     *       acknowledge

     */

    byte[] read(long size, long offset);

     *     the number of bytes written successfully

     *

     * May return service-specific errors:

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the `readIntegrity` the

     *       file was opened with does not acknowledge

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the session did not

     *       acknowledge

     */

    long write(long offset, in byte[] buffer);

     * Reads this file's size.

     *

     * May return service-specific errors:

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the `readIntegrity` the

     *       file was opened with does not acknowledge

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the session did not

     *       acknowledge

     */

    long getSize();

     *     the file's new size

     *

     * May return service-specific errors:

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the `readIntegrity` the

     *       file was opened with does not acknowledge

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the session did not

     *       acknowledge

     */

    void setSize(long newSize);

     *   - ERR_NOT_FOUND if no file exists at @destPath and @destCreateMode is `NO_CREATE`

     *   - ERR_ALREADY_EXISTS if a file already exists at @destPath and @destCreateMode is

     *       `CREATE_EXCLUSIVE`

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the `readIntegrity` the

     *       file was opened with does not acknowledge

     *   - ERR_FS_* if the filesystem has been tampered with in a way that the session did not

     *       acknowledge

     */

    void rename(in @utf8InCpp String destPath, in CreationMode destCreateMode);

}