Merge TP1A.220120.003

Change-Id: Ie5eba313ee102e452f5f96942ed2f3a7bb4e8f01

38 files changed, 2455 insertions, 0 deletions

diff --git a/drm/aidl/android/hardware/drm/BufferType.aidl b/drm/aidl/android/hardware/drm/BufferType.aidl
new file mode 100644
index 0000000000..089c950656
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/BufferType.aidl
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum BufferType {
+    SHARED_MEMORY = 0,
+    NATIVE_HANDLE = 1,
+}
diff --git a/drm/aidl/android/hardware/drm/DecryptResult.aidl b/drm/aidl/android/hardware/drm/DecryptResult.aidl
new file mode 100644
index 0000000000..17e939bc95
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/DecryptResult.aidl
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * The DecryptResult parcelable contains the result of
+ * ICryptoPlugin decrypt method.
+ */
+@VintfStability
+parcelable DecryptResult {
+    /** The number of decrypted bytes. */
+    int bytesWritten;
+
+    /**
+     * Vendor-specific error message if provided by the vendor's
+     * crypto HAL.
+     */
+    String detailedError;
+}
diff --git a/drm/aidl/android/hardware/drm/DestinationBuffer.aidl b/drm/aidl/android/hardware/drm/DestinationBuffer.aidl
new file mode 100644
index 0000000000..0f1e3f5398
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/DestinationBuffer.aidl
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.common.NativeHandle;
+import android.hardware.drm.BufferType;
+import android.hardware.drm.SharedBuffer;
+
+/**
+ * A decrypt destination buffer can be either normal user-space shared
+ * memory for the non-secure decrypt case, or it can be a secure buffer
+ * which is referenced by a native-handle. The native handle is allocated
+ * by the vendor's buffer allocator.
+ */
+@VintfStability
+parcelable DestinationBuffer {
+    /**
+     * The type of the buffer
+     */
+    BufferType type;
+    /**
+     * If type == SHARED_MEMORY, the decrypted data must be written
+     * to user-space non-secure shared memory.
+     */
+    SharedBuffer nonsecureMemory;
+    /**
+     * If type == NATIVE_HANDLE, the decrypted data must be written
+     * to secure memory referenced by the vendor's buffer allocator.
+     */
+    NativeHandle secureMemory;
+}
diff --git a/drm/aidl/android/hardware/drm/DrmMetric.aidl b/drm/aidl/android/hardware/drm/DrmMetric.aidl
new file mode 100644
index 0000000000..6199af6d4d
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/DrmMetric.aidl
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.DrmMetricNamedValue;
+
+/**
+ * The metric being captured.
+ *
+ * A metric must have a name and at least one value. A metric may have 0 or
+ * more attributes. The fields of a Metric are opaque to the framework.
+ */
+@VintfStability
+parcelable DrmMetric {
+    String name;
+
+    /**
+     * Detail(s) about the metric being captured.
+     *
+     * The fields of an Attribute are opaque to the framework.
+     */
+    List<DrmMetricNamedValue> attributes;
+
+    /**
+     * Value(s) of the metric.
+     *
+     * A metric may have multiple values. The component name may be left empty
+     * if there is only supposed to be one value for the given metric. The
+     * fields of the Value are opaque to the framework.
+     */
+    List<DrmMetricNamedValue> values;
+}
diff --git a/drm/aidl/android/hardware/drm/DrmMetricGroup.aidl b/drm/aidl/android/hardware/drm/DrmMetricGroup.aidl
new file mode 100644
index 0000000000..3b1f3c9b0e
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/DrmMetricGroup.aidl
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.DrmMetric;
+
+/**
+ * This message contains plugin-specific metrics made available to the client.
+ * The message is used for making vendor-specific metrics available to an
+ * application. The framework is not consuming any of the information.
+ *
+ * Metrics are grouped in instances of DrmMetricGroup. Each group contains
+ * multiple instances of Metric.
+ *
+ * Example:
+ *
+ * Capture the timing information of a buffer copy event, "buf_copy", broken
+ * out by the "size" of the buffer.
+ *
+ * DrmMetricGroup {
+ *   metrics[0] {
+ *     name: "buf_copy"
+ *     attributes[0] {
+ *       name: "size"
+ *       type: INT64_TYPE
+ *       int64Value: 1024
+ *     }
+ *     values[0] {
+ *       componentName: "operation_count"
+ *       type: INT64_TYPE
+ *       int64Value: 75
+ *     }
+ *     values[1] {
+ *       component_name: "average_time_seconds"
+ *       type: DOUBLE_TYPE
+ *       doubleValue: 0.00000042
+ *     }
+ *   }
+ * }
+ */
+@VintfStability
+parcelable DrmMetricGroup {
+    /**
+     * The list of metrics to be captured.
+     */
+    List<DrmMetric> metrics;
+}
diff --git a/drm/aidl/android/hardware/drm/DrmMetricNamedValue.aidl b/drm/aidl/android/hardware/drm/DrmMetricNamedValue.aidl
new file mode 100644
index 0000000000..5bb17a6036
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/DrmMetricNamedValue.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.DrmMetricValue;
+
+/**
+ * A name-value pair used in drm metrics.
+ */
+@VintfStability
+parcelable DrmMetricNamedValue {
+    String name;
+    DrmMetricValue value;
+}
diff --git a/drm/aidl/android/hardware/drm/DrmMetricValue.aidl b/drm/aidl/android/hardware/drm/DrmMetricValue.aidl
new file mode 100644
index 0000000000..0203f3f801
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/DrmMetricValue.aidl
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * The value of a metric or a metric's attribute.
+ */
+@VintfStability
+union DrmMetricValue {
+    long int64Value;
+    double doubleValue;
+    String stringValue;
+}
diff --git a/drm/aidl/android/hardware/drm/EventType.aidl b/drm/aidl/android/hardware/drm/EventType.aidl
new file mode 100644
index 0000000000..7a06eb0505
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/EventType.aidl
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * EventType enumerates the events that can be delivered by sendEvent
+ */
+@VintfStability
+@Backing(type="int")
+enum EventType {
+    /**
+     * This event type indicates that the app needs to request a certificate
+     * from the provisioning server. The request message data is obtained using
+     * getProvisionRequest().
+     */
+    PROVISION_REQUIRED,
+    /**
+     * This event type indicates that the app needs to request keys from a
+     * license server. The request message data is obtained using getKeyRequest.
+     */
+    KEY_NEEDED,
+    /**
+     * This event type indicates that the licensed usage duration for keys in a
+     * session has expired. The keys are no longer valid.
+     */
+    KEY_EXPIRED,
+    /**
+     * This event may indicate some specific vendor-defined condition, see your
+     * DRM provider documentation for details.
+     */
+    VENDOR_DEFINED,
+    /**
+     * This event indicates that a session opened by the app has been reclaimed
+     * by the resource manager.
+     */
+    SESSION_RECLAIMED,
+}
diff --git a/drm/aidl/android/hardware/drm/HdcpLevel.aidl b/drm/aidl/android/hardware/drm/HdcpLevel.aidl
new file mode 100644
index 0000000000..3497b78431
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/HdcpLevel.aidl
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * HDCP specifications are defined by Digital Content Protection LLC (DCP).
+ *   "HDCP Specification Rev. 2.3 Interface Independent Adaptation"
+ *   "HDCP 2.3 on HDMI Specification"
+ */
+@VintfStability
+@Backing(type="int")
+enum HdcpLevel {
+    /**
+     * Unable to determine the HDCP level
+     */
+    HDCP_UNKNOWN,
+    /**
+     * No HDCP, output is unprotected
+     */
+    HDCP_NONE,
+    /**
+     * HDCP version 1.0
+     */
+    HDCP_V1,
+    /**
+     * HDCP version 2.0 Type 1.
+     */
+    HDCP_V2,
+    /**
+     * HDCP version 2.1 Type 1.
+     */
+    HDCP_V2_1,
+    /**
+     *  HDCP version 2.2 Type 1.
+     */
+    HDCP_V2_2,
+    /**
+     * No digital output, implicitly secure
+     */
+    HDCP_NO_OUTPUT,
+    /**
+     * HDCP version 2.3 Type 1.
+     */
+    HDCP_V2_3,
+}
diff --git a/drm/aidl/android/hardware/drm/HdcpLevels.aidl b/drm/aidl/android/hardware/drm/HdcpLevels.aidl
new file mode 100644
index 0000000000..cd4642ba42
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/HdcpLevels.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.HdcpLevel;
+
+@VintfStability
+parcelable HdcpLevels {
+    /** The lowest HDCP level for any connected displays. */
+    HdcpLevel connectedLevel;
+
+    /** The highest HDCP level that can be supported by the device. */
+    HdcpLevel maxLevel;
+}
diff --git a/drm/aidl/android/hardware/drm/ICryptoFactory.aidl b/drm/aidl/android/hardware/drm/ICryptoFactory.aidl
new file mode 100644
index 0000000000..202bd3dbfe
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/ICryptoFactory.aidl
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.Uuid;
+
+/**
+ * ICryptoFactory is the main entry point for interacting with a vendor's
+ * crypto HAL to create crypto plugins.
+
+ * Crypto plugins create crypto sessions which are used by a codec to decrypt
+ * protected video content.
+ */
+@VintfStability
+interface ICryptoFactory {
+    /**
+     * Create a crypto plugin for the specified uuid and scheme-specific
+     * initialization data.
+     *
+     * @param uuid uniquely identifies the drm scheme. See
+     *     http://dashif.org/identifiers/protection for uuid assignments
+     *
+     * @param initData scheme-specific init data.
+     *
+     * @return A crypto plugin instance if successful, or null if not created.
+     */
+    @nullable android.hardware.drm.ICryptoPlugin createPlugin(
+            in Uuid uuid, in byte[] initData);
+
+    /**
+     * Determine if a crypto scheme is supported by this HAL.
+     *
+     * @param uuid identifies the crypto scheme in question
+     * @return must be true only if the scheme is supported
+     */
+    boolean isCryptoSchemeSupported(in Uuid uuid);
+}
diff --git a/drm/aidl/android/hardware/drm/ICryptoPlugin.aidl b/drm/aidl/android/hardware/drm/ICryptoPlugin.aidl
new file mode 100644
index 0000000000..80a63dfdae
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/ICryptoPlugin.aidl
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.common.Ashmem;
+import android.hardware.drm.DecryptResult;
+import android.hardware.drm.DestinationBuffer;
+import android.hardware.drm.LogMessage;
+import android.hardware.drm.Mode;
+import android.hardware.drm.Pattern;
+import android.hardware.drm.SharedBuffer;
+import android.hardware.drm.Status;
+import android.hardware.drm.SubSample;
+
+/**
+ * ICryptoPlugin is the HAL for vendor-provided crypto plugins.
+ *
+ * It allows crypto sessions to be opened and operated on, to
+ * load crypto keys for a codec to decrypt protected video content.
+ */
+@VintfStability
+interface ICryptoPlugin {
+    /**
+     * Decrypt an array of subsamples from the source memory buffer to the
+     * destination memory buffer.
+     *
+     * @param secure a flag to indicate if a secure decoder is being used.
+     *     This enables the plugin to configure buffer modes to work
+     *     consistently with a secure decoder.
+     * @param the keyId for the key that is used to do the decryption. The
+     *     keyId refers to a key in the associated MediaDrm instance.
+     * @param iv the initialization vector to use
+     * @param mode the crypto mode to use
+     * @param pattern the crypto pattern to use
+     * @param subSamples a vector of subsamples indicating the number
+     *     of clear and encrypted bytes to process. This allows the decrypt
+     *     call to operate on a range of subsamples in a single call
+     * @param source the input buffer for the decryption
+     * @param offset the offset of the first byte of encrypted data from
+     *     the base of the source buffer
+     * @param destination the output buffer for the decryption
+     *
+     * @return DecryptResult parcelable
+     *     Implicit error codes:
+     *       + ERROR_DRM_CANNOT_HANDLE in other failure cases
+     *       + ERROR_DRM_DECRYPT if the decrypt operation fails
+     *       + ERROR_DRM_FRAME_TOO_LARGE if the frame being decrypted into
+     *             the secure output buffer exceeds the size of the buffer
+     *       + ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION if required output
+     *             protections are not active
+     *       + ERROR_DRM_INSUFFICIENT_SECURITY if the security level of the
+     *             device is not sufficient to meet the requirements in
+     *             the license policy
+     *       + ERROR_DRM_INVALID_STATE if the device is in a state where it
+     *             is not able to perform decryption
+     *       + ERROR_DRM_LICENSE_EXPIRED if the license keys have expired
+     *       + ERROR_DRM_NO_LICENSE if no license keys have been loaded
+     *       + ERROR_DRM_RESOURCE_BUSY if the resources required to perform
+     *             the decryption are not available
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the decrypt session is not
+     *             opened
+     */
+    DecryptResult decrypt(in boolean secure, in byte[] keyId, in byte[] iv, in Mode mode,
+            in Pattern pattern, in SubSample[] subSamples, in SharedBuffer source, in long offset,
+            in DestinationBuffer destination);
+
+    /**
+     * Get OEMCrypto or plugin error messages.
+     *
+     * @return LogMessages
+     *     Implicit error codes:
+     *       + GENERAL_OEM_ERROR on OEM-provided, low-level component failures;
+     *       + GENERAL_PLUGIN_ERROR on unexpected plugin-level errors.
+     */
+    List<LogMessage> getLogMessages();
+
+    /**
+     * Notify a plugin of the currently configured resolution.
+     *
+     * @param width - the display resolutions's width
+     * @param height - the display resolution's height
+     */
+    void notifyResolution(in int width, in int height);
+
+    /**
+     * Check if the specified mime-type requires a secure decoder
+     * component.
+     *
+     * @param mime The content mime-type
+     * @return must be true only if a secure decoder is required
+     * for the specified mime-type
+     */
+    boolean requiresSecureDecoderComponent(in String mime);
+
+    /**
+     * Associate a mediadrm session with this crypto session.
+     *
+     * @param sessionId the MediaDrm session ID to associate with
+     *     this crypto session
+     * @return (implicit) the status of the call, status can be:
+     *     ERROR_DRM_SESSION_NOT_OPENED if the session is not opened, or
+     *     ERROR_DRM_CANNOT_HANDLE if the operation is not supported by
+     *         the drm scheme
+     */
+    void setMediaDrmSession(in byte[] sessionId);
+
+    /**
+     * Set a shared memory base for subsequent decrypt operations.
+     * The buffer base is mmaped from a ParcelFileDesciptor in Ashmem
+     * which maps shared memory in the HAL module.
+     * After the shared buffer base is established, the decrypt() method
+     * receives SharedBuffer instances which specify the buffer address range
+     * for decrypt source and destination addresses.
+     *
+     * There can be multiple shared buffers per crypto plugin. The buffers
+     * are distinguished by the bufferId.
+     *
+     * @param base the base of the memory buffer identified by
+     *     bufferId
+     * @param bufferId identifies the specific shared buffer for which
+     *     the base is being set.
+     */
+    void setSharedBufferBase(in Ashmem base, in int bufferId);
+}
diff --git a/drm/aidl/android/hardware/drm/IDrmFactory.aidl b/drm/aidl/android/hardware/drm/IDrmFactory.aidl
new file mode 100644
index 0000000000..b9622a427b
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/IDrmFactory.aidl
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.SecurityLevel;
+import android.hardware.drm.Uuid;
+
+/**
+ * IDrmFactory is the main entry point for interacting with a vendor's
+ * drm HAL to create drm plugin instances. A drm plugin instance
+ * creates drm sessions which are used to obtain keys for a crypto
+ * session so it can decrypt protected video content.
+ */
+@VintfStability
+interface IDrmFactory {
+    /**
+     * Create a drm plugin instance for the specified uuid and
+     * scheme-specific initialization data.
+     *
+     * @param uuid uniquely identifies the drm scheme. See
+     *     http://dashif.org/identifiers/protection for uuid assignments
+     * @param appPackageName identifies the package name of the calling
+     *     application.
+     *
+     * @return A DRM plugin instance if successful, or null if not created.
+     *     Implicit error codes:
+     *       + ERROR_DRM_CANNOT_HANDLE if the plugin cannot be created.
+     */
+    @nullable android.hardware.drm.IDrmPlugin createPlugin(
+            in Uuid uuid, in String appPackageName);
+
+    /**
+     * Return vector of uuids identifying crypto schemes supported by
+     * this HAL.
+     *
+     * @return List of uuids for which isCryptoSchemeSupported is true;
+     *      each uuid can be used as input to createPlugin.
+     */
+    List<Uuid> getSupportedCryptoSchemes();
+
+    /**
+     * Determine if the HAL factory is able to construct plugins that
+     * support a given media container format specified by mimeType
+     *
+     * @param mimeType identifies the mime type in question
+     *
+     * @return must be true only if the scheme is supported
+     */
+    boolean isContentTypeSupported(in String mimeType);
+
+    /**
+     * Determine if a specific security level is supported by the device.
+     *
+     * @param uuid identifies the crypto scheme in question
+     * @param mimeType identifies the mime type in question
+     * @param securityLevel specifies the security level required
+     *
+     * @return must be true only if the scheme is supported
+     */
+    boolean isCryptoSchemeSupported(
+            in Uuid uuid, in String mimeType, in SecurityLevel securityLevel);
+}
diff --git a/drm/aidl/android/hardware/drm/IDrmPlugin.aidl b/drm/aidl/android/hardware/drm/IDrmPlugin.aidl
new file mode 100644
index 0000000000..e649f264ea
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/IDrmPlugin.aidl
@@ -0,0 +1,755 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.DrmMetricGroup;
+import android.hardware.drm.HdcpLevels;
+import android.hardware.drm.IDrmPluginListener;
+import android.hardware.drm.KeySetId;
+import android.hardware.drm.KeyRequest;
+import android.hardware.drm.KeyStatus;
+import android.hardware.drm.KeyType;
+import android.hardware.drm.KeyValue;
+import android.hardware.drm.LogMessage;
+import android.hardware.drm.NumberOfSessions;
+import android.hardware.drm.OfflineLicenseState;
+import android.hardware.drm.OpaqueData;
+import android.hardware.drm.ProvideProvisionResponseResult;
+import android.hardware.drm.ProvisionRequest;
+import android.hardware.drm.SecureStop;
+import android.hardware.drm.SecureStopId;
+import android.hardware.drm.SecurityLevel;
+
+/**
+ * IDrmPlugin is used to interact with a specific drm plugin that was
+ * created by IDrmFactory::createPlugin.
+ *
+ * A drm plugin provides methods for obtaining drm keys to be used by a codec
+ * to decrypt protected video content.
+ */
+@VintfStability
+interface IDrmPlugin {
+    /**
+     * Close a session on the DrmPlugin object
+     *
+     * @param sessionId the session id the call applies to
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if the sessionId is invalid
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the session cannot be closed.
+     *     ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    void closeSession(in byte[] sessionId);
+
+    /**
+     * Decrypt the provided input buffer with the cipher algorithm
+     * specified by setCipherAlgorithm and the key selected by keyId,
+     * and return the decrypted data.
+     *
+     * @param sessionId the session id the call applies to
+     * @param keyId the ID of the key to use for decryption
+     * @param input the input data to decrypt
+     * @param iv the initialization vector to use for decryption
+     *
+     * @return decrypted output buffer
+     *     Implicit error codes:
+     *       + BAD_VALUE if the sessionId is invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the decrypt operation cannot be performed.
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    byte[] decrypt(in byte[] sessionId, in byte[] keyId, in byte[] input, in byte[] iv);
+
+    /**
+     * Encrypt the provided input buffer with the cipher algorithm specified by
+     * setCipherAlgorithm and the key selected by keyId, and return the
+     * encrypted data.
+     *
+     * @param sessionId the session id the call applies to
+     * @param keyId the ID of the key to use for encryption
+     * @param input the input data to encrypt
+     * @param iv the initialization vector to use for encryption
+     *
+     * @return encrypted output buffer
+     *     Implicit error codes:
+     *       + BAD_VALUE if the sessionId is invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the encrypt operation cannot be performed.
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    byte[] encrypt(in byte[] sessionId, in byte[] keyId, in byte[] input, in byte[] iv);
+
+    /**
+     * Return the currently negotiated and max supported HDCP levels.
+     *
+     * The current level is based on the display(s) the device is connected to.
+     * If multiple HDCP-capable displays are simultaneously connected to
+     * separate interfaces, this method returns the lowest negotiated HDCP level
+     * of all interfaces.
+     *
+     * The maximum HDCP level is the highest level that can potentially be
+     * negotiated. It is a constant for any device, i.e. it does not depend on
+     * downstream receiving devices that could be connected. For example, if
+     * the device has HDCP 1.x keys and is capable of negotiating HDCP 1.x, but
+     * does not have HDCP 2.x keys, then the maximum HDCP capability would be
+     * reported as 1.x. If multiple HDCP-capable interfaces are present, it
+     * indicates the highest of the maximum HDCP levels of all interfaces.
+     *
+     * This method should only be used for informational purposes, not for
+     * enforcing compliance with HDCP requirements. Trusted enforcement of HDCP
+     * policies must be handled by the DRM system.
+     *
+     * @return HdcpLevels parcelable
+     *     Implicit error codes:
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the HDCP level cannot be queried
+     */
+    HdcpLevels getHdcpLevels();
+
+    /**
+     * A key request/response exchange occurs between the app and a License
+     * Server to obtain the keys required to decrypt the content.
+     * getKeyRequest() is used to obtain an opaque key request blob that is
+     * delivered to the license server.
+     *
+     * @param scope either a sessionId or a keySetId, depending on the
+     *     specified keyType. When the keyType is OFFLINE or STREAMING, scope
+     *     must be set to the sessionId the keys will be provided to. When the
+     *     keyType is RELEASE, scope must be set to the keySetId of the keys
+     *     being released.
+     * @param initData container-specific data, its meaning is interpreted
+     *     based on the mime type provided in the mimeType parameter. It could
+     *     contain, for example, the content ID, key ID or other data obtained
+     *     from the content metadata that is required to generate the key
+     *     request. initData must be empty when keyType is RELEASE.
+     * @param mimeType identifies the mime type of the content
+     * @param keyType specifies if the keys are to be used for streaming,
+     *     offline or a release
+     * @param optionalParameters included in the key request message to
+     *     allow a client application to provide additional message parameters
+     *     to the server.
+     *
+     * @return KeyRequest parcelable
+     *     Implicit error codes:
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_CANNOT_HANDLE if getKeyRequest is not supported at
+     *             the time of the call
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             a key request cannot be generated
+     *       + ERROR_DRM_NOT_PROVISIONED if the device requires provisioning
+     *             before it is able to generate a key request
+     *       + ERROR_DRM_RESOURCE_CONTENTION if client applications using the
+     *             hal are temporarily exceeding the available crypto resources
+     *             such that a retry of the operation is likely to succeed
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    KeyRequest getKeyRequest(in byte[] scope, in byte[] initData, in String mimeType,
+            in KeyType keyType, in KeyValue[] optionalParameters);
+
+    /**
+     * Get Plugin error messages.
+     *
+     * @return LogMessages
+     *     Implicit error codes:
+     *       + GENERAL_OEM_ERROR on OEM-provided, low-level component failures;
+     *       + GENERAL_PLUGIN_ERROR on unexpected plugin-level errors.
+     */
+    List<LogMessage> getLogMessages();
+
+    /**
+     * Returns the plugin-specific metrics. Multiple metric groups may be
+     * returned in one call to getMetrics(). The scope and definition of the
+     * metrics is defined by the plugin.
+     *
+     * @return collection of metric groups provided by the plugin
+     *     Implicit error codes:
+     *       + ERROR_DRM_INVALID_STATE if the metrics are not available to be
+     *             returned.
+     */
+    List<DrmMetricGroup> getMetrics();
+
+    /**
+     * Return the current number of open sessions and the maximum number of
+     * sessions that may be opened simultaneously among all DRM instances
+     * for the active DRM scheme.
+     *
+     * @return NumberOfSessions parcelable
+     *     Implicit error codes:
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             number of sessions cannot be queried
+     */
+    NumberOfSessions getNumberOfSessions();
+
+    /**
+     * The keys in an offline license allow protected content to be
+     * played even if the device is not connected to a network.
+     * Offline licenses are stored on the device after a key
+     * request/response exchange when the key request KeyType is
+     * OFFLINE. Normally each app is responsible for keeping track of
+     * the KeySetIds it has created. In some situations however, it
+     * will be necessary to request the list of stored offline license
+     * KeySetIds. If an app loses the KeySetId for any stored licenses
+     * that it created, for example, it must be able to recover the
+     * stored KeySetIds so those licenses will be removed when they
+     * expire or when the app is uninstalled.
+     *
+     * This method returns a list of the KeySetIds for all offline
+     * licenses. The offline license KeySetId allows an app to query
+     * the status of an offline license or remove it.
+     *
+     * @return list of keySetIds
+     *     Implicit error codes:
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             KeySetIds can't be returned
+     */
+    List<KeySetId> getOfflineLicenseKeySetIds();
+
+    /**
+     * Request the state of an offline license. An offline license must
+     * be usable or inactive. The keys in a usable offline license are
+     * available for decryption. When the offline license state is
+     * inactive, the keys have been marked for release using
+     * getKeyRequest with KeyType RELEASE but the key response has not
+     * been received. The keys in an inactive offline license are not
+     * usable for decryption.
+     *
+     * @param keySetId the id of the offline license
+     *
+     * @return The offline license state, UNKNOWN, USABLE or INACTIVE.
+     *     Implicit error codes:
+     *       + BAD_VALUE if the license is not found
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             offline license state can't be queried
+     */
+    OfflineLicenseState getOfflineLicenseState(in KeySetId keySetId);
+
+    /**
+     * Read a byte array property value given the property name.
+     * See getPropertyString.
+     *
+     * @param propertyName the name of the property
+     *
+     * @return property value bye array
+     *     Implicit error codes:
+     *       + BAD_VALUE if the property name is invalid
+     *       + ERROR_DRM_CANNOT_HANDLE if the property is not supported
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             property cannot be obtained
+     */
+    byte[] getPropertyByteArray(in String propertyName);
+
+    /**
+     * A drm scheme can have properties that are settable and readable
+     * by an app. There are a few forms of property access methods,
+     * depending on the data type of the property.
+     *
+     * Property values defined by the public API are:
+     *   "vendor" [string] identifies the maker of the drm scheme
+     *   "version" [string] identifies the version of the drm scheme
+     *   "description" [string] describes the drm scheme
+     *   'deviceUniqueId' [byte array] The device unique identifier is
+     *   established during device provisioning and provides a means of
+     *   uniquely identifying each device.
+     *
+     * Since drm scheme properties may vary, additional field names may be
+     * defined by each DRM vendor. Refer to your DRM provider documentation
+     * for definitions of its additional field names.
+     *
+     * Read a string property value given the property name.
+     *
+     * @param propertyName the name of the property
+     *
+     * @return the property value string.
+     *     Implicit error codes:
+     *       + BAD_VALUE if the property name is invalid
+     *       + ERROR_DRM_CANNOT_HANDLE if the property is not supported
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             property cannot be obtained
+     */
+    String getPropertyString(in String propertyName);
+
+    /**
+     * A provision request/response exchange occurs between the app
+     * and a provisioning server to retrieve a device certificate.
+     * getProvisionRequest is used to obtain an opaque provisioning
+     * request blob that is delivered to the provisioning server.
+     *
+     * @param certificateType the type of certificate requested, e.g. "X.509"
+     * @param certificateAuthority identifies the certificate authority.
+     *     A certificate authority (CA) is an entity which issues digital
+     *     certificates for use by other parties. It is an example of a
+     *     trusted third party.
+     *
+     * @return ProvisionRequest parcelable
+     *     Implicit error codes:
+     *       + ERROR_DRM_CANNOT_HANDLE if the drm scheme does not require
+     *             provisioning
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the provision request cannot be generated
+     *       + ERROR_DRM_RESOURCE_CONTENTION if client applications using
+     *             the hal are temporarily exceeding the available crypto
+     *             resources such that a retry of the operation is likely
+     *             to succeed
+     */
+    ProvisionRequest getProvisionRequest(
+            in String certificateType, in String certificateAuthority);
+
+    /**
+     * Get all secure stops by secure stop ID
+     *
+     * @param secureStopId the ID of the secure stop to return.
+     *     The secure stop ID is delivered by the key server
+     *     as part of the key response and must also be known by the app.
+     *
+     * @return secure stop opaque object.
+     *     Implicit error codes:
+     *       + BAD_VALUE if the secureStopId is invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the secure stop cannot be returned
+     */
+    SecureStop getSecureStop(in SecureStopId secureStopId);
+
+    /**
+     * Get the IDs of all secure stops on the device
+     *
+     * @return list of secure stops IDs.
+     *     Implicit error codes:
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the secure stop IDs list cannot be returned
+     */
+    List<SecureStopId> getSecureStopIds();
+
+    /**
+     * SecureStop is a way of enforcing the concurrent stream limit per
+     * subscriber.
+     *
+     * It can securely monitor the lifetime of sessions across device reboots
+     * by periodically persisting the session lifetime status in secure
+     * storage.
+     *
+     * A signed version of the sessionID is written to persistent storage on the
+     * device when each MediaCrypto object is created and periodically during
+     * playback. The sessionID is signed by the device private key to prevent
+     * tampering.
+     *
+     * When playback is completed the session is destroyed, and the secure
+     * stops are queried by the app. The app then delivers the secure stop
+     * message to a server which verifies the signature to confirm that the
+     * session and its keys have been removed from the device. The persisted
+     * record on the device is removed after receiving and verifying the
+     * signed response from the server.
+     *
+     * Get all secure stops on the device
+     *
+     * @return list of the opaque secure stop objects.
+     *     Implicit error codes:
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the secure stops cannot be returned
+     */
+    List<SecureStop> getSecureStops();
+
+    /**
+     * Return the current security level of a session. A session has an initial
+     * security level determined by the robustness of the DRM system's
+     * implementation on the device.
+     *
+     * @param sessionId the session id the call applies to
+     *
+     * @return the current security level for the session.
+     *     Implicit error codes:
+     *       + BAD_VALUE if the sessionId is invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             the security level cannot be queried
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    SecurityLevel getSecurityLevel(in byte[] sessionId);
+
+    /**
+     * Open a new session at a requested security level. The security level
+     * represents the robustness of the device's DRM implementation. By default,
+     * sessions are opened at the native security level of the device which is
+     * the maximum level that can be supported. Overriding the security level is
+     * necessary when the decrypted frames need to be manipulated, such as for
+     * image compositing. The security level parameter must be equal to or lower
+     * than the native level. If the requested level is not supported, the next
+     * lower supported security level must be set. The level can be queried
+     * using {@link #getSecurityLevel}. A session ID is returned.
+     *
+     * @param level the requested security level
+     *
+     * @return sessionId
+     */
+    byte[] openSession(in SecurityLevel securityLevel);
+
+    /**
+     * After a key response is received by the app, it is provided to the
+     * Drm plugin using provideKeyResponse.
+     *
+     * @param scope may be a sessionId or a keySetId depending on the
+     *     type of the response. Scope should be set to the sessionId
+     *     when the response is for either streaming or offline key requests.
+     *     Scope should be set to the keySetId when the response is for
+     *     a release request.
+     * @param response the response from the key server that is being
+     *     provided to the drm HAL.
+     *
+     * @return a keySetId that can be used to later restore the keys to a new
+     *     session with the method restoreKeys when the response is for an
+     *     offline key request.
+     *     Implicit error codes:
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_CANNOT_HANDLE if provideKeyResponse is not supported
+     *             at the time of the call
+     *       + ERROR_DRM_DEVICE_REVOKED if the device has been disabled by
+     *             the license policy
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *             a key response cannot be handled.
+     *       + ERROR_DRM_NOT_PROVISIONED if the device requires provisioning
+     *             before it can handle the key response
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    KeySetId provideKeyResponse(in byte[] scope, in byte[] response);
+
+    /**
+     * After a provision response is received by the app from a provisioning
+     * server, it is provided to the Drm HAL using provideProvisionResponse.
+     * The HAL implementation must receive the provision request and
+     * store the provisioned credentials.
+     *
+     * @param response the opaque provisioning response received by the
+     * app from a provisioning server.
+     *
+     * @return ProvideProvisionResponseResult parcelable, which contains
+     *     the public certificate and encrypted private key that can be
+     *     used by signRSA to compute an RSA signature on a message.
+     *     Implicit error codes:
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_DEVICE_REVOKED if the device has been disabled by
+     *             the license policy
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             provision response cannot be handled
+     */
+    ProvideProvisionResponseResult provideProvisionResponse(in byte[] response);
+
+    /**
+     * Request an informative description of the license for the session.
+     * The status is in the form of {name, value} pairs. Since DRM license
+     * policies vary by vendor, the specific status field names are
+     * determined by each DRM vendor. Refer to your DRM provider
+     * documentation for definitions of the field names for a particular
+     * drm scheme.
+     *
+     * @param sessionId the session id the call applies to
+     *
+     * @return a list of name value pairs describing the license.
+     *     Implicit error codes:
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             key status cannot be queried.
+     */
+    List<KeyValue> queryKeyStatus(in byte[] sessionId);
+
+    /**
+     * Release all secure stops on the device
+     *
+     * @return (implicit) the status of the call:
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the secure stops cannot be released.
+     */
+    void releaseAllSecureStops();
+
+    /**
+     * Release a secure stop by secure stop ID
+     *
+     * @param secureStopId the ID of the secure stop to release.
+     *     The secure stop ID is delivered by the key server as
+     *     part of the key response and must also be known by the app.
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if the secureStopId is invalid
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the secure stop cannot be released.
+     */
+    void releaseSecureStop(in SecureStopId secureStopId);
+
+    /**
+     * Release secure stops given a release message from the key server
+     *
+     * @param ssRelease the secure stop release message identifying
+     *     one or more secure stops to release. ssRelease is opaque,
+     *     it is passed directly from a DRM license server through
+     *     the app and media framework to the vendor HAL module.
+     *     The format and content of ssRelease must be defined by the
+     *     DRM scheme being implemented according to this HAL.
+     *     The DRM scheme can be identified by its UUID which
+     *     can be queried using IDrmFactory::isCryptoSchemeSupported.
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if ssRelease is invalid
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state wherei
+     *         the secure stop cannot be released.
+     */
+    void releaseSecureStops(in OpaqueData ssRelease);
+
+    /**
+     * Remove all secure stops on the device without requiring a secure
+     * stop release response message from the key server.
+     *
+     * @return (implicit) the status of the call:
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the secure stops cannot be removed.
+     */
+    void removeAllSecureStops();
+
+    /**
+     * Remove the current keys from a session
+     *
+     * @param sessionId the session id the call applies to
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if the sessionId is invalid
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the keys cannot be removed.
+     *     ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    void removeKeys(in byte[] sessionId);
+
+    /**
+     * Normally offline licenses are released using a key
+     * request/response exchange using getKeyRequest where the KeyType
+     * is RELEASE, followed by provideKeyResponse. This allows the
+     * server to cryptographically confirm that the license has been
+     * removed and then adjust the count of offline licenses allocated
+     * to the device.
+     * <p>
+     * In some exceptional situations it will be necessary to directly
+     * remove offline licenses without notifying the server, which is
+     * performed by this method.
+     *
+     * @param keySetId the id of the offline license to remove
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if the license is not found
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the KeySetIds can't be removed.
+     */
+    void removeOfflineLicense(in KeySetId keySetId);
+
+    /**
+     * Remove a secure stop given its secure stop ID, without requiring
+     * a secure stop release response message from the key server.
+     *
+     * @param secureStopId the ID of the secure stop to release.
+     *
+     * @return the status of the call:
+     *     BAD_VALUE if the secureStopId is invalid
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         the secure stop cannot be removed.
+     */
+    void removeSecureStop(in SecureStopId secureStopId);
+
+    /**
+     * Check if the specified mime-type & security level require a secure decoder
+     * component.
+     *
+     * @param mime The content mime-type
+     * @param level the requested security level
+     *
+     * @return must be true if and only if a secure decoder is
+     *     required for the specified mime-type & security level
+     */
+    boolean requiresSecureDecoder(in String mime, in SecurityLevel level);
+
+    /**
+     * Check if the specified mime-type requires a secure decoder component
+     * at the highest security level supported on the device.
+     *
+     * @param mime The content mime-type
+     *
+     * @return must be true if and only if a secure decoder is required
+     *     for the specified mime-type
+     */
+    boolean requiresSecureDecoderDefault(in String mime);
+
+    /**
+     * Restore persisted offline keys into a new session
+     *
+     * @param sessionId the session id the call applies to
+     * @param keySetId identifies the keys to load, obtained from
+     *     a prior call to provideKeyResponse().
+     *
+     * @return (implicit) the status of the call:
+     *     ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     *     BAD_VALUE if any parameters are invalid
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where
+     *         keys cannot be restored.
+     */
+    void restoreKeys(in byte[] sessionId, in KeySetId keySetId);
+
+    /**
+     * The following methods implement operations on a CryptoSession to support
+     * encrypt, decrypt, sign verify operations on operator-provided
+     * session keys.
+     *
+     *
+     * Set the cipher algorithm to be used for the specified session.
+     *
+     * @param sessionId the session id the call applies to
+     * @param algorithm the algorithm to use. The string conforms to JCA
+     *     Standard Names for Cipher Transforms and is case insensitive. An
+     *     example algorithm is "AES/CBC/PKCS5Padding".
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if any parameters are invalid
+     *     ERROR_DRM_INVALID_STATE  if the HAL is in a state where
+     *         the algorithm cannot be set.
+     *     ERROR_DRM_SESSION_NOT_OPENED if the session is not opened`
+     */
+    void setCipherAlgorithm(in byte[] sessionId, in String algorithm);
+
+    /**
+     * Plugins call the following methods to deliver events to the
+     * java app.
+     *
+     *
+     * Set a listener for a drm session. This allows the drm HAL to
+     * make asynchronous calls back to the client of IDrm.
+     *
+     * @param listener instance of IDrmPluginListener to receive the events
+     */
+    void setListener(in IDrmPluginListener listener);
+
+    /**
+     * Set the MAC algorithm to be used for computing hashes in a session.
+     *
+     * @param sessionId the session id the call applies to
+     * @param algorithm the algorithm to use. The string conforms to JCA
+     *     Standard Names for Mac Algorithms and is case insensitive. An example MAC
+     *     algorithm string is "HmacSHA256".
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if any parameters are invalid
+     *     ERROR_DRM_INVALID_STATE  if the HAL is in a state where
+     *         the algorithm cannot be set.
+     *     ERROR_DRM_SESSION_NOT_OPENED if the session is not opened`
+     */
+    void setMacAlgorithm(in byte[] sessionId, in String algorithm);
+
+    /**
+     * Set playback id of a drm session. The playback id can be used to join drm session metrics
+     * with metrics from other low level media components, e.g. codecs, or metrics from the high
+     * level player.
+     *
+     * @param sessionId drm session id
+     * @param playbackId high level playback id
+     *
+     * @return (implicit) the status of the call:
+     *    ERROR_DRM_SESSION_NOT_OPENED if the drm session cannot be found
+     */
+    void setPlaybackId(in byte[] sessionId, in String playbackId);
+
+    /**
+     * Write a property byte array value given the property name
+     *
+     * @param propertyName the name of the property
+     * @param value the value to write
+     *
+     * @return (implicit) the status of the call:
+     *     BAD_VALUE if the property name is invalid
+     *     ERROR_DRM_CANNOT_HANDLE if the property is not supported
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *         property cannot be set
+     */
+    void setPropertyByteArray(in String propertyName, in byte[] value);
+
+    /**
+     * Write a property string value given the property name
+     *
+     * @param propertyName the name of the property
+     * @param value the value to write
+     *
+     * @return (implicit) status of the call:
+     *     BAD_VALUE if the property name is invalid
+     *     ERROR_DRM_CANNOT_HANDLE if the property is not supported
+     *     ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *         property cannot be set
+     */
+    void setPropertyString(in String propertyName, in String value);
+
+    /**
+     * Compute a signature over the provided message using the mac algorithm
+     * specified by setMacAlgorithm and the key selected by keyId and return
+     * the signature.
+     *
+     * @param sessionId the session id the call applies to
+     * @param keyId the ID of the key to use for decryption
+     * @param message the message to compute a signature over
+     *
+     * @return signature computed over the message
+     *     Implicit error codes:
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             sign operation cannot be performed.
+     */
+    byte[] sign(in byte[] sessionId, in byte[] keyId, in byte[] message);
+
+    /**
+     * Compute an RSA signature on the provided message using the specified
+     * algorithm.
+     *
+     * @param sessionId the session id the call applies to
+     * @param algorithm the signing algorithm, such as "RSASSA-PSS-SHA1"
+     *     or "PKCS1-BlockType1"
+     * @param message the message to compute the signature on
+     * @param wrappedKey the private key returned during provisioning as
+     *     returned by provideProvisionResponse.
+     *
+     * @return signature computed over the message
+     *     Implicit error codes:
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             signRSA operation operation cannot be performed
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     */
+    byte[] signRSA(
+            in byte[] sessionId, in String algorithm, in byte[] message,
+            in byte[] wrappedkey);
+
+    /**
+     * Compute a hash of the provided message using the mac algorithm specified
+     * by setMacAlgorithm and the key selected by keyId, and compare with the
+     * expected result.
+     *
+     * @param sessionId the session id the call applies to
+     * @param keyId the ID of the key to use for decryption
+     * @param message the message to compute a hash of
+     * @param signature the signature to verify
+     *
+     * @return true if the signature is verified positively, false otherwise.
+     *     Implicit error codes:
+     *       + ERROR_DRM_SESSION_NOT_OPENED if the session is not opened
+     *       + BAD_VALUE if any parameters are invalid
+     *       + ERROR_DRM_INVALID_STATE if the HAL is in a state where the
+     *             verify operation cannot be performed.
+     */
+    boolean verify(
+            in byte[] sessionId, in byte[] keyId, in byte[] message,
+            in byte[] signature);
+}
diff --git a/drm/aidl/android/hardware/drm/IDrmPluginListener.aidl b/drm/aidl/android/hardware/drm/IDrmPluginListener.aidl
new file mode 100644
index 0000000000..d52da66742
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/IDrmPluginListener.aidl
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.EventType;
+import android.hardware.drm.KeyStatus;
+
+/**
+ * IDrmPluginListener is a listener interface for Drm events sent from an
+ * IDrmPlugin instance.
+ */
+@VintfStability
+interface IDrmPluginListener {
+    /**
+     * Legacy event sending method, it sends events of various types using a
+     * single overloaded set of parameters. This form is deprecated.
+     *
+     * @param eventType the type of the event
+     * @param sessionId identifies the session the event originated from
+     * @param data event-specific data blob
+     */
+    oneway void onEvent(in EventType eventType, in byte[] sessionId, in byte[] data);
+
+    /**
+     * Send a license expiration update to the listener. The expiration
+     * update indicates how long the current keys are valid before they
+     * need to be renewed.
+     *
+     * @param sessionId identifies the session the event originated from
+     * @param expiryTimeInMS the time when the keys need to be renewed.
+     * The time is in milliseconds, relative to the Unix epoch. A time
+     * of 0 indicates that the keys never expire.
+     */
+    oneway void onExpirationUpdate(in byte[] sessionId, in long expiryTimeInMS);
+
+    /**
+     * Send a keys change event to the listener. The keys change event
+     * indicates the status of each key in the session. Keys can be
+     * indicated as being usable, expired, outputnotallowed or statuspending.
+     *
+     * @param sessionId identifies the session the event originated from
+     * @param keyStatusList indicates the status for each key ID in the
+     * session.
+     * @param hasNewUsableKey indicates if the event includes at least one
+     * key that has become usable.
+     */
+    oneway void onKeysChange(
+            in byte[] sessionId, in KeyStatus[] keyStatusList, in boolean hasNewUsableKey);
+
+    /**
+     * Some device crypto hardware is incapable of retaining crypto
+     * session state across suspend and resume cycles. A
+     * SessionLostState event must be signaled when a session has
+     * become invalid for this reason. This event must not be used to
+     * indicate a failure in the crypto system. Closing the session
+     * and opening a new one must allow the application to resume
+     * normal use of the drm hal module.
+     *
+     * @param sessionId identifies the session that has been invalidated
+     */
+    oneway void onSessionLostState(in byte[] sessionId);
+}
diff --git a/drm/aidl/android/hardware/drm/KeyRequest.aidl b/drm/aidl/android/hardware/drm/KeyRequest.aidl
new file mode 100644
index 0000000000..0c732055f2
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeyRequest.aidl
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.KeyRequestType;
+
+@VintfStability
+parcelable KeyRequest {
+    /** The opaque key request blob. */
+    byte[] request;
+
+    /**
+     * Enumerated type:
+     *     INITIAL - the first key request for a license
+     *     NONE - indicates that no request is needed because the keys
+     *         are already loaded
+     *     RENEWAL - is a subsequent key request used to refresh the
+     *         keys in a license
+     *     RELEASE - indicates keys are being released
+     *     UPDATE - indicates that the keys need to be refetched after
+     *         the initial license request
+     */
+    KeyRequestType requestType;
+
+    /**
+     * The URL that the request may be sent to,
+     * if provided by the drm HAL. The app can choose to
+     * override this URL. If the HAL implementation does not provide
+     * a defaultUrl, the returned string must be empty.
+     */
+    String defaultUrl;
+}
diff --git a/drm/aidl/android/hardware/drm/KeyRequestType.aidl b/drm/aidl/android/hardware/drm/KeyRequestType.aidl
new file mode 100644
index 0000000000..3a603ff6c8
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeyRequestType.aidl
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * An app determines the type of a key request returned from getKeyRequest.
+ */
+@VintfStability
+@Backing(type="int")
+enum KeyRequestType {
+    /**
+     * Key request type is for an initial license request
+     */
+    INITIAL,
+    /**
+     * Key request type is for license renewal. Renewal requests are used
+     * to extend the validity period for streaming keys.
+     */
+    RENEWAL,
+    /**
+     * Key request type is a release. A key release causes offline keys
+     * to become available for streaming.
+     */
+    RELEASE,
+    /**
+     * Key request type is unknown due to some error condition.
+     */
+    UNKNOWN,
+    /**
+     * Keys are already loaded. No key request is needed.
+     */
+    NONE,
+    /**
+     * Keys have previously been loaded. An additional (non-renewal) license
+     * request is needed.
+     */
+    UPDATE,
+}
diff --git a/drm/aidl/android/hardware/drm/KeySetId.aidl b/drm/aidl/android/hardware/drm/KeySetId.aidl
new file mode 100644
index 0000000000..be0ce0efa8
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeySetId.aidl
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable KeySetId {
+    byte[] keySetId;
+}
diff --git a/drm/aidl/android/hardware/drm/KeyStatus.aidl b/drm/aidl/android/hardware/drm/KeyStatus.aidl
new file mode 100644
index 0000000000..16e042a147
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeyStatus.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.KeyStatusType;
+
+/**
+ * Used by sendKeysChange to report the usability status of each key
+ * to the app.
+ */
+@VintfStability
+parcelable KeyStatus {
+    byte[] keyId;
+    KeyStatusType type;
+}
diff --git a/drm/aidl/android/hardware/drm/KeyStatusType.aidl b/drm/aidl/android/hardware/drm/KeyStatusType.aidl
new file mode 100644
index 0000000000..6902d8708c
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeyStatusType.aidl
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum KeyStatusType {
+    /**
+     * The key is currently usable to decrypt media data.
+     */
+    USABLE,
+    /**
+     * The key is no longer usable to decrypt media data because its expiration
+     * time has passed.
+     */
+    EXPIRED,
+    /**
+     * The key is not currently usable to decrypt media data because its output
+     * requirements cannot currently be met.
+     */
+    OUTPUTNOTALLOWED,
+    /**
+     * The status of the key is not yet known and is being determined.
+     */
+    STATUSPENDING,
+    /**
+     * The key is not currently usable to decrypt media data because of an
+     * internal error in processing unrelated to input parameters.
+     */
+    INTERNALERROR,
+    /**
+     * The key is not yet usable to decrypt media because the start
+     * time is in the future. The key must become usable when
+     * its start time is reached.
+     */
+    USABLEINFUTURE,
+}
diff --git a/drm/aidl/android/hardware/drm/KeyType.aidl b/drm/aidl/android/hardware/drm/KeyType.aidl
new file mode 100644
index 0000000000..78b4d8369c
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeyType.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum KeyType {
+    /**
+     * Drm keys can be for offline content or for online streaming.
+     * Offline keys are persisted on the device and may be used when the device
+     * is disconnected from the network.
+     */
+    OFFLINE,
+    /**
+     * Keys for streaming are not persisted and require the device to be
+     * connected to the network for periodic renewal.
+     */
+    STREAMING,
+    /**
+     * The Release type is used to request that offline keys be no longer
+     * restricted to offline use.
+     */
+    RELEASE,
+}
diff --git a/drm/aidl/android/hardware/drm/KeyValue.aidl b/drm/aidl/android/hardware/drm/KeyValue.aidl
new file mode 100644
index 0000000000..e26781b58b
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/KeyValue.aidl
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable KeyValue {
+    String key;
+    String value;
+}
diff --git a/drm/aidl/android/hardware/drm/LogMessage.aidl b/drm/aidl/android/hardware/drm/LogMessage.aidl
new file mode 100644
index 0000000000..8ac1ced585
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/LogMessage.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+import android.hardware.drm.LogPriority;
+
+/**
+ * Returned by getLogMessages to report error diagnostics to the
+ * app.
+ *
+ * The |message| field is for informational purposes only, and
+ * NOT meant to be parsed programmatically when handling errors.
+ * For programmatic error handling, please check the return |Status|
+ * of APIs instead.
+ */
+@VintfStability
+parcelable LogMessage {
+    /**
+     * Epoch time in milliseconds.
+     */
+    long timeMs;
+    LogPriority priority;
+    String message;
+}
diff --git a/drm/aidl/android/hardware/drm/LogPriority.aidl b/drm/aidl/android/hardware/drm/LogPriority.aidl
new file mode 100644
index 0000000000..4db3b40982
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/LogPriority.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum LogPriority {
+    UNKNOWN,
+    DEFAULT,
+    VERBOSE,
+    DEBUG,
+    INFO,
+    WARN,
+    ERROR,
+    FATAL,
+}
diff --git a/drm/aidl/android/hardware/drm/Mode.aidl b/drm/aidl/android/hardware/drm/Mode.aidl
new file mode 100644
index 0000000000..6fc00651a8
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/Mode.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * Enumerate the supported crypto modes
+ */
+@VintfStability
+@Backing(type="int")
+enum Mode {
+    UNENCRYPTED = 0,
+    AES_CTR = 1,
+    AES_CBC_CTS = 2,
+    AES_CBC = 3,
+}
diff --git a/drm/aidl/android/hardware/drm/NumberOfSessions.aidl b/drm/aidl/android/hardware/drm/NumberOfSessions.aidl
new file mode 100644
index 0000000000..75b7c2ece8
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/NumberOfSessions.aidl
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable NumberOfSessions {
+    /** The number of currently opened sessions. */
+    int currentSessions;
+
+    /** The maximum number of sessions that the device can support. */
+    int maxSessions;
+}
diff --git a/drm/aidl/android/hardware/drm/OfflineLicenseState.aidl b/drm/aidl/android/hardware/drm/OfflineLicenseState.aidl
new file mode 100644
index 0000000000..0f447db2fa
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/OfflineLicenseState.aidl
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum OfflineLicenseState {
+    /**
+     * Offline license state is unknown
+     */
+    UNKNOWN,
+    /**
+     * Offline license state is usable, the keys are usable for decryption.
+     */
+    USABLE,
+    /**
+     * Offline license state is inactive, the keys have been marked for
+     * release using {@link #getKeyRequest} with KEY_TYPE_RELEASE but the
+     * key response has not been received.
+     */
+    INACTIVE,
+}
diff --git a/drm/aidl/android/hardware/drm/OpaqueData.aidl b/drm/aidl/android/hardware/drm/OpaqueData.aidl
new file mode 100644
index 0000000000..6b2a2e79c0
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/OpaqueData.aidl
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable OpaqueData {
+    byte[] opaqueData;
+}
diff --git a/drm/aidl/android/hardware/drm/Pattern.aidl b/drm/aidl/android/hardware/drm/Pattern.aidl
new file mode 100644
index 0000000000..88d22cf221
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/Pattern.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * A crypto Pattern is a repeating sequence of encrypted and clear blocks
+ * occurring within the bytes indicated by mNumBytesOfEncryptedDatad bytes
+ * of a subsample. Patterns are used to reduce the CPU overhead of
+ * decrypting samples. As an example, HLS uses 1:9 patterns where every
+ * 10th block is encrypted.
+ */
+@VintfStability
+parcelable Pattern {
+    /**
+     * The number of blocks to be encrypted in the pattern. If zero,
+     * pattern encryption is inoperative.
+     */
+    int encryptBlocks;
+
+    /**
+     * The number of blocks to be skipped (left clear) in the pattern. If
+     * zero, pattern encryption is inoperative.
+     */
+    int skipBlocks;
+}
diff --git a/drm/aidl/android/hardware/drm/ProvideProvisionResponseResult.aidl b/drm/aidl/android/hardware/drm/ProvideProvisionResponseResult.aidl
new file mode 100644
index 0000000000..e9f1e2b956
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/ProvideProvisionResponseResult.aidl
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable ProvideProvisionResponseResult {
+    /**
+     * The public certificate resulting from the provisioning
+     * operation, if any. An empty vector indicates that no
+     * certificate was returned.
+     */
+    byte[] certificate;
+
+    /**
+     * An opaque object containing encrypted private key material
+     * to be used by signRSA when computing an RSA signature on a
+     * message, see the signRSA method.
+     */
+    byte[] wrappedKey;
+}
diff --git a/drm/aidl/android/hardware/drm/ProvisionRequest.aidl b/drm/aidl/android/hardware/drm/ProvisionRequest.aidl
new file mode 100644
index 0000000000..eb42d32c87
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/ProvisionRequest.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable ProvisionRequest {
+    /** The opaque certificate request blob. */
+    byte[] request;
+
+    /**
+     * The URL that the provisioning request may be sent to,
+     * if known by the HAL implementation. An app can choose to
+     * override this URL. If the HAL implementation does not provide
+     * a defaultUrl, the returned string must be empty.
+     */
+    String defaultUrl;
+}
diff --git a/drm/aidl/android/hardware/drm/SecureStop.aidl b/drm/aidl/android/hardware/drm/SecureStop.aidl
new file mode 100644
index 0000000000..37cfbd39ab
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/SecureStop.aidl
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * Encapsulates a secure stop opaque object.
+ */
+@VintfStability
+parcelable SecureStop {
+    byte[] opaqueData;
+}
diff --git a/drm/aidl/android/hardware/drm/SecureStopId.aidl b/drm/aidl/android/hardware/drm/SecureStopId.aidl
new file mode 100644
index 0000000000..775e60b391
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/SecureStopId.aidl
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable SecureStopId {
+    byte[] secureStopId;
+}
diff --git a/drm/aidl/android/hardware/drm/SecurityLevel.aidl b/drm/aidl/android/hardware/drm/SecurityLevel.aidl
new file mode 100644
index 0000000000..aac1b686f3
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/SecurityLevel.aidl
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum SecurityLevel {
+    /**
+     * Unable to determine the security level
+     */
+    UNKNOWN,
+    /**
+     * Software-based whitebox crypto
+     */
+    SW_SECURE_CRYPTO,
+    /**
+     * Software-based whitebox crypto and an obfuscated decoder
+     */
+    SW_SECURE_DECODE,
+    /**
+     * DRM key management and crypto operations are performed within a
+     * hardware backed trusted execution environment
+     */
+    HW_SECURE_CRYPTO,
+    /**
+     * DRM key management, crypto operations and decoding of content
+     * are performed within a hardware backed trusted execution environment
+     */
+    HW_SECURE_DECODE,
+    /**
+     * DRM key management, crypto operations, decoding of content and all
+     * handling of the media (compressed and uncompressed) is handled within
+     * a hardware backed trusted execution environment.
+     */
+    HW_SECURE_ALL,
+    /**
+     * The default security level is defined as the highest security level
+     * supported on the device.
+     */
+    DEFAULT,
+}
diff --git a/drm/aidl/android/hardware/drm/SharedBuffer.aidl b/drm/aidl/android/hardware/drm/SharedBuffer.aidl
new file mode 100644
index 0000000000..69772840ba
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/SharedBuffer.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * SharedBuffer describes a decrypt buffer which is defined by a bufferId, an
+ * offset and a size.  The offset is relative to the shared memory base for the
+ * memory region identified by bufferId, which is established by
+ * setSharedMemoryBase().
+ */
+@VintfStability
+parcelable SharedBuffer {
+    /**
+     * The unique buffer identifier
+     */
+    int bufferId;
+    /**
+     * The offset from the shared memory base
+     */
+    long offset;
+    /**
+     * The size of the shared buffer in bytes
+     */
+    long size;
+}
diff --git a/drm/aidl/android/hardware/drm/Status.aidl b/drm/aidl/android/hardware/drm/Status.aidl
new file mode 100644
index 0000000000..ee57d64608
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/Status.aidl
@@ -0,0 +1,221 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+@Backing(type="int")
+enum Status {
+    /**
+     * The DRM plugin must return OK when an operation completes without any
+     * errors.
+     */
+    OK,
+    /**
+     * The DRM plugin must return ERROR_DRM_NO_LICENSE, when decryption is
+     * attempted and no license keys have been provided.
+     */
+    ERROR_DRM_NO_LICENSE,
+    /**
+     * ERROR_DRM_LICENSE_EXPIRED must be returned when an attempt is made
+     * to use a license and the keys in that license have expired.
+     */
+    ERROR_DRM_LICENSE_EXPIRED,
+    /**
+     * The DRM plugin must return ERROR_DRM_SESSION_NOT_OPENED when an
+     * attempt is made to use a session that has not been opened.
+     */
+    ERROR_DRM_SESSION_NOT_OPENED,
+    /**
+     * The DRM plugin must return ERROR_DRM_CANNOT_HANDLE when an unsupported
+     * data format or operation is attempted.
+     */
+    ERROR_DRM_CANNOT_HANDLE,
+    /**
+     * ERROR_DRM_INVALID_STATE must be returned when the device is in a state
+     * where it is not able to perform decryption.
+     */
+    ERROR_DRM_INVALID_STATE,
+    /**
+     * The DRM plugin must return BAD_VALUE whenever an illegal parameter is
+     * passed to one of the interface functions.
+     */
+    BAD_VALUE,
+    /**
+     * The DRM plugin must return ERROR_DRM_NOT_PROVISIONED from getKeyRequest,
+     * openSession or provideKeyResponse when the device has not yet been
+     * provisioned.
+     */
+    ERROR_DRM_NOT_PROVISIONED,
+    /**
+     * ERROR_DRM_RESOURCE_BUSY must be returned when resources, such as drm
+     * sessions or secure buffers are not available to perform a requested
+     * operation because they are already in use.
+     */
+    ERROR_DRM_RESOURCE_BUSY,
+    /**
+     * The DRM Plugin must return ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION
+     * when the output protection level enabled on the device is not
+     * sufficient to meet the requirements in the license policy.  HDCP is an
+     * example of a form of output protection.
+     */
+    ERROR_DRM_INSUFFICIENT_OUTPUT_PROTECTION,
+    /**
+     * The DRM Plugin must return ERROR_DRM_DEVICE_REVOKED from
+     * provideProvisionResponse and provideKeyResponse if the response indicates
+     * that the device has been revoked. Device revocation means that the device
+     * is no longer permitted to play content.
+     */
+    ERROR_DRM_DEVICE_REVOKED,
+    /**
+     * The DRM Plugin must return ERROR_DRM_DECRYPT if the CryptoPlugin
+     * decrypt operation fails.
+     */
+    ERROR_DRM_DECRYPT,
+    /**
+     * ERROR_DRM_UNKNOWN must be returned when a fatal failure occurs and no
+     * other defined error is appropriate.
+     */
+    ERROR_DRM_UNKNOWN,
+    /**
+     * The drm HAL module must return ERROR_DRM_INSUFFICIENT_SECURITY
+     * from the crypto plugin decrypt method when the security level
+     * of the device is not sufficient to meet the requirements in the
+     * license policy.
+     */
+    ERROR_DRM_INSUFFICIENT_SECURITY,
+    /**
+     * The drm HAL module must return ERROR_FRAME_TOO_LARGE from the
+     * decrypt method when the frame being decrypted into the secure
+     * output buffer exceeds the size of the buffer.
+     */
+    ERROR_DRM_FRAME_TOO_LARGE,
+    /**
+     * This error must be returned from any session method when an
+     * attempt is made to use the session after the crypto hardware
+     * state has been invalidated. Some devices are not able to
+     * retain crypto session state across device suspend/resume which
+     * results in invalid session state.
+     */
+    ERROR_DRM_SESSION_LOST_STATE,
+    /**
+     * The drm HAL module must return this error if client
+     * applications using the hal are temporarily exceeding the
+     * capacity of available crypto resources such that a retry of
+     * the operation is likely to succeed.
+     */
+    ERROR_DRM_RESOURCE_CONTENTION,
+    /**
+     * queueSecureInput buffer called with 0 subsamples.
+     */
+    CANNOT_DECRYPT_ZERO_SUBSAMPLES,
+    /**
+     * An error happened within the crypto library used by the drm plugin.
+     */
+    CRYPTO_LIBRARY_ERROR,
+    /**
+     * Non-specific error reported by the device OEM subsystem.
+     */
+    GENERAL_OEM_ERROR,
+    /**
+     * Unexpected internal failure in the drm/crypto plugin.
+     */
+    GENERAL_PLUGIN_ERROR,
+    /**
+     * The init data parameter passed to getKeyRequest is empty or invalid.
+     */
+    INIT_DATA_INVALID,
+    /**
+     * Either the key was not loaded from the license before attempting the
+     * operation, or the key ID parameter provided by the app is incorrect.
+     */
+    KEY_NOT_LOADED,
+    /**
+     * The license response was empty, fields are missing or otherwise unable
+     * to be parsed.
+     */
+    LICENSE_PARSE_ERROR,
+    /**
+     * The operation (e.g. to renew or persist a license) is prohibited by the
+     * license policy.
+     */
+    LICENSE_POLICY_ERROR,
+    /**
+     * Failed to generate a release request because a field in the stored
+     * license is empty or malformed.
+     */
+    LICENSE_RELEASE_ERROR,
+    /**
+     * The license server detected an error in the license request.
+     */
+    LICENSE_REQUEST_REJECTED,
+    /**
+     * Failed to restore an offline license because a field is empty or
+     * malformed.
+     */
+    LICENSE_RESTORE_ERROR,
+    /**
+     * License is in an invalid state for the attempted operation.
+     */
+    LICENSE_STATE_ERROR,
+    /**
+     * Certificate is malformed or is of the wrong type.
+     */
+    MALFORMED_CERTIFICATE,
+    /**
+     * Failure in the media framework.
+     */
+    MEDIA_FRAMEWORK_ERROR,
+    /**
+     * Certificate has not been set.
+     */
+    MISSING_CERTIFICATE,
+    /**
+     * There was an error loading the provisioned certificate.
+     */
+    PROVISIONING_CERTIFICATE_ERROR,
+    /**
+     * Required steps where not performed before provisioning was attempted.
+     */
+    PROVISIONING_CONFIGURATION_ERROR,
+    /**
+     * The provisioning response was empty, fields are missing or otherwise
+     * unable to be parsed.
+     */
+    PROVISIONING_PARSE_ERROR,
+    /**
+     * The provisioning server detected an error in the provisioning request.
+     */
+    PROVISIONING_REQUEST_REJECTED,
+    /**
+     * Provisioning failed in a way that is likely to succeed on a subsequent
+     * attempt.
+     */
+    RETRYABLE_PROVISIONING_ERROR,
+    /**
+     * Failed to generate a secure stop request because a field in the stored
+     * license is empty or malformed.
+     */
+    SECURE_STOP_RELEASE_ERROR,
+    /**
+     * The plugin was unable to read data from the filesystem.
+     */
+    STORAGE_READ_FAILURE,
+    /**
+     * The plugin was unable to write data to the filesystem.
+     */
+    STORAGE_WRITE_FAILURE,
+}
diff --git a/drm/aidl/android/hardware/drm/SubSample.aidl b/drm/aidl/android/hardware/drm/SubSample.aidl
new file mode 100644
index 0000000000..68a8fb1123
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/SubSample.aidl
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+/**
+ * A subsample consists of some number of bytes of clear (unencrypted)
+ * data followed by a number of bytes of encrypted data.
+ */
+@VintfStability
+parcelable SubSample {
+    int numBytesOfClearData;
+    int numBytesOfEncryptedData;
+}
diff --git a/drm/aidl/android/hardware/drm/Uuid.aidl b/drm/aidl/android/hardware/drm/Uuid.aidl
new file mode 100644
index 0000000000..b36c409c66
--- /dev/null
+++ b/drm/aidl/android/hardware/drm/Uuid.aidl
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.drm;
+
+@VintfStability
+parcelable Uuid {
+    byte[] uuid;
+}