diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-04-30 23:16:19 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-04-30 23:16:19 +0000 |
commit | 02419827945b15fadf2c1952943af4f7fe92e0d0 (patch) | |
tree | fd37cc95f230ab9a3767d2e8a42fedda98485c0a | |
parent | 044bbe3387a115ecc6f4ed312fdc0c0166461b16 (diff) | |
parent | 26b5ae0fc2f02db8c21b53949e0983027d552a7c (diff) | |
download | interfaces-sdk-release.tar.gz |
Snap for 11785460 from 26b5ae0fc2f02db8c21b53949e0983027d552a7c to sdk-releasesdk-release
Change-Id: Ic00d2a3b081ceccdd8b04ea8edfb24c46b3aac60
-rw-r--r-- | automotive/can/1.0/default/tests/fuzzer/Android.bp | 3 | ||||
-rw-r--r-- | bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp | 31 | ||||
-rw-r--r-- | bluetooth/audio/utils/Android.bp | 1 | ||||
-rw-r--r-- | bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp | 7 | ||||
-rw-r--r-- | graphics/mapper/stable-c/README.md | 6 | ||||
-rw-r--r-- | media/1.0/xml/Android.bp | 26 | ||||
-rw-r--r-- | media/1.0/xml/Android.mk | 16 | ||||
-rw-r--r-- | security/keymint/aidl/default/Android.bp | 14 | ||||
-rw-r--r-- | security/keymint/aidl/default/main.rs | 10 | ||||
-rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintTest.cpp | 37 | ||||
-rw-r--r-- | security/rkp/README.md | 2 | ||||
-rw-r--r-- | threadnetwork/aidl/default/main.cpp | 31 | ||||
-rw-r--r-- | threadnetwork/aidl/default/thread_chip.cpp | 4 | ||||
-rw-r--r-- | threadnetwork/aidl/default/thread_chip.hpp | 6 |
14 files changed, 147 insertions, 47 deletions
diff --git a/automotive/can/1.0/default/tests/fuzzer/Android.bp b/automotive/can/1.0/default/tests/fuzzer/Android.bp index 01c8a9d233..16030d85f2 100644 --- a/automotive/can/1.0/default/tests/fuzzer/Android.bp +++ b/automotive/can/1.0/default/tests/fuzzer/Android.bp @@ -48,7 +48,8 @@ cc_fuzz { ], fuzz_config: { cc: [ - "android-media-fuzzing-reports@google.com", + "chrisweir@google.com", + "twasilczyk@google.com", ], componentid: 533764, hotlists: [ diff --git a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp index 140b956043..aaf436f4aa 100644 --- a/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp +++ b/bluetooth/aidl/vts/VtsHalBluetoothTargetTest.cpp @@ -1095,6 +1095,37 @@ TEST_P(BluetoothAidlTest, Vsr_Bluetooth4_2Requirements) { } +/** + * VSR-5.3.14-012 MUST support at least eight LE concurrent connections with + * three in peripheral role. + */ +// @VsrTest = 5.3.14-012 +TEST_P(BluetoothAidlTest, Vsr_BlE_Connection_Requirement) { + std::vector<uint8_t> version_event; + send_and_wait_for_cmd_complete(ReadLocalVersionInformationBuilder::Create(), + version_event); + auto version_view = ReadLocalVersionInformationCompleteView::Create( + CommandCompleteView::Create(EventView::Create(PacketView<true>( + std::make_shared<std::vector<uint8_t>>(version_event))))); + ASSERT_TRUE(version_view.IsValid()); + ASSERT_EQ(::bluetooth::hci::ErrorCode::SUCCESS, version_view.GetStatus()); + auto version = version_view.GetLocalVersionInformation(); + if (version.hci_version_ < ::bluetooth::hci::HciVersion::V_5_0) { + // This test does not apply to controllers below 5.0 + return; + }; + + int max_connections = ::android::base::GetIntProperty( + "bluetooth.core.le.max_number_of_concurrent_connections", -1); + if (max_connections == -1) { + // With the property not set the default minimum of 8 will be used + ALOGI("Max number of LE concurrent connections isn't set"); + return; + } + ALOGI("Max number of LE concurrent connections = %d", max_connections); + ASSERT_GE(max_connections, 8); +} + GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(BluetoothAidlTest); INSTANTIATE_TEST_SUITE_P(PerInstance, BluetoothAidlTest, testing::ValuesIn(android::getAidlHalInstanceNames( diff --git a/bluetooth/audio/utils/Android.bp b/bluetooth/audio/utils/Android.bp index cecf8f00dd..779a90f69a 100644 --- a/bluetooth/audio/utils/Android.bp +++ b/bluetooth/audio/utils/Android.bp @@ -51,6 +51,7 @@ cc_library_shared { "libxsdc-utils", ], defaults: [ + "aconfig_lib_cc_static_link.defaults", "latest_android_hardware_bluetooth_audio_ndk_shared", ], shared_libs: [ diff --git a/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp b/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp index fee9e24200..be07a7db24 100644 --- a/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp +++ b/bluetooth/finder/aidl/vts/VtsHalBluetoothFinderTargetTest.cpp @@ -18,7 +18,6 @@ #include <aidl/Vintf.h> #include <aidl/android/hardware/bluetooth/finder/IBluetoothFinder.h> #include <android-base/logging.h> -#include <android-base/properties.h> #include <android/binder_manager.h> #include <android/binder_process.h> #include <binder/IServiceManager.h> @@ -72,12 +71,6 @@ ScopedAStatus BluetoothFinderTest::getPoweredOffFinderMode(bool* status) { return bluetooth_finder->getPoweredOffFinderMode(status); } -TEST_P(BluetoothFinderTest, PropertyIsSet) { - ASSERT_EQ( - android::base::GetProperty("ro.bluetooth.finder.supported", "false"), - "true"); -} - TEST_P(BluetoothFinderTest, SendEidsSingle) { ScopedAStatus status = sendEids(1); ASSERT_TRUE(status.isOk()); diff --git a/graphics/mapper/stable-c/README.md b/graphics/mapper/stable-c/README.md index 0b9b499b0e..919119a1b5 100644 --- a/graphics/mapper/stable-c/README.md +++ b/graphics/mapper/stable-c/README.md @@ -22,6 +22,12 @@ as the `<instance>` in the VINTF manifest `<interface>` section. For example: ``` defines that the IMapper 5.0 library is provided by `/vendor/lib[64]/hw/mapper.minigbm.so`. +ServiceManager should be able to `find` the instance. The instance should be labelled in +`service_contexts` as follows: +``` +mapper/minigbm u:object_r:hal_graphics_mapper_service:s0 +``` + This library must export the following `extern "C"` symbols: ### `ANDROID_HAL_STABLEC_VERSION` diff --git a/media/1.0/xml/Android.bp b/media/1.0/xml/Android.bp new file mode 100644 index 0000000000..5b5a95c5b7 --- /dev/null +++ b/media/1.0/xml/Android.bp @@ -0,0 +1,26 @@ +// Copyright (C) 2024 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + default_applicable_licenses: ["hardware_interfaces_license"], +} + +/////////////////////////////////////// +// media_profiles_V1_0.dtd + +prebuilt_etc { + name: "media_profiles_V1_0.dtd", + src: "media_profiles.dtd", + filename: "media_profiles_V1_0.dtd", +} diff --git a/media/1.0/xml/Android.mk b/media/1.0/xml/Android.mk deleted file mode 100644 index a7952880ab..0000000000 --- a/media/1.0/xml/Android.mk +++ /dev/null @@ -1,16 +0,0 @@ -LOCAL_PATH := $(call my-dir) - -####################################### -# media_profiles_V1_0.dtd - -include $(CLEAR_VARS) - -LOCAL_MODULE := media_profiles_V1_0.dtd -LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 -LOCAL_LICENSE_CONDITIONS := notice -LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../../NOTICE -LOCAL_SRC_FILES := media_profiles.dtd -LOCAL_MODULE_CLASS := ETC -LOCAL_MODULE_PATH := $(TARGET_OUT_ETC) - -include $(BUILD_PREBUILT) diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp index 0cf53cf6f8..fbb61401b9 100644 --- a/security/keymint/aidl/default/Android.bp +++ b/security/keymint/aidl/default/Android.bp @@ -7,6 +7,13 @@ package { default_applicable_licenses: ["hardware_interfaces_license"], } +// The following target has an insecure implementation of KeyMint where the +// trusted application (TA) code runs in-process alongside the HAL service +// code. +// +// A real device is required to run the TA code in a secure environment, as +// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an +// isolated execution environment." cc_binary { name: "android.hardware.security.keymint-service", relative_install_path: "hw", @@ -46,6 +53,13 @@ cc_binary { ], } +// The following target has an insecure implementation of KeyMint where the +// trusted application (TA) code runs in-process alongside the HAL service +// code. +// +// A real device is required to run the TA code in a secure environment, as +// per CDD 9.11 [C-1-1]: "MUST back up the keystore implementation with an +// isolated execution environment." rust_binary { name: "android.hardware.security.keymint-service.nonsecure", relative_install_path: "hw", diff --git a/security/keymint/aidl/default/main.rs b/security/keymint/aidl/default/main.rs index 055c698e2f..47143f49fa 100644 --- a/security/keymint/aidl/default/main.rs +++ b/security/keymint/aidl/default/main.rs @@ -17,11 +17,15 @@ //! Default implementation of the KeyMint HAL and related HALs. //! //! This implementation of the HAL is only intended to allow testing and policy compliance. A real -//! implementation **must be implemented in a secure environment**. +//! implementation **must implement the TA in a secure environment**, as per CDD 9.11 [C-1-1]: +//! "MUST back up the keystore implementation with an isolated execution environment." +//! +//! The additional device-specific components that are required for a real implementation of KeyMint +//! that is based on the Rust reference implementation are described in system/keymint/README.md. use kmr_hal::SerializedChannel; use kmr_hal_nonsecure::{attestation_id_info, get_boot_info}; -use log::{debug, error, info}; +use log::{debug, error, info, warn}; use std::ops::DerefMut; use std::sync::{mpsc, Arc, Mutex}; @@ -62,7 +66,7 @@ fn inner_main() -> Result<(), HalServiceError> { error!("{}", panic_info); })); - info!("Insecure KeyMint HAL service is starting."); + warn!("Insecure KeyMint HAL service is starting."); info!("Starting thread pool now."); binder::ProcessState::start_thread_pool(); diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index b65218fba9..65a4645536 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -22,6 +22,7 @@ #include <algorithm> #include <iostream> #include <map> +#include <set> #include <openssl/curve25519.h> #include <openssl/ec.h> @@ -3588,6 +3589,42 @@ TEST_P(SigningOperationsTest, HmacAllDigests) { } /* + * SigningOperationsTest.HmacMessageDigestUnique + * + * Verifies that HMAC with different keys gives different results. + */ +TEST_P(SigningOperationsTest, HmacMessageDigestUnique) { + for (int key_len : {64, 128, 192, 256, 512}) { + for (int msg_len = 0; msg_len <= 30; msg_len += 10) { + string message = string(msg_len, 'x'); + for (auto digest : ValidDigests(false /* withNone */, false /* withMD5 */)) { + SCOPED_TRACE(testing::Message() << "Digest::" << digest << "::MsgLen::" << msg_len); + + int count = 10; + std::set<string> results; + for (int ii = 0; ii < count; ii++) { + ASSERT_EQ(ErrorCode::OK, + GenerateKey(AuthorizationSetBuilder() + .Authorization(TAG_NO_AUTH_REQUIRED) + .HmacKey(key_len) + .Digest(digest) + .Authorization(TAG_MIN_MAC_LENGTH, 160))) + << "Failed to create HMAC key with digest " << digest; + string signature = MacMessage(message, digest, 160); + EXPECT_EQ(160U / 8U, signature.size()) + << "Failed to sign with HMAC key with digest " << digest; + CheckedDeleteKey(); + results.insert(signature); + } + EXPECT_EQ(results.size(), count) + << "HMAC of a message '" << message << "' with " << count + << " fresh keys only gave " << results.size() << " distinct results"; + } + } + } +} + +/* * SigningOperationsTest.HmacSha256TooLargeMacLength * * Verifies that HMAC fails in the correct way when asked to generate a MAC larger than the diff --git a/security/rkp/README.md b/security/rkp/README.md index 2d00b83295..67cf72e6bf 100644 --- a/security/rkp/README.md +++ b/security/rkp/README.md @@ -201,7 +201,7 @@ RKP VM: It is important to distinquish the RKP VM from other components, such as KeyMint. An [RKP VM marker](https://pigweed.googlesource.com/open-dice/+/HEAD/docs/android.md#configuration-descriptor) -(key `-70006) is used for this purpose. The existence or absence of this marker is used to +(key `-70006`) is used for this purpose. The existence or absence of this marker is used to identify the type of component decribed by a given DICE chain. The following describes which certificate types may be request based on the RKP VM marker: diff --git a/threadnetwork/aidl/default/main.cpp b/threadnetwork/aidl/default/main.cpp index 841904174d..26683bf079 100644 --- a/threadnetwork/aidl/default/main.cpp +++ b/threadnetwork/aidl/default/main.cpp @@ -26,24 +26,29 @@ using aidl::android::hardware::threadnetwork::IThreadChip; using aidl::android::hardware::threadnetwork::ThreadChip; +namespace { +void addThreadChip(int id, const char* url) { + binder_status_t status; + const std::string serviceName(std::string() + IThreadChip::descriptor + "/chip" + + std::to_string(id)); + + ALOGI("ServiceName: %s, Url: %s", serviceName.c_str(), url); + + auto threadChip = ndk::SharedRefBase::make<ThreadChip>(url); + + CHECK_NE(threadChip, nullptr); + + status = AServiceManager_addService(threadChip->asBinder().get(), serviceName.c_str()); + CHECK_EQ(status, STATUS_OK); +} +} + int main(int argc, char* argv[]) { CHECK_GT(argc, 1); - std::vector<std::shared_ptr<ThreadChip>> threadChips; aidl::android::hardware::threadnetwork::Service service; for (int id = 0; id < argc - 1; id++) { - binder_status_t status; - const std::string serviceName(std::string() + IThreadChip::descriptor + "/chip" + - std::to_string(id)); - auto threadChip = ndk::SharedRefBase::make<ThreadChip>(argv[id + 1]); - - CHECK_NE(threadChip, nullptr); - - status = AServiceManager_addService(threadChip->asBinder().get(), serviceName.c_str()); - CHECK_EQ(status, STATUS_OK); - - ALOGI("ServiceName: %s, Url: %s", serviceName.c_str(), argv[id + 1]); - threadChips.push_back(std::move(threadChip)); + addThreadChip(id, argv[id + 1]); } ALOGI("Thread Network HAL is running"); diff --git a/threadnetwork/aidl/default/thread_chip.cpp b/threadnetwork/aidl/default/thread_chip.cpp index d1e1d4ceaf..e31272886b 100644 --- a/threadnetwork/aidl/default/thread_chip.cpp +++ b/threadnetwork/aidl/default/thread_chip.cpp @@ -32,11 +32,9 @@ namespace android { namespace hardware { namespace threadnetwork { -ThreadChip::ThreadChip(char* url) : mUrl(), mRxFrameBuffer(), mCallback(nullptr) { +ThreadChip::ThreadChip(const char* url) : mUrl(url), mRxFrameBuffer(), mCallback(nullptr) { const char* interfaceName; - CHECK_EQ(mUrl.Init(url), 0); - interfaceName = mUrl.GetProtocol(); CHECK_NE(interfaceName, nullptr); diff --git a/threadnetwork/aidl/default/thread_chip.hpp b/threadnetwork/aidl/default/thread_chip.hpp index 30046ef040..d07d0498f6 100644 --- a/threadnetwork/aidl/default/thread_chip.hpp +++ b/threadnetwork/aidl/default/thread_chip.hpp @@ -20,8 +20,8 @@ #include <aidl/android/hardware/threadnetwork/IThreadChipCallback.h> #include "lib/spinel/spinel_interface.hpp" -#include "lib/url/url.hpp" #include "mainloop.hpp" +#include "radio_url.hpp" #include <android/binder_auto_utils.h> #include <android/binder_ibinder.h> @@ -34,7 +34,7 @@ namespace threadnetwork { class ThreadChip : public BnThreadChip, ot::Posix::Mainloop::Source { public: - ThreadChip(char* url); + ThreadChip(const char* url); ~ThreadChip() {} ndk::ScopedAStatus open(const std::shared_ptr<IThreadChipCallback>& in_callback) override; @@ -55,7 +55,7 @@ class ThreadChip : public BnThreadChip, ot::Posix::Mainloop::Source { ndk::ScopedAStatus initChip(const std::shared_ptr<IThreadChipCallback>& in_callback); ndk::ScopedAStatus deinitChip(); - ot::Url::Url mUrl; + ot::Posix::RadioUrl mUrl; std::shared_ptr<ot::Spinel::SpinelInterface> mSpinelInterface; ot::Spinel::SpinelInterface::RxFrameBuffer mRxFrameBuffer; std::shared_ptr<IThreadChipCallback> mCallback; |