Fix fingerprint crypto operations.

This fixes a bug introduced in the HIDL port where fingerprint no
longer notifies keystore of authentications.

Test: keyguard, FingerprintDialog

Fixes bug 34200870

Change-Id: I5227a5f7feb9eee926ea1511001d0303c90dc594
(cherry picked from commit 7f7eb474ce3e57cc7582ea5fece1dd5108cd7158)
diff --git a/biometrics/fingerprint/2.1/default/Android.mk b/biometrics/fingerprint/2.1/default/Android.mk
index cd29b30..e5c79fe 100644
--- a/biometrics/fingerprint/2.1/default/Android.mk
+++ b/biometrics/fingerprint/2.1/default/Android.mk
@@ -9,11 +9,13 @@
     service.cpp \
 
 LOCAL_SHARED_LIBRARIES := \
+    libbinder \
     liblog \
     libhidlbase \
     libhidltransport \
     libhardware \
     libhwbinder \
+    libkeystore_binder \
     libutils \
     android.hardware.biometrics.fingerprint@2.1 \
 
diff --git a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
index 9167e70..eb28e46 100644
--- a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
+++ b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
@@ -15,6 +15,12 @@
  */
 #define LOG_TAG "android.hardware.biometrics.fingerprint@2.1-service"
 
+// For communication with Keystore binder interface
+#include <binder/IServiceManager.h>
+#include <keystore/IKeystoreService.h>
+#include <keystore/keystore.h> // for error codes
+#include <hardware/hw_auth_token.h>
+
 #include <hardware/hardware.h>
 #include <hardware/fingerprint.h>
 #include "BiometricsFingerprint.h"
@@ -235,6 +241,23 @@
     return new BiometricsFingerprint(fp_device);
 }
 
+void BiometricsFingerprint::notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length) {
+    if (auth_token != nullptr && auth_token_length > 0) {
+        // TODO: cache service?
+        sp<IServiceManager> sm = android::defaultServiceManager();
+        sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
+        sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
+        if (service != nullptr) {
+            status_t ret = service->addAuthToken(auth_token, auth_token_length);
+            if (ret != ResponseCode::NO_ERROR) {
+                ALOGE("Falure sending auth token to KeyStore: %d", ret);
+            }
+        } else {
+            ALOGE("Unable to communicate with KeyStore");
+        }
+    }
+}
+
 } // namespace implementation
 }  // namespace V2_1
 }  // namespace fingerprint
diff --git a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h
index bc85c1c..1f44a1c 100644
--- a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h
+++ b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h
@@ -95,6 +95,11 @@
                     msg->data.removed.remaining_templates);
                 break;
             case FINGERPRINT_AUTHENTICATED:
+                if (msg->data.authenticated.finger.fid != 0) {
+                    const uint8_t* hat =
+                            reinterpret_cast<const uint8_t *>(&msg->data.authenticated.hat);
+                    notifyKeystore(hat, sizeof(msg->data.authenticated.hat));
+                }
                 mClientCallback->onAuthenticated(devId,
                     msg->data.authenticated.finger.fid,
                     msg->data.authenticated.finger.gid);
@@ -109,6 +114,7 @@
     }
 private:
     Return<RequestStatus> ErrorFilter(int32_t error);
+    static void notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length);
     static FingerprintError VendorErrorFilter(int32_t error,
             int32_t* vendorCode);
     static FingerprintAcquiredInfo VendorAcquiredFilter(int32_t error,