Add enroll_1_1 with preview window id

Bug: 145562442 Test: vts-tradefed run commandAndExit vts-hal -m VtsHalBiometricsFaceV1_0Target Test: vts-tradefed run commandAndExit vts-hal -m VtsHalBiometricsFaceV1_1Target Change-Id: I7839fe162dc31c71cc33ae226a23a2239a2093a1
2020-01-22 18:59:11 -08:00 · 2020-01-22 18:59:11 -08:00 · 7ab5ab85d0
commit 7ab5ab85d0
parent 366cc53714
4 changed files with 91 additions and 2 deletions
--- a/biometrics/face/1.1/IBiometricsFace.hal
+++ b/biometrics/face/1.1/IBiometricsFace.hal
@ -15,6 +15,7 @@
 */

 package android.hardware.biometrics.face@1.1;
+
 import @1.0::IBiometricsFace;
 import @1.0::Status;
 import @1.0::Feature;
@ -77,6 +78,40 @@ interface IBiometricsFace extends @1.0::IBiometricsFace {
     *     enrollment. Note that all features are enabled by default.
     * @return status The status of this method call.
     */
-    enrollRemotely(vec<uint8_t> hat, uint32_t timeoutSec,
-        vec<Feature> disabledFeatures) generates (Status status);
+    enrollRemotely(vec<uint8_t> hat, uint32_t timeoutSec, vec<Feature> disabledFeatures)
+        generates (Status status);
+
+    /**
+     * Enrolls a user's face.
+     *
+     * Note that the Hardware Authentication Token must be valid for the
+     * duration of enrollment and thus should be explicitly invalidated by a
+     * call to revokeChallenge() when enrollment is complete, to reduce the
+     * window of opportunity to re-use the challenge and HAT. For example,
+     * Settings calls generateChallenge() once to allow the user to enroll one
+     * or more faces or toggle secure settings without having to re-enter the
+     * PIN/pattern/password. Once the user completes the operation, Settings
+     * invokes revokeChallenge() to close the transaction. If the HAT is expired,
+     * the implementation must invoke onError with UNABLE_TO_PROCESS.
+     *
+     * This method triggers the IBiometricsFaceClientCallback#onEnrollResult()
+     * method.
+     *
+     * @param hat A valid Hardware Authentication Token, generated as a result
+     *     of a generateChallenge() challenge being wrapped by the gatekeeper
+     *     after a successful strong authentication request.
+     * @param timeoutSec A timeout in seconds, after which this enroll
+     *     attempt is cancelled. Note that the framework can continue
+     *     enrollment by calling this again with a valid HAT. This timeout is
+     *     expected to be used to limit power usage if the device becomes idle
+     *     during enrollment. The implementation is expected to send
+     *     ERROR_TIMEOUT if this happens.
+     * @param disabledFeatures A list of features to be disabled during
+     *     enrollment. Note that all features are enabled by default.
+     * @param windowId optional ID of a camera preview window for a
+     *     single-camera device. Must be null if not used.
+     * @return status The status of this method call.
+     */
+    enroll_1_1(vec<uint8_t> hat, uint32_t timeoutSec, vec<Feature> disabledFeatures,
+        handle windowId) generates (Status status);
 };
--- a/biometrics/face/1.1/default/BiometricsFace.cpp
+++ b/biometrics/face/1.1/default/BiometricsFace.cpp
@ -111,6 +111,14 @@ Return<Status> BiometricsFace::resetLockout(const hidl_vec<uint8_t>& /* hat */)
 }

 // Methods from ::android::hardware::biometrics::face::V1_1::IBiometricsFace follow.
+Return<Status> BiometricsFace::enroll_1_1(const hidl_vec<uint8_t>& /* hat */,
+                                          uint32_t /* timeoutSec */,
+                                          const hidl_vec<Feature>& /* disabledFeatures */,
+                                          const hidl_handle& /* windowId */) {
+    mClientCallback->onError(kDeviceId, mUserId, FaceError::UNABLE_TO_PROCESS, 0 /* vendorCode */);
+    return Status::OK;
+}
+
 Return<Status> BiometricsFace::enrollRemotely(const hidl_vec<uint8_t>& /* hat */,
                                              uint32_t /* timeoutSec */,
                                              const hidl_vec<Feature>& /* disabledFeatures */) {
--- a/biometrics/face/1.1/default/BiometricsFace.h
+++ b/biometrics/face/1.1/default/BiometricsFace.h
@ -72,6 +72,10 @@ class BiometricsFace : public V1_1::IBiometricsFace {
    Return<Status> resetLockout(const hidl_vec<uint8_t>& hat) override;

    // Methods from ::android::hardware::biometrics::face::V1_1::IBiometricsFace follow.
+    Return<Status> enroll_1_1(const hidl_vec<uint8_t>& hat, uint32_t timeoutSec,
+                              const hidl_vec<Feature>& disabledFeatures,
+                              const hidl_handle& windowId) override;
+
    Return<Status> enrollRemotely(const hidl_vec<uint8_t>& hat, uint32_t timeoutSec,
                                  const hidl_vec<Feature>& disabledFeatures) override;

--- a/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp
+++ b/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp
@ -30,6 +30,7 @@
 #include <random>

 using android::sp;
+using android::hardware::hidl_handle;
 using android::hardware::hidl_vec;
 using android::hardware::Return;
 using android::hardware::Void;
@ -116,6 +117,47 @@ class FaceHidlTest : public ::testing::TestWithParam<std::string> {
    sp<FaceCallback> mCallback;
 };

+// enroll with an invalid (all zeroes) HAT should fail.
+TEST_P(FaceHidlTest, Enroll2_2ZeroHatTest) {
+    // Filling HAT with zeros
+    hidl_vec<uint8_t> token(69);
+    for (size_t i = 0; i < 69; i++) {
+        token[i] = 0;
+    }
+
+    hidl_handle windowId = nullptr;
+    Return<Status> ret = mService->enroll_1_1(token, kTimeoutSec, {}, windowId);
+    ASSERT_EQ(Status::OK, static_cast<Status>(ret));
+
+    // onError should be called with a meaningful (nonzero) error.
+    auto res = mCallback->WaitForCallback(kCallbackNameOnError);
+    EXPECT_TRUE(res.no_timeout);
+    EXPECT_EQ(kUserId, res.args->userId);
+    EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error);
+}
+
+// enroll with an invalid HAT should fail.
+TEST_P(FaceHidlTest, Enroll2_2GarbageHatTest) {
+    // Filling HAT with pseudorandom invalid data.
+    // Using default seed to make the test reproducible.
+    std::mt19937 gen(std::mt19937::default_seed);
+    std::uniform_int_distribution<uint8_t> dist;
+    hidl_vec<uint8_t> token(69);
+    for (size_t i = 0; i < 69; ++i) {
+        token[i] = dist(gen);
+    }
+
+    hidl_handle windowId = nullptr;
+    Return<Status> ret = mService->enroll_1_1(token, kTimeoutSec, {}, windowId);
+    ASSERT_EQ(Status::OK, static_cast<Status>(ret));
+
+    // onError should be called with a meaningful (nonzero) error.
+    auto res = mCallback->WaitForCallback(kCallbackNameOnError);
+    EXPECT_TRUE(res.no_timeout);
+    EXPECT_EQ(kUserId, res.args->userId);
+    EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error);
+}
+
 // enroll with an invalid (all zeroes) HAT should fail.
 TEST_P(FaceHidlTest, EnrollRemotelyZeroHatTest) {
    // Filling HAT with zeros