Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4d0df261 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Remove HAT from invalidateAuthenticatorId and correct documentation 

1) Removes HAT param from fingerprint AIDL
2) Update documentation for fingerprint and face AIDL

Fixes: 173432893
Test: m android.hardware.biometrics.face-update-api
Test: m android.hardware.biometrics.fingerprint-service.example

Change-Id: I9c5e219c6f7a59609b6ff9d692f5a931f4bcea24
parent 29368c06

biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl

+3 −10
Original line number Diff line number Diff line
@@ -292,16 +292,9 @@ interface ISession { 
     *

     * When invoked by the framework, the implementation must perform the following sequence of

     * events:

     *   1) Verify the authenticity and integrity of the provided HAT. If this check fails, the HAL

     *      must invoke ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to

     *      SessionState::IDLING if no subsequent work is in the queue.

     *   2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the

     *      order of minutes, not hours). If this check fails, the HAL must invoke

     *      ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to

     *      SessionState::IDLING if no subsequent work is in the queue.

     *   3) Update the authenticatorId with a new entropy-encoded random number

     *   4) Persist the new authenticatorId to non-ephemeral storage

     *   5) Notify the framework that the above is completed, via

     *   1) Update the authenticatorId with a new entropy-encoded random number

     *   2) Persist the new authenticatorId to non-ephemeral storage

     *   3) Notify the framework that the above is completed, via

     *      ISessionCallback#onAuthenticatorInvalidated

     *

     * A practical use case of invalidation would be when the user adds a new enrollment to a sensor

biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl

+1 −1
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ interface ISession { 
  void enumerateEnrollments(in int cookie);

  void removeEnrollments(in int cookie, in int[] enrollmentIds);

  void getAuthenticatorId(in int cookie);

  void invalidateAuthenticatorId(in int cookie, in android.hardware.keymaster.HardwareAuthToken hat);

  void invalidateAuthenticatorId(in int cookie);

  void resetLockout(in int cookie, in android.hardware.keymaster.HardwareAuthToken hat);

  void onPointerDown(in int pointerId, in int x, in int y, in float minor, in float major);

  void onPointerUp(in int pointerId);

biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl

+4 −12
Original line number Diff line number Diff line
@@ -301,16 +301,9 @@ interface ISession { 
     *

     * When invoked by the framework, the implementation must perform the following sequence of

     * events:

     *   1) Verify the authenticity and integrity of the provided HAT. If this check fails, the HAL

     *      must invoke ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to

     *      SessionState::IDLING if no subsequent work is in the queue.

     *   2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the

     *      order of minutes, not hours). If this check fails, the HAL must invoke

     *      ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to

     *      SessionState::IDLING if no subsequent work is in the queue.

     *   3) Update the authenticatorId with a new entropy-encoded random number

     *   4) Persist the new authenticatorId to non-ephemeral storage

     *   5) Notify the framework that the above is completed, via

     *   1) Update the authenticatorId with a new entropy-encoded random number

     *   2) Persist the new authenticatorId to non-ephemeral storage

     *   3) Notify the framework that the above is completed, via

     *      ISessionCallback#onAuthenticatorInvalidated

     *

     * A practical use case of invalidation would be when the user adds a new enrollment to a sensor
@@ -321,9 +314,8 @@ interface ISession { 
     *

     * @param cookie An identifier used to track subsystem operations related to this call path. The

     *               client must guarantee that it is unique per ISession.

     * @param hat HardwareAuthToken that must be validated before proceeding with this operation.

     */

    void invalidateAuthenticatorId(in int cookie, in HardwareAuthToken hat);

    void invalidateAuthenticatorId(in int cookie);



    /**

     * resetLockout:

biometrics/fingerprint/aidl/default/Session.cpp

+1 −2
Original line number Diff line number Diff line
@@ -79,8 +79,7 @@ ndk::ScopedAStatus Session::getAuthenticatorId(int32_t /*cookie*/) { 
    return ndk::ScopedAStatus::ok();

}



ndk::ScopedAStatus Session::invalidateAuthenticatorId(int32_t /*cookie*/,

                                                      const keymaster::HardwareAuthToken& /*hat*/) {

ndk::ScopedAStatus Session::invalidateAuthenticatorId(int32_t /*cookie*/) {

    return ndk::ScopedAStatus::ok();

}

biometrics/fingerprint/aidl/default/Session.h

+1 −2
Original line number Diff line number Diff line
@@ -49,8 +49,7 @@ class Session : public BnSession { 


    ndk::ScopedAStatus getAuthenticatorId(int32_t cookie) override;



    ndk::ScopedAStatus invalidateAuthenticatorId(int32_t cookie,

                                                 const keymaster::HardwareAuthToken& hat) override;

    ndk::ScopedAStatus invalidateAuthenticatorId(int32_t cookie) override;



    ndk::ScopedAStatus resetLockout(int32_t cookie,

                                    const keymaster::HardwareAuthToken& hat) override;