From 7dcdd5b9c8ed98a3ffac4de337bb043724c1c5aa Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Thu, 28 Nov 2024 11:50:55 +0000
Subject: [PATCH] Add manifest fragments for all KeyMint versions

Make it easier for vendors to declare the Package Manager flag
that matches the version of KeyMint that their device implements.

Test: TreeHugger
Bug: 381125092
Change-Id: I13f781836b4b06c43811b315ca78da076ecd928f
---
 security/keymint/aidl/default/Android.bp      | 19 +++++++++++++++++++
 .../android.hardware.hardware_keystore_V1.xml | 18 ++++++++++++++++++
 .../android.hardware.hardware_keystore_V2.xml | 18 ++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
 create mode 100644 security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml

diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index 0f008ce52b..0197141858 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -104,6 +104,7 @@ rust_binary {
     ],
 }
 
+// The following target declares the latest version of KeyMint.
 prebuilt_etc {
     name: "android.hardware.hardware_keystore.xml",
     sub_dir: "permissions",
@@ -111,6 +112,24 @@ prebuilt_etc {
     src: "android.hardware.hardware_keystore.xml",
 }
 
+// The following targets (and underlying XML files) declare specific
+// versions of KeyMint.  Vendors should use the version that matches the
+// version of the KeyMint HAL that the device implements.
+
+prebuilt_etc {
+    name: "android.hardware.hardware_keystore_V1.xml",
+    sub_dir: "permissions",
+    vendor: true,
+    src: "android.hardware.hardware_keystore_V1.xml",
+}
+
+prebuilt_etc {
+    name: "android.hardware.hardware_keystore_V2.xml",
+    sub_dir: "permissions",
+    vendor: true,
+    src: "android.hardware.hardware_keystore_V2.xml",
+}
+
 prebuilt_etc {
     name: "android.hardware.hardware_keystore_V3.xml",
     sub_dir: "permissions",
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
new file mode 100644
index 0000000000..e5a93457c2
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<permissions>
+  <feature name="android.hardware.hardware_keystore" version="100" />
+</permissions>
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml
new file mode 100644
index 0000000000..2ebf1fe741
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<permissions>
+  <feature name="android.hardware.hardware_keystore" version="200" />
+</permissions>