Fingerprint: HIDL: add legacy (2.1) interface definition.
Test: make for bullhead_treble
Change-Id: Ibc720d8cfdd6a3a39904787885ba4f2e398979b3
diff --git a/biometrics/fingerprint/2.1/IBiometricsFingerprint.hal b/biometrics/fingerprint/2.1/IBiometricsFingerprint.hal
new file mode 100644
index 0000000..a9c3190
--- /dev/null
+++ b/biometrics/fingerprint/2.1/IBiometricsFingerprint.hal
@@ -0,0 +1,157 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.biometrics.fingerprint@2.1;
+
+interface IBiometricsFingerprint {
+ /*
+ * Fingerprint pre-enroll enroll request:
+ * Generates a unique token to upper layers to indicate the start of
+ * an enrollment transaction. pre-enroll and post-enroll specify
+ * a pin/password cleared time window where enrollment is allowed.
+ * Pre-enroll only generates a challenge, a full hardwareAuthToken is
+ * generated by trustzone after verifying a pin/password/swipe. This is to
+ * ensure adding a new fingerprint template was preceded by some kind of
+ * credential confirmation (e.g. device password).
+ *
+ * @return 0 if function failed, a uint64_t of challenge otherwise.
+ */
+ @callflow(next={"enroll", "postEnroll"})
+ preEnroll() generates (uint64_t authChallenge);
+
+ /*
+ * Fingerprint enroll request:
+ * Switches the HAL state machine to collect and store a new fingerprint
+ * template. Switches back as soon as enroll is complete, signalled by
+ * (fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENROLLING &&
+ * fingerprintMsg.data.enroll.samplesRemaining == 0)
+ * or after timeoutSec seconds.
+ * The fingerprint template must be assigned to the group gid.
+ *
+ * @param hat a valid Hardware Authentication Token (HAT), generated
+ * as a result of a preEnroll() call.
+ * @param gid a framework defined fingerprint set (group) id.
+ * @param timeoutSec a timeout in seconds.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ *
+ * A notify() function may be called with a more detailed error structure.
+ */
+ @callflow(next={"cancel", "enroll", "postEnroll", "remove"})
+ enroll(HwAuthToken hat, uint32_t gid, uint32_t timeoutSec)
+ generates (bool isOk, int32_t debugErrno);
+
+ /*
+ * Finishes the enroll operation and invalidates the preEnroll() generated
+ * challenge. This must be called at the end of a multi-finger enrollment
+ * session to indicate that no more fingers may be added.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ */
+ @callflow(next={"authenticate", "setActiveGroup", "enumerate", "remove"})
+ postEnroll() generates (bool isOk, int32_t debugErrno);
+
+ /*
+ * getAuthenticatorId:
+ * Returns a token associated with the current fingerprint set. This value
+ * must change whenever a new fingerprint is enrolled, thus creating a new
+ * fingerprint set.
+ *
+ * @return getAuthenticatorIdRet current authenticator id, 0 if function
+ * failed.
+ */
+ @callflow(next={"authenticate"})
+ getAuthenticatorId() generates (uint64_t AuthenticatorId);
+
+ /*
+ * Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED
+ * to all running clients. Switches the HAL state machine back to the idle
+ * state. Unlike enrollDone() doesn't invalidate the preEnroll() challenge.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ */
+ @callflow(next={"authenticate", "enroll", "enumerate", "remove",
+ "setActiveGroup"})
+ cancel() generates (bool isOk, int32_t debugErrno);
+
+ /*
+ * Enumerate all the fingerprint templates found in the directory set by
+ * setActiveGroup():
+ * For each template found a notify() must be called with:
+ * fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENUMERATED
+ * fingerprintMsg.data.enumerated.finger indicating a template id
+ * fingerprintMsg.data.enumerated.remainingTemplates indicating how many more
+ * enumeration messages to expect.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ */
+ @callflow(next={"remove", "enroll", "authenticate", "setActiveGroup"})
+ enumerate() generates (bool isOk, int32_t debugErrno);
+
+ /*
+ * Fingerprint remove request:
+ * Deletes fingerprint template(s).
+ * Works only within the path set by setActiveGroup().
+ * For each template found a notify() must be called with:
+ * fingerprintMsg.type == FINGERPRINT_TEMPLATE_REMOVED
+ * fingerprintMsg.data.removed.finger indicating the template id deleted
+ * fingerprintMsg.data.removed.remainingTemplates indicating how many more
+ * templates must be deleted by this operation.
+ *
+ * @param gid group id must match the last group set by setActiveGroup().
+ * @param fid template id to delete or 0 to delete all templates within the
+ * current group.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ */
+ @callflow(next={"enumerate", "authenticate", "cancel", "getAuthenticatorId",
+ "setActiveGroup"})
+ remove(uint32_t gid, uint32_t fid) generates (bool isOk, int32_t debugErrno);
+
+ /*
+ * Restricts the HAL operation to a set of fingerprints belonging to a group
+ * provided. The caller must provide a path to a storage location within the
+ * user's data directory.
+ *
+ * @param gid the fingerprint group (set) id.
+ * @param storePath filesystem path to the template storage directory.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ */
+ @callflow(next={"authenticate", "preEnroll", "enumerate", "remove"})
+ @entry
+ setActiveGroup(uint32_t gid, string storePath)
+ generates (bool isOk, int32_t debugErrno);
+
+ /*
+ * Authenticates an operation identifed by operationId
+ *
+ * @param operationId operation id.
+ * @param gid fingerprint group id.
+ *
+ * @return isOk indicates if the request is accepted.
+ * @return debugErrno is a value the framework logs in case isOk == false.
+ */
+ @callflow(next={"cancel", "preEnroll", "remove"})
+ authenticate(uint64_t operationId, uint32_t gid)
+ generates (bool isOk, int32_t debugErrno);
+};