biometrics/fingerprint/2.1/IBiometricsFingerprint.hal - platform/hardware/interfaces - Git at Google

 /*
  * Copyright (C) 2017 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.hardware.biometrics.fingerprint@2.1;

 import IBiometricsFingerprintClientCallback;

 interface IBiometricsFingerprint {
   /**
    * Set notification callback:
    * Registers a user function that must receive notifications from the HAL
    * This call must block if the HAL state machine is in busy state until HAL
    * leaves the busy state.
    *
    * @return deviceId is a unique handle for this fingerprint device
    */
   @callflow(next={"setActiveGroup"})
   @entry
   setNotify(IBiometricsFingerprintClientCallback clientCallback)
       generates (uint64_t deviceId);

   /**
    * Fingerprint pre-enroll enroll request:
    * Generates a unique token to upper layers to indicate the start of
    * an enrollment transaction. pre-enroll and post-enroll specify
    * a pin/password cleared time window where enrollment is allowed.
    * Pre-enroll only generates a challenge, a full hardwareAuthToken is
    * generated by trustzone after verifying a pin/password/swipe. This is to
    * ensure adding a new fingerprint template was preceded by some kind of
    * credential confirmation (e.g. device password).
    *
    * @return 0 if function failed, a uint64_t of challenge otherwise.
    */
   @callflow(next={"enroll", "postEnroll"})
   preEnroll() generates (uint64_t authChallenge);

   /**
    * Fingerprint enroll request:
    * Switches the HAL state machine to collect and store a new fingerprint
    * template. Switches back as soon as enroll is complete, signalled by
    * (fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENROLLING &&
    *  fingerprintMsg.data.enroll.samplesRemaining == 0)
    * or after timeoutSec seconds.
    * The fingerprint template must be assigned to the group gid.
    *
    * @param hat a valid Hardware Authentication Token (HAT), generated
    * as a result of a preEnroll() call.
    * @param gid a framework defined fingerprint set (group) id.
    * @param timeoutSec a timeout in seconds.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    *
    * A notify() function may be called with a more detailed error structure.
    */
   @callflow(next={"cancel", "enroll", "postEnroll", "remove"})
   enroll(uint8_t[69] hat, uint32_t gid, uint32_t timeoutSec)
       generates (RequestStatus debugErrno);

   /**
    * Finishes the enroll operation and invalidates the preEnroll() generated
    * challenge. This must be called at the end of a multi-finger enrollment
    * session to indicate that no more fingers may be added.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    */
   @callflow(next={"authenticate", "setActiveGroup", "enumerate", "remove"})
   postEnroll() generates (RequestStatus debugErrno);

   /**
    * getAuthenticatorId:
    * Returns a token associated with the current fingerprint set. This value
    * must change whenever a new fingerprint is enrolled, thus creating a new
    * fingerprint set.
    *
    * @return getAuthenticatorIdRet current authenticator id, 0 if function
    * failed.
    */
   @callflow(next={"authenticate"})
   getAuthenticatorId() generates (uint64_t AuthenticatorId);

   /**
    * Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED
    * to all running clients. Switches the HAL state machine back to the idle
    * state. Unlike enrollDone() doesn't invalidate the preEnroll() challenge.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    */
   @callflow(next={"authenticate", "enroll", "enumerate", "remove",
     "setActiveGroup"})
   cancel() generates (RequestStatus debugErrno);

   /**
    * Enumerate all the fingerprint templates found in the directory set by
    * setActiveGroup():
    * For each template found a notify() must be called with:
    * fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENUMERATED
    * fingerprintMsg.data.enumerated.finger indicating a template id
    * fingerprintMsg.data.enumerated.remainingTemplates indicating how many more
    * enumeration messages to expect.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    */
   @callflow(next={"remove", "enroll", "authenticate", "setActiveGroup"})
   enumerate() generates (RequestStatus debugErrno);

   /**
    * Fingerprint remove request:
    * Deletes fingerprint template(s).
    * Works only within the path set by setActiveGroup().
    * For each template found a notify() must be called with:
    * fingerprintMsg.type == FINGERPRINT_TEMPLATE_REMOVED
    * fingerprintMsg.data.removed.finger indicating the template id deleted
    * fingerprintMsg.data.removed.remainingTemplates indicating how many more
    * templates must be deleted by this operation.
    *
    * @param gid group id must match the last group set by setActiveGroup().
    * @param fid template id to delete or 0 to delete all templates within the
    * current group.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    */
   @callflow(next={"enumerate", "authenticate", "cancel", "getAuthenticatorId",
     "setActiveGroup"})
   remove(uint32_t gid, uint32_t fid) generates (RequestStatus debugErrno);

   /**
    * Restricts the HAL operation to a set of fingerprints belonging to a group
    * provided. The caller must provide a path to a storage location within the
    * user's data directory.
    *
    * @param gid the fingerprint group (set) id.
    * @param storePath filesystem path to the template storage directory.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    */
   @callflow(next={"authenticate", "preEnroll", "enumerate", "remove"})
   setActiveGroup(uint32_t gid, string storePath)
       generates (RequestStatus debugErrno);

   /**
    * Authenticates an operation identified by operationId
    *
    * @param operationId operation id.
    * @param gid fingerprint group id.
    *
    * @return debugErrno is a value the framework logs in case it is not 0.
    */
   @callflow(next={"cancel", "preEnroll", "remove"})
   authenticate(uint64_t operationId, uint32_t gid)
       generates (RequestStatus debugErrno);
 };
	/*
	* Copyright (C) 2017 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.hardware.biometrics.fingerprint@2.1;

	import IBiometricsFingerprintClientCallback;

	interface IBiometricsFingerprint {
	/**
	* Set notification callback:
	* Registers a user function that must receive notifications from the HAL
	* This call must block if the HAL state machine is in busy state until HAL
	* leaves the busy state.
	*
	* @return deviceId is a unique handle for this fingerprint device
	*/
	@callflow(next={"setActiveGroup"})
	@entry
	setNotify(IBiometricsFingerprintClientCallback clientCallback)
	generates (uint64_t deviceId);

	/**
	* Fingerprint pre-enroll enroll request:
	* Generates a unique token to upper layers to indicate the start of
	* an enrollment transaction. pre-enroll and post-enroll specify
	* a pin/password cleared time window where enrollment is allowed.
	* Pre-enroll only generates a challenge, a full hardwareAuthToken is
	* generated by trustzone after verifying a pin/password/swipe. This is to
	* ensure adding a new fingerprint template was preceded by some kind of
	* credential confirmation (e.g. device password).
	*
	* @return 0 if function failed, a uint64_t of challenge otherwise.
	*/
	@callflow(next={"enroll", "postEnroll"})
	preEnroll() generates (uint64_t authChallenge);

	/**
	* Fingerprint enroll request:
	* Switches the HAL state machine to collect and store a new fingerprint
	* template. Switches back as soon as enroll is complete, signalled by
	* (fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENROLLING &&
	* fingerprintMsg.data.enroll.samplesRemaining == 0)
	* or after timeoutSec seconds.
	* The fingerprint template must be assigned to the group gid.
	*
	* @param hat a valid Hardware Authentication Token (HAT), generated
	* as a result of a preEnroll() call.
	* @param gid a framework defined fingerprint set (group) id.
	* @param timeoutSec a timeout in seconds.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*
	* A notify() function may be called with a more detailed error structure.
	*/
	@callflow(next={"cancel", "enroll", "postEnroll", "remove"})
	enroll(uint8_t[69] hat, uint32_t gid, uint32_t timeoutSec)
	generates (RequestStatus debugErrno);

	/**
	* Finishes the enroll operation and invalidates the preEnroll() generated
	* challenge. This must be called at the end of a multi-finger enrollment
	* session to indicate that no more fingers may be added.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*/
	@callflow(next={"authenticate", "setActiveGroup", "enumerate", "remove"})
	postEnroll() generates (RequestStatus debugErrno);

	/**
	* getAuthenticatorId:
	* Returns a token associated with the current fingerprint set. This value
	* must change whenever a new fingerprint is enrolled, thus creating a new
	* fingerprint set.
	*
	* @return getAuthenticatorIdRet current authenticator id, 0 if function
	* failed.
	*/
	@callflow(next={"authenticate"})
	getAuthenticatorId() generates (uint64_t AuthenticatorId);

	/**
	* Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED
	* to all running clients. Switches the HAL state machine back to the idle
	* state. Unlike enrollDone() doesn't invalidate the preEnroll() challenge.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*/
	@callflow(next={"authenticate", "enroll", "enumerate", "remove",
	"setActiveGroup"})
	cancel() generates (RequestStatus debugErrno);

	/**
	* Enumerate all the fingerprint templates found in the directory set by
	* setActiveGroup():
	* For each template found a notify() must be called with:
	* fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENUMERATED
	* fingerprintMsg.data.enumerated.finger indicating a template id
	* fingerprintMsg.data.enumerated.remainingTemplates indicating how many more
	* enumeration messages to expect.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*/
	@callflow(next={"remove", "enroll", "authenticate", "setActiveGroup"})
	enumerate() generates (RequestStatus debugErrno);

	/**
	* Fingerprint remove request:
	* Deletes fingerprint template(s).
	* Works only within the path set by setActiveGroup().
	* For each template found a notify() must be called with:
	* fingerprintMsg.type == FINGERPRINT_TEMPLATE_REMOVED
	* fingerprintMsg.data.removed.finger indicating the template id deleted
	* fingerprintMsg.data.removed.remainingTemplates indicating how many more
	* templates must be deleted by this operation.
	*
	* @param gid group id must match the last group set by setActiveGroup().
	* @param fid template id to delete or 0 to delete all templates within the
	* current group.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*/
	@callflow(next={"enumerate", "authenticate", "cancel", "getAuthenticatorId",
	"setActiveGroup"})
	remove(uint32_t gid, uint32_t fid) generates (RequestStatus debugErrno);

	/**
	* Restricts the HAL operation to a set of fingerprints belonging to a group
	* provided. The caller must provide a path to a storage location within the
	* user's data directory.
	*
	* @param gid the fingerprint group (set) id.
	* @param storePath filesystem path to the template storage directory.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*/
	@callflow(next={"authenticate", "preEnroll", "enumerate", "remove"})
	setActiveGroup(uint32_t gid, string storePath)
	generates (RequestStatus debugErrno);

	/**
	* Authenticates an operation identified by operationId
	*
	* @param operationId operation id.
	* @param gid fingerprint group id.
	*
	* @return debugErrno is a value the framework logs in case it is not 0.
	*/
	@callflow(next={"cancel", "preEnroll", "remove"})
	authenticate(uint64_t operationId, uint32_t gid)
	generates (RequestStatus debugErrno);
	};