Gitiles
Code Review Sign In
review.blissroms.org / platform_hardware_interfaces / 035ce20c080e942a245eb82fe69ed04f9175bc81 / . / biometrics / fingerprint / 2.1 / IBiometricsFingerprint.hal
blob: b7f8d8837d8848d2a61351d2cb15cab7d568aff8 [file] [log] [blame]
Sasha Levitskiy7bceb232016-09-02 11:27:42 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.hardware.biometrics.fingerprint@2.1;
18
Sasha Levitskiy965bd322016-10-21 10:55:25 -0700[diff] [blame]19import IBiometricsFingerprintClientCallback;
20
Sasha Levitskiy7bceb232016-09-02 11:27:42 -0700[diff] [blame]21interface IBiometricsFingerprint {
22 /*
Sasha Levitskiy965bd322016-10-21 10:55:25 -0700[diff] [blame]23 * Set notification callback:
24 * Registers a user function that must receive notifications from the HAL
25 * This call must block if the HAL state machine is in busy state until HAL
26 * leaves the busy state.
27 *
28 * @return isOk indicates if the request is accepted.
29 * @return debugErrno is a value the framework logs in case isOk == false.
30 */
31 @callflow(next={"setActiveGroup"})
32 @entry
33 setNotify(IBiometricsFingerprintClientCallback clientCallback)
34 generates (bool isOk, int32_t debugErrno);
35
36 /*
Sasha Levitskiy7bceb232016-09-02 11:27:42 -0700[diff] [blame]37 * Fingerprint pre-enroll enroll request:
38 * Generates a unique token to upper layers to indicate the start of
39 * an enrollment transaction. pre-enroll and post-enroll specify
40 * a pin/password cleared time window where enrollment is allowed.
41 * Pre-enroll only generates a challenge, a full hardwareAuthToken is
42 * generated by trustzone after verifying a pin/password/swipe. This is to
43 * ensure adding a new fingerprint template was preceded by some kind of
44 * credential confirmation (e.g. device password).
45 *
46 * @return 0 if function failed, a uint64_t of challenge otherwise.
47 */
48 @callflow(next={"enroll", "postEnroll"})
49 preEnroll() generates (uint64_t authChallenge);
50
51 /*
52 * Fingerprint enroll request:
53 * Switches the HAL state machine to collect and store a new fingerprint
54 * template. Switches back as soon as enroll is complete, signalled by
55 * (fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENROLLING &&
56 * fingerprintMsg.data.enroll.samplesRemaining == 0)
57 * or after timeoutSec seconds.
58 * The fingerprint template must be assigned to the group gid.
59 *
60 * @param hat a valid Hardware Authentication Token (HAT), generated
61 * as a result of a preEnroll() call.
62 * @param gid a framework defined fingerprint set (group) id.
63 * @param timeoutSec a timeout in seconds.
64 *
65 * @return isOk indicates if the request is accepted.
66 * @return debugErrno is a value the framework logs in case isOk == false.
67 *
68 * A notify() function may be called with a more detailed error structure.
69 */
70 @callflow(next={"cancel", "enroll", "postEnroll", "remove"})
71 enroll(HwAuthToken hat, uint32_t gid, uint32_t timeoutSec)
72 generates (bool isOk, int32_t debugErrno);
73
74 /*
75 * Finishes the enroll operation and invalidates the preEnroll() generated
76 * challenge. This must be called at the end of a multi-finger enrollment
77 * session to indicate that no more fingers may be added.
78 *
79 * @return isOk indicates if the request is accepted.
80 * @return debugErrno is a value the framework logs in case isOk == false.
81 */
82 @callflow(next={"authenticate", "setActiveGroup", "enumerate", "remove"})
83 postEnroll() generates (bool isOk, int32_t debugErrno);
84
85 /*
86 * getAuthenticatorId:
87 * Returns a token associated with the current fingerprint set. This value
88 * must change whenever a new fingerprint is enrolled, thus creating a new
89 * fingerprint set.
90 *
91 * @return getAuthenticatorIdRet current authenticator id, 0 if function
92 * failed.
93 */
94 @callflow(next={"authenticate"})
95 getAuthenticatorId() generates (uint64_t AuthenticatorId);
96
97 /*
98 * Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED
99 * to all running clients. Switches the HAL state machine back to the idle
100 * state. Unlike enrollDone() doesn't invalidate the preEnroll() challenge.
101 *
102 * @return isOk indicates if the request is accepted.
103 * @return debugErrno is a value the framework logs in case isOk == false.
104 */
105 @callflow(next={"authenticate", "enroll", "enumerate", "remove",
106 "setActiveGroup"})
107 cancel() generates (bool isOk, int32_t debugErrno);
108
109 /*
110 * Enumerate all the fingerprint templates found in the directory set by
111 * setActiveGroup():
112 * For each template found a notify() must be called with:
113 * fingerprintMsg.type == FINGERPRINT_TEMPLATE_ENUMERATED
114 * fingerprintMsg.data.enumerated.finger indicating a template id
115 * fingerprintMsg.data.enumerated.remainingTemplates indicating how many more
116 * enumeration messages to expect.
117 *
118 * @return isOk indicates if the request is accepted.
119 * @return debugErrno is a value the framework logs in case isOk == false.
120 */
121 @callflow(next={"remove", "enroll", "authenticate", "setActiveGroup"})
122 enumerate() generates (bool isOk, int32_t debugErrno);
123
124 /*
125 * Fingerprint remove request:
126 * Deletes fingerprint template(s).
127 * Works only within the path set by setActiveGroup().
128 * For each template found a notify() must be called with:
129 * fingerprintMsg.type == FINGERPRINT_TEMPLATE_REMOVED
130 * fingerprintMsg.data.removed.finger indicating the template id deleted
131 * fingerprintMsg.data.removed.remainingTemplates indicating how many more
132 * templates must be deleted by this operation.
133 *
134 * @param gid group id must match the last group set by setActiveGroup().
135 * @param fid template id to delete or 0 to delete all templates within the
136 * current group.
137 *
138 * @return isOk indicates if the request is accepted.
139 * @return debugErrno is a value the framework logs in case isOk == false.
140 */
141 @callflow(next={"enumerate", "authenticate", "cancel", "getAuthenticatorId",
142 "setActiveGroup"})
143 remove(uint32_t gid, uint32_t fid) generates (bool isOk, int32_t debugErrno);
144
145 /*
146 * Restricts the HAL operation to a set of fingerprints belonging to a group
147 * provided. The caller must provide a path to a storage location within the
148 * user's data directory.
149 *
150 * @param gid the fingerprint group (set) id.
151 * @param storePath filesystem path to the template storage directory.
152 *
153 * @return isOk indicates if the request is accepted.
154 * @return debugErrno is a value the framework logs in case isOk == false.
155 */
156 @callflow(next={"authenticate", "preEnroll", "enumerate", "remove"})
Sasha Levitskiy7bceb232016-09-02 11:27:42 -0700[diff] [blame]157 setActiveGroup(uint32_t gid, string storePath)
158 generates (bool isOk, int32_t debugErrno);
159
160 /*
Sasha Levitskiy2ef9f662016-10-21 11:01:34 -0700[diff] [blame]161 * Authenticates an operation identified by operationId
Sasha Levitskiy7bceb232016-09-02 11:27:42 -0700[diff] [blame]162 *
163 * @param operationId operation id.
164 * @param gid fingerprint group id.
165 *
166 * @return isOk indicates if the request is accepted.
167 * @return debugErrno is a value the framework logs in case isOk == false.
168 */
169 @callflow(next={"cancel", "preEnroll", "remove"})
170 authenticate(uint64_t operationId, uint32_t gid)
171 generates (bool isOk, int32_t debugErrno);
172};