From 60406beac63ecbcd303a4b9a5f4b2010b8cffe59 Mon Sep 17 00:00:00 2001
From: Ilya Matyukhin <ilyamaty@google.com>
Date: Sat, 3 Jul 2021 00:04:43 +0000
Subject: [PATCH 1/2] IFace: update default implementation

Bug: 170651283
Test: atest VtsHalBiometricsFaceTargetTest
Change-Id: I6f8e6ec12e597034264e2b1383bc7325b0f697b7
---
 biometrics/face/aidl/default/Session.cpp | 16 ++++++++++++++--
 biometrics/face/aidl/default/Session.h   |  3 +++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/biometrics/face/aidl/default/Session.cpp b/biometrics/face/aidl/default/Session.cpp
index d980c5f892..0cb7c95de8 100644
--- a/biometrics/face/aidl/default/Session.cpp
+++ b/biometrics/face/aidl/default/Session.cpp
@@ -34,12 +34,15 @@ class CancellationSignal : public common::BnCancellationSignal {
     }
 };
 
-Session::Session(std::shared_ptr<ISessionCallback> cb) : cb_(std::move(cb)) {}
+Session::Session(std::shared_ptr<ISessionCallback> cb)
+    : cb_(std::move(cb)), mRandom(std::mt19937::default_seed) {}
 
 ndk::ScopedAStatus Session::generateChallenge() {
     LOG(INFO) << "generateChallenge";
     if (cb_) {
-        cb_->onChallengeGenerated(0);
+        std::uniform_int_distribution<int64_t> dist;
+        auto challenge = dist(mRandom);
+        cb_->onChallengeGenerated(challenge);
     }
     return ndk::ScopedAStatus::ok();
 }
@@ -63,6 +66,9 @@ ndk::ScopedAStatus Session::enroll(
         const std::vector<Feature>& /*features*/, const NativeHandle& /*previewSurface*/,
         std::shared_ptr<biometrics::common::ICancellationSignal>* /*return_val*/) {
     LOG(INFO) << "enroll";
+    if (cb_) {
+        cb_->onError(Error::UNABLE_TO_PROCESS, 0 /* vendorError */);
+    }
     return ndk::ScopedAStatus::ok();
 }
 
@@ -100,6 +106,9 @@ ndk::ScopedAStatus Session::removeEnrollments(const std::vector<int32_t>& /*enro
 
 ndk::ScopedAStatus Session::getFeatures() {
     LOG(INFO) << "getFeatures";
+    if (cb_) {
+        cb_->onFeaturesRetrieved({});
+    }
     return ndk::ScopedAStatus::ok();
 }
 
@@ -119,6 +128,9 @@ ndk::ScopedAStatus Session::getAuthenticatorId() {
 
 ndk::ScopedAStatus Session::invalidateAuthenticatorId() {
     LOG(INFO) << "invalidateAuthenticatorId";
+    if (cb_) {
+        cb_->onAuthenticatorIdInvalidated(0);
+    }
     return ndk::ScopedAStatus::ok();
 }
 
diff --git a/biometrics/face/aidl/default/Session.h b/biometrics/face/aidl/default/Session.h
index caf81f8702..4d213e3860 100644
--- a/biometrics/face/aidl/default/Session.h
+++ b/biometrics/face/aidl/default/Session.h
@@ -16,6 +16,8 @@
 
 #pragma once
 
+#include <random>
+
 #include <aidl/android/hardware/biometrics/face/BnSession.h>
 #include <aidl/android/hardware/biometrics/face/ISessionCallback.h>
 
@@ -68,6 +70,7 @@ class Session : public BnSession {
 
   private:
     std::shared_ptr<ISessionCallback> cb_;
+    std::mt19937 mRandom;
 };
 
 }  // namespace aidl::android::hardware::biometrics::face

From 046020b149aaa9aca90d294356114cde7af94633 Mon Sep 17 00:00:00 2001
From: Ilya Matyukhin <ilyamaty@google.com>
Date: Sat, 3 Jul 2021 00:05:47 +0000
Subject: [PATCH 2/2] IFace: update VTS tests

Bug: 170650876
Test: atest VtsHalBiometricsFaceTargetTest
Change-Id: I0b38a98acaec654b144dbe56fc64c5c741bd4488
---
 .../vts/VtsHalBiometricsFaceTargetTest.cpp    | 203 +++++++++++++++---
 1 file changed, 179 insertions(+), 24 deletions(-)

diff --git a/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp b/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
index 47a78139f2..4dc44f16c7 100644
--- a/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
+++ b/biometrics/face/aidl/vts/VtsHalBiometricsFaceTargetTest.cpp
@@ -29,16 +29,26 @@ namespace {
 
 using namespace std::literals::chrono_literals;
 
+using aidl::android::hardware::common::NativeHandle;
+
 constexpr int kSensorId = 0;
 constexpr int kUserId = 0;
 
 class SessionCallback : public BnSessionCallback {
   public:
-    ndk::ScopedAStatus onChallengeGenerated(int64_t /*challenge*/) override {
+    ndk::ScopedAStatus onChallengeGenerated(int64_t challenge) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnChallengeGeneratedInvoked = true;
+        mGeneratedChallenge = challenge;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
-    ndk::ScopedAStatus onChallengeRevoked(int64_t /*challenge*/) override {
+    ndk::ScopedAStatus onChallengeRevoked(int64_t challenge) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnChallengeRevokedInvoked = true;
+        mRevokedChallenge = challenge;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
@@ -50,10 +60,9 @@ class SessionCallback : public BnSessionCallback {
         return ndk::ScopedAStatus::ok();
     }
 
-    ndk::ScopedAStatus onError(Error error, int32_t vendorCode) override {
+    ndk::ScopedAStatus onError(Error error, int32_t /*vendorCode*/) override {
         auto lock = std::lock_guard<std::mutex>{mMutex};
         mError = error;
-        mVendorCode = vendorCode;
         mOnErrorInvoked = true;
         mCv.notify_one();
         return ndk::ScopedAStatus::ok();
@@ -83,15 +92,24 @@ class SessionCallback : public BnSessionCallback {
 
     ndk::ScopedAStatus onEnrollmentsEnumerated(
             const std::vector<int32_t>& /*enrollmentIds*/) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnEnrollmentsEnumeratedInvoked = true;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
     ndk::ScopedAStatus onEnrollmentsRemoved(
             const std::vector<int32_t>& /*enrollmentIds*/) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnEnrollmentsRemovedInvoked = true;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
     ndk::ScopedAStatus onFeaturesRetrieved(const std::vector<Feature>& /*features*/) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnFeaturesRetrievedInvoked = true;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
@@ -100,10 +118,16 @@ class SessionCallback : public BnSessionCallback {
     }
 
     ndk::ScopedAStatus onAuthenticatorIdRetrieved(int64_t /*authenticatorId*/) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnAuthenticatorIdRetrievedInvoked = true;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
     ndk::ScopedAStatus onAuthenticatorIdInvalidated(int64_t /*newAuthenticatorId*/) override {
+        auto lock = std::lock_guard{mMutex};
+        mOnAuthenticatorIdInvalidatedInvoked = true;
+        mCv.notify_one();
         return ndk::ScopedAStatus::ok();
     }
 
@@ -117,46 +141,177 @@ class SessionCallback : public BnSessionCallback {
     std::mutex mMutex;
     std::condition_variable mCv;
     Error mError = Error::UNKNOWN;
-    int32_t mVendorCode = 0;
+    int64_t mGeneratedChallenge = 0;
+    int64_t mRevokedChallenge = 0;
+    bool mOnChallengeGeneratedInvoked = false;
+    bool mOnChallengeRevokedInvoked = false;
     bool mOnErrorInvoked = false;
+    bool mOnEnrollmentsEnumeratedInvoked = false;
+    bool mOnEnrollmentsRemovedInvoked = false;
+    bool mOnFeaturesRetrievedInvoked = false;
+    bool mOnAuthenticatorIdRetrievedInvoked = false;
+    bool mOnAuthenticatorIdInvalidatedInvoked = false;
     bool mOnSessionClosedInvoked = false;
 };
 
 class Face : public testing::TestWithParam<std::string> {
   protected:
     void SetUp() override {
-        AIBinder* binder = AServiceManager_waitForService(GetParam().c_str());
-        ASSERT_NE(binder, nullptr);
-        mHal = IFace::fromBinder(ndk::SpAIBinder(binder));
+        // Prepare the callback.
+        mCb = ndk::SharedRefBase::make<SessionCallback>();
+
+        int retries = 0;
+        bool isOk = false;
+        // If the first attempt to create a session fails, we try to create a session again. The
+        // first attempt might fail if the framework already has an active session. The AIDL
+        // contract doesn't allow to create a new session without closing the old one. However, we
+        // can't close the framework's session from VTS. The expectation here is that the HAL will
+        // crash after the first illegal attempt to create a session, then it will restart, and then
+        // we'll be able to create a session.
+        do {
+            // Get an instance of the HAL.
+            AIBinder* binder = AServiceManager_waitForService(GetParam().c_str());
+            ASSERT_NE(binder, nullptr);
+            mHal = IFace::fromBinder(ndk::SpAIBinder(binder));
+
+            // Create a session.
+            isOk = mHal->createSession(kSensorId, kUserId, mCb, &mSession).isOk();
+            ++retries;
+        } while (!isOk && retries < 2);
+
+        ASSERT_TRUE(isOk);
+    }
+
+    void TearDown() override {
+        // Close the mSession.
+        ASSERT_TRUE(mSession->close().isOk());
+
+        // Make sure the mSession is closed.
+        auto lock = std::unique_lock<std::mutex>(mCb->mMutex);
+        mCb->mCv.wait(lock, [this] { return mCb->mOnSessionClosedInvoked; });
     }
 
     std::shared_ptr<IFace> mHal;
+    std::shared_ptr<SessionCallback> mCb;
+    std::shared_ptr<ISession> mSession;
 };
 
-TEST_P(Face, AuthenticateTest) {
-    // Prepare the callback.
-    auto cb = ndk::SharedRefBase::make<SessionCallback>();
+TEST_P(Face, GetSensorPropsWorksTest) {
+    std::vector<SensorProps> sensorProps;
 
-    // Create a session
-    std::shared_ptr<ISession> session;
-    ASSERT_TRUE(mHal->createSession(kSensorId, kUserId, cb, &session).isOk());
+    // Call the method.
+    ASSERT_TRUE(mHal->getSensorProps(&sensorProps).isOk());
 
-    // Call authenticate
+    // Make sure the sensorProps aren't empty.
+    ASSERT_FALSE(sensorProps.empty());
+    ASSERT_FALSE(sensorProps[0].commonProps.componentInfo.empty());
+}
+
+TEST_P(Face, EnrollWithBadHatResultsInErrorTest) {
+    // Call the method.
+    auto hat = keymaster::HardwareAuthToken{};
     std::shared_ptr<common::ICancellationSignal> cancellationSignal;
-    ASSERT_TRUE(session->authenticate(0 /* operationId */, &cancellationSignal).isOk());
+    ASSERT_TRUE(
+            mSession->enroll(hat, EnrollmentType::DEFAULT, {}, NativeHandle{}, &cancellationSignal)
+                    .isOk());
 
-    auto lock = std::unique_lock<std::mutex>(cb->mMutex);
-    cb->mCv.wait(lock, [&cb] { return cb->mOnErrorInvoked; });
-    // Get the results
-    EXPECT_EQ(cb->mError, Error::UNABLE_TO_PROCESS);
-    EXPECT_EQ(cb->mVendorCode, 0);
+    // Make sure an error is returned.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnErrorInvoked; });
+}
+
+TEST_P(Face, GenerateChallengeProducesUniqueChallengesTest) {
+    static constexpr int kIterations = 100;
+
+    auto challenges = std::set<int>{};
+    for (unsigned int i = 0; i < kIterations; ++i) {
+        // Call the method.
+        ASSERT_TRUE(mSession->generateChallenge().isOk());
+
+        // Check that the generated challenge is unique and not 0.
+        auto lock = std::unique_lock{mCb->mMutex};
+        mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeGeneratedInvoked; });
+        ASSERT_NE(mCb->mGeneratedChallenge, 0);
+        ASSERT_EQ(challenges.find(mCb->mGeneratedChallenge), challenges.end());
+
+        challenges.insert(mCb->mGeneratedChallenge);
+        mCb->mOnChallengeGeneratedInvoked = false;
+    }
+}
+
+TEST_P(Face, RevokeChallengeWorksForNonexistentChallengeTest) {
+    const int64_t nonexistentChallenge = 123;
+
+    // Call the method.
+    ASSERT_TRUE(mSession->revokeChallenge(nonexistentChallenge).isOk());
+
+    // Check that the challenge is revoked and matches the requested challenge.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeRevokedInvoked; });
+    ASSERT_EQ(mCb->mRevokedChallenge, nonexistentChallenge);
+}
+
+TEST_P(Face, RevokeChallengeWorksForExistentChallengeTest) {
+    // Generate a challenge.
+    ASSERT_TRUE(mSession->generateChallenge().isOk());
+
+    // Wait for the result.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeGeneratedInvoked; });
     lock.unlock();
 
-    // Close the session
-    ASSERT_TRUE(session->close().isOk());
+    // Revoke the challenge.
+    ASSERT_TRUE(mSession->revokeChallenge(mCb->mGeneratedChallenge).isOk());
 
+    // Check that the challenge is revoked and matches the requested challenge.
     lock.lock();
-    cb->mCv.wait(lock, [&cb] { return cb->mOnSessionClosedInvoked; });
+    mCb->mCv.wait(lock, [this] { return mCb->mOnChallengeRevokedInvoked; });
+    ASSERT_EQ(mCb->mRevokedChallenge, mCb->mGeneratedChallenge);
+}
+
+TEST_P(Face, EnumerateEnrollmentsWorksTest) {
+    // Call the method.
+    ASSERT_TRUE(mSession->enumerateEnrollments().isOk());
+
+    // Wait for the result.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnEnrollmentsEnumeratedInvoked; });
+}
+
+TEST_P(Face, RemoveEnrollmentsWorksTest) {
+    // Call the method.
+    ASSERT_TRUE(mSession->removeEnrollments({}).isOk());
+
+    // Wait for the result.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnEnrollmentsRemovedInvoked; });
+}
+
+TEST_P(Face, GetFeaturesWorksTest) {
+    // Call the method.
+    ASSERT_TRUE(mSession->getFeatures().isOk());
+
+    // Wait for the result.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnFeaturesRetrievedInvoked; });
+}
+
+TEST_P(Face, GetAuthenticatorIdWorksTest) {
+    // Call the method.
+    ASSERT_TRUE(mSession->getAuthenticatorId().isOk());
+
+    // Wait for the result.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnAuthenticatorIdRetrievedInvoked; });
+}
+
+TEST_P(Face, InvalidateAuthenticatorIdWorksTest) {
+    // Call the method.
+    ASSERT_TRUE(mSession->invalidateAuthenticatorId().isOk());
+
+    // Wait for the result.
+    auto lock = std::unique_lock{mCb->mMutex};
+    mCb->mCv.wait(lock, [this] { return mCb->mOnAuthenticatorIdInvalidatedInvoked; });
 }
 
 GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(Face);