Remove HAT from invalidateAuthenticatorId and correct documentation
1) Removes HAT param from fingerprint AIDL
2) Update documentation for fingerprint and face AIDL
Fixes: 173432893
Test: m android.hardware.biometrics.face-update-api
Test: m android.hardware.biometrics.fingerprint-service.example
Change-Id: I9c5e219c6f7a59609b6ff9d692f5a931f4bcea24
diff --git a/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl b/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
index c7beae0..425b352 100644
--- a/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
+++ b/biometrics/face/aidl/android/hardware/biometrics/face/ISession.aidl
@@ -292,16 +292,9 @@
*
* When invoked by the framework, the implementation must perform the following sequence of
* events:
- * 1) Verify the authenticity and integrity of the provided HAT. If this check fails, the HAL
- * must invoke ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to
- * SessionState::IDLING if no subsequent work is in the queue.
- * 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the
- * order of minutes, not hours). If this check fails, the HAL must invoke
- * ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to
- * SessionState::IDLING if no subsequent work is in the queue.
- * 3) Update the authenticatorId with a new entropy-encoded random number
- * 4) Persist the new authenticatorId to non-ephemeral storage
- * 5) Notify the framework that the above is completed, via
+ * 1) Update the authenticatorId with a new entropy-encoded random number
+ * 2) Persist the new authenticatorId to non-ephemeral storage
+ * 3) Notify the framework that the above is completed, via
* ISessionCallback#onAuthenticatorInvalidated
*
* A practical use case of invalidation would be when the user adds a new enrollment to a sensor
diff --git a/biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl b/biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl
index 00a08ba..4df7981 100644
--- a/biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl
+++ b/biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl
@@ -26,7 +26,7 @@
void enumerateEnrollments(in int cookie);
void removeEnrollments(in int cookie, in int[] enrollmentIds);
void getAuthenticatorId(in int cookie);
- void invalidateAuthenticatorId(in int cookie, in android.hardware.keymaster.HardwareAuthToken hat);
+ void invalidateAuthenticatorId(in int cookie);
void resetLockout(in int cookie, in android.hardware.keymaster.HardwareAuthToken hat);
void onPointerDown(in int pointerId, in int x, in int y, in float minor, in float major);
void onPointerUp(in int pointerId);
diff --git a/biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl b/biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl
index da767be..09bd04d 100644
--- a/biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl
+++ b/biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl
@@ -301,16 +301,9 @@
*
* When invoked by the framework, the implementation must perform the following sequence of
* events:
- * 1) Verify the authenticity and integrity of the provided HAT. If this check fails, the HAL
- * must invoke ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to
- * SessionState::IDLING if no subsequent work is in the queue.
- * 2) Verify that the timestamp provided within the HAT is relatively recent (e.g. on the
- * order of minutes, not hours). If this check fails, the HAL must invoke
- * ISessionCallback#onError with Error::UNABLE_TO_PROCESS and return to
- * SessionState::IDLING if no subsequent work is in the queue.
- * 3) Update the authenticatorId with a new entropy-encoded random number
- * 4) Persist the new authenticatorId to non-ephemeral storage
- * 5) Notify the framework that the above is completed, via
+ * 1) Update the authenticatorId with a new entropy-encoded random number
+ * 2) Persist the new authenticatorId to non-ephemeral storage
+ * 3) Notify the framework that the above is completed, via
* ISessionCallback#onAuthenticatorInvalidated
*
* A practical use case of invalidation would be when the user adds a new enrollment to a sensor
@@ -321,9 +314,8 @@
*
* @param cookie An identifier used to track subsystem operations related to this call path. The
* client must guarantee that it is unique per ISession.
- * @param hat HardwareAuthToken that must be validated before proceeding with this operation.
*/
- void invalidateAuthenticatorId(in int cookie, in HardwareAuthToken hat);
+ void invalidateAuthenticatorId(in int cookie);
/**
* resetLockout:
diff --git a/biometrics/fingerprint/aidl/default/Session.cpp b/biometrics/fingerprint/aidl/default/Session.cpp
index 96f1e56..bf08203 100644
--- a/biometrics/fingerprint/aidl/default/Session.cpp
+++ b/biometrics/fingerprint/aidl/default/Session.cpp
@@ -79,8 +79,7 @@
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus Session::invalidateAuthenticatorId(int32_t /*cookie*/,
- const keymaster::HardwareAuthToken& /*hat*/) {
+ndk::ScopedAStatus Session::invalidateAuthenticatorId(int32_t /*cookie*/) {
return ndk::ScopedAStatus::ok();
}
diff --git a/biometrics/fingerprint/aidl/default/Session.h b/biometrics/fingerprint/aidl/default/Session.h
index 05c570c..ed3ae3f 100644
--- a/biometrics/fingerprint/aidl/default/Session.h
+++ b/biometrics/fingerprint/aidl/default/Session.h
@@ -49,8 +49,7 @@
ndk::ScopedAStatus getAuthenticatorId(int32_t cookie) override;
- ndk::ScopedAStatus invalidateAuthenticatorId(int32_t cookie,
- const keymaster::HardwareAuthToken& hat) override;
+ ndk::ScopedAStatus invalidateAuthenticatorId(int32_t cookie) override;
ndk::ScopedAStatus resetLockout(int32_t cookie,
const keymaster::HardwareAuthToken& hat) override;