1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.hardware.face; 17 18 import android.hardware.biometrics.IBiometricSensorReceiver; 19 import android.hardware.biometrics.IBiometricServiceLockoutResetCallback; 20 import android.hardware.biometrics.IBiometricStateListener; 21 import android.hardware.biometrics.IInvalidationCallback; 22 import android.hardware.biometrics.ITestSession; 23 import android.hardware.biometrics.ITestSessionCallback; 24 import android.hardware.face.IFaceAuthenticatorsRegisteredCallback; 25 import android.hardware.face.IFaceServiceReceiver; 26 import android.hardware.face.Face; 27 import android.hardware.face.FaceAuthenticateOptions; 28 import android.hardware.face.FaceSensorPropertiesInternal; 29 import android.view.Surface; 30 31 /** 32 * Communication channel from client to the face service. These methods are all require the 33 * MANAGE_BIOMETRIC signature permission. 34 * @hide 35 */ 36 interface IFaceService { 37 38 // Creates a test session with the specified sensorId 39 @EnforcePermission("USE_BIOMETRIC_INTERNAL") createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName)40 ITestSession createTestSession(int sensorId, ITestSessionCallback callback, String opPackageName); 41 42 // Requests a proto dump of the specified sensor 43 @EnforcePermission("USE_BIOMETRIC_INTERNAL") dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer)44 byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer); 45 46 // Retrieve static sensor properties for all face sensors 47 @EnforcePermission("USE_BIOMETRIC_INTERNAL") getSensorPropertiesInternal(String opPackageName)48 List<FaceSensorPropertiesInternal> getSensorPropertiesInternal(String opPackageName); 49 50 // Retrieve static sensor properties for the specified sensor 51 @EnforcePermission("USE_BIOMETRIC_INTERNAL") getSensorProperties(int sensorId, String opPackageName)52 FaceSensorPropertiesInternal getSensorProperties(int sensorId, String opPackageName); 53 54 // Authenticate with a face. A requestId is returned that can be used to cancel this operation. 55 @EnforcePermission("USE_BIOMETRIC_INTERNAL") authenticate(IBinder token, long operationId, IFaceServiceReceiver receiver, in FaceAuthenticateOptions options)56 long authenticate(IBinder token, long operationId, IFaceServiceReceiver receiver, 57 in FaceAuthenticateOptions options); 58 59 // Uses the face hardware to detect for the presence of a face, without giving details 60 // about accept/reject/lockout. A requestId is returned that can be used to cancel this 61 // operation. 62 @EnforcePermission("USE_BIOMETRIC_INTERNAL") detectFace(IBinder token, IFaceServiceReceiver receiver, in FaceAuthenticateOptions options)63 long detectFace(IBinder token, IFaceServiceReceiver receiver, in FaceAuthenticateOptions options); 64 65 // This method prepares the service to start authenticating, but doesn't start authentication. 66 // This is protected by the MANAGE_BIOMETRIC signatuer permission. This method should only be 67 // called from BiometricService. The additional uid, pid, userId arguments should be determined 68 // by BiometricService. To start authentication after the clients are ready, use 69 // startPreparedClient(). 70 @EnforcePermission("USE_BIOMETRIC_INTERNAL") prepareForAuthentication(boolean requireConfirmation, IBinder token, long operationId, IBiometricSensorReceiver sensorReceiver, in FaceAuthenticateOptions options, long requestId, int cookie, boolean allowBackgroundAuthentication)71 void prepareForAuthentication(boolean requireConfirmation, IBinder token, 72 long operationId, IBiometricSensorReceiver sensorReceiver, 73 in FaceAuthenticateOptions options, long requestId, int cookie, 74 boolean allowBackgroundAuthentication); 75 76 // Starts authentication with the previously prepared client. 77 @EnforcePermission("USE_BIOMETRIC_INTERNAL") startPreparedClient(int sensorId, int cookie)78 void startPreparedClient(int sensorId, int cookie); 79 80 // Cancel authentication for the given requestId. 81 @EnforcePermission("USE_BIOMETRIC_INTERNAL") cancelAuthentication(IBinder token, String opPackageName, long requestId)82 void cancelAuthentication(IBinder token, String opPackageName, long requestId); 83 84 // Cancel face detection for the given requestId. 85 @EnforcePermission("USE_BIOMETRIC_INTERNAL") cancelFaceDetect(IBinder token, String opPackageName, long requestId)86 void cancelFaceDetect(IBinder token, String opPackageName, long requestId); 87 88 // Same as above, with extra arguments. 89 @EnforcePermission("USE_BIOMETRIC_INTERNAL") cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName, long requestId)90 void cancelAuthenticationFromService(int sensorId, IBinder token, String opPackageName, long requestId); 91 92 // Start face enrollment 93 @EnforcePermission("MANAGE_BIOMETRIC") enroll(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName, in int [] disabledFeatures, in Surface previewSurface, boolean debugConsent)94 long enroll(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, 95 String opPackageName, in int [] disabledFeatures, 96 in Surface previewSurface, boolean debugConsent); 97 98 // Start remote face enrollment 99 @EnforcePermission("MANAGE_BIOMETRIC") enrollRemotely(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName, in int [] disabledFeatures)100 long enrollRemotely(int userId, IBinder token, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, 101 String opPackageName, in int [] disabledFeatures); 102 103 // Cancel enrollment in progress 104 @EnforcePermission("MANAGE_BIOMETRIC") cancelEnrollment(IBinder token, long requestId)105 void cancelEnrollment(IBinder token, long requestId); 106 107 // Removes the specified face enrollment for the specified userId. 108 @EnforcePermission("USE_BIOMETRIC_INTERNAL") remove(IBinder token, int faceId, int userId, IFaceServiceReceiver receiver, String opPackageName)109 void remove(IBinder token, int faceId, int userId, IFaceServiceReceiver receiver, 110 String opPackageName); 111 112 // Removes all face enrollments for the specified userId. 113 @EnforcePermission("USE_BIOMETRIC_INTERNAL") removeAll(IBinder token, int userId, IFaceServiceReceiver receiver, String opPackageName)114 void removeAll(IBinder token, int userId, IFaceServiceReceiver receiver, String opPackageName); 115 116 // Get the enrolled face for user. 117 @EnforcePermission("USE_BIOMETRIC_INTERNAL") getEnrolledFaces(int sensorId, int userId, String opPackageName)118 List<Face> getEnrolledFaces(int sensorId, int userId, String opPackageName); 119 120 // Determine if HAL is loaded and ready 121 @EnforcePermission("USE_BIOMETRIC_INTERNAL") isHardwareDetected(int sensorId, String opPackageName)122 boolean isHardwareDetected(int sensorId, String opPackageName); 123 124 // Get a pre-enrollment authentication token 125 @EnforcePermission("MANAGE_BIOMETRIC") generateChallenge(IBinder token, int sensorId, int userId, IFaceServiceReceiver receiver, String opPackageName)126 void generateChallenge(IBinder token, int sensorId, int userId, IFaceServiceReceiver receiver, String opPackageName); 127 128 // Finish an enrollment sequence and invalidate the authentication token 129 @EnforcePermission("MANAGE_BIOMETRIC") revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge)130 void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); 131 132 // Determine if a user has at least one enrolled face 133 @EnforcePermission("USE_BIOMETRIC_INTERNAL") hasEnrolledFaces(int sensorId, int userId, String opPackageName)134 boolean hasEnrolledFaces(int sensorId, int userId, String opPackageName); 135 136 // Return the LockoutTracker status for the specified user 137 @EnforcePermission("USE_BIOMETRIC_INTERNAL") getLockoutModeForUser(int sensorId, int userId)138 int getLockoutModeForUser(int sensorId, int userId); 139 140 // Requests for the specified sensor+userId's authenticatorId to be invalidated 141 @EnforcePermission("USE_BIOMETRIC_INTERNAL") invalidateAuthenticatorId(int sensorId, int userId, IInvalidationCallback callback)142 void invalidateAuthenticatorId(int sensorId, int userId, IInvalidationCallback callback); 143 144 // Gets the authenticator ID for face 145 @EnforcePermission("USE_BIOMETRIC_INTERNAL") getAuthenticatorId(int sensorId, int callingUserId)146 long getAuthenticatorId(int sensorId, int callingUserId); 147 148 // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password) 149 @EnforcePermission("USE_BIOMETRIC_INTERNAL") resetLockout(IBinder token, int sensorId, int userId, in byte [] hardwareAuthToken, String opPackageName)150 void resetLockout(IBinder token, int sensorId, int userId, in byte [] hardwareAuthToken, String opPackageName); 151 152 // Add a callback which gets notified when the face lockout period expired. 153 @EnforcePermission("USE_BIOMETRIC_INTERNAL") addLockoutResetCallback(IBiometricServiceLockoutResetCallback callback, String opPackageName)154 void addLockoutResetCallback(IBiometricServiceLockoutResetCallback callback, String opPackageName); 155 156 @EnforcePermission("USE_BIOMETRIC_INTERNAL") setFeature(IBinder token, int userId, int feature, boolean enabled, in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName)157 void setFeature(IBinder token, int userId, int feature, boolean enabled, 158 in byte [] hardwareAuthToken, IFaceServiceReceiver receiver, String opPackageName); 159 160 @EnforcePermission("MANAGE_BIOMETRIC") getFeature(IBinder token, int userId, int feature, IFaceServiceReceiver receiver, String opPackageName)161 void getFeature(IBinder token, int userId, int feature, IFaceServiceReceiver receiver, 162 String opPackageName); 163 164 // Registers all HIDL and AIDL sensors. Only HIDL sensor properties need to be provided, because 165 // AIDL sensor properties are retrieved directly from the available HALs. If no HIDL HALs exist, 166 // hidlSensors must be non-null and empty. See AuthService.java 167 @EnforcePermission("USE_BIOMETRIC_INTERNAL") registerAuthenticators(in List<FaceSensorPropertiesInternal> hidlSensors)168 void registerAuthenticators(in List<FaceSensorPropertiesInternal> hidlSensors); 169 170 // Adds a callback which gets called when the service registers all of the face 171 // authenticators. The callback is automatically removed after it's invoked. addAuthenticatorsRegisteredCallback(IFaceAuthenticatorsRegisteredCallback callback)172 void addAuthenticatorsRegisteredCallback(IFaceAuthenticatorsRegisteredCallback callback); 173 174 // Registers BiometricStateListener. registerBiometricStateListener(IBiometricStateListener listener)175 void registerBiometricStateListener(IBiometricStateListener listener); 176 177 // Internal operation used to clear face biometric scheduler. 178 // Ensures that the scheduler is not stuck. 179 @EnforcePermission("USE_BIOMETRIC_INTERNAL") scheduleWatchdog()180 oneway void scheduleWatchdog(); 181 } 182