| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #define LOG_TAG "android.hardware.biometrics.fingerprint@2.1-service" |
| |
| // For communication with Keystore binder interface |
| #include <binder/IServiceManager.h> |
| #include <keystore/IKeystoreService.h> |
| #include <keystore/keystore.h> // for error codes |
| #include <hardware/hw_auth_token.h> |
| |
| #include <hardware/hardware.h> |
| #include <hardware/fingerprint.h> |
| #include "BiometricsFingerprint.h" |
| |
| #include <inttypes.h> |
| |
| namespace android { |
| namespace hardware { |
| namespace biometrics { |
| namespace fingerprint { |
| namespace V2_1 { |
| namespace implementation { |
| |
| // Supported fingerprint HAL version |
| static const uint16_t kVersion = HARDWARE_MODULE_API_VERSION(2, 1); |
| |
| using RequestStatus = |
| android::hardware::biometrics::fingerprint::V2_1::RequestStatus; |
| |
| sp<IBiometricsFingerprintClientCallback> |
| BiometricsFingerprint::mClientCallback = nullptr; |
| |
| // TODO: This is here because HAL 2.1 doesn't have a way to propagate a |
| // unique token for its driver. Subsequent versions should send a unique |
| // token for each call to notify(). This is fine as long as there's only |
| // one fingerprint device on the platform. |
| fingerprint_device_t *BiometricsFingerprint::sDevice = nullptr; |
| |
| BiometricsFingerprint::BiometricsFingerprint(fingerprint_device_t *device) |
| : mDevice(device) { |
| sDevice = mDevice; // keep track of the most recent instance |
| } |
| |
| BiometricsFingerprint::~BiometricsFingerprint() { |
| ALOG(LOG_VERBOSE, LOG_TAG, "nativeCloseHal()\n"); |
| if (mDevice == NULL) { |
| ALOGE("No valid device"); |
| return; |
| } |
| int err; |
| if (0 != (err = mDevice->common.close( |
| reinterpret_cast<hw_device_t*>(mDevice)))) { |
| ALOGE("Can't close fingerprint module, error: %d", err); |
| return; |
| } |
| mDevice = NULL; |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::ErrorFilter(int32_t error) { |
| switch(error) { |
| case 0: return RequestStatus::SYS_OK; |
| case -2: return RequestStatus::SYS_ENOENT; |
| case -4: return RequestStatus::SYS_EINTR; |
| case -5: return RequestStatus::SYS_EIO; |
| case -11: return RequestStatus::SYS_EAGAIN; |
| case -12: return RequestStatus::SYS_ENOMEM; |
| case -13: return RequestStatus::SYS_EACCES; |
| case -14: return RequestStatus::SYS_EFAULT; |
| case -16: return RequestStatus::SYS_EBUSY; |
| case -22: return RequestStatus::SYS_EINVAL; |
| case -28: return RequestStatus::SYS_ENOSPC; |
| case -110: return RequestStatus::SYS_ETIMEDOUT; |
| default: |
| ALOGE("An unknown error returned from fingerprint vendor library"); |
| return RequestStatus::SYS_UNKNOWN; |
| } |
| } |
| |
| // Translate from errors returned by traditional HAL (see fingerprint.h) to |
| // HIDL-compliant FingerprintError. |
| FingerprintError BiometricsFingerprint::VendorErrorFilter(int32_t error, |
| int32_t* vendorCode) { |
| *vendorCode = 0; |
| switch(error) { |
| case FINGERPRINT_ERROR_HW_UNAVAILABLE: |
| return FingerprintError::ERROR_HW_UNAVAILABLE; |
| case FINGERPRINT_ERROR_UNABLE_TO_PROCESS: |
| return FingerprintError::ERROR_UNABLE_TO_PROCESS; |
| case FINGERPRINT_ERROR_TIMEOUT: |
| return FingerprintError::ERROR_TIMEOUT; |
| case FINGERPRINT_ERROR_NO_SPACE: |
| return FingerprintError::ERROR_NO_SPACE; |
| case FINGERPRINT_ERROR_CANCELED: |
| return FingerprintError::ERROR_CANCELED; |
| case FINGERPRINT_ERROR_UNABLE_TO_REMOVE: |
| return FingerprintError::ERROR_UNABLE_TO_REMOVE; |
| default: |
| if (error >= FINGERPRINT_ERROR_VENDOR_BASE) { |
| // vendor specific code. |
| *vendorCode = error - FINGERPRINT_ERROR_VENDOR_BASE; |
| return FingerprintError::ERROR_VENDOR; |
| } |
| } |
| ALOGE("Unknown error from fingerprint vendor library"); |
| return FingerprintError::ERROR_UNABLE_TO_PROCESS; |
| } |
| |
| // Translate acquired messages returned by traditional HAL (see fingerprint.h) |
| // to HIDL-compliant FingerprintAcquiredInfo. |
| FingerprintAcquiredInfo BiometricsFingerprint::VendorAcquiredFilter( |
| int32_t info, int32_t* vendorCode) { |
| *vendorCode = 0; |
| switch(info) { |
| case FINGERPRINT_ACQUIRED_GOOD: |
| return FingerprintAcquiredInfo::ACQUIRED_GOOD; |
| case FINGERPRINT_ACQUIRED_PARTIAL: |
| return FingerprintAcquiredInfo::ACQUIRED_PARTIAL; |
| case FINGERPRINT_ACQUIRED_INSUFFICIENT: |
| return FingerprintAcquiredInfo::ACQUIRED_INSUFFICIENT; |
| case FINGERPRINT_ACQUIRED_IMAGER_DIRTY: |
| return FingerprintAcquiredInfo::ACQUIRED_IMAGER_DIRTY; |
| case FINGERPRINT_ACQUIRED_TOO_SLOW: |
| return FingerprintAcquiredInfo::ACQUIRED_TOO_SLOW; |
| case FINGERPRINT_ACQUIRED_TOO_FAST: |
| return FingerprintAcquiredInfo::ACQUIRED_TOO_FAST; |
| default: |
| if (info >= FINGERPRINT_ACQUIRED_VENDOR_BASE) { |
| // vendor specific code. |
| *vendorCode = info - FINGERPRINT_ACQUIRED_VENDOR_BASE; |
| return FingerprintAcquiredInfo::ACQUIRED_VENDOR; |
| } |
| } |
| ALOGE("Unknown acquiredmsg from fingerprint vendor library"); |
| return FingerprintAcquiredInfo::ACQUIRED_INSUFFICIENT; |
| } |
| |
| Return<uint64_t> BiometricsFingerprint::setNotify( |
| const sp<IBiometricsFingerprintClientCallback>& clientCallback) { |
| mClientCallback = clientCallback; |
| return reinterpret_cast<uint64_t>(mDevice); |
| } |
| |
| Return<uint64_t> BiometricsFingerprint::preEnroll() { |
| return mDevice->pre_enroll(mDevice); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::enroll(const hidl_array<uint8_t, 69>& hat, |
| uint32_t gid, uint32_t timeoutSec) { |
| const hw_auth_token_t* authToken = |
| reinterpret_cast<const hw_auth_token_t*>(hat.data()); |
| return ErrorFilter(mDevice->enroll(mDevice, authToken, gid, timeoutSec)); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::postEnroll() { |
| return ErrorFilter(mDevice->post_enroll(mDevice)); |
| } |
| |
| Return<uint64_t> BiometricsFingerprint::getAuthenticatorId() { |
| return mDevice->get_authenticator_id(mDevice); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::cancel() { |
| return ErrorFilter(mDevice->cancel(mDevice)); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::enumerate() { |
| return ErrorFilter(mDevice->enumerate(mDevice)); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::remove(uint32_t gid, uint32_t fid) { |
| return ErrorFilter(mDevice->remove(mDevice, gid, fid)); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::setActiveGroup(uint32_t gid, |
| const hidl_string& storePath) { |
| if (storePath.size() >= PATH_MAX || storePath.size() <= 0) { |
| ALOGE("Bad path length: %zd", storePath.size()); |
| } |
| return ErrorFilter(mDevice->set_active_group(mDevice, gid, |
| storePath.c_str())); |
| } |
| |
| Return<RequestStatus> BiometricsFingerprint::authenticate(uint64_t operationId, |
| uint32_t gid) { |
| return ErrorFilter(mDevice->authenticate(mDevice, operationId, gid)); |
| } |
| |
| IBiometricsFingerprint* BiometricsFingerprint::getInstance() { |
| int err; |
| const hw_module_t *hw_mdl = NULL; |
| ALOGE("Opening fingerprint hal library..."); |
| if (0 != (err = hw_get_module(FINGERPRINT_HARDWARE_MODULE_ID, &hw_mdl))) { |
| ALOGE("Can't open fingerprint HW Module, error: %d", err); |
| return nullptr; |
| } |
| |
| if (hw_mdl == NULL) { |
| ALOGE("No valid fingerprint module"); |
| return nullptr; |
| } |
| |
| fingerprint_module_t const *module = |
| reinterpret_cast<const fingerprint_module_t*>(hw_mdl); |
| if (module->common.methods->open == NULL) { |
| ALOGE("No valid open method"); |
| return nullptr; |
| } |
| |
| hw_device_t *device = NULL; |
| |
| if (0 != (err = module->common.methods->open(hw_mdl, NULL, &device))) { |
| ALOGE("Can't open fingerprint methods, error: %d", err); |
| return nullptr; |
| } |
| |
| if (kVersion != device->version) { |
| ALOGE("Wrong fp version. Expected %d, got %d", kVersion, device->version); |
| return 0; // enforce this on new devices because of HIDL translation layer |
| } |
| |
| fingerprint_device_t* fp_device = |
| reinterpret_cast<fingerprint_device_t*>(device); |
| |
| if (0 != (err = |
| fp_device->set_notify(fp_device, BiometricsFingerprint::notify))) { |
| ALOGE("Can't register fingerprint module callback, error: %d", err); |
| return nullptr; |
| } |
| |
| return new BiometricsFingerprint(fp_device); |
| } |
| |
| void BiometricsFingerprint::notifyKeystore(const uint8_t *auth_token, const size_t auth_token_length) { |
| if (auth_token != nullptr && auth_token_length > 0) { |
| // TODO: cache service? |
| sp<IServiceManager> sm = android::defaultServiceManager(); |
| sp<::android::IBinder> binder = sm->getService(String16("android.security.keystore")); |
| sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder); |
| if (service != nullptr) { |
| auto ret = service->addAuthToken(auth_token, auth_token_length); |
| if (!ret.isOk()) { |
| ALOGE("Failure sending auth token to KeyStore: %" PRId32, int32_t(ret)); |
| } |
| } else { |
| ALOGE("Unable to communicate with KeyStore"); |
| } |
| } |
| } |
| |
| } // namespace implementation |
| } // namespace V2_1 |
| } // namespace fingerprint |
| } // namespace biometrics |
| } // namespace hardware |
| } // namespace android |