Add oemlock AIDL interface am: 109522c0d1 am: 03375181de

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1542664

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Id601e138ca064c418a3c46c6d52cfd56a318e8b5

compatibility_matrices/compatibility_matrix.current.xml

@@ -266,6 +266,14 @@
             <instance>default</instance>
         </interface>
     </hal>
+    <hal format="aidl" optional="true">
+        <name>android.hardware.oemlock</name>
+        <version>1</version>
+        <interface>
+            <name>IOemLock</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
     <hal format="hidl" optional="true">
         <name>android.hardware.ir</name>
         <version>1.0</version>

oemlock/aidl/Android.bp

@@ -0,0 +1,16 @@
+aidl_interface {
+    name: "android.hardware.oemlock",
+    vendor_available: true,
+    srcs: ["android/hardware/oemlock/*.aidl"],
+    stability: "vintf",
+    backend: {
+        java: {
+            platform_apis: true,
+        },
+        ndk: {
+            vndk: {
+                enabled: true,
+            },
+        },
+    },
+}

oemlock/aidl/aidl_api/android.hardware.oemlock/current/android/hardware/oemlock/IOemLock.aidl

@@ -0,0 +1,27 @@
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.oemlock;
+@VintfStability
+interface IOemLock {
+  String getName();
+  boolean isOemUnlockAllowedByCarrier();
+  boolean isOemUnlockAllowedByDevice();
+  android.hardware.oemlock.OemLockSecureStatus setOemUnlockAllowedByCarrier(in boolean allowed, in byte[] signature);
+  void setOemUnlockAllowedByDevice(in boolean allowed);
+}

oemlock/aidl/aidl_api/android.hardware.oemlock/current/android/hardware/oemlock/OemLockSecureStatus.aidl

@@ -0,0 +1,25 @@
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.oemlock;
+@Backing(type="int") @VintfStability
+enum OemLockSecureStatus {
+  OK = 0,
+  FAILED = 1,
+  INVALID_SIGNATURE = 2,
+}

oemlock/aidl/android/hardware/oemlock/IOemLock.aidl

@@ -0,0 +1,81 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.oemlock;
+
+import android.hardware.oemlock.OemLockSecureStatus;
+
+/*
+ * The OEM lock prevents the bootloader from allowing the device to be flashed.
+ *
+ * Both the carrier and the device itself have a say as to whether OEM unlock is
+ * allowed and both must agree that is allowed in order for unlock to be
+ * possible.
+ */
+@VintfStability
+interface IOemLock {
+    /**
+     * Returns a vendor specific identifier of the HAL.
+     *
+     * The name returned must not be interpreted by the framework but must be
+     * passed to vendor code which may use it to identify the security protocol
+     * used by setOemUnlockAllowedByCarrier. This allows the vendor to identify
+     * the protocol without having to maintain a device-to-protocol mapping.
+     *
+     * @return name of the implementation and STATUS_OK if get name successfully
+     */
+    String getName();
+
+    /**
+     * Returns whether OEM unlock is allowed by the carrier.
+     *
+     * @return the current state(allowed/not allowed) of the flag
+     * and STATUS_OK if the flag was successfully read.
+     */
+    boolean isOemUnlockAllowedByCarrier();
+
+    /**
+     * Returns whether OEM unlock ia allowed by the device.
+     *
+     * @return the current state(allowed/not allowed) of the flag
+     * and STATUS_OK if the flag was successfully read.
+     */
+    boolean isOemUnlockAllowedByDevice();
+
+    /**
+     * Updates whether OEM unlock is allowed by the carrier.
+     *
+     * The implementation may require a vendor defined signature to prove the
+     * validity of this request in order to harden its security.
+     *
+     * @param allowed is the new value of the flag.
+     * @param signature to prove validity of this request or empty if not
+     *        required.
+     * @return OK if the flag was successfully updated,
+     *         INVALID_SIGNATURE if a signature is required but the wrong one
+     *         was provided
+     *         FAILED if the update was otherwise unsuccessful.
+     */
+    OemLockSecureStatus setOemUnlockAllowedByCarrier(in boolean allowed, in byte[] signature);
+
+    /**
+     * Updates whether OEM unlock is allowed by the device.
+     *
+     * @param allowed the new value of the flag.
+     * @return STATUS_OK if the flag was successfully updated.
+     */
+    void setOemUnlockAllowedByDevice(in boolean allowed);
+}

oemlock/aidl/android/hardware/oemlock/OemLockSecureStatus.aidl

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.oemlock;
+
+@VintfStability
+@Backing(type="int")
+enum OemLockSecureStatus {
+    /**
+     * The operation completed successfully.
+     */
+    OK,
+    /**
+     * The operation encountered a problem.
+     */
+    FAILED,
+    /**
+     * An invalid signature was provided so the operation was not performed.
+     */
+    INVALID_SIGNATURE,
+}

oemlock/aidl/default/Android.bp

@@ -0,0 +1,32 @@
+//
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+cc_binary {
+    name: "android.hardware.oemlock-service.example",
+    relative_install_path: "hw",
+    init_rc: ["android.hardware.oemlock-service.example.rc"],
+    vintf_fragments: ["android.hardware.oemlock-service.example.xml"],
+    vendor: true,
+    srcs: [
+        "service.cpp",
+        "OemLock.cpp",
+    ],
+    shared_libs: [
+        "android.hardware.oemlock-ndk_platform",
+        "libbase",
+        "libbinder_ndk",
+    ],
+}

oemlock/aidl/default/OemLock.cpp

@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "OemLock.h"
+
+namespace aidl {
+namespace android {
+namespace hardware {
+namespace oemlock {
+
+// Methods from ::android::hardware::oemlock::IOemLock follow.
+
+::ndk::ScopedAStatus OemLock::getName(std::string *out_name) {
+    (void)out_name;
+    return ::ndk::ScopedAStatus::ok();
+}
+
+::ndk::ScopedAStatus OemLock::setOemUnlockAllowedByCarrier(bool in_allowed, const std::vector<uint8_t> &in_signature, OemLockSecureStatus *_aidl_return) {
+    (void)in_allowed;
+    (void)in_signature;
+    (void)_aidl_return;
+    return ::ndk::ScopedAStatus::ok();
+}
+
+::ndk::ScopedAStatus OemLock::isOemUnlockAllowedByCarrier(bool *out_allowed) {
+    (void)out_allowed;
+    return ::ndk::ScopedAStatus::ok();
+}
+
+::ndk::ScopedAStatus OemLock::setOemUnlockAllowedByDevice(bool in_allowed) {
+    (void)in_allowed;
+    return ::ndk::ScopedAStatus::ok();
+}
+
+::ndk::ScopedAStatus OemLock::isOemUnlockAllowedByDevice(bool *out_allowed) {
+    (void)out_allowed;
+    return ::ndk::ScopedAStatus::ok();
+}
+
+} // namespace oemlock
+} // namespace hardware
+} // namespace android
+} // aidl

oemlock/aidl/default/OemLock.h

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/oemlock/BnOemLock.h>
+
+namespace aidl {
+namespace android {
+namespace hardware {
+namespace oemlock {
+
+using ::aidl::android::hardware::oemlock::IOemLock;
+using ::aidl::android::hardware::oemlock::OemLockSecureStatus;
+
+struct OemLock : public BnOemLock {
+public:
+    OemLock() = default;
+
+    // Methods from ::android::hardware::oemlock::IOemLock follow.
+    ::ndk::ScopedAStatus getName(std::string* out_name) override;
+    ::ndk::ScopedAStatus isOemUnlockAllowedByCarrier(bool* out_allowed) override;
+    ::ndk::ScopedAStatus isOemUnlockAllowedByDevice(bool* out_allowed) override;
+    ::ndk::ScopedAStatus setOemUnlockAllowedByCarrier(bool in_allowed, const std::vector<uint8_t>& in_signature, OemLockSecureStatus* _aidl_return) override;
+    ::ndk::ScopedAStatus setOemUnlockAllowedByDevice(bool in_allowed) override;
+};
+
+} // namespace oemlock
+} // namespace hardware
+} // namespace android
+} // aidl

oemlock/aidl/default/android.hardware.oemlock-service.example.rc

@@ -0,0 +1,4 @@
+service vendor.oemlock_default /vendor/bin/hw/android.hardware.oemlock-service.example
+    class hal
+    user hsm
+    group hsm

oemlock/aidl/default/android.hardware.oemlock-service.example.xml

@@ -0,0 +1,9 @@
+<manifest version="1.0" type="device">
+    <hal format="aidl">
+        <name>android.hardware.oemlock</name>
+        <interface>
+            <name>IOemLock</name>
+            <instance>default</instance>
+        </interface>
+    </hal>
+</manifest>

oemlock/aidl/default/service.cpp

@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+#include "OemLock.h"
+
+using ::aidl::android::hardware::oemlock::OemLock;
+
+int main() {
+    ABinderProcess_setThreadPoolMaxThreadCount(0);
+    std::shared_ptr<OemLock> oemlock = ndk::SharedRefBase::make<OemLock>();
+
+    const std::string instance = std::string() + OemLock::descriptor + "/default";
+    binder_status_t status = AServiceManager_addService(oemlock->asBinder().get(), instance.c_str());
+    CHECK(status == STATUS_OK);
+
+    ABinderProcess_joinThreadPool();
+    return -1; // Should never be reached
+}

oemlock/aidl/vts/Android.bp

@@ -0,0 +1,33 @@
+//
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+cc_test {
+    name: "VtsHalOemLockTargetTest",
+    defaults: [
+        "VtsHalTargetTestDefaults",
+        "use_libaidlvintf_gtest_helper_static",
+    ],
+    srcs: ["VtsHalOemLockTargetTest.cpp"],
+    shared_libs: [
+        "libbinder_ndk",
+        "libbase",
+    ],
+    static_libs: ["android.hardware.oemlock-ndk_platform"],
+    test_suites: [
+        "general-tests",
+        "vts",
+    ],
+}

oemlock/aidl/vts/VtsHalOemLockTargetTest.cpp

@@ -0,0 +1,165 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <aidl/Gtest.h>
+#include <aidl/Vintf.h>
+
+#include <aidl/android/hardware/oemlock/IOemLock.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+using ::aidl::android::hardware::oemlock::IOemLock;
+using ::aidl::android::hardware::oemlock::OemLockSecureStatus;
+
+using ndk::SpAIBinder;
+
+struct OemLockAidlTest : public ::testing::TestWithParam<std::string> {
+    virtual void SetUp() override {
+        oemlock = IOemLock::fromBinder(
+            SpAIBinder(AServiceManager_waitForService(GetParam().c_str())));
+        ASSERT_NE(oemlock, nullptr);
+    }
+
+    virtual void TearDown() override {}
+
+    std::shared_ptr<IOemLock> oemlock;
+};
+
+/*
+ * Check the name can be retrieved
+ */
+TEST_P(OemLockAidlTest, GetName) {
+    std::string name;
+
+    const auto ret = oemlock->getName(&name);
+
+    ASSERT_TRUE(ret.isOk());
+    // Any value acceptable
+};
+
+/*
+ * Check the unlock allowed by device state can be queried
+ */
+TEST_P(OemLockAidlTest, QueryUnlockAllowedByDevice) {
+    bool allowed;
+
+    const auto ret = oemlock->isOemUnlockAllowedByDevice(&allowed);
+
+    ASSERT_TRUE(ret.isOk());
+    // Any value acceptable
+}
+
+/*
+ * Check unlock allowed by device state can be toggled
+ */
+TEST_P(OemLockAidlTest, AllowedByDeviceCanBeToggled) {
+    bool allowed;
+
+    // Get the original state so it can be restored
+    const auto get_ret = oemlock->isOemUnlockAllowedByDevice(&allowed);
+    ASSERT_TRUE(get_ret.isOk());
+    const bool originallyAllowed = allowed;
+
+    // Toggle the state
+    const auto set_ret = oemlock->setOemUnlockAllowedByDevice(!originallyAllowed);
+    ASSERT_TRUE(set_ret.isOk());
+
+    const auto check_set_ret = oemlock->isOemUnlockAllowedByDevice(&allowed);
+    ASSERT_TRUE(check_set_ret.isOk());
+    ASSERT_EQ(allowed, !originallyAllowed);
+
+    // Restore the state
+    const auto restore_ret = oemlock->setOemUnlockAllowedByDevice(originallyAllowed);
+    ASSERT_TRUE(restore_ret.isOk());
+
+    const auto check_restore_ret = oemlock->isOemUnlockAllowedByDevice(&allowed);
+    ASSERT_TRUE(check_restore_ret.isOk());
+    ASSERT_EQ(allowed, originallyAllowed);
+}
+
+/*
+ * Check the unlock allowed by device state can be queried
+ */
+TEST_P(OemLockAidlTest, QueryUnlockAllowedByCarrier) {
+    bool allowed;
+
+    const auto ret = oemlock->isOemUnlockAllowedByCarrier(&allowed);
+
+    ASSERT_TRUE(ret.isOk());
+    // Any value acceptable
+}
+
+/*
+ * Attempt to check unlock allowed by carrier can be toggled
+ *
+ * The implementation may involve a signature which cannot be tested here. That
+ * is a valid implementation so the test will pass. If there is no signature
+ * required, the test will toggle the value.
+ */
+TEST_P(OemLockAidlTest, CarrierUnlock) {
+    const std::vector<uint8_t> noSignature = {};
+    bool allowed;
+    OemLockSecureStatus secure_status;
+
+    // Get the original state so it can be restored
+    const auto get_ret = oemlock->isOemUnlockAllowedByCarrier(&allowed);
+    ASSERT_TRUE(get_ret.isOk());
+    const bool originallyAllowed = allowed;
+
+    if (originallyAllowed) {
+       // Only applied to locked devices
+       return;
+    }
+
+    // Toggle the state
+    const auto set_ret = oemlock->setOemUnlockAllowedByCarrier(!originallyAllowed, noSignature, &secure_status);
+    ASSERT_TRUE(set_ret.isOk());
+    ASSERT_NE(secure_status, OemLockSecureStatus::FAILED);
+    const auto set_status = secure_status;
+
+    const auto check_set_ret = oemlock->isOemUnlockAllowedByCarrier(&allowed);
+    ASSERT_TRUE(check_set_ret.isOk());
+
+    if (set_status == OemLockSecureStatus::INVALID_SIGNATURE) {
+       // Signature is required so we cannot toggle the value in the test, but this is allowed
+       ASSERT_EQ(allowed, originallyAllowed);
+       return;
+    }
+
+    ASSERT_EQ(set_status, OemLockSecureStatus::OK);
+    ASSERT_EQ(allowed, !originallyAllowed);
+
+    // Restore the state
+    const auto restore_ret = oemlock->setOemUnlockAllowedByCarrier(originallyAllowed, noSignature, &secure_status);
+    ASSERT_TRUE(restore_ret.isOk());
+    ASSERT_EQ(secure_status, OemLockSecureStatus::OK);
+
+    const auto check_restore_ret = oemlock->isOemUnlockAllowedByCarrier(&allowed);
+    ASSERT_TRUE(check_restore_ret.isOk());
+    ASSERT_EQ(allowed, originallyAllowed);
+}
+
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(OemLockAidlTest);
+INSTANTIATE_TEST_SUITE_P(
+        PerInstance, OemLockAidlTest,
+        testing::ValuesIn(android::getAidlHalInstanceNames(IOemLock::descriptor)),
+        android::PrintInstanceNameToString);
+
+int main(int argc, char** argv) {
+    ::testing::InitGoogleTest(&argc, argv);
+    ABinderProcess_setThreadPoolMaxThreadCount(1);
+    ABinderProcess_startThreadPool();
+    return RUN_ALL_TESTS();
+}