Merge changes I0b38a98a,I6f8e6ec1 into sc-dev am: 4f53440f87
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15193438
Change-Id: Ie5cb3aa608b3c16830f13a844608255d31306cb2
diff --git a/biometrics/face/aidl/default/Session.cpp b/biometrics/face/aidl/default/Session.cpp
index d980c5f..0cb7c95 100644
--- a/biometrics/face/aidl/default/Session.cpp
+++ b/biometrics/face/aidl/default/Session.cpp
@@ -34,12 +34,15 @@
}
};
-Session::Session(std::shared_ptr<ISessionCallback> cb) : cb_(std::move(cb)) {}
+Session::Session(std::shared_ptr<ISessionCallback> cb)
+ : cb_(std::move(cb)), mRandom(std::mt19937::default_seed) {}
ndk::ScopedAStatus Session::generateChallenge() {
LOG(INFO) << "generateChallenge";
if (cb_) {
- cb_->onChallengeGenerated(0);
+ std::uniform_int_distribution<int64_t> dist;
+ auto challenge = dist(mRandom);
+ cb_->onChallengeGenerated(challenge);
}
return ndk::ScopedAStatus::ok();
}
@@ -63,6 +66,9 @@
const std::vector<Feature>& /*features*/, const NativeHandle& /*previewSurface*/,
std::shared_ptr<biometrics::common::ICancellationSignal>* /*return_val*/) {
LOG(INFO) << "enroll";
+ if (cb_) {
+ cb_->onError(Error::UNABLE_TO_PROCESS, 0 /* vendorError */);
+ }
return ndk::ScopedAStatus::ok();
}
@@ -100,6 +106,9 @@
ndk::ScopedAStatus Session::getFeatures() {
LOG(INFO) << "getFeatures";
+ if (cb_) {
+ cb_->onFeaturesRetrieved({});
+ }
return ndk::ScopedAStatus::ok();
}
@@ -119,6 +128,9 @@
ndk::ScopedAStatus Session::invalidateAuthenticatorId() {
LOG(INFO) << "invalidateAuthenticatorId";
+ if (cb_) {
+ cb_->onAuthenticatorIdInvalidated(0);
+ }
return ndk::ScopedAStatus::ok();
}
diff --git a/biometrics/face/aidl/default/Session.h b/biometrics/face/aidl/default/Session.h
index caf81f8..4d213e3 100644
--- a/biometrics/face/aidl/default/Session.h
+++ b/biometrics/face/aidl/default/Session.h
@@ -16,6 +16,8 @@
#pragma once
+#include <random>
+
#include <aidl/android/hardware/biometrics/face/BnSession.h>
#include <aidl/android/hardware/biometrics/face/ISessionCallback.h>
@@ -68,6 +70,7 @@
private:
std::shared_ptr<ISessionCallback> cb_;
+ std::mt19937 mRandom;
};
} // namespace aidl::android::hardware::biometrics::face
diff --git a/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp b/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
index 47a7813..4dc44f1 100644
--- a/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
+++ b/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
@@ -29,16 +29,26 @@
using namespace std::literals::chrono_literals;
+using aidl::android::hardware::common::NativeHandle;
+
constexpr int kSensorId = 0;
constexpr int kUserId = 0;
class SessionCallback : public BnSessionCallback {
public:
- ndk::ScopedAStatus onChallengeGenerated(int64_t /*challenge*/) override {
+ ndk::ScopedAStatus onChallengeGenerated(int64_t challenge) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnChallengeGeneratedInvoked = true;
+ mGeneratedChallenge = challenge;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
- ndk::ScopedAStatus onChallengeRevoked(int64_t /*challenge*/) override {
+ ndk::ScopedAStatus onChallengeRevoked(int64_t challenge) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnChallengeRevokedInvoked = true;
+ mRevokedChallenge = challenge;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
@@ -50,10 +60,9 @@
return ndk::ScopedAStatus::ok();
}
- ndk::ScopedAStatus onError(Error error, int32_t vendorCode) override {
+ ndk::ScopedAStatus onError(Error error, int32_t /*vendorCode*/) override {
auto lock = std::lock_guard<std::mutex>{mMutex};
mError = error;
- mVendorCode = vendorCode;
mOnErrorInvoked = true;
mCv.notify_one();
return ndk::ScopedAStatus::ok();
@@ -83,15 +92,24 @@
ndk::ScopedAStatus onEnrollmentsEnumerated(
const std::vector<int32_t>& /*enrollmentIds*/) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnEnrollmentsEnumeratedInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onEnrollmentsRemoved(
const std::vector<int32_t>& /*enrollmentIds*/) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnEnrollmentsRemovedInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onFeaturesRetrieved(const std::vector<Feature>& /*features*/) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnFeaturesRetrievedInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
@@ -100,10 +118,16 @@
}
ndk::ScopedAStatus onAuthenticatorIdRetrieved(int64_t /*authenticatorId*/) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnAuthenticatorIdRetrievedInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onAuthenticatorIdInvalidated(int64_t /*newAuthenticatorId*/) override {
+ auto lock = std::lock_guard{mMutex};
+ mOnAuthenticatorIdInvalidatedInvoked = true;
+ mCv.notify_one();
return ndk::ScopedAStatus::ok();
}
@@ -117,46 +141,177 @@
std::mutex mMutex;
std::condition_variable mCv;
Error mError = Error::UNKNOWN;
- int32_t mVendorCode = 0;
+ int64_t mGeneratedChallenge = 0;
+ int64_t mRevokedChallenge = 0;
+ bool mOnChallengeGeneratedInvoked = false;
+ bool mOnChallengeRevokedInvoked = false;
bool mOnErrorInvoked = false;
+ bool mOnEnrollmentsEnumeratedInvoked = false;
+ bool mOnEnrollmentsRemovedInvoked = false;
+ bool mOnFeaturesRetrievedInvoked = false;
+ bool mOnAuthenticatorIdRetrievedInvoked = false;
+ bool mOnAuthenticatorIdInvalidatedInvoked = false;
bool mOnSessionClosedInvoked = false;
};
class Face : public testing::TestWithParam<std::string> {
protected:
void SetUp() override {
- AIBinder* binder = AServiceManager_waitForService(GetParam().c_str());
- ASSERT_NE(binder, nullptr);
- mHal = IFace::fromBinder(ndk::SpAIBinder(binder));
+ // Prepare the callback.
+ mCb = ndk::SharedRefBase::make<SessionCallback>();
+
+ int retries = 0;
+ bool isOk = false;
+ // If the first attempt to create a session fails, we try to create a session again. The
+ // first attempt might fail if the framework already has an active session. The AIDL
+ // contract doesn't allow to create a new session without closing the old one. However, we
+ // can't close the framework's session from VTS. The expectation here is that the HAL will
+ // crash after the first illegal attempt to create a session, then it will restart, and then
+ // we'll be able to create a session.
+ do {
+ // Get an instance of the HAL.
+ AIBinder* binder = AServiceManager_waitForService(GetParam().c_str());
+ ASSERT_NE(binder, nullptr);
+ mHal = IFace::fromBinder(ndk::SpAIBinder(binder));
+
+ // Create a session.
+ isOk = mHal->createSession(kSensorId, kUserId, mCb, &mSession).isOk();
+ ++retries;
+ } while (!isOk && retries < 2);
+
+ ASSERT_TRUE(isOk);
+ }
+
+ void TearDown() override {
+ // Close the mSession.
+ ASSERT_TRUE(mSession->close().isOk());
+
+ // Make sure the mSession is closed.
+ auto lock = std::unique_lock<std::mutex>(mCb->mMutex);
+ mCb->mCv.wait(lock, [this] { return mCb->mOnSessionClosedInvoked; });
}
std::shared_ptr<IFace> mHal;
+ std::shared_ptr<SessionCallback> mCb;
+ std::shared_ptr<ISession> mSession;
};
-TEST_P(Face, AuthenticateTest) {
- // Prepare the callback.
- auto cb = ndk::SharedRefBase::make<SessionCallback>();
+TEST_P(Face, GetSensorPropsWorksTest) {
+ std::vector<SensorProps> sensorProps;
- // Create a session
- std::shared_ptr<ISession> session;
- ASSERT_TRUE(mHal->createSession(kSensorId, kUserId, cb, &session).isOk());
+ // Call the method.
+ ASSERT_TRUE(mHal->getSensorProps(&sensorProps).isOk());
- // Call authenticate
+ // Make sure the sensorProps aren't empty.
+ ASSERT_FALSE(sensorProps.empty());
+ ASSERT_FALSE(sensorProps[0].commonProps.componentInfo.empty());
+}
+
+TEST_P(Face, EnrollWithBadHatResultsInErrorTest) {
+ // Call the method.
+ auto hat = keymaster::HardwareAuthToken{};
std::shared_ptr<common::ICancellationSignal> cancellationSignal;
- ASSERT_TRUE(session->authenticate(0 /* operationId */, &cancellationSignal).isOk());
+ ASSERT_TRUE(
+ mSession->enroll(hat, EnrollmentType::DEFAULT, {}, NativeHandle{}, &cancellationSignal)
+ .isOk());
- auto lock = std::unique_lock<std::mutex>(cb->mMutex);
- cb->mCv.wait(lock, [&cb] { return cb->mOnErrorInvoked; });
- // Get the results
- EXPECT_EQ(cb->mError, Error::UNABLE_TO_PROCESS);
- EXPECT_EQ(cb->mVendorCode, 0);
+ // Make sure an error is returned.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnErrorInvoked; });
+}
+
+TEST_P(Face, GenerateChallengeProducesUniqueChallengesTest) {
+ static constexpr int kIterations = 100;
+
+ auto challenges = std::set<int>{};
+ for (unsigned int i = 0; i < kIterations; ++i) {
+ // Call the method.
+ ASSERT_TRUE(mSession->generateChallenge().isOk());
+
+ // Check that the generated challenge is unique and not 0.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeGeneratedInvoked; });
+ ASSERT_NE(mCb->mGeneratedChallenge, 0);
+ ASSERT_EQ(challenges.find(mCb->mGeneratedChallenge), challenges.end());
+
+ challenges.insert(mCb->mGeneratedChallenge);
+ mCb->mOnChallengeGeneratedInvoked = false;
+ }
+}
+
+TEST_P(Face, RevokeChallengeWorksForNonexistentChallengeTest) {
+ const int64_t nonexistentChallenge = 123;
+
+ // Call the method.
+ ASSERT_TRUE(mSession->revokeChallenge(nonexistentChallenge).isOk());
+
+ // Check that the challenge is revoked and matches the requested challenge.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeRevokedInvoked; });
+ ASSERT_EQ(mCb->mRevokedChallenge, nonexistentChallenge);
+}
+
+TEST_P(Face, RevokeChallengeWorksForExistentChallengeTest) {
+ // Generate a challenge.
+ ASSERT_TRUE(mSession->generateChallenge().isOk());
+
+ // Wait for the result.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeGeneratedInvoked; });
lock.unlock();
- // Close the session
- ASSERT_TRUE(session->close().isOk());
+ // Revoke the challenge.
+ ASSERT_TRUE(mSession->revokeChallenge(mCb->mGeneratedChallenge).isOk());
+ // Check that the challenge is revoked and matches the requested challenge.
lock.lock();
- cb->mCv.wait(lock, [&cb] { return cb->mOnSessionClosedInvoked; });
+ mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeRevokedInvoked; });
+ ASSERT_EQ(mCb->mRevokedChallenge, mCb->mGeneratedChallenge);
+}
+
+TEST_P(Face, EnumerateEnrollmentsWorksTest) {
+ // Call the method.
+ ASSERT_TRUE(mSession->enumerateEnrollments().isOk());
+
+ // Wait for the result.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnEnrollmentsEnumeratedInvoked; });
+}
+
+TEST_P(Face, RemoveEnrollmentsWorksTest) {
+ // Call the method.
+ ASSERT_TRUE(mSession->removeEnrollments({}).isOk());
+
+ // Wait for the result.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnEnrollmentsRemovedInvoked; });
+}
+
+TEST_P(Face, GetFeaturesWorksTest) {
+ // Call the method.
+ ASSERT_TRUE(mSession->getFeatures().isOk());
+
+ // Wait for the result.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnFeaturesRetrievedInvoked; });
+}
+
+TEST_P(Face, GetAuthenticatorIdWorksTest) {
+ // Call the method.
+ ASSERT_TRUE(mSession->getAuthenticatorId().isOk());
+
+ // Wait for the result.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnAuthenticatorIdRetrievedInvoked; });
+}
+
+TEST_P(Face, InvalidateAuthenticatorIdWorksTest) {
+ // Call the method.
+ ASSERT_TRUE(mSession->invalidateAuthenticatorId().isOk());
+
+ // Wait for the result.
+ auto lock = std::unique_lock{mCb->mMutex};
+ mCb->mCv.wait(lock, [this] { return mCb->mOnAuthenticatorIdInvalidatedInvoked; });
}
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(Face);