Move SecureStorage interface out of staging

Test: mmm hardware/interfaces/security/see/storage/aidl/
Bug: 278779487
Change-Id: I81b3032f8cbbea53309f098c89cfbc3d0974ec24

compatibility_matrices/exclude/fcm_exclude.cpp

@@ -156,6 +156,7 @@ bool ShouldCheckMissingAidlHalsInFcm(const std::string& packageAndVersion) {
             // Fastboot HAL is only used by recovery. Recovery is owned by OEM. Framework
             // does not depend on this HAL, hence it is not declared in any manifests or matrices.
             "android.hardware.fastboot@",
+            "android.hardware.security.see.storage",
     };
 
     static std::vector<std::string> excluded_exact{

security/see/storage/aidl/Android.bp

@@ -4,7 +4,7 @@ package {
 
 aidl_interface {
     name: "android.hardware.security.see.storage",
-    unstable: true,
+    stability: "vintf",
     host_supported: true,
     srcs: [
         "android/hardware/security/see/storage/*.aidl",
@@ -23,4 +23,5 @@ aidl_interface {
             enabled: true,
         },
     },
+    frozen: false,
 }

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Availability.aidl

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+enum Availability {
+  BEFORE_USERDATA,
+  AFTER_USERDATA,
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/CreationMode.aidl

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+enum CreationMode {
+  NO_CREATE,
+  CREATE_EXCLUSIVE,
+  CREATE,
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/FileMode.aidl

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+enum FileMode {
+  READ_ONLY,
+  WRITE_ONLY,
+  READ_WRITE,
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Filesystem.aidl

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+parcelable Filesystem {
+  android.hardware.security.see.storage.Integrity integrity = android.hardware.security.see.storage.Integrity.TAMPER_PROOF_AT_REST;
+  android.hardware.security.see.storage.Availability availability = android.hardware.security.see.storage.Availability.BEFORE_USERDATA;
+  boolean persistent;
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IDir.aidl

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+interface IDir {
+  @utf8InCpp String[] readNextFilenames(int maxCount);
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IFile.aidl

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+interface IFile {
+  byte[] read(long size, long offset);
+  long write(long offset, in byte[] buffer);
+  long getSize();
+  void setSize(long newSize);
+  void rename(in @utf8InCpp String destPath, in android.hardware.security.see.storage.CreationMode destCreateMode);
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/ISecureStorage.aidl

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+interface ISecureStorage {
+  android.hardware.security.see.storage.IStorageSession startSession(in android.hardware.security.see.storage.Filesystem filesystem);
+  const int ERR_UNSUPPORTED_PROPERTIES = 1;
+  const int ERR_NOT_FOUND = 2;
+  const int ERR_ALREADY_EXISTS = 3;
+  const int ERR_BAD_TRANSACTION = 4;
+  const int ERR_AB_UPDATE_IN_PROGRESS = 5;
+  const int ERR_FS_TAMPERED = 6;
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/IStorageSession.aidl

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+interface IStorageSession {
+  void commitChanges();
+  void stageChangesForCommitOnAbUpdateComplete();
+  void abandonChanges();
+  android.hardware.security.see.storage.IFile openFile(in @utf8InCpp String filePath, in android.hardware.security.see.storage.OpenOptions options);
+  void deleteFile(in @utf8InCpp String filePath);
+  void renameFile(in @utf8InCpp String currentPath, in @utf8InCpp String destPath, in android.hardware.security.see.storage.CreationMode destCreateMode);
+  android.hardware.security.see.storage.IDir openDir(in @utf8InCpp String path);
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/Integrity.aidl

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+enum Integrity {
+  TAMPER_PROOF_AT_REST,
+  TAMPER_DETECT,
+}

security/see/storage/aidl/aidl_api/android.hardware.security.see.storage/current/android/hardware/security/see/storage/OpenOptions.aidl

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.storage;
+@VintfStability
+parcelable OpenOptions {
+  android.hardware.security.see.storage.CreationMode createMode = android.hardware.security.see.storage.CreationMode.NO_CREATE;
+  android.hardware.security.see.storage.FileMode accessMode = android.hardware.security.see.storage.FileMode.READ_WRITE;
+  boolean truncateOnOpen;
+}

security/see/storage/aidl/android/hardware/security/see/storage/Availability.aidl

@@ -16,6 +16,7 @@
 package android.hardware.security.see.storage;
 
 /** Determines how early during the boot process file is able to be accessed. */
+@VintfStability
 enum Availability {
     /** Available before userdata is mounted, but after android has booted. */
     BEFORE_USERDATA,

security/see/storage/aidl/android/hardware/security/see/storage/CreationMode.aidl

@@ -15,6 +15,7 @@
  */
 package android.hardware.security.see.storage;
 
+@VintfStability
 enum CreationMode {
     /** Returns an error if the file does not already exist. */
     NO_CREATE,

security/see/storage/aidl/android/hardware/security/see/storage/FileMode.aidl

@@ -15,6 +15,7 @@
  */
 package android.hardware.security.see.storage;
 
+@VintfStability
 enum FileMode {
     /** The file may only be read from. */
     READ_ONLY,

security/see/storage/aidl/android/hardware/security/see/storage/Filesystem.aidl

@@ -21,6 +21,7 @@ import android.hardware.security.see.storage.Integrity;
 /**
  * Specifies minimum security requirements for a Secure Storage filesystem.
  */
+@VintfStability
 parcelable Filesystem {
     Integrity integrity = Integrity.TAMPER_PROOF_AT_REST;
     Availability availability = Availability.BEFORE_USERDATA;

security/see/storage/aidl/android/hardware/security/see/storage/IDir.aidl

@@ -16,6 +16,7 @@
 package android.hardware.security.see.storage;
 
 /** The interface for an open directory */
+@VintfStability
 interface IDir {
     /**
      * Gets the next batch of filenames in this directory.

security/see/storage/aidl/android/hardware/security/see/storage/IFile.aidl

@@ -18,6 +18,7 @@ package android.hardware.security.see.storage;
 import android.hardware.security.see.storage.CreationMode;
 
 /** The interface for an open file */
+@VintfStability
 interface IFile {
     /**
      * Read bytes from this file.

security/see/storage/aidl/android/hardware/security/see/storage/ISecureStorage.aidl

@@ -23,6 +23,7 @@ import android.hardware.security.see.storage.IStorageSession;
  *
  * Creates sessions which can be used to access storage.
  */
+@VintfStability
 interface ISecureStorage {
     const int ERR_UNSUPPORTED_PROPERTIES = 1;
     const int ERR_NOT_FOUND = 2;

security/see/storage/aidl/android/hardware/security/see/storage/IStorageSession.aidl

@@ -31,6 +31,7 @@ import android.hardware.security.see.storage.OpenOptions;
  *
  * Any changes still pending when the session is dropped will be abandoned.
  */
+@VintfStability
 interface IStorageSession {
     /**
      * Commits any pending changes made through this session to storage.

security/see/storage/aidl/android/hardware/security/see/storage/Integrity.aidl

@@ -15,6 +15,7 @@
  */
 package android.hardware.security.see.storage;
 
+@VintfStability
 enum Integrity {
     /** REE may prevent operations, but cannot alter data once written. */
     TAMPER_PROOF_AT_REST,

security/see/storage/aidl/android/hardware/security/see/storage/OpenOptions.aidl

@@ -18,6 +18,7 @@ package android.hardware.security.see.storage;
 import android.hardware.security.see.storage.CreationMode;
 import android.hardware.security.see.storage.FileMode;
 
+@VintfStability
 parcelable OpenOptions {
     /** Controls creation behavior of the to-be-opened file. See `CreationMode` docs for details. */
     CreationMode createMode = CreationMode.NO_CREATE;