Revert "Revert "Add enroll_1_1 with preview window id""
This reverts commit 921df7abd29ad086a684b2820a0fa7c21bf19280.
Change-Id: I13a54a8288e122f7c02f2b23d6aaf21dfd782282
diff --git a/biometrics/face/1.1/IBiometricsFace.hal b/biometrics/face/1.1/IBiometricsFace.hal
index 975001f..84e7443 100644
--- a/biometrics/face/1.1/IBiometricsFace.hal
+++ b/biometrics/face/1.1/IBiometricsFace.hal
@@ -15,6 +15,7 @@
*/
package android.hardware.biometrics.face@1.1;
+
import @1.0::IBiometricsFace;
import @1.0::Status;
import @1.0::Feature;
@@ -77,6 +78,40 @@
* enrollment. Note that all features are enabled by default.
* @return status The status of this method call.
*/
- enrollRemotely(vec<uint8_t> hat, uint32_t timeoutSec,
- vec<Feature> disabledFeatures) generates (Status status);
+ enrollRemotely(vec<uint8_t> hat, uint32_t timeoutSec, vec<Feature> disabledFeatures)
+ generates (Status status);
+
+ /**
+ * Enrolls a user's face.
+ *
+ * Note that the Hardware Authentication Token must be valid for the
+ * duration of enrollment and thus should be explicitly invalidated by a
+ * call to revokeChallenge() when enrollment is complete, to reduce the
+ * window of opportunity to re-use the challenge and HAT. For example,
+ * Settings calls generateChallenge() once to allow the user to enroll one
+ * or more faces or toggle secure settings without having to re-enter the
+ * PIN/pattern/password. Once the user completes the operation, Settings
+ * invokes revokeChallenge() to close the transaction. If the HAT is expired,
+ * the implementation must invoke onError with UNABLE_TO_PROCESS.
+ *
+ * This method triggers the IBiometricsFaceClientCallback#onEnrollResult()
+ * method.
+ *
+ * @param hat A valid Hardware Authentication Token, generated as a result
+ * of a generateChallenge() challenge being wrapped by the gatekeeper
+ * after a successful strong authentication request.
+ * @param timeoutSec A timeout in seconds, after which this enroll
+ * attempt is cancelled. Note that the framework can continue
+ * enrollment by calling this again with a valid HAT. This timeout is
+ * expected to be used to limit power usage if the device becomes idle
+ * during enrollment. The implementation is expected to send
+ * ERROR_TIMEOUT if this happens.
+ * @param disabledFeatures A list of features to be disabled during
+ * enrollment. Note that all features are enabled by default.
+ * @param windowId optional ID of a camera preview window for a
+ * single-camera device. Must be null if not used.
+ * @return status The status of this method call.
+ */
+ enroll_1_1(vec<uint8_t> hat, uint32_t timeoutSec, vec<Feature> disabledFeatures,
+ handle windowId) generates (Status status);
};
diff --git a/biometrics/face/1.1/default/BiometricsFace.cpp b/biometrics/face/1.1/default/BiometricsFace.cpp
index 7bda57f..2143880 100644
--- a/biometrics/face/1.1/default/BiometricsFace.cpp
+++ b/biometrics/face/1.1/default/BiometricsFace.cpp
@@ -111,6 +111,14 @@
}
// Methods from ::android::hardware::biometrics::face::V1_1::IBiometricsFace follow.
+Return<Status> BiometricsFace::enroll_1_1(const hidl_vec<uint8_t>& /* hat */,
+ uint32_t /* timeoutSec */,
+ const hidl_vec<Feature>& /* disabledFeatures */,
+ const hidl_handle& /* windowId */) {
+ mClientCallback->onError(kDeviceId, mUserId, FaceError::UNABLE_TO_PROCESS, 0 /* vendorCode */);
+ return Status::OK;
+}
+
Return<Status> BiometricsFace::enrollRemotely(const hidl_vec<uint8_t>& /* hat */,
uint32_t /* timeoutSec */,
const hidl_vec<Feature>& /* disabledFeatures */) {
diff --git a/biometrics/face/1.1/default/BiometricsFace.h b/biometrics/face/1.1/default/BiometricsFace.h
index 5620b45..5ce5771 100644
--- a/biometrics/face/1.1/default/BiometricsFace.h
+++ b/biometrics/face/1.1/default/BiometricsFace.h
@@ -72,6 +72,10 @@
Return<Status> resetLockout(const hidl_vec<uint8_t>& hat) override;
// Methods from ::android::hardware::biometrics::face::V1_1::IBiometricsFace follow.
+ Return<Status> enroll_1_1(const hidl_vec<uint8_t>& hat, uint32_t timeoutSec,
+ const hidl_vec<Feature>& disabledFeatures,
+ const hidl_handle& windowId) override;
+
Return<Status> enrollRemotely(const hidl_vec<uint8_t>& hat, uint32_t timeoutSec,
const hidl_vec<Feature>& disabledFeatures) override;
diff --git a/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp b/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp
index c2431c6..a105d8f 100644
--- a/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp
+++ b/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp
@@ -30,6 +30,7 @@
#include <random>
using android::sp;
+using android::hardware::hidl_handle;
using android::hardware::hidl_vec;
using android::hardware::Return;
using android::hardware::Void;
@@ -117,6 +118,47 @@
};
// enroll with an invalid (all zeroes) HAT should fail.
+TEST_P(FaceHidlTest, Enroll1_1ZeroHatTest) {
+ // Filling HAT with zeros
+ hidl_vec<uint8_t> token(69);
+ for (size_t i = 0; i < 69; i++) {
+ token[i] = 0;
+ }
+
+ hidl_handle windowId = nullptr;
+ Return<Status> ret = mService->enroll_1_1(token, kTimeoutSec, {}, windowId);
+ ASSERT_EQ(Status::OK, static_cast<Status>(ret));
+
+ // onError should be called with a meaningful (nonzero) error.
+ auto res = mCallback->WaitForCallback(kCallbackNameOnError);
+ EXPECT_TRUE(res.no_timeout);
+ EXPECT_EQ(kUserId, res.args->userId);
+ EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error);
+}
+
+// enroll with an invalid HAT should fail.
+TEST_P(FaceHidlTest, Enroll1_1GarbageHatTest) {
+ // Filling HAT with pseudorandom invalid data.
+ // Using default seed to make the test reproducible.
+ std::mt19937 gen(std::mt19937::default_seed);
+ std::uniform_int_distribution<uint8_t> dist;
+ hidl_vec<uint8_t> token(69);
+ for (size_t i = 0; i < 69; ++i) {
+ token[i] = dist(gen);
+ }
+
+ hidl_handle windowId = nullptr;
+ Return<Status> ret = mService->enroll_1_1(token, kTimeoutSec, {}, windowId);
+ ASSERT_EQ(Status::OK, static_cast<Status>(ret));
+
+ // onError should be called with a meaningful (nonzero) error.
+ auto res = mCallback->WaitForCallback(kCallbackNameOnError);
+ EXPECT_TRUE(res.no_timeout);
+ EXPECT_EQ(kUserId, res.args->userId);
+ EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error);
+}
+
+// enroll with an invalid (all zeroes) HAT should fail.
TEST_P(FaceHidlTest, EnrollRemotelyZeroHatTest) {
// Filling HAT with zeros
hidl_vec<uint8_t> token(69);