1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package [email protected];
18
19import [email protected]::HardwareAuthToken;
20import IConfirmationResultCallback;
21
22interface IConfirmationUI {
23    /**
24     * Asynchronously initiates a confirmation UI dialog prompting the user to confirm a given text.
25     * The TUI prompt must be implemented in such a way that a positive response indicates with
26     * high confidence that a user has seen the given prompt text even if the Android framework
27     * including the kernel was compromised.
28     *
29     * @param resultCB Implementation of IResultCallback. Used by the implementation to report
30     *                 the result of the current pending user prompt.
31     *
32     * @param promptText UTF-8 encoded string which is to be presented to the user.
33     *
34     * @param extraData A binary blob that must be included in the formatted output message as is.
35     *                  It is opaque to the implementation. Implementations must neither interpret
36     *                  nor modify the content.
37     *
38     * @param locale String specifying the locale that must be used by the TUI dialog. The string
39     *                      is an IETF BCP 47 tag.
40     *
41     * @param uiOptions A set of uiOptions manipulating how the confirmation prompt is displayed.
42     *                  Refer to UIOption in types.hal for possible options.
43     *
44     * @return error  - OK: IFF the dialog was successfully started. In this case, and only in this
45     *                      case, the implementation must, eventually, call the callback to
46     *                      indicate completion.
47     *                - OperationPending: Is returned when the confirmation provider is currently
48     *                      in use.
49     *                - SystemError: An error occurred trying to communicate with the confirmation
50     *                      provider (e.g. trusted app).
51     *                - UIError: The confirmation provider encountered an issue with displaying
52     *                      the prompt text to the user.
53     */
54    promptUserConfirmation(IConfirmationResultCallback resultCB, string promptText,
55                           vec<uint8_t> extraData, string locale, vec<UIOption> uiOptions)
56        generates(ResponseCode error);
57
58    /**
59     * DeliverSecureInput is used by the framework to deliver a secure input event to the
60     * confirmation provider.
61     *
62     * VTS test mode:
63     * This function can be used to test certain code paths non-interactively. See TestModeCommands
64     * in types.hal for details.
65     *
66     * @param secureInputToken An authentication token as generated by Android authentication
67     *                         providers.
68     *
69     * @return error - Ignored: Unless used for testing (See TestModeCommands).
70     */
71    deliverSecureInputEvent(HardwareAuthToken secureInputToken)
72        generates(ResponseCode error);
73
74    /**
75     * Aborts a pending user prompt. This allows the framework to gracefully end a TUI dialog.
76     * If a TUI operation was pending the corresponding call back is informed with
77     * ErrorCode::Aborted.
78     */
79    abort();
80};
81
82