Snap for 6984833 from a27def9b to sc-release

# ABI preserving changes to HALs during Android S

1ca372cd67d197df099e87616a613ba6ede6552638a603e18f86c8834302c3d1 android.hardware.gnss@1.0::IGnssMeasurementCallback

6a271e493907e8ba20912e42771bd0d99ae45431a851d5675ef9496d02510a34 android.hardware.gnss@1.1::IGnssMeasurementCallback

2c331a9605f3a08d9c1e0a36169ca57758bc43c11a78ef3f3730509885e52c15 android.hardware.graphics.composer@2.4::IComposerClient

3da3ce039247872d95c6bd48621dbfdfa1c2d2a91a90f257862f87ee2bc46300 android.hardware.health@2.1::types

cd84ab19c590e0e73dd2307b591a3093ee18147ef95e6d5418644463a6620076 android.hardware.neuralnetworks@1.2::IDevice

9625e85f56515ad2cf87b6a1847906db669f746ea4ab02cd3d4ca25abc9b0109 android.hardware.neuralnetworks@1.2::types

cc_library {

    name: "android.hardware.graphics.composer@2.1-resources",

    system_ext_specific: true,

    defaults: ["hidl_defaults"],

    vendor_available: true,

    shared_libs: [

        /**

         * The configuration group ID (as int32_t) this config is associated to.

         * Switching between configurations within the same group may be done seamlessly

         * in some conditions via setActiveConfigWithConstraints.

         * in some conditions via setActiveConfigWithConstraints. Configurations which

         * share the same config group are similar in all attributes except for the

         * vsync period.

         */

        CONFIG_GROUP = 7,

    };

     * This method may only be called once per instance. If called more than once, STATUS_FAILED

     * will be returned.

     *

     * @return the unencrypted key-pair in PKCS#8 format.

     * @return the private key, in DER format as specified in RFC 5915.

     */

    byte[] createEphemeralKeyPair();

     * The setRequestedNamespaces() and setVerificationToken() methods will be called before

     * this method is called.

     *

     * This method be called after createEphemeralKeyPair(), setReaderEphemeralPublicKey(),

     * createAuthChallenge() and before startRetrieveEntry(). This method call is followed by

     * multiple calls of startRetrieveEntryValue(), retrieveEntryValue(), and finally

     * finishRetrieval().

     * This method is called after createEphemeralKeyPair(), setReaderEphemeralPublicKey(),

     * createAuthChallenge() (note that those calls are optional) and before startRetrieveEntry().

     * This method call is followed by multiple calls of startRetrieveEntryValue(),

     * retrieveEntryValue(), and finally finishRetrieval().

     *

     * It is permissible to perform data retrievals multiple times using the same instance (e.g.

     * startRetrieval(), then multiple calls of startRetrieveEntryValue(), retrieveEntryValue(),

     *

     *  - signature: must be set to ECDSA.

     *

     *  - subject: CN shall be set to "Android Identity Credential Authentication Key".

     *  - subject: CN shall be set to "Android Identity Credential Authentication Key". (fixed

     *    value: same on all certs)

     *

     *  - issuer: shall be set to "credentialStoreName (credentialStoreAuthorName)" using the

     *    values returned in HardwareInformation.

     *  - issuer: CN shall be set to "Android Identity Credential Key". (fixed value:

     *    same on all certs)

     *

     *  - validity: should be from current time and one year in the future.

     *  - validity: should be from current time and one year in the future (365 days).

     *

     *  - subjectPublicKeyInfo: must contain attested public key.

     *

     *

     *  - signature: must be set to ECDSA.

     *

     *  - subject: CN shall be set to "Android Identity Credential Key".

     *  - subject: CN shall be set to "Android Identity Credential Key". (fixed value:

     *    same on all certs)

     *

     *  - issuer: shall be set to "credentialStoreName (credentialStoreAuthorName)" using the

     *    values returned in HardwareInformation.

     *  - issuer: Same as the subject field of the batch attestation key.

     *

     *  - validity: should be from current time and expire at the same time as the

     *  - validity: Should be set to current time and expire at the same time as the

     *    attestation batch certificate used.

     *

     *  - subjectPublicKeyInfo: must contain attested public key.

     *

     *  - The attestationSecurityLevel field must be set to either Software (0),

     *    TrustedEnvironment (1), or StrongBox (2) depending on how attestation is

     *    implemented. Only the default AOSP implementation of this HAL may use

     *    value 0 (additionally, this implementation must not be used on production

     *    devices).

     *    implemented.

     *

     *  - The keymasterVersion field in the attestation extension must be set to (10*major + minor)

     *    where major and minor are the Identity Credential interface major and minor versions.

     *    Specifically for this version of the interface (1.0) this value is 10.

     *  - The keymasterVersion field in the attestation extension must be set to the.

     *    same value as used for Android Keystore keys.

     *

     *  - The keymasterSecurityLevel field in the attestation extension must be set to

     *    either Software (0), TrustedEnvironment (1), or StrongBox (2) depending on how

     *    the Trusted Application backing the HAL implementation is implemented. Only

     *    the default AOSP implementation of this HAL may use value 0 (additionally, this

     *    implementation must not be used on production devices)

     *    the Trusted Application backing the HAL implementation is implemented.

     *

     *  - The attestationChallenge field must be set to the passed-in challenge.

     *

     *

     *    - Tag::IDENTITY_CREDENTIAL_KEY which indicates that the key is an Identity

     *      Credential key (which can only sign/MAC very specific messages) and not an Android

     *      Keystore key (which can be used to sign/MAC anything).

     *      Keystore key (which can be used to sign/MAC anything). This must not be set

     *      for test credentials.

     *

     *    - Tag::PURPOSE must be set to SIGN

     *

     *

     *    - Tag::EC_CURVE must be set to P_256

     *

     * Additional authorizations may be needed in the softwareEnforced and teeEnforced

     * fields - the above is not an exhaustive list. Specifically, authorizations containing

     * information about the root of trust, OS version, verified boot state, and so on should

     * be included.

     *    - Tag::ROOT_OF_TRUST must be set

     *

     *    - Tag::OS_VERSION and Tag::OS_PATCHLEVEL must be set

     *

     * Additional authorizations may be appear in the softwareEnforced and teeEnforced

     * fields. For example if the device has a boot or vendor partitions, then BOOT_PATCHLEVEL

     * and VENDOR_PATCHLEVEL should be set.

     *

     * Since the chain is required to be generated using Keymaster Attestation, the returned

     * certificate chain has the following properties:

     * As with any user of attestation, the Issuing Authority (as a relying party) wishing

     * to issue a credential to a device using these APIs, must carefully examine the

     * returned certificate chain for all of the above (and more). In particular, the Issuing

     * Authority should check the root of trust, verified boot state, patch level,

     * application id, etc.

     * Authority should check the root of trust (which include verified boot state), patch level,

     * attestation application id, etc.

     *

     * This all depends on the needs of the Issuing Authority and the kind of credential but

     * in general an Issuing Authority should never issue a credential to a device without