Loading core/java/android/hardware/biometrics/BiometricManager.java +0 −20 Original line number Diff line number Diff line Loading @@ -299,26 +299,6 @@ public class BiometricManager { } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param userId this operation takes effect for. * @param hardwareAuthToken an opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int userId, byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(userId, hardwareAuthToken); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } else { Slog.w(TAG, "resetLockout(): Service not connected"); } } /** * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known Loading core/java/android/hardware/biometrics/IAuthService.aidl +0 −3 Original line number Diff line number Diff line Loading @@ -46,9 +46,6 @@ interface IAuthService { // Register callback for when keyguard biometric eligibility changes. void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. Loading core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl +0 −3 Original line number Diff line number Diff line Loading @@ -53,9 +53,6 @@ interface IBiometricAuthenticator { // Return the LockoutTracker status for the specified user int getLockoutModeForUser(int userId); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Gets the authenticator ID representing the current set of enrolled templates long getAuthenticatorId(int callingUserId); } core/java/android/hardware/biometrics/IBiometricService.aidl +0 −3 Original line number Diff line number Diff line Loading @@ -56,9 +56,6 @@ interface IBiometricService { // Client lifecycle is still managed in <Biometric>Service. void onReadyForAuthentication(int cookie); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. Loading core/java/android/hardware/face/FaceManager.java +65 −50 Original line number Diff line number Diff line Loading @@ -143,14 +143,9 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } @Override public void onChallengeGenerated(long challenge) { if (mGenerateChallengeCallback instanceof InternalGenerateChallengeCallback) { // Perform this on system_server thread, since the application's thread is // blocked waiting for the result mGenerateChallengeCallback.onGenerateChallengeResult(challenge); } else { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, challenge).sendToTarget(); } public void onChallengeGenerated(int sensorId, long challenge) { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, sensorId, 0, challenge) .sendToTarget(); } @Override Loading Loading @@ -416,35 +411,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } /** * Same as {@link #generateChallenge(GenerateChallengeCallback)}, except blocks until the * TEE/hardware operation is complete. * @return challenge generated in the TEE/hardware * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public long generateChallengeBlocking() { final AtomicReference<Long> result = new AtomicReference<>(); final CountDownLatch latch = new CountDownLatch(1); final GenerateChallengeCallback callback = new InternalGenerateChallengeCallback() { @Override public void onGenerateChallengeResult(long challenge) { result.set(challenge); latch.countDown(); } }; generateChallenge(callback); try { latch.await(1, TimeUnit.SECONDS); } catch (InterruptedException e) { Slog.e(TAG, "Interrupted while generatingChallenge", e); e.printStackTrace(); } return result.get(); } /** * Generates a unique random challenge in the TEE. A typical use case is to have it wrapped in a * HardwareAuthenticationToken, minted by Gatekeeper upon PIN/Pattern/Password verification. Loading @@ -458,11 +424,12 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { public void generateChallenge(int sensorId, GenerateChallengeCallback callback) { if (mService != null) { try { mGenerateChallengeCallback = callback; mService.generateChallenge(mToken, mServiceReceiver, mContext.getOpPackageName()); mService.generateChallenge(mToken, sensorId, mServiceReceiver, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -470,15 +437,66 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } /** * Invalidates the current auth token. * Same as {@link #generateChallenge(int, GenerateChallengeCallback)}, but assumes the first * enumerated sensor. * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors"); return; } final int sensorId = faceSensorProperties.get(0).sensorId; generateChallenge(sensorId, callback); } /** * Invalidates the current challenge. * * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge() { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors during revokeChallenge"); } revokeChallenge(faceSensorProperties.get(0).sensorId); } /** * Invalidates the current challenge. * * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge(int sensorId) { if (mService != null) { try { mService.revokeChallenge(mToken, mContext.getOpPackageName()); mService.revokeChallenge(mToken, sensorId, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param sensorId Sensor ID that this operation takes effect for * @param userId User ID that this operation takes effect for. * @param hardwareAuthToken An opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int sensorId, int userId, @Nullable byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(mToken, sensorId, userId, hardwareAuthToken, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading Loading @@ -1083,18 +1101,18 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } /** * Callback structure provided to {@link #generateChallenge(GenerateChallengeCallback)}. * Callback structure provided to {@link #generateChallenge(int, GenerateChallengeCallback)}. * @hide */ public interface GenerateChallengeCallback { /** * Invoked when a challenge has been generated. */ void onGenerateChallengeResult(long challenge); void onGenerateChallengeResult(int sensorId, long challenge); /** * Invoked if the challenge has not been revoked and a subsequent caller/owner invokes * {@link #generateChallenge(GenerateChallengeCallback)}, but * {@link #generateChallenge(int, GenerateChallengeCallback)}, but */ default void onChallengeInterrupted(int sensorId) {} Loading @@ -1104,9 +1122,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan default void onChallengeInterruptFinished(int sensorId) {} } private abstract static class InternalGenerateChallengeCallback implements GenerateChallengeCallback {} private class OnEnrollCancelListener implements OnCancelListener { @Override public void onCancel() { Loading Loading @@ -1178,7 +1193,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan args.recycle(); break; case MSG_CHALLENGE_GENERATED: sendChallengeGenerated((long) msg.obj /* challenge */); sendChallengeGenerated(msg.arg1 /* sensorId */, (long) msg.obj /* challenge */); break; case MSG_FACE_DETECTED: sendFaceDetected(msg.arg1 /* sensorId */, msg.arg2 /* userId */, Loading Loading @@ -1211,11 +1226,11 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan mGetFeatureCallback.onCompleted(success, feature, value); } private void sendChallengeGenerated(long challenge) { private void sendChallengeGenerated(int sensorId, long challenge) { if (mGenerateChallengeCallback == null) { return; } mGenerateChallengeCallback.onGenerateChallengeResult(challenge); mGenerateChallengeCallback.onGenerateChallengeResult(sensorId, challenge); } private void sendFaceDetected(int sensorId, int userId, boolean isStrongBiometric) { Loading Loading
core/java/android/hardware/biometrics/BiometricManager.java +0 −20 Original line number Diff line number Diff line Loading @@ -299,26 +299,6 @@ public class BiometricManager { } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param userId this operation takes effect for. * @param hardwareAuthToken an opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int userId, byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(userId, hardwareAuthToken); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } else { Slog.w(TAG, "resetLockout(): Service not connected"); } } /** * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known Loading
core/java/android/hardware/biometrics/IAuthService.aidl +0 −3 Original line number Diff line number Diff line Loading @@ -46,9 +46,6 @@ interface IAuthService { // Register callback for when keyguard biometric eligibility changes. void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. Loading
core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl +0 −3 Original line number Diff line number Diff line Loading @@ -53,9 +53,6 @@ interface IBiometricAuthenticator { // Return the LockoutTracker status for the specified user int getLockoutModeForUser(int userId); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Gets the authenticator ID representing the current set of enrolled templates long getAuthenticatorId(int callingUserId); }
core/java/android/hardware/biometrics/IBiometricService.aidl +0 −3 Original line number Diff line number Diff line Loading @@ -56,9 +56,6 @@ interface IBiometricService { // Client lifecycle is still managed in <Biometric>Service. void onReadyForAuthentication(int cookie); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. Loading
core/java/android/hardware/face/FaceManager.java +65 −50 Original line number Diff line number Diff line Loading @@ -143,14 +143,9 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } @Override public void onChallengeGenerated(long challenge) { if (mGenerateChallengeCallback instanceof InternalGenerateChallengeCallback) { // Perform this on system_server thread, since the application's thread is // blocked waiting for the result mGenerateChallengeCallback.onGenerateChallengeResult(challenge); } else { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, challenge).sendToTarget(); } public void onChallengeGenerated(int sensorId, long challenge) { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, sensorId, 0, challenge) .sendToTarget(); } @Override Loading Loading @@ -416,35 +411,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } /** * Same as {@link #generateChallenge(GenerateChallengeCallback)}, except blocks until the * TEE/hardware operation is complete. * @return challenge generated in the TEE/hardware * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public long generateChallengeBlocking() { final AtomicReference<Long> result = new AtomicReference<>(); final CountDownLatch latch = new CountDownLatch(1); final GenerateChallengeCallback callback = new InternalGenerateChallengeCallback() { @Override public void onGenerateChallengeResult(long challenge) { result.set(challenge); latch.countDown(); } }; generateChallenge(callback); try { latch.await(1, TimeUnit.SECONDS); } catch (InterruptedException e) { Slog.e(TAG, "Interrupted while generatingChallenge", e); e.printStackTrace(); } return result.get(); } /** * Generates a unique random challenge in the TEE. A typical use case is to have it wrapped in a * HardwareAuthenticationToken, minted by Gatekeeper upon PIN/Pattern/Password verification. Loading @@ -458,11 +424,12 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { public void generateChallenge(int sensorId, GenerateChallengeCallback callback) { if (mService != null) { try { mGenerateChallengeCallback = callback; mService.generateChallenge(mToken, mServiceReceiver, mContext.getOpPackageName()); mService.generateChallenge(mToken, sensorId, mServiceReceiver, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -470,15 +437,66 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } /** * Invalidates the current auth token. * Same as {@link #generateChallenge(int, GenerateChallengeCallback)}, but assumes the first * enumerated sensor. * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors"); return; } final int sensorId = faceSensorProperties.get(0).sensorId; generateChallenge(sensorId, callback); } /** * Invalidates the current challenge. * * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge() { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors during revokeChallenge"); } revokeChallenge(faceSensorProperties.get(0).sensorId); } /** * Invalidates the current challenge. * * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge(int sensorId) { if (mService != null) { try { mService.revokeChallenge(mToken, mContext.getOpPackageName()); mService.revokeChallenge(mToken, sensorId, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param sensorId Sensor ID that this operation takes effect for * @param userId User ID that this operation takes effect for. * @param hardwareAuthToken An opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int sensorId, int userId, @Nullable byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(mToken, sensorId, userId, hardwareAuthToken, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading Loading @@ -1083,18 +1101,18 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } /** * Callback structure provided to {@link #generateChallenge(GenerateChallengeCallback)}. * Callback structure provided to {@link #generateChallenge(int, GenerateChallengeCallback)}. * @hide */ public interface GenerateChallengeCallback { /** * Invoked when a challenge has been generated. */ void onGenerateChallengeResult(long challenge); void onGenerateChallengeResult(int sensorId, long challenge); /** * Invoked if the challenge has not been revoked and a subsequent caller/owner invokes * {@link #generateChallenge(GenerateChallengeCallback)}, but * {@link #generateChallenge(int, GenerateChallengeCallback)}, but */ default void onChallengeInterrupted(int sensorId) {} Loading @@ -1104,9 +1122,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan default void onChallengeInterruptFinished(int sensorId) {} } private abstract static class InternalGenerateChallengeCallback implements GenerateChallengeCallback {} private class OnEnrollCancelListener implements OnCancelListener { @Override public void onCancel() { Loading Loading @@ -1178,7 +1193,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan args.recycle(); break; case MSG_CHALLENGE_GENERATED: sendChallengeGenerated((long) msg.obj /* challenge */); sendChallengeGenerated(msg.arg1 /* sensorId */, (long) msg.obj /* challenge */); break; case MSG_FACE_DETECTED: sendFaceDetected(msg.arg1 /* sensorId */, msg.arg2 /* userId */, Loading Loading @@ -1211,11 +1226,11 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan mGetFeatureCallback.onCompleted(success, feature, value); } private void sendChallengeGenerated(long challenge) { private void sendChallengeGenerated(int sensorId, long challenge) { if (mGenerateChallengeCallback == null) { return; } mGenerateChallengeCallback.onGenerateChallengeResult(challenge); mGenerateChallengeCallback.onGenerateChallengeResult(sensorId, challenge); } private void sendFaceDetected(int sensorId, int userId, boolean isStrongBiometric) { Loading
