Merge "Update lint baseline for vFRC" into main
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
index d2f03cf..0c292c8 100644
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
@@ -47,4 +47,5 @@
void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid);
int getNumberOfEntries(in android.system.keystore2.Domain domain, in long nspace);
android.system.keystore2.KeyDescriptor[] listEntriesBatched(in android.system.keystore2.Domain domain, in long nspace, in @nullable String startingPastAlias);
+ byte[] getSupplementaryAttestationInfo(in android.hardware.security.keymint.Tag tag);
}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
index e1ff0bb..51dddf0 100644
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
+++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
@@ -55,4 +55,5 @@
OUT_OF_KEYS_TRANSIENT_ERROR = 25,
OUT_OF_KEYS_PERMANENT_ERROR = 26,
GET_ATTESTATION_APPLICATION_ID_FAILED = 27,
+ INFO_NOT_AVAILABLE = 28,
}
diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
index 9beac0a..666985c 100644
--- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
@@ -17,14 +17,15 @@
package android.system.keystore2;
import android.hardware.security.keymint.SecurityLevel;
+import android.hardware.security.keymint.Tag;
import android.system.keystore2.Domain;
import android.system.keystore2.IKeystoreSecurityLevel;
import android.system.keystore2.KeyDescriptor;
import android.system.keystore2.KeyEntryResponse;
/**
- * `IKeystoreService` is the primary interface to Keystore. It provides
- * access simple database bound requests. Request that require interactions
+ * `IKeystoreService` is the primary interface to Keystore. It primarily provides
+ * access to simple database bound requests. Request that require interactions
* with a KeyMint backend are delegated to `IKeystoreSecurityLevel` which
* may be acquired through this interface as well.
*
@@ -246,4 +247,19 @@
KeyDescriptor[] listEntriesBatched(in Domain domain, in long nspace,
in @nullable String startingPastAlias);
+ /**
+ * Returns tag-specific info required to interpret a tag's attested value.
+ * Attested values themselves are located in the attestation certificate.
+ *
+ * The semantics of the return value is specific to the input tag:
+ *
+ * o Tag::MODULE_HASH: returns the DER-encoded structure corresponding to the `Modules` schema
+ * described in the KeyMint HAL's KeyCreationResult.aidl. The SHA-256 hash of this encoded
+ * structure is what's included with the tag in attestations.
+ *
+ * ## Error conditions
+ * `ResponseCode::INVALID_ARGUMENT` if `tag` is not specified in the list above.
+ * `ResponseCode::INFO_NOT_AVAILABLE` if `IKeystoreService` does not have the requested info.
+ */
+ byte[] getSupplementaryAttestationInfo(in Tag tag);
}
diff --git a/keystore2/aidl/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
index 4fe7db3..0424f5b 100644
--- a/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
+++ b/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
@@ -137,4 +137,8 @@
*/
GET_ATTESTATION_APPLICATION_ID_FAILED = 27,
+ /**
+ * Indicates that some information is not available.
+ */
+ INFO_NOT_AVAILABLE = 28,
}
