blob: 20032ceee0c3a41b10e397012013a58e23e25f16 [file] [log] [blame]
/*
* Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.confirmationui;
import android.hardware.confirmationui.IConfirmationResultCallback;
import android.hardware.confirmationui.UIOption;
import android.hardware.security.keymint.HardwareAuthToken;
@VintfStability
interface IConfirmationUI {
// Possible Errors.
/**
* API call succeeded or the user gave approval (result callback).
*/
const int OK = 0;
/**
* The user canceled the TUI (result callback).
*/
const int CANCELED = 1;
/**
* IConfirmationUI::abort() was called. (result callback).
*/
const int ABORTED = 2;
/**
* Cannot start another prompt.
*/
const int OPERATION_PENDING = 3;
/**
* IConfirmationUI::deliverSecureInputEvent call was ignored.
*/
const int IGNORED = 4;
/**
* An unexpected system error occurred.
*/
const int SYSTEM_ERROR = 5;
/**
* Returned by an unimplemented API call.
*/
const int UNIMPLEMENTED = 6;
/**
* This is returned when an error is diagnosed that should have been
* caught by earlier input sanitization. Should never be seen in production.
*/
const int UNEXPECTED = 7;
/**
* General UI error.
*/
const int UI_ERROR = 0x10000;
/**
* This is returned if there is no corresponding glyph for a character.
*/
const int UI_ERROR_MISSING_GLYPH = 0x10001;
/**
* The implementation must return this error code on promptUserConfirmation if the
* resulting formatted message does not fit into MAX_MESSAGE_SIZE bytes. It is
* advised that the implementation formats the message upon receiving this API call to
* be able to diagnose this syndrome.
*/
const int UI_ERROR_MESSAGE_TOO_LONG = 0x10002;
/**
* This is returned if the UTF8 encoding is malformed.
*/
const int UI_ERROR_MALFORMED_UTF8ENCODING = 0x10003;
// Constants
/**
* The test key is 32byte word with all bytes set to TEST_KEY_BYTE.
*/
const int TEST_KEY_BYTE = 0xA5;
/**
* This defines the maximum message size. This indirectly limits the size of the prompt text
* and the extra data that can be passed to the confirmation UI. The prompt text and extra data
* must fit in to this size including CBOR header information.
*/
const int MAX_MESSAGE_SIZE = 0x1800;
/**
* Aborts a pending user prompt. This allows the framework to gracefully end a TUI dialog.
* If a TUI operation was pending the corresponding call back is informed with
* IConfirmationUI::ABORTED.
*/
void abort();
/**
* DeliverSecureInput is used by the framework to deliver a secure input event to the
* confirmation provider.
*
* VTS test mode:
* This function can be used to test certain code paths non-interactively.
* See TestModeCommands.aidl for details.
*
* @param secureInputToken An authentication token as generated by Android authentication
* providers.
*/
void deliverSecureInputEvent(in HardwareAuthToken secureInputToken);
/**
* Asynchronously initiates a confirmation UI dialog prompting the user to confirm a given text.
* The TUI prompt must be implemented in such a way that a positive response indicates with
* high confidence that a user has seen the given prompt text even if the Android framework
* including the kernel was compromised.
*
* Service status return:
*
* OK IFF the dialog was successfully started. In this case, and only in this
* case, the implementation must, eventually, call the callback to
* indicate completion.
* OPERATION_PENDING is returned when the confirmation provider is currently
* in use.
* SYSTEM_ERROR an error occurred trying to communicate with the confirmation
* provider (e.g. trusted app).
* UI_ERROR the confirmation provider encountered an issue with displaying
* the prompt text to the user.
*
* @param resultCB Implementation of IResultCallback. Used by the implementation to report
* the result of the current pending user prompt.
*
* @param promptText UTF-8 encoded bytes which is to be presented to the user.
*
* @param extraData A binary blob that must be included in the formatted output message as is.
* It is opaque to the implementation. Implementations must neither interpret
* nor modify the content.
*
* @param locale String specifying the locale that must be used by the TUI dialog. The string
* is an IETF BCP 47 tag.
*
* @param uiOptions A set of uiOptions manipulating how the confirmation prompt is displayed.
* Refer to UIOption in UIOptions.aidl for possible options.
*/
void promptUserConfirmation(in IConfirmationResultCallback resultCB, in byte[] promptText,
in byte[] extraData, in @utf8InCpp String locale, in UIOption[] uiOptions);
}