Snap for 8426163 from ab52ff60a235c20d1c4e92001de48efce1db07fa to mainline-tzdata2-release
Change-Id: Ic4d8e8e255fbb602bf6c634bfe26efe87dbd838a
diff --git a/Android.bp b/Android.bp
index 8d50603..64043ff 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1,7 +1,3 @@
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
hidl_package_root {
name: "android.system",
}
diff --git a/OWNERS b/OWNERS
index 2488b0f..adf3893 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1 +1,9 @@
-include platform/hardware/interfaces:/OWNERS
+per-file *.hal,*.aidl,OWNERS = set noparent
+per-file *.hal,*.aidl,OWNERS = elsk@google.com,malchev@google.com,smoreland@google.com
+
+elsk@google.com
+hridya@google.com
+maco@google.com
+malchev@google.com
+smoreland@google.com
+yim@google.com # VTS
diff --git a/README.default.md b/README.default.md
deleted file mode 100644
index 28acc6c..0000000
--- a/README.default.md
+++ /dev/null
@@ -1,2 +0,0 @@
-The default service implementation for this interface is keystore2.
-It can be found at system/security/keystore2.
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
deleted file mode 100644
index f1d77b9..0000000
--- a/keystore2/aidl/Android.bp
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2020, The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-aidl_interface {
- name: "android.system.keystore2",
- vendor_available: true,
- srcs: ["android/system/keystore2/*.aidl"],
- imports: ["android.hardware.security.keymint"],
- stability: "vintf",
- backend: {
- java: {
- platform_apis: true,
- srcs_available: true,
- },
- ndk: {
- vndk: {
- enabled: true,
- },
- apps_enabled: false,
- },
- rust: {
- enabled: true,
- },
- },
- versions: ["1"],
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/.hash b/keystore2/aidl/aidl_api/android.system.keystore2/1/.hash
deleted file mode 100644
index 256f639..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/.hash
+++ /dev/null
@@ -1 +0,0 @@
-19e8b65277839bad0ab335c781e3c652324920ce
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/AuthenticatorSpec.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/AuthenticatorSpec.aidl
deleted file mode 100644
index 61b45d7..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/AuthenticatorSpec.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable AuthenticatorSpec {
- android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
- long authenticatorId;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/Authorization.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/Authorization.aidl
deleted file mode 100644
index 0b8c919..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/Authorization.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable Authorization {
- android.hardware.security.keymint.SecurityLevel securityLevel;
- android.hardware.security.keymint.KeyParameter keyParameter;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/CreateOperationResponse.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/CreateOperationResponse.aidl
deleted file mode 100644
index e37facb..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/CreateOperationResponse.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable CreateOperationResponse {
- android.system.keystore2.IKeystoreOperation iOperation;
- @nullable android.system.keystore2.OperationChallenge operationChallenge;
- @nullable android.system.keystore2.KeyParameters parameters;
- @nullable byte[] upgradedBlob;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/Domain.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/Domain.aidl
deleted file mode 100644
index 4fd54aa..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/Domain.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum Domain {
- APP = 0,
- GRANT = 1,
- SELINUX = 2,
- BLOB = 3,
- KEY_ID = 4,
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/EphemeralStorageKeyResponse.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/EphemeralStorageKeyResponse.aidl
deleted file mode 100644
index 963af7b..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/EphemeralStorageKeyResponse.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable EphemeralStorageKeyResponse {
- byte[] ephemeralKey;
- @nullable byte[] upgradedBlob;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreOperation.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreOperation.aidl
deleted file mode 100644
index df911cd..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreOperation.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@SensitiveData @VintfStability
-interface IKeystoreOperation {
- void updateAad(in byte[] aadInput);
- @nullable byte[] update(in byte[] input);
- @nullable byte[] finish(in @nullable byte[] input, in @nullable byte[] signature);
- void abort();
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreSecurityLevel.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreSecurityLevel.aidl
deleted file mode 100644
index a14ee85..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreSecurityLevel.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@SensitiveData @VintfStability
-interface IKeystoreSecurityLevel {
- android.system.keystore2.CreateOperationResponse createOperation(in android.system.keystore2.KeyDescriptor key, in android.hardware.security.keymint.KeyParameter[] operationParameters, in boolean forced);
- android.system.keystore2.KeyMetadata generateKey(in android.system.keystore2.KeyDescriptor key, in @nullable android.system.keystore2.KeyDescriptor attestationKey, in android.hardware.security.keymint.KeyParameter[] params, in int flags, in byte[] entropy);
- android.system.keystore2.KeyMetadata importKey(in android.system.keystore2.KeyDescriptor key, in @nullable android.system.keystore2.KeyDescriptor attestationKey, in android.hardware.security.keymint.KeyParameter[] params, in int flags, in byte[] keyData);
- android.system.keystore2.KeyMetadata importWrappedKey(in android.system.keystore2.KeyDescriptor key, in android.system.keystore2.KeyDescriptor wrappingKey, in @nullable byte[] maskingKey, in android.hardware.security.keymint.KeyParameter[] params, in android.system.keystore2.AuthenticatorSpec[] authenticators);
- android.system.keystore2.EphemeralStorageKeyResponse convertStorageKeyToEphemeral(in android.system.keystore2.KeyDescriptor storageKey);
- void deleteKey(in android.system.keystore2.KeyDescriptor key);
- const int KEY_FLAG_AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING = 1;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreService.aidl
deleted file mode 100644
index 5ed5d37..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/IKeystoreService.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-interface IKeystoreService {
- android.system.keystore2.IKeystoreSecurityLevel getSecurityLevel(in android.hardware.security.keymint.SecurityLevel securityLevel);
- android.system.keystore2.KeyEntryResponse getKeyEntry(in android.system.keystore2.KeyDescriptor key);
- void updateSubcomponent(in android.system.keystore2.KeyDescriptor key, in @nullable byte[] publicCert, in @nullable byte[] certificateChain);
- android.system.keystore2.KeyDescriptor[] listEntries(in android.system.keystore2.Domain domain, in long nspace);
- void deleteKey(in android.system.keystore2.KeyDescriptor key);
- android.system.keystore2.KeyDescriptor grant(in android.system.keystore2.KeyDescriptor key, in int granteeUid, in int accessVector);
- void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid);
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyDescriptor.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyDescriptor.aidl
deleted file mode 100644
index 895a927..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyDescriptor.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable KeyDescriptor {
- android.system.keystore2.Domain domain;
- long nspace;
- @nullable String alias;
- @nullable byte[] blob;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyEntryResponse.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyEntryResponse.aidl
deleted file mode 100644
index ea313b3..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyEntryResponse.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable KeyEntryResponse {
- @nullable android.system.keystore2.IKeystoreSecurityLevel iSecurityLevel;
- android.system.keystore2.KeyMetadata metadata;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyMetadata.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyMetadata.aidl
deleted file mode 100644
index 5c8df71..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyMetadata.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable KeyMetadata {
- android.system.keystore2.KeyDescriptor key;
- android.hardware.security.keymint.SecurityLevel keySecurityLevel;
- android.system.keystore2.Authorization[] authorizations;
- @nullable byte[] certificate;
- @nullable byte[] certificateChain;
- long modificationTimeMs;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyParameters.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyParameters.aidl
deleted file mode 100644
index f9c836a..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyParameters.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable KeyParameters {
- android.hardware.security.keymint.KeyParameter[] keyParameter;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyPermission.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyPermission.aidl
deleted file mode 100644
index d023e24..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/KeyPermission.aidl
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum KeyPermission {
- NONE = 0,
- DELETE = 1,
- GEN_UNIQUE_ID = 2,
- GET_INFO = 4,
- GRANT = 8,
- MANAGE_BLOB = 16,
- REBIND = 32,
- REQ_FORCED_OP = 64,
- UPDATE = 128,
- USE = 256,
- USE_DEV_ID = 512,
- USE_NO_LSKF_BINDING = 1024,
- CONVERT_STORAGE_KEY_TO_EPHEMERAL = 2048,
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/OperationChallenge.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/OperationChallenge.aidl
deleted file mode 100644
index 0a079fb..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/OperationChallenge.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable OperationChallenge {
- long challenge;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/ResponseCode.aidl
deleted file mode 100644
index bbeb5d2..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/1/android/system/keystore2/ResponseCode.aidl
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum ResponseCode {
- LOCKED = 2,
- UNINITIALIZED = 3,
- SYSTEM_ERROR = 4,
- PERMISSION_DENIED = 6,
- KEY_NOT_FOUND = 7,
- VALUE_CORRUPTED = 8,
- KEY_PERMANENTLY_INVALIDATED = 17,
- BACKEND_BUSY = 18,
- OPERATION_BUSY = 19,
- INVALID_ARGUMENT = 20,
- TOO_MUCH_DATA = 21,
- OUT_OF_KEYS = 22,
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/AuthenticatorSpec.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/AuthenticatorSpec.aidl
deleted file mode 100644
index 61b45d7..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/AuthenticatorSpec.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable AuthenticatorSpec {
- android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
- long authenticatorId;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/Authorization.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/Authorization.aidl
deleted file mode 100644
index 0b8c919..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/Authorization.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable Authorization {
- android.hardware.security.keymint.SecurityLevel securityLevel;
- android.hardware.security.keymint.KeyParameter keyParameter;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/CreateOperationResponse.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/CreateOperationResponse.aidl
deleted file mode 100644
index e37facb..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/CreateOperationResponse.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable CreateOperationResponse {
- android.system.keystore2.IKeystoreOperation iOperation;
- @nullable android.system.keystore2.OperationChallenge operationChallenge;
- @nullable android.system.keystore2.KeyParameters parameters;
- @nullable byte[] upgradedBlob;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/Domain.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/Domain.aidl
deleted file mode 100644
index 4fd54aa..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/Domain.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum Domain {
- APP = 0,
- GRANT = 1,
- SELINUX = 2,
- BLOB = 3,
- KEY_ID = 4,
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/EphemeralStorageKeyResponse.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/EphemeralStorageKeyResponse.aidl
deleted file mode 100644
index 963af7b..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/EphemeralStorageKeyResponse.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable EphemeralStorageKeyResponse {
- byte[] ephemeralKey;
- @nullable byte[] upgradedBlob;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreOperation.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreOperation.aidl
deleted file mode 100644
index df911cd..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreOperation.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@SensitiveData @VintfStability
-interface IKeystoreOperation {
- void updateAad(in byte[] aadInput);
- @nullable byte[] update(in byte[] input);
- @nullable byte[] finish(in @nullable byte[] input, in @nullable byte[] signature);
- void abort();
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreSecurityLevel.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreSecurityLevel.aidl
deleted file mode 100644
index a14ee85..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreSecurityLevel.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@SensitiveData @VintfStability
-interface IKeystoreSecurityLevel {
- android.system.keystore2.CreateOperationResponse createOperation(in android.system.keystore2.KeyDescriptor key, in android.hardware.security.keymint.KeyParameter[] operationParameters, in boolean forced);
- android.system.keystore2.KeyMetadata generateKey(in android.system.keystore2.KeyDescriptor key, in @nullable android.system.keystore2.KeyDescriptor attestationKey, in android.hardware.security.keymint.KeyParameter[] params, in int flags, in byte[] entropy);
- android.system.keystore2.KeyMetadata importKey(in android.system.keystore2.KeyDescriptor key, in @nullable android.system.keystore2.KeyDescriptor attestationKey, in android.hardware.security.keymint.KeyParameter[] params, in int flags, in byte[] keyData);
- android.system.keystore2.KeyMetadata importWrappedKey(in android.system.keystore2.KeyDescriptor key, in android.system.keystore2.KeyDescriptor wrappingKey, in @nullable byte[] maskingKey, in android.hardware.security.keymint.KeyParameter[] params, in android.system.keystore2.AuthenticatorSpec[] authenticators);
- android.system.keystore2.EphemeralStorageKeyResponse convertStorageKeyToEphemeral(in android.system.keystore2.KeyDescriptor storageKey);
- void deleteKey(in android.system.keystore2.KeyDescriptor key);
- const int KEY_FLAG_AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING = 1;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
deleted file mode 100644
index 5ed5d37..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-interface IKeystoreService {
- android.system.keystore2.IKeystoreSecurityLevel getSecurityLevel(in android.hardware.security.keymint.SecurityLevel securityLevel);
- android.system.keystore2.KeyEntryResponse getKeyEntry(in android.system.keystore2.KeyDescriptor key);
- void updateSubcomponent(in android.system.keystore2.KeyDescriptor key, in @nullable byte[] publicCert, in @nullable byte[] certificateChain);
- android.system.keystore2.KeyDescriptor[] listEntries(in android.system.keystore2.Domain domain, in long nspace);
- void deleteKey(in android.system.keystore2.KeyDescriptor key);
- android.system.keystore2.KeyDescriptor grant(in android.system.keystore2.KeyDescriptor key, in int granteeUid, in int accessVector);
- void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid);
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyDescriptor.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyDescriptor.aidl
deleted file mode 100644
index 895a927..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyDescriptor.aidl
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@RustDerive(Clone=true, Eq=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
-parcelable KeyDescriptor {
- android.system.keystore2.Domain domain;
- long nspace;
- @nullable String alias;
- @nullable byte[] blob;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyEntryResponse.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyEntryResponse.aidl
deleted file mode 100644
index ea313b3..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyEntryResponse.aidl
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable KeyEntryResponse {
- @nullable android.system.keystore2.IKeystoreSecurityLevel iSecurityLevel;
- android.system.keystore2.KeyMetadata metadata;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyMetadata.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyMetadata.aidl
deleted file mode 100644
index 5c8df71..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyMetadata.aidl
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable KeyMetadata {
- android.system.keystore2.KeyDescriptor key;
- android.hardware.security.keymint.SecurityLevel keySecurityLevel;
- android.system.keystore2.Authorization[] authorizations;
- @nullable byte[] certificate;
- @nullable byte[] certificateChain;
- long modificationTimeMs;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyParameters.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyParameters.aidl
deleted file mode 100644
index f9c836a..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyParameters.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable KeyParameters {
- android.hardware.security.keymint.KeyParameter[] keyParameter;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyPermission.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyPermission.aidl
deleted file mode 100644
index d023e24..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/KeyPermission.aidl
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum KeyPermission {
- NONE = 0,
- DELETE = 1,
- GEN_UNIQUE_ID = 2,
- GET_INFO = 4,
- GRANT = 8,
- MANAGE_BLOB = 16,
- REBIND = 32,
- REQ_FORCED_OP = 64,
- UPDATE = 128,
- USE = 256,
- USE_DEV_ID = 512,
- USE_NO_LSKF_BINDING = 1024,
- CONVERT_STORAGE_KEY_TO_EPHEMERAL = 2048,
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/OperationChallenge.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/OperationChallenge.aidl
deleted file mode 100644
index 0a079fb..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/OperationChallenge.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@VintfStability
-parcelable OperationChallenge {
- long challenge;
-}
diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
deleted file mode 100644
index bbeb5d2..0000000
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.keystore2;
-/* @hide */
-@Backing(type="int") @VintfStability
-enum ResponseCode {
- LOCKED = 2,
- UNINITIALIZED = 3,
- SYSTEM_ERROR = 4,
- PERMISSION_DENIED = 6,
- KEY_NOT_FOUND = 7,
- VALUE_CORRUPTED = 8,
- KEY_PERMANENTLY_INVALIDATED = 17,
- BACKEND_BUSY = 18,
- OPERATION_BUSY = 19,
- INVALID_ARGUMENT = 20,
- TOO_MUCH_DATA = 21,
- OUT_OF_KEYS = 22,
-}
diff --git a/keystore2/aidl/android/system/keystore2/AuthenticatorSpec.aidl b/keystore2/aidl/android/system/keystore2/AuthenticatorSpec.aidl
deleted file mode 100644
index 05503b4..0000000
--- a/keystore2/aidl/android/system/keystore2/AuthenticatorSpec.aidl
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.hardware.security.keymint.HardwareAuthenticatorType;
-
-/**
- * The authenticator spec is used by `IKeystoreSecurityLevel::importWrappedKey`
- * to specify the sid of each possible authenticator type, e.g., password or
- * biometric authenticator, that the imported key may be bound to.
- * @hide
- */
-@VintfStability
-parcelable AuthenticatorSpec {
- /**
- * The type of the authenticator in question.
- */
- HardwareAuthenticatorType authenticatorType;
- /**
- * The secure user id by which the given authenticator knows the
- * user that a key should be bound to.
- */
- long authenticatorId;
-}
diff --git a/keystore2/aidl/android/system/keystore2/Authorization.aidl b/keystore2/aidl/android/system/keystore2/Authorization.aidl
deleted file mode 100644
index aa98892..0000000
--- a/keystore2/aidl/android/system/keystore2/Authorization.aidl
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.hardware.security.keymint.KeyParameter;
-import android.hardware.security.keymint.SecurityLevel;
-
-/** @hide */
-@VintfStability
-parcelable Authorization {
- SecurityLevel securityLevel;
- KeyParameter keyParameter;
-}
\ No newline at end of file
diff --git a/keystore2/aidl/android/system/keystore2/CreateOperationResponse.aidl b/keystore2/aidl/android/system/keystore2/CreateOperationResponse.aidl
deleted file mode 100644
index 2f416dc..0000000
--- a/keystore2/aidl/android/system/keystore2/CreateOperationResponse.aidl
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.system.keystore2.IKeystoreOperation;
-import android.system.keystore2.KeyParameters;
-import android.system.keystore2.OperationChallenge;
-
-/**
- * This parcelable is returned by `IKeystoreSecurityLevel::createOperation`.
- * @hide
- */
-@VintfStability
-parcelable CreateOperationResponse {
- /**
- * The binder representing the newly created operation.
- */
- IKeystoreOperation iOperation;
- /**
- * A challenge associated with the newly created operation. If this field is set.
- * it indicates that the operation has yet to be authorized by the user.
- */
- @nullable OperationChallenge operationChallenge;
- /**
- * Optional parameters returned from the KeyMint operation. This may contain a nonce
- * or an initialization vector IV for operations that use them.
- */
- @nullable KeyParameters parameters;
- /**
- * An optional opaque blob. If the key given to ISecurityLevel::CreateOperation
- * uses Domain::BLOB and was upgraded, then this field is present, and represents the
- * upgraded version of that key.
- */
- @nullable byte[] upgradedBlob;
-}
diff --git a/keystore2/aidl/android/system/keystore2/Domain.aidl b/keystore2/aidl/android/system/keystore2/Domain.aidl
deleted file mode 100644
index cfe5bb1..0000000
--- a/keystore2/aidl/android/system/keystore2/Domain.aidl
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-/** @hide */
-@VintfStability
-@Backing(type="int")
-enum Domain {
- APP = 0,
- GRANT = 1,
- SELINUX = 2,
- BLOB = 3,
- KEY_ID = 4,
-}
diff --git a/keystore2/aidl/android/system/keystore2/EphemeralStorageKeyResponse.aidl b/keystore2/aidl/android/system/keystore2/EphemeralStorageKeyResponse.aidl
deleted file mode 100644
index 91ce4d0..0000000
--- a/keystore2/aidl/android/system/keystore2/EphemeralStorageKeyResponse.aidl
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright 2021, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-/**
- * Includes the ephemeral storage key and an optional upgraded key blob if the storage key
- * needed an upgrade.
- * @hide
- */
-@VintfStability
-parcelable EphemeralStorageKeyResponse {
- /**
- * The ephemeral storage key.
- */
- byte[] ephemeralKey;
- /**
- * An optional opaque blob. If the key given to ISecurityLevel::convertStorageKeyToEphemeral
- * was upgraded, then this field is present, and represents the upgraded version of that key.
- */
- @nullable byte[] upgradedBlob;
-}
\ No newline at end of file
diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreOperation.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreOperation.aidl
deleted file mode 100644
index 559f92d..0000000
--- a/keystore2/aidl/android/system/keystore2/IKeystoreOperation.aidl
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-/**
- * `IKeystoreOperation` represents a cryptographic operation with a Keystore key.
- *
- * The lifecycle of an operation begins with `KeystoreSecurityLevel.create`.
- * It ends with a call to `finish`, `abort`, or when the reference to the binder is
- * dropped.
- * During the lifecycle of an operation `update` may be called multiple times.
- * For AEAD operation `updateAad` may be called to add associated data, but
- * it must be called before the first call to `update`.
- *
- * ## Error conditions
- * Error conditions are reported as service specific error.
- * Positive codes correspond to `android.system.keystore2.ResponseCode`
- * and indicate error conditions diagnosed by the Keystore 2.0 service.
- * Negative codes correspond to `android.hardware.security.keymint.ErrorCode` and
- * indicate KeyMint back end errors. Refer to the KeyMint interface spec for
- * detail.
- * @hide
- */
-@VintfStability
-@SensitiveData
-interface IKeystoreOperation {
-
- /**
- * `updateAad` advances an operation by adding additional authenticated data (AAD also AD for
- * associated data) to AEAD mode encryption or decryption operations. It cannot be called
- * after `update`, and doing so will yield `ErrorCode.INVALID_TAG`. This error code
- * is chosen for historic reasons, when AAD was passed as additional `KeyParameter`
- * with tag `ASSOCIATED_DATA`.
- *
- * ## Error conditions
- * * `ResponseCode::TOO_MUCH_DATA` if `aadInput` exceeds 32KiB.
- * * `ResponseCode::OPERATION_BUSY` if `updateAad` is called concurrently with any other
- * `IKeystoreOperation` API call.
- * * `ErrorCode.INVALID_TAG` if `updateAad` was called after `update` on a given operation.
- * TODO: this error code may change before stabilization/freezing of the API.
- * * `ErrorCode.INVALID_OPERATION_HANDLE` if the operation finalized for any reason.
- *
- * Note: Any error condition except `ResponseCode::OPERATION_BUSY` finalizes the
- * operation such that subsequent API calls will yield `INVALID_OPERATION_HANDLE`.
- *
- * @param aadInput The AAD to be added to the operation.
- *
- */
- void updateAad(in byte[] aadInput);
-
- /**
- * Update advances an operation by adding more data to operation. Input data
- * may be to-be-encrypted or to-be-signed plain text, or to-be-decrypted
- * cipher text. During encryption operation this function returns the resulting
- * cipher text, and during decryption operations this function returns the
- * resulting plain text. Nothing it return during signing.
- *
- * ## Error conditions
- * * `ResponseCode::TOO_MUCH_DATA` if `input` exceeds 32KiB.
- * * `ResponseCode::OPERATION_BUSY` if `updateAad` is called concurrently with any other
- * `IKeystoreOperation` API call.
- * * `ErrorCode.INVALID_OPERATION_HANDLE` if the operation finalized for any reason.
- *
- * Note: Any error condition except `ResponseCode::OPERATION_BUSY` finalizes the
- * operation such that subsequent API calls will yield `INVALID_OPERATION_HANDLE`.
- *
- * @param input Input data.
- *
- * @return Optional output data.
- */
- @nullable byte[] update(in byte[] input);
-
- /**
- * Finalizes the operation. `finish` takes a final chunk of input data like `update`.
- * The output may be a signature during signing operations or plain text or cypher text
- * during encryption or decryption operations respectively.
- *
- * ## Error conditions
- * * `ResponseCode::TOO_MUCH_DATA` if `input` exceeds 32KiB.
- * * `ResponseCode::OPERATION_BUSY` if `updateAad` is called concurrently with any other
- * `IKeystoreOperation` API call.
- * * `ErrorCode.INVALID_OPERATION_HANDLE` if the operation finalized for any reason.
- *
- * Note: `finish` finalizes the operation regardless of the outcome unless
- * `ResponseCode::OPERATION_BUSY` was returned.
- *
- * @param input Finish takes one last chunk of data.
- *
- * @param signature An optional HMAC signature if the operation is an HMAC verification.
- * TODO @swillden is this field used for anything else, if we don't do
- * public key operations any more?
- *
- * @return A signature when finalizing a signing operation, or an AEAD message tag when
- * performing an authenticated encryption, or the final chunk of cipher
- * or plain text during encryption or decryption respectively.
- */
- @nullable byte[] finish(in @nullable byte[] input, in @nullable byte[] signature);
-
- /**
- * Aborts the operation.
- *
- * Note: `abort` finalizes the operation regardless of the outcome unless
- * `ResponseCode::OPERATION_BUSY` was returned.
- */
- void abort();
-}
diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreSecurityLevel.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreSecurityLevel.aidl
deleted file mode 100644
index 3ee0c0c..0000000
--- a/keystore2/aidl/android/system/keystore2/IKeystoreSecurityLevel.aidl
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.hardware.security.keymint.KeyParameter;
-import android.system.keystore2.AuthenticatorSpec;
-import android.system.keystore2.CreateOperationResponse;
-import android.system.keystore2.EphemeralStorageKeyResponse;
-import android.system.keystore2.IKeystoreOperation;
-import android.system.keystore2.KeyDescriptor;
-import android.system.keystore2.KeyMetadata;
-
-/**
- * `IKeystoreSecurityLevel` is the per backend interface to Keystore. It provides
- * access to all requests that require KeyMint interaction, such as key import
- * and generation, as well as cryptographic operations.
- *
- * ## Error conditions
- * Error conditions are reported as service specific error.
- * Positive codes correspond to `android.system.keystore2.ResponseCode`
- * and indicate error conditions diagnosed by the Keystore 2.0 service.
- * Negative codes correspond to `android.hardware.security.keymint.ErrorCode` and
- * indicate KeyMint back end errors. Refer to the KeyMint interface spec for
- * detail.
- * @hide
- */
-@VintfStability
-@SensitiveData
-interface IKeystoreSecurityLevel {
-
- /**
- * This flag disables cryptographic binding to the LSKF for auth bound keys.
- * It has no effect non auth bound keys. Such keys are not bound to the LSKF by
- * default.
- */
- const int KEY_FLAG_AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING = 0x1;
-
- /**
- * This function creates a new key operation. Operations are the mechanism by which the
- * secret or private key material of a key can be used. There is a limited number
- * of operation slots. Implementations may prune an existing operation to make room
- * for a new one. The pruning strategy is implementation defined, but it must
- * account for forced operations (see parameter `forced` below).
- * Forced operations require the caller to possess the `REQ_FORCED_OP` permission.
- *
- * ## Pruning strategy recommendation
- * It is recommended to choose a strategy that rewards "good" behavior.
- * It is considered good behavior not to hog operations. Clients that use
- * few parallel operations shall have a better chance of starting and finishing
- * an operations than those that use many. Clients that use frequently update their
- * operations shall have a better chance to complete them successfully that those
- * that let their operations linger.
- *
- * ## Error conditions
- * `ResponseCode::BACKEND_BUSY` if the implementation was unable to find a free
- * or free up an operation slot for the new operation.
- *
- * @param key Describes the key that is to be used for the operation.
- *
- * @param operationParameters Additional operation parameters that describe the nature
- * of the requested operation.
- *
- * @param forced A forced operation has a very high pruning power. The implementation may
- * select an operation to be pruned that would not have been pruned otherwise to
- * free up an operation slot for the caller. Also, the resulting operation shall
- * have a very high pruning resistance and cannot be pruned even by other forced
- * operations.
- *
- * @return The operation interface which also acts as a handle to the pending
- * operation and an optional operation challenge wrapped into the
- * `CreateOperationResponse` parcelable. If the latter is present, user
- * authorization is required for this operation.
- */
- CreateOperationResponse createOperation(in KeyDescriptor key,
- in KeyParameter[] operationParameters, in boolean forced);
-
- /**
- * Generates a new key and associates it with the given descriptor.
- *
- * ## Error conditions
- * `ResponseCode::INVALID_ARGUMENT` if `key.domain` is set to any other value than
- * the ones described above.
- * A KeyMint ErrorCode may be returned indicating a backend diagnosed error.
- *
- * @param key The domain field of the key descriptor governs how the key will be stored.
- * * App: The key is stored by the given alias string in the implicit UID namespace
- * of the caller.
- * * SeLinux: The key is stored by the alias string in the namespace given by the
- * `nspace` field provided the caller has the appropriate access rights.
- * * Blob: The key is returned as raw keymint blob in the resultKey.blob field.
- * The `nspace` and `alias` fields are ignored. The caller must have the
- * `MANAGE_BLOB` permission for the keystore:keystore_key context.
- *
- * @param attestationKey Optional key to be used for signing the attestation certificate.
- *
- * @param params Describes the characteristics of the to be generated key. See KeyMint HAL
- * for details.
- *
- * @param flags Additional flags that influence the key generation.
- * See `KEY_FLAG_*` constants above for details.
- *
- * @param entropy This array of random bytes is mixed into the entropy source used for key
- * generation.
- *
- * @return KeyMetadata includes:
- * * A key descriptor that can be used for subsequent key operations.
- * If `Domain::BLOB` was requested, then the descriptor contains the
- * generated key, and the caller must assure that the key is persistently
- * stored accordingly; there is no way to recover the key if the blob is
- * lost.
- * * The generated public certificate if applicable. If `Domain::BLOB` was
- * requested, there is no other copy of this certificate. It is the caller's
- * responsibility to store it persistently if required.
- * * The generated certificate chain if applicable. If `Domain::BLOB` was
- * requested, there is no other copy of this certificate chain. It is the
- * caller's responsibility to store it persistently if required.
- * * The `IKeystoreSecurityLevel` field is always null in this context.
- */
- KeyMetadata generateKey(in KeyDescriptor key, in @nullable KeyDescriptor attestationKey,
- in KeyParameter[] params, in int flags, in byte[] entropy);
-
-
- /**
- * Imports the given key. This API call works exactly like `generateKey`, only that the key is
- * provided by the caller rather than being generated by KeyMint. We only describe
- * the parameters where they deviate from the ones of `generateKey`.
- *
- * @param keyData The key to be imported. Expected encoding is PKCS#8 for asymmetric keys and
- * raw key bits for symmetric keys.
- *
- * @return KeyMetadata see `generateKey`.
- */
- KeyMetadata importKey(in KeyDescriptor key, in @nullable KeyDescriptor attestationKey,
- in KeyParameter[] params, in int flags, in byte[] keyData);
-
- /**
- * Allows importing keys wrapped with an RSA encryption key that is stored in AndroidKeystore.
- *
- * ## Error conditions
- * `ResponseCode::KEY_NOT_FOUND` if the specified wrapping key did not exist.
- *
- * @param key Governs how the imported key shall be stored. See `generateKey` for details.
- *
- * @param wrappingKey Indicates the key that shall be used for unwrapping the wrapped key
- * in a manner similar to starting a new operation with create.
- *
- * @param maskingKey Reserved for future use. Must be null for now.
- *
- * @param params These parameters describe the cryptographic operation that shall be performed
- * using the wrapping key in order to unwrap the wrapped key.
- *
- * @param authenticators When generating or importing a key that is bound to a specific
- * authenticator, the authenticator ID is included in the key parameters.
- * Imported wrapped keys can also be authentication bound, however, the
- * key parameters were included in the wrapped key at a remote location
- * where the device's authenticator ID is not known. Therefore, the
- * caller has to provide all of the possible authenticator IDs so that
- * KeyMint can pick the right one based on the included key parameters.
- *
- * @return KeyMetadata see `generateKey`.
- */
- KeyMetadata importWrappedKey(in KeyDescriptor key, in KeyDescriptor wrappingKey,
- in @nullable byte[] maskingKey, in KeyParameter[] params,
- in AuthenticatorSpec[] authenticators);
-
- /**
- * Allows getting a per-boot wrapped ephemeral key from a wrapped storage key.
- *
- * ## Error conditions
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the
- * `ConvertStorageKeyToEphemeral` or the `ManageBlob` keystore2_key permissions
- * `ResponseCode::INVALID_ARGUMENT` if key.domain != Domain::BLOB or a key.blob isn't specified.
- *
- * A KeyMint ErrorCode may be returned indicating a backend diagnosed error.
- *
- * @param storageKey The KeyDescriptor with domain Domain::BLOB, and keyblob representing
- * the input wrapped storage key to convert
- *
- * @return byte[] representing the wrapped per-boot ephemeral key and an optional upgraded
- * key blob.
- */
- EphemeralStorageKeyResponse convertStorageKeyToEphemeral(in KeyDescriptor storageKey);
-
- /**
- * Allows deleting a Domain::BLOB key from the backend underlying this IKeystoreSecurityLevel.
- * While there's another function "deleteKey()" in IKeystoreService, that function doesn't
- * handle Domain::BLOB keys because it doesn't have any information about which underlying
- * device to actually delete the key blob from.
- *
- * ## Error conditions
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `DELETE`
- * for the designated key, or the "MANAGE_BLOB" permission to manage
- * Domain::BLOB keys.
- * `ResponseCode::INVALID_ARGUMENT` if key.domain != Domain::BLOB or key.blob isn't specified.
- *
- * A KeyMint ErrorCode may be returned indicating a backend diagnosed error.
- *
- * @param KeyDescriptor representing the key to delete.
- */
- void deleteKey(in KeyDescriptor key);
-}
diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
deleted file mode 100644
index f20a0e1..0000000
--- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.hardware.security.keymint.SecurityLevel;
-import android.system.keystore2.Domain;
-import android.system.keystore2.IKeystoreSecurityLevel;
-import android.system.keystore2.KeyDescriptor;
-import android.system.keystore2.KeyEntryResponse;
-
-/**
- * `IKeystoreService` is the primary interface to Keystore. It provides
- * access simple database bound requests. Request that require interactions
- * with a KeyMint backend are delegated to `IKeystoreSecurityLevel` which
- * may be acquired through this interface as well.
- *
- * ## Error conditions
- * Error conditions are reported as service specific error.
- * Positive codes correspond to `android.system.keystore2.ResponseCode`
- * and indicate error conditions diagnosed by the Keystore 2.0 service.
- * Negative codes correspond to `android.hardware.security.keymint.ErrorCode` and
- * indicate KeyMint back end errors. Refer to the KeyMint interface spec for
- * detail.
- * @hide
- */
-@VintfStability
-interface IKeystoreService {
-
- /**
- * Returns the security level specific interface.
- *
- * ## Error conditions
- * `ErrorCode::HARDWARE_TYPE_UNAVAILABLE` if the requested security level does not exist.
- */
- IKeystoreSecurityLevel getSecurityLevel(in SecurityLevel securityLevel);
-
- /**
- * Loads all relevant information about a key stored in the keystore database.
- * This includes the key metadata describing the key algorithm and usage
- * restrictions, and an optional certificate and certificate chain if
- * it is an asymmetric key.
- *
- * The metadata also includes an updated key id based KeyDescriptor (Domain::KEY_ID).
- * See KeyDescriptor.aidl for benefits of key id based key descriptor usage.
- *
- * The key maybe specified by any type of key descriptor (see KeyDescriptor.aidl)
- * except `Domain::BLOB`, in which case the key is not stored in the database.
- *
- * ## Error conditions
- * `ResponseCode::KEY_NOT_FOUND` if the key did not exist.
- * `ResponseCode::PERMISSION_DENIED` if the caller does not possess the `UPDATE` permission
- * for the specified key.
- *
- * @param key Describes the key entry that is to be loaded.
- *
- * @param metadata Returns the key characteristics, security level of the key and
- * key id based key descriptor.
- *
- * @param publicCert The public certificate if the requested key is an asymmetric key.
- *
- * @param certificateChain The certificate chain if the key has one, e.g., if the
- * key was generated with attestation or if the client
- * installed one using `updateSubcomponent`.
- *
- * @return The `KeyEntryResponse includes the requested key's metadata and the security level
- * interface corresponding to the key's security level, which can be used
- * to start operations, generate, and import keys.
- */
- KeyEntryResponse getKeyEntry(in KeyDescriptor key);
-
- /**
- * Allows setting the public key or certificate chain of an asymmetric key.
- * Keystore 2.0 populates the subcomponents of asymmetric keys with a self signed certificate
- * or an attestation certificate, and an optional certificate chain. With this function these
- * fields can be updated with custom certificates.
- *
- * Callers require the `UPDATE` permission.
- *
- * If no key by the given name is found and only a the certificateChain argument is given,
- * A new entry is created by the given name. This is used by the Keystore SPI to create.
- * pure certificate entries. In this case the `REBIND` permission is checked.
- *
- * ## Error conditions
- * `ResponseCode::KEY_NOT_FOUND` if the key did not exist.
- * `ResponseCode::PERMISSION_DENIED` if the caller does not possess the `UPDATE` permission
- * for the specified key.
- *
- * @param key The key the subcomponents of which are to be updated.
- *
- * @param publicCert An optional new public key certificate for the given key.
- *
- * @param certificateChain An optional certificate chain for the given key.
- */
- void updateSubcomponent(in KeyDescriptor key, in @nullable byte[] publicCert,
- in @nullable byte[] certificateChain);
-
- /**
- * List all entries accessible by the caller in the given `domain` and `nspace`.
- *
- * Callers must have the `GET_INFO` permission for the requested namespace to list all the
- * entries.
- *
- * ## Error conditions
- * `ResponseCode::INVALID_ARGUMENT` if `domain` is other than `Domain::APP` or `Domain::SELINUX`
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `GET_INFO`
- * For the requested namespace.
- *
- * @param domain If `Domain::APP` is passed, returns all keys associated with the caller's UID and
- * the namespace parameter is ignored.
- * If `Domain::SELINUX` is passed, returns all keys associated with the given
- * namespace.
- *
- * @param nspace The SELinux keystore2_key namespace if `domain` is `Domain::SELINUX`,
- * ignored otherwise.
- *
- * Note: `namespace` is a keyword in C++, the underscore disambiguates.
- *
- * @return List of KeyDescriptors.
- */
- KeyDescriptor[] listEntries(in Domain domain, in long nspace);
-
- /**
- * Deletes the designated key. This method can be used on keys with any domain except
- * Domain::BLOB, since keystore knows which security level any non Domain::BLOB key
- * belongs to. To delete Domain::BLOB keys, use IKeystoreSecurityLevel::deleteKey()
- * instead.
- *
- * ## Error conditions
- * `ResponseCode::KEY_NOT_FOUND` if the key designated by `key` did not exist.
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `DELETE`
- * for the designated key.
- *
- * @param key The key to be deleted.
- */
- void deleteKey(in KeyDescriptor key);
-
- /**
- * Grant takes a key descriptor `key`, the uid of a grantee `granteeUid` and a set of
- * permissions `accessVector`.
- * It creates a new key descriptor `grantKey` that can be used by the grantee designated by
- * its uid. Before the grantee can use the new grant, `grantKey` must be communicated to the
- * grantee using IPC.
- * Key usage by the grantee is restricted by `accessVector` which is a set of permissions of the
- * SELinux class "keystore2_key". A grant can never convey more privileges to a key than the
- * owner of that key has. To that end, this function must check if `accessVector` is a subset
- * of the granter's permission to their key. Additionally, the "grant" permission is checked.
- * If either of these checks fails `ResponseCode::PERMISSION_DENIED` is returned. If the grant
- * already exists, this call may update the access vector and return the same grant key
- * descriptor as when the grant was first created.
- *
- * ## Error conditions
- * `ResponseCode::KEY_NOT_FOUND` if the key designated by `key` did not exist.
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `GRANT`
- * for the designated key.
- *
- * @param key The key to be granted access to.
- *
- * @param granteeUid The UID of the grantee.
- *
- * @param accessVector A bitmap of `KeyPermission` values.
- *
- * @return A key descriptor that can be used by the grantee to perform operations
- * on the given key within the limits of the supplied access vector.
- */
- KeyDescriptor grant(in KeyDescriptor key, in int granteeUid, in int accessVector);
-
- /**
- * Removes a grant from the grant database. Because a key can be granted to multiple parties,
- * a grant is uniquely identified by target key and the grantee's UID.
- *
- * ## Error conditions
- * `ResponseCode::KEY_NOT_FOUND` if the key designated by `key` did not exist.
- * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permission `grant`
- * for the designated key.
- */
- void ungrant(in KeyDescriptor key, in int granteeUid);
-}
diff --git a/keystore2/aidl/android/system/keystore2/KeyDescriptor.aidl b/keystore2/aidl/android/system/keystore2/KeyDescriptor.aidl
deleted file mode 100644
index f7c5561..0000000
--- a/keystore2/aidl/android/system/keystore2/KeyDescriptor.aidl
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.system.keystore2.Domain;
-
-/**
- * The key descriptor designates a key stored in keystore in different ways.
- * based on the given domain specifier.
- *
- * Domain::APP: The `nspace` field is ignored, and the caller's uid is used instead.
- * The access tuple is `(App, caller_uid, alias)`.
- * Domain::SELINUX: The `nspace` field is used.
- * The access tuple is `(SELinux, nspace, alias)`.
- * Domain::GRANT: The `nspace` field holds a grant id. The key_id is looked up
- * in the grant database and the key is accessed by the key_id.
- * Domain::KEY_ID: The `nspace` field holds the `key_id` which can be used
- * to access the key directly.
- * While alias based key descriptors can yield different keys every time they are
- * used because aliases can be rebound to newly generated or imported keys, the key
- * id is unique for a given key. Using a key by its key id in subsequent Keystore
- * calls guarantees that the private/secret key material used corresponds to the
- * metadata previously loaded using `loadKeyEntry`. The key id does not protect
- * against rebinding, but if the corresponding alias was rebound the key id ceases
- * to be valid, thereby, indicating to the caller that the previously loaded
- * metadata and public key material no longer corresponds to the key entry.
- *
- * Note: Implementations must choose the key id as 64bit random number. So there is
- * a minimal non-zero change of a collision with a previously existing key id.
- * Domain::BLOB: The `blob` field holds the key blob. It is not in the database.
- *
- * The key descriptor is used by various API calls. In any case, the implementation
- * must perform appropriate access control to assure that the caller has access
- * to the given key for the given request. In case of `Domain::BLOB` the implementation
- * must additionally check if the caller has `ManageBlob` permission. See KeyPermission.aidl.
- * @hide
- */
-@VintfStability
-@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true)
-parcelable KeyDescriptor {
- Domain domain;
- long nspace; /* namespace is a keyword in C++, so we had a to pick a different field name. */
- /**
- * A free form string denoting the key, chosen by the client.
- */
- @nullable String alias;
- /**
- * An opaque blob. This blob is represents a KeyMint key. It is encrypted
- * and cannot be interpreted by the client.
- */
- @nullable byte[] blob;
-}
diff --git a/keystore2/aidl/android/system/keystore2/KeyEntryResponse.aidl b/keystore2/aidl/android/system/keystore2/KeyEntryResponse.aidl
deleted file mode 100644
index 56d0042..0000000
--- a/keystore2/aidl/android/system/keystore2/KeyEntryResponse.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.system.keystore2.IKeystoreSecurityLevel;
-import android.system.keystore2.KeyMetadata;
-
-/**
- * This includes the metadata of the requested key and the security level interface
- * corresponding to the key's security level.
- * @hide
- */
-@VintfStability
-parcelable KeyEntryResponse {
- /**
- * The security level interface is served by the Keystore instance
- * that corresponds to the key's security level. It can be used to start
- * operations, generate, and import keys. This field is optional,
- * it is only populated by `IKeystoreService::getKeyEntry`.
- */
- @nullable IKeystoreSecurityLevel iSecurityLevel;
- /**
- * The KeyId based key descriptor. Using this key descriptor for subsequent
- * operations ensures that the private key material used in those operations
- * corresponds to the meta data in this structure. Alias based key descriptors
- * may point to a different key if the alias was rebound in the meantime.
- */
- KeyMetadata metadata;
-}
\ No newline at end of file
diff --git a/keystore2/aidl/android/system/keystore2/KeyMetadata.aidl b/keystore2/aidl/android/system/keystore2/KeyMetadata.aidl
deleted file mode 100644
index 829676f..0000000
--- a/keystore2/aidl/android/system/keystore2/KeyMetadata.aidl
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.hardware.security.keymint.SecurityLevel;
-import android.system.keystore2.Authorization;
-import android.system.keystore2.IKeystoreSecurityLevel;
-import android.system.keystore2.KeyDescriptor;
-
-/**
- * Metadata of a key entry including the key characteristics `authorizations`
- * security level `securityLevel` and a key id based key descriptor.
- * See KeyDescriptor.aidl for the benefits of key id based key descriptor usage.
- * @hide
- */
-@VintfStability
-parcelable KeyMetadata {
- /**
- * The KeyId based key descriptor. Using this key descriptor for subsequent
- * operations ensures that the private key material used in those operations
- * corresponds to the meta data in this structure. Alias based key descriptors
- * may point to a different key if the alias was rebound in the meantime.
- */
- KeyDescriptor key;
- /**
- * The security level that the key resides in.
- * TODO, we could also take this from the origin tag in authorizations.
- */
- SecurityLevel keySecurityLevel;
- /**
- * The authorizations describing the key, e.g., the algorithm, key size,
- * permissible purposes, digests and paddings, as well as usage restrictions,
- * e.g., whether or not user authorization is required.
- */
- Authorization[] authorizations;
- /**
- * The public certificate if the requested key is an asymmetric key.
- */
- @nullable byte[] certificate;
- /**
- * The certificate chain if the key has one, e.g., if the key was generated with
- * attestation or if the client installed one using `updateSubcomponent`.
- */
- @nullable byte[] certificateChain;
- /**
- * The time of the last modification in milliseconds since January 1st 1970.
- */
- long modificationTimeMs;
-}
\ No newline at end of file
diff --git a/keystore2/aidl/android/system/keystore2/KeyParameters.aidl b/keystore2/aidl/android/system/keystore2/KeyParameters.aidl
deleted file mode 100644
index 8e3ff5e..0000000
--- a/keystore2/aidl/android/system/keystore2/KeyParameters.aidl
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-import android.hardware.security.keymint.KeyParameter;
-
-/** @hide */
-@VintfStability
-parcelable KeyParameters {
- KeyParameter[] keyParameter;
-}
diff --git a/keystore2/aidl/android/system/keystore2/KeyPermission.aidl b/keystore2/aidl/android/system/keystore2/KeyPermission.aidl
deleted file mode 100644
index 1647060..0000000
--- a/keystore2/aidl/android/system/keystore2/KeyPermission.aidl
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-/**
- * KeyPermissions correspond to SELinux permission for the keystore2_key security class.
- * These values are used to specify the access vector for granted keys.
- * Key owners may grant a key to a another protection domain indicated by their uid.
- * Implementations must only allow granting permissions that the key owner possesses.
- * The grant permission cannot be granted.
- * Any granted permission applies only to the granted key.
- * @hide
- */
-@VintfStability
-@Backing(type="int")
-enum KeyPermission {
- /**
- * Convenience variant indicating an empty access vector.
- */
- NONE = 0,
- /**
- * Allows deleting the key.
- */
- DELETE = 0x1,
- /**
- * Allows the usage of UNIQUE ID with the given key.
- */
- GEN_UNIQUE_ID = 0x2,
- /**
- * Allows reading metadata about the key including public key and certificate.
- */
- GET_INFO = 0x4,
- /**
- * Allows granting the key. Implementations must not allow this permission
- * to be granted though, so this is mentioned here just for completeness.
- */
- GRANT = 0x8,
- /**
- * Allows using a key by specifying the key blob in the key descriptor.
- * Implementations must not allow this permission to be granted.
- */
- MANAGE_BLOB = 0x10,
- /**
- * Allows rebinding an alias to a newly imported or generated key.
- * It makes no sense to grant this permission, because the API does not
- * permit generating keys by domains other than `App` or `SELinux`.
- * Implementations must not allow this permission to be granted.
- */
- REBIND = 0x20,
- /**
- * Allow requesting a forced operation with the given key.
- * Forced operations cannot be pruned and they have special pruning power
- * allowing them to evict any non forced operation to obtain a KeyMint
- * operation slot.
- */
- REQ_FORCED_OP = 0x40,
- /**
- * Allow updating the public certificate and certificate chain fields
- * of the given key.
- */
- UPDATE = 0x80,
- /**
- * Allow using the key for cryptographic operations within the limitations
- * of the key's usage restrictions.
- */
- USE = 0x100,
- /**
- * Allow using device ids during attestation.
- * It makes no sense to grant this permission, because attestation only
- * works during key generation, and keys cannot be created through a grant.
- * Implementations must not allow this permission to be granted.
- */
- USE_DEV_ID = 0x200,
- /**
- * Allows the creation of auth bound keys that are not cryptographically bound to the LSKF.
- * System components might need this if they required a logically authentication bound key
- * that is used for the derivation of the LSKF bound key material. This is essentially breaking
- * up a circular dependency.
- * This permission is checked during key generation and import if the
- * `KeyFlag.AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING` was set. Because keys cannot
- * be generated or imported via grant, it does not make sense to grant this key.
- */
- USE_NO_LSKF_BINDING = 0x400,
- /**
- * Allows getting a per-boot wrapped ephemeral key from a long lived wrapped storage key.
- * This permission is checked on calls to IKeystoreSecurityLevel::convertStorageKeyToEphemeral()
- */
- CONVERT_STORAGE_KEY_TO_EPHEMERAL = 0x800,
- }
diff --git a/keystore2/aidl/android/system/keystore2/OperationChallenge.aidl b/keystore2/aidl/android/system/keystore2/OperationChallenge.aidl
deleted file mode 100644
index bf8638b..0000000
--- a/keystore2/aidl/android/system/keystore2/OperationChallenge.aidl
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-/**
- * An operation challenge is returned by `IKeystoreSecurityLevel::create` iff
- * the new operation requires user authorization. The challenge may be passed
- * to an authenticator, such as Gatekeeper or Fingerprint.
- * @hide
- */
-@VintfStability
-parcelable OperationChallenge {
- long challenge;
-}
\ No newline at end of file
diff --git a/keystore2/aidl/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
deleted file mode 100644
index f23b8d8..0000000
--- a/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright 2020, The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.keystore2;
-
-/** @hide */
-@VintfStability
-@Backing(type="int")
-enum ResponseCode {
- /* 1 Reserved - formerly NO_ERROR */
- /**
- * TODO Determine exact semantic of Locked and Uninitialized.
- */
- LOCKED = 2,
- UNINITIALIZED = 3,
- /**
- * Any unexpected Error such as IO or communication errors.
- * Implementations should log details to logcat.
- */
- SYSTEM_ERROR = 4,
- /* 5 Reserved - formerly "protocol error" was never used */
- /**
- * Indicates that the caller does not have the permissions for the attempted request.
- */
- PERMISSION_DENIED = 6,
- /**
- * Indicates that the requested key does not exist.
- */
- KEY_NOT_FOUND = 7,
- /**
- * Indicates a data corruption in the Keystore 2.0 database.
- */
- VALUE_CORRUPTED = 8,
- /*
- * 9 Reserved - formerly "undefined action" was never used
- * 10 Reserved - formerly WrongPassword
- * 11 - 13 Reserved - formerly password retry count indicators: obsolete
- *
- * 14 Reserved - formerly SIGNATURE_INVALID: Keystore does not perform public key operations
- * any more
- *
- *
- * 15 Reserved - Formerly OP_AUTH_NEEDED. This is now indicated by the optional
- * `OperationChallenge` returned by `IKeystoreSecurityLevel::create`.
- *
- * 16 Reserved
- */
- KEY_PERMANENTLY_INVALIDATED = 17,
- /**
- * May be returned by `IKeystoreSecurityLevel.create` if all Keymint operation slots
- * are currently in use and none can be pruned.
- */
- BACKEND_BUSY = 18,
- /**
- * This is a logical error on the caller's side. They are trying to advance an
- * operation, e.g., by calling `update`, that is currently processing an `update`
- * or `finish` request.
- */
- OPERATION_BUSY = 19,
- /**
- * Indicates that an invalid argument was passed to an API call.
- */
- INVALID_ARGUMENT = 20,
- /**
- * Indicates that too much data was sent in a single transaction.
- * The binder kernel mechanism cannot really diagnose this condition unambiguously.
- * So in order to force benign clients into reasonable limits, we limit the maximum
- * amount of data that we except in a single transaction to 32KiB.
- */
- TOO_MUCH_DATA = 21,
-
- /**
- * Indicates that the attestation key pool does not have any signed attestation keys
- * available. This can be thrown during attempts to generate a key.
- */
- OUT_OF_KEYS = 22,
-}
diff --git a/net/netd/1.0/Android.bp b/net/netd/1.0/Android.bp
index 438d527..c2cebd3 100644
--- a/net/netd/1.0/Android.bp
+++ b/net/netd/1.0/Android.bp
@@ -1,12 +1,11 @@
// This file is autogenerated by hidl-gen -Landroidbp.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
hidl_interface {
name: "android.system.net.netd@1.0",
root: "android.system",
+ vndk: {
+ enabled: true,
+ },
srcs: [
"INetd.hal",
],
diff --git a/net/netd/1.0/vts/functional/Android.bp b/net/netd/1.0/vts/functional/Android.bp
index 5e11a27..47d3cd1 100644
--- a/net/netd/1.0/vts/functional/Android.bp
+++ b/net/netd/1.0/vts/functional/Android.bp
@@ -13,10 +13,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
cc_test {
name: "VtsHalNetNetdV1_0TargetTest",
srcs: [
diff --git a/net/netd/1.1/Android.bp b/net/netd/1.1/Android.bp
index e60ef0d..6eeb384 100644
--- a/net/netd/1.1/Android.bp
+++ b/net/netd/1.1/Android.bp
@@ -1,12 +1,11 @@
// This file is autogenerated by hidl-gen -Landroidbp.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
hidl_interface {
name: "android.system.net.netd@1.1",
root: "android.system",
+ vndk: {
+ enabled: true,
+ },
srcs: [
"INetd.hal",
],
diff --git a/net/netd/1.1/vts/functional/Android.bp b/net/netd/1.1/vts/functional/Android.bp
index 11a2865..d1fcbca 100644
--- a/net/netd/1.1/vts/functional/Android.bp
+++ b/net/netd/1.1/vts/functional/Android.bp
@@ -13,10 +13,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
cc_test {
name: "VtsHalNetNetdV1_1TargetTest",
srcs: [
diff --git a/net/netd/testutils/Android.bp b/net/netd/testutils/Android.bp
index e4cdbca..0976f44 100644
--- a/net/netd/testutils/Android.bp
+++ b/net/netd/testutils/Android.bp
@@ -14,10 +14,6 @@
// limitations under the License.
// Utility code common for all HAL versions.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
cc_library {
name: "VtsHalNetNetdTestUtils",
srcs: [
diff --git a/suspend/1.0/Android.bp b/suspend/1.0/Android.bp
index 1a4aba2..bf334ec 100644
--- a/suspend/1.0/Android.bp
+++ b/suspend/1.0/Android.bp
@@ -1,9 +1,5 @@
// This file is autogenerated by hidl-gen -Landroidbp.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
hidl_interface {
name: "android.system.suspend@1.0",
root: "android.system",
diff --git a/suspend/1.0/default/Android.bp b/suspend/1.0/default/Android.bp
index e5c3b38..2fb6110 100644
--- a/suspend/1.0/default/Android.bp
+++ b/suspend/1.0/default/Android.bp
@@ -12,10 +12,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
cc_defaults {
name: "system_suspend_defaults",
shared_libs: [
@@ -38,6 +34,7 @@
cflags: [
"-Wall",
"-Werror",
+ "-Wno-unused-parameter",
],
}
@@ -51,17 +48,14 @@
init_rc: ["android.system.suspend@1.0-service.rc"],
vintf_fragments: ["android.system.suspend@1.0-service.xml"],
shared_libs: [
- "android.system.suspend.control-V1-cpp",
- "android.system.suspend.control.internal-cpp",
"android.system.suspend@1.0",
- "SuspendProperties",
+ "suspend_control_aidl_interface-cpp",
],
srcs: [
"main.cpp",
"SuspendControlService.cpp",
"SystemSuspend.cpp",
"WakeLockEntryList.cpp",
- "WakeupList.cpp",
],
}
@@ -74,56 +68,30 @@
"system_suspend_stats_defaults",
],
static_libs: [
- "android.system.suspend.control-V1-cpp",
- "android.system.suspend.control.internal-cpp",
"android.system.suspend@1.0",
+ "suspend_control_aidl_interface-cpp",
"libgmock",
- "SuspendProperties",
],
srcs: [
"SuspendControlService.cpp",
"SystemSuspend.cpp",
"SystemSuspendUnitTest.cpp",
"WakeLockEntryList.cpp",
- "WakeupList.cpp",
],
test_suites: ["device-tests"],
require_root: true,
}
-cc_test {
- name:"SystemSuspendV1_0AidlTest",
- srcs: [
- "SystemSuspendAidlTest.cpp",
- ],
- shared_libs: [
- "libbinder",
- "libutils",
- ],
- static_libs: [
- "android.system.suspend.control-V1-cpp",
- ],
- test_suites: ["device-tests", "vts"],
- require_root: true,
-}
-
cc_benchmark {
name: "SystemSuspendBenchmark",
defaults: [
"system_suspend_defaults",
],
shared_libs: [
- "android.system.suspend.control-V1-cpp",
- "android.system.suspend.control.internal-cpp",
"android.system.suspend@1.0",
+ "suspend_control_aidl_interface-cpp",
],
srcs: [
"SystemSuspendBenchmark.cpp",
],
}
-
-sysprop_library {
- name: "SuspendProperties",
- srcs: ["SuspendProperties.sysprop"],
- property_owner: "Platform",
-}
diff --git a/suspend/1.0/default/OWNERS b/suspend/1.0/default/OWNERS
index 6825db9..5ca08a1 100644
--- a/suspend/1.0/default/OWNERS
+++ b/suspend/1.0/default/OWNERS
@@ -1,3 +1,2 @@
-krossmo@google.com
santoscordon@google.com
trong@google.com
diff --git a/suspend/1.0/default/SuspendControlService.cpp b/suspend/1.0/default/SuspendControlService.cpp
index a993985..671f3dd 100644
--- a/suspend/1.0/default/SuspendControlService.cpp
+++ b/suspend/1.0/default/SuspendControlService.cpp
@@ -40,6 +40,15 @@
return binder::Status::ok();
}
+void SuspendControlService::setSuspendService(const wp<SystemSuspend>& suspend) {
+ mSuspend = suspend;
+}
+
+binder::Status SuspendControlService::enableAutosuspend(bool* _aidl_return) {
+ const auto suspendService = mSuspend.promote();
+ return retOk(suspendService != nullptr && suspendService->enableAutosuspend(), _aidl_return);
+}
+
binder::Status SuspendControlService::registerCallback(const sp<ISuspendCallback>& callback,
bool* _aidl_return) {
if (!callback) {
@@ -62,79 +71,17 @@
return retOk(true, _aidl_return);
}
-binder::Status SuspendControlService::registerWakelockCallback(
- const sp<IWakelockCallback>& callback, const std::string& name, bool* _aidl_return) {
- if (!callback || name.empty()) {
- return retOk(false, _aidl_return);
- }
-
- auto l = std::lock_guard(mWakelockCallbackLock);
- if (std::find_if(mWakelockCallbacks[name].begin(), mWakelockCallbacks[name].end(),
- [&callback](const sp<IWakelockCallback>& i) {
- return IInterface::asBinder(callback) == IInterface::asBinder(i);
- }) != mWakelockCallbacks[name].end()) {
- LOG(ERROR) << __func__ << " Same wakelock callback has already been registered";
- return retOk(false, _aidl_return);
- }
-
- if (IInterface::asBinder(callback)->remoteBinder() &&
- IInterface::asBinder(callback)->linkToDeath(this) != NO_ERROR) {
- LOG(WARNING) << __func__ << " Cannot link to death";
- return retOk(false, _aidl_return);
- }
- mWakelockCallbacks[name].push_back(callback);
-
- return retOk(true, _aidl_return);
+binder::Status SuspendControlService::forceSuspend(bool* _aidl_return) {
+ const auto suspendService = mSuspend.promote();
+ return retOk(suspendService != nullptr && suspendService->forceSuspend(), _aidl_return);
}
void SuspendControlService::binderDied(const wp<IBinder>& who) {
auto l = std::lock_guard(mCallbackLock);
- mCallbacks.erase(std::remove_if(mCallbacks.begin(), mCallbacks.end(),
- [&who](const sp<ISuspendCallback>& i) {
- return who == IInterface::asBinder(i);
- }),
- mCallbacks.end());
-
- auto lWakelock = std::lock_guard(mWakelockCallbackLock);
- // Iterate through all wakelock names as same callback can be registered with different
- // wakelocks.
- for (auto wakelockIt = mWakelockCallbacks.begin(); wakelockIt != mWakelockCallbacks.end();) {
- wakelockIt->second.erase(
- std::remove_if(
- wakelockIt->second.begin(), wakelockIt->second.end(),
- [&who](const sp<IWakelockCallback>& i) { return who == IInterface::asBinder(i); }),
- wakelockIt->second.end());
- if (wakelockIt->second.empty()) {
- wakelockIt = mWakelockCallbacks.erase(wakelockIt);
- } else {
- ++wakelockIt;
- }
- }
+ mCallbacks.erase(findCb(who));
}
-void SuspendControlService::notifyWakelock(const std::string& name, bool isAcquired) {
- // A callback could potentially modify mWakelockCallbacks (e.g., via registerCallback). That
- // must not result in a deadlock. To that end, we make a copy of the callback is an entry can be
- // found for the particular wakelock and release mCallbackLock before calling the copied
- // callbacks.
- auto callbackLock = std::unique_lock(mWakelockCallbackLock);
- auto it = mWakelockCallbacks.find(name);
- if (it == mWakelockCallbacks.end()) {
- return;
- }
- auto callbacksCopy = it->second;
- callbackLock.unlock();
-
- for (const auto& callback : callbacksCopy) {
- if (isAcquired) {
- callback->notifyAcquired().isOk(); // ignore errors
- } else {
- callback->notifyReleased().isOk(); // ignore errors
- }
- }
-}
-
-void SuspendControlService::notifyWakeup(bool success, std::vector<std::string>& wakeupReasons) {
+void SuspendControlService::notifyWakeup(bool success) {
// A callback could potentially modify mCallbacks (e.g., via registerCallback). That must not
// result in a deadlock. To that end, we make a copy of mCallbacks and release mCallbackLock
// before calling the copied callbacks.
@@ -143,37 +90,11 @@
callbackLock.unlock();
for (const auto& callback : callbacksCopy) {
- callback->notifyWakeup(success, wakeupReasons).isOk(); // ignore errors
+ callback->notifyWakeup(success).isOk(); // ignore errors
}
}
-void SuspendControlServiceInternal::setSuspendService(const wp<SystemSuspend>& suspend) {
- mSuspend = suspend;
-}
-
-binder::Status SuspendControlServiceInternal::enableAutosuspend(bool* _aidl_return) {
- const auto suspendService = mSuspend.promote();
- return retOk(suspendService != nullptr && suspendService->enableAutosuspend(), _aidl_return);
-}
-
-binder::Status SuspendControlServiceInternal::forceSuspend(bool* _aidl_return) {
- const auto suspendService = mSuspend.promote();
- return retOk(suspendService != nullptr && suspendService->forceSuspend(), _aidl_return);
-}
-
-binder::Status SuspendControlServiceInternal::getSuspendStats(SuspendInfo* _aidl_return) {
- const auto suspendService = mSuspend.promote();
- if (!suspendService) {
- return binder::Status::fromExceptionCode(binder::Status::Exception::EX_NULL_POINTER,
- String8("Null reference to suspendService"));
- }
-
- suspendService->getSuspendInfo(_aidl_return);
- return binder::Status::ok();
-}
-
-binder::Status SuspendControlServiceInternal::getWakeLockStats(
- std::vector<WakeLockInfo>* _aidl_return) {
+binder::Status SuspendControlService::getWakeLockStats(std::vector<WakeLockInfo>* _aidl_return) {
const auto suspendService = mSuspend.promote();
if (!suspendService) {
return binder::Status::fromExceptionCode(binder::Status::Exception::EX_NULL_POINTER,
@@ -186,32 +107,17 @@
return binder::Status::ok();
}
-binder::Status SuspendControlServiceInternal::getWakeupStats(
- std::vector<WakeupInfo>* _aidl_return) {
- const auto suspendService = mSuspend.promote();
- if (!suspendService) {
- return binder::Status::fromExceptionCode(binder::Status::Exception::EX_NULL_POINTER,
- String8("Null reference to suspendService"));
- }
-
- suspendService->getWakeupList().getWakeupStats(_aidl_return);
- return binder::Status::ok();
-}
-
static std::string dumpUsage() {
- return "\nUsage: adb shell dumpsys suspend_control_internal [option]\n\n"
+ return "\nUsage: adb shell dumpsys suspend_control [option]\n\n"
" Options:\n"
- " --wakelocks : returns wakelock stats.\n"
- " --wakeups : returns wakeup stats.\n"
- " --kernel_suspends : returns suspend success/error stats from the kernel\n"
- " --suspend_controls : returns suspend control stats\n"
- " --all or -a : returns all stats.\n"
- " --help or -h : prints this message.\n\n"
+ " --wakelocks : returns wakelock stats.\n"
+ " --suspend_stats : returns suspend stats.\n"
+ " --help or -h : prints this message.\n\n"
" Note: All stats are returned if no or (an\n"
" invalid) option is specified.\n\n";
}
-status_t SuspendControlServiceInternal::dump(int fd, const Vector<String16>& args) {
+status_t SuspendControlService::dump(int fd, const Vector<String16>& args) {
register_sig_handler();
const auto suspendService = mSuspend.promote();
@@ -219,55 +125,29 @@
return DEAD_OBJECT;
}
- enum : int32_t {
- OPT_WAKELOCKS = 1 << 0,
- OPT_WAKEUPS = 1 << 1,
- OPT_KERNEL_SUSPENDS = 1 << 2,
- OPT_SUSPEND_CONTROLS = 1 << 3,
- OPT_ALL = ~0,
- };
- int opts = 0;
+ bool wakelocks = true;
+ bool suspend_stats = true;
- if (args.empty()) {
- opts = OPT_ALL;
- } else {
- for (const auto& arg : args) {
- if (arg == String16("--wakelocks")) {
- opts |= OPT_WAKELOCKS;
- } else if (arg == String16("--wakeups")) {
- opts |= OPT_WAKEUPS;
- } else if (arg == String16("--kernel_suspends")) {
- opts |= OPT_KERNEL_SUSPENDS;
- } else if (arg == String16("--suspend_controls")) {
- opts |= OPT_SUSPEND_CONTROLS;
- } else if (arg == String16("-a") || arg == String16("--all")) {
- opts = OPT_ALL;
- } else if (arg == String16("-h") || arg == String16("--help")) {
- std::string usage = dumpUsage();
- dprintf(fd, "%s\n", usage.c_str());
- return OK;
- }
+ if (args.size() > 0) {
+ std::string arg(String8(args[0]).string());
+ if (arg == "--wakelocks") {
+ suspend_stats = false;
+ } else if (arg == "--suspend_stats") {
+ wakelocks = false;
+ } else if (arg == "-h" || arg == "--help") {
+ std::string usage = dumpUsage();
+ dprintf(fd, "%s\n", usage.c_str());
+ return OK;
}
}
- if (opts & OPT_WAKELOCKS) {
+ if (wakelocks) {
suspendService->updateStatsNow();
std::stringstream wlStats;
wlStats << suspendService->getStatsList();
dprintf(fd, "\n%s\n", wlStats.str().c_str());
}
-
- if (opts & OPT_WAKEUPS) {
- std::ostringstream wakeupStats;
- std::vector<WakeupInfo> wakeups;
- suspendService->getWakeupList().getWakeupStats(&wakeups);
- for (const auto& w : wakeups) {
- wakeupStats << w.toString() << std::endl;
- }
- dprintf(fd, "Wakeups:\n%s\n", wakeupStats.str().c_str());
- }
-
- if (opts & OPT_KERNEL_SUSPENDS) {
+ if (suspend_stats) {
Result<SuspendStats> res = suspendService->getSuspendStats();
if (!res.ok()) {
LOG(ERROR) << "SuspendControlService: " << res.error().message();
@@ -303,25 +183,6 @@
dprintf(fd, "\n%s\n", suspendStats.c_str());
}
- if (opts & OPT_SUSPEND_CONTROLS) {
- std::ostringstream suspendInfo;
- SuspendInfo info;
- suspendService->getSuspendInfo(&info);
- suspendInfo << "suspend attempts: " << info.suspendAttemptCount << std::endl;
- suspendInfo << "failed suspends: " << info.failedSuspendCount << std::endl;
- suspendInfo << "short suspends: " << info.shortSuspendCount << std::endl;
- suspendInfo << "total suspend time: " << info.suspendTimeMillis << " ms" << std::endl;
- suspendInfo << "short suspend time: " << info.shortSuspendTimeMillis << " ms" << std::endl;
- suspendInfo << "suspend overhead: " << info.suspendOverheadTimeMillis << " ms" << std::endl;
- suspendInfo << "failed suspend overhead: " << info.failedSuspendOverheadTimeMillis << " ms"
- << std::endl;
- suspendInfo << "new backoffs: " << info.newBackoffCount << std::endl;
- suspendInfo << "backoff continuations: " << info.backoffContinueCount << std::endl;
- suspendInfo << "total sleep time between suspends: " << info.sleepTimeMillis << " ms"
- << std::endl;
- dprintf(fd, "Suspend Info:\n%s\n", suspendInfo.str().c_str());
- }
-
return OK;
}
diff --git a/suspend/1.0/default/SuspendControlService.h b/suspend/1.0/default/SuspendControlService.h
index 072b2e6..d8b91d7 100644
--- a/suspend/1.0/default/SuspendControlService.h
+++ b/suspend/1.0/default/SuspendControlService.h
@@ -18,18 +18,9 @@
#define ANDROID_SYSTEM_SYSTEM_SUSPEND_CONTROL_SERVICE_H
#include <android/system/suspend/BnSuspendControlService.h>
-#include <android/system/suspend/internal/BnSuspendControlServiceInternal.h>
-#include <android/system/suspend/internal/SuspendInfo.h>
-#include <android/system/suspend/internal/WakeLockInfo.h>
-#include <android/system/suspend/internal/WakeupInfo.h>
using ::android::system::suspend::BnSuspendControlService;
using ::android::system::suspend::ISuspendCallback;
-using ::android::system::suspend::IWakelockCallback;
-using ::android::system::suspend::internal::BnSuspendControlServiceInternal;
-using ::android::system::suspend::internal::SuspendInfo;
-using ::android::system::suspend::internal::WakeLockInfo;
-using ::android::system::suspend::internal::WakeupInfo;
namespace android {
namespace system {
@@ -44,47 +35,28 @@
SuspendControlService() = default;
~SuspendControlService() override = default;
+ binder::Status enableAutosuspend(bool* _aidl_return) override;
binder::Status registerCallback(const sp<ISuspendCallback>& callback,
bool* _aidl_return) override;
- binder::Status registerWakelockCallback(const sp<IWakelockCallback>& callback,
- const std::string& name, bool* _aidl_return) override;
+ binder::Status forceSuspend(bool* _aidl_return) override;
+ binder::Status getWakeLockStats(std::vector<WakeLockInfo>* _aidl_return) override;
void binderDied(const wp<IBinder>& who) override;
- void notifyWakelock(const std::string& name, bool isAcquired);
- void notifyWakeup(bool success, std::vector<std::string>& wakeupReasons);
-
- private:
- std::map<std::string, std::vector<sp<IWakelockCallback>>> mWakelockCallbacks;
- std::mutex mCallbackLock;
- std::mutex mWakelockCallbackLock;
- std::vector<sp<ISuspendCallback>> mCallbacks;
- const std::vector<sp<ISuspendCallback>>::iterator findCb(const wp<IBinder>& cb) {
- return std::find_if(
- mCallbacks.begin(), mCallbacks.end(),
- [&cb](const sp<ISuspendCallback>& i) { return cb == IInterface::asBinder(i); });
- }
-};
-
-class SuspendControlServiceInternal : public BnSuspendControlServiceInternal,
- public virtual IBinder::DeathRecipient {
- public:
- SuspendControlServiceInternal() = default;
- ~SuspendControlServiceInternal() override = default;
-
- binder::Status enableAutosuspend(bool* _aidl_return) override;
- binder::Status forceSuspend(bool* _aidl_return) override;
- binder::Status getSuspendStats(SuspendInfo* _aidl_return) override;
- binder::Status getWakeLockStats(std::vector<WakeLockInfo>* _aidl_return) override;
- binder::Status getWakeupStats(std::vector<WakeupInfo>* _aidl_return) override;
-
- void binderDied([[maybe_unused]] const wp<IBinder>& who) override {}
-
void setSuspendService(const wp<SystemSuspend>& suspend);
+ void notifyWakeup(bool success);
status_t dump(int fd, const Vector<String16>& args) override;
private:
wp<SystemSuspend> mSuspend;
+
+ std::mutex mCallbackLock;
+ std::vector<sp<ISuspendCallback> > mCallbacks;
+ std::vector<sp<ISuspendCallback> >::iterator findCb(const wp<IBinder>& cb) {
+ return std::find_if(
+ mCallbacks.begin(), mCallbacks.end(),
+ [&cb](const sp<ISuspendCallback> i) { return cb == IInterface::asBinder(i); });
+ }
};
} // namespace V1_0
diff --git a/suspend/1.0/default/SuspendProperties.sysprop b/suspend/1.0/default/SuspendProperties.sysprop
deleted file mode 100644
index 1d21493..0000000
--- a/suspend/1.0/default/SuspendProperties.sysprop
+++ /dev/null
@@ -1,79 +0,0 @@
-# Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-owner: Platform
-module: "android.sysprop.SuspendProperties"
-
-# Maximum time in milliseconds that system will wait between repeated suspend attempts
-prop {
- api_name: "max_sleep_time_millis"
- type: UInt
- scope: Public
- access: Readonly
- prop_name: "suspend.max_sleep_time_millis"
-}
-
-# Base time in milliseconds that system will wait between repeated suspend attempts
-prop {
- api_name: "base_sleep_time_millis"
- type: UInt
- scope: Public
- access: Readonly
- prop_name: "suspend.base_sleep_time_millis"
-}
-
-# Number of consecutive bad (short, failed) suspends above which time between attempts is scaled
-prop {
- api_name: "backoff_threshold_count"
- type: UInt
- scope: Public
- access: Readonly
- prop_name: "suspend.backoff_threshold_count"
-}
-
-# Duration in milliseconds below which a given suspend is considered a short suspend
-prop {
- api_name: "short_suspend_threshold_millis"
- type: UInt
- scope: Public
- access: Readonly
- prop_name: "suspend.short_suspend_threshold_millis"
-}
-
-# Factor for scaling the time between repeated suspend attempts
-prop {
- api_name: "sleep_time_scale_factor"
- type: Double
- scope: Public
- access: Readonly
- prop_name: "suspend.sleep_time_scale_factor"
-}
-
-# If true, the wait time between repeated suspend attempts will be scaled on failed suspends
-prop {
- api_name: "failed_suspend_backoff_enabled"
- type: Boolean
- scope: Public
- access: Readonly
- prop_name: "suspend.failed_suspend_backoff_enabled"
-}
-
-# If true, the wait time between repeated suspend attempts will be scaled on short suspends
-prop {
- api_name: "short_suspend_backoff_enabled"
- type: Boolean
- scope: Public
- access: Readonly
- prop_name: "suspend.short_suspend_backoff_enabled"
-}
\ No newline at end of file
diff --git a/suspend/1.0/default/SystemSuspend.cpp b/suspend/1.0/default/SystemSuspend.cpp
index e9bb646..8f89de3 100644
--- a/suspend/1.0/default/SystemSuspend.cpp
+++ b/suspend/1.0/default/SystemSuspend.cpp
@@ -18,7 +18,6 @@
#include <android-base/file.h>
#include <android-base/logging.h>
-#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <fcntl.h>
#include <hidl/Status.h>
@@ -40,17 +39,11 @@
namespace suspend {
namespace V1_0 {
-struct SuspendTime {
- std::chrono::nanoseconds suspendOverhead;
- std::chrono::nanoseconds suspendTime;
-};
-
static const char kSleepState[] = "mem";
// TODO(b/128923994): we only need /sys/power/wake_[un]lock to export debugging info via
// /sys/kernel/debug/wakeup_sources.
static constexpr char kSysPowerWakeLock[] = "/sys/power/wake_lock";
static constexpr char kSysPowerWakeUnlock[] = "/sys/power/wake_unlock";
-static constexpr char kUnknownWakeup[] = "unknown";
// This function assumes that data in fd is small enough that it can be read in one go.
// We use this function instead of the ones available in libbase because it doesn't block
@@ -66,59 +59,6 @@
return ::android::hardware::IPCThreadState::self()->getCallingPid();
}
-static std::vector<std::string> readWakeupReasons(int fd) {
- std::vector<std::string> wakeupReasons;
- std::string reasonlines;
-
- lseek(fd, 0, SEEK_SET);
- if (!ReadFdToString(fd, &reasonlines) || reasonlines.empty()) {
- PLOG(ERROR) << "failed to read wakeup reasons";
- // Return unknown wakeup reason if we fail to read
- return {kUnknownWakeup};
- }
-
- std::stringstream ss(reasonlines);
- for (std::string reasonline; std::getline(ss, reasonline);) {
- reasonline = ::android::base::Trim(reasonline);
-
- // Only include non-empty reason lines
- if (!reasonline.empty()) {
- wakeupReasons.push_back(reasonline);
- }
- }
-
- // Empty wakeup reason found. Record as unknown wakeup
- if (wakeupReasons.empty()) {
- wakeupReasons.push_back(kUnknownWakeup);
- }
-
- return wakeupReasons;
-}
-
-// reads the suspend overhead and suspend time
-// Returns 0s if reading the sysfs node fails (unlikely)
-static struct SuspendTime readSuspendTime(int fd) {
- std::string content;
-
- lseek(fd, 0, SEEK_SET);
- if (!ReadFdToString(fd, &content)) {
- LOG(ERROR) << "failed to read suspend time";
- return {0ns, 0ns};
- }
-
- double suspendOverhead, suspendTime;
- std::stringstream ss(content);
- if (!(ss >> suspendOverhead) || !(ss >> suspendTime)) {
- LOG(ERROR) << "failed to parse suspend time " << content;
- return {0ns, 0ns};
- }
-
- return {std::chrono::duration_cast<std::chrono::nanoseconds>(
- std::chrono::duration<double>(suspendOverhead)),
- std::chrono::duration_cast<std::chrono::nanoseconds>(
- std::chrono::duration<double>(suspendTime))};
-}
-
WakeLock::WakeLock(SystemSuspend* systemSuspend, const string& name, int pid)
: mReleased(), mSystemSuspend(systemSuspend), mName(name), mPid(pid) {
mSystemSuspend->incSuspendCounter(mName);
@@ -141,29 +81,22 @@
}
SystemSuspend::SystemSuspend(unique_fd wakeupCountFd, unique_fd stateFd, unique_fd suspendStatsFd,
- size_t maxStatsEntries, unique_fd kernelWakelockStatsFd,
- unique_fd wakeupReasonsFd, unique_fd suspendTimeFd,
- const SleepTimeConfig& sleepTimeConfig,
+ size_t maxNativeStatsEntries, unique_fd kernelWakelockStatsFd,
+ std::chrono::milliseconds baseSleepTime,
const sp<SuspendControlService>& controlService,
- const sp<SuspendControlServiceInternal>& controlServiceInternal,
bool useSuspendCounter)
: mSuspendCounter(0),
mWakeupCountFd(std::move(wakeupCountFd)),
mStateFd(std::move(stateFd)),
mSuspendStatsFd(std::move(suspendStatsFd)),
- mSuspendTimeFd(std::move(suspendTimeFd)),
- kSleepTimeConfig(sleepTimeConfig),
- mSleepTime(sleepTimeConfig.baseSleepTime),
- mNumConsecutiveBadSuspends(0),
+ mBaseSleepTime(baseSleepTime),
+ mSleepTime(baseSleepTime),
mControlService(controlService),
- mControlServiceInternal(controlServiceInternal),
- mStatsList(maxStatsEntries, std::move(kernelWakelockStatsFd)),
- mWakeupList(maxStatsEntries),
+ mStatsList(maxNativeStatsEntries, std::move(kernelWakelockStatsFd)),
mUseSuspendCounter(useSuspendCounter),
mWakeLockFd(-1),
- mWakeUnlockFd(-1),
- mWakeupReasonsFd(std::move(wakeupReasonsFd)) {
- mControlServiceInternal->setSuspendService(this);
+ mWakeUnlockFd(-1) {
+ mControlService->setSuspendService(this);
if (!mUseSuspendCounter) {
mWakeLockFd.reset(TEMP_FAILURE_RETRY(open(kSysPowerWakeLock, O_CLOEXEC | O_RDWR)));
@@ -178,12 +111,14 @@
}
bool SystemSuspend::enableAutosuspend() {
- if (mAutosuspendEnabled.test_and_set()) {
+ static bool initialized = false;
+ if (initialized) {
LOG(ERROR) << "Autosuspend already started.";
return false;
}
initAutosuspend();
+ initialized = true;
return true;
}
@@ -208,7 +143,6 @@
auto pid = getCallingPid();
auto timeNow = getTimeNow();
IWakeLock* wl = new WakeLock{this, name, pid};
- mControlService->notifyWakelock(name, true);
mStatsList.updateOnAcquire(name, pid, timeNow);
return wl;
}
@@ -237,17 +171,6 @@
}
}
-unique_fd SystemSuspend::reopenFileUsingFd(const int fd, const int permission) {
- string filePath = android::base::StringPrintf("/proc/self/fd/%d", fd);
-
- unique_fd tempFd{TEMP_FAILURE_RETRY(open(filePath.c_str(), permission))};
- if (tempFd < 0) {
- PLOG(ERROR) << "SystemSuspend: Error opening file, using path: " << filePath;
- return unique_fd(-1);
- }
- return tempFd;
-}
-
void SystemSuspend::initAutosuspend() {
std::thread autosuspendThread([this] {
while (true) {
@@ -276,97 +199,27 @@
PLOG(VERBOSE) << "error writing to /sys/power/state";
}
- struct SuspendTime suspendTime = readSuspendTime(mSuspendTimeFd);
- updateSleepTime(success, suspendTime);
+ mControlService->notifyWakeup(success);
- std::vector<std::string> wakeupReasons = readWakeupReasons(mWakeupReasonsFd);
- if (wakeupReasons == std::vector<std::string>({kUnknownWakeup})) {
- LOG(INFO) << "Unknown/empty wakeup reason. Re-opening wakeup_reason file.";
-
- mWakeupReasonsFd =
- std::move(reopenFileUsingFd(mWakeupReasonsFd.get(), O_CLOEXEC | O_RDONLY));
- }
- mWakeupList.update(wakeupReasons);
-
- mControlService->notifyWakeup(success, wakeupReasons);
+ updateSleepTime(success);
}
});
autosuspendThread.detach();
LOG(INFO) << "automatic system suspend enabled";
}
-/**
- * Updates sleep time depending on the result of suspend attempt.
- * Time (in milliseconds) between suspend attempts is described the formula
- * t[n] = { B, 0 < n <= N
- * { min(B * (S**(n - N)), M), n > N
- * where:
- * n is the number of consecutive bad suspend attempts,
- * B = kBaseSleepTime,
- * N = kSuspendBackoffThreshold,
- * S = kSleepTimeScaleFactor,
- * M = kMaxSleepTime
- *
- * kFailedSuspendBackoffEnabled determines whether a failed suspend is counted as a bad suspend
- *
- * kShortSuspendBackoffEnabled determines whether a suspend whose duration
- * t < kShortSuspendThreshold is counted as a bad suspend
- */
-void SystemSuspend::updateSleepTime(bool success, const struct SuspendTime& suspendTime) {
- std::scoped_lock lock(mSuspendInfoLock);
- mSuspendInfo.suspendAttemptCount++;
- mSuspendInfo.sleepTimeMillis +=
- std::chrono::round<std::chrono::milliseconds>(mSleepTime).count();
-
- bool shortSuspend = success && (suspendTime.suspendTime > 0ns) &&
- (suspendTime.suspendTime < kSleepTimeConfig.shortSuspendThreshold);
-
- bool badSuspend = (kSleepTimeConfig.failedSuspendBackoffEnabled && !success) ||
- (kSleepTimeConfig.shortSuspendBackoffEnabled && shortSuspend);
-
- auto suspendTimeMillis =
- std::chrono::round<std::chrono::milliseconds>(suspendTime.suspendTime).count();
- auto suspendOverheadMillis =
- std::chrono::round<std::chrono::milliseconds>(suspendTime.suspendOverhead).count();
-
+void SystemSuspend::updateSleepTime(bool success) {
+ static constexpr std::chrono::milliseconds kMaxSleepTime = 1min;
if (success) {
- mSuspendInfo.suspendOverheadTimeMillis += suspendOverheadMillis;
- mSuspendInfo.suspendTimeMillis += suspendTimeMillis;
- } else {
- mSuspendInfo.failedSuspendCount++;
- mSuspendInfo.failedSuspendOverheadTimeMillis += suspendOverheadMillis;
- }
-
- if (shortSuspend) {
- mSuspendInfo.shortSuspendCount++;
- mSuspendInfo.shortSuspendTimeMillis += suspendTimeMillis;
- }
-
- if (!badSuspend) {
- mNumConsecutiveBadSuspends = 0;
- mSleepTime = kSleepTimeConfig.baseSleepTime;
+ mSleepTime = mBaseSleepTime;
return;
}
-
- // Suspend attempt was bad (failed or short suspend)
- if (mNumConsecutiveBadSuspends >= kSleepTimeConfig.backoffThreshold) {
- if (mNumConsecutiveBadSuspends == kSleepTimeConfig.backoffThreshold) {
- mSuspendInfo.newBackoffCount++;
- } else {
- mSuspendInfo.backoffContinueCount++;
- }
-
- mSleepTime = std::min(std::chrono::round<std::chrono::milliseconds>(
- mSleepTime * kSleepTimeConfig.sleepTimeScaleFactor),
- kSleepTimeConfig.maxSleepTime);
- }
-
- mNumConsecutiveBadSuspends++;
+ // Double sleep time after each failure up to one minute.
+ mSleepTime = std::min(mSleepTime * 2, kMaxSleepTime);
}
void SystemSuspend::updateWakeLockStatOnRelease(const std::string& name, int pid,
TimestampType timeNow) {
- mControlService->notifyWakelock(name, false);
mStatsList.updateOnRelease(name, pid, timeNow);
}
@@ -378,16 +231,6 @@
mStatsList.updateNow();
}
-void SystemSuspend::getSuspendInfo(SuspendInfo* info) {
- std::scoped_lock lock(mSuspendInfoLock);
-
- *info = mSuspendInfo;
-}
-
-const WakeupList& SystemSuspend::getWakeupList() const {
- return mWakeupList;
-}
-
/**
* Returns suspend stats.
*/
@@ -462,10 +305,6 @@
return stats;
}
-std::chrono::milliseconds SystemSuspend::getSleepTime() const {
- return mSleepTime;
-}
-
} // namespace V1_0
} // namespace suspend
} // namespace system
diff --git a/suspend/1.0/default/SystemSuspend.h b/suspend/1.0/default/SystemSuspend.h
index b84b1c9..9fe9319 100644
--- a/suspend/1.0/default/SystemSuspend.h
+++ b/suspend/1.0/default/SystemSuspend.h
@@ -20,17 +20,14 @@
#include <android-base/result.h>
#include <android-base/unique_fd.h>
#include <android/system/suspend/1.0/ISystemSuspend.h>
-#include <android/system/suspend/internal/SuspendInfo.h>
#include <hidl/HidlTransportSupport.h>
-#include <atomic>
#include <condition_variable>
#include <mutex>
#include <string>
#include "SuspendControlService.h"
#include "WakeLockEntryList.h"
-#include "WakeupList.h"
namespace android {
namespace system {
@@ -42,7 +39,6 @@
using ::android::hardware::hidl_string;
using ::android::hardware::interfacesEqual;
using ::android::hardware::Return;
-using ::android::system::suspend::internal::SuspendInfo;
using namespace std::chrono_literals;
@@ -64,16 +60,6 @@
std::string lastFailedStep;
};
-struct SleepTimeConfig {
- std::chrono::milliseconds baseSleepTime;
- std::chrono::milliseconds maxSleepTime;
- double sleepTimeScaleFactor;
- uint32_t backoffThreshold;
- std::chrono::milliseconds shortSuspendThreshold;
- bool failedSuspendBackoffEnabled;
- bool shortSuspendBackoffEnabled;
-};
-
std::string readFd(int fd);
class WakeLock : public IWakeLock {
@@ -95,26 +81,19 @@
class SystemSuspend : public ISystemSuspend {
public:
SystemSuspend(unique_fd wakeupCountFd, unique_fd stateFd, unique_fd suspendStatsFd,
- size_t maxStatsEntries, unique_fd kernelWakelockStatsFd,
- unique_fd wakeupReasonsFd, unique_fd suspendTimeFd,
- const SleepTimeConfig& sleepTimeConfig,
- const sp<SuspendControlService>& controlService,
- const sp<SuspendControlServiceInternal>& controlServiceInternal,
- bool useSuspendCounter = true);
+ size_t maxNativeStatsEntries, unique_fd kernelWakelockStatsFd,
+ std::chrono::milliseconds baseSleepTime,
+ const sp<SuspendControlService>& controlService, bool useSuspendCounter = true);
Return<sp<IWakeLock>> acquireWakeLock(WakeLockType type, const hidl_string& name) override;
void incSuspendCounter(const std::string& name);
void decSuspendCounter(const std::string& name);
bool enableAutosuspend();
bool forceSuspend();
- const WakeupList& getWakeupList() const;
const WakeLockEntryList& getStatsList() const;
void updateWakeLockStatOnRelease(const std::string& name, int pid, TimestampType timeNow);
void updateStatsNow();
Result<SuspendStats> getSuspendStats();
- void getSuspendInfo(SuspendInfo* info);
- std::chrono::milliseconds getSleepTime() const;
- unique_fd reopenFileUsingFd(const int fd, int permission);
private:
void initAutosuspend();
@@ -126,25 +105,16 @@
unique_fd mStateFd;
unique_fd mSuspendStatsFd;
- unique_fd mSuspendTimeFd;
- std::mutex mSuspendInfoLock;
- SuspendInfo mSuspendInfo;
-
- const SleepTimeConfig kSleepTimeConfig;
-
- // Amount of thread sleep time between consecutive iterations of the suspend loop
+ // Amount of sleep time between consecutive iterations of the suspend loop.
+ std::chrono::milliseconds mBaseSleepTime;
std::chrono::milliseconds mSleepTime;
- int32_t mNumConsecutiveBadSuspends;
-
- // Updates thread sleep time and suspend stats depending on the result of suspend attempt
- void updateSleepTime(bool success, const struct SuspendTime& suspendTime);
+ // Updates sleep time depending on the result of suspend attempt.
+ void updateSleepTime(bool success);
sp<SuspendControlService> mControlService;
- sp<SuspendControlServiceInternal> mControlServiceInternal;
WakeLockEntryList mStatsList;
- WakeupList mWakeupList;
// If true, use mSuspendCounter to keep track of native wake locks. Otherwise, rely on
// /sys/power/wake_lock interface to block suspend.
@@ -152,9 +122,6 @@
bool mUseSuspendCounter;
unique_fd mWakeLockFd;
unique_fd mWakeUnlockFd;
- unique_fd mWakeupReasonsFd;
-
- std::atomic_flag mAutosuspendEnabled = ATOMIC_FLAG_INIT;
};
} // namespace V1_0
diff --git a/suspend/1.0/default/SystemSuspendAidlTest.cpp b/suspend/1.0/default/SystemSuspendAidlTest.cpp
deleted file mode 100644
index f7936a2..0000000
--- a/suspend/1.0/default/SystemSuspendAidlTest.cpp
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <android/system/suspend/BnSuspendCallback.h>
-#include <android/system/suspend/BnWakelockCallback.h>
-#include <android/system/suspend/ISuspendControlService.h>
-#include <binder/IServiceManager.h>
-#include <gtest/gtest.h>
-
-using android::sp;
-using android::status_t;
-using android::String16;
-using android::binder::Status;
-using android::system::suspend::BnSuspendCallback;
-using android::system::suspend::BnWakelockCallback;
-using android::system::suspend::ISuspendControlService;
-
-static const std::string kTestWakelockName("test_lock");
-static const std::string kTestWakelockName2("test_lock2");
-
-class WakelockCallback : public BnWakelockCallback {
- public:
- Status notifyAcquired() override { return Status::ok(); };
- Status notifyReleased() override { return Status::ok(); };
-};
-
-class WakeupCallback : public BnSuspendCallback {
- public:
- Status notifyWakeup([[maybe_unused]] bool success,
- [[maybe_unused]] const std::vector<std::string>& wakeupReasons) override {
- return Status::ok();
- }
-};
-
-class SystemSuspendTest : public testing::Test {
- public:
- sp<ISuspendControlService> suspendControlService = nullptr;
-
- virtual void SetUp() override {
- status_t err = android::getService<ISuspendControlService>(String16("suspend_control"),
- &suspendControlService);
- ASSERT_EQ(err, android::OK);
- ASSERT_NE(suspendControlService, nullptr);
- }
-};
-
-TEST_F(SystemSuspendTest, RegisterWakeupCallback) {
- bool isRegistered = false;
-
- Status ret = suspendControlService->registerCallback(new WakeupCallback(), &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-}
-
-TEST_F(SystemSuspendTest, RegisterMultipleWakeupCallback) {
- bool isRegistered = false;
-
- Status ret = suspendControlService->registerCallback(new WakeupCallback(), &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-
- isRegistered = false;
- ret = suspendControlService->registerCallback(new WakeupCallback(), &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-}
-
-TEST_F(SystemSuspendTest, RegisterWakelockCallback) {
- bool isRegistered = false;
-
- Status ret = suspendControlService->registerWakelockCallback(new WakelockCallback(),
- kTestWakelockName, &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-}
-
-TEST_F(SystemSuspendTest, RegisterSameWakelockCallbackWithSameName) {
- bool isRegistered = false;
- sp<WakelockCallback> callback = new WakelockCallback();
-
- Status ret =
- suspendControlService->registerWakelockCallback(callback, kTestWakelockName, &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-
- isRegistered = false;
- ret =
- suspendControlService->registerWakelockCallback(callback, kTestWakelockName, &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(false, isRegistered);
-}
-
-TEST_F(SystemSuspendTest, RegisterSameWakelockCallbackWithDifferentNames) {
- bool isRegistered = false;
- sp<WakelockCallback> callback = new WakelockCallback();
-
- Status ret =
- suspendControlService->registerWakelockCallback(callback, kTestWakelockName, &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-
- isRegistered = false;
- ret = suspendControlService->registerWakelockCallback(callback, kTestWakelockName2,
- &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-}
-
-TEST_F(SystemSuspendTest, RegisterDifferentWakelockCallbacksWithSameName) {
- bool isRegistered = false;
- sp<WakelockCallback> callback1 = new WakelockCallback();
- sp<WakelockCallback> callback2 = new WakelockCallback();
-
- Status ret = suspendControlService->registerWakelockCallback(callback1, kTestWakelockName,
- &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-
- isRegistered = false;
- ret = suspendControlService->registerWakelockCallback(callback2, kTestWakelockName,
- &isRegistered);
- ASSERT_TRUE(ret.isOk());
- EXPECT_EQ(true, isRegistered);
-}
diff --git a/suspend/1.0/default/SystemSuspendBenchmark.cpp b/suspend/1.0/default/SystemSuspendBenchmark.cpp
index ab6162d..21595f3 100644
--- a/suspend/1.0/default/SystemSuspendBenchmark.cpp
+++ b/suspend/1.0/default/SystemSuspendBenchmark.cpp
@@ -15,14 +15,14 @@
*/
#include <android/system/suspend/1.0/ISystemSuspend.h>
-#include <android/system/suspend/internal/ISuspendControlServiceInternal.h>
+#include <android/system/suspend/ISuspendControlService.h>
#include <benchmark/benchmark.h>
#include <binder/IServiceManager.h>
using android::IBinder;
using android::sp;
-using android::system::suspend::internal::ISuspendControlServiceInternal;
-using android::system::suspend::internal::WakeLockInfo;
+using android::system::suspend::ISuspendControlService;
+using android::system::suspend::WakeLockInfo;
using android::system::suspend::V1_0::ISystemSuspend;
using android::system::suspend::V1_0::IWakeLock;
using android::system::suspend::V1_0::WakeLockType;
@@ -37,14 +37,14 @@
BENCHMARK(BM_acquireWakeLock);
static void BM_getWakeLockStats(benchmark::State& state) {
- static sp<IBinder> controlInternal =
- android::defaultServiceManager()->getService(android::String16("suspend_control_internal"));
- static sp<ISuspendControlServiceInternal> controlServiceInternal =
- android::interface_cast<ISuspendControlServiceInternal>(controlInternal);
+ static sp<IBinder> control =
+ android::defaultServiceManager()->getService(android::String16("suspend_control"));
+ static sp<ISuspendControlService> controlService =
+ android::interface_cast<ISuspendControlService>(control);
while (state.KeepRunning()) {
std::vector<WakeLockInfo> wlStats;
- controlServiceInternal->getWakeLockStats(&wlStats);
+ controlService->getWakeLockStats(&wlStats);
}
}
BENCHMARK(BM_getWakeLockStats);
diff --git a/suspend/1.0/default/SystemSuspendUnitTest.cpp b/suspend/1.0/default/SystemSuspendUnitTest.cpp
index d7b136a..bdca49d 100644
--- a/suspend/1.0/default/SystemSuspendUnitTest.cpp
+++ b/suspend/1.0/default/SystemSuspendUnitTest.cpp
@@ -19,7 +19,6 @@
#include <android-base/result.h>
#include <android-base/unique_fd.h>
#include <android/system/suspend/BnSuspendCallback.h>
-#include <android/system/suspend/BnWakelockCallback.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
#include <binder/ProcessState.h>
@@ -42,43 +41,34 @@
#include "SuspendControlService.h"
#include "SystemSuspend.h"
-#include "WakeupList.h"
using android::sp;
using android::base::Result;
using android::base::Socketpair;
using android::base::unique_fd;
using android::base::WriteStringToFd;
-using android::base::WriteStringToFile;
using android::hardware::configureRpcThreadpool;
using android::hardware::joinRpcThreadpool;
using android::hardware::Return;
using android::hardware::Void;
using android::system::suspend::BnSuspendCallback;
-using android::system::suspend::BnWakelockCallback;
using android::system::suspend::ISuspendControlService;
-using android::system::suspend::internal::ISuspendControlServiceInternal;
-using android::system::suspend::internal::WakeLockInfo;
-using android::system::suspend::internal::WakeupInfo;
+using android::system::suspend::WakeLockInfo;
using android::system::suspend::V1_0::getTimeNow;
using android::system::suspend::V1_0::ISystemSuspend;
using android::system::suspend::V1_0::IWakeLock;
using android::system::suspend::V1_0::readFd;
-using android::system::suspend::V1_0::SleepTimeConfig;
using android::system::suspend::V1_0::SuspendControlService;
-using android::system::suspend::V1_0::SuspendControlServiceInternal;
using android::system::suspend::V1_0::SuspendStats;
using android::system::suspend::V1_0::SystemSuspend;
using android::system::suspend::V1_0::TimestampType;
using android::system::suspend::V1_0::WakeLockType;
-using android::system::suspend::V1_0::WakeupList;
using namespace std::chrono_literals;
namespace android {
static constexpr char kServiceName[] = "TestService";
static constexpr char kControlServiceName[] = "TestControlService";
-static constexpr char kControlServiceInternalName[] = "TestControlServiceInternal";
static bool isReadBlocked(int fd, int timeout_ms = 20) {
struct pollfd pfd {
@@ -100,30 +90,14 @@
LOG(FATAL) << "Unable to register service " << kControlServiceName << controlStatus;
}
- sp<SuspendControlServiceInternal> suspendControlInternal =
- new SuspendControlServiceInternal();
- controlStatus = ::android::defaultServiceManager()->addService(
- android::String16(kControlServiceInternalName), suspendControlInternal);
- if (android::OK != controlStatus) {
- LOG(FATAL) << "Unable to register service " << kControlServiceInternalName
- << controlStatus;
- }
-
// Create non-HW binder threadpool for SuspendControlService.
sp<android::ProcessState> ps{android::ProcessState::self()};
ps->startThreadPool();
- wakeupReasonsFd =
- unique_fd(TEMP_FAILURE_RETRY(open(wakeupReasonsFile.path, O_CLOEXEC | O_RDONLY)));
-
- suspendTimeFd =
- unique_fd(TEMP_FAILURE_RETRY(open(suspendTimeFile.path, O_CLOEXEC | O_RDONLY)));
-
sp<ISystemSuspend> suspend = new SystemSuspend(
std::move(wakeupCountFds[1]), std::move(stateFds[1]),
unique_fd(-1) /*suspendStatsFd*/, 1 /* maxNativeStatsEntries */,
- unique_fd(-1) /* kernelWakelockStatsFd */, std::move(wakeupReasonsFd),
- std::move(suspendTimeFd), kSleepTimeConfig, suspendControl, suspendControlInternal);
+ unique_fd(-1) /* kernelWakelockStatsFd */, 0ms /* baseSleepTime */, suspendControl);
status_t status = suspend->registerAsService(kServiceName);
if (android::OK != status) {
LOG(FATAL) << "Unable to register service: " << status;
@@ -148,15 +122,9 @@
ASSERT_NE(control, nullptr) << "failed to get the suspend control service";
sp<ISuspendControlService> controlService = interface_cast<ISuspendControlService>(control);
- sp<IBinder> controlInternal = android::defaultServiceManager()->getService(
- android::String16(kControlServiceInternalName));
- ASSERT_NE(controlInternal, nullptr) << "failed to get the suspend control internal service";
- sp<ISuspendControlServiceInternal> controlServiceInternal =
- interface_cast<ISuspendControlServiceInternal>(controlInternal);
-
// Start auto-suspend.
bool enabled = false;
- controlServiceInternal->enableAutosuspend(&enabled);
+ controlService->enableAutosuspend(&enabled);
ASSERT_EQ(enabled, true) << "failed to start autosuspend";
}
@@ -171,11 +139,6 @@
ASSERT_NE(control, nullptr) << "failed to get the suspend control service";
controlService = interface_cast<ISuspendControlService>(control);
- sp<IBinder> controlInternal = android::defaultServiceManager()->getService(
- android::String16(kControlServiceInternalName));
- ASSERT_NE(controlInternal, nullptr) << "failed to get the suspend control internal service";
- controlServiceInternal = interface_cast<ISuspendControlServiceInternal>(controlInternal);
-
wakeupCountFd = wakeupCountFds[0];
stateFd = stateFds[0];
@@ -204,7 +167,7 @@
size_t getActiveWakeLockCount() {
std::vector<WakeLockInfo> wlStats;
- controlServiceInternal->getWakeLockStats(&wlStats);
+ controlService->getWakeLockStats(&wlStats);
return count_if(wlStats.begin(), wlStats.end(), [](auto entry) { return entry.isActive; });
}
@@ -219,70 +182,24 @@
<< "SystemSuspend failed to write correct sleep state.";
}
}
-
- void checkWakelockLoop(int numIter, const std::string name) {
- for (int i = 0; i < numIter; i++) {
- sp<IWakeLock> testLock = acquireWakeLock(name);
- testLock->release();
- }
- }
-
- void suspendFor(std::chrono::milliseconds suspendTime, int numberOfSuspends) {
- std::string suspendStr =
- "0.001 " /* placeholder */ +
- std::to_string(
- std::chrono::duration_cast<std::chrono::duration<double>>(suspendTime).count());
- ASSERT_TRUE(WriteStringToFile(suspendStr, suspendTimeFile.path));
- checkLoop(numberOfSuspends);
- }
-
- void checkSleepTime(std::chrono::milliseconds expected) {
- SystemSuspend* s = static_cast<SystemSuspend*>(suspendService.get());
- // There is a race window where sleepTime can be checked in the tests,
- // before it is updated in autoSuspend
- while (!isReadBlocked(wakeupCountFd)) {
- }
- std::chrono::milliseconds actual = s->getSleepTime();
- ASSERT_EQ(actual.count(), expected.count()) << "incorrect sleep time";
- }
-
sp<ISystemSuspend> suspendService;
sp<ISuspendControlService> controlService;
- sp<ISuspendControlServiceInternal> controlServiceInternal;
static unique_fd wakeupCountFds[2];
static unique_fd stateFds[2];
- static unique_fd wakeupReasonsFd;
- static unique_fd suspendTimeFd;
static int wakeupCountFd;
static int stateFd;
- static TemporaryFile wakeupReasonsFile;
- static TemporaryFile suspendTimeFile;
-
- static constexpr SleepTimeConfig kSleepTimeConfig = {
- .baseSleepTime = 100ms,
- .maxSleepTime = 400ms,
- .sleepTimeScaleFactor = 1.9,
- .backoffThreshold = 1,
- .shortSuspendThreshold = 100ms,
- .failedSuspendBackoffEnabled = true,
- .shortSuspendBackoffEnabled = true,
- };
};
// SystemSuspendTest test suite resources
unique_fd SystemSuspendTest::wakeupCountFds[2];
unique_fd SystemSuspendTest::stateFds[2];
-unique_fd SystemSuspendTest::wakeupReasonsFd;
-unique_fd SystemSuspendTest::suspendTimeFd;
int SystemSuspendTest::wakeupCountFd;
int SystemSuspendTest::stateFd;
-TemporaryFile SystemSuspendTest::wakeupReasonsFile;
-TemporaryFile SystemSuspendTest::suspendTimeFile;
// Tests that autosuspend thread can only be enabled once.
TEST_F(SystemSuspendTest, OnlyOneEnableAutosuspend) {
bool enabled = false;
- controlServiceInternal->enableAutosuspend(&enabled);
+ controlService->enableAutosuspend(&enabled);
ASSERT_EQ(enabled, false);
}
@@ -379,65 +296,19 @@
ASSERT_EQ(getActiveWakeLockCount(), 0);
}
-TEST_F(SystemSuspendTest, SuspendBackoffLongSuspendTest) {
- // Sleep time shall be set to base sleep time after a long suspend
- suspendFor(10000ms, 1);
- checkSleepTime(kSleepTimeConfig.baseSleepTime);
-}
-
-TEST_F(SystemSuspendTest, BackoffThresholdTest) {
- // Sleep time shall be set to base sleep time after a long suspend
- suspendFor(10000ms, 1);
- checkSleepTime(kSleepTimeConfig.baseSleepTime);
-
- // Sleep time shall back off after the configured backoff threshold
- std::chrono::milliseconds expectedSleepTime = std::chrono::round<std::chrono::milliseconds>(
- kSleepTimeConfig.baseSleepTime * kSleepTimeConfig.sleepTimeScaleFactor);
- suspendFor(10ms, kSleepTimeConfig.backoffThreshold);
- checkSleepTime(kSleepTimeConfig.baseSleepTime);
- suspendFor(10ms, 1);
- checkSleepTime(expectedSleepTime);
-
- // Sleep time shall return to base sleep time after a long suspend
- suspendFor(10000ms, 1);
- checkSleepTime(kSleepTimeConfig.baseSleepTime);
-}
-
-TEST_F(SystemSuspendTest, SuspendBackoffMaxTest) {
- // Sleep time shall be set to base sleep time after a long suspend
- suspendFor(10000ms, 1);
- checkSleepTime(kSleepTimeConfig.baseSleepTime);
-
- // Sleep time shall be capped at the configured maximum
- suspendFor(10ms, 3 + kSleepTimeConfig.backoffThreshold);
- checkSleepTime(kSleepTimeConfig.maxSleepTime);
-
- // Sleep time shall return to base sleep time after a long suspend
- suspendFor(10000ms, 1);
- checkSleepTime(kSleepTimeConfig.baseSleepTime);
-}
-
// Callbacks are passed around as sp<>. However, mock expectations are verified when mock objects
// are destroyed, i.e. the test needs to control lifetime of the mock object.
// MockCallbackImpl can be destroyed independently of its wrapper MockCallback which is passed to
// SystemSuspend.
struct MockCallbackImpl {
- binder::Status notifyWakeup([[maybe_unused]] bool success,
- const std::vector<std::string>& wakeupReasons) {
- mWakeupReasons = wakeupReasons;
- mNumWakeups++;
- return binder::Status::ok();
- }
-
- std::vector<std::string> mWakeupReasons;
- int mNumWakeups = 0;
+ MOCK_METHOD1(notifyWakeup, binder::Status(bool));
};
class MockCallback : public BnSuspendCallback {
public:
MockCallback(MockCallbackImpl* impl) : mImpl(impl), mDisabled(false) {}
- binder::Status notifyWakeup(bool x, const std::vector<std::string>& wakeupReasons) {
- return mDisabled ? binder::Status::ok() : mImpl->notifyWakeup(x, wakeupReasons);
+ binder::Status notifyWakeup(bool x) {
+ return mDisabled ? binder::Status::ok() : mImpl->notifyWakeup(x);
}
// In case we pull the rug from under MockCallback, but SystemSuspend still has an sp<> to the
// object.
@@ -459,88 +330,16 @@
TEST_F(SystemSuspendTest, CallbackNotifyWakeup) {
constexpr int numWakeups = 5;
MockCallbackImpl impl;
+ // SystemSuspend should suspend numWakeup + 1 times. However, it might
+ // only be able to notify numWakeup times. The test case might have
+ // finished by the time last notification completes.
+ EXPECT_CALL(impl, notifyWakeup).Times(testing::AtLeast(numWakeups));
sp<MockCallback> cb = new MockCallback(&impl);
bool retval = false;
controlService->registerCallback(cb, &retval);
ASSERT_TRUE(retval);
checkLoop(numWakeups + 1);
cb->disable();
- // SystemSuspend should suspend numWakeup + 1 times. However, it might
- // only be able to notify numWakeup times. The test case might have
- // finished by the time last notification completes.
- ASSERT_GE(impl.mNumWakeups, numWakeups);
-}
-
-// Tests that SystemSuspend HAL correctly notifies wakeup subscribers with wakeup reasons.
-TEST_F(SystemSuspendTest, CallbackNotifyWakeupReason) {
- int i;
- const std::string wakeupReason0 = "";
- const std::string wakeupReason1 = " ";
- const std::string wakeupReason2 = "\n\n";
- const std::string wakeupReason3 = "100 :android,wakeup-reason-1";
- const std::string wakeupReason4 = "Abort: android,wakeup-reason-2\n";
- const std::string wakeupReason5 =
- "999 :android,wakeup-reason-3\nAbort: android,wakeup-reason-3\n";
- const std::string referenceWakeupUnknown = "unknown";
- const std::string referenceWakeupReason3 = "100 :android,wakeup-reason-1";
- const std::string referenceWakeupReason4 = "Abort: android,wakeup-reason-2";
- const std::vector<std::string> referenceWakeupReason5 = {"999 :android,wakeup-reason-3",
- "Abort: android,wakeup-reason-3"};
-
- unique_fd wakeupReasonsWriteFd = unique_fd(
- TEMP_FAILURE_RETRY(open(SystemSuspendTest::wakeupReasonsFile.path, O_CLOEXEC | O_WRONLY)));
-
- MockCallbackImpl impl;
- sp<MockCallback> cb = new MockCallback(&impl);
-
- bool retval = false;
- controlService->registerCallback(cb, &retval);
- ASSERT_TRUE(retval);
-
- // wakeupReason0 empty wakeup reason
- // Following assert check may happen before a callback been executed, iterate few checkLoop to
- // make sure at least one callback been finished.
- checkLoop(3);
- ASSERT_EQ(impl.mWakeupReasons.size(), 1);
- ASSERT_EQ(impl.mWakeupReasons[0], referenceWakeupUnknown);
-
- // wakeupReason1 single invalid wakeup reason with only space.
- ASSERT_TRUE(WriteStringToFd(wakeupReason1, wakeupReasonsWriteFd));
- checkLoop(3);
- ASSERT_EQ(impl.mWakeupReasons.size(), 1);
- ASSERT_EQ(impl.mWakeupReasons[0], referenceWakeupUnknown);
-
- // wakeupReason2 two empty wakeup reasons.
- lseek(wakeupReasonsWriteFd, 0, SEEK_SET);
- ASSERT_TRUE(WriteStringToFd(wakeupReason2, wakeupReasonsWriteFd));
- checkLoop(3);
- ASSERT_EQ(impl.mWakeupReasons.size(), 1);
- ASSERT_EQ(impl.mWakeupReasons[0], referenceWakeupUnknown);
-
- // wakeupReason3 single wakeup reasons.
- lseek(wakeupReasonsWriteFd, 0, SEEK_SET);
- ASSERT_TRUE(WriteStringToFd(wakeupReason3, wakeupReasonsWriteFd));
- checkLoop(3);
- ASSERT_EQ(impl.mWakeupReasons.size(), 1);
- ASSERT_EQ(impl.mWakeupReasons[0], referenceWakeupReason3);
-
- // wakeupReason4 two wakeup reasons with one empty.
- lseek(wakeupReasonsWriteFd, 0, SEEK_SET);
- ASSERT_TRUE(WriteStringToFd(wakeupReason4, wakeupReasonsWriteFd));
- checkLoop(3);
- ASSERT_EQ(impl.mWakeupReasons.size(), 1);
- ASSERT_EQ(impl.mWakeupReasons[0], referenceWakeupReason4);
-
- // wakeupReason5 two wakeup reasons.
- lseek(wakeupReasonsWriteFd, 0, SEEK_SET);
- ASSERT_TRUE(WriteStringToFd(wakeupReason5, wakeupReasonsWriteFd));
- checkLoop(3);
- ASSERT_EQ(impl.mWakeupReasons.size(), 2);
- i = 0;
- for (auto wakeupReason : impl.mWakeupReasons) {
- ASSERT_EQ(wakeupReason, referenceWakeupReason5[i++]);
- }
- cb->disable();
}
// Tests that SystemSuspend HAL correctly deals with a dead callback.
@@ -564,8 +363,7 @@
class CbRegisteringCb : public BnSuspendCallback {
public:
CbRegisteringCb(sp<ISuspendControlService> controlService) : mControlService(controlService) {}
- binder::Status notifyWakeup([[maybe_unused]] bool x,
- [[maybe_unused]] const std::vector<std::string>& wakeupReasons) {
+ binder::Status notifyWakeup(bool x) {
sp<MockCallback> cb = new MockCallback(nullptr);
cb->disable();
bool retval = false;
@@ -586,156 +384,6 @@
checkLoop(3);
}
-struct MockWakelockCallbackImpl {
- MOCK_METHOD0(notifyAcquired, binder::Status());
- MOCK_METHOD0(notifyReleased, binder::Status());
-};
-
-class MockWakelockCallback : public BnWakelockCallback {
- public:
- MockWakelockCallback(MockWakelockCallbackImpl* impl) : mImpl(impl), mDisabled(false) {}
- binder::Status notifyAcquired(void) {
- return mDisabled ? binder::Status::ok() : mImpl->notifyAcquired();
- }
- binder::Status notifyReleased(void) {
- return mDisabled ? binder::Status::ok() : mImpl->notifyReleased();
- }
- // In case we pull the rug from under MockWakelockCallback, but SystemSuspend still has an sp<>
- // to the object.
- void disable() { mDisabled = true; }
-
- private:
- MockWakelockCallbackImpl* mImpl;
- bool mDisabled;
-};
-
-// Tests that nullptr can't be registered as wakelock callbacks.
-TEST_F(SystemSuspendTest, RegisterInvalidWakelockCallback) {
- bool retval = false;
- controlService->registerWakelockCallback(nullptr, "testLock", &retval);
- ASSERT_FALSE(retval);
-}
-
-// Tests that the a callback cannot be registeed with a wakelock twice.
-TEST_F(SystemSuspendTest, RegisterCallbackTwice) {
- bool retval = false;
- MockWakelockCallbackImpl impl;
- sp<MockWakelockCallback> cb = new MockWakelockCallback(&impl);
-
- controlService->registerWakelockCallback(cb, "testLock", &retval);
- ASSERT_TRUE(retval);
- controlService->registerWakelockCallback(cb, "testLock", &retval);
- ASSERT_FALSE(retval);
-
- cb->disable();
-}
-
-// Tests that the same callback can be registered with two wakelocks.
-TEST_F(SystemSuspendTest, RegisterSameCallbackForTwoWakelocks) {
- bool retval = false;
- MockWakelockCallbackImpl impl;
- sp<MockWakelockCallback> cb = new MockWakelockCallback(&impl);
-
- controlService->registerWakelockCallback(cb, "testLock1", &retval);
- ASSERT_TRUE(retval);
- controlService->registerWakelockCallback(cb, "testLock2", &retval);
- ASSERT_TRUE(retval);
-
- cb->disable();
-}
-
-// Tests that the two callbacks can be registered with the same wakelock.
-TEST_F(SystemSuspendTest, RegisterTwoCallbacksForSameWakelock) {
- bool retval = false;
- MockWakelockCallbackImpl impl;
- sp<MockWakelockCallback> cb1 = new MockWakelockCallback(&impl);
- sp<MockWakelockCallback> cb2 = new MockWakelockCallback(&impl);
-
- controlService->registerWakelockCallback(cb1, "testLock", &retval);
- ASSERT_TRUE(retval);
- controlService->registerWakelockCallback(cb2, "testLock", &retval);
- ASSERT_TRUE(retval);
-
- cb1->disable();
- cb2->disable();
-}
-
-// Tests that SystemSuspend HAL correctly deals with a dead wakelock callback.
-TEST_F(SystemSuspendTest, DeadWakelockCallback) {
- ASSERT_EXIT(
- {
- sp<MockWakelockCallback> cb = new MockWakelockCallback(nullptr);
- bool retval = false;
- controlService->registerWakelockCallback(cb, "testLock", &retval);
- ASSERT_TRUE(retval);
- std::exit(0);
- },
- ::testing::ExitedWithCode(0), "");
-
- // Dead process callback must still be dealt with either by unregistering it
- // or checking isOk() on every call.
- sp<IWakeLock> testLock = acquireWakeLock("testLock");
- ASSERT_TRUE(testLock->release().isOk());
-}
-
-// Wakelock callback that registers another callback.
-class WakelockCbRegisteringCb : public BnWakelockCallback {
- public:
- WakelockCbRegisteringCb(sp<ISuspendControlService> controlService)
- : mControlService(controlService) {}
- binder::Status notifyAcquired(void) {
- sp<MockWakelockCallback> cb = new MockWakelockCallback(nullptr);
- cb->disable();
- bool retval = false;
- mControlService->registerWakelockCallback(cb, "testLock", &retval);
- return binder::Status::ok();
- }
- binder::Status notifyReleased(void) {
- sp<MockWakelockCallback> cb = new MockWakelockCallback(nullptr);
- cb->disable();
- bool retval = false;
- mControlService->registerWakelockCallback(cb, "testLock", &retval);
- return binder::Status::ok();
- }
-
- private:
- sp<ISuspendControlService> mControlService;
-};
-
-TEST_F(SystemSuspendTest, WakelockCallbackRegisterCallbackNoDeadlock) {
- sp<WakelockCbRegisteringCb> cb = new WakelockCbRegisteringCb(controlService);
- bool retval = false;
- controlService->registerWakelockCallback(cb, "testLock", &retval);
- ASSERT_TRUE(retval);
-
- checkWakelockLoop(3, "testLock");
-}
-
-// Tests that SystemSuspend HAL correctly notifies wakelock events.
-TEST_F(SystemSuspendTest, CallbackNotifyWakelock) {
- bool retval = false;
- MockWakelockCallbackImpl impl1;
- MockWakelockCallbackImpl impl2;
- sp<MockWakelockCallback> cb1 = new MockWakelockCallback(&impl1);
- sp<MockWakelockCallback> cb2 = new MockWakelockCallback(&impl2);
-
- controlService->registerWakelockCallback(cb1, "testLock1", &retval);
- ASSERT_TRUE(retval);
- controlService->registerWakelockCallback(cb2, "testLock2", &retval);
- ASSERT_TRUE(retval);
-
- EXPECT_CALL(impl1, notifyAcquired).Times(4);
- EXPECT_CALL(impl1, notifyReleased).Times(4);
- EXPECT_CALL(impl2, notifyAcquired).Times(3);
- EXPECT_CALL(impl2, notifyReleased).Times(3);
-
- checkWakelockLoop(4, "testLock1");
- checkWakelockLoop(3, "testLock2");
-
- cb1->disable();
- cb2->disable();
-}
-
class SystemSuspendSameThreadTest : public ::testing::Test {
public:
sp<IWakeLock> acquireWakeLock(const std::string& name = "TestLock") {
@@ -901,7 +549,7 @@
*/
std::vector<WakeLockInfo> getWakelockStats() {
std::vector<WakeLockInfo> wlStats;
- controlServiceInternal->getWakeLockStats(&wlStats);
+ controlService->getWakeLockStats(&wlStats);
return wlStats;
}
@@ -927,16 +575,11 @@
// Set up same thread suspend services
sp<SuspendControlService> suspendControl = new SuspendControlService();
- sp<SuspendControlServiceInternal> suspendControlInternal =
- new SuspendControlServiceInternal();
controlService = suspendControl;
- controlServiceInternal = suspendControlInternal;
- suspendService =
- new SystemSuspend(unique_fd(-1) /* wakeupCountFd */, unique_fd(-1) /* stateFd */,
- unique_fd(dup(suspendStatsFd)), 1 /* maxNativeStatsEntries */,
- unique_fd(dup(kernelWakelockStatsFd.get())),
- unique_fd(-1) /* wakeupReasonsFd */, unique_fd(-1) /*suspendTimeFd*/,
- kSleepTimeConfig, suspendControl, suspendControlInternal);
+ suspendService = new SystemSuspend(
+ unique_fd(-1) /* wakeupCountFd */, unique_fd(-1) /* stateFd */,
+ unique_fd(dup(suspendStatsFd)), 1 /* maxNativeStatsEntries */,
+ unique_fd(dup(kernelWakelockStatsFd.get())), 0ms /* baseSleepTime */, suspendControl);
}
virtual void TearDown() override {
@@ -946,21 +589,10 @@
sp<ISystemSuspend> suspendService;
sp<ISuspendControlService> controlService;
- sp<ISuspendControlServiceInternal> controlServiceInternal;
unique_fd kernelWakelockStatsFd;
unique_fd suspendStatsFd;
TemporaryDir kernelWakelockStatsDir;
TemporaryDir suspendStatsDir;
-
- const SleepTimeConfig kSleepTimeConfig = {
- .baseSleepTime = 100ms,
- .maxSleepTime = 400ms,
- .sleepTimeScaleFactor = 1.9,
- .backoffThreshold = 1,
- .shortSuspendThreshold = 100ms,
- .failedSuspendBackoffEnabled = true,
- .shortSuspendBackoffEnabled = true,
- };
};
// Test that getWakeLockStats has correct information about Native WakeLocks.
@@ -1191,334 +823,10 @@
ASSERT_EQ(stats.lastFailedStep, "fakeStep");
}
-class SuspendWakeupTest : public ::testing::Test {
- public:
- virtual void SetUp() override {
- Socketpair(SOCK_STREAM, &wakeupCountTestFd, &wakeupCountServiceFd);
- Socketpair(SOCK_STREAM, &stateTestFd, &stateServiceFd);
-
- suspendControl = new SuspendControlService();
-
- suspendControlInternal = new SuspendControlServiceInternal();
-
- suspendTimeFd =
- unique_fd(TEMP_FAILURE_RETRY(open(suspendTimeFile.path, O_CLOEXEC | O_RDONLY)));
-
- wakeupReasonsFd =
- unique_fd(TEMP_FAILURE_RETRY(open(wakeupReasonsFile.path, O_CLOEXEC | O_RDONLY)));
-
- suspend = new SystemSuspend(std::move(wakeupCountServiceFd), std::move(stateServiceFd),
- unique_fd(-1) /*suspendStatsFd*/, 100 /* maxStatsEntries */,
- unique_fd(-1) /* kernelWakelockStatsFd */,
- std::move(wakeupReasonsFd), std::move(suspendTimeFd),
- kSleepTimeConfig, suspendControl, suspendControlInternal);
-
- // Start auto-suspend.
- bool enabled = false;
- suspendControlInternal->enableAutosuspend(&enabled);
- ASSERT_EQ(enabled, true) << "failed to start autosuspend";
- }
-
- virtual void TearDown() override {}
-
- void wakeup(std::string wakeupReason) {
- ASSERT_TRUE(WriteStringToFile(wakeupReason, wakeupReasonsFile.path));
- checkLoop(1);
- }
-
- void checkLoop(int numIter) {
- for (int i = 0; i < numIter; i++) {
- // Mock value for /sys/power/wakeup_count.
- std::string wakeupCount = std::to_string(rand());
- ASSERT_TRUE(WriteStringToFd(wakeupCount, wakeupCountTestFd));
- ASSERT_EQ(readFd(wakeupCountTestFd), wakeupCount)
- << "wakeup count value written by SystemSuspend is not equal to value given to it";
- ASSERT_EQ(readFd(stateTestFd), "mem")
- << "SystemSuspend failed to write correct sleep state.";
- // There is a race window where sleepTime can be checked in the tests,
- // before it is updated in autoSuspend
- while (!isReadBlocked(wakeupCountTestFd)) {
- }
- }
- }
-
- void suspendFor(std::chrono::milliseconds suspendTime,
- std::chrono::milliseconds suspendOverhead, int numberOfSuspends) {
- std::string suspendStr =
- std::to_string(
- std::chrono::duration_cast<std::chrono::duration<double>>(suspendOverhead)
- .count()) +
- " " +
- std::to_string(
- std::chrono::duration_cast<std::chrono::duration<double>>(suspendTime).count());
- ASSERT_TRUE(WriteStringToFile(suspendStr, suspendTimeFile.path));
- checkLoop(numberOfSuspends);
- }
-
- void checkSuspendInfo(const SuspendInfo& expected) {
- SystemSuspend* s = static_cast<SystemSuspend*>(suspend.get());
-
- SuspendInfo actual;
- s->getSuspendInfo(&actual);
-
- ASSERT_EQ(actual.suspendAttemptCount, expected.suspendAttemptCount);
- ASSERT_EQ(actual.failedSuspendCount, expected.failedSuspendCount);
- ASSERT_EQ(actual.shortSuspendCount, expected.shortSuspendCount);
- ASSERT_EQ(actual.suspendTimeMillis, expected.suspendTimeMillis);
- ASSERT_EQ(actual.shortSuspendTimeMillis, expected.shortSuspendTimeMillis);
- ASSERT_EQ(actual.suspendOverheadTimeMillis, expected.suspendOverheadTimeMillis);
- ASSERT_EQ(actual.failedSuspendOverheadTimeMillis, expected.failedSuspendOverheadTimeMillis);
- ASSERT_EQ(actual.newBackoffCount, expected.newBackoffCount);
- ASSERT_EQ(actual.backoffContinueCount, expected.backoffContinueCount);
- ASSERT_EQ(actual.sleepTimeMillis, expected.sleepTimeMillis);
- }
-
- unique_fd wakeupCountServiceFd;
- unique_fd stateServiceFd;
- unique_fd stateTestFd;
- unique_fd wakeupCountTestFd;
- unique_fd wakeupReasonsFd;
- unique_fd suspendTimeFd;
- TemporaryFile wakeupReasonsFile;
- TemporaryFile suspendTimeFile;
- TemporaryFile stateFile;
- TemporaryFile wakeupCountFile;
- sp<SuspendControlService> suspendControl;
- sp<SuspendControlServiceInternal> suspendControlInternal;
- sp<ISystemSuspend> suspend;
-
- const SleepTimeConfig kSleepTimeConfig = {
- .baseSleepTime = 100ms,
- .maxSleepTime = 400ms,
- .sleepTimeScaleFactor = 1.9,
- .backoffThreshold = 1,
- .shortSuspendThreshold = 100ms,
- .failedSuspendBackoffEnabled = true,
- .shortSuspendBackoffEnabled = true,
- };
-
- const int64_t kLongSuspendMillis = 10000; // >= kSleepTimeConfig.shortSuspendThreshold
- const int64_t kShortSuspendMillis = 10; // < kSleepTimeConfig.shortSuspendThreshold
- const int64_t kSuspendOverheadMillis = 20;
-};
-
-TEST_F(SuspendWakeupTest, LongSuspendStat) {
- suspendFor(std::chrono::milliseconds(kLongSuspendMillis),
- std::chrono::milliseconds(kSuspendOverheadMillis), 1);
- SuspendInfo expected;
- expected.suspendAttemptCount = 1;
- expected.suspendTimeMillis = kLongSuspendMillis;
- expected.suspendOverheadTimeMillis = kSuspendOverheadMillis;
- expected.sleepTimeMillis = kSleepTimeConfig.baseSleepTime.count();
- checkSuspendInfo(expected);
-}
-
-TEST_F(SuspendWakeupTest, ShortSuspendStat) {
- suspendFor(std::chrono::milliseconds(kShortSuspendMillis),
- std::chrono::milliseconds(kSuspendOverheadMillis), 1);
- SuspendInfo expected;
- expected.suspendAttemptCount = 1;
- expected.shortSuspendCount = 1;
- expected.shortSuspendTimeMillis = kShortSuspendMillis;
- expected.suspendTimeMillis = kShortSuspendMillis;
- expected.suspendOverheadTimeMillis = kSuspendOverheadMillis;
- expected.sleepTimeMillis = kSleepTimeConfig.baseSleepTime.count();
- checkSuspendInfo(expected);
-}
-
-TEST_F(SuspendWakeupTest, ShortSuspendBackoffStat) {
- suspendFor(std::chrono::milliseconds(kShortSuspendMillis),
- std::chrono::milliseconds(kSuspendOverheadMillis), 2);
- SuspendInfo expected;
- expected.suspendAttemptCount = 2;
- expected.shortSuspendCount = 2;
- expected.shortSuspendTimeMillis = kShortSuspendMillis * 2;
- expected.suspendTimeMillis = kShortSuspendMillis * 2;
- expected.suspendOverheadTimeMillis = kSuspendOverheadMillis * 2;
- expected.newBackoffCount = 1;
- expected.sleepTimeMillis = kSleepTimeConfig.baseSleepTime.count() * 2;
- checkSuspendInfo(expected);
-}
-
-TEST_F(SuspendWakeupTest, ShortSuspendBackoffContinueStat) {
- suspendFor(std::chrono::milliseconds(kShortSuspendMillis),
- std::chrono::milliseconds(kSuspendOverheadMillis), 2);
- SuspendInfo expected;
- expected.suspendAttemptCount = 2;
- expected.shortSuspendCount = 2;
- expected.shortSuspendTimeMillis = kShortSuspendMillis * 2;
- expected.suspendTimeMillis = kShortSuspendMillis * 2;
- expected.suspendOverheadTimeMillis = kSuspendOverheadMillis * 2;
- expected.newBackoffCount = 1;
- expected.sleepTimeMillis = kSleepTimeConfig.baseSleepTime.count() * 2;
- checkSuspendInfo(expected);
-
- suspendFor(std::chrono::milliseconds(kShortSuspendMillis),
- std::chrono::milliseconds(kSuspendOverheadMillis), 1);
- expected.suspendAttemptCount += 1;
- expected.shortSuspendCount += 1;
- expected.shortSuspendTimeMillis += kShortSuspendMillis;
- expected.suspendTimeMillis += kShortSuspendMillis;
- expected.suspendOverheadTimeMillis += kSuspendOverheadMillis;
- expected.backoffContinueCount += 1;
- expected.sleepTimeMillis +=
- std::chrono::round<std::chrono::milliseconds>(kSleepTimeConfig.baseSleepTime *
- kSleepTimeConfig.sleepTimeScaleFactor)
- .count();
- checkSuspendInfo(expected);
-}
-
-TEST_F(SuspendWakeupTest, GetSingleWakeupReasonStat) {
- wakeup("abc");
-
- std::vector<WakeupInfo> wStats;
- ASSERT_TRUE(suspendControlInternal->getWakeupStats(&wStats).isOk());
- ASSERT_EQ(wStats.size(), 1);
- ASSERT_EQ(wStats[0].name, "abc");
- ASSERT_EQ(wStats[0].count, 1);
-}
-
-TEST_F(SuspendWakeupTest, GetChainedWakeupReasonStat) {
- wakeup("a\nb");
-
- std::vector<WakeupInfo> wStats;
- ASSERT_TRUE(suspendControlInternal->getWakeupStats(&wStats).isOk());
- ASSERT_EQ(wStats.size(), 1);
- ASSERT_EQ(wStats[0].name, "a;b");
- ASSERT_EQ(wStats[0].count, 1);
-}
-
-TEST_F(SuspendWakeupTest, GetMultipleWakeupReasonStats) {
- wakeup("abc");
- wakeup("d\ne");
- wakeup("");
- wakeup("");
- wakeup("wxyz\nabc\n");
- wakeup("abc");
-
- std::vector<WakeupInfo> wStats;
- ASSERT_TRUE(suspendControlInternal->getWakeupStats(&wStats).isOk());
- ASSERT_EQ(wStats.size(), 4);
- ASSERT_EQ(wStats[0].name, "abc");
- ASSERT_EQ(wStats[0].count, 2);
- ASSERT_EQ(wStats[1].name, "wxyz;abc");
- ASSERT_EQ(wStats[1].count, 1);
- ASSERT_EQ(wStats[2].name, "unknown");
- ASSERT_EQ(wStats[2].count, 2);
- ASSERT_EQ(wStats[3].name, "d;e");
- ASSERT_EQ(wStats[3].count, 1);
-}
-
-TEST(WakeupListTest, TestEmpty) {
- WakeupList wakeupList(3);
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_TRUE(wakeups.empty());
-}
-
-TEST(WakeupListTest, TestNoCapacity) {
- WakeupList wakeupList(0);
-
- wakeupList.update({"a"});
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_TRUE(wakeups.empty());
-}
-
-TEST(WakeupListTest, TestConcat) {
- WakeupList wakeupList(3);
-
- wakeupList.update({"a", "b"});
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_EQ(wakeups[0].name, "a;b");
- ASSERT_EQ(wakeups[0].count, 1);
-}
-
-TEST(WakeupListTest, TestNewEntry) {
- WakeupList wakeupList(3);
-
- wakeupList.update({"a"});
- wakeupList.update({"b"});
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_EQ(wakeups[1].name, "a");
- ASSERT_EQ(wakeups[1].count, 1);
- ASSERT_EQ(wakeups[0].name, "b");
- ASSERT_EQ(wakeups[0].count, 1);
-}
-
-TEST(WakeupListTest, TestIncrement) {
- WakeupList wakeupList(3);
-
- wakeupList.update({"a"});
- wakeupList.update({"b"});
- wakeupList.update({"a"});
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_EQ(wakeups[0].name, "a");
- ASSERT_EQ(wakeups[0].count, 2);
- ASSERT_EQ(wakeups[1].name, "b");
- ASSERT_EQ(wakeups[1].count, 1);
-}
-
-TEST(WakeupListTest, TestCapacity) {
- WakeupList wakeupList(3);
-
- wakeupList.update({"a"});
- wakeupList.update({"b"});
- wakeupList.update({"c"});
- wakeupList.update({"d"});
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_EQ(wakeups.size(), 3);
- ASSERT_EQ(wakeups[0].name, "d");
- ASSERT_EQ(wakeups[0].count, 1);
- ASSERT_EQ(wakeups[1].name, "c");
- ASSERT_EQ(wakeups[1].count, 1);
- ASSERT_EQ(wakeups[2].name, "b");
- ASSERT_EQ(wakeups[2].count, 1);
-}
-
-TEST(WakeupListTest, TestLRUEvict) {
- WakeupList wakeupList(3);
-
- wakeupList.update({"a"});
- wakeupList.update({"b"});
- wakeupList.update({"a"});
- wakeupList.update({"c"});
- wakeupList.update({"c"});
- wakeupList.update({"c"});
- wakeupList.update({"d"});
-
- std::vector<WakeupInfo> wakeups;
- wakeupList.getWakeupStats(&wakeups);
-
- ASSERT_EQ(wakeups.size(), 3);
- ASSERT_EQ(wakeups[0].name, "d");
- ASSERT_EQ(wakeups[0].count, 1);
- ASSERT_EQ(wakeups[1].name, "c");
- ASSERT_EQ(wakeups[1].count, 3);
- ASSERT_EQ(wakeups[2].name, "a");
- ASSERT_EQ(wakeups[2].count, 2);
-}
-
} // namespace android
int main(int argc, char** argv) {
- android::hardware::details::setTrebleTestingOverride(true);
+ setenv("TREBLE_TESTING_OVERRIDE", "true", true);
::testing::InitGoogleMock(&argc, argv);
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
diff --git a/suspend/1.0/default/WakeLockEntryList.cpp b/suspend/1.0/default/WakeLockEntryList.cpp
index 8a05a30..9a58087 100644
--- a/suspend/1.0/default/WakeLockEntryList.cpp
+++ b/suspend/1.0/default/WakeLockEntryList.cpp
@@ -370,13 +370,12 @@
}
void WakeLockEntryList::getWakeLockStats(std::vector<WakeLockInfo>* aidl_return) const {
- // Under no circumstances should the lock be held while getting kernel wakelock stats
- {
- std::lock_guard<std::mutex> lock(mStatsLock);
- for (const WakeLockInfo& entry : mStats) {
- aidl_return->emplace_back(entry);
- }
+ std::lock_guard<std::mutex> lock(mStatsLock);
+
+ for (const WakeLockInfo& entry : mStats) {
+ aidl_return->emplace_back(entry);
}
+
getKernelWakelockStats(aidl_return);
}
diff --git a/suspend/1.0/default/WakeLockEntryList.h b/suspend/1.0/default/WakeLockEntryList.h
index 4a792cb..3b72f77 100644
--- a/suspend/1.0/default/WakeLockEntryList.h
+++ b/suspend/1.0/default/WakeLockEntryList.h
@@ -18,7 +18,7 @@
#define ANDROID_SYSTEM_SUSPEND_WAKE_LOCK_ENTRY_LIST_H
#include <android-base/unique_fd.h>
-#include <android/system/suspend/internal/WakeLockInfo.h>
+#include <android/system/suspend/WakeLockInfo.h>
#include <utils/Mutex.h>
#include <list>
@@ -27,8 +27,6 @@
#include <utility>
#include <vector>
-using ::android::system::suspend::internal::WakeLockInfo;
-
namespace android {
namespace system {
namespace suspend {
diff --git a/suspend/1.0/default/WakeupList.cpp b/suspend/1.0/default/WakeupList.cpp
deleted file mode 100644
index 1adc915..0000000
--- a/suspend/1.0/default/WakeupList.cpp
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "WakeupList.h"
-
-#include <android-base/logging.h>
-#include <android-base/strings.h>
-
-namespace android {
-namespace system {
-namespace suspend {
-namespace V1_0 {
-
-WakeupList::WakeupList(size_t capacity) : mCapacity(capacity) {}
-
-void WakeupList::getWakeupStats(std::vector<WakeupInfo>* wakeups) const {
- std::scoped_lock lock(mLock);
-
- for (const WakeupInfo& w : mWakeups) {
- wakeups->push_back(w);
- }
-}
-
-void WakeupList::update(const std::vector<std::string>& wakeupReasons) {
- if (wakeupReasons.empty()) {
- LOG(ERROR) << "WakeupList: empty wakeup reasons";
- return;
- }
- std::string key = ::android::base::Join(wakeupReasons, ";");
-
- std::scoped_lock lock(mLock);
-
- auto it = mLookupTable.find(key);
- if (it == mLookupTable.end()) {
- // Create a new entry
- WakeupInfo w;
- w.name = key;
- w.count = 1;
-
- insert(std::move(w));
- evict();
- } else {
- // Entry found. Increment the count
- auto staleEntry = it->second;
- WakeupInfo updatedEntry = *staleEntry;
- updatedEntry.count++;
-
- erase(staleEntry);
- insert(std::move(updatedEntry));
- }
-}
-
-void WakeupList::evict() {
- if (mWakeups.size() > mCapacity) {
- erase(std::prev(mWakeups.end()));
- LOG(ERROR) << "WakeupList: Capacity met, consider adjusting capacity to "
- "avoid stats eviction.";
- }
-}
-
-void WakeupList::insert(WakeupInfo entry) {
- mWakeups.push_front(entry);
- mLookupTable.insert_or_assign(entry.name, mWakeups.begin());
-}
-
-void WakeupList::erase(std::list<WakeupInfo>::iterator entry) {
- mLookupTable.erase(entry->name);
- mWakeups.erase(entry);
-}
-
-} // namespace V1_0
-} // namespace suspend
-} // namespace system
-} // namespace android
\ No newline at end of file
diff --git a/suspend/1.0/default/WakeupList.h b/suspend/1.0/default/WakeupList.h
deleted file mode 100644
index cc8f2d9..0000000
--- a/suspend/1.0/default/WakeupList.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#pragma once
-
-#include <android/system/suspend/internal/WakeupInfo.h>
-
-#include <utils/Mutex.h>
-
-#include <list>
-#include <unordered_map>
-
-using ::android::system::suspend::internal::WakeupInfo;
-
-namespace android {
-namespace system {
-namespace suspend {
-namespace V1_0 {
-
-/*
- * WakeupList to collect wakeup stats.
- * This class is thread safe.
- */
-class WakeupList {
- public:
- WakeupList(size_t capacity);
- void getWakeupStats(std::vector<WakeupInfo>* wakeups) const;
- void update(const std::vector<std::string>& wakeupReasons);
-
- private:
- void evict() REQUIRES(mLock);
- void insert(WakeupInfo entry) REQUIRES(mLock);
- void erase(std::list<WakeupInfo>::iterator entry) REQUIRES(mLock);
-
- size_t mCapacity;
- mutable std::mutex mLock;
- std::list<WakeupInfo> mWakeups GUARDED_BY(mLock);
- std::unordered_map<std::string, std::list<WakeupInfo>::iterator> mLookupTable GUARDED_BY(mLock);
-};
-
-} // namespace V1_0
-} // namespace suspend
-} // namespace system
-} // namespace android
\ No newline at end of file
diff --git a/suspend/1.0/default/api/SuspendProperties-current.txt b/suspend/1.0/default/api/SuspendProperties-current.txt
deleted file mode 100644
index cf6b95b..0000000
--- a/suspend/1.0/default/api/SuspendProperties-current.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-props {
- module: "android.sysprop.SuspendProperties"
- prop {
- api_name: "backoff_threshold_count"
- type: UInt
- prop_name: "suspend.backoff_threshold_count"
- }
- prop {
- api_name: "base_sleep_time_millis"
- type: UInt
- prop_name: "suspend.base_sleep_time_millis"
- }
- prop {
- api_name: "failed_suspend_backoff_enabled"
- prop_name: "suspend.failed_suspend_backoff_enabled"
- }
- prop {
- api_name: "max_sleep_time_millis"
- type: UInt
- prop_name: "suspend.max_sleep_time_millis"
- }
- prop {
- api_name: "short_suspend_backoff_enabled"
- prop_name: "suspend.short_suspend_backoff_enabled"
- }
- prop {
- api_name: "short_suspend_threshold_millis"
- type: UInt
- prop_name: "suspend.short_suspend_threshold_millis"
- }
- prop {
- api_name: "sleep_time_scale_factor"
- type: Double
- prop_name: "suspend.sleep_time_scale_factor"
- }
-}
diff --git a/suspend/1.0/default/api/SuspendProperties-latest.txt b/suspend/1.0/default/api/SuspendProperties-latest.txt
deleted file mode 100644
index cf6b95b..0000000
--- a/suspend/1.0/default/api/SuspendProperties-latest.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-props {
- module: "android.sysprop.SuspendProperties"
- prop {
- api_name: "backoff_threshold_count"
- type: UInt
- prop_name: "suspend.backoff_threshold_count"
- }
- prop {
- api_name: "base_sleep_time_millis"
- type: UInt
- prop_name: "suspend.base_sleep_time_millis"
- }
- prop {
- api_name: "failed_suspend_backoff_enabled"
- prop_name: "suspend.failed_suspend_backoff_enabled"
- }
- prop {
- api_name: "max_sleep_time_millis"
- type: UInt
- prop_name: "suspend.max_sleep_time_millis"
- }
- prop {
- api_name: "short_suspend_backoff_enabled"
- prop_name: "suspend.short_suspend_backoff_enabled"
- }
- prop {
- api_name: "short_suspend_threshold_millis"
- type: UInt
- prop_name: "suspend.short_suspend_threshold_millis"
- }
- prop {
- api_name: "sleep_time_scale_factor"
- type: Double
- prop_name: "suspend.sleep_time_scale_factor"
- }
-}
diff --git a/suspend/1.0/default/main.cpp b/suspend/1.0/default/main.cpp
index d17cdb5..ab1c9d0 100644
--- a/suspend/1.0/default/main.cpp
+++ b/suspend/1.0/default/main.cpp
@@ -27,8 +27,6 @@
#include <sys/types.h>
#include <unistd.h>
-#include <SuspendProperties.sysprop.h>
-
#include "SuspendControlService.h"
#include "SystemSuspend.h"
@@ -39,29 +37,15 @@
using android::hardware::configureRpcThreadpool;
using android::hardware::joinRpcThreadpool;
using android::system::suspend::V1_0::ISystemSuspend;
-using android::system::suspend::V1_0::SleepTimeConfig;
using android::system::suspend::V1_0::SuspendControlService;
-using android::system::suspend::V1_0::SuspendControlServiceInternal;
using android::system::suspend::V1_0::SystemSuspend;
using namespace std::chrono_literals;
-using namespace ::android::sysprop;
-static constexpr size_t kStatsCapacity = 1000;
+static constexpr size_t kNativeWakeLockStatsCapacity = 1000;
static constexpr char kSysClassWakeup[] = "/sys/class/wakeup";
static constexpr char kSysPowerSuspendStats[] = "/sys/power/suspend_stats";
static constexpr char kSysPowerWakeupCount[] = "/sys/power/wakeup_count";
static constexpr char kSysPowerState[] = "/sys/power/state";
-// TODO(b/120445600): Use upstream mechanism for wakeup reasons once available
-static constexpr char kSysKernelWakeupReasons[] = "/sys/kernel/wakeup_reasons/last_resume_reason";
-static constexpr char kSysKernelSuspendTime[] = "/sys/kernel/wakeup_reasons/last_suspend_time";
-
-static constexpr uint32_t kDefaultMaxSleepTimeMillis = 60000;
-static constexpr uint32_t kDefaultBaseSleepTimeMillis = 100;
-static constexpr double kDefaultSleepTimeScaleFactor = 2.0;
-static constexpr uint32_t kDefaultBackoffThresholdCount = 0;
-static constexpr uint32_t kDefaultShortSuspendThresholdMillis = 0;
-static constexpr bool kDefaultFailedSuspendBackoffEnabled = true;
-static constexpr bool kDefaultShortSuspendBackoffEnabled = false;
int main() {
unique_fd wakeupCountFd{TEMP_FAILURE_RETRY(open(kSysPowerWakeupCount, O_CLOEXEC | O_RDWR))};
@@ -82,15 +66,6 @@
if (suspendStatsFd < 0) {
PLOG(ERROR) << "SystemSuspend: Error opening " << kSysPowerSuspendStats;
}
- unique_fd wakeupReasonsFd{
- TEMP_FAILURE_RETRY(open(kSysKernelWakeupReasons, O_CLOEXEC | O_RDONLY))};
- if (wakeupReasonsFd < 0) {
- PLOG(ERROR) << "SystemSuspend: Error opening " << kSysKernelWakeupReasons;
- }
- unique_fd suspendTimeFd{TEMP_FAILURE_RETRY(open(kSysKernelSuspendTime, O_CLOEXEC | O_RDONLY))};
- if (wakeupReasonsFd < 0) {
- PLOG(ERROR) << "SystemSuspend: Error opening " << kSysKernelSuspendTime;
- }
// If either /sys/power/wakeup_count or /sys/power/state fail to open, we construct
// SystemSuspend with blocking fds. This way this process will keep running, handle wake lock
@@ -102,24 +77,6 @@
Socketpair(SOCK_STREAM, &wakeupCountFd, &stateFd);
}
- SleepTimeConfig sleepTimeConfig = {
- .baseSleepTime = std::chrono::milliseconds(
- SuspendProperties::base_sleep_time_millis().value_or(kDefaultBaseSleepTimeMillis)),
- .maxSleepTime = std::chrono::milliseconds(
- SuspendProperties::max_sleep_time_millis().value_or(kDefaultMaxSleepTimeMillis)),
- .sleepTimeScaleFactor =
- SuspendProperties::sleep_time_scale_factor().value_or(kDefaultSleepTimeScaleFactor),
- .backoffThreshold =
- SuspendProperties::backoff_threshold_count().value_or(kDefaultBackoffThresholdCount),
- .shortSuspendThreshold =
- std::chrono::milliseconds(SuspendProperties::short_suspend_threshold_millis().value_or(
- kDefaultShortSuspendThresholdMillis)),
- .failedSuspendBackoffEnabled = SuspendProperties::failed_suspend_backoff_enabled().value_or(
- kDefaultFailedSuspendBackoffEnabled),
- .shortSuspendBackoffEnabled = SuspendProperties::short_suspend_backoff_enabled().value_or(
- kDefaultShortSuspendBackoffEnabled),
- };
-
configureRpcThreadpool(1, true /* callerWillJoin */);
sp<SuspendControlService> suspendControl = new SuspendControlService();
@@ -129,22 +86,14 @@
LOG(FATAL) << "Unable to register suspend_control service: " << controlStatus;
}
- sp<SuspendControlServiceInternal> suspendControlInternal = new SuspendControlServiceInternal();
- controlStatus = android::defaultServiceManager()->addService(
- android::String16("suspend_control_internal"), suspendControlInternal);
- if (controlStatus != android::OK) {
- LOG(FATAL) << "Unable to register suspend_control_internal service: " << controlStatus;
- }
-
// Create non-HW binder threadpool for SuspendControlService.
sp<android::ProcessState> ps{android::ProcessState::self()};
ps->startThreadPool();
- sp<SystemSuspend> suspend = new SystemSuspend(
- std::move(wakeupCountFd), std::move(stateFd), std::move(suspendStatsFd), kStatsCapacity,
- std::move(kernelWakelockStatsFd), std::move(wakeupReasonsFd), std::move(suspendTimeFd),
- sleepTimeConfig, suspendControl, suspendControlInternal, true /* mUseSuspendCounter*/);
-
+ sp<SystemSuspend> suspend =
+ new SystemSuspend(std::move(wakeupCountFd), std::move(stateFd), std::move(suspendStatsFd),
+ kNativeWakeLockStatsCapacity, std::move(kernelWakelockStatsFd),
+ 100ms /* baseSleepTime */, suspendControl, true /* mUseSuspendCounter*/);
status_t status = suspend->registerAsService();
if (android::OK != status) {
LOG(FATAL) << "Unable to register system-suspend service: " << status;
diff --git a/suspend/TEST_MAPPING b/suspend/TEST_MAPPING
index a059d3b..0173ca8 100644
--- a/suspend/TEST_MAPPING
+++ b/suspend/TEST_MAPPING
@@ -2,9 +2,6 @@
"presubmit": [
{
"name": "SystemSuspendV1_0UnitTest"
- },
- {
- "name": "SystemSuspendV1_0AidlTest"
}
]
}
diff --git a/suspend/aidl/Android.bp b/suspend/aidl/Android.bp
index d0bebf1..ae81b90 100644
--- a/suspend/aidl/Android.bp
+++ b/suspend/aidl/Android.bp
@@ -1,13 +1,11 @@
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
aidl_interface {
- name: "android.system.suspend.control.internal",
+ name: "suspend_control_aidl_interface",
unstable: true,
local_include_dir: ".",
srcs: [
- "android/system/suspend/internal/*.aidl",
+ "android/system/suspend/ISuspendControlService.aidl",
+ "android/system/suspend/ISuspendCallback.aidl",
+ "android/system/suspend/WakeLockInfo.aidl",
],
backend: {
java: {
@@ -15,23 +13,3 @@
},
},
}
-
-aidl_interface {
- name: "android.system.suspend.control",
- local_include_dir: ".",
- srcs: [
- "android/system/suspend/*.aidl",
- ],
- backend: {
- ndk: {
- apex_available: [
- "//apex_available:platform",
- "com.android.bluetooth.updatable",
- ],
- },
- java: {
- sdk_version: "28",
- },
- },
- versions: ["1"],
-}
diff --git a/suspend/aidl/OWNERS b/suspend/aidl/OWNERS
new file mode 100644
index 0000000..5ca08a1
--- /dev/null
+++ b/suspend/aidl/OWNERS
@@ -0,0 +1,2 @@
+santoscordon@google.com
+trong@google.com
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/1/.hash b/suspend/aidl/aidl_api/android.system.suspend.control/1/.hash
deleted file mode 100644
index 68139ca..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/1/.hash
+++ /dev/null
@@ -1 +0,0 @@
-34506b107801d68c881c2c7368ad4c676aed3e9b
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/ISuspendCallback.aidl b/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/ISuspendCallback.aidl
deleted file mode 100644
index d3662ef..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/ISuspendCallback.aidl
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.suspend;
-/* @hide */
-interface ISuspendCallback {
- void notifyWakeup(boolean success, in @utf8InCpp String[] wakeupReasons);
-}
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/ISuspendControlService.aidl b/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/ISuspendControlService.aidl
deleted file mode 100644
index 32cfd14..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/ISuspendControlService.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.suspend;
-/* @hide */
-interface ISuspendControlService {
- boolean registerCallback(android.system.suspend.ISuspendCallback callback);
- boolean registerWakelockCallback(android.system.suspend.IWakelockCallback callback, @utf8InCpp String name);
-}
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/IWakelockCallback.aidl b/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/IWakelockCallback.aidl
deleted file mode 100644
index c1649f3..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/1/android/system/suspend/IWakelockCallback.aidl
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.suspend;
-/* @hide */
-interface IWakelockCallback {
- oneway void notifyAcquired();
- oneway void notifyReleased();
-}
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/ISuspendCallback.aidl b/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/ISuspendCallback.aidl
deleted file mode 100644
index e46a7d5..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/ISuspendCallback.aidl
+++ /dev/null
@@ -1,22 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.suspend;
-/* @hide */
-interface ISuspendCallback {
- void notifyWakeup(boolean success, in @utf8InCpp String[] wakeupReasons);
-}
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/ISuspendControlService.aidl b/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/ISuspendControlService.aidl
deleted file mode 100644
index 22361a8..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/ISuspendControlService.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.suspend;
-/* @hide */
-interface ISuspendControlService {
- boolean registerCallback(android.system.suspend.ISuspendCallback callback);
- boolean registerWakelockCallback(android.system.suspend.IWakelockCallback callback, @utf8InCpp String name);
-}
diff --git a/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/IWakelockCallback.aidl b/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/IWakelockCallback.aidl
deleted file mode 100644
index 13cda55..0000000
--- a/suspend/aidl/aidl_api/android.system.suspend.control/current/android/system/suspend/IWakelockCallback.aidl
+++ /dev/null
@@ -1,23 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.system.suspend;
-/* @hide */
-interface IWakelockCallback {
- oneway void notifyAcquired();
- oneway void notifyReleased();
-}
diff --git a/suspend/aidl/android/system/suspend/ISuspendCallback.aidl b/suspend/aidl/android/system/suspend/ISuspendCallback.aidl
index 530c6b6..f73a9f3 100644
--- a/suspend/aidl/android/system/suspend/ISuspendCallback.aidl
+++ b/suspend/aidl/android/system/suspend/ISuspendCallback.aidl
@@ -27,5 +27,5 @@
*
* @param success whether previous system suspend attempt was successful.
*/
- void notifyWakeup(boolean success, in @utf8InCpp String[] wakeupReasons);
+ void notifyWakeup(boolean success);
}
diff --git a/suspend/aidl/android/system/suspend/ISuspendControlService.aidl b/suspend/aidl/android/system/suspend/ISuspendControlService.aidl
index 9864dd2..b9ac74c 100644
--- a/suspend/aidl/android/system/suspend/ISuspendControlService.aidl
+++ b/suspend/aidl/android/system/suspend/ISuspendControlService.aidl
@@ -16,15 +16,23 @@
package android.system.suspend;
-import android.system.suspend.IWakelockCallback;
import android.system.suspend.ISuspendCallback;
+import android.system.suspend.WakeLockInfo;
/**
* Interface exposed by the suspend hal that allows framework to toggle the suspend loop and
* monitor native wakelocks.
* @hide
*/
-interface ISuspendControlService {
+interface ISuspendControlService
+{
+ /**
+ * Starts automatic system suspendion.
+ *
+ * @return true on success, false otherwise.
+ */
+ boolean enableAutosuspend();
+
/**
* Registers a callback for suspend events. ISuspendControlService must keep track of all
* registered callbacks unless the client process that registered the callback dies.
@@ -35,11 +43,12 @@
boolean registerCallback(ISuspendCallback callback);
/**
- * Registers a callback for a wakelock specified by its name.
- *
- * @param callback the callback to register.
- * @param name the name of the wakelock.
- * @return true on success, false otherwise.
+ * Suspends the system even if there are wakelocks being held.
*/
- boolean registerWakelockCallback(IWakelockCallback callback, @utf8InCpp String name);
+ boolean forceSuspend();
+
+ /**
+ * Returns a list of wake lock stats.
+ */
+ WakeLockInfo[] getWakeLockStats();
}
diff --git a/suspend/aidl/android/system/suspend/IWakelockCallback.aidl b/suspend/aidl/android/system/suspend/IWakelockCallback.aidl
deleted file mode 100644
index 8c95a87..0000000
--- a/suspend/aidl/android/system/suspend/IWakelockCallback.aidl
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.suspend;
-
-/**
- * Callback interface for monitoring wakelock events.
- * @hide
- */
-oneway interface IWakelockCallback {
- /**
- * ISuspendControlService will call this to notify the subscriber the specific wakelock is
- * acquired.
- */
- void notifyAcquired();
-
- /**
- * ISuspendControlService will call this to notify the subscriber the specific wakelock is
- * released.
- */
- void notifyReleased();
-}
diff --git a/suspend/aidl/android/system/suspend/internal/WakeLockInfo.aidl b/suspend/aidl/android/system/suspend/WakeLockInfo.aidl
similarity index 98%
rename from suspend/aidl/android/system/suspend/internal/WakeLockInfo.aidl
rename to suspend/aidl/android/system/suspend/WakeLockInfo.aidl
index 34ed45e..12c6a66 100644
--- a/suspend/aidl/android/system/suspend/internal/WakeLockInfo.aidl
+++ b/suspend/aidl/android/system/suspend/WakeLockInfo.aidl
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.system.suspend.internal;
+package android.system.suspend;
/**
diff --git a/suspend/aidl/android/system/suspend/internal/ISuspendControlServiceInternal.aidl b/suspend/aidl/android/system/suspend/internal/ISuspendControlServiceInternal.aidl
deleted file mode 100644
index 99ac525..0000000
--- a/suspend/aidl/android/system/suspend/internal/ISuspendControlServiceInternal.aidl
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.suspend.internal;
-
-import android.system.suspend.internal.SuspendInfo;
-import android.system.suspend.internal.WakeLockInfo;
-import android.system.suspend.internal.WakeupInfo;
-
-/**
- * Interface exposed by the suspend hal that allows framework to toggle the suspend loop and
- * monitor native wakelocks.
- * @hide
- */
-interface ISuspendControlServiceInternal {
- /**
- * Starts automatic system suspension.
- *
- * @return true on success, false otherwise.
- */
- boolean enableAutosuspend();
-
- /**
- * Suspends the system even if there are wakelocks being held.
- */
- boolean forceSuspend();
-
- /**
- * Returns a list of wake lock stats.
- */
- WakeLockInfo[] getWakeLockStats();
-
- /**
- * Returns a list of wakeup stats.
- */
- WakeupInfo[] getWakeupStats();
-
- /**
- * Returns stats related to suspend.
- */
- SuspendInfo getSuspendStats();
-}
diff --git a/suspend/aidl/android/system/suspend/internal/SuspendInfo.aidl b/suspend/aidl/android/system/suspend/internal/SuspendInfo.aidl
deleted file mode 100644
index ea7b5f8..0000000
--- a/suspend/aidl/android/system/suspend/internal/SuspendInfo.aidl
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.suspend.internal;
-
-parcelable SuspendInfo {
- /* Total number of times that suspend was attempted */
- long suspendAttemptCount;
-
- /* Total number of times that suspend attempt failed */
- long failedSuspendCount;
-
- /**
- * Total number of times that a short suspend occurred. A successful suspend is considered a
- * short suspend if the suspend duration is less than suspend.short_suspend_threshold_millis
- */
- long shortSuspendCount;
-
- /* Total time, in milliseconds, spent in suspend */
- long suspendTimeMillis;
-
- /* Total time, in milliseconds, spent in short suspends */
- long shortSuspendTimeMillis;
-
- /* Total time, in milliseconds, spent doing suspend/resume work for successful suspends */
- long suspendOverheadTimeMillis;
-
- /* Total time, in milliseconds, spent doing suspend/resume work for failed suspends */
- long failedSuspendOverheadTimeMillis;
-
- /**
- * Total number of times the number of consecutive bad (short, failed) suspends
- * crossed suspend.backoff_threshold_count
- */
- long newBackoffCount;
-
- /**
- * Total number of times the number of consecutive bad (short, failed) suspends
- * exceeded suspend.backoff_threshold_count
- */
- long backoffContinueCount;
-
- /* Total time, in milliseconds, that system has waited between suspend attempts */
- long sleepTimeMillis;
-}
\ No newline at end of file
diff --git a/suspend/aidl/android/system/suspend/internal/WakeupInfo.aidl b/suspend/aidl/android/system/suspend/internal/WakeupInfo.aidl
deleted file mode 100644
index d77099a..0000000
--- a/suspend/aidl/android/system/suspend/internal/WakeupInfo.aidl
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.system.suspend.internal;
-
-parcelable WakeupInfo {
- /* Name of the wakeup from /sys/kernel/wakeup_reasons/last_resume_reason */
- @utf8InCpp String name;
-
- /* Number of times the wakeup was encountered */
- long count;
-}
\ No newline at end of file
diff --git a/wifi/keystore/1.0/Android.bp b/wifi/keystore/1.0/Android.bp
index 103efde..6b12292 100644
--- a/wifi/keystore/1.0/Android.bp
+++ b/wifi/keystore/1.0/Android.bp
@@ -1,12 +1,11 @@
// This file is autogenerated by hidl-gen -Landroidbp.
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
hidl_interface {
name: "android.system.wifi.keystore@1.0",
root: "android.system",
+ vndk: {
+ enabled: true,
+ },
srcs: [
"IKeystore.hal",
],
diff --git a/wifi/keystore/1.0/default/Android.bp b/wifi/keystore/1.0/default/Android.bp
index c1efded..7996f16 100644
--- a/wifi/keystore/1.0/default/Android.bp
+++ b/wifi/keystore/1.0/default/Android.bp
@@ -1,7 +1,3 @@
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
cc_library_static {
name: "libwifikeystorehal",
cppflags: [
@@ -11,15 +7,15 @@
],
srcs: ["keystore.cpp"],
shared_libs: [
- "android.system.keystore2-V1-ndk_platform",
- "android.security.legacykeystore-ndk_platform",
"android.system.wifi.keystore@1.0",
"libbase",
"libbinder",
- "libbinder_ndk",
"libcrypto",
"libcutils",
"libhidlbase",
+ "libkeystore_aidl",
+ "libkeystore_binder",
+ "libkeystore_parcelables",
"liblog",
"libssl",
"libutils",
diff --git a/wifi/keystore/1.0/default/OWNERS b/wifi/keystore/1.0/default/OWNERS
index c7e30be..8bfb148 100644
--- a/wifi/keystore/1.0/default/OWNERS
+++ b/wifi/keystore/1.0/default/OWNERS
@@ -1,2 +1,2 @@
-haishalom@google.com
+rpius@google.com
etancohen@google.com
diff --git a/wifi/keystore/1.0/default/include/wifikeystorehal/keystore.h b/wifi/keystore/1.0/default/include/wifikeystorehal/keystore.h
index 32607b6..2e2bed6 100644
--- a/wifi/keystore/1.0/default/include/wifikeystorehal/keystore.h
+++ b/wifi/keystore/1.0/default/include/wifikeystorehal/keystore.h
@@ -5,6 +5,7 @@
#include <hidl/MQDescriptor.h>
#include <hidl/Status.h>
+#include <android/security/keystore/IKeystoreService.h>
#include <binder/IServiceManager.h>
namespace android {
diff --git a/wifi/keystore/1.0/default/keystore.cpp b/wifi/keystore/1.0/default/keystore.cpp
index 69bac18..467741f 100644
--- a/wifi/keystore/1.0/default/keystore.cpp
+++ b/wifi/keystore/1.0/default/keystore.cpp
@@ -1,370 +1,339 @@
+#include <android-base/logging.h>
+#include <android/security/keystore/BnKeystoreOperationResultCallback.h>
+#include <android/security/keystore/BnKeystoreResponseCallback.h>
+#include <android/security/keystore/IKeystoreService.h>
+#include <binder/IServiceManager.h>
+#include <private/android_filesystem_config.h>
+
+#include <keystore/KeyCharacteristics.h>
+#include <keystore/KeymasterArguments.h>
+#include <keystore/KeymasterBlob.h>
+#include <keystore/KeystoreResponse.h>
+#include <keystore/OperationResult.h>
+#include <keystore/keymaster_types.h>
+#include <keystore/keystore.h>
+#include <keystore/keystore_hidl_support.h>
+#include <keystore/keystore_promises.h>
+#include <keystore/keystore_return_types.h>
+
+#include <future>
+#include <vector>
#include "include/wifikeystorehal/keystore.h"
-#include <aidl/android/security/legacykeystore/ILegacyKeystore.h>
-#include <aidl/android/system/keystore2/IKeystoreService.h>
-#include <aidl/android/system/keystore2/ResponseCode.h>
-#include <android-base/logging.h>
-#include <android-base/strings.h>
-#include <android/binder_manager.h>
-#include <binder/IServiceManager.h>
+#include <ctype.h>
#include <openssl/base.h>
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
-#include <private/android_filesystem_config.h>
#include <stdio.h>
-
-#include <vector>
-
-#include "wifikeystorehal_utils.h"
+#include <stdlib.h>
+#include <string.h>
#define AT __func__ << ":" << __LINE__ << " "
-namespace ks2 = ::aidl::android::system::keystore2;
-namespace lks = ::aidl::android::security::legacykeystore;
-namespace KMV1 = ::aidl::android::hardware::security::keymint;
+using android::hardware::keymaster::V4_0::Algorithm;
+using android::hardware::keymaster::V4_0::authorizationValue;
+using android::hardware::keymaster::V4_0::Digest;
+using android::hardware::keymaster::V4_0::KeyFormat;
+using android::hardware::keymaster::V4_0::KeyParameter;
+using android::hardware::keymaster::V4_0::KeyPurpose;
+using android::hardware::keymaster::V4_0::NullOr;
+using android::hardware::keymaster::V4_0::PaddingMode;
+using android::hardware::keymaster::V4_0::TAG_ALGORITHM;
+using android::hardware::keymaster::V4_0::TAG_DIGEST;
+using android::hardware::keymaster::V4_0::TAG_PADDING;
+using android::security::keymaster::ExportResult;
+using android::security::keymaster::KeyCharacteristics;
+using android::security::keymaster::KeymasterArguments;
+using android::security::keymaster::KeymasterBlob;
+using android::security::keymaster::OperationResult;
+
+using KSReturn = keystore::KeyStoreNativeReturnCode;
namespace {
-constexpr const int64_t KS2_NAMESPACE_WIFI = 102;
+constexpr const char kKeystoreServiceName[] = "android.security.keystore";
+constexpr int32_t UID_SELF = -1;
-constexpr const char kKeystore2ServiceName[] = "android.system.keystore2.IKeystoreService/default";
-constexpr const char kLegacyKeystoreServiceName[] = "android.security.legacykeystore";
+using keystore::KeyCharacteristicsPromise;
+using keystore::KeystoreExportPromise;
+using keystore::KeystoreResponsePromise;
+using keystore::OperationResultPromise;
-const std::string keystore2_grant_id_prefix("ks2_keystore-engine_grant_id:");
-
-ks2::KeyDescriptor mkKeyDescriptor(const std::string& alias) {
- // If the key_id starts with the grant id prefix, we parse the following string as numeric
- // grant id. We can then use the grant domain without alias to load the designated key.
- if (android::base::StartsWith(alias, keystore2_grant_id_prefix)) {
- std::stringstream s(alias.substr(keystore2_grant_id_prefix.size()));
- uint64_t tmp;
- s >> std::hex >> tmp;
- if (s.fail() || !s.eof()) {
- LOG(ERROR) << AT << "Couldn't parse grant name: " << alias;
- }
- return {
- .domain = ks2::Domain::GRANT,
- .nspace = static_cast<int64_t>(tmp),
- .alias = std::nullopt,
- .blob = std::nullopt,
- };
- } else {
- return {
- .domain = ks2::Domain::SELINUX,
- .nspace = KS2_NAMESPACE_WIFI,
- .alias = alias,
- .blob = std::nullopt,
- };
+NullOr<const Algorithm&> getKeyAlgorithmFromKeyCharacteristics(
+ const ::android::security::keymaster::KeyCharacteristics& characteristics) {
+ for (const auto& param : characteristics.hardwareEnforced.getParameters()) {
+ auto algo = authorizationValue(TAG_ALGORITHM, param);
+ if (algo.isOk()) return algo;
}
+ for (const auto& param : characteristics.softwareEnforced.getParameters()) {
+ auto algo = authorizationValue(TAG_ALGORITHM, param);
+ if (algo.isOk()) return algo;
+ }
+ return {};
}
-using android::hardware::hidl_string;
-using android::hardware::hidl_vec;
-
-// Helper method to convert certs in DER format to PEM format required by
-// openssl library used by supplicant. If boringssl cannot parse the input as one or more
-// X509 certificates in DER encoding, this function returns the input as-is. The assumption in
-// that case is that either the `cert_bytes` is already PEM encoded, or `cert_bytes` is something
-// completely different that was intentionally installed by the Wi-Fi subsystem and it must not
-// be changed here.
-// If any error occurs during PEM encoding, this function returns std::nullopt and logs an error.
-std::optional<hidl_vec<uint8_t>> convertDerCertToPemOrPassthrough(
- const std::vector<uint8_t>& cert_bytes) {
- // If cert_bytes is a DER encoded X509 certificate, it must be reencoded as PEM, because
- // wpa_supplicant only understand PEM. Otherwise the cert_bytes are returned as is.
- const uint8_t* cert_current = cert_bytes.data();
- const uint8_t* cert_end = cert_current + cert_bytes.size();
- bssl::UniquePtr<BIO> pem_bio(BIO_new(BIO_s_mem()));
- while (cert_current < cert_end) {
- auto cert =
- bssl::UniquePtr<X509>(d2i_X509(nullptr, &cert_current, cert_end - cert_current));
- // If part of the bytes cannot be parsed as X509 DER certificate, the original blob
- // shall be returned as-is.
- if (!cert) {
- LOG(WARNING) << AT
- << "Could not parse DER X509 cert from buffer. Returning blob as is.";
- return cert_bytes;
- }
-
- if (!PEM_write_bio_X509(pem_bio.get(), cert.get())) {
- LOG(ERROR) << AT << "Could not convert cert to PEM format.";
- return std::nullopt;
- }
+// Helper method to convert certs in DER format to PERM format required by
+// openssl library used by supplicant.
+std::vector<uint8_t> convertCertToPem(const std::vector<uint8_t>& cert_bytes) {
+ bssl::UniquePtr<BIO> cert_bio(BIO_new_mem_buf(cert_bytes.data(), cert_bytes.size()));
+ // Check if the cert is already in PEM format, on devices which have saved
+ // credentials from previous releases when upgrading to R.
+ bssl::UniquePtr<X509> cert_pem(PEM_read_bio_X509(cert_bio.get(), nullptr, nullptr, nullptr));
+ if (cert_pem) {
+ LOG(INFO) << AT << "Certificate already in PEM format, returning";
+ return cert_bytes;
}
-
+ // Reset the bio since the pointers will be moved by |PEM_read_bio_X509|.
+ BIO_reset(cert_bio.get());
+ bssl::UniquePtr<X509> cert(d2i_X509_bio(cert_bio.get(), nullptr));
+ if (!cert) {
+ LOG(ERROR) << AT << "Could not create cert from BIO";
+ return cert_bytes;
+ }
+ bssl::UniquePtr<BIO> pem_bio(BIO_new(BIO_s_mem()));
+ if (!PEM_write_bio_X509(pem_bio.get(), cert.get())) {
+ LOG(ERROR) << AT << "Could not convert cert to PEM format";
+ return {};
+ }
const uint8_t* pem_bytes;
size_t pem_len;
if (!BIO_mem_contents(pem_bio.get(), &pem_bytes, &pem_len)) {
- LOG(ERROR) << AT << "Could not extract pem_bytes from BIO.";
- return std::nullopt;
- }
- return {{pem_bytes, pem_bytes + pem_len}};
-}
-
-std::optional<std::vector<uint8_t>> keyStore2GetCert(const hidl_string& key) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kKeystore2ServiceName));
- auto keystore2 = ks2::IKeystoreService::fromBinder(keystoreBinder);
-
- if (!keystore2) {
- LOG(WARNING) << AT << "Unable to connect to Keystore 2.0.";
return {};
}
-
- bool ca_cert = false;
- std::string alias = key.c_str();
- if (android::base::StartsWith(alias, "CACERT_")) {
- alias = alias.substr(7);
- ca_cert = true;
- } else if (android::base::StartsWith(alias, "USRCERT_")) {
- alias = alias.substr(8);
- }
-
- ks2::KeyDescriptor descriptor = mkKeyDescriptor(alias);
-
- // If the key_id starts with the grant id prefix, we parse the following string as numeric
- // grant id. We can then use the grant domain without alias to load the designated key.
- if (android::base::StartsWith(alias, keystore2_grant_id_prefix)) {
- std::stringstream s(alias.substr(keystore2_grant_id_prefix.size()));
- uint64_t tmp;
- s >> std::hex >> tmp;
- if (s.fail() || !s.eof()) {
- LOG(ERROR) << AT << "Couldn't parse grant name: " << alias;
- }
- descriptor.nspace = static_cast<int64_t>(tmp);
- descriptor.domain = ks2::Domain::GRANT;
- descriptor.alias = std::nullopt;
- }
-
- ks2::KeyEntryResponse response;
- auto rc = keystore2->getKeyEntry(descriptor, &response);
- if (!rc.isOk()) {
- if (rc.getServiceSpecificError() != int32_t(ks2::ResponseCode::KEY_NOT_FOUND)) {
- LOG(WARNING) << AT
- << "Entry not found in Keystore 2.0. Falling back to legacy keystore.";
- } else {
- LOG(ERROR) << AT << "Keystore 2.0 getKeyEntry failed error: " << rc.getDescription();
- }
- return {};
- }
-
- if (ca_cert && response.metadata.certificateChain) {
- return std::move(*response.metadata.certificateChain);
- } else if (!ca_cert && response.metadata.certificate) {
- return std::move(*response.metadata.certificate);
- } else {
- LOG(WARNING) << AT << "No " << (ca_cert ? "CA" : "client") << " certificate found. "
- << "Falling back to legacy keystore.";
- return {};
- }
+ return {pem_bytes, pem_bytes + pem_len};
}
-
-std::optional<std::vector<uint8_t>> keyStore2GetPubKey(const hidl_string& key) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kKeystore2ServiceName));
- auto keystore2 = ks2::IKeystoreService::fromBinder(keystoreBinder);
-
- if (!keystore2) {
- LOG(WARNING) << AT << "Unable to connect to Keystore 2.0.";
- return std::nullopt;
- }
-
- std::string alias = key.c_str();
- if (android::base::StartsWith(alias, "USRPKEY_")) {
- alias = alias.substr(8);
- }
-
- ks2::KeyDescriptor descriptor = mkKeyDescriptor(alias);
-
- ks2::KeyEntryResponse response;
- auto rc = keystore2->getKeyEntry(descriptor, &response);
- if (!rc.isOk()) {
- auto exception_code = rc.getExceptionCode();
- if (exception_code == EX_SERVICE_SPECIFIC) {
- LOG(ERROR) << AT << "Keystore getKeyEntry returned service specific error: "
- << rc.getServiceSpecificError();
- } else {
- LOG(ERROR) << AT << "Communication with Keystore getKeyEntry failed error: "
- << exception_code;
- }
- return std::nullopt;
- }
-
- if (!response.metadata.certificate) {
- LOG(ERROR) << AT << "No public key found.";
- return std::nullopt;
- }
-
- std::optional<std::vector<uint8_t>> pub_key(extractPubKey(*response.metadata.certificate));
- return pub_key;
-}
-
-std::optional<std::vector<uint8_t>> keyStore2Sign(const hidl_string& key,
- const hidl_vec<uint8_t>& dataToSign) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kKeystore2ServiceName));
- auto keystore2 = ks2::IKeystoreService::fromBinder(keystoreBinder);
-
- if (!keystore2) {
- LOG(WARNING) << AT << "Unable to connect to Keystore 2.0.";
- return std::nullopt;
- }
-
- std::string alias = key.c_str();
- if (android::base::StartsWith(alias, "USRPKEY_")) {
- alias = alias.substr(8);
- }
-
- ks2::KeyDescriptor descriptor = mkKeyDescriptor(alias);
-
- ks2::KeyEntryResponse response;
- auto rc = keystore2->getKeyEntry(descriptor, &response);
- if (!rc.isOk()) {
- auto exception_code = rc.getExceptionCode();
- if (exception_code == EX_SERVICE_SPECIFIC) {
- LOG(ERROR) << AT << "Keystore getKeyEntry returned service specific error: "
- << rc.getServiceSpecificError();
- } else {
- LOG(ERROR) << AT << "Communication with Keystore getKeyEntry failed error: "
- << exception_code;
- }
- return std::nullopt;
- }
-
- std::optional<KMV1::Algorithm> algorithm;
- for (auto& element : response.metadata.authorizations) {
- if (element.keyParameter.tag == KMV1::Tag::ALGORITHM) {
- algorithm = element.keyParameter.value.get<KMV1::KeyParameterValue::algorithm>();
- }
- }
-
- if (!algorithm) {
- LOG(ERROR) << AT << "Could not find signing algorithm.";
- return std::nullopt;
- }
-
- auto sec_level = response.iSecurityLevel;
-
- std::vector<KMV1::KeyParameter> op_params(4);
- op_params[0] = KMV1::KeyParameter{
- .tag = KMV1::Tag::PURPOSE,
- .value = KMV1::KeyParameterValue::make<KMV1::KeyParameterValue::keyPurpose>(
- KMV1::KeyPurpose::SIGN)};
- op_params[1] = KMV1::KeyParameter{
- .tag = KMV1::Tag::ALGORITHM,
- .value = KMV1::KeyParameterValue::make<KMV1::KeyParameterValue::algorithm>(*algorithm)};
- op_params[2] = KMV1::KeyParameter{
- .tag = KMV1::Tag::PADDING,
- .value = KMV1::KeyParameterValue::make<KMV1::KeyParameterValue::paddingMode>(
- KMV1::PaddingMode::NONE)};
- op_params[3] = KMV1::KeyParameter{
- .tag = KMV1::Tag::DIGEST,
- .value =
- KMV1::KeyParameterValue::make<KMV1::KeyParameterValue::digest>(KMV1::Digest::NONE)};
-
- ks2::CreateOperationResponse op_response;
-
- rc = sec_level->createOperation(descriptor, op_params, false /* forced */, &op_response);
- if (!rc.isOk()) {
- auto exception_code = rc.getExceptionCode();
- if (exception_code == EX_SERVICE_SPECIFIC) {
- LOG(ERROR) << AT << "Keystore createOperation returned service specific error: "
- << rc.getServiceSpecificError();
- } else {
- LOG(ERROR) << AT << "Communication with Keystore createOperation failed error: "
- << exception_code;
- }
- return std::nullopt;
- }
-
- auto op = op_response.iOperation;
- std::optional<std::vector<uint8_t>> output = std::nullopt;
-
- rc = op->finish(dataToSign, {}, &output);
- if (!rc.isOk()) {
- auto exception_code = rc.getExceptionCode();
- if (exception_code == EX_SERVICE_SPECIFIC) {
- LOG(ERROR) << AT << "Keystore finish returned service specific error: "
- << rc.getServiceSpecificError();
- } else {
- LOG(ERROR) << AT
- << "Communication with Keystore finish failed error: " << exception_code;
- }
- return std::nullopt;
- }
-
- if (!output) {
- LOG(ERROR) << AT << "Could not get a signature from Keystore.";
- }
-
- return output;
-}
-
-std::optional<std::vector<uint8_t>> getLegacyKeystoreBlob(const hidl_string& key) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kLegacyKeystoreServiceName));
- auto legacyKeystore = lks::ILegacyKeystore::fromBinder(keystoreBinder);
-
- if (!legacyKeystore) {
- LOG(WARNING) << AT << "Unable to connect to LegacyKeystore";
- return std::nullopt;
- }
-
- std::optional<std::vector<uint8_t>> blob(std::vector<uint8_t>{});
- auto rc = legacyKeystore->get(key, AID_WIFI, &*blob);
- if (!rc.isOk()) {
- LOG(ERROR) << AT << "Failed to get legacy keystore entry for alias \"" << key
- << "\": " << rc.getDescription();
- return std::nullopt;
- }
- return blob;
-}
-
}; // namespace
+
namespace android {
namespace system {
namespace wifi {
namespace keystore {
namespace V1_0 {
namespace implementation {
+
+using security::keystore::IKeystoreService;
// Methods from ::android::hardware::wifi::keystore::V1_0::IKeystore follow.
Return<void> Keystore::getBlob(const hidl_string& key, getBlob_cb _hidl_cb) {
- std::vector<uint8_t> result_cert;
- if (auto ks2_cert = keyStore2GetCert(key)) {
- result_cert = std::move(*ks2_cert);
- } else if (auto blob = getLegacyKeystoreBlob(key)) {
- result_cert = std::move(*blob);
- } else {
- LOG(ERROR) << AT << "Failed to get certificate.";
+ sp<IKeystoreService> service = interface_cast<IKeystoreService>(
+ defaultServiceManager()->getService(String16(kKeystoreServiceName)));
+ if (service == nullptr) {
_hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
return Void();
}
-
- if (auto result_cert_hidl = convertDerCertToPemOrPassthrough(result_cert)) {
- _hidl_cb(KeystoreStatusCode::SUCCESS, *result_cert_hidl);
- } else {
- LOG(ERROR) << AT << "Conversion to PEM failed.";
+ ::std::vector<uint8_t> value;
+ // Retrieve the blob as wifi user.
+ auto ret = service->get(String16(key.c_str()), AID_WIFI, &value);
+ if (!ret.isOk()) {
_hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
}
+ // convert to PEM before sending it to openssl library.
+ std::vector<uint8_t> pem_cert = convertCertToPem(value);
+ _hidl_cb(KeystoreStatusCode::SUCCESS, pem_cert);
return Void();
}
Return<void> Keystore::getPublicKey(const hidl_string& keyId, getPublicKey_cb _hidl_cb) {
- if (auto ks2_pubkey = keyStore2GetPubKey(keyId)) {
- _hidl_cb(KeystoreStatusCode::SUCCESS, std::move(*ks2_pubkey));
- } else {
- LOG(ERROR) << AT << "Failed to get public key.";
+ sp<IServiceManager> sm = defaultServiceManager();
+ sp<IBinder> binder = sm->getService(String16(kKeystoreServiceName));
+ sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
+
+ if (service == nullptr) {
+ LOG(ERROR) << AT << "could not contact keystore";
_hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
}
+
+ int32_t error_code;
+ android::sp<KeystoreExportPromise> promise(new KeystoreExportPromise);
+ auto future = promise->get_future();
+ auto binder_result = service->exportKey(
+ promise, String16(keyId.c_str()), static_cast<int32_t>(KeyFormat::X509),
+ KeymasterBlob() /* clientId */, KeymasterBlob() /* appData */, UID_SELF, &error_code);
+ if (!binder_result.isOk()) {
+ LOG(ERROR) << AT << "communication error while calling keystore";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ KSReturn rc(error_code);
+ if (!rc.isOk()) {
+ LOG(ERROR) << AT << "exportKey failed: " << error_code;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ auto export_result = future.get();
+ if (!export_result.resultCode.isOk()) {
+ LOG(ERROR) << AT << "exportKey failed: " << export_result.resultCode;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ _hidl_cb(KeystoreStatusCode::SUCCESS, export_result.exportData);
return Void();
}
Return<void> Keystore::sign(const hidl_string& keyId, const hidl_vec<uint8_t>& dataToSign,
sign_cb _hidl_cb) {
- if (auto ks2_result = keyStore2Sign(keyId, dataToSign)) {
- _hidl_cb(KeystoreStatusCode::SUCCESS, std::move(*ks2_result));
- } else {
- LOG(ERROR) << AT << "Failed to sign.";
+ sp<IServiceManager> sm = defaultServiceManager();
+ sp<IBinder> binder = sm->getService(String16(kKeystoreServiceName));
+ sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
+
+ if (service == nullptr) {
+ LOG(ERROR) << AT << "could not contact keystore";
_hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
}
+
+ String16 key_name16(keyId.c_str());
+ int32_t error_code;
+ android::sp<KeyCharacteristicsPromise> kc_promise(new KeyCharacteristicsPromise);
+ auto kc_future = kc_promise->get_future();
+ auto binder_result = service->getKeyCharacteristics(kc_promise, key_name16, KeymasterBlob(),
+ KeymasterBlob(), UID_SELF, &error_code);
+ if (!binder_result.isOk()) {
+ LOG(ERROR) << AT << "communication error while calling keystore";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+ KSReturn rc(error_code);
+ if (!rc.isOk()) {
+ LOG(ERROR) << AT << "getKeyCharacteristics failed: " << error_code;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ auto [km_response, characteristics] = kc_future.get();
+
+ if (!KSReturn(km_response.response_code()).isOk()) {
+ LOG(ERROR) << AT << "getKeyCharacteristics failed: " << km_response.response_code();
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ auto algorithm = getKeyAlgorithmFromKeyCharacteristics(characteristics);
+ if (!algorithm.isOk()) {
+ LOG(ERROR) << AT << "could not get algorithm from key characteristics";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ hidl_vec<KeyParameter> params(3);
+ params[0] = Authorization(TAG_DIGEST, Digest::NONE);
+ params[1] = Authorization(TAG_PADDING, PaddingMode::NONE);
+ params[2] = Authorization(TAG_ALGORITHM, algorithm.value());
+
+ android::sp<android::IBinder> token(new android::BBinder);
+ sp<OperationResultPromise> promise(new OperationResultPromise());
+ auto future = promise->get_future();
+ binder_result = service->begin(promise, token, key_name16, (int)KeyPurpose::SIGN,
+ true /*pruneable*/, KeymasterArguments(params),
+ std::vector<uint8_t>() /* entropy */, UID_SELF, &error_code);
+ if (!binder_result.isOk()) {
+ LOG(ERROR) << AT << "communication error while calling keystore";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ rc = KSReturn(error_code);
+ if (!rc.isOk()) {
+ LOG(ERROR) << AT << "Keystore begin returned: " << rc;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ OperationResult result = future.get();
+ if (!result.resultCode.isOk()) {
+ LOG(ERROR) << AT << "begin failed: " << result.resultCode;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+ auto handle = std::move(result.token);
+
+ const uint8_t* in = dataToSign.data();
+ size_t len = dataToSign.size();
+ do {
+ promise = new OperationResultPromise();
+ future = promise->get_future();
+ binder_result = service->update(promise, handle, KeymasterArguments(params),
+ std::vector<uint8_t>(in, in + len), &error_code);
+ if (!binder_result.isOk()) {
+ LOG(ERROR) << AT << "communication error while calling keystore";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ rc = KSReturn(error_code);
+ if (!rc.isOk()) {
+ LOG(ERROR) << AT << "Keystore update returned: " << rc;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ result = future.get();
+
+ if (!result.resultCode.isOk()) {
+ LOG(ERROR) << AT << "update failed: " << result.resultCode;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+ if ((size_t)result.inputConsumed > len) {
+ LOG(ERROR) << AT << "update consumed more data than provided";
+ sp<KeystoreResponsePromise> abortPromise(new KeystoreResponsePromise);
+ auto abortFuture = abortPromise->get_future();
+ binder_result = service->abort(abortPromise, handle, &error_code);
+ if (!binder_result.isOk()) {
+ LOG(ERROR) << AT << "communication error while calling keystore";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+ // This is mainly for logging since we already failed.
+ // But if abort returned OK we have to wait untill abort calls the callback
+ // hence the call to abortFuture.get().
+ if (!KSReturn(error_code).isOk()) {
+ LOG(ERROR) << AT << "abort failed: " << error_code;
+ } else if (!(rc = KSReturn(abortFuture.get().response_code())).isOk()) {
+ LOG(ERROR) << AT << "abort failed: " << rc;
+ }
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+ len -= result.inputConsumed;
+ in += result.inputConsumed;
+ } while (len > 0);
+
+ future = {};
+ promise = new OperationResultPromise();
+ future = promise->get_future();
+
+ binder_result = service->finish(
+ promise, handle, KeymasterArguments(params), std::vector<uint8_t>() /* input */,
+ std::vector<uint8_t>() /* signature */, std::vector<uint8_t>() /* entropy */, &error_code);
+ if (!binder_result.isOk()) {
+ LOG(ERROR) << AT << "communication error while calling keystore";
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ rc = KSReturn(error_code);
+ if (!rc.isOk()) {
+ LOG(ERROR) << AT << "Keystore finish returned: " << rc;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ result = future.get();
+
+ if (!result.resultCode.isOk()) {
+ LOG(ERROR) << AT << "finish failed: " << result.resultCode;
+ _hidl_cb(KeystoreStatusCode::ERROR_UNKNOWN, {});
+ return Void();
+ }
+
+ _hidl_cb(KeystoreStatusCode::SUCCESS, result.data);
return Void();
}
diff --git a/wifi/keystore/1.0/default/test/Android.bp b/wifi/keystore/1.0/default/test/Android.bp
deleted file mode 100644
index eef58e9..0000000
--- a/wifi/keystore/1.0/default/test/Android.bp
+++ /dev/null
@@ -1,48 +0,0 @@
-//
-// Copyright (C) 2021 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-cc_test {
- name: "WifiLegacyKeystoreIntegrationTest",
- srcs: [
- "WifiLegacyKeystoreIntegrationTest.cpp",
- ],
- defaults: ["VtsHalTargetTestDefaults"],
- shared_libs: [
- "libbase",
- "liblog",
- "libcrypto",
- "libcutils",
- "libhidlbase",
- "libnativehelper",
- "libutils",
- "libbinder_ndk",
- ],
- static_libs: [
- "VtsHalHidlTargetTestBase",
- "android.hardware.security.keymint-V1-ndk_platform",
- "android.security.legacykeystore-ndk_platform",
- "android.system.keystore2-V1-ndk_platform",
- "android.system.wifi.keystore@1.0",
- "libkeymint_support",
- ],
- cflags: [
- "-O0",
- "-g",
- "-Wall",
- "-Werror",
- ],
- test_suites: ["general-tests"],
-}
diff --git a/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp b/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp
deleted file mode 100644
index ac801e5..0000000
--- a/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp
+++ /dev/null
@@ -1,465 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <aidl/android/security/legacykeystore/ILegacyKeystore.h>
-#include <aidl/android/system/keystore2/ResponseCode.h>
-#include <android/binder_manager.h>
-#include <android/system/wifi/keystore/1.0/IKeystore.h>
-#include <cutils/properties.h>
-#include <gtest/gtest.h>
-#include <hidl/GtestPrinter.h>
-#include <hidl/ServiceManagement.h>
-#include <private/android_filesystem_config.h>
-
-#include "../wifikeystorehal_utils.h"
-
-using namespace std;
-using namespace ::testing;
-using namespace android;
-using android::system::wifi::keystore::V1_0::IKeystore;
-
-namespace lks = ::aidl::android::security::legacykeystore;
-namespace ks2 = ::aidl::android::system::keystore2;
-
-int main(int argc, char** argv) {
- InitGoogleTest(&argc, argv);
- int status = RUN_ALL_TESTS();
- return status;
-}
-
-namespace {
-
-enum KeyPurpose {
- ENCRYPTION,
- SIGNING,
-};
-
-// Some test certificate in PEM encoding.
-static const char kPemTestCert[] = R"(-----BEGIN CERTIFICATE-----
-MIICWDCCAcGgAwIBAgIUMpH52TRcL1gTknsm5eR+wvCGxNMwDQYJKoZIhvcNAQEL
-BQAwPjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxGjAYBgNVBAoM
-EUFuZHJvaWQgVGVzdCBDZXJ0MB4XDTIxMDczMDAwMzY1OVoXDTIyMDczMDAwMzY1
-OVowPjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxGjAYBgNVBAoM
-EUFuZHJvaWQgVGVzdCBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL
-q7JTXvL3ErVX2ZU9hQ0PLnkyw984qweNhQw8xIvwzTs3hXtV0K4hmWJiPKxOv3H7
-Q//TOcxI6+Qp4qOa79UUYDvmObjOCW1jQvZ9UQQfvdMO1WSa3BQoPJYQXiuyiuPs
-+XM58Yl8TPV+IQ+Znx5axn5PxEmoqCUmeBv/wbJlDwIDAQABo1MwUTAdBgNVHQ4E
-FgQUEbhF5fYkUPchj+GdWX1aoOHkH3owHwYDVR0jBBgwFoAUEbhF5fYkUPchj+Gd
-WX1aoOHkH3owDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQChejph
-iYWFBeQEQtPYGGwSNO1HgzRhvsdGKDJUtRDAvDPxlRO8jkGmrSaD3QJUY4bCkx5c
-S9W7oRxyiUaxJFtw9Lbxkc4G3v0hpxYqfX4R4lzM8oU/50cPEpZGVaIZNrqBiXbd
-wFzPSv/UTXFBKlR5grYTmsiHCBbEv0apNJNI0g==
------END CERTIFICATE-----
-)";
-
-// Some test certificate in DER encoding.
-static const std::vector<uint8_t> kDerTestCert{
- 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x32,
- 0x91, 0xf9, 0xd9, 0x34, 0x5c, 0x2f, 0x58, 0x13, 0x92, 0x7b, 0x26, 0xe5, 0xe4, 0x7e, 0xc2, 0xf0,
- 0x86, 0xc4, 0xd3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
- 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65,
- 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
- 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65,
- 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36,
- 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35,
- 0x39, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
- 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65,
- 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
- 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65,
- 0x72, 0x74, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
- 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcb,
- 0xab, 0xb2, 0x53, 0x5e, 0xf2, 0xf7, 0x12, 0xb5, 0x57, 0xd9, 0x95, 0x3d, 0x85, 0x0d, 0x0f, 0x2e,
- 0x79, 0x32, 0xc3, 0xdf, 0x38, 0xab, 0x07, 0x8d, 0x85, 0x0c, 0x3c, 0xc4, 0x8b, 0xf0, 0xcd, 0x3b,
- 0x37, 0x85, 0x7b, 0x55, 0xd0, 0xae, 0x21, 0x99, 0x62, 0x62, 0x3c, 0xac, 0x4e, 0xbf, 0x71, 0xfb,
- 0x43, 0xff, 0xd3, 0x39, 0xcc, 0x48, 0xeb, 0xe4, 0x29, 0xe2, 0xa3, 0x9a, 0xef, 0xd5, 0x14, 0x60,
- 0x3b, 0xe6, 0x39, 0xb8, 0xce, 0x09, 0x6d, 0x63, 0x42, 0xf6, 0x7d, 0x51, 0x04, 0x1f, 0xbd, 0xd3,
- 0x0e, 0xd5, 0x64, 0x9a, 0xdc, 0x14, 0x28, 0x3c, 0x96, 0x10, 0x5e, 0x2b, 0xb2, 0x8a, 0xe3, 0xec,
- 0xf9, 0x73, 0x39, 0xf1, 0x89, 0x7c, 0x4c, 0xf5, 0x7e, 0x21, 0x0f, 0x99, 0x9f, 0x1e, 0x5a, 0xc6,
- 0x7e, 0x4f, 0xc4, 0x49, 0xa8, 0xa8, 0x25, 0x26, 0x78, 0x1b, 0xff, 0xc1, 0xb2, 0x65, 0x0f, 0x02,
- 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
- 0x16, 0x04, 0x14, 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59,
- 0x7d, 0x5a, 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
- 0x30, 0x16, 0x80, 0x14, 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d,
- 0x59, 0x7d, 0x5a, 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
- 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
- 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xa1, 0x7a, 0x3a, 0x61,
- 0x89, 0x85, 0x85, 0x05, 0xe4, 0x04, 0x42, 0xd3, 0xd8, 0x18, 0x6c, 0x12, 0x34, 0xed, 0x47, 0x83,
- 0x34, 0x61, 0xbe, 0xc7, 0x46, 0x28, 0x32, 0x54, 0xb5, 0x10, 0xc0, 0xbc, 0x33, 0xf1, 0x95, 0x13,
- 0xbc, 0x8e, 0x41, 0xa6, 0xad, 0x26, 0x83, 0xdd, 0x02, 0x54, 0x63, 0x86, 0xc2, 0x93, 0x1e, 0x5c,
- 0x4b, 0xd5, 0xbb, 0xa1, 0x1c, 0x72, 0x89, 0x46, 0xb1, 0x24, 0x5b, 0x70, 0xf4, 0xb6, 0xf1, 0x91,
- 0xce, 0x06, 0xde, 0xfd, 0x21, 0xa7, 0x16, 0x2a, 0x7d, 0x7e, 0x11, 0xe2, 0x5c, 0xcc, 0xf2, 0x85,
- 0x3f, 0xe7, 0x47, 0x0f, 0x12, 0x96, 0x46, 0x55, 0xa2, 0x19, 0x36, 0xba, 0x81, 0x89, 0x76, 0xdd,
- 0xc0, 0x5c, 0xcf, 0x4a, 0xff, 0xd4, 0x4d, 0x71, 0x41, 0x2a, 0x54, 0x79, 0x82, 0xb6, 0x13, 0x9a,
- 0xc8, 0x87, 0x08, 0x16, 0xc4, 0xbf, 0x46, 0xa9, 0x34, 0x93, 0x48, 0xd2};
-
-// The fixture for testing the Wifi Keystore HAL legacy keystore integration.
-class WifiLegacyKeystoreTest : public TestWithParam<std::string> {
- protected:
- void SetUp() override {
- wifiKeystoreHal = IKeystore::getService(GetParam());
- ASSERT_TRUE(wifiKeystoreHal);
-
- myRUid = getuid();
- }
-
- void TearDown() override {
- if (getuid() != myRUid) {
- ASSERT_EQ(0, seteuid(myRUid));
- }
- }
-
- bool isDebuggableBuild() {
- char value[PROPERTY_VALUE_MAX] = {0};
- property_get("ro.system.build.type", value, "");
- if (strcmp(value, "userdebug") == 0) {
- return true;
- }
- if (strcmp(value, "eng") == 0) {
- return true;
- }
- return false;
- }
-
- sp<IKeystore> wifiKeystoreHal;
- uid_t myRUid;
-};
-
-INSTANTIATE_TEST_SUITE_P(
- PerInstance, WifiLegacyKeystoreTest,
- testing::ValuesIn(android::hardware::getAllHalInstanceNames(IKeystore::descriptor)),
- android::hardware::PrintInstanceNameToString);
-
-constexpr const char kLegacyKeystoreServiceName[] = "android.security.legacykeystore";
-
-static bool LegacyKeystoreRemove(const std::string& alias,
- int uid = lks::ILegacyKeystore::UID_SELF) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kLegacyKeystoreServiceName));
- auto legacyKeystore = lks::ILegacyKeystore::fromBinder(keystoreBinder);
-
- EXPECT_TRUE((bool)legacyKeystore);
- if (!legacyKeystore) {
- return false;
- }
-
- auto rc = legacyKeystore->remove(alias, uid);
- // Either the entry was successfully removed or the entry was not found.
- bool outcome =
- rc.isOk() || rc.getServiceSpecificError() == lks::ILegacyKeystore::ERROR_ENTRY_NOT_FOUND;
- EXPECT_TRUE(outcome) << "Description: " << rc.getDescription();
- return outcome;
-}
-
-static bool LegacyKeystorePut(const std::string& alias, const std::vector<uint8_t>& blob,
- int uid = lks::ILegacyKeystore::UID_SELF) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kLegacyKeystoreServiceName));
- auto legacyKeystore = lks::ILegacyKeystore::fromBinder(keystoreBinder);
-
- EXPECT_TRUE((bool)legacyKeystore);
- if (!legacyKeystore) {
- return false;
- }
-
- auto rc = legacyKeystore->put(alias, uid, blob);
- EXPECT_TRUE(rc.isOk()) << "Description: " << rc.getDescription();
- return rc.isOk();
-}
-
-static std::optional<std::vector<uint8_t>> LegacyKeystoreGet(
- const std::string& alias, int uid = lks::ILegacyKeystore::UID_SELF) {
- ::ndk::SpAIBinder keystoreBinder(AServiceManager_checkService(kLegacyKeystoreServiceName));
- auto legacyKeystore = lks::ILegacyKeystore::fromBinder(keystoreBinder);
-
- EXPECT_TRUE((bool)legacyKeystore);
- if (!legacyKeystore) {
- return std::nullopt;
- }
-
- std::optional<std::vector<uint8_t>> blob(std::vector<uint8_t>{});
- auto rc = legacyKeystore->get(alias, uid, &*blob);
- EXPECT_TRUE(rc.isOk()) << "Description: " << rc.getDescription();
- return blob;
-}
-
-TEST_P(WifiLegacyKeystoreTest, Put_get_test) {
- if (!isDebuggableBuild() || getuid() != 0) {
- GTEST_SKIP() << "Device not running a debuggable build or not running as root. "
- << "Cannot transition to AID_SYSTEM.";
- }
-
- // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate
- ASSERT_EQ(0, seteuid(AID_SYSTEM)) << "Failed to set uid to AID_SYSTEM: " << strerror(errno);
-
- const std::vector<uint8_t> TESTBLOB{1, 2, 3, 4};
- const std::string TESTALIAS = "LegacyKeystoreTestAlias";
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
- ASSERT_TRUE(LegacyKeystorePut(TESTALIAS, TESTBLOB));
- auto blob = LegacyKeystoreGet(TESTALIAS);
- ASSERT_TRUE((bool)blob);
- ASSERT_EQ(*blob, TESTBLOB);
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
-}
-
-TEST_P(WifiLegacyKeystoreTest, GetLegacyKeystoreTest) {
- if (!isDebuggableBuild() || getuid() != 0) {
- GTEST_SKIP() << "Device not running a debuggable build or not running as root. "
- << "Cannot transition to AID_SYSTEM.";
- }
-
- // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate the wifi namespace.
- ASSERT_EQ(0, seteuid(AID_SYSTEM)) << "Failed to set uid to AID_SYSTEM: " << strerror(errno);
-
- const std::vector<uint8_t> TESTBLOB(std::begin(kPemTestCert), std::end(kPemTestCert));
- const std::string TESTALIAS = "LegacyKeystoreWifiTestAlias";
-
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
- ASSERT_TRUE(LegacyKeystorePut(TESTALIAS, TESTBLOB, AID_WIFI));
-
- IKeystore::KeystoreStatusCode statusCode;
- std::vector<uint8_t> blob;
- auto rc = wifiKeystoreHal->getBlob(TESTALIAS,
- [&](IKeystore::KeystoreStatusCode status,
- const ::android::hardware::hidl_vec<uint8_t>& value) {
- statusCode = status;
- blob = value;
- });
-
- ASSERT_TRUE(rc.isOk()) << "Description: " << rc.description();
- ASSERT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
- ASSERT_EQ(TESTBLOB, blob);
-
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
-}
-
-/*
- * This tests checks that a DER encoded certificate is always returned in PEM encoding by getBlob.
- */
-TEST_P(WifiLegacyKeystoreTest, IKeystoreGetAlwaysReturnsPem) {
- if (!isDebuggableBuild() || getuid() != 0) {
- GTEST_SKIP() << "Device not running a debuggable build or not running as root. "
- << "Cannot transition to AID_SYSTEM.";
- }
-
- // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate
- ASSERT_EQ(0, seteuid(AID_SYSTEM)) << "Failed to set uid to AID_SYSTEM: " << strerror(errno);
-
- const std::string TESTALIAS = "LegacyKeystoreWifiTestAlias";
-
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
- ASSERT_TRUE(LegacyKeystorePut(TESTALIAS, kDerTestCert, AID_WIFI));
-
- IKeystore::KeystoreStatusCode statusCode;
- std::vector<uint8_t> blob;
- auto rc = wifiKeystoreHal->getBlob(TESTALIAS,
- [&](IKeystore::KeystoreStatusCode status,
- const ::android::hardware::hidl_vec<uint8_t>& value) {
- statusCode = status;
- blob = value;
- });
-
- ASSERT_TRUE(rc.isOk()) << "Description: " << rc.description();
- ASSERT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
-
- std::string blob_str(reinterpret_cast<const char*>(blob.data()),
- reinterpret_cast<const char*>(blob.data()) + blob.size());
- ASSERT_EQ(blob_str.rfind("-----BEGIN CERTIFICATE-----", 0), 0);
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
-}
-
-/*
- * This tests checks that a DER encoded certificate is always returned in PEM encoding by getBlob.
- */
-TEST_P(WifiLegacyKeystoreTest, IKeystoreGetAlwaysReturnsPemWithChain) {
- if (!isDebuggableBuild() || getuid() != 0) {
- GTEST_SKIP() << "Device not running a debuggable build or not running as root. "
- << "Cannot transition to AID_SYSTEM.";
- }
-
- // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate
- ASSERT_EQ(0, seteuid(AID_SYSTEM)) << "Failed to set uid to AID_SYSTEM: " << strerror(errno);
-
- // Some test certificate in DER encoding, this is three times the same cert.
- const std::vector<uint8_t> TESTBLOB_DER_3CERT{
- 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
- 0x32, 0x91, 0xf9, 0xd9, 0x34, 0x5c, 0x2f, 0x58, 0x13, 0x92, 0x7b, 0x26, 0xe5, 0xe4, 0x7e,
- 0xc2, 0xf0, 0x86, 0xc4, 0xd3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
- 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
- 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18,
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20,
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31,
- 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32,
- 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x30, 0x3e, 0x31, 0x0b,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
- 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61,
- 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e,
- 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
- 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcb,
- 0xab, 0xb2, 0x53, 0x5e, 0xf2, 0xf7, 0x12, 0xb5, 0x57, 0xd9, 0x95, 0x3d, 0x85, 0x0d, 0x0f,
- 0x2e, 0x79, 0x32, 0xc3, 0xdf, 0x38, 0xab, 0x07, 0x8d, 0x85, 0x0c, 0x3c, 0xc4, 0x8b, 0xf0,
- 0xcd, 0x3b, 0x37, 0x85, 0x7b, 0x55, 0xd0, 0xae, 0x21, 0x99, 0x62, 0x62, 0x3c, 0xac, 0x4e,
- 0xbf, 0x71, 0xfb, 0x43, 0xff, 0xd3, 0x39, 0xcc, 0x48, 0xeb, 0xe4, 0x29, 0xe2, 0xa3, 0x9a,
- 0xef, 0xd5, 0x14, 0x60, 0x3b, 0xe6, 0x39, 0xb8, 0xce, 0x09, 0x6d, 0x63, 0x42, 0xf6, 0x7d,
- 0x51, 0x04, 0x1f, 0xbd, 0xd3, 0x0e, 0xd5, 0x64, 0x9a, 0xdc, 0x14, 0x28, 0x3c, 0x96, 0x10,
- 0x5e, 0x2b, 0xb2, 0x8a, 0xe3, 0xec, 0xf9, 0x73, 0x39, 0xf1, 0x89, 0x7c, 0x4c, 0xf5, 0x7e,
- 0x21, 0x0f, 0x99, 0x9f, 0x1e, 0x5a, 0xc6, 0x7e, 0x4f, 0xc4, 0x49, 0xa8, 0xa8, 0x25, 0x26,
- 0x78, 0x1b, 0xff, 0xc1, 0xb2, 0x65, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30,
- 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0xb8, 0x45,
- 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a, 0xa0, 0xe1, 0xe4,
- 0x1f, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
- 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a,
- 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
- 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xa1, 0x7a, 0x3a, 0x61,
- 0x89, 0x85, 0x85, 0x05, 0xe4, 0x04, 0x42, 0xd3, 0xd8, 0x18, 0x6c, 0x12, 0x34, 0xed, 0x47,
- 0x83, 0x34, 0x61, 0xbe, 0xc7, 0x46, 0x28, 0x32, 0x54, 0xb5, 0x10, 0xc0, 0xbc, 0x33, 0xf1,
- 0x95, 0x13, 0xbc, 0x8e, 0x41, 0xa6, 0xad, 0x26, 0x83, 0xdd, 0x02, 0x54, 0x63, 0x86, 0xc2,
- 0x93, 0x1e, 0x5c, 0x4b, 0xd5, 0xbb, 0xa1, 0x1c, 0x72, 0x89, 0x46, 0xb1, 0x24, 0x5b, 0x70,
- 0xf4, 0xb6, 0xf1, 0x91, 0xce, 0x06, 0xde, 0xfd, 0x21, 0xa7, 0x16, 0x2a, 0x7d, 0x7e, 0x11,
- 0xe2, 0x5c, 0xcc, 0xf2, 0x85, 0x3f, 0xe7, 0x47, 0x0f, 0x12, 0x96, 0x46, 0x55, 0xa2, 0x19,
- 0x36, 0xba, 0x81, 0x89, 0x76, 0xdd, 0xc0, 0x5c, 0xcf, 0x4a, 0xff, 0xd4, 0x4d, 0x71, 0x41,
- 0x2a, 0x54, 0x79, 0x82, 0xb6, 0x13, 0x9a, 0xc8, 0x87, 0x08, 0x16, 0xc4, 0xbf, 0x46, 0xa9,
- 0x34, 0x93, 0x48, 0xd2, // End of first cert.
- 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
- 0x32, 0x91, 0xf9, 0xd9, 0x34, 0x5c, 0x2f, 0x58, 0x13, 0x92, 0x7b, 0x26, 0xe5, 0xe4, 0x7e,
- 0xc2, 0xf0, 0x86, 0xc4, 0xd3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
- 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
- 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18,
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20,
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31,
- 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32,
- 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x30, 0x3e, 0x31, 0x0b,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
- 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61,
- 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e,
- 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
- 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcb,
- 0xab, 0xb2, 0x53, 0x5e, 0xf2, 0xf7, 0x12, 0xb5, 0x57, 0xd9, 0x95, 0x3d, 0x85, 0x0d, 0x0f,
- 0x2e, 0x79, 0x32, 0xc3, 0xdf, 0x38, 0xab, 0x07, 0x8d, 0x85, 0x0c, 0x3c, 0xc4, 0x8b, 0xf0,
- 0xcd, 0x3b, 0x37, 0x85, 0x7b, 0x55, 0xd0, 0xae, 0x21, 0x99, 0x62, 0x62, 0x3c, 0xac, 0x4e,
- 0xbf, 0x71, 0xfb, 0x43, 0xff, 0xd3, 0x39, 0xcc, 0x48, 0xeb, 0xe4, 0x29, 0xe2, 0xa3, 0x9a,
- 0xef, 0xd5, 0x14, 0x60, 0x3b, 0xe6, 0x39, 0xb8, 0xce, 0x09, 0x6d, 0x63, 0x42, 0xf6, 0x7d,
- 0x51, 0x04, 0x1f, 0xbd, 0xd3, 0x0e, 0xd5, 0x64, 0x9a, 0xdc, 0x14, 0x28, 0x3c, 0x96, 0x10,
- 0x5e, 0x2b, 0xb2, 0x8a, 0xe3, 0xec, 0xf9, 0x73, 0x39, 0xf1, 0x89, 0x7c, 0x4c, 0xf5, 0x7e,
- 0x21, 0x0f, 0x99, 0x9f, 0x1e, 0x5a, 0xc6, 0x7e, 0x4f, 0xc4, 0x49, 0xa8, 0xa8, 0x25, 0x26,
- 0x78, 0x1b, 0xff, 0xc1, 0xb2, 0x65, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30,
- 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0xb8, 0x45,
- 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a, 0xa0, 0xe1, 0xe4,
- 0x1f, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
- 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a,
- 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
- 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xa1, 0x7a, 0x3a, 0x61,
- 0x89, 0x85, 0x85, 0x05, 0xe4, 0x04, 0x42, 0xd3, 0xd8, 0x18, 0x6c, 0x12, 0x34, 0xed, 0x47,
- 0x83, 0x34, 0x61, 0xbe, 0xc7, 0x46, 0x28, 0x32, 0x54, 0xb5, 0x10, 0xc0, 0xbc, 0x33, 0xf1,
- 0x95, 0x13, 0xbc, 0x8e, 0x41, 0xa6, 0xad, 0x26, 0x83, 0xdd, 0x02, 0x54, 0x63, 0x86, 0xc2,
- 0x93, 0x1e, 0x5c, 0x4b, 0xd5, 0xbb, 0xa1, 0x1c, 0x72, 0x89, 0x46, 0xb1, 0x24, 0x5b, 0x70,
- 0xf4, 0xb6, 0xf1, 0x91, 0xce, 0x06, 0xde, 0xfd, 0x21, 0xa7, 0x16, 0x2a, 0x7d, 0x7e, 0x11,
- 0xe2, 0x5c, 0xcc, 0xf2, 0x85, 0x3f, 0xe7, 0x47, 0x0f, 0x12, 0x96, 0x46, 0x55, 0xa2, 0x19,
- 0x36, 0xba, 0x81, 0x89, 0x76, 0xdd, 0xc0, 0x5c, 0xcf, 0x4a, 0xff, 0xd4, 0x4d, 0x71, 0x41,
- 0x2a, 0x54, 0x79, 0x82, 0xb6, 0x13, 0x9a, 0xc8, 0x87, 0x08, 0x16, 0xc4, 0xbf, 0x46, 0xa9,
- 0x34, 0x93, 0x48, 0xd2, // End of second.
- 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
- 0x32, 0x91, 0xf9, 0xd9, 0x34, 0x5c, 0x2f, 0x58, 0x13, 0x92, 0x7b, 0x26, 0xe5, 0xe4, 0x7e,
- 0xc2, 0xf0, 0x86, 0xc4, 0xd3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
- 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
- 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18,
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20,
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31,
- 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32,
- 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x30, 0x3e, 0x31, 0x0b,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11,
- 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61,
- 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e,
- 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74,
- 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcb,
- 0xab, 0xb2, 0x53, 0x5e, 0xf2, 0xf7, 0x12, 0xb5, 0x57, 0xd9, 0x95, 0x3d, 0x85, 0x0d, 0x0f,
- 0x2e, 0x79, 0x32, 0xc3, 0xdf, 0x38, 0xab, 0x07, 0x8d, 0x85, 0x0c, 0x3c, 0xc4, 0x8b, 0xf0,
- 0xcd, 0x3b, 0x37, 0x85, 0x7b, 0x55, 0xd0, 0xae, 0x21, 0x99, 0x62, 0x62, 0x3c, 0xac, 0x4e,
- 0xbf, 0x71, 0xfb, 0x43, 0xff, 0xd3, 0x39, 0xcc, 0x48, 0xeb, 0xe4, 0x29, 0xe2, 0xa3, 0x9a,
- 0xef, 0xd5, 0x14, 0x60, 0x3b, 0xe6, 0x39, 0xb8, 0xce, 0x09, 0x6d, 0x63, 0x42, 0xf6, 0x7d,
- 0x51, 0x04, 0x1f, 0xbd, 0xd3, 0x0e, 0xd5, 0x64, 0x9a, 0xdc, 0x14, 0x28, 0x3c, 0x96, 0x10,
- 0x5e, 0x2b, 0xb2, 0x8a, 0xe3, 0xec, 0xf9, 0x73, 0x39, 0xf1, 0x89, 0x7c, 0x4c, 0xf5, 0x7e,
- 0x21, 0x0f, 0x99, 0x9f, 0x1e, 0x5a, 0xc6, 0x7e, 0x4f, 0xc4, 0x49, 0xa8, 0xa8, 0x25, 0x26,
- 0x78, 0x1b, 0xff, 0xc1, 0xb2, 0x65, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30,
- 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0xb8, 0x45,
- 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a, 0xa0, 0xe1, 0xe4,
- 0x1f, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
- 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a,
- 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
- 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xa1, 0x7a, 0x3a, 0x61,
- 0x89, 0x85, 0x85, 0x05, 0xe4, 0x04, 0x42, 0xd3, 0xd8, 0x18, 0x6c, 0x12, 0x34, 0xed, 0x47,
- 0x83, 0x34, 0x61, 0xbe, 0xc7, 0x46, 0x28, 0x32, 0x54, 0xb5, 0x10, 0xc0, 0xbc, 0x33, 0xf1,
- 0x95, 0x13, 0xbc, 0x8e, 0x41, 0xa6, 0xad, 0x26, 0x83, 0xdd, 0x02, 0x54, 0x63, 0x86, 0xc2,
- 0x93, 0x1e, 0x5c, 0x4b, 0xd5, 0xbb, 0xa1, 0x1c, 0x72, 0x89, 0x46, 0xb1, 0x24, 0x5b, 0x70,
- 0xf4, 0xb6, 0xf1, 0x91, 0xce, 0x06, 0xde, 0xfd, 0x21, 0xa7, 0x16, 0x2a, 0x7d, 0x7e, 0x11,
- 0xe2, 0x5c, 0xcc, 0xf2, 0x85, 0x3f, 0xe7, 0x47, 0x0f, 0x12, 0x96, 0x46, 0x55, 0xa2, 0x19,
- 0x36, 0xba, 0x81, 0x89, 0x76, 0xdd, 0xc0, 0x5c, 0xcf, 0x4a, 0xff, 0xd4, 0x4d, 0x71, 0x41,
- 0x2a, 0x54, 0x79, 0x82, 0xb6, 0x13, 0x9a, 0xc8, 0x87, 0x08, 0x16, 0xc4, 0xbf, 0x46, 0xa9,
- 0x34, 0x93, 0x48, 0xd2,
- };
-
- const std::string TESTALIAS = "LegacyKeystoreWifiTestAlias";
-
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
- ASSERT_TRUE(LegacyKeystorePut(TESTALIAS, TESTBLOB_DER_3CERT, AID_WIFI));
-
- IKeystore::KeystoreStatusCode statusCode;
- std::vector<uint8_t> blob;
- auto rc = wifiKeystoreHal->getBlob(TESTALIAS,
- [&](IKeystore::KeystoreStatusCode status,
- const ::android::hardware::hidl_vec<uint8_t>& value) {
- statusCode = status;
- blob = value;
- });
-
- ASSERT_TRUE(rc.isOk()) << "Description: " << rc.description();
- ASSERT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
-
- std::string blob_str(reinterpret_cast<const char*>(blob.data()),
- reinterpret_cast<const char*>(blob.data()) + blob.size());
-
- // The output must include exactly three PEM certificate begin markers.
- auto pos = blob_str.find("-----BEGIN CERTIFICATE-----", 0);
- ASSERT_NE(pos, std::string::npos);
- pos = blob_str.find("-----BEGIN CERTIFICATE-----", pos + 1);
- ASSERT_NE(pos, std::string::npos);
- pos = blob_str.find("-----BEGIN CERTIFICATE-----", pos + 1);
- ASSERT_NE(pos, std::string::npos);
- pos = blob_str.find("-----BEGIN CERTIFICATE-----", pos + 1);
- ASSERT_EQ(pos, std::string::npos);
-
- ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI));
-}
-
-TEST(WifiKeystoreUtilsTest, ExtractPublicKeyHandlesDer) {
- auto cert = extractPubKey(kDerTestCert);
- ASSERT_FALSE(cert.empty());
-}
-
-TEST(WifiKeystoreUtilsTest, ExtractPublicKeyHandlesPemFallback) {
- const std::vector<uint8_t> TESTBLOB(std::begin(kPemTestCert), std::end(kPemTestCert));
- auto cert = extractPubKey(TESTBLOB);
- ASSERT_FALSE(cert.empty());
-}
-
-} // namespace
diff --git a/wifi/keystore/1.0/default/wifikeystorehal_utils.h b/wifi/keystore/1.0/default/wifikeystorehal_utils.h
deleted file mode 100644
index d7a790e..0000000
--- a/wifi/keystore/1.0/default/wifikeystorehal_utils.h
+++ /dev/null
@@ -1,51 +0,0 @@
-#pragma once
-
-#include <android-base/logging.h>
-#include <openssl/base.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <vector>
-
-#define AT __func__ << ":" << __LINE__ << " "
-
-namespace {
-// Helper method to extract public key from the certificate.
-std::vector<uint8_t> extractPubKey(const std::vector<uint8_t>& cert_bytes) {
- const uint8_t* p = cert_bytes.data();
- bssl::UniquePtr<X509> decoded_cert(d2i_X509(nullptr, &p, cert_bytes.size()));
- if (!decoded_cert) {
- LOG(INFO) << AT << "Could not decode the cert, trying decoding as PEM";
- bssl::UniquePtr<BIO> cert_bio(BIO_new_mem_buf(cert_bytes.data(), cert_bytes.size()));
- if (!cert_bio) {
- LOG(ERROR) << AT << "Failed to create BIO";
- return {};
- }
- decoded_cert =
- bssl::UniquePtr<X509>(PEM_read_bio_X509(cert_bio.get(), nullptr, nullptr, nullptr));
- }
- if (!decoded_cert) {
- LOG(ERROR) << AT << "Could not decode the cert.";
- return {};
- }
- bssl::UniquePtr<EVP_PKEY> pub_key(X509_get_pubkey(decoded_cert.get()));
- if (!pub_key) {
- LOG(ERROR) << AT << "Could not extract public key.";
- return {};
- }
- bssl::UniquePtr<BIO> pub_key_bio(BIO_new(BIO_s_mem()));
- if (!pub_key_bio || i2d_PUBKEY_bio(pub_key_bio.get(), pub_key.get()) <= 0) {
- LOG(ERROR) << AT << "Could not serialize public key.";
- return {};
- }
- const uint8_t* pub_key_bytes;
- size_t pub_key_len;
- if (!BIO_mem_contents(pub_key_bio.get(), &pub_key_bytes, &pub_key_len)) {
- LOG(ERROR) << AT << "Could not get bytes from BIO.";
- return {};
- }
-
- return {pub_key_bytes, pub_key_bytes + pub_key_len};
-}
-
-} // namespace
\ No newline at end of file
diff --git a/wifi/keystore/1.0/vts/OWNERS b/wifi/keystore/1.0/vts/OWNERS
index c7e30be..8bfb148 100644
--- a/wifi/keystore/1.0/vts/OWNERS
+++ b/wifi/keystore/1.0/vts/OWNERS
@@ -1,2 +1,2 @@
-haishalom@google.com
+rpius@google.com
etancohen@google.com
diff --git a/wifi/keystore/1.0/vts/functional/Android.bp b/wifi/keystore/1.0/vts/functional/Android.bp
index d6e4241..a052870 100644
--- a/wifi/keystore/1.0/vts/functional/Android.bp
+++ b/wifi/keystore/1.0/vts/functional/Android.bp
@@ -14,10 +14,6 @@
// limitations under the License.
//
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
cc_test {
name: "VtsHalWifiKeystoreV1_0TargetTest",
defaults: ["VtsHalTargetTestDefaults"],
@@ -31,14 +27,15 @@
"libhidlbase",
"libnativehelper",
"libutils",
- "libbinder_ndk",
+ "libkeystore_binder",
+ "libbinder",
+ "libkeystore_aidl",
+ "libkeystore_parcelables",
+ "libkeymaster4support",
],
static_libs: [
"VtsHalHidlTargetTestBase",
- "android.hardware.security.keymint-V1-ndk_platform",
- "android.system.keystore2-V1-ndk_platform",
"android.system.wifi.keystore@1.0",
- "libkeymint_support",
],
cflags: [
"-O0",
@@ -48,3 +45,8 @@
],
test_suites: ["general-tests", "vts"],
}
+
+vts_config {
+ name: "VtsHalWifiKeystoreV1_0Target",
+ test_config: "wifi_keystore_target.xml",
+}
diff --git a/wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp b/wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp
index 3139d8e..9820a47 100644
--- a/wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp
+++ b/wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp
@@ -14,29 +14,34 @@
* limitations under the License.
*/
-#include <aidl/android/system/keystore2/IKeystoreOperation.h>
-#include <aidl/android/system/keystore2/IKeystoreSecurityLevel.h>
-#include <aidl/android/system/keystore2/IKeystoreService.h>
-#include <aidl/android/system/keystore2/ResponseCode.h>
-#include <android/binder_manager.h>
+#include <android-base/logging.h>
+
+#include <android/security/keystore/IKeystoreService.h>
#include <android/system/wifi/keystore/1.0/IKeystore.h>
#include <binder/IServiceManager.h>
+#include <binder/ProcessState.h>
#include <cutils/properties.h>
#include <gtest/gtest.h>
#include <hidl/GtestPrinter.h>
#include <hidl/ServiceManagement.h>
-#include <keymint_support/authorization_set.h>
+#include <keymasterV4_0/authorization_set.h>
+#include <keystore/keystore_promises.h>
+#include <private/android_filesystem_config.h>
#include <utils/String16.h>
using namespace std;
using namespace ::testing;
using namespace android;
+using namespace android::binder;
+using namespace android::security::keystore;
+using namespace android::security::keymaster;
+using android::security::keystore::IKeystoreService;
using android::system::wifi::keystore::V1_0::IKeystore;
-namespace keymint = ::aidl::android::hardware::security::keymint;
-namespace ks2 = ::aidl::android::system::keystore2;
-
int main(int argc, char** argv) {
+ // Start thread pool for Binder
+ android::ProcessState::self()->startThreadPool();
+
InitGoogleTest(&argc, argv);
int status = RUN_ALL_TESTS();
return status;
@@ -56,10 +61,13 @@
keystore = IKeystore::getService(GetParam());
ASSERT_TRUE(keystore);
- ::ndk::SpAIBinder ks2Binder(AServiceManager_getService(kKeystoreServiceName));
- ks2Service = ks2::IKeystoreService::fromBinder(ks2Binder);
+ sp<android::IServiceManager> service_manager = android::defaultServiceManager();
+ sp<android::IBinder> keystore_binder =
+ service_manager->getService(String16(kKeystoreServiceName));
+ service = interface_cast<IKeystoreService>(keystore_binder);
- ASSERT_TRUE(ks2Service);
+ ASSERT_TRUE(service);
+
resetState();
}
@@ -81,25 +89,8 @@
* Resets the relevant state of the system between tests
*/
void resetState() {
- deleteKey(kTestKeyName, true);
- deleteKey(kTestKeyName, false);
- }
-
- ks2::KeyDescriptor keyDescriptor(const std::string& alias, bool useWifiNamespace) {
- if (useWifiNamespace) {
- return {
- .domain = ks2::Domain::SELINUX,
- .nspace = 102, // Namespace Wifi
- .alias = alias,
- .blob = {},
- };
- } else {
- return {
- .domain = ks2::Domain::APP,
- .nspace = -1, // ignored - should be -1.
- .alias = alias,
- .blob = {},
- };
+ for (uid_t uid : {UID_SELF, AID_WIFI}) {
+ deleteKey(kTestKeyName, uid);
}
}
@@ -107,22 +98,22 @@
* Delete a key if it exists.
*
* @param keyName: name of the key to delete
- * @param useWifiNamespace: delete the key from the wifi namespace
- * instead of the process' namespace. (Requires special
- * privileges on the test's part)
+ * @param uid: the uid to delete the key on behalf of. Use
+ * UID_SELF to use the process' uid.
*
* @return true iff the key existed and is now deleted, false otherwise.
*/
- bool deleteKey(std::string keyName, bool useWifiNamespace) {
+ bool deleteKey(std::string keyName, uid_t uid) {
String16 keyName16(keyName.data(), keyName.size());
- auto rc = ks2Service->deleteKey(keyDescriptor(keyName, useWifiNamespace));
- if (!rc.isOk() &&
- rc.getServiceSpecificError() != int32_t(ks2::ResponseCode::KEY_NOT_FOUND)) {
- cout << "deleteKey: failed binder call" << rc.getDescription() << endl;
+ int32_t result;
+ auto binder_result = service->del(keyName16, uid, &result);
+ if (!binder_result.isOk()) {
+ cout << "deleteKey: failed binder call" << endl;
return false;
}
- return true;
+ keystore::KeyStoreNativeReturnCode wrappedResult(result);
+ return wrappedResult.isOk();
}
/**
@@ -137,18 +128,18 @@
*
* @param keyName: name of the key to generate
* @param purpose: the purpose the generated key will support
- * @param useWifiNamespace: generate the key in the wifi namespace
- * instead of the process' namespace. (Requires special
- * privileges on the test's part)
+ * @param uid: the uid to generate the key on behalf of. Use
+ * UID_SELF to use the process' uid.
*
* @return true iff the key was successfully generated and is
* ready for use, false otherwise.
*/
- bool generateKey(std::string keyName, KeyPurpose purpose, bool useWifiNamespace) {
+ bool generateKey(std::string keyName, KeyPurpose purpose, uid_t uid) {
constexpr uint32_t kAESKeySize = 256;
+ int32_t aidl_return;
vector<uint8_t> entropy;
- keymint::AuthorizationSetBuilder key_parameters;
+ keystore::AuthorizationSetBuilder key_parameters;
if (purpose == KeyPurpose::SIGNING) {
key_parameters.EcdsaSigningKey(kAESKeySize);
}
@@ -158,39 +149,76 @@
}
key_parameters.NoDigestOrPadding()
- .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC)
- .Authorization(keymint::TAG_NO_AUTH_REQUIRED);
+ .Authorization(keystore::keymaster::TAG_BLOCK_MODE, keystore::keymaster::BlockMode::CBC)
+ .Authorization(keystore::keymaster::TAG_NO_AUTH_REQUIRED);
- std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
+ sp<keystore::KeyCharacteristicsPromise> promise(new keystore::KeyCharacteristicsPromise);
+ auto future = promise->get_future();
+
+ String16 keyName16(keyName.data(), keyName.size());
fflush(stdout);
+ auto binder_result = service->generateKey(
+ promise, keyName16, KeymasterArguments(key_parameters.hidl_data()), entropy,
+ uid, // create key for process' uid
+ 0, // empty flags; pick default key provider
+ &aidl_return);
- auto rc = ks2Service->getSecurityLevel(keymint::SecurityLevel::TRUSTED_ENVIRONMENT,
- &securityLevel);
- if (!rc.isOk()) {
- cout << "generateKey: Failed to get security level: " << rc.getDescription() << endl;
+ if (!binder_result.isOk()) {
+ cout << "generateKey: Failed binder call" << endl;
return false;
}
- ks2::KeyMetadata keyMetadata;
-
- rc = securityLevel->generateKey(keyDescriptor(keyName, useWifiNamespace),
- {} /* attestation key */, key_parameters.vector_data(),
- 0 /* flags */, entropy, &keyMetadata);
+ keystore::KeyStoreNativeReturnCode rc(aidl_return);
if (!rc.isOk()) {
- cout << "generateKey: Failed to generate key: " << rc.getDescription() << endl;
+ cout << "generateKey: Failed to generate key" << endl;
+ return false;
+ }
+
+ auto [km_response, characteristics] = future.get();
+
+ return true;
+ }
+
+ /**
+ * Creates a TYPE_GENERIC key blob. This cannot be used for signing.
+ *
+ * @param keyName: name of the key to generate.
+ * @param uid: the uid to insert the key on behalf of. Use
+ * UID_SELF to use the process' uid.
+ *
+ * @returns true iff the key was successfully created, false otherwise.
+ */
+ bool insert(std::string keyName, uid_t uid) {
+ int32_t aidl_return;
+ vector<uint8_t> item;
+
+ String16 keyName16(keyName.data(), keyName.size());
+ auto binder_result = service->insert(keyName16, item,
+ uid, // Use process' uid
+ 0, // empty flags; pick default key provider
+ &aidl_return);
+
+ if (!binder_result.isOk()) {
+ cout << "insert: Failed binder call" << endl;
+ return false;
+ }
+
+ keystore::KeyStoreNativeReturnCode rc(aidl_return);
+ if (!rc.isOk()) {
+ cout << "insert: Failed to generate key" << endl;
return false;
}
return true;
}
- constexpr static const char kKeystoreServiceName[] =
- "android.system.keystore2.IKeystoreService/default";
+ constexpr static const char kKeystoreServiceName[] = "android.security.keystore";
constexpr static const char kTestKeyName[] = "TestKeyName";
+ constexpr static const int32_t UID_SELF = -1;
sp<IKeystore> keystore;
- std::shared_ptr<ks2::IKeystoreService> ks2Service;
+ sp<IKeystoreService> service;
};
TEST_P(WifiKeystoreHalTest, Sign_nullptr_key_name) {
@@ -237,7 +265,7 @@
return;
};
- bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, true);
+ bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, AID_WIFI);
EXPECT_EQ(result, true);
// The data to sign is empty. The return code is not important, and the attempt could be
@@ -262,7 +290,7 @@
};
// Create a key which cannot sign; any signing attempt should fail.
- bool result = generateKey(kTestKeyName, KeyPurpose::ENCRYPTION, true);
+ bool result = generateKey(kTestKeyName, KeyPurpose::ENCRYPTION, AID_WIFI);
EXPECT_EQ(result, true);
::android::hardware::hidl_vec<uint8_t> dataToSign;
@@ -271,6 +299,31 @@
EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
}
+TEST_P(WifiKeystoreHalTest, Sign_wrong_key_type) {
+ if (!isDebuggableBuild()) {
+ GTEST_SKIP() << "Device not running a debuggable build, cannot make test keys";
+ }
+
+ IKeystore::KeystoreStatusCode statusCode;
+
+ auto callback = [&statusCode](IKeystore::KeystoreStatusCode status,
+ const ::android::hardware::hidl_vec<uint8_t>& /*value*/) {
+ statusCode = status;
+ return;
+ };
+
+ ::android::hardware::hidl_vec<uint8_t> dataToSign;
+
+ // Generate a TYPE_GENERIC key instead of a TYPE_KEYMASTER_10 key.
+ // This also cannot be used to sign.
+
+ bool result = insert(kTestKeyName, AID_WIFI);
+ EXPECT_EQ(result, true);
+
+ keystore->sign(kTestKeyName, dataToSign, callback);
+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
+}
+
TEST_P(WifiKeystoreHalTest, Sign_success) {
if (!isDebuggableBuild()) {
GTEST_SKIP() << "Device not running a debuggable build, cannot make test keys";
@@ -286,7 +339,7 @@
::android::hardware::hidl_vec<uint8_t> dataToSign;
- bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, true);
+ bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, AID_WIFI);
EXPECT_EQ(result, true);
// With data the signing attempt should succeed
@@ -295,7 +348,7 @@
keystore->sign(kTestKeyName, dataToSign, callback);
EXPECT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
- result = deleteKey(kTestKeyName, true);
+ result = deleteKey(kTestKeyName, AID_WIFI);
EXPECT_EQ(result, true);
}
@@ -359,14 +412,12 @@
// The HAL is expecting the key to belong to the wifi user.
// If the key belongs to another user's space it should fail.
- bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, false);
+
+ bool result = insert(kTestKeyName, UID_SELF);
EXPECT_EQ(result, true);
- keystore->getBlob(std::string("USRCERT_") + kTestKeyName, callback);
+ keystore->getBlob(kTestKeyName, callback);
EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
-
- result = deleteKey(kTestKeyName, false);
- EXPECT_EQ(result, true);
}
TEST_P(WifiKeystoreHalTest, GetBlob_success) {
@@ -376,26 +427,21 @@
IKeystore::KeystoreStatusCode statusCode;
- std::string cert;
- auto callback = [&statusCode, &cert](IKeystore::KeystoreStatusCode status,
- const ::android::hardware::hidl_vec<uint8_t>& value) {
+ auto callback = [&statusCode](IKeystore::KeystoreStatusCode status,
+ const ::android::hardware::hidl_vec<uint8_t>& /*value*/) {
statusCode = status;
- cert = std::string(reinterpret_cast<const char*>(value.data()),
- reinterpret_cast<const char*>(value.data()) + value.size());
return;
};
// Accessing the key belonging to the wifi user should succeed.
- bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, true);
+ bool result = insert(kTestKeyName, AID_WIFI);
EXPECT_EQ(result, true);
- keystore->getBlob(std::string("USRCERT_") + kTestKeyName, callback);
+ keystore->getBlob(kTestKeyName, callback);
EXPECT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
- // Must return PEM encoded certificates.
- EXPECT_EQ(cert.rfind("-----BEGIN CERTIFICATE-----", 0), 0);
- result = deleteKey(kTestKeyName, true);
+ result = deleteKey(kTestKeyName, AID_WIFI);
EXPECT_EQ(result, true);
}
@@ -461,13 +507,39 @@
// If the key belongs to another user's space (e.g. root) it should
// not be accessible and should fail.
- bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, false);
+ bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, UID_SELF);
EXPECT_EQ(result, true);
keystore->getPublicKey(kTestKeyName, callback);
EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
- result = deleteKey(kTestKeyName, false);
+ result = deleteKey(kTestKeyName, UID_SELF);
+ EXPECT_EQ(result, true);
+}
+
+TEST_P(WifiKeystoreHalTest, GetPublicKey_wrong_key_type) {
+ if (!isDebuggableBuild()) {
+ GTEST_SKIP() << "Device not running a debuggable build, cannot make test keys";
+ }
+
+ IKeystore::KeystoreStatusCode statusCode;
+
+ auto callback = [&statusCode](IKeystore::KeystoreStatusCode status,
+ const ::android::hardware::hidl_vec<uint8_t>& /*value*/) {
+ statusCode = status;
+ return;
+ };
+
+ // A TYPE_GENERIC key (instead of a TYPE_KEYMASTER_10 key)
+ // should also fail.
+
+ bool result = insert(kTestKeyName, AID_WIFI);
+ EXPECT_EQ(result, true);
+
+ keystore->getPublicKey(kTestKeyName, callback);
+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
+
+ result = deleteKey(kTestKeyName, AID_WIFI);
EXPECT_EQ(result, true);
}
@@ -486,13 +558,13 @@
// Accessing the key belonging to the wifi uid should succeed.
- bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, true);
+ bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING, AID_WIFI);
EXPECT_EQ(result, true);
keystore->getPublicKey(kTestKeyName, callback);
EXPECT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
- result = deleteKey(kTestKeyName, true);
+ result = deleteKey(kTestKeyName, AID_WIFI);
EXPECT_EQ(result, true);
}
diff --git a/wifi/keystore/1.0/vts/functional/wifi_keystore_target.xml b/wifi/keystore/1.0/vts/functional/wifi_keystore_target.xml
new file mode 100644
index 0000000..6b3cd09
--- /dev/null
+++ b/wifi/keystore/1.0/vts/functional/wifi_keystore_target.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2019 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration description="Config for VTS Wifi Keystore HAL tests">
+ <option name="config-descriptor:metadata" key="plan" value="vts-hal" />
+ <target_preparer class="com.android.compatibility.common.tradefed.targetprep.VtsFilePusher">
+ <option name="abort-on-push-failure" value="false"/>
+ <option name="push-group" value="HalHidlTargetTest.push"/>
+ </target_preparer>
+ <test class="com.android.tradefed.testtype.VtsMultiDeviceTest">
+ <option name="test-module-name" value="VtsHalWifiKeystoreV1_0Target"/>
+ <option name="binary-test-source" value="_32bit::DATA/nativetest/VtsHalWifiKeystoreV1_0TargetTest/VtsHalWifiKeystoreV1_0TargetTest"/>
+ <option name="binary-test-source" value="_64bit::DATA/nativetest64/VtsHalWifiKeystoreV1_0TargetTest/VtsHalWifiKeystoreV1_0TargetTest"/>
+ <option name="binary-test-type" value="gtest"/>
+ <option name="test-timeout" value="5m"/>
+ </test>
+</configuration>