Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6d062fd authored by Joshua Mccloskey's avatar Joshua Mccloskey
Browse files

Revert "Revert "Revert "Define biometrics.face@1.1 with remote e..." 

Revert^2 "Temporarily remove support for biometrics.face@1.1"

cccbd64ff74ee45a48eaf6a68e97349fb9542c92

Change-Id: I981f607b48a44459363f5edbd075f1fcfcf0a10f
parent a2e77cf3

biometrics/face/1.1/Android.bp

deleted100644 → 0
+0 −14
Original line number Diff line number Diff line 
// This file is autogenerated by hidl-gen -Landroidbp.



hidl_interface {

    name: "android.hardware.biometrics.face@1.1",

    root: "android.hardware",

    srcs: [

        "IBiometricsFace.hal",

    ],

    interfaces: [

        "android.hardware.biometrics.face@1.0",

        "android.hidl.base@1.0",

    ],

    gen_java: true,

}

biometrics/face/1.1/IBiometricsFace.hal

deleted100644 → 0
+0 −82
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.hardware.biometrics.face@1.1;

import @1.0::IBiometricsFace;

import @1.0::Status;

import @1.0::Feature;



/**

 * The HAL interface for biometric face authentication.

 */

interface IBiometricsFace extends @1.0::IBiometricsFace {

    /**

     * Enrolls a user's face for a remote client, for example Android Auto.

     *

     * The HAL implementation is responsible for creating a secure communication

     * channel and receiving the enrollment images from a mobile device with

     * face authentication hardware.

     *

     * Note that the Hardware Authentication Token must be valid for the

     * duration of enrollment and thus should be explicitly invalidated by a

     * call to revokeChallenge() when enrollment is complete, to reduce the

     * window of opportunity to re-use the challenge and HAT. For example,

     * Settings calls generateChallenge() once to allow the user to enroll one

     * or more faces or toggle secure settings without having to re-enter the

     * PIN/pattern/password. Once the user completes the operation, Settings

     * invokes revokeChallenge() to close the transaction. If the HAT is expired,

     * the implementation must invoke onError with UNABLE_TO_PROCESS.

     *

     * Requirements for using this API:

     * - Mobile devices MUST NOT delegate enrollment to another device by calling

     * this API. This feature is intended only to allow enrollment on devices

     * where it is impossible to enroll locally on the device.

     * - The path MUST be protected by a secret key with rollback protection.

     * - Synchronizing between devices MUST be accomplished by having both

     * devices agree on a secret PIN entered by the user (similar to BT

     * pairing procedure) and use a salted version of that PIN plus other secret

     * to encrypt traffic.

     * - All communication to/from the remote device MUST be encrypted and signed

     * to prevent image injection and other man-in-the-middle type attacks.

     * - generateChallenge() and revokeChallenge() MUST be implemented on both

     * remote and local host (e.g. hash the result of the remote host with a

     * local secret before responding to the API call) and any transmission of

     * the challenge between hosts MUST be signed to prevent man-in-the-middle

     * attacks.

     * - In the event of a lost connection, the result of the last

     * generateChallenge() MUST be invalidated and the process started over.

     * - Both the remote and local host MUST honor the timeout and invalidate the

     * challenge.

     *

     * This method triggers the IBiometricsFaceClientCallback#onEnrollResult()

     * method.

     *

     * @param hat A valid Hardware Authentication Token, generated as a result

     *     of a generateChallenge() challenge being wrapped by the gatekeeper

     *     after a successful strong authentication request.

     * @param timeoutSec A timeout in seconds, after which this enroll

     *     attempt is cancelled. Note that the framework can continue

     *     enrollment by calling this again with a valid HAT. This timeout is

     *     expected to be used to limit power usage if the device becomes idle

     *     during enrollment. The implementation is expected to send

     *     ERROR_TIMEOUT if this happens.

     * @param disabledFeatures A list of features to be disabled during

     *     enrollment. Note that all features are enabled by default.

     * @return status The status of this method call.

     */

    enrollRemotely(vec<uint8_t> hat, uint32_t timeoutSec,

        vec<Feature> disabledFeatures) generates (Status status);

};