Add cellular cryptography transparency HALs

Adds cellular cryptography transparency HALs:
- IRadioNetwork.setSecurityAlgorithmsUpdatedEnabled enables reporting
  of security algorithm updates from the modem via the new indication
  API IRadioNetworkIndication.securityAlgorithmsUpdated (default
  enabled)
- IRadioNetwork.isSecurityAlgorithmsUpdatedEnabled queries if the
  updates are enabled.
- Indication API: IRadioNetworkIndication.securityAlgorithmsUpdated
- Additionally, we introduce ConnectionEvent, SecurityAlgorithm, and
  SecurityAlgorithmUpdate to encapsulate relevant data from the modem.

Bug: b/283336425
Test: m
Change-Id: Icc3acd84edb210f8d885eea6e0f40aedbc586b1b

radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/ConnectionEvent.aidl

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.radio.network;
+/* @hide */
+@Backing(type="int") @JavaDerive(toString=true) @VintfStability
+enum ConnectionEvent {
+  CS_SERVICE_GSM = 0,
+  SIGNALLING_GSM = 1,
+  PS_SERVICE_GPRS = 2,
+  SIGNALLING_GPRS = 3,
+  PS_SERVICE_3G = 4,
+  SIGNALLING_3G = 5,
+  NAS_SIGNALLING_LTE = 6,
+  AS_SIGNALLING_LTE = 7,
+  VOLTE_SIP = 8,
+  VOLTE_RTP = 9,
+  NAS_SIGNALLING_5G = 10,
+  AS_SIGNALLING_5G = 11,
+  VONR_SIP = 12,
+  VONR_RTP = 13,
+}

radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetwork.aidl

@@ -84,4 +84,6 @@ interface IRadioNetwork {
   oneway void setN1ModeEnabled(in int serial, boolean enable);
   oneway void isCellularIdentifierTransparencyEnabled(in int serial);
   oneway void setCellularIdentifierTransparencyEnabled(in int serial, in boolean enabled);
+  oneway void setSecurityAlgorithmsUpdatedEnabled(in int serial, boolean enable);
+  oneway void isSecurityAlgorithmsUpdatedEnabled(in int serial);
 }

radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetworkIndication.aidl

@@ -51,4 +51,5 @@ interface IRadioNetworkIndication {
   oneway void voiceRadioTechChanged(in android.hardware.radio.RadioIndicationType type, in android.hardware.radio.RadioTechnology rat);
   oneway void emergencyNetworkScanResult(in android.hardware.radio.RadioIndicationType type, in android.hardware.radio.network.EmergencyRegResult result);
   oneway void cellularIdentifierDisclosed(in android.hardware.radio.RadioIndicationType type, in android.hardware.radio.network.CellularIdentifierDisclosure disclosure);
+  oneway void securityAlgorithmsUpdated(in android.hardware.radio.RadioIndicationType type, in android.hardware.radio.network.SecurityAlgorithmUpdate securityAlgorithmUpdate);
 }

radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetworkResponse.aidl

@@ -83,4 +83,6 @@ interface IRadioNetworkResponse {
   oneway void setN1ModeEnabledResponse(in android.hardware.radio.RadioResponseInfo info);
   oneway void isCellularIdentifierTransparencyEnabledResponse(in android.hardware.radio.RadioResponseInfo info, boolean isEnabled);
   oneway void setCellularIdentifierTransparencyEnabledResponse(in android.hardware.radio.RadioResponseInfo info);
+  oneway void setSecurityAlgorithmsUpdatedEnabledResponse(in android.hardware.radio.RadioResponseInfo info);
+  oneway void isSecurityAlgorithmsUpdatedEnabledResponse(in android.hardware.radio.RadioResponseInfo info, in boolean isEnabled);
 }

radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/SecurityAlgorithm.aidl

@@ -0,0 +1,80 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.radio.network;
+/* @hide */
+@Backing(type="int") @JavaDerive(toString=true) @VintfStability
+enum SecurityAlgorithm {
+  A50 = 0,
+  A51 = 1,
+  A52 = 2,
+  A53 = 3,
+  A54 = 4,
+  GEA0 = 14,
+  GEA1 = 15,
+  GEA2 = 16,
+  GEA3 = 17,
+  GEA4 = 18,
+  GEA5 = 19,
+  UEA0 = 29,
+  UEA1 = 30,
+  UEA2 = 31,
+  EEA0 = 41,
+  EEA1 = 42,
+  EEA2 = 43,
+  EEA3 = 44,
+  EEA4_ZUC = 45,
+  NEA0 = 55,
+  NEA1 = 56,
+  NEA2 = 57,
+  NEA3 = 58,
+  SIP_NULL = 68,
+  AES_GCM = 69,
+  AES_GMAC = 70,
+  AES_CBC = 71,
+  DES_EDE3_CBC = 72,
+  AES_EDE3_CBC = 73,
+  HMAC_SHA1_96 = 74,
+  HMAC_SHA1_96_null = 75,
+  HMAC_MD5_96 = 76,
+  HMAC_MD5_96_null = 77,
+  SRTP_AES_COUNTER = 87,
+  SRTP_AES_F8 = 88,
+  SRTP_HMAC_SHA1 = 89,
+  ENCR_AES_GCM_16 = 99,
+  ENCR_AES_CBC = 100,
+  AUTH_HMAC_SHA2_256_128 = 101,
+  UNKNOWN = 113,
+  OTHER = 114,
+  ORYX = 124,
+}

radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/SecurityAlgorithmUpdate.aidl

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.radio.network;
+/* @hide */
+@JavaDerive(toString=true) @VintfStability
+parcelable SecurityAlgorithmUpdate {
+  android.hardware.radio.network.ConnectionEvent connectionEvent;
+  android.hardware.radio.network.SecurityAlgorithm encryption;
+  android.hardware.radio.network.SecurityAlgorithm integrity;
+  boolean isUnprotectedEmergency;
+}

radio/aidl/android/hardware/radio/network/ConnectionEvent.aidl

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.radio.network;
+
+/**
+ * See IRadioNetwork.securityAlgorithmsUpdated for more details.
+ *
+ * @hide
+ */
+@VintfStability
+@Backing(type="int")
+@JavaDerive(toString=true)
+enum ConnectionEvent {
+    // 2G GSM
+    CS_SERVICE_GSM = 0,
+    SIGNALLING_GSM = 1,
+
+    // 2G GPRS packet services
+    PS_SERVICE_GPRS = 2,
+    SIGNALLING_GPRS = 3,
+
+    // 3G packet services
+    PS_SERVICE_3G = 4,
+    SIGNALLING_3G = 5,
+
+    // 4G LTE packet services
+    NAS_SIGNALLING_LTE = 6,
+    AS_SIGNALLING_LTE = 7,
+
+    // VoLTE
+    VOLTE_SIP = 8,
+    VOLTE_RTP = 9,
+
+    // 5G packet services
+    NAS_SIGNALLING_5G = 10,
+    AS_SIGNALLING_5G = 11,
+
+    // VoNR
+    VONR_SIP = 12,
+    VONR_RTP = 13,
+}

radio/aidl/android/hardware/radio/network/IRadioNetwork.aidl

@@ -655,6 +655,8 @@ oneway interface IRadioNetwork {
      * @param serial Serial number of request
      *
      * Response callback is IRadioNetworkResponse.isCellularIdentifierTransparencyEnabledResponse
+     *
+     * This is available when android.hardware.telephony.access is defined.
      */
     void isCellularIdentifierTransparencyEnabled(in int serial);
 
@@ -683,6 +685,36 @@ oneway interface IRadioNetwork {
      *         clear
      *
      * Response function is IRadioNetworkResponse.setCellularIdentifierTransparencyEnabledResponse
+     *
+     * This is available when android.hardware.telephony.access is defined.
      */
     void setCellularIdentifierTransparencyEnabled(in int serial, in boolean enabled);
+
+    /**
+     * Enables or disables security algorithm update reports via indication API
+     * {@link IRadioNetworkIndication.securityAlgorithmsUpdated()}.
+     *
+     * Note: The default value shall be enabled.
+     *
+     * @param serial Serial number of request.
+     * @param enable {@code true} to enable security algorithm update reports, {@code false} to
+     *         disable.
+     *
+     * Response function is IRadioNetworkResponse.setSecurityAlgorithmsUpdatedEnabledResponse()
+     *
+     * This is available when android.hardware.telephony.access is defined.
+     */
+    void setSecurityAlgorithmsUpdatedEnabled(in int serial, boolean enable);
+
+    /**
+     * Checks whether security algorithm update reports are enabled via indication API
+     * {@link IRadioNetworkIndication.securityAlgorithmsUpdated()}.
+     *
+     * @param serial Serial number of request.
+     *
+     * Response function is IRadioNetworkResponse.isSecurityAlgorithmsUpdatedEnabledResponse()
+     *
+     * This is available when android.hardware.telephony.access is defined.
+     */
+    void isSecurityAlgorithmsUpdatedEnabled(in int serial);
 }

radio/aidl/android/hardware/radio/network/IRadioNetworkIndication.aidl

@@ -27,6 +27,7 @@ import android.hardware.radio.network.LinkCapacityEstimate;
 import android.hardware.radio.network.NetworkScanResult;
 import android.hardware.radio.network.PhoneRestrictedState;
 import android.hardware.radio.network.PhysicalChannelConfig;
+import android.hardware.radio.network.SecurityAlgorithmUpdate;
 import android.hardware.radio.network.SignalStrength;
 import android.hardware.radio.network.SuppSvcNotification;
 
@@ -209,16 +210,16 @@ oneway interface IRadioNetworkIndication {
      * A non-exhaustive list of when this method should be called follows:
      *
      * - If a device attempts an IMSI attach to the network.
-     * - If a device includes an IMSI in the IDENTITY_RESPONSE message on the NAS and a security context
-     * has not yet been established.
+     * - If a device includes an IMSI in the IDENTITY_RESPONSE message on the NAS and a security
+     * context has not yet been established.
      * - If a device includes an IMSI in a DETACH_REQUEST message sent on the NAS and the message is
      * sent before a security context has been established.
-     * - If a device includes an IMSI in a TRACKING_AREA_UPDATE message sent on the NAS and the message
-     * is sent before a security context has been established.
+     * - If a device includes an IMSI in a TRACKING_AREA_UPDATE message sent on the NAS and the
+     * message is sent before a security context has been established.
      * - If a device uses a 2G network to send a LOCATION_UPDATE_REQUEST message on the NAS that
      * includes an IMSI or IMEI.
-     * - If a device uses a 2G network to send a AUTHENTICATION_AND_CIPHERING_RESPONSE message on the
-     * NAS and the message includes an IMEISV.
+     * - If a device uses a 2G network to send a AUTHENTICATION_AND_CIPHERING_RESPONSE message on
+     * the NAS and the message includes an IMEISV.
      *
      * @param type Type of radio indication
      * @param disclosure A CellularIdentifierDisclosure as specified by
@@ -227,4 +228,24 @@ oneway interface IRadioNetworkIndication {
      */
     void cellularIdentifierDisclosed(
             in RadioIndicationType type, in CellularIdentifierDisclosure disclosure);
+
+    /*
+     * Indicates that a new ciphering or integrity algorithm was used for a particular voice,
+     * signaling, or data connection attempt for a given PLMN and/or access network. Due to
+     * power concerns, once a connection type has been reported on, follow-up reports about that
+     * connection type are only generated if there is any change to the previously reported
+     * encryption or integrity. Thus the AP is only to be notified when there is new information.
+     * List is reset upon rebooting thus info about initial connections is always passed to the
+     * AP after a reboot. List is also reset if the SIM is changed or if there has been a change
+     * in the access network.
+     *
+     * Note: a change only in cell ID should not trigger an update, as the design is intended to
+     * be agnostic to dual connectivity ("secondary serving cells").
+     *
+     * @param type Type of radio indication
+     * @param securityAlgorithmUpdate SecurityAlgorithmUpdate encapsulates details of security
+     *         algorithm updates
+     */
+    void securityAlgorithmsUpdated(
+            in RadioIndicationType type, in SecurityAlgorithmUpdate securityAlgorithmUpdate);
 }

radio/aidl/android/hardware/radio/network/IRadioNetworkResponse.aidl

@@ -752,6 +752,8 @@ oneway interface IRadioNetworkResponse {
      * @param isEnabled Indicates whether cellular identifier transparency is enabled or not.
      *
      * Valid errors returned:
+     *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.radio.access is not
+     *                                    defined
      *   RadioError:NONE
      *   RadioError:RADIO_NOT_AVAILABLE
      *   RadioError:INTERNAL_ERR
@@ -765,10 +767,43 @@ oneway interface IRadioNetworkResponse {
      * @param info Response info struct containing response type, serial no. and error.
      *
      * Valid errors returned:
+     *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.radio.access is not
+     *                                    defined
      *   RadioError:NONE
      *   RadioError:RADIO_NOT_AVAILABLE
      *   RadioError:INTERNAL_ERR
      *   RadioError:INVALID_STATE
      */
     void setCellularIdentifierTransparencyEnabledResponse(in RadioResponseInfo info);
+
+    /**
+     * Response of setSecurityAlgorithmsUpdatedEnabled.
+     *
+     * @param info Response info struct containing response type, serial no. and error.
+     *
+     * Valid errors returned:
+     *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.radio.access is not
+     *                                    defined
+     *   RadioError:NONE
+     *   RadioError:RADIO_NOT_AVAILABLE
+     *   RadioError:INTERNAL_ERR
+     *   RadioError:INVALID_STATE
+     */
+    void setSecurityAlgorithmsUpdatedEnabledResponse(in RadioResponseInfo info);
+
+    /**
+     * Response of isSecurityAlgorithmsUpdatedEnabled.
+     *
+     * @param info Response info struct containing response type, serial no. and error.
+     * @param isEnabled Indicates whether cellular ciphering transparency is enabled or not.
+     *
+     * Valid errors returned:
+     *   RadioError:REQUEST_NOT_SUPPORTED when android.hardware.telephony.radio.access is not
+     *                                    defined
+     *   RadioError:NONE
+     *   RadioError:RADIO_NOT_AVAILABLE
+     *   RadioError:INTERNAL_ERR
+     */
+    void isSecurityAlgorithmsUpdatedEnabledResponse(
+            in RadioResponseInfo info, in boolean isEnabled);
 }

radio/aidl/android/hardware/radio/network/SecurityAlgorithm.aidl

@@ -0,0 +1,91 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.radio.network;
+
+/**
+ * See IRadioNetwork.securityAlgorithmsUpdated for more details.
+ *
+ * @hide
+ */
+@VintfStability
+@Backing(type="int")
+@JavaDerive(toString=true)
+enum SecurityAlgorithm {
+    // GSM CS services (3GPP TS 43.020)
+    A50 = 0,
+    A51 = 1,
+    A52 = 2,
+    A53 = 3,
+    A54 = 4,
+
+    // GPRS PS services (3GPP TS 43.020)
+    // These also refer to the respective integrity counterparts.
+    // E.g. GEA1 = GIA1
+    GEA0 = 14,
+    GEA1 = 15,
+    GEA2 = 16,
+    GEA3 = 17,
+    GEA4 = 18,
+    GEA5 = 19,
+
+    // 3G PS/CS services (3GPP TS 33.102)
+    UEA0 = 29,
+    UEA1 = 30,
+    UEA2 = 31,
+
+    // 4G PS services & 5G NSA (3GPP TS 33.401)
+    EEA0 = 41,
+    EEA1 = 42,
+    EEA2 = 43,
+    EEA3 = 44,
+    EEA4_ZUC = 45,
+
+    // 5G PS services (3GPP TS 33.401 for 5G NSA and 3GPP TS 33.501 for 5G SA)
+    NEA0 = 55,
+    NEA1 = 56,
+    NEA2 = 57,
+    NEA3 = 58,
+
+    // SIP layer security (See 3GPP TS 33.203)
+    SIP_NULL = 68,
+    AES_GCM = 69,
+    AES_GMAC = 70,
+    AES_CBC = 71,
+    DES_EDE3_CBC = 72,
+    AES_EDE3_CBC = 73,
+    HMAC_SHA1_96 = 74,
+    HMAC_SHA1_96_null = 75,
+    HMAC_MD5_96 = 76,
+    HMAC_MD5_96_null = 77,
+
+    // RTP (see 3GPP TS 33.328)
+    SRTP_AES_COUNTER = 87,
+    SRTP_AES_F8 = 88,
+    SRTP_HMAC_SHA1 = 89,
+
+    // ePDG (3GPP TS 33.402)
+    ENCR_AES_GCM_16 = 99,
+    ENCR_AES_CBC = 100,
+    AUTH_HMAC_SHA2_256_128 = 101,
+
+    /** Unknown */
+    UNKNOWN = 113,
+    OTHER = 114,
+
+    /** For proprietary algorithms */
+    ORYX = 124,
+}

radio/aidl/android/hardware/radio/network/SecurityAlgorithmUpdate.aidl

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.radio.network;
+
+import android.hardware.radio.network.ConnectionEvent;
+import android.hardware.radio.network.SecurityAlgorithm;
+
+/**
+ * A single occurrence capturing a notable change to previously reported
+ * cryptography algorithms for a given network and network event.
+ *
+ * @hide
+ */
+@JavaDerive(toString=true)
+@VintfStability
+parcelable SecurityAlgorithmUpdate {
+    /**
+     * Type of connection event which is being reported on
+     */
+    ConnectionEvent connectionEvent;
+    /**
+     * Encryption algorithm which was used
+     */
+    SecurityAlgorithm encryption;
+    /**
+     * Integrity algorithm which was used
+     */
+    SecurityAlgorithm integrity;
+    /**
+     * Whether or not this connection event is associated with an
+     * unauthenticated / unencrypted emergency session
+     */
+    boolean isUnprotectedEmergency;
+}

radio/aidl/compat/libradiocompat/include/libradiocompat/RadioNetwork.h

@@ -111,6 +111,9 @@ class RadioNetwork : public RadioCompatBase,
     ::ndk::ScopedAStatus setCellularIdentifierTransparencyEnabled(int32_t serial,
                                                                   bool enabled) override;
 
+    ::ndk::ScopedAStatus setSecurityAlgorithmsUpdatedEnabled(int32_t serial, bool enabled) override;
+    ::ndk::ScopedAStatus isSecurityAlgorithmsUpdatedEnabled(int32_t serial) override;
+
   protected:
     std::shared_ptr<::aidl::android::hardware::radio::network::IRadioNetworkResponse> respond();
 

radio/aidl/compat/libradiocompat/network/RadioNetwork.cpp

@@ -387,4 +387,19 @@ ScopedAStatus RadioNetwork::setCellularIdentifierTransparencyEnabled(int32_t ser
     respond()->setCellularIdentifierTransparencyEnabledResponse(notSupported(serial));
     return ok();
 }
+
+ScopedAStatus RadioNetwork::isSecurityAlgorithmsUpdatedEnabled(int32_t serial) {
+    LOG_CALL << serial;
+    LOG(ERROR) << " isSecurityAlgorithmsUpdatedEnabled is unsupported by HIDL HALs";
+    respond()->isSecurityAlgorithmsUpdatedEnabledResponse(notSupported(serial), false);
+    return ok();
+}
+
+ScopedAStatus RadioNetwork::setSecurityAlgorithmsUpdatedEnabled(int32_t serial, bool /*enable*/) {
+    LOG_CALL << serial;
+    LOG(ERROR) << " setSecurityAlgorithmsUpdatedEnabled is unsupported by HIDL HALs";
+    respond()->setSecurityAlgorithmsUpdatedEnabledResponse(notSupported(serial));
+    return ok();
+}
+
 }  // namespace android::hardware::radio::compat

radio/aidl/vts/radio_network_indication.cpp

@@ -103,3 +103,8 @@ ndk::ScopedAStatus RadioNetworkIndication::cellularIdentifierDisclosed(
         const CellularIdentifierDisclosure& /*disclosures*/) {
     return ndk::ScopedAStatus::ok();
 }
+
+ndk::ScopedAStatus RadioNetworkIndication::securityAlgorithmsUpdated(
+        RadioIndicationType /*type*/, const SecurityAlgorithmUpdate& /*securityAlgorithmUpdate*/) {
+    return ndk::ScopedAStatus::ok();
+}

radio/aidl/vts/radio_network_response.cpp

@@ -335,3 +335,18 @@ ndk::ScopedAStatus RadioNetworkResponse::isCellularIdentifierTransparencyEnabled
     parent_network.notify(info.serial);
     return ndk::ScopedAStatus::ok();
 }
+
+ndk::ScopedAStatus RadioNetworkResponse::setSecurityAlgorithmsUpdatedEnabledResponse(
+        const RadioResponseInfo& info) {
+    rspInfo = info;
+    parent_network.notify(info.serial);
+    return ndk::ScopedAStatus::ok();
+}
+
+ndk::ScopedAStatus RadioNetworkResponse::isSecurityAlgorithmsUpdatedEnabledResponse(
+        const RadioResponseInfo& info, bool enabled) {
+    rspInfo = info;
+    this->isSecurityAlgorithmsUpdatedEnabled = enabled;
+    parent_network.notify(info.serial);
+    return ndk::ScopedAStatus::ok();
+}

radio/aidl/vts/radio_network_test.cpp

@@ -2488,3 +2488,86 @@ TEST_P(RadioNetworkTest, setCellularIdentifierTransparencyEnabled) {
     EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_network->rspInfo.type);
     EXPECT_EQ(serial, radioRsp_network->rspInfo.serial);
 }
+
+/*
+ * Test IRadioNetwork.setSecurityAlgorithmsUpdatedEnabled for the response returned.
+ */
+TEST_P(RadioNetworkTest, setSecurityAlgorithmsUpdatedEnabled) {
+    int32_t aidl_version;
+    ndk::ScopedAStatus aidl_status = radio_network->getInterfaceVersion(&aidl_version);
+    ASSERT_OK(aidl_status);
+    if (aidl_version < 3) {
+        ALOGI("Skipped the test since"
+              " setSecurityAlgorithmsUpdatedEnabled is not supported on version < 3");
+        GTEST_SKIP();
+    }
+
+    // Get current value
+    serial = GetRandomSerialNumber();
+    radio_network->isSecurityAlgorithmsUpdatedEnabled(serial);
+    EXPECT_EQ(std::cv_status::no_timeout, wait());
+    bool originalSecuritySetting = radioRsp_network->isSecurityAlgorithmsUpdatedEnabled;
+
+    // We want to test flipping the value, so we are going to set it to the opposite of what
+    // the existing setting is. The test for isSecurityAlgorithmsUpdatedEnabled should check
+    // for the right default value.
+    bool valueToSet = !originalSecuritySetting;
+    serial = GetRandomSerialNumber();
+    radio_network->setSecurityAlgorithmsUpdatedEnabled(serial, valueToSet);
+    EXPECT_EQ(std::cv_status::no_timeout, wait());
+    EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_network->rspInfo.type);
+    EXPECT_EQ(serial, radioRsp_network->rspInfo.serial);
+
+    ASSERT_TRUE(CheckAnyOfErrors(
+            radioRsp_network->rspInfo.error,
+            {RadioError::NONE, RadioError::RADIO_NOT_AVAILABLE, RadioError::MODEM_ERR}));
+
+    // Assert the value has changed
+    serial = GetRandomSerialNumber();
+    ndk::ScopedAStatus res = radio_network->isSecurityAlgorithmsUpdatedEnabled(serial);
+
+    ASSERT_OK(res);
+    EXPECT_EQ(std::cv_status::no_timeout, wait());
+    EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_network->rspInfo.type);
+    EXPECT_EQ(serial, radioRsp_network->rspInfo.serial);
+    ASSERT_TRUE(CheckAnyOfErrors(
+            radioRsp_network->rspInfo.error,
+            {RadioError::NONE, RadioError::RADIO_NOT_AVAILABLE, RadioError::MODEM_ERR}));
+    EXPECT_EQ(valueToSet, radioRsp_network->isSecurityAlgorithmsUpdatedEnabled);
+
+    // Reset original state
+    radio_network->setSecurityAlgorithmsUpdatedEnabled(serial, originalSecuritySetting);
+    EXPECT_EQ(std::cv_status::no_timeout, wait());
+    EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_network->rspInfo.type);
+    EXPECT_EQ(serial, radioRsp_network->rspInfo.serial);
+}
+
+/**
+ * Test IRadioNetwork.isSecurityAlgorithmsUpdatedEnabled for the response returned.
+ */
+TEST_P(RadioNetworkTest, isSecurityAlgorithmsUpdatedEnabled) {
+    int32_t aidl_version;
+    ndk::ScopedAStatus aidl_status = radio_network->getInterfaceVersion(&aidl_version);
+    ASSERT_OK(aidl_status);
+    if (aidl_version < 3) {
+        ALOGI("Skipped the test since"
+              " isSecurityAlgorithmsUpdatedEnabled is not supported on version < 3");
+        GTEST_SKIP();
+    }
+
+    serial = GetRandomSerialNumber();
+
+    ndk::ScopedAStatus res = radio_network->isSecurityAlgorithmsUpdatedEnabled(serial);
+    ASSERT_OK(res);
+
+    EXPECT_EQ(std::cv_status::no_timeout, wait());
+    EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_network->rspInfo.type);
+    EXPECT_EQ(serial, radioRsp_network->rspInfo.serial);
+
+    ASSERT_TRUE(CheckAnyOfErrors(
+            radioRsp_network->rspInfo.error,
+            {RadioError::NONE, RadioError::RADIO_NOT_AVAILABLE, RadioError::MODEM_ERR}));
+
+    // the default value should be true if we have not called the setter
+    EXPECT_TRUE(radioRsp_network->isSecurityAlgorithmsUpdatedEnabled);
+}

radio/aidl/vts/radio_network_utils.h

@@ -47,6 +47,7 @@ class RadioNetworkResponse : public BnRadioNetworkResponse {
     UsageSetting usageSetting;
     std::vector<RadioAccessSpecifier> specifiers;
     bool isCellularIdentifierTransparencyEnabled;
+    bool isSecurityAlgorithmsUpdatedEnabled;
 
     virtual ndk::ScopedAStatus acknowledgeRequest(int32_t serial) override;
 
@@ -176,6 +177,12 @@ class RadioNetworkResponse : public BnRadioNetworkResponse {
 
     virtual ndk::ScopedAStatus isCellularIdentifierTransparencyEnabledResponse(
             const RadioResponseInfo& info, bool /*enabled*/) override;
+
+    virtual ndk::ScopedAStatus isSecurityAlgorithmsUpdatedEnabledResponse(
+            const RadioResponseInfo& info, bool isEnabled) override;
+
+    virtual ndk::ScopedAStatus setSecurityAlgorithmsUpdatedEnabledResponse(
+            const RadioResponseInfo& info) override;
 };
 
 /* Callback class for radio network indication */
@@ -236,6 +243,10 @@ class RadioNetworkIndication : public BnRadioNetworkIndication {
 
     virtual ndk::ScopedAStatus cellularIdentifierDisclosed(
             RadioIndicationType type, const CellularIdentifierDisclosure& disclosures) override;
+
+    virtual ndk::ScopedAStatus securityAlgorithmsUpdated(
+            RadioIndicationType type,
+            const SecurityAlgorithmUpdate& securityAlgorithmUpdate) override;
 };
 
 // The main test class for Radio AIDL Network.