Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bdc9434b authored by Shawn Willden's avatar Shawn Willden Committed by android-build-merger
Browse files

Merge changes from topic "add-km-41" am: f66777ad am: 7f7e9608 

am: 78926e33

Change-Id: I7964555358e9150d58f53eb154ee7acf5eea1a78
parents d5800c9b 78926e33

compatibility_matrices/compatibility_matrix.current.xml

+2 −2
Original line number Diff line number Diff line
@@ -256,7 +256,7 @@ 
    <hal format="hidl" optional="false">

        <name>android.hardware.keymaster</name>

        <version>3.0</version>

        <version>4.0</version>

        <version>4.0-1</version>

        <interface>

            <name>IKeymasterDevice</name>

            <instance>default</instance>
@@ -264,7 +264,7 @@ 
    </hal>

    <hal format="hidl" optional="true">

        <name>android.hardware.keymaster</name>

        <version>4.0</version>

        <version>4.0-1</version>

        <interface>

            <name>IKeymasterDevice</name>

            <instance>strongbox</instance>

keymaster/4.1/Android.bp

0 → 100644
+19 −0
Original line number Diff line number Diff line 
// This file is autogenerated by hidl-gen -Landroidbp.



hidl_interface {

    name: "android.hardware.keymaster@4.1",

    root: "android.hardware",

    vndk: {

        enabled: true,

    },

    srcs: [

        "types.hal",

        "IKeymasterDevice.hal",

        "IOperation.hal",

    ],

    interfaces: [

        "android.hardware.keymaster@4.0",

        "android.hidl.base@1.0",

    ],

    gen_java: false,

}

keymaster/4.1/IKeymasterDevice.hal

0 → 100644
+70 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.hardware.keymaster@4.1;



import @4.0::ErrorCode;

import @4.0::HardwareAuthToken;

import @4.0::IKeymasterDevice;

import @4.0::KeyParameter;

import @4.0::KeyPurpose;

import @4.0::OperationHandle;

import IOperation;



/**

 * @4.1::IKeymasterDevice is a minor extension to @4.0::IKeymasterDevice.  It adds support for

 *

 * - Partial hardware enforcment of UNLOCKED_DEVICE_REQUIRED keys;

 * - Device-unique attestaion;

 * - Early boot only keys;

 * - Better cleanup of operations when clients die without completing or aborting them.

 */

interface IKeymasterDevice extends @4.0::IKeymasterDevice {

    /**

     * Called by client to notify the IKeymasterDevice that the device is now locked, and keys with

     * the UNLOCKED_DEVICE_REQUIRED tag should no longer be usable.  When this function is called,

     * the IKeymasterDevice should note the current timestamp, and attempts to use

     * UNLOCKED_DEVICE_REQUIRED keys must be rejected with Error::DEVICE_LOCKED until an

     * authentication token with a later timestamp is presented.  If the `passwordOnly' argument is

     * set to true the sufficiently-recent authentication token must indicate that the user

     * authenticated with a password, not a biometric.

     *

     * @param passwordOnly specifies whether the device must be unlocked with a password, rather

     * than a biometric, before UNLOCKED_DEVICE_REQUIRED keys can be used.

     */

    deviceLocked(bool passwordOnly) generates (ErrorCode error);



    /**

     * Called by client to notify the IKeymasterDevice that the device has left the early boot

     * state, and that keys with the EARLY_BOOT_ONLY tag may no longer be used.  All attempts to use

     * an EARLY_BOOT_ONLY key after this method is called must fail with Error::INVALID_KEY_BLOB.

     */

    earlyBootEnded() generates (ErrorCode error);



    /**

     * Begins a cryptographic operation.  beginOp() is a variation on begin().  beginOp() has

     * identical functionality to begin, but instead of an OperationHandle it returns an IOperation

     * object.  An IKeymasterDevice HAL service must call linkToDeath() on the Operation before

     * returning it, and the provided hidl_death_recipient, if called, must abort() the operation.

     * This is to ensure that in the event a client crashes while an operation is in progress, the

     * operation slot is freed and available for use by other clients.

     *

     * @4.1::IKeymasterDevices must implement both beginOp() and begin().

     */

    beginOp(KeyPurpose purpose, vec<uint8_t> keyBlob, vec<KeyParameter> inParams,

        HardwareAuthToken authToken)

        generates (ErrorCode error, vec<KeyParameter> outParam, IOperation operation);

};

keymaster/4.1/IOperation.hal

0 → 100644
+31 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.hardware.keymaster@4.1;



import @4.0::ErrorCode;

import @4.0::OperationHandle;



/**

 * IOperation represents an in-progress IKeymasterDevice operation.  It is returned by

 * IKeymasterDevice.beginOp().

 */

interface IOperation {

    /**

     * Returns the operation handle to be used as an authentication challenge.

     */

    getOperationChallenge() generates (ErrorCode error, OperationHandle operation);

};

keymaster/4.1/default/Android.bp

0 → 100644
+38 −0
Original line number Diff line number Diff line 
//

// Copyright (C) 2019 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//      http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.

//



cc_binary {

    name: "android.hardware.keymaster@4.1-service",

    defaults: ["hidl_defaults"],

    relative_install_path: "hw",

    vendor: true,

    init_rc: ["android.hardware.keymaster@4.1-service.rc"],

    srcs: ["service.cpp"],



    shared_libs: [

        "android.hardware.keymaster@4.0",

        "android.hardware.keymaster@4.1",

        "libbase",

        "libcutils",

        "libhardware",

        "libhidlbase",

        "libkeymaster4",

        "libkeymaster41",

        "liblog",

        "libutils",

    ],



}