Loading services/core/java/com/android/server/biometrics/face/FaceService.java +30 −59 Original line number Diff line number Diff line Loading @@ -42,14 +42,13 @@ import android.os.Binder; import android.os.Build; import android.os.Environment; import android.os.IBinder; import android.os.NativeHandle; import android.os.RemoteException; import android.os.SELinux; import android.os.SystemProperties; import android.os.UserHandle; import android.os.UserManager; import android.service.restricted_image.RestrictedImageProto; import android.service.restricted_image.RestrictedImageSetProto; import android.service.restricted_image.RestrictedImagesDumpProto; import android.provider.Settings; import android.util.Slog; import android.util.proto.ProtoOutputStream; Loading @@ -70,8 +69,11 @@ import org.json.JSONObject; import java.io.File; import java.io.FileDescriptor; import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.Arrays; import java.util.List; /** Loading Loading @@ -286,8 +288,8 @@ public class FaceService extends BiometricServiceBase { final long ident = Binder.clearCallingIdentity(); try { if (args.length == 1 && "--restricted_image".equals(args[0])) { dumpRestrictedImage(fd); if (args.length > 1 && "--hal".equals(args[0])) { dumpHal(fd, Arrays.copyOfRange(args, 1, args.length, args.getClass())); } else if (args.length > 0 && "--proto".equals(args[0])) { dumpProto(fd); } else { Loading Loading @@ -1078,7 +1080,7 @@ public class FaceService extends BiometricServiceBase { mCryptoPerformanceMap.clear(); } private void dumpRestrictedImage(FileDescriptor fd) { private void dumpHal(FileDescriptor fd, String[] args) { // WARNING: CDD restricts image data from leaving TEE unencrypted on // production devices: // [C-1-10] MUST not allow unencrypted access to identifiable biometric Loading @@ -1099,59 +1101,28 @@ public class FaceService extends BiometricServiceBase { return; } final ProtoOutputStream proto = new ProtoOutputStream(fd); final long setToken = proto.start(RestrictedImagesDumpProto.SETS); // Name of the service proto.write(RestrictedImageSetProto.CATEGORY, "face"); // Individual images for (int i = 0; i < 5; i++) { final long imageToken = proto.start(RestrictedImageSetProto.IMAGES); proto.write(RestrictedImageProto.MIME_TYPE, "image/png"); proto.write(RestrictedImageProto.IMAGE_DATA, new byte[] { // png image data -119, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82, 0, 0, 0, 100, 0, 0, 0, 100, 1, 3, 0, 0, 0, 74, 44, 7, 23, 0, 0, 0, 4, 103, 65, 77, 65, 0, 0, -79, -113, 11, -4, 97, 5, 0, 0, 0, 1, 115, 82, 71, 66, 0, -82, -50, 28, -23, 0, 0, 0, 6, 80, 76, 84, 69, -1, -1, -1, 0, 0, 0, 85, -62, -45, 126, 0, 0, 0, -115, 73, 68, 65, 84, 56, -53, -19, -46, -79, 17, -128, 32, 12, 5, -48, 120, 22, -106, -116, -32, 40, -84, 101, -121, -93, 57, 10, 35, 88, 82, 112, 126, 3, -60, 104, 6, -112, 70, 127, -59, -69, -53, 29, 33, -127, -24, 79, -49, -52, -15, 41, 36, 34, -105, 85, 124, -14, 88, 27, 6, 28, 68, 1, 82, 62, 22, -95, -108, 55, -95, 40, -9, -110, -12, 98, -107, 76, -41, -105, -62, -50, 111, -60, 46, -14, -4, 24, -89, 42, -103, 16, 63, -72, -11, -15, 48, -62, 102, -44, 102, -73, -56, 56, -21, -128, 92, -70, -124, 117, -46, -67, -77, 82, 80, 121, -44, -56, 116, 93, -45, -90, -5, -29, -24, -83, -75, 52, -34, 55, -22, 102, -21, -105, -124, -23, 71, 87, -7, -25, -59, -100, -73, -92, -122, -7, -109, -49, -80, -89, 0, 0, 0, 0, 73, 69, 78, 68, -82, 66, 96, -126 }); // proto.write(RestrictedImageProto.METADATA, flattened_protobuf); proto.end(imageToken); // The debug method takes two file descriptors. The first is for text // output, which we will drop. The second is for binary data, which // will be the protobuf data. final IBiometricsFace daemon = getFaceDaemon(); if (daemon != null) { FileOutputStream devnull = null; try { devnull = new FileOutputStream("/dev/null"); final NativeHandle handle = new NativeHandle( new FileDescriptor[] { devnull.getFD(), fd }, new int[0], false); daemon.debug(handle, new ArrayList<String>(Arrays.asList(args))); } catch (IOException | RemoteException ex) { Slog.d(TAG, "error while reading face debugging data", ex); } finally { if (devnull != null) { try { devnull.close(); } catch (IOException ex) { } } } } // Face service metadata // proto.write(RestrictedImageSetProto.METADATA, flattened_protobuf); proto.end(setToken); proto.flush(); } } services/core/java/com/android/server/incident/IncidentCompanionService.java +2 −1 Original line number Diff line number Diff line Loading @@ -55,7 +55,8 @@ public class IncidentCompanionService extends SystemService { * Dump argument for proxying restricted image dumps to the services * listed in the config. */ private static String[] RESTRICTED_IMAGE_DUMP_ARGS = new String[] { "--restricted_image" }; private static String[] RESTRICTED_IMAGE_DUMP_ARGS = new String[] { "--hal", "--restricted_image" }; /** * The two permissions, for sendBroadcastAsUserMultiplePermissions. Loading Loading
services/core/java/com/android/server/biometrics/face/FaceService.java +30 −59 Original line number Diff line number Diff line Loading @@ -42,14 +42,13 @@ import android.os.Binder; import android.os.Build; import android.os.Environment; import android.os.IBinder; import android.os.NativeHandle; import android.os.RemoteException; import android.os.SELinux; import android.os.SystemProperties; import android.os.UserHandle; import android.os.UserManager; import android.service.restricted_image.RestrictedImageProto; import android.service.restricted_image.RestrictedImageSetProto; import android.service.restricted_image.RestrictedImagesDumpProto; import android.provider.Settings; import android.util.Slog; import android.util.proto.ProtoOutputStream; Loading @@ -70,8 +69,11 @@ import org.json.JSONObject; import java.io.File; import java.io.FileDescriptor; import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; import java.util.ArrayList; import java.util.Arrays; import java.util.List; /** Loading Loading @@ -286,8 +288,8 @@ public class FaceService extends BiometricServiceBase { final long ident = Binder.clearCallingIdentity(); try { if (args.length == 1 && "--restricted_image".equals(args[0])) { dumpRestrictedImage(fd); if (args.length > 1 && "--hal".equals(args[0])) { dumpHal(fd, Arrays.copyOfRange(args, 1, args.length, args.getClass())); } else if (args.length > 0 && "--proto".equals(args[0])) { dumpProto(fd); } else { Loading Loading @@ -1078,7 +1080,7 @@ public class FaceService extends BiometricServiceBase { mCryptoPerformanceMap.clear(); } private void dumpRestrictedImage(FileDescriptor fd) { private void dumpHal(FileDescriptor fd, String[] args) { // WARNING: CDD restricts image data from leaving TEE unencrypted on // production devices: // [C-1-10] MUST not allow unencrypted access to identifiable biometric Loading @@ -1099,59 +1101,28 @@ public class FaceService extends BiometricServiceBase { return; } final ProtoOutputStream proto = new ProtoOutputStream(fd); final long setToken = proto.start(RestrictedImagesDumpProto.SETS); // Name of the service proto.write(RestrictedImageSetProto.CATEGORY, "face"); // Individual images for (int i = 0; i < 5; i++) { final long imageToken = proto.start(RestrictedImageSetProto.IMAGES); proto.write(RestrictedImageProto.MIME_TYPE, "image/png"); proto.write(RestrictedImageProto.IMAGE_DATA, new byte[] { // png image data -119, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82, 0, 0, 0, 100, 0, 0, 0, 100, 1, 3, 0, 0, 0, 74, 44, 7, 23, 0, 0, 0, 4, 103, 65, 77, 65, 0, 0, -79, -113, 11, -4, 97, 5, 0, 0, 0, 1, 115, 82, 71, 66, 0, -82, -50, 28, -23, 0, 0, 0, 6, 80, 76, 84, 69, -1, -1, -1, 0, 0, 0, 85, -62, -45, 126, 0, 0, 0, -115, 73, 68, 65, 84, 56, -53, -19, -46, -79, 17, -128, 32, 12, 5, -48, 120, 22, -106, -116, -32, 40, -84, 101, -121, -93, 57, 10, 35, 88, 82, 112, 126, 3, -60, 104, 6, -112, 70, 127, -59, -69, -53, 29, 33, -127, -24, 79, -49, -52, -15, 41, 36, 34, -105, 85, 124, -14, 88, 27, 6, 28, 68, 1, 82, 62, 22, -95, -108, 55, -95, 40, -9, -110, -12, 98, -107, 76, -41, -105, -62, -50, 111, -60, 46, -14, -4, 24, -89, 42, -103, 16, 63, -72, -11, -15, 48, -62, 102, -44, 102, -73, -56, 56, -21, -128, 92, -70, -124, 117, -46, -67, -77, 82, 80, 121, -44, -56, 116, 93, -45, -90, -5, -29, -24, -83, -75, 52, -34, 55, -22, 102, -21, -105, -124, -23, 71, 87, -7, -25, -59, -100, -73, -92, -122, -7, -109, -49, -80, -89, 0, 0, 0, 0, 73, 69, 78, 68, -82, 66, 96, -126 }); // proto.write(RestrictedImageProto.METADATA, flattened_protobuf); proto.end(imageToken); // The debug method takes two file descriptors. The first is for text // output, which we will drop. The second is for binary data, which // will be the protobuf data. final IBiometricsFace daemon = getFaceDaemon(); if (daemon != null) { FileOutputStream devnull = null; try { devnull = new FileOutputStream("/dev/null"); final NativeHandle handle = new NativeHandle( new FileDescriptor[] { devnull.getFD(), fd }, new int[0], false); daemon.debug(handle, new ArrayList<String>(Arrays.asList(args))); } catch (IOException | RemoteException ex) { Slog.d(TAG, "error while reading face debugging data", ex); } finally { if (devnull != null) { try { devnull.close(); } catch (IOException ex) { } } } } // Face service metadata // proto.write(RestrictedImageSetProto.METADATA, flattened_protobuf); proto.end(setToken); proto.flush(); } }
services/core/java/com/android/server/incident/IncidentCompanionService.java +2 −1 Original line number Diff line number Diff line Loading @@ -55,7 +55,8 @@ public class IncidentCompanionService extends SystemService { * Dump argument for proxying restricted image dumps to the services * listed in the config. */ private static String[] RESTRICTED_IMAGE_DUMP_ARGS = new String[] { "--restricted_image" }; private static String[] RESTRICTED_IMAGE_DUMP_ARGS = new String[] { "--hal", "--restricted_image" }; /** * The two permissions, for sendBroadcastAsUserMultiplePermissions. Loading
