Add authsecret AIDL interface am: 112fab25

aidl_interface {

    name: "android.hardware.authsecret",

    vendor_available: true,

    srcs: ["android/hardware/authsecret/*.aidl"],

    stability: "vintf",

    backend: {

        java: {

            platform_apis: true,

        },

        ndk: {

            vndk: {

                enabled: true,

            },

        },

    },

}

///////////////////////////////////////////////////////////////////////////////

// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //

///////////////////////////////////////////////////////////////////////////////

// This file is a snapshot of an AIDL file. Do not edit it manually. There are

// two cases:

// 1). this is a frozen version file - do not edit this in any case.

// 2). this is a 'current' file. If you make a backwards compatible change to

//     the interface (from the latest frozen version), the build system will

//     prompt you to update this file with `m <name>-update-api`.

//

// You must not make a backward incompatible change to any AIDL file built

// with the aidl_interface module type with versions property set. The module

// type is used to build AIDL files in a way that they can be used across

// independently updatable components of the system. If a device is shipped

// with such a backward incompatible change, it has a high risk of breaking

// later when a module using the interface is updated, e.g., Mainline modules.

package android.hardware.authsecret;

@VintfStability

interface IAuthSecret {

  oneway void setPrimaryUserCredential(in byte[] secret);

}

/*

 * Copyright 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.authsecret;

/**

 * This security HAL allows vendor components to be cryptographically tied to

 * the primary user's credential. For example, security hardware can require

 * proof that the credential is known before applying updates.

 *

 */

@VintfStability

interface IAuthSecret {

    /**

     * When the primary user is unlocked, this method is passed a secret to

     * prove that is has been successfully unlocked. The primary user can either

     * be unlocked by a person entering their credential or by another party

     * using an escrow token e.g. a device administrator.

     *

     * The first time this is called, the secret must be used to provision state

     * that depends on the primary user's secret. The same secret must be passed

     * on each call until the next factory reset.

     *

     * Upon factory reset, any dependence on the secret must be removed as that

     * secret is now lost and must never be derived again. A new secret must be

     * created for the new primary user which must be used to newly provision

     * state the first time this method is called after factory reset.

     *

     * The secret must be at least 16 bytes, or the secret must be dropped.

     *

     * @param secret blob derived from the primary user's credential.

     */

    oneway void setPrimaryUserCredential(in byte[] secret);

}

//

// Copyright (C) 2020 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//      http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.

//

cc_binary {

    name: "android.hardware.authsecret-service.example",

    relative_install_path: "hw",

    init_rc: ["android.hardware.authsecret-service.example.rc"],

    vintf_fragments: ["android.hardware.authsecret-service.example.xml"],

    vendor: true,

    srcs: [

        "service.cpp",

        "AuthSecret.cpp",

    ],

    shared_libs: [

        "android.hardware.authsecret-ndk_platform",

        "libbase",

        "libbinder_ndk",

    ],

}

/*

 * Copyright (C) 2018 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include "AuthSecret.h"

namespace aidl {

namespace android {

namespace hardware {

namespace authsecret {

// Methods from ::android::hardware::authsecret::IAuthSecret follow.

::ndk::ScopedAStatus AuthSecret::setPrimaryUserCredential(const std::vector<uint8_t>& in_secret) {

    (void)in_secret;

    return ::ndk::ScopedAStatus::ok();

}

} // namespace authsecret

} // namespace hardware

} // namespace android

} // aidl