Merge changes from topic "framework-face-aidl" (d41342eb) · Commits · e / os / android_frameworks_base

services/core/Android.bp

+1 −0

Original line number	Diff line number	Diff line
		@@ -110,6 +110,7 @@ java_library_static {
		"android.hardware.tv.cec-V1.0-java",
		"android.hardware.weaver-V1.0-java",
		"android.hardware.biometrics.face-V1.1-java",
		"android.hardware.biometrics.face-java",
		"android.hardware.biometrics.fingerprint-V2.3-java",
		"android.hardware.biometrics.fingerprint-java",
		"android.hardware.oemlock-V1.0-java",

services/core/java/com/android/server/biometrics/sensors/fingerprint/aidl/LockoutCache.java→services/core/java/com/android/server/biometrics/sensors/LockoutCache.java

+3 −5

Original line number	Diff line number	Diff line
		@@ -14,21 +14,19 @@
		* limitations under the License.
		*/

		package com.android.server.biometrics.sensors.fingerprint.aidl;
		package com.android.server.biometrics.sensors;

		import android.util.SparseIntArray;

		import com.android.server.biometrics.sensors.LockoutTracker;

		/**
		* For a single sensor, caches lockout states for all users.
		*/
		class LockoutCache implements LockoutTracker {
		public class LockoutCache implements LockoutTracker {

		// Map of userId to LockoutMode
		private final SparseIntArray mUserLockoutStates;

		LockoutCache() {
		public LockoutCache() {
		mUserLockoutStates = new SparseIntArray();
		}

services/core/java/com/android/server/biometrics/sensors/face/FaceService.java

+40 −0

Original line number	Diff line number	Diff line
		@@ -27,13 +27,19 @@ import android.hardware.biometrics.BiometricManager;
		import android.hardware.biometrics.BiometricsProtoEnums;
		import android.hardware.biometrics.IBiometricSensorReceiver;
		import android.hardware.biometrics.IBiometricServiceLockoutResetCallback;
		import android.hardware.biometrics.face.IFace;
		import android.hardware.biometrics.face.SensorProps;
		import android.hardware.face.Face;
		import android.hardware.face.FaceSensorPropertiesInternal;
		import android.hardware.face.IFaceService;
		import android.hardware.face.IFaceServiceReceiver;
		import android.os.Binder;
		import android.os.Handler;
		import android.os.IBinder;
		import android.os.Process;
		import android.os.NativeHandle;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.UserHandle;
		import android.util.Pair;
		import android.util.Slog;
		@@ -42,11 +48,13 @@ import android.view.Surface;

		import com.android.internal.util.DumpUtils;
		import com.android.internal.widget.LockPatternUtils;
		import com.android.server.ServiceThread;
		import com.android.server.SystemService;
		import com.android.server.biometrics.Utils;
		import com.android.server.biometrics.sensors.ClientMonitorCallbackConverter;
		import com.android.server.biometrics.sensors.LockoutResetDispatcher;
		import com.android.server.biometrics.sensors.LockoutTracker;
		import com.android.server.biometrics.sensors.face.aidl.FaceProvider;

		import java.io.FileDescriptor;
		import java.io.PrintWriter;
		@@ -508,6 +516,38 @@ public class FaceService extends SystemService {
		mLockoutResetDispatcher = new LockoutResetDispatcher(context);
		mLockPatternUtils = new LockPatternUtils(context);
		mServiceProviders = new ArrayList<>();

		initializeAidlHals();
		}

		private void initializeAidlHals() {
		final String[] instances = ServiceManager.getDeclaredInstances(IFace.DESCRIPTOR);
		if (instances == null \|\| instances.length == 0) {
		return;
		}

		// If for some reason the HAL is not started before the system service, do not block
		// the rest of system server. Put this on a background thread.
		final ServiceThread thread = new ServiceThread(TAG, Process.THREAD_PRIORITY_BACKGROUND,
		true /* allowIo */);
		thread.start();
		final Handler handler = new Handler(thread.getLooper());

		handler.post(() -> {
		for (String instance : instances) {
		final String fqName = IFace.DESCRIPTOR + "/" + instance;
		final IFace face = IFace.Stub.asInterface(
		ServiceManager.waitForDeclaredService(fqName));
		try {
		final SensorProps[] props = face.getSensorProps();
		final FaceProvider provider = new FaceProvider(getContext(), props, instance,
		mLockoutResetDispatcher);
		mServiceProviders.add(provider);
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception when initializing instance: " + fqName);
		}
		}
		});
		}

		@Override

services/core/java/com/android/server/biometrics/sensors/face/aidl/FaceAuthenticationClient.java

0 → 100644

+221 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2020 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.biometrics.sensors.face.aidl;

		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.app.NotificationManager;
		import android.content.Context;
		import android.content.res.Resources;
		import android.hardware.biometrics.BiometricAuthenticator;
		import android.hardware.biometrics.BiometricConstants;
		import android.hardware.biometrics.BiometricFaceConstants;
		import android.hardware.biometrics.BiometricsProtoEnums;
		import android.hardware.biometrics.common.ICancellationSignal;
		import android.hardware.biometrics.face.IFace;
		import android.hardware.biometrics.face.ISession;
		import android.hardware.face.FaceManager;
		import android.os.IBinder;
		import android.os.RemoteException;
		import android.util.Slog;

		import com.android.internal.R;
		import com.android.server.biometrics.Utils;
		import com.android.server.biometrics.sensors.AuthenticationClient;
		import com.android.server.biometrics.sensors.ClientMonitorCallbackConverter;
		import com.android.server.biometrics.sensors.LockoutCache;
		import com.android.server.biometrics.sensors.LockoutConsumer;
		import com.android.server.biometrics.sensors.LockoutTracker;
		import com.android.server.biometrics.sensors.face.UsageStats;

		import java.util.ArrayList;

		/**
		* Face-specific authentication client for the {@link IFace} AIDL HAL interface.
		*/
		class FaceAuthenticationClient extends AuthenticationClient<ISession> implements LockoutConsumer {
		private static final String TAG = "FaceAuthenticationClient";

		@NonNull private final UsageStats mUsageStats;
		@NonNull private final LockoutCache mLockoutCache;
		@Nullable private final NotificationManager mNotificationManager;
		@Nullable private ICancellationSignal mCancellationSignal;

		private final int[] mBiometricPromptIgnoreList;
		private final int[] mBiometricPromptIgnoreListVendor;
		private final int[] mKeyguardIgnoreList;
		private final int[] mKeyguardIgnoreListVendor;

		private int mLastAcquire;

		FaceAuthenticationClient(@NonNull Context context,
		@NonNull LazyDaemon<ISession> lazyDaemon, @NonNull IBinder token,
		@NonNull ClientMonitorCallbackConverter listener, int targetUserId, long operationId,
		boolean restricted, String owner, int cookie, boolean requireConfirmation, int sensorId,
		boolean isStrongBiometric, int statsClient, @NonNull UsageStats usageStats,
		@NonNull LockoutCache lockoutCache) {
		super(context, lazyDaemon, token, listener, targetUserId, operationId, restricted,
		owner, cookie, requireConfirmation, sensorId, isStrongBiometric,
		BiometricsProtoEnums.MODALITY_FACE, statsClient, null /* taskStackListener */,
		lockoutCache);
		mUsageStats = usageStats;
		mLockoutCache = lockoutCache;
		mNotificationManager = context.getSystemService(NotificationManager.class);

		final Resources resources = getContext().getResources();
		mBiometricPromptIgnoreList = resources.getIntArray(
		R.array.config_face_acquire_biometricprompt_ignorelist);
		mBiometricPromptIgnoreListVendor = resources.getIntArray(
		R.array.config_face_acquire_vendor_biometricprompt_ignorelist);
		mKeyguardIgnoreList = resources.getIntArray(
		R.array.config_face_acquire_keyguard_ignorelist);
		mKeyguardIgnoreListVendor = resources.getIntArray(
		R.array.config_face_acquire_vendor_keyguard_ignorelist);
		}

		@Override
		protected void startHalOperation() {
		try {
		mCancellationSignal = getFreshDaemon().authenticate(mSequentialId, mOperationId);
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception when requesting auth", e);
		onError(BiometricFaceConstants.FACE_ERROR_HW_UNAVAILABLE, 0 /* vendorCode */);
		mCallback.onClientFinished(this, false /* success */);
		}
		}

		@Override
		protected void stopHalOperation() {
		if (mCancellationSignal != null) {
		try {
		mCancellationSignal.cancel();
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception when requesting cancel", e);
		onError(BiometricFaceConstants.FACE_ERROR_HW_UNAVAILABLE, 0 /* vendorCode */);
		mCallback.onClientFinished(this, false /* success */);
		}
		}
		}

		private boolean wasUserDetected() {
		// Do not provide haptic feedback if the user was not detected, and an error (usually
		// ERROR_TIMEOUT) is received.
		return mLastAcquire != FaceManager.FACE_ACQUIRED_NOT_DETECTED
		&& mLastAcquire != FaceManager.FACE_ACQUIRED_SENSOR_DIRTY;
		}

		@Override
		public void onAuthenticated(BiometricAuthenticator.Identifier identifier,
		boolean authenticated, ArrayList<Byte> token) {
		super.onAuthenticated(identifier, authenticated, token);

		mUsageStats.addEvent(new UsageStats.AuthenticationEvent(
		getStartTimeMs(),
		System.currentTimeMillis() - getStartTimeMs() /* latency */,
		authenticated,
		0 /* error */,
		0 /* vendorError */,
		getTargetUserId()));

		// For face, the authentication lifecycle ends either when
		// 1) Authenticated == true
		// 2) Error occurred
		// 3) Authenticated == false
		mCallback.onClientFinished(this, true /* success */);
		}

		@Override
		public void onError(int error, int vendorCode) {
		mUsageStats.addEvent(new UsageStats.AuthenticationEvent(
		getStartTimeMs(),
		System.currentTimeMillis() - getStartTimeMs() /* latency */,
		false /* authenticated */,
		error,
		vendorCode,
		getTargetUserId()));

		switch (error) {
		case BiometricConstants.BIOMETRIC_ERROR_TIMEOUT:
		if (!wasUserDetected() && !isBiometricPrompt()) {
		// No vibration if user was not detected on keyguard
		break;
		}
		case BiometricConstants.BIOMETRIC_ERROR_LOCKOUT:
		case BiometricConstants.BIOMETRIC_ERROR_LOCKOUT_PERMANENT:
		if (mAuthAttempted) {
		// Only vibrate if auth was attempted. If the user was already locked out prior
		// to starting authentication, do not vibrate.
		vibrateError();
		}
		break;
		default:
		break;
		}

		super.onError(error, vendorCode);
		}

		private int[] getAcquireIgnorelist() {
		return isBiometricPrompt() ? mBiometricPromptIgnoreList : mKeyguardIgnoreList;
		}

		private int[] getAcquireVendorIgnorelist() {
		return isBiometricPrompt() ? mBiometricPromptIgnoreListVendor : mKeyguardIgnoreListVendor;
		}

		private boolean shouldSend(int acquireInfo, int vendorCode) {
		if (acquireInfo == FaceManager.FACE_ACQUIRED_VENDOR) {
		return !Utils.listContains(getAcquireVendorIgnorelist(), vendorCode);
		} else {
		return !Utils.listContains(getAcquireIgnorelist(), acquireInfo);
		}
		}

		@Override
		public void onAcquired(int acquireInfo, int vendorCode) {
		mLastAcquire = acquireInfo;

		final boolean shouldSend = shouldSend(acquireInfo, vendorCode);
		onAcquiredInternal(acquireInfo, vendorCode, shouldSend);
		}

		@Override public void onLockoutTimed(long durationMillis) {
		mLockoutCache.setLockoutModeForUser(getTargetUserId(), LockoutTracker.LOCKOUT_TIMED);
		// Lockout metrics are logged as an error code.
		final int error = BiometricFaceConstants.FACE_ERROR_LOCKOUT;
		logOnError(getContext(), error, 0 /* vendorCode */, getTargetUserId());

		try {
		getListener().onError(getSensorId(), getCookie(), error, 0 /* vendorCode */);
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception", e);
		}
		}

		@Override public void onLockoutPermanent() {
		mLockoutCache.setLockoutModeForUser(getTargetUserId(), LockoutTracker.LOCKOUT_PERMANENT);
		// Lockout metrics are logged as an error code.
		final int error = BiometricFaceConstants.FACE_ERROR_LOCKOUT_PERMANENT;
		logOnError(getContext(), error, 0 /* vendorCode */, getTargetUserId());

		try {
		getListener().onError(getSensorId(), getCookie(), error, 0 /* vendorCode */);
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception", e);
		}
		}
		}

services/core/java/com/android/server/biometrics/sensors/face/aidl/FaceEnrollClient.java

0 → 100644

+120 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2020 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package com.android.server.biometrics.sensors.face.aidl;

		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.content.Context;
		import android.hardware.biometrics.BiometricFaceConstants;
		import android.hardware.biometrics.BiometricsProtoEnums;
		import android.hardware.biometrics.common.ICancellationSignal;
		import android.hardware.biometrics.face.IFace;
		import android.hardware.biometrics.face.ISession;
		import android.hardware.face.Face;
		import android.hardware.face.FaceManager;
		import android.os.IBinder;
		import android.os.NativeHandle;
		import android.os.RemoteException;
		import android.util.Slog;

		import com.android.internal.R;
		import com.android.server.biometrics.HardwareAuthTokenUtils;
		import com.android.server.biometrics.Utils;
		import com.android.server.biometrics.sensors.BiometricUtils;
		import com.android.server.biometrics.sensors.ClientMonitorCallbackConverter;
		import com.android.server.biometrics.sensors.EnrollClient;
		import com.android.server.biometrics.sensors.face.FaceUtils;

		import java.util.ArrayList;

		/**
		* Face-specific enroll client for the {@link IFace} AIDL HAL interface.
		*/
		public class FaceEnrollClient extends EnrollClient<ISession> {

		private static final String TAG = "FaceEnrollClient";

		@NonNull private final int[] mEnrollIgnoreList;
		@NonNull private final int[] mEnrollIgnoreListVendor;
		@Nullable private ICancellationSignal mCancellationSignal;
		private final int mMaxTemplatesPerUser;

		FaceEnrollClient(@NonNull Context context, @NonNull LazyDaemon<ISession> lazyDaemon,
		@NonNull IBinder token, @NonNull ClientMonitorCallbackConverter listener, int userId,
		@NonNull byte[] hardwareAuthToken, @NonNull String opPackageName,
		@NonNull BiometricUtils<Face> utils, @NonNull int[] disabledFeatures, int timeoutSec,
		@Nullable NativeHandle previewSurface, int sensorId, int maxTemplatesPerUser) {
		super(context, lazyDaemon, token, listener, userId, hardwareAuthToken, opPackageName, utils,
		timeoutSec, BiometricsProtoEnums.MODALITY_FACE, sensorId,
		false /* shouldVibrate */);
		mEnrollIgnoreList = getContext().getResources()
		.getIntArray(R.array.config_face_acquire_enroll_ignorelist);
		mEnrollIgnoreListVendor = getContext().getResources()
		.getIntArray(R.array.config_face_acquire_vendor_enroll_ignorelist);
		mMaxTemplatesPerUser = maxTemplatesPerUser;
		}

		@Override
		protected boolean hasReachedEnrollmentLimit() {
		return FaceUtils.getInstance(getSensorId()).getBiometricsForUser(getContext(),
		getTargetUserId()).size() >= mMaxTemplatesPerUser;
		}

		@Override
		public void onAcquired(int acquireInfo, int vendorCode) {
		final boolean shouldSend;
		if (acquireInfo == FaceManager.FACE_ACQUIRED_VENDOR) {
		shouldSend = !Utils.listContains(mEnrollIgnoreListVendor, vendorCode);
		} else {
		shouldSend = !Utils.listContains(mEnrollIgnoreList, acquireInfo);
		}
		onAcquiredInternal(acquireInfo, vendorCode, shouldSend);
		}

		@Override
		protected void startHalOperation() {
		final ArrayList<Byte> token = new ArrayList<>();
		for (byte b : mHardwareAuthToken) {
		token.add(b);
		}

		try {
		// TODO(b/172593978): Pass features.
		// TODO(b/172593521): Pass mPreviewSurface as android.hardware.common.NativeHandle.
		mCancellationSignal = getFreshDaemon().enroll(mSequentialId,
		HardwareAuthTokenUtils.toHardwareAuthToken(mHardwareAuthToken),
		null /* mPreviewSurface */);
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception when requesting enroll", e);
		onError(BiometricFaceConstants.FACE_ERROR_UNABLE_TO_PROCESS, 0 /* vendorCode */);
		mCallback.onClientFinished(this, false /* success */);
		}
		}

		@Override
		protected void stopHalOperation() {
		if (mCancellationSignal != null) {
		try {
		mCancellationSignal.cancel();
		} catch (RemoteException e) {
		Slog.e(TAG, "Remote exception when requesting cancel", e);
		onError(BiometricFaceConstants.FACE_ERROR_HW_UNAVAILABLE, 0 /* vendorCode */);
		mCallback.onClientFinished(this, false /* success */);
		}
		}
		}
		}