Revert^2 "Move keymint to android.hardware.security." am: 08a7e43e78

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1525190

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Icf583a13e67e08e7d1d812544a3cdaa165d4ad3a

compatibility_matrices/compatibility_matrix.current.xml

@@ -299,7 +299,7 @@
         </interface>
     </hal>
     <hal format="aidl" optional="true">
-        <name>android.hardware.keymint</name>
+        <name>android.hardware.security.keymint</name>
         <interface>
             <name>IKeyMintDevice</name>
             <instance>default</instance>

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl

@@ -1,33 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.keymint;
-@VintfStability
-interface IKeyMintDevice {
-  android.hardware.keymint.KeyMintHardwareInfo getHardwareInfo();
-  android.hardware.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.keymint.HardwareAuthToken token);
-  void addRngEntropy(in byte[] data);
-  void generateKey(in android.hardware.keymint.KeyParameter[] keyParams, out android.hardware.keymint.ByteArray generatedKeyBlob, out android.hardware.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
-  void importKey(in android.hardware.keymint.KeyParameter[] inKeyParams, in android.hardware.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
-  void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics);
-  byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.keymint.KeyParameter[] inUpgradeParams);
-  void deleteKey(in byte[] inKeyBlob);
-  void deleteAllKeys();
-  void destroyAttestationIds();
-  android.hardware.keymint.BeginResult begin(in android.hardware.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.keymint.KeyParameter[] inParams, in android.hardware.keymint.HardwareAuthToken inAuthToken);
-  const int AUTH_TOKEN_MAC_LENGTH = 32;
-}

keymint/aidl/default/android.hardware.keymint@1.0-service.rc

@@ -1,3 +0,0 @@
-service vendor.keymint-default /vendor/bin/hw/android.hardware.keymint@1.0-service
-    class early_hal
-    user nobody

security/keymint/aidl/Android.bp

@@ -1,8 +1,8 @@
 aidl_interface {
-    name: "android.hardware.keymint",
+    name: "android.hardware.security.keymint",
     vendor_available: true,
     srcs: [
-        "android/hardware/keymint/*.aidl",
+        "android/hardware/security/keymint/*.aidl",
     ],
     stability: "vintf",
     backend: {

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum Algorithm {
   RSA = 1,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl

@@ -15,10 +15,10 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable BeginResult {
   long challenge;
-  android.hardware.keymint.KeyParameter[] params;
+  android.hardware.security.keymint.KeyParameter[] params;
-  android.hardware.keymint.IKeyMintOperation operation;
+  android.hardware.security.keymint.IKeyMintOperation operation;
 }

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum BlockMode {
   ECB = 1,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable ByteArray {
   byte[] data;

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable Certificate {
   byte[] encodedCertificate;

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum Digest {
   NONE = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum EcCurve {
   P_224 = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum ErrorCode {
   OK = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl

@@ -15,13 +15,13 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable HardwareAuthToken {
   long challenge;
   long userId;
   long authenticatorId;
-  android.hardware.keymint.HardwareAuthenticatorType authenticatorType;
+  android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
-  android.hardware.keymint.Timestamp timestamp;
+  android.hardware.security.keymint.Timestamp timestamp;
   byte[] mac;
 }

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum HardwareAuthenticatorType {
   NONE = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl

@@ -0,0 +1,33 @@
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
+// edit this file. It looks like you are doing that because you have modified
+// an AIDL interface in a backward-incompatible way, e.g., deleting a function
+// from an interface or a field from a parcelable and it broke the build. That
+// breakage is intended.
+//
+// You must not make a backward incompatible changes to the AIDL files built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.keymint;
+@VintfStability
+interface IKeyMintDevice {
+  android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
+  android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token);
+  void addRngEntropy(in byte[] data);
+  void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
+  void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
+  void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics);
+  byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams);
+  void deleteKey(in byte[] inKeyBlob);
+  void deleteAllKeys();
+  void destroyAttestationIds();
+  android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.security.keymint.KeyParameter[] inParams, in android.hardware.security.keymint.HardwareAuthToken inAuthToken);
+  const int AUTH_TOKEN_MAC_LENGTH = 32;
+}

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl

@@ -15,10 +15,10 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 interface IKeyMintOperation {
-  int update(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams, out @nullable android.hardware.keymint.ByteArray output);
+  int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);
-  byte[] finish(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.keymint.HardwareAuthToken authToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams);
+  byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);
   void abort();
 }

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl

@@ -15,9 +15,9 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable KeyCharacteristics {
-  android.hardware.keymint.KeyParameter[] softwareEnforced;
+  android.hardware.security.keymint.KeyParameter[] softwareEnforced;
-  android.hardware.keymint.KeyParameter[] hardwareEnforced;
+  android.hardware.security.keymint.KeyParameter[] hardwareEnforced;
 }

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum KeyDerivationFunction {
   NONE = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum KeyFormat {
   X509 = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl

@@ -15,11 +15,11 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable KeyMintHardwareInfo {
   int versionNumber;
-  android.hardware.keymint.SecurityLevel securityLevel;
+  android.hardware.security.keymint.SecurityLevel securityLevel;
   @utf8InCpp String keyMintName;
   @utf8InCpp String keyMintAuthorName;
 }

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum KeyOrigin {
   GENERATED = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl

@@ -15,10 +15,10 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable KeyParameter {
-  android.hardware.keymint.Tag tag;
+  android.hardware.security.keymint.Tag tag;
   boolean boolValue;
   int integer;
   long longInteger;

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl

@@ -15,8 +15,8 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable KeyParameterArray {
-  android.hardware.keymint.KeyParameter[] params;
+  android.hardware.security.keymint.KeyParameter[] params;
 }

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum KeyPurpose {
   ENCRYPT = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum PaddingMode {
   NONE = 1,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum SecurityLevel {
   SOFTWARE = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum Tag {
   INVALID = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @Backing(type="int") @VintfStability
 enum TagType {
   INVALID = 0,

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable Timestamp {
   long milliSeconds;

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl

@@ -15,11 +15,11 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 @VintfStability
 parcelable VerificationToken {
   long challenge;
-  android.hardware.keymint.Timestamp timestamp;
+  android.hardware.security.keymint.Timestamp timestamp;
-  android.hardware.keymint.SecurityLevel securityLevel;
+  android.hardware.security.keymint.SecurityLevel securityLevel;
   byte[] mac;
 }

security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * Algorithms provided by IKeyMintDevice implementations.

security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl

@@ -14,12 +14,10 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
-
-import android.hardware.keymint.IKeyMintOperation;
-import android.hardware.keymint.KeyParameter;
 
+import android.hardware.security.keymint.IKeyMintOperation;
+import android.hardware.security.keymint.KeyParameter;
 
 /**
  * This is all the results returned by the IKeyMintDevice begin() function.

security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * Symmetric block cipher modes provided by IKeyMintDevice implementations.

security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * This is used to contain a byte[], to make out parameters of byte arrays

security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * This encodes the IKeyMintDevice attestation generated certificate.

security/keymint/aidl/android/hardware/security/keymint/Digest.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * Digests provided by keyMint implementations.

security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * Supported EC curves, used in ECDSA

security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * KeyMint error codes.  Aidl will return these error codes as service specific

security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl

@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.Timestamp;
+import android.hardware.security.keymint.Timestamp;
-import android.hardware.keymint.HardwareAuthenticatorType;
+import android.hardware.security.keymint.HardwareAuthenticatorType;
 
 /**
  * HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key.
@@ -30,7 +30,6 @@ import android.hardware.keymint.HardwareAuthenticatorType;
  */
 @VintfStability
 parcelable HardwareAuthToken {
-
     /**
      * challenge is a value that's used to enable authentication tokens to authorize specific
      * events.  The primary use case for challenge is to authorize an IKeyMintDevice cryptographic

security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * Hardware authentication type, used by HardwareAuthTokens to specify the mechanism used to

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

@@ -14,20 +14,20 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.BeginResult;
+import android.hardware.security.keymint.BeginResult;
-import android.hardware.keymint.ByteArray;
+import android.hardware.security.keymint.ByteArray;
-import android.hardware.keymint.Certificate;
+import android.hardware.security.keymint.Certificate;
-import android.hardware.keymint.HardwareAuthToken;
+import android.hardware.security.keymint.HardwareAuthToken;
-import android.hardware.keymint.IKeyMintOperation;
+import android.hardware.security.keymint.IKeyMintOperation;
-import android.hardware.keymint.KeyCharacteristics;
+import android.hardware.security.keymint.KeyCharacteristics;
-import android.hardware.keymint.KeyFormat;
+import android.hardware.security.keymint.KeyFormat;
-import android.hardware.keymint.KeyParameter;
+import android.hardware.security.keymint.KeyParameter;
-import android.hardware.keymint.KeyMintHardwareInfo;
+import android.hardware.security.keymint.KeyMintHardwareInfo;
-import android.hardware.keymint.KeyPurpose;
+import android.hardware.security.keymint.KeyPurpose;
-import android.hardware.keymint.SecurityLevel;
+import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.keymint.VerificationToken;
+import android.hardware.security.keymint.VerificationToken;
 
 /**
  * KeyMint device definition.

security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl

@@ -14,13 +14,13 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.ByteArray;
+import android.hardware.security.keymint.ByteArray;
-import android.hardware.keymint.HardwareAuthToken;
+import android.hardware.security.keymint.HardwareAuthToken;
-import android.hardware.keymint.KeyParameter;
+import android.hardware.security.keymint.KeyParameter;
-import android.hardware.keymint.KeyParameterArray;
+import android.hardware.security.keymint.KeyParameterArray;
-import android.hardware.keymint.VerificationToken;
+import android.hardware.security.keymint.VerificationToken;
 
 @VintfStability
 interface IKeyMintOperation {

security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl

@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.KeyParameter;
+import android.hardware.security.keymint.KeyParameter;
 
 /**
  * KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage

security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * Key derivation functions, mostly used in ECIES.

security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * Formats for key import and export.

security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl

@@ -14,15 +14,13 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
-import android.hardware.keymint.SecurityLevel;
 
+import android.hardware.security.keymint.SecurityLevel;
 
 /**
  * KeyMintHardwareInfo is the hardware information returned by calling KeyMint getHardwareInfo()
  */
-
 @VintfStability
 parcelable KeyMintHardwareInfo {
     /**

security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
-
 
 /**
  * The origin of a key (or pair), i.e. where it was generated.  Note that ORIGIN can be found in

security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl

@@ -14,20 +14,19 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-
+import android.hardware.security.keymint.Algorithm;
-import android.hardware.keymint.Algorithm;
+import android.hardware.security.keymint.BlockMode;
-import android.hardware.keymint.BlockMode;
+import android.hardware.security.keymint.Digest;
-import android.hardware.keymint.Digest;
+import android.hardware.security.keymint.EcCurve;
-import android.hardware.keymint.EcCurve;
+import android.hardware.security.keymint.HardwareAuthenticatorType;
-import android.hardware.keymint.HardwareAuthenticatorType;
+import android.hardware.security.keymint.KeyDerivationFunction;
-import android.hardware.keymint.KeyDerivationFunction;
+import android.hardware.security.keymint.KeyOrigin;
-import android.hardware.keymint.KeyOrigin;
+import android.hardware.security.keymint.KeyPurpose;
-import android.hardware.keymint.KeyPurpose;
+import android.hardware.security.keymint.PaddingMode;
-import android.hardware.keymint.PaddingMode;
+import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.keymint.SecurityLevel;
+import android.hardware.security.keymint.Tag;
-import android.hardware.keymint.Tag;
 
 
 /**

security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl

@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.KeyParameter;
+import android.hardware.security.keymint.KeyParameter;
 
 /**
  * Identifies the key authorization parameters to be used with keyMint.  This is usually

security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 
 /**

security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * TODO(seleneh) update the description.

security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * Device security levels.

security/keymint/aidl/android/hardware/security/keymint/Tag.aidl

@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.TagType;
+import android.hardware.security.keymint.TagType;
 
 // TODO(seleneh) : note aidl currently does not support double nested enum definitions such as
 // ROOT_OF_TRUST = TagType:BYTES | 704.  So we are forced to write definations as

security/keymint/aidl/android/hardware/security/keymint/TagType.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * TagType classifies Tags in Tag.aidl into various groups of data.

security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
 /**
  * Time in milliseconds since some arbitrary point in time.  Time must be monotonically increasing,

security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl

@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 
-package android.hardware.keymint;
+package android.hardware.security.keymint;
 
-import android.hardware.keymint.SecurityLevel;
+import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.keymint.Timestamp;
+import android.hardware.security.keymint.Timestamp;
 
 /**
  * VerificationToken instances are used for secure environments to authenticate one another.
@@ -48,7 +48,7 @@ parcelable VerificationToken {
      * 32-byte HMAC-SHA256 of the above values, computed as:
      *
      *    HMAC(H,
-     *         "Auth Verification" || challenge || timestamp || securityLevel || parametersVerified)
+     *         "Auth Verification" || challenge || timestamp || securityLevel)
      *
      * where:
      *
@@ -58,11 +58,6 @@ parcelable VerificationToken {
      *
      * The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian
      * order.  securityLevel is represented as a 32-bit unsigned integer in big-endian order.
-     *
-     * If parametersVerified is non-empty, the representation of parametersVerified is an ASN.1 DER
-     * encoded representation of the values.  The ASN.1 schema used is the AuthorizationList schema
-     * from the Keystore attestation documentation.  If parametersVerified is empty, it is simply
-     * omitted from the HMAC computation.
      */
     byte[] mac;
 }

security/keymint/aidl/default/Android.bp

@@ -1,22 +1,22 @@
 cc_binary {
-    name: "android.hardware.keymint@1.0-service",
+    name: "android.hardware.security.keymint-service",
     relative_install_path: "hw",
-    init_rc: ["android.hardware.keymint@1.0-service.rc"],
+    init_rc: ["android.hardware.security.keymint-service.rc"],
-    vintf_fragments: ["android.hardware.keymint@1.0-service.xml"],
+    vintf_fragments: ["android.hardware.security.keymint-service.xml"],
     vendor: true,
     cflags: [
         "-Wall",
         "-Wextra",
     ],
     shared_libs: [
-        "android.hardware.keymint-ndk_platform",
+        "android.hardware.security.keymint-ndk_platform",
         "libbase",
         "libbinder_ndk",
         "libcppbor",
         "libcrypto",
-        "liblog",
         "libkeymaster_portable",
-        "libkeymint1",
+        "libkeymint",
+        "liblog",
         "libpuresoftkeymasterdevice",
         "libutils",
     ],

security/keymint/aidl/default/android.hardware.security.keymint-service.rc

@@ -0,0 +1,3 @@
+service vendor.keymint-default /vendor/bin/hw/android.hardware.security.keymint-service
+    class early_hal
+    user nobody

security/keymint/aidl/default/android.hardware.security.keymint-service.xml

@@ -1,6 +1,6 @@
 <manifest version="1.0" type="device">
     <hal format="aidl">
-        <name>android.hardware.keymint</name>
+        <name>android.hardware.security.keymint</name>
         <fqname>IKeyMintDevice/default</fqname>
     </hal>
 </manifest>

security/keymint/aidl/default/service.cpp

@@ -14,30 +14,30 @@
  * limitations under the License.
  */
 
-#define LOG_TAG "android.hardware.keymint1-service"
+#define LOG_TAG "android.hardware.security.keymint-service"
 
 #include <android-base/logging.h>
 #include <android/binder_manager.h>
 #include <android/binder_process.h>
 
-#include <AndroidKeyMint1Device.h>
+#include <AndroidKeyMintDevice.h>
 #include <keymaster/soft_keymaster_logger.h>
 
-using aidl::android::hardware::keymint::SecurityLevel;
+using aidl::android::hardware::security::keymint::AndroidKeyMintDevice;
-using aidl::android::hardware::keymint::V1_0::AndroidKeyMint1Device;
+using aidl::android::hardware::security::keymint::SecurityLevel;
 
 int main() {
     // Zero threads seems like a useless pool, but below we'll join this thread to it, increasing
     // the pool size to 1.
     ABinderProcess_setThreadPoolMaxThreadCount(0);
-    std::shared_ptr<AndroidKeyMint1Device> km5 =
+    std::shared_ptr<AndroidKeyMintDevice> keyMint =
-            ndk::SharedRefBase::make<AndroidKeyMint1Device>(SecurityLevel::SOFTWARE);
+            ndk::SharedRefBase::make<AndroidKeyMintDevice>(SecurityLevel::SOFTWARE);
 
     keymaster::SoftKeymasterLogger logger;
-    const auto instanceName = std::string(AndroidKeyMint1Device::descriptor) + "/default";
+    const auto instanceName = std::string(AndroidKeyMintDevice::descriptor) + "/default";
     LOG(INFO) << "instance: " << instanceName;
     binder_status_t status =
-            AServiceManager_addService(km5->asBinder().get(), instanceName.c_str());
+            AServiceManager_addService(keyMint->asBinder().get(), instanceName.c_str());
     CHECK(status == STATUS_OK);
 
     ABinderProcess_joinThreadPool();

security/keymint/aidl/vts/functional/Android.bp

@@ -15,25 +15,25 @@
 //
 
 cc_test {
-    name: "VtsAidlKeyMintV1_0TargetTest",
+    name: "VtsAidlKeyMintTargetTest",
     defaults: [
         "VtsHalTargetTestDefaults",
         "use_libaidlvintf_gtest_helper_static",
     ],
     srcs: [
-        "keyMint1Test.cpp",
+        "KeyMintTest.cpp",
         "VerificationTokenTest.cpp",
     ],
     shared_libs: [
         "libbinder",
         "libcrypto",
-        "libkeymint1",
+        "libkeymint",
-        "libkeymintSupport",
+        "libkeymint_support",
     ],
     static_libs: [
-        "android.hardware.keymint-cpp",
+        "android.hardware.security.keymint-cpp",
-        "libcppbor",
+        "libcppbor_external",
-        "libkeyMint1VtsTestUtil",
+        "libkeymint_vts_test_utils",
     ],
     test_suites: [
         "general-tests",
@@ -42,7 +42,7 @@ cc_test {
 }
 
 cc_test_library {
-    name: "libkeyMint1VtsTestUtil",
+    name: "libkeymint_vts_test_utils",
     defaults: [
         "VtsHalTargetTestDefaults",
         "use_libaidlvintf_gtest_helper_static",
@@ -56,11 +56,11 @@ cc_test_library {
     shared_libs: [
         "libbinder",
         "libcrypto",
-        "libkeymint1",
+        "libkeymint",
-        "libkeymintSupport",
+        "libkeymint_support",
     ],
     static_libs: [
-        "android.hardware.keymint-cpp",
+        "android.hardware.security.keymint-cpp",
         "libcppbor",
     ],
 }

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -21,12 +21,10 @@
 
 #include <android-base/logging.h>
 
-#include <keymintSupport/key_param_output.h>
+#include <keymint_support/key_param_output.h>
-#include <keymintSupport/keymint_utils.h>
+#include <keymint_support/keymint_utils.h>
 
-namespace android {
+namespace android::hardware::security::keymint {
-namespace hardware {
-namespace keymint {
 
 using namespace std::literals::chrono_literals;
 using std::endl;
@@ -751,6 +749,5 @@ vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
 }
 
 }  // namespace test
-}  // namespace keymint
+
-}  // namespace hardware
+}  // namespace android::hardware::security::keymint
-}  // namespace android

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

@@ -21,18 +21,15 @@
 
 #include <aidl/Gtest.h>
 #include <aidl/Vintf.h>
-#include <android/hardware/keymint/ErrorCode.h>
+#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/keymint/IKeyMintDevice.h>
+#include <android/hardware/security/keymint/IKeyMintDevice.h>
 #include <binder/IServiceManager.h>
 #include <binder/ProcessState.h>
 #include <gtest/gtest.h>
 
-#include <keymintSupport/authorization_set.h>
+#include <keymint_support/authorization_set.h>
 
-namespace android {
+namespace android::hardware::security::keymint::test {
-namespace hardware {
-namespace keymint {
-namespace test {
 
 using ::android::sp;
 using binder::Status;
@@ -189,9 +186,6 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
                              testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
                              android::PrintInstanceNameToString)
 
-}  // namespace test
+}  // namespace android::hardware::security::keymint::test
-}  // namespace keymint
-}  // namespace hardware
-}  // namespace android
 
 #endif  // VTS_KEYMINT_AIDL_TEST_UTILS_H

security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -26,36 +26,32 @@
 
 #include <cutils/properties.h>
 
-#include <android/hardware/keymint/KeyFormat.h>
+#include <android/hardware/security/keymint/KeyFormat.h>
 
-#include <keymintSupport/attestation_record.h>
+#include <keymint_support/attestation_record.h>
-#include <keymintSupport/key_param_output.h>
+#include <keymint_support/key_param_output.h>
-#include <keymintSupport/openssl_utils.h>
+#include <keymint_support/openssl_utils.h>
 
 #include "KeyMintAidlTestBase.h"
 
 static bool arm_deleteAllKeys = false;
 static bool dump_Attestations = false;
 
-using android::hardware::keymint::AuthorizationSet;
+using android::hardware::security::keymint::AuthorizationSet;
-using android::hardware::keymint::KeyCharacteristics;
+using android::hardware::security::keymint::KeyCharacteristics;
-using android::hardware::keymint::KeyFormat;
+using android::hardware::security::keymint::KeyFormat;
 
-namespace android {
+namespace android::hardware::security::keymint {
-namespace hardware {
-
-namespace keymint {
 
 bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
     return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
 }
-}  // namespace keymint
+
-}  // namespace hardware
+}  // namespace android::hardware::security::keymint
-}  // namespace android
 
 namespace std {
 
-using namespace android::hardware::keymint;
+using namespace android::hardware::security::keymint;
 
 template <>
 struct std::equal_to<KeyCharacteristics> {
@@ -77,10 +73,8 @@ struct std::equal_to<KeyCharacteristics> {
 
 }  // namespace std
 
-namespace android {
+namespace android::hardware::security::keymint::test {
-namespace hardware {
+
-namespace keymint {
-namespace test {
 namespace {
 
 template <TagType tag_type, Tag tag, typename ValueT>
@@ -4046,10 +4040,7 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
 
 INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);
 
-}  // namespace test
+}  // namespace android::hardware::security::keymint::test
-}  // namespace keymint
-}  // namespace hardware
-}  // namespace android
 
 int main(int argc, char** argv) {
     ::testing::InitGoogleTest(&argc, argv);
@@ -4063,7 +4054,5 @@ int main(int argc, char** argv) {
             }
         }
     }
-    int status = RUN_ALL_TESTS();
+    return RUN_ALL_TESTS();
-    ALOGI("Test result = %d", status);
-    return status;
 }

security/keymint/aidl/vts/functional/VerificationTokenTest.cpp

@@ -16,10 +16,7 @@
 
 #include "KeyMintAidlTestBase.h"
 
-namespace android {
+namespace android::hardware::security::keymint::test {
-namespace hardware {
-namespace keymint {
-namespace test {
 
 class VerificationTokenTest : public KeyMintAidlTestBase {
   protected:
@@ -168,7 +165,4 @@ TEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) {
 
 INSTANTIATE_KEYMINT_AIDL_TEST(VerificationTokenTest);
 
-}  // namespace test
+}  // namespace android::hardware::security::keymint::test
-}  // namespace keymint
-}  // namespace hardware
-}  // namespace android

security/keymint/support/Android.bp

@@ -15,7 +15,7 @@
 //
 
 cc_library {
-    name: "libkeymintSupport",
+    name: "libkeymint_support",
     cflags: [
         "-Wall",
         "-Wextra",
@@ -31,7 +31,7 @@ cc_library {
         "include",
     ],
     shared_libs: [
-        "android.hardware.keymint-cpp",
+        "android.hardware.security.keymint-cpp",
         "libbase",
         "libcrypto",
         "libutils",

security/keymint/support/attestation_record.cpp

@@ -14,27 +14,26 @@
  * limitations under the License.
  */
 
-#include <keymintSupport/attestation_record.h>
+#include <keymint_support/attestation_record.h>
 
-#include <android/hardware/keymint/Tag.h>
+#include <assert.h>
-#include <android/hardware/keymint/TagType.h>
 
 #include <android-base/logging.h>
-#include <assert.h>
 
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-#include <keymintSupport/authorization_set.h>
+#include <android/hardware/security/keymint/Tag.h>
-#include <keymintSupport/openssl_utils.h>
+#include <android/hardware/security/keymint/TagType.h>
+
+#include <keymint_support/authorization_set.h>
+#include <keymint_support/openssl_utils.h>
 
 #define AT __FILE__ ":" << __LINE__
 
-namespace android {
+namespace android::hardware::security::keymint {
-namespace hardware {
-namespace keymint {
 
 struct stack_st_ASN1_TYPE_Delete {
     void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
@@ -382,6 +381,4 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
     return ErrorCode::OK;  // KM_ERROR_OK;
 }
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android

security/keymint/support/authorization_set.cpp

@@ -14,23 +14,21 @@
  * limitations under the License.
  */
 
-#include <keymintSupport/authorization_set.h>
+#include <keymint_support/authorization_set.h>
 
 #include <assert.h>
-
-#include <android-base/logging.h>
 #include <sstream>
 
-#include <android/hardware/keymint/Algorithm.h>
+#include <android-base/logging.h>
-#include <android/hardware/keymint/BlockMode.h>
-#include <android/hardware/keymint/Digest.h>
-#include <android/hardware/keymint/KeyParameter.h>
-#include <android/hardware/keymint/KeyPurpose.h>
-#include <android/hardware/keymint/TagType.h>
 
-namespace android {
+#include <android/hardware/security/keymint/Algorithm.h>
-namespace hardware {
+#include <android/hardware/security/keymint/BlockMode.h>
-namespace keymint {
+#include <android/hardware/security/keymint/Digest.h>
+#include <android/hardware/security/keymint/KeyParameter.h>
+#include <android/hardware/security/keymint/KeyPurpose.h>
+#include <android/hardware/security/keymint/TagType.h>
+
+namespace android::hardware::security::keymint {
 
 void AuthorizationSet::Sort() {
     std::sort(data_.begin(), data_.end());
@@ -220,10 +218,11 @@ struct choose_serializer<> {
 };
 
 template <TagType tag_type, Tag tag, typename... Tail>
-struct choose_serializer<android::hardware::keymint::TypedTag<tag_type, tag>, Tail...> {
+struct choose_serializer<android::hardware::security::keymint::TypedTag<tag_type, tag>, Tail...> {
     static OutStreams& serialize(OutStreams& out, const KeyParameter& param) {
         if (param.tag == tag) {
-            return android::hardware::keymint::serialize(TypedTag<tag_type, tag>(), out, param);
+            return android::hardware::security::keymint::serialize(TypedTag<tag_type, tag>(), out,
+                                                                   param);
         } else {
             return choose_serializer<Tail...>::serialize(out, param);
         }
@@ -329,7 +328,8 @@ template <TagType tag_type, Tag tag, typename... Tail>
 struct choose_deserializer<TypedTag<tag_type, tag>, Tail...> {
     static InStreams& deserialize(InStreams& in, KeyParameter* param) {
         if (param->tag == tag) {
-            return android::hardware::keymint::deserialize(TypedTag<tag_type, tag>(), in, param);
+            return android::hardware::security::keymint::deserialize(TypedTag<tag_type, tag>(), in,
+                                                                     param);
         } else {
             return choose_deserializer<Tail...>::deserialize(in, param);
         }
@@ -501,15 +501,14 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::GcmModeMacLen(uint32_t macLeng
 }
 
 AuthorizationSetBuilder& AuthorizationSetBuilder::BlockMode(
-        std::initializer_list<android::hardware::keymint::BlockMode> blockModes) {
+        std::initializer_list<android::hardware::security::keymint::BlockMode> blockModes) {
     for (auto mode : blockModes) {
         push_back(TAG_BLOCK_MODE, mode);
     }
     return *this;
 }
 
-AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(
+AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(std::vector<keymint::Digest> digests) {
-        std::vector<android::hardware::keymint::Digest> digests) {
     for (auto digest : digests) {
         push_back(TAG_DIGEST, digest);
     }
@@ -524,6 +523,4 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding(
     return *this;
 }
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android

security/keymint/support/include/keymint_support/attestation_record.h

@@ -16,20 +16,14 @@
 
 #pragma once
 
-#include <android/hardware/keymint/ErrorCode.h>
+#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/keymint/IKeyMintDevice.h>
+#include <android/hardware/security/keymint/IKeyMintDevice.h>
 
-#include <keymintSupport/attestation_record.h>
+#include <keymint_support/attestation_record.h>
-#include <keymintSupport/authorization_set.h>
+#include <keymint_support/authorization_set.h>
-#include <keymintSupport/openssl_utils.h>
+#include <keymint_support/openssl_utils.h>
 
-namespace android {
+namespace android::hardware::security::keymint {
-namespace hardware {
-namespace keymint {
-
-using android::hardware::keymint::KeyParameter;
-using android::hardware::keymint::Tag;
-using android::hardware::keymint::TAG_ALGORITHM;
 
 class AuthorizationSet;
 
@@ -90,6 +84,4 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
                               keymint_verified_boot_t* verified_boot_state, bool* device_locked,
                               std::vector<uint8_t>* verified_boot_hash);
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android

security/keymint/support/include/keymint_support/authorization_set.h

@@ -19,21 +19,14 @@
 
 #include <vector>
 
-#include <android/hardware/keymint/BlockMode.h>
+#include <android/hardware/security/keymint/BlockMode.h>
-#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/security/keymint/Digest.h>
-#include <android/hardware/keymint/EcCurve.h>
+#include <android/hardware/security/keymint/EcCurve.h>
-#include <android/hardware/keymint/PaddingMode.h>
+#include <android/hardware/security/keymint/PaddingMode.h>
 
-#include <keymintSupport/keymint_tags.h>
+#include <keymint_support/keymint_tags.h>
 
-namespace android {
+namespace android::hardware::security::keymint {
-namespace hardware {
-namespace keymint {
-
-using android::hardware::keymint::BlockMode;
-using android::hardware::keymint::Digest;
-using android::hardware::keymint::EcCurve;
-using android::hardware::keymint::PaddingMode;
 
 using std::vector;
 
@@ -322,8 +315,6 @@ class AuthorizationSetBuilder : public AuthorizationSet {
     }
 };
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android
 
 #endif  // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

security/keymint/support/include/keymint_support/key_param_output.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,28 +20,24 @@
 #include <iostream>
 #include <vector>
 
+#include <android/hardware/security/keymint/Algorithm.h>
+#include <android/hardware/security/keymint/BlockMode.h>
+#include <android/hardware/security/keymint/Digest.h>
+#include <android/hardware/security/keymint/EcCurve.h>
+#include <android/hardware/security/keymint/ErrorCode.h>
+#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
+#include <android/hardware/security/keymint/KeyCharacteristics.h>
+#include <android/hardware/security/keymint/KeyOrigin.h>
+#include <android/hardware/security/keymint/KeyParameter.h>
+#include <android/hardware/security/keymint/KeyPurpose.h>
+#include <android/hardware/security/keymint/PaddingMode.h>
+#include <android/hardware/security/keymint/SecurityLevel.h>
+#include <android/hardware/security/keymint/Tag.h>
+#include <android/hardware/security/keymint/TagType.h>
+
 #include "keymint_tags.h"
 
-#include <android/hardware/keymint/Algorithm.h>
+namespace android::hardware::security::keymint {
-#include <android/hardware/keymint/BlockMode.h>
-#include <android/hardware/keymint/Digest.h>
-#include <android/hardware/keymint/EcCurve.h>
-#include <android/hardware/keymint/ErrorCode.h>
-#include <android/hardware/keymint/HardwareAuthenticatorType.h>
-#include <android/hardware/keymint/KeyCharacteristics.h>
-#include <android/hardware/keymint/KeyOrigin.h>
-#include <android/hardware/keymint/KeyParameter.h>
-#include <android/hardware/keymint/KeyPurpose.h>
-#include <android/hardware/keymint/PaddingMode.h>
-#include <android/hardware/keymint/SecurityLevel.h>
-#include <android/hardware/keymint/Tag.h>
-#include <android/hardware/keymint/TagType.h>
-
-namespace android {
-namespace hardware {
-namespace keymint {
-
-using namespace ::android::hardware::keymint;
 
 inline ::std::ostream& operator<<(::std::ostream& os, Algorithm value) {
     return os << toString(value);
@@ -101,8 +97,6 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) {
     return os << toString(tag);
 }
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android
 
 #endif  // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_

security/keymint/support/include/keymint_support/keymint_tags.h

@@ -17,24 +17,20 @@
 #ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
 #define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
 
-#include <android/hardware/keymint/Algorithm.h>
+#include <android/hardware/security/keymint/Algorithm.h>
-#include <android/hardware/keymint/BlockMode.h>
+#include <android/hardware/security/keymint/BlockMode.h>
-#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/security/keymint/Digest.h>
-#include <android/hardware/keymint/EcCurve.h>
+#include <android/hardware/security/keymint/EcCurve.h>
-#include <android/hardware/keymint/HardwareAuthenticatorType.h>
+#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
-#include <android/hardware/keymint/KeyOrigin.h>
+#include <android/hardware/security/keymint/KeyOrigin.h>
-#include <android/hardware/keymint/KeyParameter.h>
+#include <android/hardware/security/keymint/KeyParameter.h>
-#include <android/hardware/keymint/KeyPurpose.h>
+#include <android/hardware/security/keymint/KeyPurpose.h>
-#include <android/hardware/keymint/PaddingMode.h>
+#include <android/hardware/security/keymint/PaddingMode.h>
-#include <android/hardware/keymint/SecurityLevel.h>
+#include <android/hardware/security/keymint/SecurityLevel.h>
-#include <android/hardware/keymint/Tag.h>
+#include <android/hardware/security/keymint/Tag.h>
-#include <android/hardware/keymint/TagType.h>
+#include <android/hardware/security/keymint/TagType.h>
 
-namespace android::hardware::keymint {
+namespace android::hardware::security::keymint {
-
-using android::hardware::keymint::KeyParameter;
-using android::hardware::keymint::Tag;
-using android::hardware::keymint::TagType;
 
 // The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have.  We
 // need these old values to be able to support old keys that use them.
@@ -337,78 +333,6 @@ inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&>
     return accessTagValue(ttag, param);
 }
 
-}  // namespace android::hardware::keymint
+}  // namespace android::hardware::security::keymint
-
-namespace std {
-
-using namespace android::hardware::keymint;
-
-// Aidl generates KeyParameter operator<, >, ==, != for cpp translation but not ndk
-// translations.  So we cannot straight forward overload these operators.
-// However we need our custom comparison for KeyParameters.  So we will
-// overload std::less, equal_to instead.
-template <>
-struct std::less<KeyParameter> {
-    bool operator()(const KeyParameter& a, const KeyParameter& b) const {
-        if (a.tag != b.tag) return a.tag < b.tag;
-        int retval;
-        switch (typeFromTag(a.tag)) {
-            case TagType::INVALID:
-            case TagType::BOOL:
-                return false;
-            case TagType::ENUM:
-            case TagType::ENUM_REP:
-            case TagType::UINT:
-            case TagType::UINT_REP:
-                return a.integer < b.integer;
-            case TagType::ULONG:
-            case TagType::ULONG_REP:
-            case TagType::DATE:
-                return a.longInteger < b.longInteger;
-            case TagType::BIGNUM:
-            case TagType::BYTES:
-                // Handle the empty cases.
-                if (a.blob.size() == 0) return b.blob.size() != 0;
-                if (b.blob.size() == 0) return false;
-                retval = memcmp(&a.blob[0], &b.blob[0], std::min(a.blob.size(), b.blob.size()));
-                // if one is the prefix of the other the longer wins
-                if (retval == 0) return a.blob.size() < b.blob.size();
-                // Otherwise a is less if a is less.
-                else
-                    return retval < 0;
-        }
-        return false;
-    }
-};
-
-template <>
-struct std::equal_to<KeyParameter> {
-    bool operator()(const KeyParameter& a, const KeyParameter& b) const {
-        if (a.tag != b.tag) {
-            return false;
-        }
-        switch (typeFromTag(a.tag)) {
-            case TagType::INVALID:
-            case TagType::BOOL:
-                return true;
-            case TagType::ENUM:
-            case TagType::ENUM_REP:
-            case TagType::UINT:
-            case TagType::UINT_REP:
-                return a.integer == b.integer;
-            case TagType::ULONG:
-            case TagType::ULONG_REP:
-            case TagType::DATE:
-                return a.longInteger == b.longInteger;
-            case TagType::BIGNUM:
-            case TagType::BYTES:
-                if (a.blob.size() != b.blob.size()) return false;
-                return a.blob.size() == 0 || memcmp(&a.blob[0], &b.blob[0], a.blob.size()) == 0;
-        }
-        return false;
-    }
-};
-
-}  // namespace std
 
 #endif  // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_

security/keymint/support/include/keymint_support/keymint_utils.h

@@ -19,11 +19,9 @@
 #ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
 #define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
 
-#include <android/hardware/keymint/HardwareAuthToken.h>
+#include <android/hardware/security/keymint/HardwareAuthToken.h>
 
-namespace android {
+namespace android::hardware::security::keymint {
-namespace hardware {
-namespace keymint {
 
 using std::vector;
 
@@ -44,8 +42,6 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token);
 uint32_t getOsVersion();
 uint32_t getOsPatchlevel();
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android
 
 #endif  // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_

security/keymint/support/include/keymint_support/openssl_utils.h

@@ -17,11 +17,13 @@
 #ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
 #define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
 
-#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/security/keymint/Digest.h>
 
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
+namespace android::hardware::security::keymint {
+
 template <typename T, void (*F)(T*)>
 struct UniquePtrDeleter {
     void operator()(T* p) const { F(p); }
@@ -40,24 +42,26 @@ MAKE_OPENSSL_PTR_TYPE(BN_CTX)
 
 typedef std::unique_ptr<BIGNUM, UniquePtrDeleter<BIGNUM, BN_free>> BIGNUM_Ptr;
 
-inline const EVP_MD* openssl_digest(android::hardware::keymint::Digest digest) {
+inline const EVP_MD* openssl_digest(Digest digest) {
     switch (digest) {
-        case android::hardware::keymint::Digest::NONE:
+        case Digest::NONE:
             return nullptr;
-        case android::hardware::keymint::Digest::MD5:
+        case Digest::MD5:
             return EVP_md5();
-        case android::hardware::keymint::Digest::SHA1:
+        case Digest::SHA1:
             return EVP_sha1();
-        case android::hardware::keymint::Digest::SHA_2_224:
+        case Digest::SHA_2_224:
             return EVP_sha224();
-        case android::hardware::keymint::Digest::SHA_2_256:
+        case Digest::SHA_2_256:
             return EVP_sha256();
-        case android::hardware::keymint::Digest::SHA_2_384:
+        case Digest::SHA_2_384:
             return EVP_sha384();
-        case android::hardware::keymint::Digest::SHA_2_512:
+        case Digest::SHA_2_512:
             return EVP_sha512();
     }
     return nullptr;
 }
 
+}  // namespace android::hardware::security::keymint
+
 #endif  // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_

security/keymint/support/key_param_output.cpp

@@ -14,15 +14,13 @@
  * limitations under the License.
  */
 
-#include <keymintSupport/key_param_output.h>
+#include <keymint_support/key_param_output.h>
-
-#include <keymintSupport/keymint_tags.h>
 
 #include <iomanip>
 
-namespace android {
+#include <keymint_support/keymint_tags.h>
-namespace hardware {
+
-namespace keymint {
+namespace android::hardware::security::keymint {
 
 using ::std::endl;
 using ::std::ostream;
@@ -71,6 +69,4 @@ ostream& operator<<(ostream& os, const KeyParameter& param) {
     return os << "UNKNOWN TAG TYPE!";
 }
 
-}  // namespace keymint
+}  // namespace android::hardware::security::keymint
-}  // namespace hardware
-}  // namespace android

security/keymint/support/keymint_utils.cpp

@@ -18,11 +18,11 @@
 
 #include <android-base/properties.h>
 #include <hardware/hw_auth_token.h>
-#include <keymintSupport/keymint_utils.h>
+#include <keymint_support/keymint_utils.h>
 
 #include <arpa/inet.h>
 
-namespace android::hardware::keymint {
+namespace android::hardware::security::keymint {
 
 namespace {
 
@@ -111,4 +111,4 @@ uint32_t getOsPatchlevel() {
     return getOsPatchlevel(patchlevel.c_str());
 }
 
-}  // namespace android::hardware::keymint
+}  // namespace android::hardware::security::keymint