1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #define LOG_TAG "[email protected]"
17 #define LOG_VERBOSE "[email protected]"
18 
19 #include <hardware/hw_auth_token.h>
20 
21 #include <hardware/hardware.h>
22 #include <hardware/fingerprint.h>
23 #include "BiometricsFingerprint.h"
24 
25 #include <inttypes.h>
26 #include <unistd.h>
27 
28 namespace android {
29 namespace hardware {
30 namespace biometrics {
31 namespace fingerprint {
32 namespace V2_1 {
33 namespace implementation {
34 
35 // Supported fingerprint HAL version
36 static const uint16_t kVersion = HARDWARE_MODULE_API_VERSION(2, 1);
37 
38 using RequestStatus =
39         android::hardware::biometrics::fingerprint::V2_1::RequestStatus;
40 
41 BiometricsFingerprint *BiometricsFingerprint::sInstance = nullptr;
42 
BiometricsFingerprint()43 BiometricsFingerprint::BiometricsFingerprint() : mClientCallback(nullptr), mDevice(nullptr) {
44     sInstance = this; // keep track of the most recent instance
45     mDevice = openHal();
46     if (!mDevice) {
47         ALOGE("Can't open HAL module");
48     }
49 }
50 
~BiometricsFingerprint()51 BiometricsFingerprint::~BiometricsFingerprint() {
52     ALOGV("~BiometricsFingerprint()");
53     if (mDevice == nullptr) {
54         ALOGE("No valid device");
55         return;
56     }
57     int err;
58     if (0 != (err = mDevice->common.close(
59             reinterpret_cast<hw_device_t*>(mDevice)))) {
60         ALOGE("Can't close fingerprint module, error: %d", err);
61         return;
62     }
63     mDevice = nullptr;
64 }
65 
ErrorFilter(int32_t error)66 Return<RequestStatus> BiometricsFingerprint::ErrorFilter(int32_t error) {
67     switch(error) {
68         case 0: return RequestStatus::SYS_OK;
69         case -2: return RequestStatus::SYS_ENOENT;
70         case -4: return RequestStatus::SYS_EINTR;
71         case -5: return RequestStatus::SYS_EIO;
72         case -11: return RequestStatus::SYS_EAGAIN;
73         case -12: return RequestStatus::SYS_ENOMEM;
74         case -13: return RequestStatus::SYS_EACCES;
75         case -14: return RequestStatus::SYS_EFAULT;
76         case -16: return RequestStatus::SYS_EBUSY;
77         case -22: return RequestStatus::SYS_EINVAL;
78         case -28: return RequestStatus::SYS_ENOSPC;
79         case -110: return RequestStatus::SYS_ETIMEDOUT;
80         default:
81             ALOGE("An unknown error returned from fingerprint vendor library: %d", error);
82             return RequestStatus::SYS_UNKNOWN;
83     }
84 }
85 
86 // Translate from errors returned by traditional HAL (see fingerprint.h) to
87 // HIDL-compliant FingerprintError.
VendorErrorFilter(int32_t error,int32_t * vendorCode)88 FingerprintError BiometricsFingerprint::VendorErrorFilter(int32_t error,
89             int32_t* vendorCode) {
90     *vendorCode = 0;
91     switch(error) {
92         case FINGERPRINT_ERROR_HW_UNAVAILABLE:
93             return FingerprintError::ERROR_HW_UNAVAILABLE;
94         case FINGERPRINT_ERROR_UNABLE_TO_PROCESS:
95             return FingerprintError::ERROR_UNABLE_TO_PROCESS;
96         case FINGERPRINT_ERROR_TIMEOUT:
97             return FingerprintError::ERROR_TIMEOUT;
98         case FINGERPRINT_ERROR_NO_SPACE:
99             return FingerprintError::ERROR_NO_SPACE;
100         case FINGERPRINT_ERROR_CANCELED:
101             return FingerprintError::ERROR_CANCELED;
102         case FINGERPRINT_ERROR_UNABLE_TO_REMOVE:
103             return FingerprintError::ERROR_UNABLE_TO_REMOVE;
104         case FINGERPRINT_ERROR_LOCKOUT:
105             return FingerprintError::ERROR_LOCKOUT;
106         default:
107             if (error >= FINGERPRINT_ERROR_VENDOR_BASE) {
108                 // vendor specific code.
109                 *vendorCode = error - FINGERPRINT_ERROR_VENDOR_BASE;
110                 return FingerprintError::ERROR_VENDOR;
111             }
112     }
113     ALOGE("Unknown error from fingerprint vendor library: %d", error);
114     return FingerprintError::ERROR_UNABLE_TO_PROCESS;
115 }
116 
117 // Translate acquired messages returned by traditional HAL (see fingerprint.h)
118 // to HIDL-compliant FingerprintAcquiredInfo.
VendorAcquiredFilter(int32_t info,int32_t * vendorCode)119 FingerprintAcquiredInfo BiometricsFingerprint::VendorAcquiredFilter(
120         int32_t info, int32_t* vendorCode) {
121     *vendorCode = 0;
122     switch(info) {
123         case FINGERPRINT_ACQUIRED_GOOD:
124             return FingerprintAcquiredInfo::ACQUIRED_GOOD;
125         case FINGERPRINT_ACQUIRED_PARTIAL:
126             return FingerprintAcquiredInfo::ACQUIRED_PARTIAL;
127         case FINGERPRINT_ACQUIRED_INSUFFICIENT:
128             return FingerprintAcquiredInfo::ACQUIRED_INSUFFICIENT;
129         case FINGERPRINT_ACQUIRED_IMAGER_DIRTY:
130             return FingerprintAcquiredInfo::ACQUIRED_IMAGER_DIRTY;
131         case FINGERPRINT_ACQUIRED_TOO_SLOW:
132             return FingerprintAcquiredInfo::ACQUIRED_TOO_SLOW;
133         case FINGERPRINT_ACQUIRED_TOO_FAST:
134             return FingerprintAcquiredInfo::ACQUIRED_TOO_FAST;
135         default:
136             if (info >= FINGERPRINT_ACQUIRED_VENDOR_BASE) {
137                 // vendor specific code.
138                 *vendorCode = info - FINGERPRINT_ACQUIRED_VENDOR_BASE;
139                 return FingerprintAcquiredInfo::ACQUIRED_VENDOR;
140             }
141     }
142     ALOGE("Unknown acquiredmsg from fingerprint vendor library: %d", info);
143     return FingerprintAcquiredInfo::ACQUIRED_INSUFFICIENT;
144 }
145 
setNotify(const sp<IBiometricsFingerprintClientCallback> & clientCallback)146 Return<uint64_t> BiometricsFingerprint::setNotify(
147         const sp<IBiometricsFingerprintClientCallback>& clientCallback) {
148     std::lock_guard<std::mutex> lock(mClientCallbackMutex);
149     mClientCallback = clientCallback;
150     // This is here because HAL 2.1 doesn't have a way to propagate a
151     // unique token for its driver. Subsequent versions should send a unique
152     // token for each call to setNotify(). This is fine as long as there's only
153     // one fingerprint device on the platform.
154     return reinterpret_cast<uint64_t>(mDevice);
155 }
156 
preEnroll()157 Return<uint64_t> BiometricsFingerprint::preEnroll()  {
158     return mDevice->pre_enroll(mDevice);
159 }
160 
enroll(const hidl_array<uint8_t,69> & hat,uint32_t gid,uint32_t timeoutSec)161 Return<RequestStatus> BiometricsFingerprint::enroll(const hidl_array<uint8_t, 69>& hat,
162         uint32_t gid, uint32_t timeoutSec) {
163     const hw_auth_token_t* authToken =
164         reinterpret_cast<const hw_auth_token_t*>(hat.data());
165     return ErrorFilter(mDevice->enroll(mDevice, authToken, gid, timeoutSec));
166 }
167 
postEnroll()168 Return<RequestStatus> BiometricsFingerprint::postEnroll() {
169     return ErrorFilter(mDevice->post_enroll(mDevice));
170 }
171 
getAuthenticatorId()172 Return<uint64_t> BiometricsFingerprint::getAuthenticatorId() {
173     return mDevice->get_authenticator_id(mDevice);
174 }
175 
cancel()176 Return<RequestStatus> BiometricsFingerprint::cancel() {
177     return ErrorFilter(mDevice->cancel(mDevice));
178 }
179 
enumerate()180 Return<RequestStatus> BiometricsFingerprint::enumerate()  {
181     return ErrorFilter(mDevice->enumerate(mDevice));
182 }
183 
remove(uint32_t gid,uint32_t fid)184 Return<RequestStatus> BiometricsFingerprint::remove(uint32_t gid, uint32_t fid) {
185     return ErrorFilter(mDevice->remove(mDevice, gid, fid));
186 }
187 
setActiveGroup(uint32_t gid,const hidl_string & storePath)188 Return<RequestStatus> BiometricsFingerprint::setActiveGroup(uint32_t gid,
189         const hidl_string& storePath) {
190     if (storePath.size() >= PATH_MAX || storePath.size() <= 0) {
191         ALOGE("Bad path length: %zd", storePath.size());
192         return RequestStatus::SYS_EINVAL;
193     }
194     if (access(storePath.c_str(), W_OK)) {
195         return RequestStatus::SYS_EINVAL;
196     }
197 
198     return ErrorFilter(mDevice->set_active_group(mDevice, gid,
199                                                     storePath.c_str()));
200 }
201 
authenticate(uint64_t operationId,uint32_t gid)202 Return<RequestStatus> BiometricsFingerprint::authenticate(uint64_t operationId,
203         uint32_t gid) {
204     return ErrorFilter(mDevice->authenticate(mDevice, operationId, gid));
205 }
206 
getInstance()207 IBiometricsFingerprint* BiometricsFingerprint::getInstance() {
208     if (!sInstance) {
209       sInstance = new BiometricsFingerprint();
210     }
211     return sInstance;
212 }
213 
openHal()214 fingerprint_device_t* BiometricsFingerprint::openHal() {
215     int err;
216     const hw_module_t *hw_mdl = nullptr;
217     ALOGD("Opening fingerprint hal library...");
218     if (0 != (err = hw_get_module(FINGERPRINT_HARDWARE_MODULE_ID, &hw_mdl))) {
219         ALOGE("Can't open fingerprint HW Module, error: %d", err);
220         return nullptr;
221     }
222 
223     if (hw_mdl == nullptr) {
224         ALOGE("No valid fingerprint module");
225         return nullptr;
226     }
227 
228     fingerprint_module_t const *module =
229         reinterpret_cast<const fingerprint_module_t*>(hw_mdl);
230     if (module->common.methods->open == nullptr) {
231         ALOGE("No valid open method");
232         return nullptr;
233     }
234 
235     hw_device_t *device = nullptr;
236 
237     if (0 != (err = module->common.methods->open(hw_mdl, nullptr, &device))) {
238         ALOGE("Can't open fingerprint methods, error: %d", err);
239         return nullptr;
240     }
241 
242     if (kVersion != device->version) {
243         // enforce version on new devices because of [email protected] translation layer
244         ALOGE("Wrong fp version. Expected %d, got %d", kVersion, device->version);
245         return nullptr;
246     }
247 
248     fingerprint_device_t* fp_device =
249         reinterpret_cast<fingerprint_device_t*>(device);
250 
251     if (0 != (err =
252             fp_device->set_notify(fp_device, BiometricsFingerprint::notify))) {
253         ALOGE("Can't register fingerprint module callback, error: %d", err);
254         return nullptr;
255     }
256 
257     return fp_device;
258 }
259 
notify(const fingerprint_msg_t * msg)260 void BiometricsFingerprint::notify(const fingerprint_msg_t *msg) {
261     BiometricsFingerprint* thisPtr = static_cast<BiometricsFingerprint*>(
262             BiometricsFingerprint::getInstance());
263     std::lock_guard<std::mutex> lock(thisPtr->mClientCallbackMutex);
264     if (thisPtr == nullptr || thisPtr->mClientCallback == nullptr) {
265         ALOGE("Receiving callbacks before the client callback is registered.");
266         return;
267     }
268     const uint64_t devId = reinterpret_cast<uint64_t>(thisPtr->mDevice);
269     switch (msg->type) {
270         case FINGERPRINT_ERROR: {
271                 int32_t vendorCode = 0;
272                 FingerprintError result = VendorErrorFilter(msg->data.error, &vendorCode);
273                 ALOGD("onError(%d)", result);
274                 if (!thisPtr->mClientCallback->onError(devId, result, vendorCode).isOk()) {
275                     ALOGE("failed to invoke fingerprint onError callback");
276                 }
277             }
278             break;
279         case FINGERPRINT_ACQUIRED: {
280                 int32_t vendorCode = 0;
281                 FingerprintAcquiredInfo result =
282                     VendorAcquiredFilter(msg->data.acquired.acquired_info, &vendorCode);
283                 ALOGD("onAcquired(%d)", result);
284                 if (!thisPtr->mClientCallback->onAcquired(devId, result, vendorCode).isOk()) {
285                     ALOGE("failed to invoke fingerprint onAcquired callback");
286                 }
287             }
288             break;
289         case FINGERPRINT_TEMPLATE_ENROLLING:
290             ALOGD("onEnrollResult(fid=%d, gid=%d, rem=%d)",
291                 msg->data.enroll.finger.fid,
292                 msg->data.enroll.finger.gid,
293                 msg->data.enroll.samples_remaining);
294             if (!thisPtr->mClientCallback->onEnrollResult(devId,
295                     msg->data.enroll.finger.fid,
296                     msg->data.enroll.finger.gid,
297                     msg->data.enroll.samples_remaining).isOk()) {
298                 ALOGE("failed to invoke fingerprint onEnrollResult callback");
299             }
300             break;
301         case FINGERPRINT_TEMPLATE_REMOVED:
302             ALOGD("onRemove(fid=%d, gid=%d, rem=%d)",
303                 msg->data.removed.finger.fid,
304                 msg->data.removed.finger.gid,
305                 msg->data.removed.remaining_templates);
306             if (!thisPtr->mClientCallback->onRemoved(devId,
307                     msg->data.removed.finger.fid,
308                     msg->data.removed.finger.gid,
309                     msg->data.removed.remaining_templates).isOk()) {
310                 ALOGE("failed to invoke fingerprint onRemoved callback");
311             }
312             break;
313         case FINGERPRINT_AUTHENTICATED:
314             if (msg->data.authenticated.finger.fid != 0) {
315                 ALOGD("onAuthenticated(fid=%d, gid=%d)",
316                     msg->data.authenticated.finger.fid,
317                     msg->data.authenticated.finger.gid);
318                 const uint8_t* hat =
319                     reinterpret_cast<const uint8_t *>(&msg->data.authenticated.hat);
320                 const hidl_vec<uint8_t> token(
321                     std::vector<uint8_t>(hat, hat + sizeof(msg->data.authenticated.hat)));
322                 if (!thisPtr->mClientCallback->onAuthenticated(devId,
323                         msg->data.authenticated.finger.fid,
324                         msg->data.authenticated.finger.gid,
325                         token).isOk()) {
326                     ALOGE("failed to invoke fingerprint onAuthenticated callback");
327                 }
328             } else {
329                 // Not a recognized fingerprint
330                 if (!thisPtr->mClientCallback->onAuthenticated(devId,
331                         msg->data.authenticated.finger.fid,
332                         msg->data.authenticated.finger.gid,
333                         hidl_vec<uint8_t>()).isOk()) {
334                     ALOGE("failed to invoke fingerprint onAuthenticated callback");
335                 }
336             }
337             break;
338         case FINGERPRINT_TEMPLATE_ENUMERATING:
339             ALOGD("onEnumerate(fid=%d, gid=%d, rem=%d)",
340                 msg->data.enumerated.finger.fid,
341                 msg->data.enumerated.finger.gid,
342                 msg->data.enumerated.remaining_templates);
343             if (!thisPtr->mClientCallback->onEnumerate(devId,
344                     msg->data.enumerated.finger.fid,
345                     msg->data.enumerated.finger.gid,
346                     msg->data.enumerated.remaining_templates).isOk()) {
347                 ALOGE("failed to invoke fingerprint onEnumerate callback");
348             }
349             break;
350     }
351 }
352 
353 } // namespace implementation
354 }  // namespace V2_1
355 }  // namespace fingerprint
356 }  // namespace biometrics
357 }  // namespace hardware
358 }  // namespace android
359