Loading biometrics/face/aidl/android/hardware/biometrics/face/IFace.aidl +12 −10 Original line number Original line Diff line number Diff line Loading @@ -25,28 +25,30 @@ interface IFace { /** /** * getSensorProps: * getSensorProps: * * * @return A list of properties for all face sensors available to the HAL. * @return A list of properties for all of the face sensors supported by the HAL. */ */ SensorProps[] getSensorProps(); SensorProps[] getSensorProps(); /** /** * createSession: * createSession: * * * Creates a session that can be used by the framework to perform operations such as * Creates an instance of ISession that can be used by the framework to perform operations such * enroll, authenticate, etc. for the given sensorId and userId. * as ISession#enroll, ISession#authenticate, etc. for the given sensorId and userId. * * * Calling this method while there is an active session is considered an error. If the * Calling this method while there is an active session is considered an error. If the framework * framework is in a bad state and for some reason cannot close its session, it should use * wants to create a new session when it already has an active session, it must first cancel the * the reset method below. * current operation if it's cancellable or wait until it completes. Then, the framework must * explicitly close the session with ISession#close. Once the framework receives * ISessionCallback#onSessionClosed, a new session can be created. * * * Implementations must store user-specific state or metadata in /data/vendor_de/<user>/facedata * Implementations must store user-specific state or metadata in /data/vendor_de/<user>/facedata * as specified by the SELinux policy. The directory /data/vendor_de is managed by vold (see * as specified by the SELinux policy. The directory /data/vendor_de is managed by vold (see * vold_prepare_subdirs.cpp). Implementations may store additional user-specific data, such as * vold_prepare_subdirs.cpp). Implementations may store additional user-specific data, such as * embeddings or templates in StrongBox. * embeddings or templates, in StrongBox. * * * @param sensorId The sensorId with which this session is being created. * @param sensorId The sensorId for which this session is being created. * @param userId The userId with which this session is being created. * @param userId The userId for which this session is being created. * @param cb A callback to notify the framework about the session's results and events. * @param cb A callback to notify the framework about the session's events. * @return A new session. * @return A new session. */ */ ISession createSession(in int sensorId, in int userId, in ISessionCallback cb); ISession createSession(in int sensorId, in int userId, in ISessionCallback cb); Loading biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl +122 −70 Original line number Original line Diff line number Diff line Loading @@ -24,7 +24,6 @@ import android.hardware.common.NativeHandle; import android.hardware.keymaster.HardwareAuthToken; import android.hardware.keymaster.HardwareAuthToken; /** /** * Operations that can be performed for unique sessions retrieved via IFace#createSession. * Operations defined within this interface can be divided into the following categories: * Operations defined within this interface can be divided into the following categories: * 1) Cancellable operations. These are usually the operations that can execute for several * 1) Cancellable operations. These are usually the operations that can execute for several * minutes. To allow for cancellation, they return an instance of ICancellationSignal that * minutes. To allow for cancellation, they return an instance of ICancellationSignal that Loading Loading @@ -83,15 +82,20 @@ interface ISession { * | 0 | 10 | <Time4> | <Random4> | * | 0 | 10 | <Time4> | <Random4> | * ---------------------------------------------- * ---------------------------------------------- * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onChallengeGenerated * */ */ void generateChallenge(); void generateChallenge(); /** /** * revokeChallenge: * revokeChallenge: * * * Revokes a challenge that was previously generated. Note that if an invalid combination of * Revokes a challenge that was previously generated. Note that if a non-existent challenge is * parameters is requested, the implementation must still notify the framework using the * provided, the HAL must still notify the framework using ISessionCallback#onChallengeRevoked. * provided callback. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onChallengeRevoked * * * @param challenge Challenge that should be revoked. * @param challenge Challenge that should be revoked. */ */ Loading @@ -100,9 +104,9 @@ interface ISession { /** /** * getEnrollmentConfig: * getEnrollmentConfig: * * * Returns the enrollment configuration depending on the provided enrollment type. Enrollment * Returns the enrollment configuration for the provided enrollment type. Enrollment * configuration determines how many stages the enrollment will have and the requirements for * configuration determines how many stages the enrollment will have and the requirements * each of the stages. * for each of the stages. * * * @param enrollmentType See the EnrollmentType enum. * @param enrollmentType See the EnrollmentType enum. * @return An EnrollmentStageConfig array that describes each enrollment stage. * @return An EnrollmentStageConfig array that describes each enrollment stage. Loading @@ -117,22 +121,28 @@ interface ISession { * At any point during enrollment, if a non-recoverable error occurs, the HAL must notify the * At any point during enrollment, if a non-recoverable error occurs, the HAL must notify the * framework via ISessionCallback#onError with the applicable enrollment-specific error. * framework via ISessionCallback#onError with the applicable enrollment-specific error. * * * Before capturing face data, the implementation must first verify the authenticity and * Before capturing face data, the HAL must first verify the authenticity and integrity of the * integrity of the provided HardwareAuthToken. In addition, it must check that the challenge * provided HardwareAuthToken. In addition, it must check that the challenge within the provided * within the provided HardwareAuthToken is valid. See ISession#generateChallenge. If any of * HardwareAuthToken is valid. See ISession#generateChallenge. If any of the above checks fail, * the above checks fail, the framework must be notified using ISessionCallback#onError with * the framework must be notified using ISessionCallback#onError with Error::UNABLE_TO_PROCESS. * Error::UNABLE_TO_PROCESS. * * * During enrollment, the implementation may notify the framework via * During enrollment, the HAL may notify the framework via ISessionCallback#onAcquired with * ISessionCallback#onAcquired with messages that may be used to guide the user. This callback * messages that may be used to guide the user. This callback can be invoked multiple times if * can be invoked multiple times if necessary. Similarly, the framework may be notified of * necessary. Similarly, the framework may be notified of enrollment progress changes via * enrollment progress changes via ISessionCallback#onEnrollmentProgress. Once the framework is * ISessionCallback#onEnrollmentProgress. Once the framework is notified that there are 0 * notified that there are 0 "remaining" steps, the framework may cache the "enrollmentId". See * "remaining" steps, the framework may cache the "enrollmentId". See * ISessionCallback#onEnrollmentProgress for more info. * ISessionCallback#onEnrollmentProgress for more info. * * * When a face is successfully added and before the framework is notified of remaining=0, the * When a face is successfully added and before the framework is notified of remaining=0, the * implementation MUST update and associate this (sensorId, userId) pair with a new * HAL must update and associate this (sensorId, userId) pair with a new entropy-encoded random * entropy-encoded random identifier. See ISession#getAuthenticatorId for more information. * identifier. See ISession#getAuthenticatorId for more information. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onEnrollmentProgress(enrollmentId, remaining=0) * * Other applicable callbacks: * - ISessionCallback#onAcquired * * * @param hat See above documentation. * @param hat See above documentation. * @param enrollmentType See the EnrollmentType enum. * @param enrollmentType See the EnrollmentType enum. Loading @@ -154,15 +164,18 @@ interface ISession { * At any point during authentication, if a non-recoverable error occurs, the HAL must notify * At any point during authentication, if a non-recoverable error occurs, the HAL must notify * the framework via ISessionCallback#onError with the applicable authentication-specific error. * the framework via ISessionCallback#onError with the applicable authentication-specific error. * * * During authentication, the implementation may notify the framework via * During authentication, the HAL may notify the framework via ISessionCallback#onAcquired with * ISessionCallback#onAcquired with messages that may be used to guide the user. This callback * messages that may be used to guide the user. This callback can be invoked multiple times if * can be invoked multiple times if necessary. * necessary. * * * The HAL must notify the framework of accepts/rejects via ISessionCallback#onAuthentication*. * The HAL must notify the framework of accepts/rejects via * ISessionCallback#onAuthenticationSucceeded and ISessionCallback#onAuthenticationFailed, * correspondingly. * * * The authentication lifecycle ends when either * The authentication lifecycle ends when any of the following happens: * 1) A face is accepted, and ISessionCallback#onAuthenticationSucceeded is invoked, or * 1) A face is accepted, and ISessionCallback#onAuthenticationSucceeded is invoked. * 2) Any non-recoverable error occurs (such as lockout). See the full list of * 2) A face is rejected, and ISessionCallback#onAuthenticationFailed is invoked. * 3) Any non-recoverable error occurs (such as lockout). See the full list of * authentication-specific errors in the Error enum. * authentication-specific errors in the Error enum. * * * Note that upon successful authentication, the lockout counter for this (sensorId, userId) * Note that upon successful authentication, the lockout counter for this (sensorId, userId) Loading @@ -174,16 +187,26 @@ interface ISession { * must be set with the operationId passed in during #authenticate. If the sensor is NOT * must be set with the operationId passed in during #authenticate. If the sensor is NOT * SensorStrength::STRONG, the HardwareAuthToken MUST be null. * SensorStrength::STRONG, the HardwareAuthToken MUST be null. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onAuthenticationSucceeded * - ISessionCallback#onAuthenticationFailed * * Other applicable callbacks: * - ISessionCallback#onAcquired * - ISessionCallback#onLockoutTimed * - ISessionCallback#onLockoutPermanent * * @param operationId For sensors configured as SensorStrength::STRONG, this must be used ONLY * @param operationId For sensors configured as SensorStrength::STRONG, this must be used ONLY * upon successful authentication and wrapped in the HardwareAuthToken's * upon successful authentication and wrapped in the HardwareAuthToken's * "challenge" field and sent to the framework via * "challenge" field and sent to the framework via * ISessionCallback#onAuthenticated. The operationId is an opaque identifier * ISessionCallback#onAuthenticationSucceeded. The operationId is an opaque * created from a separate secure subsystem such as, but not limited to * identifier created from a separate secure subsystem such as, but not * KeyStore/KeyMaster. The HardwareAuthToken can then be used as an * limited to KeyStore/KeyMaster. The HardwareAuthToken can then be used as * attestation for the provided operation. For example, this is used * an attestation for the provided operation. For example, this is used to * to unlock biometric-bound auth-per-use keys (see * unlock biometric-bound auth-per-use keys (see * setUserAuthenticationParameters in KeyGenParameterSpec.Builder and * setUserAuthenticationParameters in KeyGenParameterSpec.Builder and * KeyProtection.Builder. * KeyProtection.Builder). * @return ICancellationSignal An object that can be used by the framework to cancel this * @return ICancellationSignal An object that can be used by the framework to cancel this * operation. * operation. */ */ Loading @@ -193,32 +216,36 @@ interface ISession { * detectInteraction: * detectInteraction: * * * A request to start looking for faces without performing matching. Must only be called if * A request to start looking for faces without performing matching. Must only be called if * SensorProps#supportsDetectInteraction is true. If invoked on implementations that do not * SensorProps#supportsDetectInteraction is true. If invoked on HALs that do not support this * support this functionality, the HAL must respond with ISession#onError(UNABLE_TO_PROCESS, 0). * functionality, the HAL must respond with ISession#onError(UNABLE_TO_PROCESS, 0). * * * The framework will use this method in cases where determing user presence is required, but * The framework will use this operation in cases where determining user presence is required, * identifying/authentication is not. For example, when the device is encrypted (first boot) or * but identifying/authenticating is not. For example, when the device is encrypted (first boot) * in lockdown mode. * or in lockdown mode. * * * At any point during detectInteraction, if a non-recoverable error occurs, the HAL must notify * At any point during detectInteraction, if a non-recoverable error occurs, the HAL must notify * the framework via ISessionCallback#onError with the applicable error. * the framework via ISessionCallback#onError with the applicable error. * * * The implementation must only check for a face-like image was detected (e.g. to * The HAL must only check whether a face-like image was detected (e.g. to minimize interactions * minimize interactions due to non-face objects), and the lockout counter must not * due to non-face objects), and the lockout counter must not be modified. * be modified. * * * Upon detecting any face, the implementation must invoke * Upon detecting any face, the HAL must invoke ISessionCallback#onInteractionDetected. * ISessionCallback#onInteractionDetected. * * * The lifecycle of this operation ends when either * The lifecycle of this operation ends when either: * 1) Any face is detected and the framework is notified via * 1) Any face is detected and the framework is notified via * ISessionCallback#onInteractiondetected * ISessionCallback#onInteractionDetected. * 2) The operation was cancelled by the framework (see ICancellationSignal) * 2) An error occurrs, for example Error::TIMEOUT. * 3) An error occurred, for example ERROR::TIMEOUT * * * Note that if the operation is canceled, the implementation must notify the framework via * Note that if the operation is canceled, the HAL must notify the framework via * ISessionCallback#onError with Error::CANCELED. * ISessionCallback#onError with Error::CANCELED. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onInteractionDetected * * Other applicable callbacks: * - ISessionCallback#onAcquired * * @return ICancellationSignal An object that can be used by the framework to cancel this * @return ICancellationSignal An object that can be used by the framework to cancel this * operation. * operation. */ */ Loading @@ -227,12 +254,14 @@ interface ISession { /* /* * enumerateEnrollments: * enumerateEnrollments: * * * A request to enumerate (list) the enrollments for this (sensorId, userId) pair. The * A request to enumerate (list) the enrollments for this (sensorId, userId) pair. The framework * framework typically uses this to ensure that its cache is in sync with the HAL. * typically uses this to ensure that its cache is in sync with the HAL. * * * The implementation must then notify the framework with a list of enrollments applicable * The HAL must then notify the framework with a list of enrollments applicable for the current * for the current session via ISessionCallback#onEnrollmentsEnumerated. * session via ISessionCallback#onEnrollmentsEnumerated. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onEnrollmentsEnumerated */ */ void enumerateEnrollments(); void enumerateEnrollments(); Loading @@ -242,8 +271,12 @@ interface ISession { * A request to remove the enrollments for this (sensorId, userId) pair. * A request to remove the enrollments for this (sensorId, userId) pair. * * * After removing the enrollmentIds from everywhere necessary (filesystem, secure subsystems, * After removing the enrollmentIds from everywhere necessary (filesystem, secure subsystems, * etc), the implementation must notify the framework via ISessionCallback#onEnrollmentsRemoved. * etc), the HAL must notify the framework via ISessionCallback#onEnrollmentsRemoved. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onEnrollmentsRemoved * * * @param enrollmentIds a list of enrollments that should be removed. */ */ void removeEnrollments(in int[] enrollmentIds); void removeEnrollments(in int[] enrollmentIds); Loading @@ -257,6 +290,10 @@ interface ISession { * * * The HAL must notify the framework about the result by calling * The HAL must notify the framework about the result by calling * ISessionCallback#onFeaturesRetrieved. * ISessionCallback#onFeaturesRetrieved. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onFeaturesRetrieved */ */ void getFeatures(); void getFeatures(); Loading @@ -264,15 +301,19 @@ interface ISession { * setFeature: * setFeature: * * * Enables or disables a feature for this (sensorId, userId) pair. Because certain features may * Enables or disables a feature for this (sensorId, userId) pair. Because certain features may * decrease security, the user must enter their password before this method is invoked * decrease security, the user must enter their password before this operation is invoked * (see @param hat). The HAL must verify the hat before changing any feature state. * (see @param hat). The HAL must verify the HAT before changing any feature state. * * * If the hat is invalid or if the user is not enrolled, the HAL must invoke * If the HAT is invalid or if the user is not enrolled, the HAL must invoke * ISessionCallback#onError with Error::UNABLE_TO_PROCESS. * ISessionCallback#onError with Error::UNABLE_TO_PROCESS. * * * After the feature is successfully set, the HAL must notify the framework by calling * After the feature is successfully set, the HAL must notify the framework by calling * ISessionCallback#onFeatureSet. * ISessionCallback#onFeatureSet. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onFeatureSet * * @param hat HardwareAuthToken See above documentation. * @param hat HardwareAuthToken See above documentation. * @param feature The feature to be enabled or disabled. * @param feature The feature to be enabled or disabled. * @param enabled Whether the provided features should be enabled or disabled. * @param enabled Whether the provided features should be enabled or disabled. Loading @@ -295,8 +336,8 @@ interface ISession { * KeyProtection.Builder.setInvalidatedByBiometricEnrollment. * KeyProtection.Builder.setInvalidatedByBiometricEnrollment. * * * In addition, upon successful face authentication, the signed HAT that is returned to * In addition, upon successful face authentication, the signed HAT that is returned to * the framework via ISessionCallback#onAuthenticated must contain this identifier in the * the framework via ISessionCallback#onAuthenticationSucceeded must contain this identifier in * authenticatorId field. * the authenticatorId field. * * * Returns an entropy-encoded random identifier associated with the current set of enrollments * Returns an entropy-encoded random identifier associated with the current set of enrollments * via ISessionCallback#onAuthenticatorIdRetrieved. The authenticatorId * via ISessionCallback#onAuthenticatorIdRetrieved. The authenticatorId Loading @@ -305,20 +346,21 @@ interface ISession { * 3) MUST not change if a face is deleted. * 3) MUST not change if a face is deleted. * 4) MUST be an entropy-encoded random number * 4) MUST be an entropy-encoded random number * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onAuthenticatorIdRetrieved */ */ void getAuthenticatorId(); void getAuthenticatorId(); /** /** * invalidateAuthenticatorId: * invalidateAuthenticatorId: * * * This method only applies to sensors that are configured as SensorStrength::STRONG. If invoked * This operation only applies to sensors that are configured as SensorStrength::STRONG. If * by the framework for sensor of other strengths, the HAL should immediately invoke * invoked by the framework for sensors of other strengths, the HAL should immediately invoke * ISessionCallback#onAuthenticatorIdInvalidated. * ISessionCallback#onAuthenticatorIdInvalidated. * * * The following only applies to sensors that are configured as SensorStrength::STRONG. * The following only applies to sensors that are configured as SensorStrength::STRONG. * * * When invoked by the framework, the implementation must perform the following sequence of * When invoked by the framework, the HAL must perform the following sequence of events: * events: * 1) Update the authenticatorId with a new entropy-encoded random number * 1) Update the authenticatorId with a new entropy-encoded random number * 2) Persist the new authenticatorId to non-ephemeral storage * 2) Persist the new authenticatorId to non-ephemeral storage * 3) Notify the framework that the above is completed, via * 3) Notify the framework that the above is completed, via Loading @@ -326,18 +368,20 @@ interface ISession { * * * A practical use case of invalidation would be when the user adds a new enrollment to a sensor * A practical use case of invalidation would be when the user adds a new enrollment to a sensor * managed by a different HAL instance. The public android.security.keystore APIs bind keys to * managed by a different HAL instance. The public android.security.keystore APIs bind keys to * "all biometrics" rather than "face-only" or "face-only" (see #getAuthenticatorId * "all biometrics" rather than "fingerprint-only" or "face-only" (see #getAuthenticatorId for * for more details). As such, the framework would coordinate invalidation across multiple * more details). As such, the framework would coordinate invalidation across multiple biometric * biometric HALs as necessary. * HALs as necessary. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onAuthenticatorIdInvalidated */ */ void invalidateAuthenticatorId(); void invalidateAuthenticatorId(); /** /** * resetLockout: * resetLockout: * * * Requests the implementation to clear the lockout counter. Upon receiving this request, the * Requests the HAL to clear the lockout counter. Upon receiving this request, the HAL must * implementation must perform the following: * perform the following: * 1) Verify the authenticity and integrity of the provided HAT * 1) Verify the authenticity and integrity of the provided HAT * 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the * 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the * order of minutes, not hours). * order of minutes, not hours). Loading Loading @@ -373,6 +417,9 @@ interface ISession { * See the Android CDD section 7.3.10 for the full set of lockout and rate-limiting * See the Android CDD section 7.3.10 for the full set of lockout and rate-limiting * requirements. * requirements. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onLockoutCleared * * @param hat HardwareAuthToken See above documentation. * @param hat HardwareAuthToken See above documentation. */ */ void resetLockout(in HardwareAuthToken hat); void resetLockout(in HardwareAuthToken hat); Loading @@ -384,9 +431,14 @@ interface ISession { * If the HAL is busy performing a cancellable operation, the operation must be explicitly * If the HAL is busy performing a cancellable operation, the operation must be explicitly * cancelled with a call to ICancellationSignal#cancel before the session can be closed. * cancelled with a call to ICancellationSignal#cancel before the session can be closed. * * * After a session is closed, the HAL must notify the framework by calling * ISessionCallback#onSessionClosed. * * All sessions must be explicitly closed. Calling IFace#createSession while there is an active * All sessions must be explicitly closed. Calling IFace#createSession while there is an active * session is considered an error. * session is considered an error. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onSessionClosed */ */ void close(); void close(); } } biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl +13 −13 Original line number Original line Diff line number Diff line Loading @@ -37,11 +37,11 @@ interface ISessionCallback { /** /** * This method must only be used to notify the framework during the following operations: * This method must only be used to notify the framework during the following operations: * 1) ISession#authenticate * - ISession#authenticate * 2) ISession#detectInteraction * - ISession#detectInteraction * * * These messages may be used to provide user guidance multiple times if necessary per * These messages may be used to provide user guidance multiple times per operation if * operation. * necessary. * * * @param frame See the AuthenticationFrame enum. * @param frame See the AuthenticationFrame enum. */ */ Loading @@ -51,8 +51,8 @@ interface ISessionCallback { * This method must only be used to notify the framework during the ISession#enroll * This method must only be used to notify the framework during the ISession#enroll * operation. * operation. * * * These messages may be used to provide user guidance multiple times if necessary per * These messages may be used to provide user guidance multiple times per operation if * operation. * necessary. * * * @param frame See the EnrollmentFrame enum. * @param frame See the EnrollmentFrame enum. */ */ Loading @@ -60,18 +60,18 @@ interface ISessionCallback { /** /** * This method must only be used to notify the framework during the following operations: * This method must only be used to notify the framework during the following operations: * 1) ISession#enroll * - ISession#enroll * 2) ISession#authenticate * - ISession#authenticate * 3) ISession#detectInteraction * - ISession#detectInteraction * 4) ISession#invalidateAuthenticatorId * - ISession#invalidateAuthenticatorId * 5) ISession#resetLockout * - ISession#resetLockout * * * These messages may be used to notify the framework or user that a non-recoverable error * These messages may be used to notify the framework or user that a non-recoverable error * has occurred. The operation is finished, and the HAL must proceed with the next operation * has occurred. The operation is finished, and the HAL must proceed with the next operation * or return to the idling state. * or return to the idling state. * * * Note that cancellation (see common::ICancellationSignal) and preemption must be followed with * Note that cancellation (see common::ICancellationSignal) must be followed with an * an Error::CANCELED message. * Error::CANCELED message. * * * @param error See the Error enum. * @param error See the Error enum. * @param vendorCode Only valid if error == Error::VENDOR. The vendorCode must be used to index * @param vendorCode Only valid if error == Error::VENDOR. The vendorCode must be used to index Loading Loading
biometrics/face/aidl/android/hardware/biometrics/face/IFace.aidl +12 −10 Original line number Original line Diff line number Diff line Loading @@ -25,28 +25,30 @@ interface IFace { /** /** * getSensorProps: * getSensorProps: * * * @return A list of properties for all face sensors available to the HAL. * @return A list of properties for all of the face sensors supported by the HAL. */ */ SensorProps[] getSensorProps(); SensorProps[] getSensorProps(); /** /** * createSession: * createSession: * * * Creates a session that can be used by the framework to perform operations such as * Creates an instance of ISession that can be used by the framework to perform operations such * enroll, authenticate, etc. for the given sensorId and userId. * as ISession#enroll, ISession#authenticate, etc. for the given sensorId and userId. * * * Calling this method while there is an active session is considered an error. If the * Calling this method while there is an active session is considered an error. If the framework * framework is in a bad state and for some reason cannot close its session, it should use * wants to create a new session when it already has an active session, it must first cancel the * the reset method below. * current operation if it's cancellable or wait until it completes. Then, the framework must * explicitly close the session with ISession#close. Once the framework receives * ISessionCallback#onSessionClosed, a new session can be created. * * * Implementations must store user-specific state or metadata in /data/vendor_de/<user>/facedata * Implementations must store user-specific state or metadata in /data/vendor_de/<user>/facedata * as specified by the SELinux policy. The directory /data/vendor_de is managed by vold (see * as specified by the SELinux policy. The directory /data/vendor_de is managed by vold (see * vold_prepare_subdirs.cpp). Implementations may store additional user-specific data, such as * vold_prepare_subdirs.cpp). Implementations may store additional user-specific data, such as * embeddings or templates in StrongBox. * embeddings or templates, in StrongBox. * * * @param sensorId The sensorId with which this session is being created. * @param sensorId The sensorId for which this session is being created. * @param userId The userId with which this session is being created. * @param userId The userId for which this session is being created. * @param cb A callback to notify the framework about the session's results and events. * @param cb A callback to notify the framework about the session's events. * @return A new session. * @return A new session. */ */ ISession createSession(in int sensorId, in int userId, in ISessionCallback cb); ISession createSession(in int sensorId, in int userId, in ISessionCallback cb); Loading
biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl +122 −70 Original line number Original line Diff line number Diff line Loading @@ -24,7 +24,6 @@ import android.hardware.common.NativeHandle; import android.hardware.keymaster.HardwareAuthToken; import android.hardware.keymaster.HardwareAuthToken; /** /** * Operations that can be performed for unique sessions retrieved via IFace#createSession. * Operations defined within this interface can be divided into the following categories: * Operations defined within this interface can be divided into the following categories: * 1) Cancellable operations. These are usually the operations that can execute for several * 1) Cancellable operations. These are usually the operations that can execute for several * minutes. To allow for cancellation, they return an instance of ICancellationSignal that * minutes. To allow for cancellation, they return an instance of ICancellationSignal that Loading Loading @@ -83,15 +82,20 @@ interface ISession { * | 0 | 10 | <Time4> | <Random4> | * | 0 | 10 | <Time4> | <Random4> | * ---------------------------------------------- * ---------------------------------------------- * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onChallengeGenerated * */ */ void generateChallenge(); void generateChallenge(); /** /** * revokeChallenge: * revokeChallenge: * * * Revokes a challenge that was previously generated. Note that if an invalid combination of * Revokes a challenge that was previously generated. Note that if a non-existent challenge is * parameters is requested, the implementation must still notify the framework using the * provided, the HAL must still notify the framework using ISessionCallback#onChallengeRevoked. * provided callback. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onChallengeRevoked * * * @param challenge Challenge that should be revoked. * @param challenge Challenge that should be revoked. */ */ Loading @@ -100,9 +104,9 @@ interface ISession { /** /** * getEnrollmentConfig: * getEnrollmentConfig: * * * Returns the enrollment configuration depending on the provided enrollment type. Enrollment * Returns the enrollment configuration for the provided enrollment type. Enrollment * configuration determines how many stages the enrollment will have and the requirements for * configuration determines how many stages the enrollment will have and the requirements * each of the stages. * for each of the stages. * * * @param enrollmentType See the EnrollmentType enum. * @param enrollmentType See the EnrollmentType enum. * @return An EnrollmentStageConfig array that describes each enrollment stage. * @return An EnrollmentStageConfig array that describes each enrollment stage. Loading @@ -117,22 +121,28 @@ interface ISession { * At any point during enrollment, if a non-recoverable error occurs, the HAL must notify the * At any point during enrollment, if a non-recoverable error occurs, the HAL must notify the * framework via ISessionCallback#onError with the applicable enrollment-specific error. * framework via ISessionCallback#onError with the applicable enrollment-specific error. * * * Before capturing face data, the implementation must first verify the authenticity and * Before capturing face data, the HAL must first verify the authenticity and integrity of the * integrity of the provided HardwareAuthToken. In addition, it must check that the challenge * provided HardwareAuthToken. In addition, it must check that the challenge within the provided * within the provided HardwareAuthToken is valid. See ISession#generateChallenge. If any of * HardwareAuthToken is valid. See ISession#generateChallenge. If any of the above checks fail, * the above checks fail, the framework must be notified using ISessionCallback#onError with * the framework must be notified using ISessionCallback#onError with Error::UNABLE_TO_PROCESS. * Error::UNABLE_TO_PROCESS. * * * During enrollment, the implementation may notify the framework via * During enrollment, the HAL may notify the framework via ISessionCallback#onAcquired with * ISessionCallback#onAcquired with messages that may be used to guide the user. This callback * messages that may be used to guide the user. This callback can be invoked multiple times if * can be invoked multiple times if necessary. Similarly, the framework may be notified of * necessary. Similarly, the framework may be notified of enrollment progress changes via * enrollment progress changes via ISessionCallback#onEnrollmentProgress. Once the framework is * ISessionCallback#onEnrollmentProgress. Once the framework is notified that there are 0 * notified that there are 0 "remaining" steps, the framework may cache the "enrollmentId". See * "remaining" steps, the framework may cache the "enrollmentId". See * ISessionCallback#onEnrollmentProgress for more info. * ISessionCallback#onEnrollmentProgress for more info. * * * When a face is successfully added and before the framework is notified of remaining=0, the * When a face is successfully added and before the framework is notified of remaining=0, the * implementation MUST update and associate this (sensorId, userId) pair with a new * HAL must update and associate this (sensorId, userId) pair with a new entropy-encoded random * entropy-encoded random identifier. See ISession#getAuthenticatorId for more information. * identifier. See ISession#getAuthenticatorId for more information. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onEnrollmentProgress(enrollmentId, remaining=0) * * Other applicable callbacks: * - ISessionCallback#onAcquired * * * @param hat See above documentation. * @param hat See above documentation. * @param enrollmentType See the EnrollmentType enum. * @param enrollmentType See the EnrollmentType enum. Loading @@ -154,15 +164,18 @@ interface ISession { * At any point during authentication, if a non-recoverable error occurs, the HAL must notify * At any point during authentication, if a non-recoverable error occurs, the HAL must notify * the framework via ISessionCallback#onError with the applicable authentication-specific error. * the framework via ISessionCallback#onError with the applicable authentication-specific error. * * * During authentication, the implementation may notify the framework via * During authentication, the HAL may notify the framework via ISessionCallback#onAcquired with * ISessionCallback#onAcquired with messages that may be used to guide the user. This callback * messages that may be used to guide the user. This callback can be invoked multiple times if * can be invoked multiple times if necessary. * necessary. * * * The HAL must notify the framework of accepts/rejects via ISessionCallback#onAuthentication*. * The HAL must notify the framework of accepts/rejects via * ISessionCallback#onAuthenticationSucceeded and ISessionCallback#onAuthenticationFailed, * correspondingly. * * * The authentication lifecycle ends when either * The authentication lifecycle ends when any of the following happens: * 1) A face is accepted, and ISessionCallback#onAuthenticationSucceeded is invoked, or * 1) A face is accepted, and ISessionCallback#onAuthenticationSucceeded is invoked. * 2) Any non-recoverable error occurs (such as lockout). See the full list of * 2) A face is rejected, and ISessionCallback#onAuthenticationFailed is invoked. * 3) Any non-recoverable error occurs (such as lockout). See the full list of * authentication-specific errors in the Error enum. * authentication-specific errors in the Error enum. * * * Note that upon successful authentication, the lockout counter for this (sensorId, userId) * Note that upon successful authentication, the lockout counter for this (sensorId, userId) Loading @@ -174,16 +187,26 @@ interface ISession { * must be set with the operationId passed in during #authenticate. If the sensor is NOT * must be set with the operationId passed in during #authenticate. If the sensor is NOT * SensorStrength::STRONG, the HardwareAuthToken MUST be null. * SensorStrength::STRONG, the HardwareAuthToken MUST be null. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onAuthenticationSucceeded * - ISessionCallback#onAuthenticationFailed * * Other applicable callbacks: * - ISessionCallback#onAcquired * - ISessionCallback#onLockoutTimed * - ISessionCallback#onLockoutPermanent * * @param operationId For sensors configured as SensorStrength::STRONG, this must be used ONLY * @param operationId For sensors configured as SensorStrength::STRONG, this must be used ONLY * upon successful authentication and wrapped in the HardwareAuthToken's * upon successful authentication and wrapped in the HardwareAuthToken's * "challenge" field and sent to the framework via * "challenge" field and sent to the framework via * ISessionCallback#onAuthenticated. The operationId is an opaque identifier * ISessionCallback#onAuthenticationSucceeded. The operationId is an opaque * created from a separate secure subsystem such as, but not limited to * identifier created from a separate secure subsystem such as, but not * KeyStore/KeyMaster. The HardwareAuthToken can then be used as an * limited to KeyStore/KeyMaster. The HardwareAuthToken can then be used as * attestation for the provided operation. For example, this is used * an attestation for the provided operation. For example, this is used to * to unlock biometric-bound auth-per-use keys (see * unlock biometric-bound auth-per-use keys (see * setUserAuthenticationParameters in KeyGenParameterSpec.Builder and * setUserAuthenticationParameters in KeyGenParameterSpec.Builder and * KeyProtection.Builder. * KeyProtection.Builder). * @return ICancellationSignal An object that can be used by the framework to cancel this * @return ICancellationSignal An object that can be used by the framework to cancel this * operation. * operation. */ */ Loading @@ -193,32 +216,36 @@ interface ISession { * detectInteraction: * detectInteraction: * * * A request to start looking for faces without performing matching. Must only be called if * A request to start looking for faces without performing matching. Must only be called if * SensorProps#supportsDetectInteraction is true. If invoked on implementations that do not * SensorProps#supportsDetectInteraction is true. If invoked on HALs that do not support this * support this functionality, the HAL must respond with ISession#onError(UNABLE_TO_PROCESS, 0). * functionality, the HAL must respond with ISession#onError(UNABLE_TO_PROCESS, 0). * * * The framework will use this method in cases where determing user presence is required, but * The framework will use this operation in cases where determining user presence is required, * identifying/authentication is not. For example, when the device is encrypted (first boot) or * but identifying/authenticating is not. For example, when the device is encrypted (first boot) * in lockdown mode. * or in lockdown mode. * * * At any point during detectInteraction, if a non-recoverable error occurs, the HAL must notify * At any point during detectInteraction, if a non-recoverable error occurs, the HAL must notify * the framework via ISessionCallback#onError with the applicable error. * the framework via ISessionCallback#onError with the applicable error. * * * The implementation must only check for a face-like image was detected (e.g. to * The HAL must only check whether a face-like image was detected (e.g. to minimize interactions * minimize interactions due to non-face objects), and the lockout counter must not * due to non-face objects), and the lockout counter must not be modified. * be modified. * * * Upon detecting any face, the implementation must invoke * Upon detecting any face, the HAL must invoke ISessionCallback#onInteractionDetected. * ISessionCallback#onInteractionDetected. * * * The lifecycle of this operation ends when either * The lifecycle of this operation ends when either: * 1) Any face is detected and the framework is notified via * 1) Any face is detected and the framework is notified via * ISessionCallback#onInteractiondetected * ISessionCallback#onInteractionDetected. * 2) The operation was cancelled by the framework (see ICancellationSignal) * 2) An error occurrs, for example Error::TIMEOUT. * 3) An error occurred, for example ERROR::TIMEOUT * * * Note that if the operation is canceled, the implementation must notify the framework via * Note that if the operation is canceled, the HAL must notify the framework via * ISessionCallback#onError with Error::CANCELED. * ISessionCallback#onError with Error::CANCELED. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onInteractionDetected * * Other applicable callbacks: * - ISessionCallback#onAcquired * * @return ICancellationSignal An object that can be used by the framework to cancel this * @return ICancellationSignal An object that can be used by the framework to cancel this * operation. * operation. */ */ Loading @@ -227,12 +254,14 @@ interface ISession { /* /* * enumerateEnrollments: * enumerateEnrollments: * * * A request to enumerate (list) the enrollments for this (sensorId, userId) pair. The * A request to enumerate (list) the enrollments for this (sensorId, userId) pair. The framework * framework typically uses this to ensure that its cache is in sync with the HAL. * typically uses this to ensure that its cache is in sync with the HAL. * * * The implementation must then notify the framework with a list of enrollments applicable * The HAL must then notify the framework with a list of enrollments applicable for the current * for the current session via ISessionCallback#onEnrollmentsEnumerated. * session via ISessionCallback#onEnrollmentsEnumerated. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onEnrollmentsEnumerated */ */ void enumerateEnrollments(); void enumerateEnrollments(); Loading @@ -242,8 +271,12 @@ interface ISession { * A request to remove the enrollments for this (sensorId, userId) pair. * A request to remove the enrollments for this (sensorId, userId) pair. * * * After removing the enrollmentIds from everywhere necessary (filesystem, secure subsystems, * After removing the enrollmentIds from everywhere necessary (filesystem, secure subsystems, * etc), the implementation must notify the framework via ISessionCallback#onEnrollmentsRemoved. * etc), the HAL must notify the framework via ISessionCallback#onEnrollmentsRemoved. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onEnrollmentsRemoved * * * @param enrollmentIds a list of enrollments that should be removed. */ */ void removeEnrollments(in int[] enrollmentIds); void removeEnrollments(in int[] enrollmentIds); Loading @@ -257,6 +290,10 @@ interface ISession { * * * The HAL must notify the framework about the result by calling * The HAL must notify the framework about the result by calling * ISessionCallback#onFeaturesRetrieved. * ISessionCallback#onFeaturesRetrieved. * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onFeaturesRetrieved */ */ void getFeatures(); void getFeatures(); Loading @@ -264,15 +301,19 @@ interface ISession { * setFeature: * setFeature: * * * Enables or disables a feature for this (sensorId, userId) pair. Because certain features may * Enables or disables a feature for this (sensorId, userId) pair. Because certain features may * decrease security, the user must enter their password before this method is invoked * decrease security, the user must enter their password before this operation is invoked * (see @param hat). The HAL must verify the hat before changing any feature state. * (see @param hat). The HAL must verify the HAT before changing any feature state. * * * If the hat is invalid or if the user is not enrolled, the HAL must invoke * If the HAT is invalid or if the user is not enrolled, the HAL must invoke * ISessionCallback#onError with Error::UNABLE_TO_PROCESS. * ISessionCallback#onError with Error::UNABLE_TO_PROCESS. * * * After the feature is successfully set, the HAL must notify the framework by calling * After the feature is successfully set, the HAL must notify the framework by calling * ISessionCallback#onFeatureSet. * ISessionCallback#onFeatureSet. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onError * - ISessionCallback#onFeatureSet * * @param hat HardwareAuthToken See above documentation. * @param hat HardwareAuthToken See above documentation. * @param feature The feature to be enabled or disabled. * @param feature The feature to be enabled or disabled. * @param enabled Whether the provided features should be enabled or disabled. * @param enabled Whether the provided features should be enabled or disabled. Loading @@ -295,8 +336,8 @@ interface ISession { * KeyProtection.Builder.setInvalidatedByBiometricEnrollment. * KeyProtection.Builder.setInvalidatedByBiometricEnrollment. * * * In addition, upon successful face authentication, the signed HAT that is returned to * In addition, upon successful face authentication, the signed HAT that is returned to * the framework via ISessionCallback#onAuthenticated must contain this identifier in the * the framework via ISessionCallback#onAuthenticationSucceeded must contain this identifier in * authenticatorId field. * the authenticatorId field. * * * Returns an entropy-encoded random identifier associated with the current set of enrollments * Returns an entropy-encoded random identifier associated with the current set of enrollments * via ISessionCallback#onAuthenticatorIdRetrieved. The authenticatorId * via ISessionCallback#onAuthenticatorIdRetrieved. The authenticatorId Loading @@ -305,20 +346,21 @@ interface ISession { * 3) MUST not change if a face is deleted. * 3) MUST not change if a face is deleted. * 4) MUST be an entropy-encoded random number * 4) MUST be an entropy-encoded random number * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onAuthenticatorIdRetrieved */ */ void getAuthenticatorId(); void getAuthenticatorId(); /** /** * invalidateAuthenticatorId: * invalidateAuthenticatorId: * * * This method only applies to sensors that are configured as SensorStrength::STRONG. If invoked * This operation only applies to sensors that are configured as SensorStrength::STRONG. If * by the framework for sensor of other strengths, the HAL should immediately invoke * invoked by the framework for sensors of other strengths, the HAL should immediately invoke * ISessionCallback#onAuthenticatorIdInvalidated. * ISessionCallback#onAuthenticatorIdInvalidated. * * * The following only applies to sensors that are configured as SensorStrength::STRONG. * The following only applies to sensors that are configured as SensorStrength::STRONG. * * * When invoked by the framework, the implementation must perform the following sequence of * When invoked by the framework, the HAL must perform the following sequence of events: * events: * 1) Update the authenticatorId with a new entropy-encoded random number * 1) Update the authenticatorId with a new entropy-encoded random number * 2) Persist the new authenticatorId to non-ephemeral storage * 2) Persist the new authenticatorId to non-ephemeral storage * 3) Notify the framework that the above is completed, via * 3) Notify the framework that the above is completed, via Loading @@ -326,18 +368,20 @@ interface ISession { * * * A practical use case of invalidation would be when the user adds a new enrollment to a sensor * A practical use case of invalidation would be when the user adds a new enrollment to a sensor * managed by a different HAL instance. The public android.security.keystore APIs bind keys to * managed by a different HAL instance. The public android.security.keystore APIs bind keys to * "all biometrics" rather than "face-only" or "face-only" (see #getAuthenticatorId * "all biometrics" rather than "fingerprint-only" or "face-only" (see #getAuthenticatorId for * for more details). As such, the framework would coordinate invalidation across multiple * more details). As such, the framework would coordinate invalidation across multiple biometric * biometric HALs as necessary. * HALs as necessary. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onAuthenticatorIdInvalidated */ */ void invalidateAuthenticatorId(); void invalidateAuthenticatorId(); /** /** * resetLockout: * resetLockout: * * * Requests the implementation to clear the lockout counter. Upon receiving this request, the * Requests the HAL to clear the lockout counter. Upon receiving this request, the HAL must * implementation must perform the following: * perform the following: * 1) Verify the authenticity and integrity of the provided HAT * 1) Verify the authenticity and integrity of the provided HAT * 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the * 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the * order of minutes, not hours). * order of minutes, not hours). Loading Loading @@ -373,6 +417,9 @@ interface ISession { * See the Android CDD section 7.3.10 for the full set of lockout and rate-limiting * See the Android CDD section 7.3.10 for the full set of lockout and rate-limiting * requirements. * requirements. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onLockoutCleared * * @param hat HardwareAuthToken See above documentation. * @param hat HardwareAuthToken See above documentation. */ */ void resetLockout(in HardwareAuthToken hat); void resetLockout(in HardwareAuthToken hat); Loading @@ -384,9 +431,14 @@ interface ISession { * If the HAL is busy performing a cancellable operation, the operation must be explicitly * If the HAL is busy performing a cancellable operation, the operation must be explicitly * cancelled with a call to ICancellationSignal#cancel before the session can be closed. * cancelled with a call to ICancellationSignal#cancel before the session can be closed. * * * After a session is closed, the HAL must notify the framework by calling * ISessionCallback#onSessionClosed. * * All sessions must be explicitly closed. Calling IFace#createSession while there is an active * All sessions must be explicitly closed. Calling IFace#createSession while there is an active * session is considered an error. * session is considered an error. * * * Callbacks that signify the end of this operation's lifecycle: * - ISessionCallback#onSessionClosed */ */ void close(); void close(); } }
biometrics/face/aidl/android/hardware/biometrics/face/ISessionCallback.aidl +13 −13 Original line number Original line Diff line number Diff line Loading @@ -37,11 +37,11 @@ interface ISessionCallback { /** /** * This method must only be used to notify the framework during the following operations: * This method must only be used to notify the framework during the following operations: * 1) ISession#authenticate * - ISession#authenticate * 2) ISession#detectInteraction * - ISession#detectInteraction * * * These messages may be used to provide user guidance multiple times if necessary per * These messages may be used to provide user guidance multiple times per operation if * operation. * necessary. * * * @param frame See the AuthenticationFrame enum. * @param frame See the AuthenticationFrame enum. */ */ Loading @@ -51,8 +51,8 @@ interface ISessionCallback { * This method must only be used to notify the framework during the ISession#enroll * This method must only be used to notify the framework during the ISession#enroll * operation. * operation. * * * These messages may be used to provide user guidance multiple times if necessary per * These messages may be used to provide user guidance multiple times per operation if * operation. * necessary. * * * @param frame See the EnrollmentFrame enum. * @param frame See the EnrollmentFrame enum. */ */ Loading @@ -60,18 +60,18 @@ interface ISessionCallback { /** /** * This method must only be used to notify the framework during the following operations: * This method must only be used to notify the framework during the following operations: * 1) ISession#enroll * - ISession#enroll * 2) ISession#authenticate * - ISession#authenticate * 3) ISession#detectInteraction * - ISession#detectInteraction * 4) ISession#invalidateAuthenticatorId * - ISession#invalidateAuthenticatorId * 5) ISession#resetLockout * - ISession#resetLockout * * * These messages may be used to notify the framework or user that a non-recoverable error * These messages may be used to notify the framework or user that a non-recoverable error * has occurred. The operation is finished, and the HAL must proceed with the next operation * has occurred. The operation is finished, and the HAL must proceed with the next operation * or return to the idling state. * or return to the idling state. * * * Note that cancellation (see common::ICancellationSignal) and preemption must be followed with * Note that cancellation (see common::ICancellationSignal) must be followed with an * an Error::CANCELED message. * Error::CANCELED message. * * * @param error See the Error enum. * @param error See the Error enum. * @param vendorCode Only valid if error == Error::VENDOR. The vendorCode must be used to index * @param vendorCode Only valid if error == Error::VENDOR. The vendorCode must be used to index Loading
