diff --git a/biometrics/face/1.1/default/Android.bp b/biometrics/face/1.0/default/Android.bp similarity index 85% rename from biometrics/face/1.1/default/Android.bp rename to biometrics/face/1.0/default/Android.bp index 360071f3dd..d6ff087ee6 100644 --- a/biometrics/face/1.1/default/Android.bp +++ b/biometrics/face/1.0/default/Android.bp @@ -15,10 +15,10 @@ */ cc_binary { - name: "android.hardware.biometrics.face@1.1-service.example", + name: "android.hardware.biometrics.face@1.0-service.example", defaults: ["hidl_defaults"], vendor: true, - init_rc: ["android.hardware.biometrics.face@1.1-service.rc"], + init_rc: ["android.hardware.biometrics.face@1.0-service.rc"], vintf_fragments: ["manifest_face_default.xml"], relative_install_path: "hw", proprietary: true, @@ -31,6 +31,5 @@ cc_binary { "libutils", "liblog", "android.hardware.biometrics.face@1.0", - "android.hardware.biometrics.face@1.1", ], } diff --git a/biometrics/face/1.1/default/BiometricsFace.cpp b/biometrics/face/1.0/default/BiometricsFace.cpp similarity index 81% rename from biometrics/face/1.1/default/BiometricsFace.cpp rename to biometrics/face/1.0/default/BiometricsFace.cpp index 57b3a92690..97dc4690be 100644 --- a/biometrics/face/1.1/default/BiometricsFace.cpp +++ b/biometrics/face/1.0/default/BiometricsFace.cpp @@ -110,20 +110,4 @@ Return BiometricsFace::resetLockout(const hidl_vec& /* hat */) return Status::OK; } -// Methods from ::android::hardware::biometrics::face::V1_1::IBiometricsFace follow. -Return BiometricsFace::enroll_1_1(const hidl_vec& /* hat */, - uint32_t /* timeoutSec */, - const hidl_vec& /* disabledFeatures */, - const hidl_handle& /* windowId */) { - mClientCallback->onError(kDeviceId, mUserId, FaceError::UNABLE_TO_PROCESS, 0 /* vendorCode */); - return Status::OK; -} - -Return BiometricsFace::enrollRemotely(const hidl_vec& /* hat */, - uint32_t /* timeoutSec */, - const hidl_vec& /* disabledFeatures */) { - mClientCallback->onError(kDeviceId, mUserId, FaceError::UNABLE_TO_PROCESS, 0 /* vendorCode */); - return Status::OK; -} - } // namespace android::hardware::biometrics::face::implementation diff --git a/biometrics/face/1.1/default/BiometricsFace.h b/biometrics/face/1.0/default/BiometricsFace.h similarity index 82% rename from biometrics/face/1.1/default/BiometricsFace.h rename to biometrics/face/1.0/default/BiometricsFace.h index 5ce5771eae..1d99ed26bc 100644 --- a/biometrics/face/1.1/default/BiometricsFace.h +++ b/biometrics/face/1.0/default/BiometricsFace.h @@ -16,7 +16,7 @@ #pragma once -#include +#include #include #include #include @@ -34,7 +34,7 @@ using ::android::hardware::biometrics::face::V1_0::Feature; using ::android::hardware::biometrics::face::V1_0::IBiometricsFaceClientCallback; using ::android::hardware::biometrics::face::V1_0::Status; -class BiometricsFace : public V1_1::IBiometricsFace { +class BiometricsFace : public V1_0::IBiometricsFace { public: BiometricsFace(); @@ -71,14 +71,6 @@ class BiometricsFace : public V1_1::IBiometricsFace { Return resetLockout(const hidl_vec& hat) override; - // Methods from ::android::hardware::biometrics::face::V1_1::IBiometricsFace follow. - Return enroll_1_1(const hidl_vec& hat, uint32_t timeoutSec, - const hidl_vec& disabledFeatures, - const hidl_handle& windowId) override; - - Return enrollRemotely(const hidl_vec& hat, uint32_t timeoutSec, - const hidl_vec& disabledFeatures) override; - private: std::mt19937 mRandom; int32_t mUserId; diff --git a/biometrics/face/1.1/default/android.hardware.biometrics.face@1.1-service.rc b/biometrics/face/1.0/default/android.hardware.biometrics.face@1.0-service.rc similarity index 75% rename from biometrics/face/1.1/default/android.hardware.biometrics.face@1.1-service.rc rename to biometrics/face/1.0/default/android.hardware.biometrics.face@1.0-service.rc index 687e2d8c86..6c7362f2bb 100644 --- a/biometrics/face/1.1/default/android.hardware.biometrics.face@1.1-service.rc +++ b/biometrics/face/1.0/default/android.hardware.biometrics.face@1.0-service.rc @@ -1,4 +1,4 @@ -service vendor.face-hal-1-1-default /vendor/bin/hw/android.hardware.biometrics.face@1.1-service.example +service vendor.face-hal-1-0-default /vendor/bin/hw/android.hardware.biometrics.face@1.0-service.example # "class hal" causes a race condition on some devices due to files created # in /data. As a workaround, postpone startup until later in boot once # /data is mounted. diff --git a/biometrics/face/1.1/default/manifest_face_default.xml b/biometrics/face/1.0/default/manifest_face_default.xml similarity index 90% rename from biometrics/face/1.1/default/manifest_face_default.xml rename to biometrics/face/1.0/default/manifest_face_default.xml index ec71d9c92b..380ae49e93 100644 --- a/biometrics/face/1.1/default/manifest_face_default.xml +++ b/biometrics/face/1.0/default/manifest_face_default.xml @@ -2,7 +2,7 @@ android.hardware.biometrics.face hwbinder - 1.1 + 1.0 IBiometricsFace default diff --git a/biometrics/face/1.1/default/service.cpp b/biometrics/face/1.0/default/service.cpp similarity index 88% rename from biometrics/face/1.1/default/service.cpp rename to biometrics/face/1.0/default/service.cpp index 344bdb99b4..9818c959d6 100644 --- a/biometrics/face/1.1/default/service.cpp +++ b/biometrics/face/1.0/default/service.cpp @@ -14,10 +14,10 @@ * limitations under the License. */ -#define LOG_TAG "android.hardware.biometrics.face@1.1-service" +#define LOG_TAG "android.hardware.biometrics.face@1.0-service" #include -#include +#include #include #include #include @@ -27,7 +27,7 @@ using android::sp; using android::hardware::configureRpcThreadpool; using android::hardware::joinRpcThreadpool; using android::hardware::biometrics::face::implementation::BiometricsFace; -using android::hardware::biometrics::face::V1_1::IBiometricsFace; +using android::hardware::biometrics::face::V1_0::IBiometricsFace; int main() { ALOGI("BiometricsFace HAL is being started."); diff --git a/biometrics/face/1.1/Android.bp b/biometrics/face/1.1/Android.bp deleted file mode 100644 index 14a86f14b8..0000000000 --- a/biometrics/face/1.1/Android.bp +++ /dev/null @@ -1,14 +0,0 @@ -// This file is autogenerated by hidl-gen -Landroidbp. - -hidl_interface { - name: "android.hardware.biometrics.face@1.1", - root: "android.hardware", - srcs: [ - "IBiometricsFace.hal", - ], - interfaces: [ - "android.hardware.biometrics.face@1.0", - "android.hidl.base@1.0", - ], - gen_java: true, -} diff --git a/biometrics/face/1.1/IBiometricsFace.hal b/biometrics/face/1.1/IBiometricsFace.hal deleted file mode 100644 index 84e7443c9c..0000000000 --- a/biometrics/face/1.1/IBiometricsFace.hal +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.hardware.biometrics.face@1.1; - -import @1.0::IBiometricsFace; -import @1.0::Status; -import @1.0::Feature; - -/** - * The HAL interface for biometric face authentication. - */ -interface IBiometricsFace extends @1.0::IBiometricsFace { - /** - * Enrolls a user's face for a remote client, for example Android Auto. - * - * The HAL implementation is responsible for creating a secure communication - * channel and receiving the enrollment images from a mobile device with - * face authentication hardware. - * - * Note that the Hardware Authentication Token must be valid for the - * duration of enrollment and thus should be explicitly invalidated by a - * call to revokeChallenge() when enrollment is complete, to reduce the - * window of opportunity to re-use the challenge and HAT. For example, - * Settings calls generateChallenge() once to allow the user to enroll one - * or more faces or toggle secure settings without having to re-enter the - * PIN/pattern/password. Once the user completes the operation, Settings - * invokes revokeChallenge() to close the transaction. If the HAT is expired, - * the implementation must invoke onError with UNABLE_TO_PROCESS. - * - * Requirements for using this API: - * - Mobile devices MUST NOT delegate enrollment to another device by calling - * this API. This feature is intended only to allow enrollment on devices - * where it is impossible to enroll locally on the device. - * - The path MUST be protected by a secret key with rollback protection. - * - Synchronizing between devices MUST be accomplished by having both - * devices agree on a secret PIN entered by the user (similar to BT - * pairing procedure) and use a salted version of that PIN plus other secret - * to encrypt traffic. - * - All communication to/from the remote device MUST be encrypted and signed - * to prevent image injection and other man-in-the-middle type attacks. - * - generateChallenge() and revokeChallenge() MUST be implemented on both - * remote and local host (e.g. hash the result of the remote host with a - * local secret before responding to the API call) and any transmission of - * the challenge between hosts MUST be signed to prevent man-in-the-middle - * attacks. - * - In the event of a lost connection, the result of the last - * generateChallenge() MUST be invalidated and the process started over. - * - Both the remote and local host MUST honor the timeout and invalidate the - * challenge. - * - * This method triggers the IBiometricsFaceClientCallback#onEnrollResult() - * method. - * - * @param hat A valid Hardware Authentication Token, generated as a result - * of a generateChallenge() challenge being wrapped by the gatekeeper - * after a successful strong authentication request. - * @param timeoutSec A timeout in seconds, after which this enroll - * attempt is cancelled. Note that the framework can continue - * enrollment by calling this again with a valid HAT. This timeout is - * expected to be used to limit power usage if the device becomes idle - * during enrollment. The implementation is expected to send - * ERROR_TIMEOUT if this happens. - * @param disabledFeatures A list of features to be disabled during - * enrollment. Note that all features are enabled by default. - * @return status The status of this method call. - */ - enrollRemotely(vec hat, uint32_t timeoutSec, vec disabledFeatures) - generates (Status status); - - /** - * Enrolls a user's face. - * - * Note that the Hardware Authentication Token must be valid for the - * duration of enrollment and thus should be explicitly invalidated by a - * call to revokeChallenge() when enrollment is complete, to reduce the - * window of opportunity to re-use the challenge and HAT. For example, - * Settings calls generateChallenge() once to allow the user to enroll one - * or more faces or toggle secure settings without having to re-enter the - * PIN/pattern/password. Once the user completes the operation, Settings - * invokes revokeChallenge() to close the transaction. If the HAT is expired, - * the implementation must invoke onError with UNABLE_TO_PROCESS. - * - * This method triggers the IBiometricsFaceClientCallback#onEnrollResult() - * method. - * - * @param hat A valid Hardware Authentication Token, generated as a result - * of a generateChallenge() challenge being wrapped by the gatekeeper - * after a successful strong authentication request. - * @param timeoutSec A timeout in seconds, after which this enroll - * attempt is cancelled. Note that the framework can continue - * enrollment by calling this again with a valid HAT. This timeout is - * expected to be used to limit power usage if the device becomes idle - * during enrollment. The implementation is expected to send - * ERROR_TIMEOUT if this happens. - * @param disabledFeatures A list of features to be disabled during - * enrollment. Note that all features are enabled by default. - * @param windowId optional ID of a camera preview window for a - * single-camera device. Must be null if not used. - * @return status The status of this method call. - */ - enroll_1_1(vec hat, uint32_t timeoutSec, vec disabledFeatures, - handle windowId) generates (Status status); -}; diff --git a/biometrics/face/1.1/vts/functional/Android.bp b/biometrics/face/1.1/vts/functional/Android.bp deleted file mode 100644 index aa0b1fa082..0000000000 --- a/biometrics/face/1.1/vts/functional/Android.bp +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -cc_test { - name: "VtsHalBiometricsFaceV1_1TargetTest", - defaults: ["VtsHalTargetTestDefaults"], - srcs: ["VtsHalBiometricsFaceV1_1TargetTest.cpp"], - static_libs: [ - "android.hardware.biometrics.face@1.0", - "android.hardware.biometrics.face@1.1", - ], - test_suites: [ - "general-tests", - "vts", - ], -} diff --git a/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp b/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp deleted file mode 100644 index 0077c8c728..0000000000 --- a/biometrics/face/1.1/vts/functional/VtsHalBiometricsFaceV1_1TargetTest.cpp +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define LOG_TAG "biometrics_face_hidl_hal_test" - -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include - -using android::sp; -using android::hardware::hidl_handle; -using android::hardware::hidl_vec; -using android::hardware::Return; -using android::hardware::Void; -using android::hardware::biometrics::face::V1_0::FaceAcquiredInfo; -using android::hardware::biometrics::face::V1_0::FaceError; -using android::hardware::biometrics::face::V1_0::IBiometricsFaceClientCallback; -using android::hardware::biometrics::face::V1_0::OptionalUint64; -using android::hardware::biometrics::face::V1_0::Status; -using android::hardware::biometrics::face::V1_1::IBiometricsFace; - -namespace { - -// Arbitrary, nonexistent userId -constexpr uint32_t kUserId = 9; -constexpr uint32_t kTimeoutSec = 3; -constexpr auto kTimeout = std::chrono::seconds(kTimeoutSec); -constexpr char kFacedataDir[] = "/data/vendor_de/0/facedata"; -constexpr char kCallbackNameOnError[] = "onError"; - -// Callback arguments that need to be captured for the tests. -struct FaceCallbackArgs { - // The error passed to the last onError() callback. - FaceError error; - - // The userId passed to the last callback. - int32_t userId; -}; - -// Test callback class for the BiometricsFace HAL. -// The HAL will call these callback methods to notify about completed operations -// or encountered errors. -class FaceCallback : public ::testing::VtsHalHidlTargetCallbackBase, - public IBiometricsFaceClientCallback { - public: - Return onEnrollResult(uint64_t, uint32_t, int32_t, uint32_t) override { return Void(); } - - Return onAuthenticated(uint64_t, uint32_t, int32_t, const hidl_vec&) override { - return Void(); - } - - Return onAcquired(uint64_t, int32_t, FaceAcquiredInfo, int32_t) override { - return Void(); - } - - Return onError(uint64_t, int32_t userId, FaceError error, int32_t) override { - FaceCallbackArgs args = {}; - args.error = error; - args.userId = userId; - NotifyFromCallback(kCallbackNameOnError, args); - return Void(); - } - - Return onRemoved(uint64_t, const hidl_vec&, int32_t) override { return Void(); } - - Return onEnumerate(uint64_t, const hidl_vec&, int32_t) override { - return Void(); - } - - Return onLockoutChanged(uint64_t) override { return Void(); } -}; - -// Test class for the BiometricsFace HAL. -class FaceHidlTest : public ::testing::TestWithParam { - public: - void SetUp() override { - mService = IBiometricsFace::getService(GetParam()); - ASSERT_NE(mService, nullptr); - mCallback = new FaceCallback(); - mCallback->SetWaitTimeoutDefault(kTimeout); - Return ret1 = mService->setCallback(mCallback, [](const OptionalUint64& res) { - ASSERT_EQ(Status::OK, res.status); - // Makes sure the "deviceId" represented by "res.value" is not 0. - // 0 would mean the HIDL is not available. - ASSERT_NE(0UL, res.value); - }); - ASSERT_TRUE(ret1.isOk()); - Return ret2 = mService->setActiveUser(kUserId, kFacedataDir); - ASSERT_EQ(Status::OK, static_cast(ret2)); - } - - void TearDown() override {} - - sp mService; - sp mCallback; -}; - -// enroll with an invalid (all zeroes) HAT should fail. -TEST_P(FaceHidlTest, Enroll1_1ZeroHatTest) { - // Filling HAT with zeros - hidl_vec token(69); - for (size_t i = 0; i < 69; i++) { - token[i] = 0; - } - - hidl_handle windowId = nullptr; - Return ret = mService->enroll_1_1(token, kTimeoutSec, {}, windowId); - ASSERT_EQ(Status::OK, static_cast(ret)); - - // onError should be called with a meaningful (nonzero) error. - auto res = mCallback->WaitForCallback(kCallbackNameOnError); - EXPECT_TRUE(res.no_timeout); - EXPECT_EQ(kUserId, res.args->userId); - EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error); -} - -// enroll with an invalid HAT should fail. -TEST_P(FaceHidlTest, Enroll1_1GarbageHatTest) { - // Filling HAT with pseudorandom invalid data. - // Using default seed to make the test reproducible. - std::mt19937 gen(std::mt19937::default_seed); - std::uniform_int_distribution dist; - hidl_vec token(69); - for (size_t i = 0; i < 69; ++i) { - token[i] = dist(gen); - } - - hidl_handle windowId = nullptr; - Return ret = mService->enroll_1_1(token, kTimeoutSec, {}, windowId); - ASSERT_EQ(Status::OK, static_cast(ret)); - - // onError should be called with a meaningful (nonzero) error. - auto res = mCallback->WaitForCallback(kCallbackNameOnError); - EXPECT_TRUE(res.no_timeout); - EXPECT_EQ(kUserId, res.args->userId); - EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error); -} - -// enroll with an invalid (all zeroes) HAT should fail. -TEST_P(FaceHidlTest, EnrollRemotelyZeroHatTest) { - // Filling HAT with zeros - hidl_vec token(69); - for (size_t i = 0; i < 69; i++) { - token[i] = 0; - } - - Return ret = mService->enrollRemotely(token, kTimeoutSec, {}); - ASSERT_EQ(Status::OK, static_cast(ret)); - - // onError should be called with a meaningful (nonzero) error. - auto res = mCallback->WaitForCallback(kCallbackNameOnError); - EXPECT_TRUE(res.no_timeout); - EXPECT_EQ(kUserId, res.args->userId); - EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error); -} - -// enroll with an invalid HAT should fail. -TEST_P(FaceHidlTest, EnrollRemotelyGarbageHatTest) { - // Filling HAT with pseudorandom invalid data. - // Using default seed to make the test reproducible. - std::mt19937 gen(std::mt19937::default_seed); - std::uniform_int_distribution dist; - hidl_vec token(69); - for (size_t i = 0; i < 69; ++i) { - token[i] = dist(gen); - } - - Return ret = mService->enrollRemotely(token, kTimeoutSec, {}); - ASSERT_EQ(Status::OK, static_cast(ret)); - - // onError should be called with a meaningful (nonzero) error. - auto res = mCallback->WaitForCallback(kCallbackNameOnError); - EXPECT_TRUE(res.no_timeout); - EXPECT_EQ(kUserId, res.args->userId); - EXPECT_EQ(FaceError::UNABLE_TO_PROCESS, res.args->error); -} - -} // anonymous namespace - -GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(FaceHidlTest); -INSTANTIATE_TEST_SUITE_P( - PerInstance, FaceHidlTest, - testing::ValuesIn(android::hardware::getAllHalInstanceNames(IBiometricsFace::descriptor)), - android::hardware::PrintInstanceNameToString);