OemLock HAL

This HAL allows vendor defined implementation of the OEM lock.

Bug: 34766843
Test: Boot and call from system_server
Change-Id: I5371fea496b6cae8cc6dd234d9302036ddb68ece

4 files changed, 324 insertions, 0 deletions

diff --git a/oemlock/1.0/Android.bp b/oemlock/1.0/Android.bp
new file mode 100644
index 000000000..33096c39b
--- /dev/null
+++ b/oemlock/1.0/Android.bp
@@ -0,0 +1,63 @@
+// This file is autogenerated by hidl-gen. Do not edit manually.
+
+filegroup {
+    name: "android.hardware.oemlock@1.0_hal",
+    srcs: [
+        "types.hal",
+        "IOemLock.hal",
+    ],
+}
+
+genrule {
+    name: "android.hardware.oemlock@1.0_genc++",
+    tools: ["hidl-gen"],
+    cmd: "$(location hidl-gen) -o $(genDir) -Lc++ -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.oemlock@1.0",
+    srcs: [
+        ":android.hardware.oemlock@1.0_hal",
+    ],
+    out: [
+        "android/hardware/oemlock/1.0/types.cpp",
+        "android/hardware/oemlock/1.0/OemLockAll.cpp",
+    ],
+}
+
+genrule {
+    name: "android.hardware.oemlock@1.0_genc++_headers",
+    tools: ["hidl-gen"],
+    cmd: "$(location hidl-gen) -o $(genDir) -Lc++ -randroid.hardware:hardware/interfaces -randroid.hidl:system/libhidl/transport android.hardware.oemlock@1.0",
+    srcs: [
+        ":android.hardware.oemlock@1.0_hal",
+    ],
+    out: [
+        "android/hardware/oemlock/1.0/types.h",
+        "android/hardware/oemlock/1.0/hwtypes.h",
+        "android/hardware/oemlock/1.0/IOemLock.h",
+        "android/hardware/oemlock/1.0/IHwOemLock.h",
+        "android/hardware/oemlock/1.0/BnHwOemLock.h",
+        "android/hardware/oemlock/1.0/BpHwOemLock.h",
+        "android/hardware/oemlock/1.0/BsOemLock.h",
+    ],
+}
+
+cc_library_shared {
+    name: "android.hardware.oemlock@1.0",
+    generated_sources: ["android.hardware.oemlock@1.0_genc++"],
+    generated_headers: ["android.hardware.oemlock@1.0_genc++_headers"],
+    export_generated_headers: ["android.hardware.oemlock@1.0_genc++_headers"],
+    shared_libs: [
+        "libhidlbase",
+        "libhidltransport",
+        "libhwbinder",
+        "liblog",
+        "libutils",
+        "libcutils",
+        "android.hidl.base@1.0",
+    ],
+    export_shared_lib_headers: [
+        "libhidlbase",
+        "libhidltransport",
+        "libhwbinder",
+        "libutils",
+        "android.hidl.base@1.0",
+    ],
+}
diff --git a/oemlock/1.0/Android.mk b/oemlock/1.0/Android.mk
new file mode 100644
index 000000000..e50c2881f
--- /dev/null
+++ b/oemlock/1.0/Android.mk
@@ -0,0 +1,156 @@
+# This file is autogenerated by hidl-gen. Do not edit manually.
+
+LOCAL_PATH := $(call my-dir)
+
+################################################################################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := android.hardware.oemlock@1.0-java
+LOCAL_MODULE_CLASS := JAVA_LIBRARIES
+
+intermediates := $(call local-generated-sources-dir, COMMON)
+
+HIDL := $(HOST_OUT_EXECUTABLES)/hidl-gen$(HOST_EXECUTABLE_SUFFIX)
+
+LOCAL_JAVA_LIBRARIES := \
+    android.hidl.base@1.0-java \
+
+
+#
+# Build types.hal (OemLockSecureStatus)
+#
+GEN := $(intermediates)/android/hardware/oemlock/V1_0/OemLockSecureStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+        $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+        -Ljava \
+        -randroid.hardware:hardware/interfaces \
+        -randroid.hidl:system/libhidl/transport \
+        android.hardware.oemlock@1.0::types.OemLockSecureStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (OemLockStatus)
+#
+GEN := $(intermediates)/android/hardware/oemlock/V1_0/OemLockStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+        $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+        -Ljava \
+        -randroid.hardware:hardware/interfaces \
+        -randroid.hidl:system/libhidl/transport \
+        android.hardware.oemlock@1.0::types.OemLockStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build IOemLock.hal
+#
+GEN := $(intermediates)/android/hardware/oemlock/V1_0/IOemLock.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/IOemLock.hal
+$(GEN): PRIVATE_DEPS += $(LOCAL_PATH)/types.hal
+$(GEN): $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+        $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+        -Ljava \
+        -randroid.hardware:hardware/interfaces \
+        -randroid.hidl:system/libhidl/transport \
+        android.hardware.oemlock@1.0::IOemLock
+
+$(GEN): $(LOCAL_PATH)/IOemLock.hal
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+include $(BUILD_JAVA_LIBRARY)
+
+
+################################################################################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := android.hardware.oemlock@1.0-java-static
+LOCAL_MODULE_CLASS := JAVA_LIBRARIES
+
+intermediates := $(call local-generated-sources-dir, COMMON)
+
+HIDL := $(HOST_OUT_EXECUTABLES)/hidl-gen$(HOST_EXECUTABLE_SUFFIX)
+
+LOCAL_STATIC_JAVA_LIBRARIES := \
+    android.hidl.base@1.0-java-static \
+
+
+#
+# Build types.hal (OemLockSecureStatus)
+#
+GEN := $(intermediates)/android/hardware/oemlock/V1_0/OemLockSecureStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+        $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+        -Ljava \
+        -randroid.hardware:hardware/interfaces \
+        -randroid.hidl:system/libhidl/transport \
+        android.hardware.oemlock@1.0::types.OemLockSecureStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build types.hal (OemLockStatus)
+#
+GEN := $(intermediates)/android/hardware/oemlock/V1_0/OemLockStatus.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+        $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+        -Ljava \
+        -randroid.hardware:hardware/interfaces \
+        -randroid.hidl:system/libhidl/transport \
+        android.hardware.oemlock@1.0::types.OemLockStatus
+
+$(GEN): $(LOCAL_PATH)/types.hal
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+#
+# Build IOemLock.hal
+#
+GEN := $(intermediates)/android/hardware/oemlock/V1_0/IOemLock.java
+$(GEN): $(HIDL)
+$(GEN): PRIVATE_HIDL := $(HIDL)
+$(GEN): PRIVATE_DEPS := $(LOCAL_PATH)/IOemLock.hal
+$(GEN): PRIVATE_DEPS += $(LOCAL_PATH)/types.hal
+$(GEN): $(LOCAL_PATH)/types.hal
+$(GEN): PRIVATE_OUTPUT_DIR := $(intermediates)
+$(GEN): PRIVATE_CUSTOM_TOOL = \
+        $(PRIVATE_HIDL) -o $(PRIVATE_OUTPUT_DIR) \
+        -Ljava \
+        -randroid.hardware:hardware/interfaces \
+        -randroid.hidl:system/libhidl/transport \
+        android.hardware.oemlock@1.0::IOemLock
+
+$(GEN): $(LOCAL_PATH)/IOemLock.hal
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+include $(BUILD_STATIC_JAVA_LIBRARY)
+
+
+
+include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/oemlock/1.0/IOemLock.hal b/oemlock/1.0/IOemLock.hal
new file mode 100644
index 000000000..d57012359
--- /dev/null
+++ b/oemlock/1.0/IOemLock.hal
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.oemlock@1.0;
+
+/*
+ * The OEM lock prevents the bootloader from allowing the device to be flashed.
+ *
+ * Both the carrier and the device itself have a say as to whether OEM unlock is
+ * allowed and both must agree that is allowed in order for unlock to be
+ * possible.
+ */
+interface IOemLock {
+    /**
+     * Returns a vendor specific identifier of the HAL.
+     *
+     * The name returned must not be interpreted by the framework but must be
+     * passed to vendor code which may use it to identify the security protocol
+     * used by setOemUnlockAllowedByCarrier. This allows the vendor to identify
+     * the protocol without having to maintain a device-to-protocol mapping.
+     *
+     * @return name of the implementation.
+     */
+    getName() generates (OemLockStatus status, string name);
+
+    /**
+     * Updates whether OEM unlock is allowed by the carrier.
+     *
+     * The implementation may require a vendor defined signature to prove the
+     * validity of this request in order to harden its security.
+     *
+     * @param allowed is the new value of the flag.
+     * @param signature to prove validity of this request or empty if not
+     *        required.
+     * @return status is OK if the flag was successfully updated,
+     *         INVALID_SIGNATURE if a signature is required but the wrong one
+     *         was provided or FAILED if the update was otherwise unsuccessful.
+     */
+    setOemUnlockAllowedByCarrier(bool allowed, vec<uint8_t> signature)
+            generates (OemLockSecureStatus status);
+
+    /**
+     * Returns whether OEM unlock is allowed by the carrier.
+     *
+     * @return status is OK if the flag was successfully read.
+     * @return allowed is the current state of the flag.
+     */
+    isOemUnlockAllowedByCarrier() generates (OemLockStatus status, bool allowed);
+
+    /**
+     * Updates whether OEM unlock is allowed by the device.
+     *
+     * @param allowed is the new value of the flag.
+     * @return status is OK if the flag was successfully updated.
+     */
+    setOemUnlockAllowedByDevice(bool allowed) generates (OemLockStatus status);
+
+    /**
+     * Returns whether OEM unlock ia allowed by the device.
+     *
+     * @return status is OK if the flag was successfully read.
+     * @return allowed is the current state of the flag.
+     */
+    isOemUnlockAllowedByDevice() generates (OemLockStatus status, bool allowed);
+};
diff --git a/oemlock/1.0/types.hal b/oemlock/1.0/types.hal
new file mode 100644
index 000000000..0b4a8d118
--- /dev/null
+++ b/oemlock/1.0/types.hal
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.oemlock@1.0;
+
+enum OemLockStatus : uint32_t {
+    /** The operation completed successfully. */
+    OK,
+    /** The operation encountered a problem. */
+    FAILED,
+};
+
+enum OemLockSecureStatus : OemLockStatus {
+    /** An invalid signature was provided so the operation was not performed. */
+    INVALID_SIGNATURE,
+};