From 2acfd2aab67f3b5e6aae69510f4c830d296eb002 Mon Sep 17 00:00:00 2001 From: Kevin Chyn Date: Thu, 20 Sep 2018 18:42:09 -0700 Subject: [PATCH] Add timeout parameter to generateChallenge Fixes: 115925222 Test: builds Change-Id: Idac1730b36eadb5acdb6420cc330585ebb2f3197 --- biometrics/face/1.0/IBiometricsFace.hal | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/biometrics/face/1.0/IBiometricsFace.hal b/biometrics/face/1.0/IBiometricsFace.hal index f39eaeb2fd..1c7bfb9be5 100644 --- a/biometrics/face/1.0/IBiometricsFace.hal +++ b/biometrics/face/1.0/IBiometricsFace.hal @@ -78,11 +78,15 @@ interface IBiometricsFace { * template if the operation was preceded by some kind of strong credential * confirmation (e.g. device password). * + * @param challengeTimeoutSec A timeout in seconds, after which the driver + * must invalidate the challenge. This is to prevent bugs or crashes in + * the system from leaving a challenge enabled indefinitely. * @return result, with its "value" parameter representing a "challenge": a * unique and cryptographically secure random token. */ @callflow(next={"enroll", "revokeChallenge", "setRequireAttention"}) - generateChallenge() generates (OptionalUint64 result); + generateChallenge(uint32_t challengeTimeoutSec) + generates (OptionalUint64 result); /** * Enrolls a user's face.