Merge "Create Secure Storage AIDL interface" into main

package {

    default_applicable_licenses: ["hardware_interfaces_license"],

}

aidl_interface {

    name: "android.hardware.security.see.storage",

    unstable: true,

    host_supported: true,

    srcs: [

        "android/hardware/security/see/storage/*.aidl",

    ],

    backend: {

        java: {

            enabled: false,

        },

        cpp: {

            enabled: true,

        },

        ndk: {

            enabled: true,

        },

        rust: {

            enabled: true,

        },

    },

}

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.see.storage;

enum CreationMode {

    /** Returns an error if the file does not already exist. */

    NO_CREATE,

    /** Creates the file or returns an error if it already exists. */

    CREATE_EXCLUSIVE,

    /** Creates the file if it does not already exist. */

    CREATE,

}

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.see.storage;

import android.hardware.security.see.storage.ReadIntegrity;

parcelable DeleteOptions {

    /**

     * Set to acknowledge possible files tampering.

     *

     * If unacknowledged tampering is detected, the operation will fail with an ERR_FS_*

     * service-specific code.

     */

    ReadIntegrity readIntegrity = ReadIntegrity.NO_TAMPER;

    /**

     * Allow writes to succeed while the filesystem is in the middle of an A/B update.

     *

     * If the A/B update fails, the operation will be rolled back. This rollback will not

     * cause subsequent operations fail with any ERR_FS_* code nor will need to be

     * acknowledged by setting the `readIntegrity`.

     */

    boolean allowWritesDuringAbUpdate = false;

}

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.see.storage;

/** Determines how early during the boot process file is able to be accessed. */

enum FileAvailability {

    /** Available before userdata is mounted, but after android has booted. */

    BEFORE_USERDATA,

    /** Available after userdata is mounted. */

    AFTER_USERDATA,

}

/*

 * Copyright 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.see.storage;

enum FileIntegrity {

    /** REE may prevent operations, but cannot alter data once written. */

    TAMPER_PROOF_AT_REST,

    /**

     * REE may alter written data, but changes will be detected and reported as

     * an error on read.

     */

    TAMPER_DETECT,

    /**

     * REE may alter written data. Changes other than full filesystem resets will be detected and

     * reported.

     */

    TAMPER_DETECT_IGNORE_RESET,

}