Copy code that can be re-used from the Cuttlefish KeyMint
implementation, specifically from the following directories
under device/google/cuttlefish:
- HAL-side code from guest/hals/keymint/rust/
- TA-side code from host/commands/secure_env/rust/
Create a corresponding pair of libkmr_{hal,ta}_nonsecure libraries here.
The only changes to the copied code are:
- Convert `pub(crate)` to `pub` in `attest.rs`.
- Add some missing doc comments.
- Add comment noting need for SELinux permission to read ro.serialno.
- Add comment noting need for clock to be in sync with Gatekeeper.
(A subsequent CL aosp/2852598 adjusts Cuttlefish so that it uses the
copied modules here, and can remove the original copies.)
In addition to the moved code, the default implementation also needs
a new implementation of a monotonic clock, added here in clock.rs
using `std::time::Instant`.
With the new nonsecure HAL and TA libraries in place, implement the
default KeyMint HAL service using the former, and spin up a single
thread running a nonsecure TA using the latter. Communicate between
the two via a pair of mpsc::channel()s.
Test: VtsAidlKeyMintTargetTest with normal Cuttlefish (all pass)
Test: VtsAidlKeyMintTargetTest with default/nonsecure impl (auth
tests fail, but this is expected as Gatekeeper hasn't moved)
Bug: 314513765
Change-Id: Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f
The invalid value used for the second IMEI attestation test is
potentially wrong in two ways:
- It doesn't match the provisioned value.
- It's not a valid IMEI, not least because it is longer than 16 bytes.
Make the test value shorter so the second failure doesn't apply and
the test can reliably expect CANNOT_ATTEST_IDS.
Bug: 292959871
Bug: 327123694
Test: VtsAidlKeyMintTargetTest
Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619
(cherry picked from commit 0215cb3d3e)
Used ASN1_TIME_to_posix API instead of ASN1_TIME_to_time_t
to avoid integer overflow on 32-bit systems.
Bug: 325853206
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I7a01a521d389482a61ad9974b7e40eaa099c3571
Secretkeeper is expected to advertize its public key to Android via
Device tree node at /avf/reference/avf/ Check that the identity used
during AutGraph key exchange protocol with client is indeed this.
Test: #secretkeeper_check_identity on device with Sk/default instance
enabled
Bug: 291213394
Change-Id: I08815d75410fdd0c76d675c7cc9521abe0cda98b
The audio effects HAL config can vary between different
CF "flavors" and thus must not belong to VAPEX. This is
consistent with handling of audio policy configuration files.
Bug: 318423731
Test: run `atest audioeffect_tests` on cf_x86_64_auto-trunk_staging-userdebug
Change-Id: I0f4ee9a44a3426934f6a055fc8c9ce74a8db78fc
Added test to apply level, mute and unmute input.
Added test to verify decreasing volume levels.
Bug: 305866207
Test: atest VtsHalVolumeTargetTest
Change-Id: Ie105a3bb77255da61719d042cbd5abc23c405d93
am skip reason: Merged-In Ifec617520db20d1ef61f1eca63b7160d9191f446 with SHA-1 9f215110bf is already in history
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2968162
Change-Id: Iff89de6cef5511d27b32ca4a3431c387721d13b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This change updates the VTS to exempt TV devices that consume <= 2W of
standby power from APF requirements. This update aligns with latest GTVS
policy.
Bug: 306587099
Test: TH
(cherry picked from https://android-review.googlesource.com/q/commit:9f215110bf524e3bf1d2fb591a724623e11423bc)
Merged-In: Ifec617520db20d1ef61f1eca63b7160d9191f446
Change-Id: Ifec617520db20d1ef61f1eca63b7160d9191f446
KeyMint enforcement of UNLOCKED_DEVICE_REQUIRED is broken, has never
been used, and cannot be fixed. So, document that it does not need to
be implemented. Also remove the VTS test for it, which was disabled.
UNLOCKED_DEVICE_REQUIRED remains supported in Keystore.
Bug: 321100166
Test: Build
Change-Id: If4d47ee49c9d4a595820cfceb0f5f3027f99ee9f
This change updates the VTS to exempt TV devices that consume <= 2W of
standby power from APF requirements. This update aligns with latest GTVS
policy.
Bug: 306587099
Test: TH
Change-Id: Ifec617520db20d1ef61f1eca63b7160d9191f446
In newer versions of libc++, std::char_traits<T> is no longer defined
for non-character types, and a result, std::basic_string_view<uint8_t>
is also no longer defined. See
https://discourse.llvm.org/t/deprecating-std-string-t-for-non-character-t/66779.
Bug: 175635923
Test: libkeymint_remote_prov_support_test
Change-Id: Ic373e0a3c081b996d4c81a9783103ae6406833f7
In newer versions of libc++, std::char_traits<T> is no longer defined
for non-character types, and a result, std::basic_string<uint8_t> is
also no longer defined. See
https://discourse.llvm.org/t/deprecating-std-string-t-for-non-character-t/66779.
Bug: 175635923
Test: make checkbuild
Change-Id: Icb3937d8b1ff6dbe7e35e62f2e6cc1e2eb789121
This implementation of the HAL is used by pixel devices.
The implementation of GetProviderInfo is test only
Bug: 324570010
Test: TreeHugger
Change-Id: I67d17fb07c1288317290a0b1c4b07cd3be1e48c6
HIDL is no longer supported in devices targeting 202404 vendor
interface.
This removes the tmp FCM fragment that was being used to declare the
media.c2 HIDL dependency.
Test: m && launch_cvd
Bug: 218588089
Change-Id: I40973f5cdc9f4c9ca891929c8e8f865119322c17
We want to run bump.py during finalization. We don't want to have to
update Level.h and the VTS tests that early.
So this CL removes the dependency on Level.h and requires the
current/next letters of the API levels for the kernerl configs to be
passed as arguments.
Test: bump.py 202404 202505 v w
Bug: 279809333
Change-Id: If8f281eccf62d380949a5ea9f5d0d3bb2d7f19ab
The next year's compatbility matrix is added to a conditional statement
so it's only available on in-development release configurations.
The curent year's compatibility matrix is moved from the conditional
statement to always be added to all release configs.
The next year's compatibility matrix level is set to the next year's
level after copying the current matrix file.
Test: ./bump.py
Bug: 279809333
Change-Id: Id711ba79110c8775f715eddf37a9bf51b073ec91
Create EmuMetadataGenerator to convert AIDL generated java files
to meta.json that can be used by emulator to populate the available
vhal props list.
Added build rules to generate the Java files from AIDL files and
check whether the meta.json file needs to be updated.
Test: make sdk_car_x86_64-trunk_staging-userdebug target
Bug: 318747444
Change-Id: Ib3bc7b68a1312152617fdab4598ed389447c20cd
Merged-In: Ib3bc7b68a1312152617fdab4598ed389447c20cd
This is needed to upgrade the android_logger crate from 0.12.0
to 0.13.3.
with_max_level provides the same functionality as with_min_level.
The renaming is admittedly confusing, but the new name is accurate
and it makes sense that they deprecated and then removed the
previously poorly named with_min_level.
See crate documentation [1] and code [2].
[1]: https://docs.rs/android_logger/0.12.0/android_logger/struct.Config.html#method.with_min_level
[2]: https://docs.rs/android_logger/0.12.0/src/android_logger/lib.rs.html#227
Bug: 322718401
Test: build and run CF with the change.
Test: m aosp_cf_x86_64_phone
Change-Id: Ie410d871ccc2a083eec5bcb7e805f52b985b9385
