Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d781e206 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Add sensorId to IBiometricAuthenticator methods 

IBiometricAuthenticator is the interface that BiometricService
uses to do BiometricManager/BiometricPrompt-related stuff. This
change updates the implementations to pass sensorId as a parameter,
since the current design allows for FingerprintService, FaceService
etc to host multiple HALs and/or sensors.

Maintains functionality of deprecated FingerprintManager APIs.
Since getSensorProperties() requires internal or test permission,
use different binder calls for FingerprintManager invocations
vs BiometricService invocations of methods such as
isHardwareDetected and hasEnrolledFingerprints.

Moves HIDL HAL registration out of *Authenticator class and up
one layer (into AuthService), since *Authenticator code is to
be shared with AIDL HALs, which provide sensorId, strength,
and other configuration via the HAL interface.

Bug: 172291793
Test: Enroll, auth (BiometricPrompt and Lockscreen) on face and
      fingerprint devices

Change-Id: Ib2d8b792f0afde49550f320c4041ff1b1b3d5a50
parent 02c367d8

core/java/android/hardware/face/FaceManager.java

+29 −13
Original line number Diff line number Diff line
@@ -577,9 +577,17 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
     */

    @RequiresPermission(MANAGE_BIOMETRIC)

    public List<Face> getEnrolledFaces(int userId) {

        final List<FaceSensorPropertiesInternal> faceSensorProperties =

                getSensorPropertiesInternal();

        if (faceSensorProperties.isEmpty()) {

            Slog.e(TAG, "No sensors");

            return new ArrayList<>();

        }



        if (mService != null) {

            try {

                return mService.getEnrolledFaces(userId, mContext.getOpPackageName());

                return mService.getEnrolledFaces(faceSensorProperties.get(0).sensorId, userId,

                        mContext.getOpPackageName());

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }
@@ -606,15 +614,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public boolean hasEnrolledTemplates() {

        if (mService != null) {

            try {

                return mService.hasEnrolledFaces(

                        UserHandle.myUserId(), mContext.getOpPackageName());

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        return false;

        return hasEnrolledTemplates(UserHandle.myUserId());

    }



    /**
@@ -624,9 +624,17 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
            USE_BIOMETRIC_INTERNAL,

            INTERACT_ACROSS_USERS})

    public boolean hasEnrolledTemplates(int userId) {

        final List<FaceSensorPropertiesInternal> faceSensorProperties =

                getSensorPropertiesInternal();

        if (faceSensorProperties.isEmpty()) {

            Slog.e(TAG, "No sensors");

            return false;

        }



        if (mService != null) {

            try {

                return mService.hasEnrolledFaces(userId, mContext.getOpPackageName());

                return mService.hasEnrolledFaces(faceSensorProperties.get(0).sensorId, userId,

                        mContext.getOpPackageName());

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }
@@ -642,9 +650,17 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public boolean isHardwareDetected() {

        final List<FaceSensorPropertiesInternal> faceSensorProperties =

                getSensorPropertiesInternal();

        if (faceSensorProperties.isEmpty()) {

            Slog.e(TAG, "No sensors");

            return false;

        }



        if (mService != null) {

            try {

                return mService.isHardwareDetected(mContext.getOpPackageName());

                return mService.isHardwareDetected(faceSensorProperties.get(0).sensorId,

                        mContext.getOpPackageName());

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }
@@ -677,7 +693,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
    @NonNull

    public List<FaceSensorPropertiesInternal> getSensorPropertiesInternal() {

        try {

            if (mService == null || !mService.isHardwareDetected(mContext.getOpPackageName())) {

            if (mService == null) {

                return new ArrayList<>();

            }

            return mService.getSensorPropertiesInternal(mContext.getOpPackageName());

core/java/android/hardware/face/IFaceService.aidl

+8 −8
Original line number Diff line number Diff line
@@ -44,12 +44,12 @@ interface IFaceService { 
    // called from BiometricService. The additional uid, pid, userId arguments should be determined

    // by BiometricService. To start authentication after the clients are ready, use

    // startPreparedClient().

    void prepareForAuthentication(boolean requireConfirmation, IBinder token, long operationId,

    void prepareForAuthentication(int sensorId, boolean requireConfirmation, IBinder token, long operationId,

            int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName,

            int cookie, int callingUid, int callingPid, int callingUserId);



    // Starts authentication with the previously prepared client.

    void startPreparedClient(int cookie);

    void startPreparedClient(int sensorId, int cookie);



    // Cancel authentication for the given sessionId

    void cancelAuthentication(IBinder token, String opPackageName);
@@ -58,7 +58,7 @@ interface IFaceService { 
    void cancelFaceDetect(IBinder token, String opPackageName);



    // Same as above, with extra arguments.

    void cancelAuthenticationFromService(IBinder token, String opPackageName,

    void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName,

            int callingUid, int callingPid, int callingUserId);



    // Start face enrollment
@@ -77,10 +77,10 @@ interface IFaceService { 
            String opPackageName);



    // Get the enrolled face for user.

    List<Face> getEnrolledFaces(int userId, String opPackageName);

    List<Face> getEnrolledFaces(int sensorId, int userId, String opPackageName);



    // Determine if HAL is loaded and ready

    boolean isHardwareDetected(String opPackageName);

    boolean isHardwareDetected(int sensorId, String opPackageName);



    // Get a pre-enrollment authentication token

    void generateChallenge(IBinder token, int sensorId, int userId, IFaceServiceReceiver receiver, String opPackageName);
@@ -89,13 +89,13 @@ interface IFaceService { 
    void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge);



    // Determine if a user has at least one enrolled face

    boolean hasEnrolledFaces(int userId, String opPackageName);

    boolean hasEnrolledFaces(int sensorId, int userId, String opPackageName);



    // Return the LockoutTracker status for the specified user

    int getLockoutModeForUser(int userId);

    int getLockoutModeForUser(int sensorId, int userId);



    // Gets the authenticator ID for face

    long getAuthenticatorId(int callingUserId);

    long getAuthenticatorId(int sensorId, int callingUserId);



    // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)

    void resetLockout(IBinder token, int sensorId, int userId, in byte [] hardwareAuthToken, String opPackageName);

core/java/android/hardware/fingerprint/FingerprintManager.java

+4 −10
Original line number Diff line number Diff line
@@ -846,13 +846,7 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing 
    @Deprecated

    @RequiresPermission(USE_FINGERPRINT)

    public boolean hasEnrolledFingerprints() {

        if (mService != null) try {

            return mService.hasEnrolledFingerprints(

                    mContext.getUserId(), mContext.getOpPackageName());

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

        return false;

        return hasEnrolledFingerprints(UserHandle.myUserId());

    }



    /**
@@ -863,7 +857,7 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing 
            INTERACT_ACROSS_USERS})

    public boolean hasEnrolledFingerprints(int userId) {

        if (mService != null) try {

            return mService.hasEnrolledFingerprints(userId, mContext.getOpPackageName());

            return mService.hasEnrolledFingerprintsDeprecated(userId, mContext.getOpPackageName());

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }
@@ -882,7 +876,7 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing 
    public boolean isHardwareDetected() {

        if (mService != null) {

            try {

                return mService.isHardwareDetected(mContext.getOpPackageName());

                return mService.isHardwareDetectedDeprecated(mContext.getOpPackageName());

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }
@@ -900,7 +894,7 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing 
    @NonNull

    public List<FingerprintSensorPropertiesInternal> getSensorPropertiesInternal() {

        try {

            if (mService == null || !mService.isHardwareDetected(mContext.getOpPackageName())) {

            if (mService == null) {

                return new ArrayList<>();

            }

            return mService.getSensorPropertiesInternal(mContext.getOpPackageName());

core/java/android/hardware/fingerprint/IFingerprintService.aidl

+15 −9
Original line number Diff line number Diff line
@@ -53,12 +53,12 @@ interface IFingerprintService { 
    // called from BiometricService. The additional uid, pid, userId arguments should be determined

    // by BiometricService. To start authentication after the clients are ready, use

    // startPreparedClient().

    void prepareForAuthentication(IBinder token, long operationId, int userId,

    void prepareForAuthentication(int sensorId, IBinder token, long operationId, int userId,

            IBiometricSensorReceiver sensorReceiver, String opPackageName, int cookie,

            int callingUid, int callingPid, int callingUserId);



    // Starts authentication with the previously prepared client.

    void startPreparedClient(int cookie);

    void startPreparedClient(int sensorId, int cookie);



    // Cancel authentication for the given sessionId

    void cancelAuthentication(IBinder token, String opPackageName);
@@ -68,7 +68,7 @@ interface IFingerprintService { 


    // Same as above, except this is protected by the MANAGE_BIOMETRIC signature permission. Takes

    // an additional uid, pid, userid.

    void cancelAuthenticationFromService(IBinder token, String opPackageName,

    void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName,

            int callingUid, int callingPid, int callingUserId);



    // Start fingerprint enrollment
@@ -88,8 +88,11 @@ interface IFingerprintService { 
    // Get a list of enrolled fingerprints in the given userId.

    List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName);



    // Determine if HAL is loaded and ready

    boolean isHardwareDetected(String opPackageName);

    // Determine if the HAL is loaded and ready. Meant to support the deprecated FingerprintManager APIs

    boolean isHardwareDetectedDeprecated(String opPackageName);



    // Determine if the specified HAL is loaded and ready

    boolean isHardwareDetected(int sensorId, String opPackageName);



    // Get a pre-enrollment authentication token

    void generateChallenge(IBinder token, int sensorId, int userId, IFingerprintServiceReceiver receiver, String opPackageName);
@@ -97,17 +100,20 @@ interface IFingerprintService { 
    // Finish an enrollment sequence and invalidate the authentication token

    void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge);



    // Determine if a user has at least one enrolled fingerprint

    boolean hasEnrolledFingerprints(int userId, String opPackageName);

    // Determine if a user has at least one enrolled fingerprint. Meant to support the deprecated FingerprintManager APIs

    boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName);



    // Determine if a user has at least one enrolled fingerprint.

    boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName);



    // Determine if a user has at least one enrolled fingerprint in any of the specified sensors

    boolean hasEnrolledTemplatesForAnySensor(int userId, in List<FingerprintSensorPropertiesInternal> sensors, String opPackageName);



    // Return the LockoutTracker status for the specified user

    int getLockoutModeForUser(int userId);

    int getLockoutModeForUser(int sensorId, int userId);



    // Gets the authenticator ID for fingerprint

    long getAuthenticatorId(int callingUserId);

    long getAuthenticatorId(int sensorId, int callingUserId);



    // Reset the timeout when user authenticates with strong auth (e.g. PIN, pattern or password)

    void resetLockout(IBinder token, int sensorId, int userId, in byte[] hardwareAuthToken, String opPackageNAame);

services/core/java/com/android/server/biometrics/AuthService.java

+8 −0
Original line number Diff line number Diff line
@@ -329,6 +329,10 @@ public class AuthService extends SystemService { 
                    return;

                }



                // Initialize this outside of FingerprintAuthenticator. Only HIDL HALs require

                // initialization from here. AIDL HALs are initialized by FingerprintService since

                // the HAL interface provides ID, strength, and other configuration information.

                fingerprintService.initializeConfiguration(config.id, config.strength);

                authenticator = new FingerprintAuthenticator(fingerprintService, config);

                break;
@@ -340,6 +344,10 @@ public class AuthService extends SystemService { 
                    return;

                }



                // Initialize this outside of FingerprintAuthenticator. Only HIDL HALs require

                // initialization from here. AIDL HALs are initialized by FaceService since

                // the HAL interface provides ID, strength, and other configuration information.

                faceService.initializeConfiguration(config.id, config.strength);

                authenticator = new FaceAuthenticator(faceService, config);

                break;