Loading core/java/android/hardware/biometrics/BiometricManager.java +0 −20 Original line number Original line Diff line number Diff line Loading @@ -299,26 +299,6 @@ public class BiometricManager { } } } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param userId this operation takes effect for. * @param hardwareAuthToken an opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int userId, byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(userId, hardwareAuthToken); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } else { Slog.w(TAG, "resetLockout(): Service not connected"); } } /** /** * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known Loading core/java/android/hardware/biometrics/IAuthService.aidl +0 −3 Original line number Original line Diff line number Diff line Loading @@ -46,9 +46,6 @@ interface IAuthService { // Register callback for when keyguard biometric eligibility changes. // Register callback for when keyguard biometric eligibility changes. void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback); void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. // land as SIDs, and are used during key generation. Loading core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl +0 −3 Original line number Original line Diff line number Diff line Loading @@ -53,9 +53,6 @@ interface IBiometricAuthenticator { // Return the LockoutTracker status for the specified user // Return the LockoutTracker status for the specified user int getLockoutModeForUser(int userId); int getLockoutModeForUser(int userId); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Gets the authenticator ID representing the current set of enrolled templates // Gets the authenticator ID representing the current set of enrolled templates long getAuthenticatorId(int callingUserId); long getAuthenticatorId(int callingUserId); } } core/java/android/hardware/biometrics/IBiometricService.aidl +0 −3 Original line number Original line Diff line number Diff line Loading @@ -56,9 +56,6 @@ interface IBiometricService { // Client lifecycle is still managed in <Biometric>Service. // Client lifecycle is still managed in <Biometric>Service. void onReadyForAuthentication(int cookie); void onReadyForAuthentication(int cookie); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. // land as SIDs, and are used during key generation. Loading core/java/android/hardware/face/FaceManager.java +65 −50 Original line number Original line Diff line number Diff line Loading @@ -143,14 +143,9 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } @Override @Override public void onChallengeGenerated(long challenge) { public void onChallengeGenerated(int sensorId, long challenge) { if (mGenerateChallengeCallback instanceof InternalGenerateChallengeCallback) { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, sensorId, 0, challenge) // Perform this on system_server thread, since the application's thread is .sendToTarget(); // blocked waiting for the result mGenerateChallengeCallback.onGenerateChallengeResult(challenge); } else { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, challenge).sendToTarget(); } } } @Override @Override Loading Loading @@ -416,35 +411,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } } } /** * Same as {@link #generateChallenge(GenerateChallengeCallback)}, except blocks until the * TEE/hardware operation is complete. * @return challenge generated in the TEE/hardware * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public long generateChallengeBlocking() { final AtomicReference<Long> result = new AtomicReference<>(); final CountDownLatch latch = new CountDownLatch(1); final GenerateChallengeCallback callback = new InternalGenerateChallengeCallback() { @Override public void onGenerateChallengeResult(long challenge) { result.set(challenge); latch.countDown(); } }; generateChallenge(callback); try { latch.await(1, TimeUnit.SECONDS); } catch (InterruptedException e) { Slog.e(TAG, "Interrupted while generatingChallenge", e); e.printStackTrace(); } return result.get(); } /** /** * Generates a unique random challenge in the TEE. A typical use case is to have it wrapped in a * Generates a unique random challenge in the TEE. A typical use case is to have it wrapped in a * HardwareAuthenticationToken, minted by Gatekeeper upon PIN/Pattern/Password verification. * HardwareAuthenticationToken, minted by Gatekeeper upon PIN/Pattern/Password verification. Loading @@ -458,11 +424,12 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan * @hide * @hide */ */ @RequiresPermission(MANAGE_BIOMETRIC) @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { public void generateChallenge(int sensorId, GenerateChallengeCallback callback) { if (mService != null) { if (mService != null) { try { try { mGenerateChallengeCallback = callback; mGenerateChallengeCallback = callback; mService.generateChallenge(mToken, mServiceReceiver, mContext.getOpPackageName()); mService.generateChallenge(mToken, sensorId, mServiceReceiver, mContext.getOpPackageName()); } catch (RemoteException e) { } catch (RemoteException e) { throw e.rethrowFromSystemServer(); throw e.rethrowFromSystemServer(); } } Loading @@ -470,15 +437,66 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } /** /** * Invalidates the current auth token. * Same as {@link #generateChallenge(int, GenerateChallengeCallback)}, but assumes the first * enumerated sensor. * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors"); return; } final int sensorId = faceSensorProperties.get(0).sensorId; generateChallenge(sensorId, callback); } /** * Invalidates the current challenge. * * * @hide * @hide */ */ @RequiresPermission(MANAGE_BIOMETRIC) @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge() { public void revokeChallenge() { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors during revokeChallenge"); } revokeChallenge(faceSensorProperties.get(0).sensorId); } /** * Invalidates the current challenge. * * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge(int sensorId) { if (mService != null) { if (mService != null) { try { try { mService.revokeChallenge(mToken, mContext.getOpPackageName()); mService.revokeChallenge(mToken, sensorId, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param sensorId Sensor ID that this operation takes effect for * @param userId User ID that this operation takes effect for. * @param hardwareAuthToken An opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int sensorId, int userId, @Nullable byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(mToken, sensorId, userId, hardwareAuthToken, mContext.getOpPackageName()); } catch (RemoteException e) { } catch (RemoteException e) { throw e.rethrowFromSystemServer(); throw e.rethrowFromSystemServer(); } } Loading Loading @@ -1083,18 +1101,18 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } /** /** * Callback structure provided to {@link #generateChallenge(GenerateChallengeCallback)}. * Callback structure provided to {@link #generateChallenge(int, GenerateChallengeCallback)}. * @hide * @hide */ */ public interface GenerateChallengeCallback { public interface GenerateChallengeCallback { /** /** * Invoked when a challenge has been generated. * Invoked when a challenge has been generated. */ */ void onGenerateChallengeResult(long challenge); void onGenerateChallengeResult(int sensorId, long challenge); /** /** * Invoked if the challenge has not been revoked and a subsequent caller/owner invokes * Invoked if the challenge has not been revoked and a subsequent caller/owner invokes * {@link #generateChallenge(GenerateChallengeCallback)}, but * {@link #generateChallenge(int, GenerateChallengeCallback)}, but */ */ default void onChallengeInterrupted(int sensorId) {} default void onChallengeInterrupted(int sensorId) {} Loading @@ -1104,9 +1122,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan default void onChallengeInterruptFinished(int sensorId) {} default void onChallengeInterruptFinished(int sensorId) {} } } private abstract static class InternalGenerateChallengeCallback implements GenerateChallengeCallback {} private class OnEnrollCancelListener implements OnCancelListener { private class OnEnrollCancelListener implements OnCancelListener { @Override @Override public void onCancel() { public void onCancel() { Loading Loading @@ -1178,7 +1193,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan args.recycle(); args.recycle(); break; break; case MSG_CHALLENGE_GENERATED: case MSG_CHALLENGE_GENERATED: sendChallengeGenerated((long) msg.obj /* challenge */); sendChallengeGenerated(msg.arg1 /* sensorId */, (long) msg.obj /* challenge */); break; break; case MSG_FACE_DETECTED: case MSG_FACE_DETECTED: sendFaceDetected(msg.arg1 /* sensorId */, msg.arg2 /* userId */, sendFaceDetected(msg.arg1 /* sensorId */, msg.arg2 /* userId */, Loading Loading @@ -1211,11 +1226,11 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan mGetFeatureCallback.onCompleted(success, feature, value); mGetFeatureCallback.onCompleted(success, feature, value); } } private void sendChallengeGenerated(long challenge) { private void sendChallengeGenerated(int sensorId, long challenge) { if (mGenerateChallengeCallback == null) { if (mGenerateChallengeCallback == null) { return; return; } } mGenerateChallengeCallback.onGenerateChallengeResult(challenge); mGenerateChallengeCallback.onGenerateChallengeResult(sensorId, challenge); } } private void sendFaceDetected(int sensorId, int userId, boolean isStrongBiometric) { private void sendFaceDetected(int sensorId, int userId, boolean isStrongBiometric) { Loading Loading
core/java/android/hardware/biometrics/BiometricManager.java +0 −20 Original line number Original line Diff line number Diff line Loading @@ -299,26 +299,6 @@ public class BiometricManager { } } } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param userId this operation takes effect for. * @param hardwareAuthToken an opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int userId, byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(userId, hardwareAuthToken); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } else { Slog.w(TAG, "resetLockout(): Service not connected"); } } /** /** * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known Loading
core/java/android/hardware/biometrics/IAuthService.aidl +0 −3 Original line number Original line Diff line number Diff line Loading @@ -46,9 +46,6 @@ interface IAuthService { // Register callback for when keyguard biometric eligibility changes. // Register callback for when keyguard biometric eligibility changes. void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback); void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. // land as SIDs, and are used during key generation. Loading
core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl +0 −3 Original line number Original line Diff line number Diff line Loading @@ -53,9 +53,6 @@ interface IBiometricAuthenticator { // Return the LockoutTracker status for the specified user // Return the LockoutTracker status for the specified user int getLockoutModeForUser(int userId); int getLockoutModeForUser(int userId); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Gets the authenticator ID representing the current set of enrolled templates // Gets the authenticator ID representing the current set of enrolled templates long getAuthenticatorId(int callingUserId); long getAuthenticatorId(int callingUserId); } }
core/java/android/hardware/biometrics/IBiometricService.aidl +0 −3 Original line number Original line Diff line number Diff line Loading @@ -56,9 +56,6 @@ interface IBiometricService { // Client lifecycle is still managed in <Biometric>Service. // Client lifecycle is still managed in <Biometric>Service. void onReadyForAuthentication(int cookie); void onReadyForAuthentication(int cookie); // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) void resetLockout(int userId, in byte [] hardwareAuthToken); // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. // land as SIDs, and are used during key generation. Loading
core/java/android/hardware/face/FaceManager.java +65 −50 Original line number Original line Diff line number Diff line Loading @@ -143,14 +143,9 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } @Override @Override public void onChallengeGenerated(long challenge) { public void onChallengeGenerated(int sensorId, long challenge) { if (mGenerateChallengeCallback instanceof InternalGenerateChallengeCallback) { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, sensorId, 0, challenge) // Perform this on system_server thread, since the application's thread is .sendToTarget(); // blocked waiting for the result mGenerateChallengeCallback.onGenerateChallengeResult(challenge); } else { mHandler.obtainMessage(MSG_CHALLENGE_GENERATED, challenge).sendToTarget(); } } } @Override @Override Loading Loading @@ -416,35 +411,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } } } /** * Same as {@link #generateChallenge(GenerateChallengeCallback)}, except blocks until the * TEE/hardware operation is complete. * @return challenge generated in the TEE/hardware * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public long generateChallengeBlocking() { final AtomicReference<Long> result = new AtomicReference<>(); final CountDownLatch latch = new CountDownLatch(1); final GenerateChallengeCallback callback = new InternalGenerateChallengeCallback() { @Override public void onGenerateChallengeResult(long challenge) { result.set(challenge); latch.countDown(); } }; generateChallenge(callback); try { latch.await(1, TimeUnit.SECONDS); } catch (InterruptedException e) { Slog.e(TAG, "Interrupted while generatingChallenge", e); e.printStackTrace(); } return result.get(); } /** /** * Generates a unique random challenge in the TEE. A typical use case is to have it wrapped in a * Generates a unique random challenge in the TEE. A typical use case is to have it wrapped in a * HardwareAuthenticationToken, minted by Gatekeeper upon PIN/Pattern/Password verification. * HardwareAuthenticationToken, minted by Gatekeeper upon PIN/Pattern/Password verification. Loading @@ -458,11 +424,12 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan * @hide * @hide */ */ @RequiresPermission(MANAGE_BIOMETRIC) @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { public void generateChallenge(int sensorId, GenerateChallengeCallback callback) { if (mService != null) { if (mService != null) { try { try { mGenerateChallengeCallback = callback; mGenerateChallengeCallback = callback; mService.generateChallenge(mToken, mServiceReceiver, mContext.getOpPackageName()); mService.generateChallenge(mToken, sensorId, mServiceReceiver, mContext.getOpPackageName()); } catch (RemoteException e) { } catch (RemoteException e) { throw e.rethrowFromSystemServer(); throw e.rethrowFromSystemServer(); } } Loading @@ -470,15 +437,66 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } /** /** * Invalidates the current auth token. * Same as {@link #generateChallenge(int, GenerateChallengeCallback)}, but assumes the first * enumerated sensor. * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void generateChallenge(GenerateChallengeCallback callback) { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors"); return; } final int sensorId = faceSensorProperties.get(0).sensorId; generateChallenge(sensorId, callback); } /** * Invalidates the current challenge. * * * @hide * @hide */ */ @RequiresPermission(MANAGE_BIOMETRIC) @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge() { public void revokeChallenge() { final List<FaceSensorProperties> faceSensorProperties = getSensorProperties(); if (faceSensorProperties.isEmpty()) { Slog.e(TAG, "No sensors during revokeChallenge"); } revokeChallenge(faceSensorProperties.get(0).sensorId); } /** * Invalidates the current challenge. * * @hide */ @RequiresPermission(MANAGE_BIOMETRIC) public void revokeChallenge(int sensorId) { if (mService != null) { if (mService != null) { try { try { mService.revokeChallenge(mToken, mContext.getOpPackageName()); mService.revokeChallenge(mToken, sensorId, mContext.getOpPackageName()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) * * @param sensorId Sensor ID that this operation takes effect for * @param userId User ID that this operation takes effect for. * @param hardwareAuthToken An opaque token returned by password confirmation. * @hide */ @RequiresPermission(USE_BIOMETRIC_INTERNAL) public void resetLockout(int sensorId, int userId, @Nullable byte[] hardwareAuthToken) { if (mService != null) { try { mService.resetLockout(mToken, sensorId, userId, hardwareAuthToken, mContext.getOpPackageName()); } catch (RemoteException e) { } catch (RemoteException e) { throw e.rethrowFromSystemServer(); throw e.rethrowFromSystemServer(); } } Loading Loading @@ -1083,18 +1101,18 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan } } /** /** * Callback structure provided to {@link #generateChallenge(GenerateChallengeCallback)}. * Callback structure provided to {@link #generateChallenge(int, GenerateChallengeCallback)}. * @hide * @hide */ */ public interface GenerateChallengeCallback { public interface GenerateChallengeCallback { /** /** * Invoked when a challenge has been generated. * Invoked when a challenge has been generated. */ */ void onGenerateChallengeResult(long challenge); void onGenerateChallengeResult(int sensorId, long challenge); /** /** * Invoked if the challenge has not been revoked and a subsequent caller/owner invokes * Invoked if the challenge has not been revoked and a subsequent caller/owner invokes * {@link #generateChallenge(GenerateChallengeCallback)}, but * {@link #generateChallenge(int, GenerateChallengeCallback)}, but */ */ default void onChallengeInterrupted(int sensorId) {} default void onChallengeInterrupted(int sensorId) {} Loading @@ -1104,9 +1122,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan default void onChallengeInterruptFinished(int sensorId) {} default void onChallengeInterruptFinished(int sensorId) {} } } private abstract static class InternalGenerateChallengeCallback implements GenerateChallengeCallback {} private class OnEnrollCancelListener implements OnCancelListener { private class OnEnrollCancelListener implements OnCancelListener { @Override @Override public void onCancel() { public void onCancel() { Loading Loading @@ -1178,7 +1193,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan args.recycle(); args.recycle(); break; break; case MSG_CHALLENGE_GENERATED: case MSG_CHALLENGE_GENERATED: sendChallengeGenerated((long) msg.obj /* challenge */); sendChallengeGenerated(msg.arg1 /* sensorId */, (long) msg.obj /* challenge */); break; break; case MSG_FACE_DETECTED: case MSG_FACE_DETECTED: sendFaceDetected(msg.arg1 /* sensorId */, msg.arg2 /* userId */, sendFaceDetected(msg.arg1 /* sensorId */, msg.arg2 /* userId */, Loading Loading @@ -1211,11 +1226,11 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan mGetFeatureCallback.onCompleted(success, feature, value); mGetFeatureCallback.onCompleted(success, feature, value); } } private void sendChallengeGenerated(long challenge) { private void sendChallengeGenerated(int sensorId, long challenge) { if (mGenerateChallengeCallback == null) { if (mGenerateChallengeCallback == null) { return; return; } } mGenerateChallengeCallback.onGenerateChallengeResult(challenge); mGenerateChallengeCallback.onGenerateChallengeResult(sensorId, challenge); } } private void sendFaceDetected(int sensorId, int userId, boolean isStrongBiometric) { private void sendFaceDetected(int sensorId, int userId, boolean isStrongBiometric) { Loading
