Connect face service debugging to the HAL (db396006) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/biometrics/face/FaceService.java

+30 −59

Original line number	Diff line number	Diff line
		@@ -42,14 +42,13 @@ import android.os.Binder;
		import android.os.Build;
		import android.os.Environment;
		import android.os.IBinder;
		import android.os.NativeHandle;
		import android.os.RemoteException;
		import android.os.SELinux;
		import android.os.SystemProperties;
		import android.os.UserHandle;
		import android.os.UserManager;
		import android.service.restricted_image.RestrictedImageProto;
		import android.service.restricted_image.RestrictedImageSetProto;
		import android.service.restricted_image.RestrictedImagesDumpProto;
		import android.provider.Settings;
		import android.util.Slog;
		import android.util.proto.ProtoOutputStream;

		@@ -70,8 +69,11 @@ import org.json.JSONObject;

		import java.io.File;
		import java.io.FileDescriptor;
		import java.io.FileOutputStream;
		import java.io.IOException;
		import java.io.PrintWriter;
		import java.util.ArrayList;
		import java.util.Arrays;
		import java.util.List;

		/**
		@@ -286,8 +288,8 @@ public class FaceService extends BiometricServiceBase {

		final long ident = Binder.clearCallingIdentity();
		try {
		if (args.length == 1 && "--restricted_image".equals(args[0])) {
		dumpRestrictedImage(fd);
		if (args.length > 1 && "--hal".equals(args[0])) {
		dumpHal(fd, Arrays.copyOfRange(args, 1, args.length, args.getClass()));
		} else if (args.length > 0 && "--proto".equals(args[0])) {
		dumpProto(fd);
		} else {
		@@ -1078,7 +1080,7 @@ public class FaceService extends BiometricServiceBase {
		mCryptoPerformanceMap.clear();
		}

		private void dumpRestrictedImage(FileDescriptor fd) {
		private void dumpHal(FileDescriptor fd, String[] args) {
		// WARNING: CDD restricts image data from leaving TEE unencrypted on
		// production devices:
		// [C-1-10] MUST not allow unencrypted access to identifiable biometric
		@@ -1099,59 +1101,28 @@ public class FaceService extends BiometricServiceBase {
		return;
		}

		final ProtoOutputStream proto = new ProtoOutputStream(fd);

		final long setToken = proto.start(RestrictedImagesDumpProto.SETS);

		// Name of the service
		proto.write(RestrictedImageSetProto.CATEGORY, "face");

		// Individual images
		for (int i = 0; i < 5; i++) {
		final long imageToken = proto.start(RestrictedImageSetProto.IMAGES);
		proto.write(RestrictedImageProto.MIME_TYPE, "image/png");
		proto.write(RestrictedImageProto.IMAGE_DATA, new byte[] {
		// png image data
		-119, 80, 78, 71, 13, 10, 26, 10,
		0, 0, 0, 13, 73, 72, 68, 82,
		0, 0, 0, 100, 0, 0, 0, 100,
		1, 3, 0, 0, 0, 74, 44, 7,
		23, 0, 0, 0, 4, 103, 65, 77,
		65, 0, 0, -79, -113, 11, -4, 97,
		5, 0, 0, 0, 1, 115, 82, 71,
		66, 0, -82, -50, 28, -23, 0, 0,
		0, 6, 80, 76, 84, 69, -1, -1,
		-1, 0, 0, 0, 85, -62, -45, 126,
		0, 0, 0, -115, 73, 68, 65, 84,
		56, -53, -19, -46, -79, 17, -128, 32,
		12, 5, -48, 120, 22, -106, -116, -32,
		40, -84, 101, -121, -93, 57, 10, 35,
		88, 82, 112, 126, 3, -60, 104, 6,
		-112, 70, 127, -59, -69, -53, 29, 33,
		-127, -24, 79, -49, -52, -15, 41, 36,
		34, -105, 85, 124, -14, 88, 27, 6,
		28, 68, 1, 82, 62, 22, -95, -108,
		55, -95, 40, -9, -110, -12, 98, -107,
		76, -41, -105, -62, -50, 111, -60, 46,
		-14, -4, 24, -89, 42, -103, 16, 63,
		-72, -11, -15, 48, -62, 102, -44, 102,
		-73, -56, 56, -21, -128, 92, -70, -124,
		117, -46, -67, -77, 82, 80, 121, -44,
		-56, 116, 93, -45, -90, -5, -29, -24,
		-83, -75, 52, -34, 55, -22, 102, -21,
		-105, -124, -23, 71, 87, -7, -25, -59,
		-100, -73, -92, -122, -7, -109, -49, -80,
		-89, 0, 0, 0, 0, 73, 69, 78,
		68, -82, 66, 96, -126
		});
		// proto.write(RestrictedImageProto.METADATA, flattened_protobuf);
		proto.end(imageToken);
		// The debug method takes two file descriptors. The first is for text
		// output, which we will drop. The second is for binary data, which
		// will be the protobuf data.
		final IBiometricsFace daemon = getFaceDaemon();
		if (daemon != null) {
		FileOutputStream devnull = null;
		try {
		devnull = new FileOutputStream("/dev/null");
		final NativeHandle handle = new NativeHandle(
		new FileDescriptor[] { devnull.getFD(), fd },
		new int[0], false);
		daemon.debug(handle, new ArrayList<String>(Arrays.asList(args)));
		} catch (IOException \| RemoteException ex) {
		Slog.d(TAG, "error while reading face debugging data", ex);
		} finally {
		if (devnull != null) {
		try {
		devnull.close();
		} catch (IOException ex) {
		}
		}
		}
		}

		// Face service metadata
		// proto.write(RestrictedImageSetProto.METADATA, flattened_protobuf);

		proto.end(setToken);
		proto.flush();
		}
		}

services/core/java/com/android/server/incident/IncidentCompanionService.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -55,7 +55,8 @@ public class IncidentCompanionService extends SystemService {
		* Dump argument for proxying restricted image dumps to the services
		* listed in the config.
		*/
		private static String[] RESTRICTED_IMAGE_DUMP_ARGS = new String[] { "--restricted_image" };
		private static String[] RESTRICTED_IMAGE_DUMP_ARGS = new String[] {
		"--hal", "--restricted_image" };

		/**
		* The two permissions, for sendBroadcastAsUserMultiplePermissions.