Merge "[threadnetwork] update the platform log API usages and implementations" into main
diff --git a/audio/common/2.0/Android.bp b/audio/common/2.0/Android.bp
index 450e04f..679d6b0 100644
--- a/audio/common/2.0/Android.bp
+++ b/audio/common/2.0/Android.bp
@@ -15,9 +15,6 @@
root: "android.hardware",
// TODO(b/153609531): remove when no longer needed.
native_bridge_supported: true,
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
],
diff --git a/automotive/evs/aidl/Android.bp b/automotive/evs/aidl/Android.bp
index 3bfe8f3..dfb15c6 100644
--- a/automotive/evs/aidl/Android.bp
+++ b/automotive/evs/aidl/Android.bp
@@ -42,9 +42,6 @@
enabled: false,
},
ndk: {
- vndk: {
- enabled: false,
- },
min_sdk_version: "29",
},
},
diff --git a/common/aidl/Android.bp b/common/aidl/Android.bp
index 1457b8a..11de087 100644
--- a/common/aidl/Android.bp
+++ b/common/aidl/Android.bp
@@ -11,10 +11,7 @@
name: "android.hardware.common",
host_supported: true,
vendor_available: true,
- vndk: {
- enabled: true,
- support_system_process: true,
- },
+ double_loadable: true,
vndk_use_version: "2",
srcs: [
"android/hardware/common/*.aidl",
diff --git a/common/fmq/aidl/Android.bp b/common/fmq/aidl/Android.bp
index 6c37213..17c11ab 100644
--- a/common/fmq/aidl/Android.bp
+++ b/common/fmq/aidl/Android.bp
@@ -11,10 +11,7 @@
name: "android.hardware.common.fmq",
host_supported: true,
vendor_available: true,
- vndk: {
- enabled: true,
- support_system_process: true,
- },
+ double_loadable: true,
srcs: [
"android/hardware/common/fmq/*.aidl",
],
diff --git a/configstore/1.0/Android.bp b/configstore/1.0/Android.bp
index 51fc44c..ef781d2 100644
--- a/configstore/1.0/Android.bp
+++ b/configstore/1.0/Android.bp
@@ -12,9 +12,6 @@
hidl_interface {
name: "android.hardware.configstore@1.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"ISurfaceFlingerConfigs.hal",
diff --git a/configstore/1.1/Android.bp b/configstore/1.1/Android.bp
index ec745dd..c8c3f5e 100644
--- a/configstore/1.1/Android.bp
+++ b/configstore/1.1/Android.bp
@@ -12,9 +12,6 @@
hidl_interface {
name: "android.hardware.configstore@1.1",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"ISurfaceFlingerConfigs.hal",
diff --git a/configstore/utils/Android.bp b/configstore/utils/Android.bp
index 7ed3f68..b62f1bc 100644
--- a/configstore/utils/Android.bp
+++ b/configstore/utils/Android.bp
@@ -26,13 +26,10 @@
cc_library_shared {
name: "android.hardware.configstore-utils",
vendor_available: true,
- vndk: {
- enabled: true,
- },
double_loadable: true,
defaults: ["hidl_defaults"],
- srcs: [ "ConfigStoreUtils.cpp" ],
+ srcs: ["ConfigStoreUtils.cpp"],
export_include_dirs: ["include"],
@@ -40,12 +37,12 @@
"android.hardware.configstore@1.0",
"android.hardware.configstore@1.1",
"libbase",
- "libhidlbase"
+ "libhidlbase",
],
export_shared_lib_headers: [
"android.hardware.configstore@1.0",
"android.hardware.configstore@1.1",
"libbase",
- "libhidlbase"
+ "libhidlbase",
],
}
diff --git a/confirmationui/support/Android.bp b/confirmationui/support/Android.bp
index 1200115..67cc04b 100644
--- a/confirmationui/support/Android.bp
+++ b/confirmationui/support/Android.bp
@@ -27,9 +27,6 @@
name: "android.hardware.confirmationui-support-lib",
vendor_available: true,
host_supported: true,
- vndk: {
- enabled: true,
- },
srcs: [
"src/cbor.cpp",
"src/confirmationui_utils.cpp",
diff --git a/contexthub/OWNERS b/contexthub/OWNERS
index ee25833..f35961a 100644
--- a/contexthub/OWNERS
+++ b/contexthub/OWNERS
@@ -1,3 +1,2 @@
# Bug component: 156070
-arthuri@google.com
bduddie@google.com
diff --git a/graphics/allocator/2.0/Android.bp b/graphics/allocator/2.0/Android.bp
index 36158e9..5d3f883 100644
--- a/graphics/allocator/2.0/Android.bp
+++ b/graphics/allocator/2.0/Android.bp
@@ -13,9 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.allocator@2.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"IAllocator.hal",
],
diff --git a/graphics/allocator/3.0/Android.bp b/graphics/allocator/3.0/Android.bp
index 0100f6f..767a79f 100644
--- a/graphics/allocator/3.0/Android.bp
+++ b/graphics/allocator/3.0/Android.bp
@@ -13,9 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.allocator@3.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"IAllocator.hal",
],
diff --git a/graphics/allocator/4.0/Android.bp b/graphics/allocator/4.0/Android.bp
index 5d7a4a9..590ecf4 100644
--- a/graphics/allocator/4.0/Android.bp
+++ b/graphics/allocator/4.0/Android.bp
@@ -13,9 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.allocator@4.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"IAllocator.hal",
],
diff --git a/graphics/allocator/aidl/Android.bp b/graphics/allocator/aidl/Android.bp
index 6e24edc..0b916bf 100644
--- a/graphics/allocator/aidl/Android.bp
+++ b/graphics/allocator/aidl/Android.bp
@@ -11,10 +11,7 @@
aidl_interface {
name: "android.hardware.graphics.allocator",
vendor_available: true,
- vndk: {
- enabled: true,
- support_system_process: true,
- },
+ double_loadable: true,
vndk_use_version: "2",
srcs: ["android/hardware/graphics/allocator/*.aidl"],
imports: [
@@ -34,9 +31,6 @@
"//apex_available:platform",
"com.android.media.swcodec",
],
- vndk: {
- enabled: true,
- },
min_sdk_version: "29",
},
},
diff --git a/graphics/bufferqueue/1.0/Android.bp b/graphics/bufferqueue/1.0/Android.bp
index fe46b5e..c7c6453 100644
--- a/graphics/bufferqueue/1.0/Android.bp
+++ b/graphics/bufferqueue/1.0/Android.bp
@@ -13,9 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.bufferqueue@1.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"IGraphicBufferProducer.hal",
"IProducerListener.hal",
diff --git a/graphics/bufferqueue/2.0/Android.bp b/graphics/bufferqueue/2.0/Android.bp
index c2b0985..e9f75c1 100644
--- a/graphics/bufferqueue/2.0/Android.bp
+++ b/graphics/bufferqueue/2.0/Android.bp
@@ -13,9 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.bufferqueue@2.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"IGraphicBufferProducer.hal",
diff --git a/graphics/common/1.0/Android.bp b/graphics/common/1.0/Android.bp
index 786953b..b876bf3 100644
--- a/graphics/common/1.0/Android.bp
+++ b/graphics/common/1.0/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.common@1.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
],
diff --git a/graphics/common/1.1/Android.bp b/graphics/common/1.1/Android.bp
index d857f80..ff6c9b7 100644
--- a/graphics/common/1.1/Android.bp
+++ b/graphics/common/1.1/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.common@1.1",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
],
diff --git a/graphics/common/1.2/Android.bp b/graphics/common/1.2/Android.bp
index 17d0c20..b4663e5 100644
--- a/graphics/common/1.2/Android.bp
+++ b/graphics/common/1.2/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.common@1.2",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
],
diff --git a/graphics/common/aidl/Android.bp b/graphics/common/aidl/Android.bp
index 605299f..c1bb1ef 100644
--- a/graphics/common/aidl/Android.bp
+++ b/graphics/common/aidl/Android.bp
@@ -12,10 +12,7 @@
name: "android.hardware.graphics.common",
host_supported: true,
vendor_available: true,
- vndk: {
- enabled: true,
- support_system_process: true,
- },
+ double_loadable: true,
vndk_use_version: "5",
srcs: [
"android/hardware/graphics/common/*.aidl",
diff --git a/graphics/composer/aidl/Android.bp b/graphics/composer/aidl/Android.bp
index d60f8c4..9b6b196 100644
--- a/graphics/composer/aidl/Android.bp
+++ b/graphics/composer/aidl/Android.bp
@@ -28,10 +28,7 @@
name: "android.hardware.graphics.composer3",
host_supported: true,
vendor_available: true,
- vndk: {
- enabled: true,
- support_system_process: true,
- },
+ double_loadable: true,
frozen: false,
vndk_use_version: "1",
srcs: [
@@ -50,11 +47,6 @@
sdk_version: "module_current",
enabled: false,
},
- ndk: {
- vndk: {
- enabled: true,
- },
- },
rust: {
enabled: true,
},
diff --git a/graphics/mapper/2.0/Android.bp b/graphics/mapper/2.0/Android.bp
index 81040ab..07ca1cb 100644
--- a/graphics/mapper/2.0/Android.bp
+++ b/graphics/mapper/2.0/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.mapper@2.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
"IMapper.hal",
diff --git a/graphics/mapper/2.1/Android.bp b/graphics/mapper/2.1/Android.bp
index 1308a6c..f6e089a 100644
--- a/graphics/mapper/2.1/Android.bp
+++ b/graphics/mapper/2.1/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.mapper@2.1",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"IMapper.hal",
],
diff --git a/graphics/mapper/3.0/Android.bp b/graphics/mapper/3.0/Android.bp
index b49806f..0e15af9 100644
--- a/graphics/mapper/3.0/Android.bp
+++ b/graphics/mapper/3.0/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.mapper@3.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
"IMapper.hal",
diff --git a/graphics/mapper/4.0/Android.bp b/graphics/mapper/4.0/Android.bp
index c07f73c..b2dd7d2 100644
--- a/graphics/mapper/4.0/Android.bp
+++ b/graphics/mapper/4.0/Android.bp
@@ -13,10 +13,6 @@
hidl_interface {
name: "android.hardware.graphics.mapper@4.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
"IMapper.hal",
diff --git a/media/1.0/Android.bp b/media/1.0/Android.bp
index 22a6d59..d5ef95a 100644
--- a/media/1.0/Android.bp
+++ b/media/1.0/Android.bp
@@ -12,9 +12,6 @@
hidl_interface {
name: "android.hardware.media@1.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
],
diff --git a/media/bufferpool/2.0/Android.bp b/media/bufferpool/2.0/Android.bp
index fd6f08b..470a11f 100644
--- a/media/bufferpool/2.0/Android.bp
+++ b/media/bufferpool/2.0/Android.bp
@@ -13,9 +13,6 @@
hidl_interface {
name: "android.hardware.media.bufferpool@2.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"IAccessor.hal",
diff --git a/media/omx/1.0/Android.bp b/media/omx/1.0/Android.bp
index ea63467..cd1b9b6 100644
--- a/media/omx/1.0/Android.bp
+++ b/media/omx/1.0/Android.bp
@@ -12,9 +12,6 @@
hidl_interface {
name: "android.hardware.media.omx@1.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"IGraphicBufferSource.hal",
diff --git a/memtrack/1.0/Android.bp b/memtrack/1.0/Android.bp
index bf8db3f..1aeec59 100644
--- a/memtrack/1.0/Android.bp
+++ b/memtrack/1.0/Android.bp
@@ -12,9 +12,6 @@
hidl_interface {
name: "android.hardware.memtrack@1.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"IMemtrack.hal",
diff --git a/memtrack/aidl/Android.bp b/memtrack/aidl/Android.bp
index 0d1c241..4973d1e 100644
--- a/memtrack/aidl/Android.bp
+++ b/memtrack/aidl/Android.bp
@@ -34,9 +34,6 @@
enabled: false,
},
ndk: {
- vndk: {
- enabled: true,
- },
},
},
frozen: true,
diff --git a/renderscript/1.0/Android.bp b/renderscript/1.0/Android.bp
index 1f2ac15..c699141 100644
--- a/renderscript/1.0/Android.bp
+++ b/renderscript/1.0/Android.bp
@@ -14,10 +14,6 @@
root: "android.hardware",
// TODO(b/153609531): remove when no longer needed.
native_bridge_supported: true,
- vndk: {
- enabled: true,
- support_system_process: true,
- },
srcs: [
"types.hal",
"IContext.hal",
diff --git a/security/secretkeeper/aidl/Android.bp b/security/secretkeeper/aidl/Android.bp
index 5307bf9..48ce365 100644
--- a/security/secretkeeper/aidl/Android.bp
+++ b/security/secretkeeper/aidl/Android.bp
@@ -28,7 +28,8 @@
frozen: false,
backend: {
java: {
- enabled: false,
+ enabled: true,
+ platform_apis: true,
},
ndk: {
enabled: true,
diff --git a/soundtrigger/2.0/Android.bp b/soundtrigger/2.0/Android.bp
index 996105c..828b9ec 100644
--- a/soundtrigger/2.0/Android.bp
+++ b/soundtrigger/2.0/Android.bp
@@ -12,9 +12,6 @@
hidl_interface {
name: "android.hardware.soundtrigger@2.0",
root: "android.hardware",
- vndk: {
- enabled: true,
- },
srcs: [
"types.hal",
"ISoundTriggerHw.hal",
diff --git a/soundtrigger/2.0/default/Android.bp b/soundtrigger/2.0/default/Android.bp
index 8236e30..2cbf041 100644
--- a/soundtrigger/2.0/default/Android.bp
+++ b/soundtrigger/2.0/default/Android.bp
@@ -26,9 +26,6 @@
name: "android.hardware.soundtrigger@2.0-core",
defaults: ["hidl_defaults"],
vendor_available: true,
- vndk: {
- enabled: true,
- },
srcs: [
"SoundTriggerHalImpl.cpp",
],
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..53d722c
--- /dev/null
+++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+interface IHwCryptoKey {
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey();
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in byte[] dicePolicyForKeyVersion);
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKey deriveKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyParameters parameters);
+ parcelable DiceCurrentBoundKeyResult {
+ android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
+ byte[] dicePolicyForKeyVersion;
+ }
+ parcelable DiceBoundKeyResult {
+ android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
+ boolean dicePolicyWasCurrent;
+ }
+ parcelable ClearKeyPolicy {
+ int keySizeBytes;
+ }
+ union DerivedKeyPolicy {
+ android.hardware.security.see.hwcrypto.KeyPolicy opaqueKey;
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.ClearKeyPolicy clearKey;
+ }
+ parcelable DerivedKeyParameters {
+ android.hardware.security.see.hwcrypto.IOpaqueKey derivationKey;
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyPolicy keyPolicy;
+ byte[] context;
+ }
+ union DerivedKey {
+ byte[] explicitKey = {};
+ android.hardware.security.see.hwcrypto.IOpaqueKey opaque;
+ }
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..08c3173
--- /dev/null
+++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+
+/*
+ * Higher level interface to access and generate keys.
+ */
+interface IHwCryptoKey {
+ parcelable DiceCurrentBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Current dice policy which was used to generate the returned key. This policy is
+ * opaque from this service perspective (it will be sent to an Authentication Manager
+ * Service to be verified). It follows the structure defined on DicePolicy.cddl, located
+ * under hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * with the caveat that it could be encrypted if the client does not have enough permissions
+ * to see the device dice policy information.
+ */
+ byte[] dicePolicyForKeyVersion;
+ }
+
+ parcelable DiceBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Indicates if the diceBoundKey returned was created using a current DICE policy. The
+ * caller can use this to detect if an old policy was provided and rotate its keys if so
+ * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
+ * use a potentially compromised key.
+ */
+ boolean dicePolicyWasCurrent;
+ }
+
+ parcelable ClearKeyPolicy {
+ /*
+ * Indicates the desired key size. It will be used to calculate how many bytes of key
+ * material should be returned.
+ */
+ int keySizeBytes;
+ }
+
+ union DerivedKeyPolicy {
+ /*
+ * Policy for the newly derived opaque key. Defines how the key can be used and its type.
+ */
+ KeyPolicy opaqueKey;
+
+ /*
+ * If used we will derive a clear key and pass it back as an array of bytes on
+ * <code>HwCryptoKeyMaterial::explicitKey</code>.
+ */
+ ClearKeyPolicy clearKey;
+ }
+
+ parcelable DerivedKeyParameters {
+ /*
+ * Key to be used to derive the new key using HKDF.
+ */
+ IOpaqueKey derivationKey;
+
+ /*
+ * Policy for the newly derived key. Depending on its type, either a clear or opaque key
+ * will be derived.
+ */
+ DerivedKeyPolicy keyPolicy;
+
+ /*
+ * An arbitrary set of bytes incorporated into the key derivation. May have
+ * an implementation-specific maximum length, but it is guaranteed to accept
+ * at least 32 bytes.
+ */
+ byte[] context;
+ }
+
+ union DerivedKey {
+ /*
+ * Derived key in clear format.
+ */
+ byte[] explicitKey = {};
+
+ /*
+ * Derived key as a key token to be used only through the HWCrypto service.
+ */
+ IOpaqueKey opaque;
+ }
+
+ /*
+ * deriveCurrentDicePolicyBoundKey() - Derives a versioned key tied to the caller's current DICE
+ * policy. It will return this current policy back to the caller
+ * along with the generated key.
+ *
+ * Return:
+ * Ok(DiceCurrentBoundKeyResult) on success, service specific error based on
+ * <code>HalErrorCode</code> otherwise.
+ */
+ DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey();
+
+ /*
+ * deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy
+ * against the caller and then using it as a context for deriving
+ * the returned key.
+ *
+ * @dicePolicyForKeyVersion:
+ * Policy used to derive keys tied to specific versions. Using this parameter
+ * the caller can tie a derived key to a minimum version of itself, so in the future only
+ * itself or a more recent version can derive the same key. This parameter is opaque to the
+ * caller and it could be encrypted in the case the client doesn't have permission to know
+ * the dice chain.
+ * When implementing this function, this parameter shall be one of the components fed
+ * to the KDF context and it needs to be checked against the caller DICE certificate before
+ * being used.
+ *
+ * Return:
+ * Ok(DiceBoundKeyResult) on success, service specific error based on
+ * <code>HalErrorCode</code> otherwise.
+ */
+ DiceBoundKeyResult deriveDicePolicyBoundKey(in byte[] dicePolicyForKeyVersion);
+
+ /*
+ * deriveKey() - Derive a new key based on the given key, policy and context.
+ *
+ * @parameters:
+ * Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
+ * file for more information.
+ *
+ * Return:
+ * Ok(HwCryptoKeyMaterial) on success, service specific error based on
+ * <code>HalErrorCode</code> otherwise.
+ */
+ DerivedKey deriveKey(in DerivedKeyParameters parameters);
+}
