Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f20fbe4 authored by Weston Carvalho's avatar Weston Carvalho Committed by Gerrit Code Review
Browse files

Merge "Create Secure Storage AIDL interface" into main

parents cc7c8516 b8d8740c
Loading
Loading
Loading
Loading
+26 −0
Original line number Original line Diff line number Diff line
package {
    default_applicable_licenses: ["hardware_interfaces_license"],
}

aidl_interface {
    name: "android.hardware.security.see.storage",
    unstable: true,
    host_supported: true,
    srcs: [
        "android/hardware/security/see/storage/*.aidl",
    ],
    backend: {
        java: {
            enabled: false,
        },
        cpp: {
            enabled: true,
        },
        ndk: {
            enabled: true,
        },
        rust: {
            enabled: true,
        },
    },
}
+27 −0
Original line number Original line Diff line number Diff line
/*
 * Copyright 2024 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.hardware.security.see.storage;

enum CreationMode {
    /** Returns an error if the file does not already exist. */
    NO_CREATE,

    /** Creates the file or returns an error if it already exists. */
    CREATE_EXCLUSIVE,

    /** Creates the file if it does not already exist. */
    CREATE,
}
+37 −0
Original line number Original line Diff line number Diff line
/*
 * Copyright 2024 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.hardware.security.see.storage;

import android.hardware.security.see.storage.ReadIntegrity;

parcelable DeleteOptions {
    /**
     * Set to acknowledge possible files tampering.
     *
     * If unacknowledged tampering is detected, the operation will fail with an ERR_FS_*
     * service-specific code.
     */
    ReadIntegrity readIntegrity = ReadIntegrity.NO_TAMPER;

    /**
     * Allow writes to succeed while the filesystem is in the middle of an A/B update.
     *
     * If the A/B update fails, the operation will be rolled back. This rollback will not
     * cause subsequent operations fail with any ERR_FS_* code nor will need to be
     * acknowledged by setting the `readIntegrity`.
     */
    boolean allowWritesDuringAbUpdate = false;
}
+25 −0
Original line number Original line Diff line number Diff line
/*
 * Copyright 2024 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.hardware.security.see.storage;

/** Determines how early during the boot process file is able to be accessed. */
enum FileAvailability {
    /** Available before userdata is mounted, but after android has booted. */
    BEFORE_USERDATA,

    /** Available after userdata is mounted. */
    AFTER_USERDATA,
}
+33 −0
Original line number Original line Diff line number Diff line
/*
 * Copyright 2024 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package android.hardware.security.see.storage;

enum FileIntegrity {
    /** REE may prevent operations, but cannot alter data once written. */
    TAMPER_PROOF_AT_REST,

    /**
     * REE may alter written data, but changes will be detected and reported as
     * an error on read.
     */
    TAMPER_DETECT,

    /**
     * REE may alter written data. Changes other than full filesystem resets will be detected and
     * reported.
     */
    TAMPER_DETECT_IGNORE_RESET,
}
Loading