Loading core/java/android/hardware/biometrics/IAuthService.aidl +3 −0 Original line number Diff line number Diff line Loading @@ -33,12 +33,15 @@ import android.hardware.biometrics.SensorPropertiesInternal; */ interface IAuthService { // Creates a test session with the specified sensorId @EnforcePermission("TEST_BIOMETRIC") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Retrieve static sensor properties for all biometric sensors @EnforcePermission("TEST_BIOMETRIC") List<SensorPropertiesInternal> getSensorProperties(String opPackageName); // Retrieve the package where BIometricOrompt's UI is implemented @EnforcePermission("TEST_BIOMETRIC") String getUiPackage(); // Requests authentication. The service chooses the appropriate biometric to use, and shows Loading core/java/android/hardware/biometrics/IBiometricService.aidl +15 −0 Original line number Diff line number Diff line Loading @@ -31,59 +31,74 @@ import android.hardware.biometrics.SensorPropertiesInternal; */ interface IBiometricService { // Creates a test session with the specified sensorId @EnforcePermission("USE_BIOMETRIC_INTERNAL") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Retrieve static sensor properties for all biometric sensors @EnforcePermission("USE_BIOMETRIC_INTERNAL") List<SensorPropertiesInternal> getSensorProperties(String opPackageName); // Requests authentication. The service chooses the appropriate biometric to use, and shows // the corresponding BiometricDialog. A requestId is returned that can be used to cancel // this operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long authenticate(IBinder token, long operationId, int userId, IBiometricServiceReceiver receiver, String opPackageName, in PromptInfo promptInfo); // Cancel authentication for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelAuthentication(IBinder token, String opPackageName, long requestId); // Checks if biometrics can be used. @EnforcePermission("USE_BIOMETRIC_INTERNAL") int canAuthenticate(String opPackageName, int userId, int callingUserId, int authenticators); // Checks if any biometrics are enrolled. @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean hasEnrolledBiometrics(int userId, String opPackageName); // Registers an authenticator (e.g. face, fingerprint, iris). // Id must be unique, whereas strength and modality don't need to be. // TODO(b/123321528): Turn strength and modality into enums. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerAuthenticator(int id, int modality, int strength, IBiometricAuthenticator authenticator); // Register callback for when keyguard biometric eligibility changes. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback, int callingUserId); // Notify BiometricService when <Biometric>Service is ready to start the prepared client. // Client lifecycle is still managed in <Biometric>Service. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onReadyForAuthentication(long requestId, int cookie); // Requests all BIOMETRIC_STRONG sensors to have their authenticatorId invalidated for the // specified user. This happens when enrollments have been added on devices with multiple // biometric sensors. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void invalidateAuthenticatorIds(int userId, int fromSensorId, IInvalidationCallback callback); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long[] getAuthenticatorIds(int callingUserId); // See documentation in BiometricManager. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId, int userId, in byte[] hardwareAuthToken); @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getCurrentStrength(int sensorId); // Returns a bit field of the modality (or modalities) that are will be used for authentication. @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getCurrentModality(String opPackageName, int userId, int callingUserId, int authenticators); // Returns a bit field of the authentication modalities that are supported by this device. @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getSupportedModalities(int authenticators); } core/java/android/hardware/biometrics/ITestSession.aidl +8 −0 Original line number Diff line number Diff line Loading @@ -27,28 +27,36 @@ interface ITestSession { // portion of the framework code that would otherwise require human interaction. Note that // secure pathways such as HAT/Keystore are not testable, since they depend on the TEE or its // equivalent for the secret key. @EnforcePermission("TEST_BIOMETRIC") void setTestHalEnabled(boolean enableTestHal); // Starts the enrollment process. This should generally be used when the test HAL is enabled. @EnforcePermission("TEST_BIOMETRIC") void startEnroll(int userId); // Finishes the enrollment process. Simulates the HAL's callback. @EnforcePermission("TEST_BIOMETRIC") void finishEnroll(int userId); // Simulates a successful authentication, but does not provide a valid HAT. @EnforcePermission("TEST_BIOMETRIC") void acceptAuthentication(int userId); // Simulates a rejected attempt. @EnforcePermission("TEST_BIOMETRIC") void rejectAuthentication(int userId); // Simulates an acquired message from the HAL. @EnforcePermission("TEST_BIOMETRIC") void notifyAcquired(int userId, int acquireInfo); // Simulates an error message from the HAL. @EnforcePermission("TEST_BIOMETRIC") void notifyError(int userId, int errorCode); // Matches the framework's cached enrollments against the HAL's enrollments. Any enrollment // that isn't known by both sides are deleted. This should generally be used when the test // HAL is disabled (e.g. to clean up after a test). @EnforcePermission("TEST_BIOMETRIC") void cleanupInternalState(int userId); } core/java/android/hardware/face/IFaceService.aidl +29 −0 Original line number Diff line number Diff line Loading @@ -33,24 +33,30 @@ import android.view.Surface; interface IFaceService { // Creates a test session with the specified sensorId @EnforcePermission("USE_BIOMETRIC_INTERNAL") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Requests a proto dump of the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer); // Retrieve static sensor properties for all face sensors @EnforcePermission("MANAGE_BIOMETRIC") List<FaceSensorPropertiesInternal> getSensorPropertiesInternal(String opPackageName); // Retrieve static sensor properties for the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") FaceSensorPropertiesInternal getSensorProperties(int sensorId, String opPackageName); // Authenticate with a face. A requestId is returned that can be used to cancel this operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long authenticate(IBinder token, long operationId, int userId, IFaceServiceReceiver receiver, String opPackageName, boolean isKeyguardBypassEnabled); // Uses the face hardware to detect for the presence of a face, without giving details // about accept/reject/lockout. A requestId is returned that can be used to cancel this // operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long detectFace(IBinder token, int userId, IFaceServiceReceiver receiver, String opPackageName); // This method prepares the service to start authenticating, but doesn't start authentication. Loading @@ -58,80 +64,103 @@ interface IFaceService { // called from BiometricService. The additional uid, pid, userId arguments should be determined // by BiometricService. To start authentication after the clients are ready, use // startPreparedClient(). @EnforcePermission("USE_BIOMETRIC_INTERNAL") void prepareForAuthentication(int sensorId, boolean requireConfirmation, IBinder token, long operationId, int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName, long requestId, int cookie, boolean allowBackgroundAuthentication); // Starts authentication with the previously prepared client. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void startPreparedClient(int sensorId, int cookie); // Cancel authentication for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelAuthentication(IBinder token, String opPackageName, long requestId); // Cancel face detection for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelFaceDetect(IBinder token, String opPackageName, long requestId); // Same as above, with extra arguments. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName, long requestId); // Start face enrollment @EnforcePermission("MANAGE_BIOMETRIC") long enroll(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName, in int [] disabledFeatures, in Surface previewSurface, boolean debugConsent); // Start remote face enrollment @EnforcePermission("MANAGE_BIOMETRIC") long enrollRemotely(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName, in int [] disabledFeatures); // Cancel enrollment in progress @EnforcePermission("MANAGE_BIOMETRIC") void cancelEnrollment(IBinder token, long requestId); // Removes the specified face enrollment for the specified userId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void remove(IBinder token, int faceId, int userId, IFaceServiceReceiver receiver, String opPackageName); // Removes all face enrollments for the specified userId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void removeAll(IBinder token, int userId, IFaceServiceReceiver receiver, String opPackageName); // Get the enrolled face for user. @EnforcePermission("USE_BIOMETRIC_INTERNAL") List<Face> getEnrolledFaces(int sensorId, int userId, String opPackageName); // Determine if HAL is loaded and ready @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean isHardwareDetected(int sensorId, String opPackageName); // Get a pre-enrollment authentication token @EnforcePermission("MANAGE_BIOMETRIC") void generateChallenge(IBinder token, int sensorId, int userId, IFaceServiceReceiver receiver, String opPackageName); // Finish an enrollment sequence and invalidate the authentication token @EnforcePermission("MANAGE_BIOMETRIC") void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); // Determine if a user has at least one enrolled face @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean hasEnrolledFaces(int sensorId, int userId, String opPackageName); // Return the LockoutTracker status for the specified user @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getLockoutModeForUser(int sensorId, int userId); // Requests for the specified sensor+userId's authenticatorId to be invalidated @EnforcePermission("USE_BIOMETRIC_INTERNAL") void invalidateAuthenticatorId(int sensorId, int userId, IInvalidationCallback callback); // Gets the authenticator ID for face @EnforcePermission("USE_BIOMETRIC_INTERNAL") long getAuthenticatorId(int sensorId, int callingUserId); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) @EnforcePermission("USE_BIOMETRIC_INTERNAL") void resetLockout(IBinder token, int sensorId, int userId, in byte [] hardwareAuthToken, String opPackageName); // Add a callback which gets notified when the face lockout period expired. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void addLockoutResetCallback(IBiometricServiceLockoutResetCallback callback, String opPackageName); @EnforcePermission("USE_BIOMETRIC_INTERNAL") void setFeature(IBinder token, int userId, int feature, boolean enabled, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName); @EnforcePermission("MANAGE_BIOMETRIC") void getFeature(IBinder token, int userId, int feature, IFaceServiceReceiver receiver, String opPackageName); // Registers all HIDL and AIDL sensors. Only HIDL sensor properties need to be provided, because // AIDL sensor properties are retrieved directly from the available HALs. If no HIDL HALs exist, // hidlSensors must be non-null and empty. See AuthService.java @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerAuthenticators(in List<FaceSensorPropertiesInternal> hidlSensors); } core/java/android/hardware/fingerprint/IFingerprintService.aidl +32 −0 Original line number Diff line number Diff line Loading @@ -37,15 +37,18 @@ import java.util.List; interface IFingerprintService { // Creates a test session with the specified sensorId @EnforcePermission("TEST_BIOMETRIC") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Requests a proto dump of the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer); // Retrieve static sensor properties for all fingerprint sensors List<FingerprintSensorPropertiesInternal> getSensorPropertiesInternal(String opPackageName); // Retrieve static sensor properties for the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") FingerprintSensorPropertiesInternal getSensorProperties(int sensorId, String opPackageName); // Authenticate with a fingerprint. This is protected by USE_FINGERPRINT/USE_BIOMETRIC Loading @@ -58,6 +61,7 @@ interface IFingerprintService { // Uses the fingerprint hardware to detect for the presence of a finger, without giving details // about accept/reject/lockout. A requestId is returned that can be used to cancel this // operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long detectFingerprint(IBinder token, int userId, IFingerprintServiceReceiver receiver, String opPackageName); Loading @@ -66,38 +70,47 @@ interface IFingerprintService { // called from BiometricService. The additional uid, pid, userId arguments should be determined // by BiometricService. To start authentication after the clients are ready, use // startPreparedClient(). @EnforcePermission("MANAGE_BIOMETRIC") void prepareForAuthentication(int sensorId, IBinder token, long operationId, int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName, long requestId, int cookie, boolean allowBackgroundAuthentication); // Starts authentication with the previously prepared client. @EnforcePermission("MANAGE_BIOMETRIC") void startPreparedClient(int sensorId, int cookie); // Cancel authentication for the given requestId. void cancelAuthentication(IBinder token, String opPackageName, String attributionTag, long requestId); // Cancel finger detection for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelFingerprintDetect(IBinder token, String opPackageName, long requestId); // Same as above, except this is protected by the MANAGE_BIOMETRIC signature permission. Takes // an additional uid, pid, userid. @EnforcePermission("MANAGE_BIOMETRIC") void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName, long requestId); // Start fingerprint enrollment @EnforcePermission("MANAGE_FINGERPRINT") long enroll(IBinder token, in byte [] hardwareAuthToken, int userId, IFingerprintServiceReceiver receiver, String opPackageName, int enrollReason); // Cancel enrollment in progress @EnforcePermission("MANAGE_FINGERPRINT") void cancelEnrollment(IBinder token, long requestId); // Any errors resulting from this call will be returned to the listener @EnforcePermission("MANAGE_FINGERPRINT") void remove(IBinder token, int fingerId, int userId, IFingerprintServiceReceiver receiver, String opPackageName); // Removes all face enrollments for the specified userId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void removeAll(IBinder token, int userId, IFingerprintServiceReceiver receiver, String opPackageName); // Rename the fingerprint specified by fingerId and userId to the given name @EnforcePermission("MANAGE_FINGERPRINT") void rename(int fingerId, int userId, String name); // Get a list of enrolled fingerprints in the given userId. Loading @@ -107,66 +120,85 @@ interface IFingerprintService { boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag); // Determine if the specified HAL is loaded and ready @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean isHardwareDetected(int sensorId, String opPackageName); // Get a pre-enrollment authentication token @EnforcePermission("MANAGE_FINGERPRINT") void generateChallenge(IBinder token, int sensorId, int userId, IFingerprintServiceReceiver receiver, String opPackageName); // Finish an enrollment sequence and invalidate the authentication token @EnforcePermission("MANAGE_FINGERPRINT") void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); // Determine if a user has at least one enrolled fingerprint. Meant to support the deprecated FingerprintManager APIs boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName, String attributionTag); // Determine if a user has at least one enrolled fingerprint. @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName); // Return the LockoutTracker status for the specified user @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getLockoutModeForUser(int sensorId, int userId); // Requests for the specified sensor+userId's authenticatorId to be invalidated @EnforcePermission("USE_BIOMETRIC_INTERNAL") void invalidateAuthenticatorId(int sensorId, int userId, IInvalidationCallback callback); // Gets the authenticator ID for fingerprint @EnforcePermission("USE_BIOMETRIC_INTERNAL") long getAuthenticatorId(int sensorId, int callingUserId); // Reset the timeout when user authenticates with strong auth (e.g. PIN, pattern or password) @EnforcePermission("RESET_FINGERPRINT_LOCKOUT") void resetLockout(IBinder token, int sensorId, int userId, in byte[] hardwareAuthToken, String opPackageNAame); // Add a callback which gets notified when the fingerprint lockout period expired. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void addLockoutResetCallback(IBiometricServiceLockoutResetCallback callback, String opPackageName); // Check if a client request is currently being handled @EnforcePermission("MANAGE_FINGERPRINT") boolean isClientActive(); // Add a callback which gets notified when the service starts and stops handling client requests @EnforcePermission("MANAGE_FINGERPRINT") void addClientActiveCallback(IFingerprintClientActiveCallback callback); // Removes a callback set by addClientActiveCallback @EnforcePermission("MANAGE_FINGERPRINT") void removeClientActiveCallback(IFingerprintClientActiveCallback callback); // Registers all HIDL and AIDL sensors. Only HIDL sensor properties need to be provided, because // AIDL sensor properties are retrieved directly from the available HALs. If no HIDL HALs exist, // hidlSensors must be non-null and empty. See AuthService.java @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerAuthenticators(in List<FingerprintSensorPropertiesInternal> hidlSensors); // Adds a callback which gets called when the service registers all of the fingerprint // authenticators. The callback is automatically removed after it's invoked. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void addAuthenticatorsRegisteredCallback(IFingerprintAuthenticatorsRegisteredCallback callback); // Notifies about a finger touching the sensor area. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onPointerDown(long requestId, int sensorId, int x, int y, float minor, float major); // Notifies about a finger leaving the sensor area. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onPointerUp(long requestId, int sensorId); // Notifies about the fingerprint UI being ready (e.g. HBM illumination is enabled). @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onUiReady(long requestId, int sensorId); // Sets the controller for managing the UDFPS overlay. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void setUdfpsOverlayController(in IUdfpsOverlayController controller); // Sets the controller for managing the SideFPS overlay. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void setSidefpsController(in ISidefpsController controller); // Registers BiometricStateListener. Loading Loading
core/java/android/hardware/biometrics/IAuthService.aidl +3 −0 Original line number Diff line number Diff line Loading @@ -33,12 +33,15 @@ import android.hardware.biometrics.SensorPropertiesInternal; */ interface IAuthService { // Creates a test session with the specified sensorId @EnforcePermission("TEST_BIOMETRIC") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Retrieve static sensor properties for all biometric sensors @EnforcePermission("TEST_BIOMETRIC") List<SensorPropertiesInternal> getSensorProperties(String opPackageName); // Retrieve the package where BIometricOrompt's UI is implemented @EnforcePermission("TEST_BIOMETRIC") String getUiPackage(); // Requests authentication. The service chooses the appropriate biometric to use, and shows Loading
core/java/android/hardware/biometrics/IBiometricService.aidl +15 −0 Original line number Diff line number Diff line Loading @@ -31,59 +31,74 @@ import android.hardware.biometrics.SensorPropertiesInternal; */ interface IBiometricService { // Creates a test session with the specified sensorId @EnforcePermission("USE_BIOMETRIC_INTERNAL") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Retrieve static sensor properties for all biometric sensors @EnforcePermission("USE_BIOMETRIC_INTERNAL") List<SensorPropertiesInternal> getSensorProperties(String opPackageName); // Requests authentication. The service chooses the appropriate biometric to use, and shows // the corresponding BiometricDialog. A requestId is returned that can be used to cancel // this operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long authenticate(IBinder token, long operationId, int userId, IBiometricServiceReceiver receiver, String opPackageName, in PromptInfo promptInfo); // Cancel authentication for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelAuthentication(IBinder token, String opPackageName, long requestId); // Checks if biometrics can be used. @EnforcePermission("USE_BIOMETRIC_INTERNAL") int canAuthenticate(String opPackageName, int userId, int callingUserId, int authenticators); // Checks if any biometrics are enrolled. @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean hasEnrolledBiometrics(int userId, String opPackageName); // Registers an authenticator (e.g. face, fingerprint, iris). // Id must be unique, whereas strength and modality don't need to be. // TODO(b/123321528): Turn strength and modality into enums. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerAuthenticator(int id, int modality, int strength, IBiometricAuthenticator authenticator); // Register callback for when keyguard biometric eligibility changes. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback, int callingUserId); // Notify BiometricService when <Biometric>Service is ready to start the prepared client. // Client lifecycle is still managed in <Biometric>Service. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onReadyForAuthentication(long requestId, int cookie); // Requests all BIOMETRIC_STRONG sensors to have their authenticatorId invalidated for the // specified user. This happens when enrollments have been added on devices with multiple // biometric sensors. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void invalidateAuthenticatorIds(int userId, int fromSensorId, IInvalidationCallback callback); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long[] getAuthenticatorIds(int callingUserId); // See documentation in BiometricManager. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId, int userId, in byte[] hardwareAuthToken); @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getCurrentStrength(int sensorId); // Returns a bit field of the modality (or modalities) that are will be used for authentication. @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getCurrentModality(String opPackageName, int userId, int callingUserId, int authenticators); // Returns a bit field of the authentication modalities that are supported by this device. @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getSupportedModalities(int authenticators); }
core/java/android/hardware/biometrics/ITestSession.aidl +8 −0 Original line number Diff line number Diff line Loading @@ -27,28 +27,36 @@ interface ITestSession { // portion of the framework code that would otherwise require human interaction. Note that // secure pathways such as HAT/Keystore are not testable, since they depend on the TEE or its // equivalent for the secret key. @EnforcePermission("TEST_BIOMETRIC") void setTestHalEnabled(boolean enableTestHal); // Starts the enrollment process. This should generally be used when the test HAL is enabled. @EnforcePermission("TEST_BIOMETRIC") void startEnroll(int userId); // Finishes the enrollment process. Simulates the HAL's callback. @EnforcePermission("TEST_BIOMETRIC") void finishEnroll(int userId); // Simulates a successful authentication, but does not provide a valid HAT. @EnforcePermission("TEST_BIOMETRIC") void acceptAuthentication(int userId); // Simulates a rejected attempt. @EnforcePermission("TEST_BIOMETRIC") void rejectAuthentication(int userId); // Simulates an acquired message from the HAL. @EnforcePermission("TEST_BIOMETRIC") void notifyAcquired(int userId, int acquireInfo); // Simulates an error message from the HAL. @EnforcePermission("TEST_BIOMETRIC") void notifyError(int userId, int errorCode); // Matches the framework's cached enrollments against the HAL's enrollments. Any enrollment // that isn't known by both sides are deleted. This should generally be used when the test // HAL is disabled (e.g. to clean up after a test). @EnforcePermission("TEST_BIOMETRIC") void cleanupInternalState(int userId); }
core/java/android/hardware/face/IFaceService.aidl +29 −0 Original line number Diff line number Diff line Loading @@ -33,24 +33,30 @@ import android.view.Surface; interface IFaceService { // Creates a test session with the specified sensorId @EnforcePermission("USE_BIOMETRIC_INTERNAL") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Requests a proto dump of the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer); // Retrieve static sensor properties for all face sensors @EnforcePermission("MANAGE_BIOMETRIC") List<FaceSensorPropertiesInternal> getSensorPropertiesInternal(String opPackageName); // Retrieve static sensor properties for the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") FaceSensorPropertiesInternal getSensorProperties(int sensorId, String opPackageName); // Authenticate with a face. A requestId is returned that can be used to cancel this operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long authenticate(IBinder token, long operationId, int userId, IFaceServiceReceiver receiver, String opPackageName, boolean isKeyguardBypassEnabled); // Uses the face hardware to detect for the presence of a face, without giving details // about accept/reject/lockout. A requestId is returned that can be used to cancel this // operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long detectFace(IBinder token, int userId, IFaceServiceReceiver receiver, String opPackageName); // This method prepares the service to start authenticating, but doesn't start authentication. Loading @@ -58,80 +64,103 @@ interface IFaceService { // called from BiometricService. The additional uid, pid, userId arguments should be determined // by BiometricService. To start authentication after the clients are ready, use // startPreparedClient(). @EnforcePermission("USE_BIOMETRIC_INTERNAL") void prepareForAuthentication(int sensorId, boolean requireConfirmation, IBinder token, long operationId, int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName, long requestId, int cookie, boolean allowBackgroundAuthentication); // Starts authentication with the previously prepared client. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void startPreparedClient(int sensorId, int cookie); // Cancel authentication for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelAuthentication(IBinder token, String opPackageName, long requestId); // Cancel face detection for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelFaceDetect(IBinder token, String opPackageName, long requestId); // Same as above, with extra arguments. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName, long requestId); // Start face enrollment @EnforcePermission("MANAGE_BIOMETRIC") long enroll(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName, in int [] disabledFeatures, in Surface previewSurface, boolean debugConsent); // Start remote face enrollment @EnforcePermission("MANAGE_BIOMETRIC") long enrollRemotely(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName, in int [] disabledFeatures); // Cancel enrollment in progress @EnforcePermission("MANAGE_BIOMETRIC") void cancelEnrollment(IBinder token, long requestId); // Removes the specified face enrollment for the specified userId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void remove(IBinder token, int faceId, int userId, IFaceServiceReceiver receiver, String opPackageName); // Removes all face enrollments for the specified userId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void removeAll(IBinder token, int userId, IFaceServiceReceiver receiver, String opPackageName); // Get the enrolled face for user. @EnforcePermission("USE_BIOMETRIC_INTERNAL") List<Face> getEnrolledFaces(int sensorId, int userId, String opPackageName); // Determine if HAL is loaded and ready @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean isHardwareDetected(int sensorId, String opPackageName); // Get a pre-enrollment authentication token @EnforcePermission("MANAGE_BIOMETRIC") void generateChallenge(IBinder token, int sensorId, int userId, IFaceServiceReceiver receiver, String opPackageName); // Finish an enrollment sequence and invalidate the authentication token @EnforcePermission("MANAGE_BIOMETRIC") void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); // Determine if a user has at least one enrolled face @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean hasEnrolledFaces(int sensorId, int userId, String opPackageName); // Return the LockoutTracker status for the specified user @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getLockoutModeForUser(int sensorId, int userId); // Requests for the specified sensor+userId's authenticatorId to be invalidated @EnforcePermission("USE_BIOMETRIC_INTERNAL") void invalidateAuthenticatorId(int sensorId, int userId, IInvalidationCallback callback); // Gets the authenticator ID for face @EnforcePermission("USE_BIOMETRIC_INTERNAL") long getAuthenticatorId(int sensorId, int callingUserId); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) @EnforcePermission("USE_BIOMETRIC_INTERNAL") void resetLockout(IBinder token, int sensorId, int userId, in byte [] hardwareAuthToken, String opPackageName); // Add a callback which gets notified when the face lockout period expired. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void addLockoutResetCallback(IBiometricServiceLockoutResetCallback callback, String opPackageName); @EnforcePermission("USE_BIOMETRIC_INTERNAL") void setFeature(IBinder token, int userId, int feature, boolean enabled, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName); @EnforcePermission("MANAGE_BIOMETRIC") void getFeature(IBinder token, int userId, int feature, IFaceServiceReceiver receiver, String opPackageName); // Registers all HIDL and AIDL sensors. Only HIDL sensor properties need to be provided, because // AIDL sensor properties are retrieved directly from the available HALs. If no HIDL HALs exist, // hidlSensors must be non-null and empty. See AuthService.java @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerAuthenticators(in List<FaceSensorPropertiesInternal> hidlSensors); }
core/java/android/hardware/fingerprint/IFingerprintService.aidl +32 −0 Original line number Diff line number Diff line Loading @@ -37,15 +37,18 @@ import java.util.List; interface IFingerprintService { // Creates a test session with the specified sensorId @EnforcePermission("TEST_BIOMETRIC") ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); // Requests a proto dump of the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer); // Retrieve static sensor properties for all fingerprint sensors List<FingerprintSensorPropertiesInternal> getSensorPropertiesInternal(String opPackageName); // Retrieve static sensor properties for the specified sensor @EnforcePermission("USE_BIOMETRIC_INTERNAL") FingerprintSensorPropertiesInternal getSensorProperties(int sensorId, String opPackageName); // Authenticate with a fingerprint. This is protected by USE_FINGERPRINT/USE_BIOMETRIC Loading @@ -58,6 +61,7 @@ interface IFingerprintService { // Uses the fingerprint hardware to detect for the presence of a finger, without giving details // about accept/reject/lockout. A requestId is returned that can be used to cancel this // operation. @EnforcePermission("USE_BIOMETRIC_INTERNAL") long detectFingerprint(IBinder token, int userId, IFingerprintServiceReceiver receiver, String opPackageName); Loading @@ -66,38 +70,47 @@ interface IFingerprintService { // called from BiometricService. The additional uid, pid, userId arguments should be determined // by BiometricService. To start authentication after the clients are ready, use // startPreparedClient(). @EnforcePermission("MANAGE_BIOMETRIC") void prepareForAuthentication(int sensorId, IBinder token, long operationId, int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName, long requestId, int cookie, boolean allowBackgroundAuthentication); // Starts authentication with the previously prepared client. @EnforcePermission("MANAGE_BIOMETRIC") void startPreparedClient(int sensorId, int cookie); // Cancel authentication for the given requestId. void cancelAuthentication(IBinder token, String opPackageName, String attributionTag, long requestId); // Cancel finger detection for the given requestId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void cancelFingerprintDetect(IBinder token, String opPackageName, long requestId); // Same as above, except this is protected by the MANAGE_BIOMETRIC signature permission. Takes // an additional uid, pid, userid. @EnforcePermission("MANAGE_BIOMETRIC") void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName, long requestId); // Start fingerprint enrollment @EnforcePermission("MANAGE_FINGERPRINT") long enroll(IBinder token, in byte [] hardwareAuthToken, int userId, IFingerprintServiceReceiver receiver, String opPackageName, int enrollReason); // Cancel enrollment in progress @EnforcePermission("MANAGE_FINGERPRINT") void cancelEnrollment(IBinder token, long requestId); // Any errors resulting from this call will be returned to the listener @EnforcePermission("MANAGE_FINGERPRINT") void remove(IBinder token, int fingerId, int userId, IFingerprintServiceReceiver receiver, String opPackageName); // Removes all face enrollments for the specified userId. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void removeAll(IBinder token, int userId, IFingerprintServiceReceiver receiver, String opPackageName); // Rename the fingerprint specified by fingerId and userId to the given name @EnforcePermission("MANAGE_FINGERPRINT") void rename(int fingerId, int userId, String name); // Get a list of enrolled fingerprints in the given userId. Loading @@ -107,66 +120,85 @@ interface IFingerprintService { boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag); // Determine if the specified HAL is loaded and ready @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean isHardwareDetected(int sensorId, String opPackageName); // Get a pre-enrollment authentication token @EnforcePermission("MANAGE_FINGERPRINT") void generateChallenge(IBinder token, int sensorId, int userId, IFingerprintServiceReceiver receiver, String opPackageName); // Finish an enrollment sequence and invalidate the authentication token @EnforcePermission("MANAGE_FINGERPRINT") void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); // Determine if a user has at least one enrolled fingerprint. Meant to support the deprecated FingerprintManager APIs boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName, String attributionTag); // Determine if a user has at least one enrolled fingerprint. @EnforcePermission("USE_BIOMETRIC_INTERNAL") boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName); // Return the LockoutTracker status for the specified user @EnforcePermission("USE_BIOMETRIC_INTERNAL") int getLockoutModeForUser(int sensorId, int userId); // Requests for the specified sensor+userId's authenticatorId to be invalidated @EnforcePermission("USE_BIOMETRIC_INTERNAL") void invalidateAuthenticatorId(int sensorId, int userId, IInvalidationCallback callback); // Gets the authenticator ID for fingerprint @EnforcePermission("USE_BIOMETRIC_INTERNAL") long getAuthenticatorId(int sensorId, int callingUserId); // Reset the timeout when user authenticates with strong auth (e.g. PIN, pattern or password) @EnforcePermission("RESET_FINGERPRINT_LOCKOUT") void resetLockout(IBinder token, int sensorId, int userId, in byte[] hardwareAuthToken, String opPackageNAame); // Add a callback which gets notified when the fingerprint lockout period expired. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void addLockoutResetCallback(IBiometricServiceLockoutResetCallback callback, String opPackageName); // Check if a client request is currently being handled @EnforcePermission("MANAGE_FINGERPRINT") boolean isClientActive(); // Add a callback which gets notified when the service starts and stops handling client requests @EnforcePermission("MANAGE_FINGERPRINT") void addClientActiveCallback(IFingerprintClientActiveCallback callback); // Removes a callback set by addClientActiveCallback @EnforcePermission("MANAGE_FINGERPRINT") void removeClientActiveCallback(IFingerprintClientActiveCallback callback); // Registers all HIDL and AIDL sensors. Only HIDL sensor properties need to be provided, because // AIDL sensor properties are retrieved directly from the available HALs. If no HIDL HALs exist, // hidlSensors must be non-null and empty. See AuthService.java @EnforcePermission("USE_BIOMETRIC_INTERNAL") void registerAuthenticators(in List<FingerprintSensorPropertiesInternal> hidlSensors); // Adds a callback which gets called when the service registers all of the fingerprint // authenticators. The callback is automatically removed after it's invoked. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void addAuthenticatorsRegisteredCallback(IFingerprintAuthenticatorsRegisteredCallback callback); // Notifies about a finger touching the sensor area. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onPointerDown(long requestId, int sensorId, int x, int y, float minor, float major); // Notifies about a finger leaving the sensor area. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onPointerUp(long requestId, int sensorId); // Notifies about the fingerprint UI being ready (e.g. HBM illumination is enabled). @EnforcePermission("USE_BIOMETRIC_INTERNAL") void onUiReady(long requestId, int sensorId); // Sets the controller for managing the UDFPS overlay. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void setUdfpsOverlayController(in IUdfpsOverlayController controller); // Sets the controller for managing the SideFPS overlay. @EnforcePermission("USE_BIOMETRIC_INTERNAL") void setSidefpsController(in ISidefpsController controller); // Registers BiometricStateListener. Loading
