Define biometrics.face@1.1 with remote enrollment

Bug: 145027036
Test: hidl-gen -L check android.hardware.biometrics.face@1.1

Change-Id: I3b5cc1e7852509012aab7fea078b12b76bd83abb
This commit is contained in:
Ilya Matyukhin 2019-12-25 15:59:49 -08:00
parent 9e397467a3
commit ec0b6e26ea
2 changed files with 99 additions and 0 deletions

View file

@ -0,0 +1,17 @@
// This file is autogenerated by hidl-gen -Landroidbp.
hidl_interface {
name: "android.hardware.biometrics.face@1.1",
root: "android.hardware",
vndk: {
enabled: true,
},
srcs: [
"IBiometricsFace.hal",
],
interfaces: [
"android.hardware.biometrics.face@1.0",
"android.hidl.base@1.0",
],
gen_java: true,
}

View file

@ -0,0 +1,82 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.biometrics.face@1.1;
import @1.0::IBiometricsFace;
import @1.0::Status;
import @1.0::Feature;
/**
* The HAL interface for biometric face authentication.
*/
interface IBiometricsFace extends @1.0::IBiometricsFace {
/**
* Enrolls a user's face for a remote client, for example Android Auto.
*
* The HAL implementation is responsible for creating a secure communication
* channel and receiving the enrollment images from a mobile device with
* face authentication hardware.
*
* Note that the Hardware Authentication Token must be valid for the
* duration of enrollment and thus should be explicitly invalidated by a
* call to revokeChallenge() when enrollment is complete, to reduce the
* window of opportunity to re-use the challenge and HAT. For example,
* Settings calls generateChallenge() once to allow the user to enroll one
* or more faces or toggle secure settings without having to re-enter the
* PIN/pattern/password. Once the user completes the operation, Settings
* invokes revokeChallenge() to close the transaction. If the HAT is expired,
* the implementation must invoke onError with UNABLE_TO_PROCESS.
*
* Requirements for using this API:
* - Mobile devices MUST NOT delegate enrollment to another device by calling
* this API. This feature is intended only to allow enrollment on devices
* where it is impossible to enroll locally on the device.
* - The path MUST be protected by a secret key with rollback protection.
* - Synchronizing between devices MUST be accomplished by having both
* devices agree on a secret PIN entered by the user (similar to BT
* pairing procedure) and use a salted version of that PIN plus other secret
* to encrypt traffic.
* - All communication to/from the remote device MUST be encrypted and signed
* to prevent image injection and other man-in-the-middle type attacks.
* - generateChallenge() and revokeChallenge() MUST be implemented on both
* remote and local host (e.g. hash the result of the remote host with a
* local secret before responding to the API call) and any transmission of
* the challenge between hosts MUST be signed to prevent man-in-the-middle
* attacks.
* - In the event of a lost connection, the result of the last
* generateChallenge() MUST be invalidated and the process started over.
* - Both the remote and local host MUST honor the timeout and invalidate the
* challenge.
*
* This method triggers the IBiometricsFaceClientCallback#onEnrollResult()
* method.
*
* @param hat A valid Hardware Authentication Token, generated as a result
* of a generateChallenge() challenge being wrapped by the gatekeeper
* after a successful strong authentication request.
* @param timeoutSec A timeout in seconds, after which this enroll
* attempt is cancelled. Note that the framework can continue
* enrollment by calling this again with a valid HAT. This timeout is
* expected to be used to limit power usage if the device becomes idle
* during enrollment. The implementation is expected to send
* ERROR_TIMEOUT if this happens.
* @param disabledFeatures A list of features to be disabled during
* enrollment. Note that all features are enabled by default.
* @return status The status of this method call.
*/
enrollRemotely(vec<uint8_t> hat, uint32_t timeoutSec,
vec<Feature> disabledFeatures) generates (Status status);
};