OemLock HAL
This HAL allows vendor defined implementation of the OEM lock.
Bug: 34766843
Test: Boot and call from system_server
Change-Id: I5371fea496b6cae8cc6dd234d9302036ddb68ece
diff --git a/oemlock/1.0/IOemLock.hal b/oemlock/1.0/IOemLock.hal
new file mode 100644
index 0000000..d570123
--- /dev/null
+++ b/oemlock/1.0/IOemLock.hal
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.oemlock@1.0;
+
+/*
+ * The OEM lock prevents the bootloader from allowing the device to be flashed.
+ *
+ * Both the carrier and the device itself have a say as to whether OEM unlock is
+ * allowed and both must agree that is allowed in order for unlock to be
+ * possible.
+ */
+interface IOemLock {
+ /**
+ * Returns a vendor specific identifier of the HAL.
+ *
+ * The name returned must not be interpreted by the framework but must be
+ * passed to vendor code which may use it to identify the security protocol
+ * used by setOemUnlockAllowedByCarrier. This allows the vendor to identify
+ * the protocol without having to maintain a device-to-protocol mapping.
+ *
+ * @return name of the implementation.
+ */
+ getName() generates (OemLockStatus status, string name);
+
+ /**
+ * Updates whether OEM unlock is allowed by the carrier.
+ *
+ * The implementation may require a vendor defined signature to prove the
+ * validity of this request in order to harden its security.
+ *
+ * @param allowed is the new value of the flag.
+ * @param signature to prove validity of this request or empty if not
+ * required.
+ * @return status is OK if the flag was successfully updated,
+ * INVALID_SIGNATURE if a signature is required but the wrong one
+ * was provided or FAILED if the update was otherwise unsuccessful.
+ */
+ setOemUnlockAllowedByCarrier(bool allowed, vec<uint8_t> signature)
+ generates (OemLockSecureStatus status);
+
+ /**
+ * Returns whether OEM unlock is allowed by the carrier.
+ *
+ * @return status is OK if the flag was successfully read.
+ * @return allowed is the current state of the flag.
+ */
+ isOemUnlockAllowedByCarrier() generates (OemLockStatus status, bool allowed);
+
+ /**
+ * Updates whether OEM unlock is allowed by the device.
+ *
+ * @param allowed is the new value of the flag.
+ * @return status is OK if the flag was successfully updated.
+ */
+ setOemUnlockAllowedByDevice(bool allowed) generates (OemLockStatus status);
+
+ /**
+ * Returns whether OEM unlock ia allowed by the device.
+ *
+ * @return status is OK if the flag was successfully read.
+ * @return allowed is the current state of the flag.
+ */
+ isOemUnlockAllowedByDevice() generates (OemLockStatus status, bool allowed);
+};