Fix fingerprint crypto operations.
This fixes a bug introduced in the HIDL port where fingerprint no
longer notifies keystore of authentications.
Test: keyguard, FingerprintDialog
Fixes bug 34200870
Change-Id: I5227a5f7feb9eee926ea1511001d0303c90dc594
diff --git a/biometrics/fingerprint/2.1/default/Android.mk b/biometrics/fingerprint/2.1/default/Android.mk
index cd29b30..e5c79fe 100644
--- a/biometrics/fingerprint/2.1/default/Android.mk
+++ b/biometrics/fingerprint/2.1/default/Android.mk
@@ -9,11 +9,13 @@
service.cpp \
LOCAL_SHARED_LIBRARIES := \
+ libbinder \
liblog \
libhidlbase \
libhidltransport \
libhardware \
libhwbinder \
+ libkeystore_binder \
libutils \
android.hardware.biometrics.fingerprint@2.1 \
diff --git a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
index 9167e70..eb28e46 100644
--- a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
+++ b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.cpp
@@ -15,6 +15,12 @@
*/
#define LOG_TAG "android.hardware.biometrics.fingerprint@2.1-service"
+// For communication with Keystore binder interface
+#include <binder/IServiceManager.h>
+#include <keystore/IKeystoreService.h>
+#include <keystore/keystore.h> // for error codes
+#include <hardware/hw_auth_token.h>
+
#include <hardware/hardware.h>
#include <hardware/fingerprint.h>
#include "BiometricsFingerprint.h"
@@ -235,6 +241,23 @@
return new BiometricsFingerprint(fp_device);
}
+void BiometricsFingerprint::notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length) {
+ if (auth_token != nullptr && auth_token_length > 0) {
+ // TODO: cache service?
+ sp<IServiceManager> sm = android::defaultServiceManager();
+ sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
+ sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
+ if (service != nullptr) {
+ status_t ret = service->addAuthToken(auth_token, auth_token_length);
+ if (ret != ResponseCode::NO_ERROR) {
+ ALOGE("Falure sending auth token to KeyStore: %d", ret);
+ }
+ } else {
+ ALOGE("Unable to communicate with KeyStore");
+ }
+ }
+}
+
} // namespace implementation
} // namespace V2_1
} // namespace fingerprint
diff --git a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h
index bc85c1c..1f44a1c 100644
--- a/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h
+++ b/biometrics/fingerprint/2.1/default/BiometricsFingerprint.h
@@ -95,6 +95,11 @@
msg->data.removed.remaining_templates);
break;
case FINGERPRINT_AUTHENTICATED:
+ if (msg->data.authenticated.finger.fid != 0) {
+ const uint8_t* hat =
+ reinterpret_cast<const uint8_t *>(&msg->data.authenticated.hat);
+ notifyKeystore(hat, sizeof(msg->data.authenticated.hat));
+ }
mClientCallback->onAuthenticated(devId,
msg->data.authenticated.finger.fid,
msg->data.authenticated.finger.gid);
@@ -109,6 +114,7 @@
}
private:
Return<RequestStatus> ErrorFilter(int32_t error);
+ static void notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length);
static FingerprintError VendorErrorFilter(int32_t error,
int32_t* vendorCode);
static FingerprintAcquiredInfo VendorAcquiredFilter(int32_t error,