1 files changed, 49 insertions, 11 deletions

diff --git a/services/core/jni/com_android_server_fingerprint_FingerprintService.cpp b/services/core/jni/com_android_server_fingerprint_FingerprintService.cpp
index e1c4e27..5a86923 100644
--- a/services/core/jni/com_android_server_fingerprint_FingerprintService.cpp
+++ b/services/core/jni/com_android_server_fingerprint_FingerprintService.cpp
@@ -22,12 +22,20 @@
 #include <android_runtime/AndroidRuntime.h>
 #include <android_runtime/Log.h>
 #include <android_os_MessageQueue.h>
+#include <binder/IServiceManager.h>
+#include <utils/String16.h>
+#include <utils/Looper.h>
+#include <keystore/IKeystoreService.h>
+#include <keystore/keystore.h> // for error code
+
 #include <hardware/hardware.h>
 #include <hardware/fingerprint.h>
+#include <hardware/hw_auth_token.h>
+
 #include <utils/Log.h>
-#include <utils/Looper.h>
 #include "core_jni_helpers.h"
 
+
 namespace android {
 
 static const uint16_t kVersion = HARDWARE_MODULE_API_VERSION(2, 0);
@@ -60,6 +68,23 @@ public:
     }
 };
 
+static void notifyKeystore(uint8_t *auth_token, size_t auth_token_length) {
+    if (auth_token != NULL && auth_token_length > 0) {
+        // TODO: cache service?
+        sp<IServiceManager> sm = defaultServiceManager();
+        sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
+        sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
+        if (service != NULL) {
+            status_t ret = service->addAuthToken(auth_token, auth_token_length);
+            if (ret != ResponseCode::NO_ERROR) {
+                ALOGE("Falure sending auth token to KeyStore: %d", ret);
+            }
+        } else {
+            ALOGE("Unable to communicate with KeyStore");
+        }
+    }
+}
+
 // Called by the HAL to notify us of fingerprint events
 static void hal_notify_callback(fingerprint_msg_t msg) {
     uint32_t arg1 = 0;
@@ -72,9 +97,13 @@ static void hal_notify_callback(fingerprint_msg_t msg) {
         case FINGERPRINT_ACQUIRED:
             arg1 = msg.data.acquired.acquired_info;
             break;
-        case FINGERPRINT_PROCESSED:
-            arg1 = msg.data.processed.finger.fid;
-            arg2 = msg.data.processed.finger.gid;
+        case FINGERPRINT_AUTHENTICATED:
+            arg1 = msg.data.authenticated.finger.fid;
+            arg2 = msg.data.authenticated.finger.gid;
+            if (arg1 != 0) {
+                notifyKeystore(reinterpret_cast<uint8_t *>(&msg.data.authenticated.hat),
+                        sizeof(msg.data.authenticated.hat));
+            }
             break;
         case FINGERPRINT_TEMPLATE_ENROLLING:
             arg1 = msg.data.enroll.finger.fid;
@@ -101,15 +130,23 @@ static void nativeInit(JNIEnv *env, jobject clazz, jobject mQueue, jobject callb
     gLooper = android_os_MessageQueue_getMessageQueue(env, mQueue)->getLooper();
 }
 
-static jint nativeEnroll(JNIEnv* env, jobject clazz, jlong challenge, jint groupId, jint timeout) {
+static jint nativeEnroll(JNIEnv* env, jobject clazz, jbyteArray token, jint groupId, jint timeout) {
     ALOG(LOG_VERBOSE, LOG_TAG, "nativeEnroll(gid=%d, timeout=%d)\n", groupId, timeout);
-    int ret = gContext.device->enroll(gContext.device, groupId, timeout);
+    const int tokenSize = env->GetArrayLength(token);
+    jbyte* tokenData = env->GetByteArrayElements(token, 0);
+    if (tokenSize != sizeof(hw_auth_token_t)) {
+        ALOG(LOG_VERBOSE, LOG_TAG, "nativeEnroll() : invalid token size %d\n", tokenSize);
+        return -1;
+    }
+    int ret = gContext.device->enroll(gContext.device,
+            reinterpret_cast<const hw_auth_token_t*>(tokenData), groupId, timeout);
+    env->ReleaseByteArrayElements(token, tokenData, 0);
     return reinterpret_cast<jint>(ret);
 }
 
-static jint nativePreEnroll(JNIEnv* env, jobject clazz) {
+static jlong nativePreEnroll(JNIEnv* env, jobject clazz) {
     uint64_t ret = gContext.device->pre_enroll(gContext.device);
-    ALOG(LOG_VERBOSE, LOG_TAG, "nativePreEnroll(), result = %" PRId64 "\n", ret);
+    // ALOG(LOG_VERBOSE, LOG_TAG, "nativePreEnroll(), result = %llx", ret);
     return reinterpret_cast<jlong>((int64_t)ret);
 }
 
@@ -125,7 +162,7 @@ static jint nativeAuthenticate(JNIEnv* env, jobject clazz, jlong sessionId, jint
     return reinterpret_cast<jint>(ret);
 }
 
-static jint nativeStopAuthentication(JNIEnv* env, jobject clazz, jlong sessionId) {
+static jint nativeStopAuthentication(JNIEnv* env, jobject clazz) {
     ALOG(LOG_VERBOSE, LOG_TAG, "nativeStopAuthentication()\n");
     int ret = gContext.device->cancel(gContext.device);
     return reinterpret_cast<jint>(ret);
@@ -194,11 +231,12 @@ static jint nativeCloseHal(JNIEnv* env, jobject clazz) {
 
 // ----------------------------------------------------------------------------
 
+
 // TODO: clean up void methods
 static const JNINativeMethod g_methods[] = {
     { "nativeAuthenticate", "(JI)I", (void*)nativeAuthenticate },
-    { "nativeStopAuthentication", "(J)I", (void*)nativeStopAuthentication },
-    { "nativeEnroll", "(JII)I", (void*)nativeEnroll },
+    { "nativeStopAuthentication", "()I", (void*)nativeStopAuthentication },
+    { "nativeEnroll", "([BII)I", (void*)nativeEnroll },
     { "nativePreEnroll", "()J", (void*)nativePreEnroll },
     { "nativeStopEnrollment", "()I", (void*)nativeStopEnrollment },
     { "nativeRemove", "(II)I", (void*)nativeRemove },