Merge "Biometric time-based resetLockout for multi-biometric devices" into sc-dev am: f8ec6f38

import android.annotation.SystemService;

import android.annotation.TestApi;

import android.content.Context;

import android.os.IBinder;

import android.os.RemoteException;

import android.security.keystore.KeyProperties;

import android.util.Slog;

        }

    }

    /**

     * Requests all other biometric sensors to resetLockout. Note that this is a "time bound"

     * See the {@link android.hardware.biometrics.fingerprint.ISession#resetLockout(int,

     * HardwareAuthToken)} and {@link android.hardware.biometrics.face.ISession#resetLockout(int,

     * HardwareAuthToken)} documentation for complete details.

     *

     * @param token A binder from the caller, for the service to linkToDeath

     * @param opPackageName Caller's package name

     * @param fromSensorId The originating sensor that just authenticated. Note that this MUST

     *                     be a sensor that meets {@link Authenticators#BIOMETRIC_STRONG} strength.

     *                     The strength will also be enforced on the BiometricService side.

     * @param userId The user that authentication succeeded for, and also the user that resetLockout

     *               should be applied to.

     * @param hardwareAuthToken A valid HAT generated upon successful biometric authentication. Note

     *                          that it is not necessary for the HAT to contain a challenge.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId,

            int userId, byte[] hardwareAuthToken) {

        if (mService != null) {

            try {

                mService.resetLockoutTimeBound(token, opPackageName, fromSensorId, userId,

                        hardwareAuthToken);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

    }

    /**

     * Provides a localized string that may be used as the label for a button that invokes

     * {@link BiometricPrompt}.

    // land as SIDs, and are used during key generation.

    long[] getAuthenticatorIds();

    // See documentation in BiometricManager.

    void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId, int userId,

            in byte[] hardwareAuthToken);

    // Provides a localized string that may be used as the label for a button that invokes

    // BiometricPrompt.

    CharSequence getButtonLabel(int userId, String opPackageName, int authenticators);

    // Gets the authenticator ID representing the current set of enrolled templates

    long getAuthenticatorId(int callingUserId);

    // Requests the sensor to reset its lockout state

    void resetLockout(IBinder token, String opPackageName, int userId,

            in byte[] hardwareAuthToken);

}

    // land as SIDs, and are used during key generation.

    long[] getAuthenticatorIds(int callingUserId);

    // See documentation in BiometricManager.

    void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId, int userId,

            in byte[] hardwareAuthToken);

    int getCurrentStrength(int sensorId);

    // Returns a bit field of the modality (or modalities) that are will be used for authentication.

    // User states for this sensor.

    repeated UserStateProto user_states = 4;

    // True if resetLockout requires a HAT to be verified in the TEE or equivalent.

    optional bool reset_lockout_requires_hardware_auth_token = 5;

    // True if a HAT is required (field above) AND a challenge needs to be generated by the

    // biometric TEE (or equivalent), and wrapped within the HAT.

    optional bool reset_lockout_requires_challenge = 6;

}

// State of a specific user for a specific sensor.