1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.hardware.biometrics;
18 
19 import static android.hardware.biometrics.BiometricManager.Authenticators;
20 
21 import android.annotation.FlaggedApi;
22 import android.annotation.IntDef;
23 import android.compat.annotation.UnsupportedAppUsage;
24 import android.os.Build;
25 
26 import java.lang.annotation.Retention;
27 import java.lang.annotation.RetentionPolicy;
28 
29 /**
30  * Interface containing all of the biometric modality agnostic constants.
31  *
32  * NOTE: The error messages must be consistent between BiometricConstants, Biometric*Constants,
33  *       and the frameworks/support/biometric/.../BiometricConstants files.
34  *
35  * @hide
36  */
37 public interface BiometricConstants {
38     //
39     // Error messages from biometric hardware during initilization, enrollment, authentication or
40     // removal.
41     //
42 
43     /**
44      * This was not added here since it would update BiometricPrompt API. But, is used in
45      * BiometricManager.
46      * @hide
47      */
48     int BIOMETRIC_SUCCESS = 0;
49 
50     /**
51      * The hardware is unavailable. Try again later.
52      */
53     int BIOMETRIC_ERROR_HW_UNAVAILABLE = 1;
54 
55     /**
56      * Error state returned when the sensor was unable to process the current image.
57      */
58     int BIOMETRIC_ERROR_UNABLE_TO_PROCESS = 2;
59 
60     /**
61      * Error state returned when the current request has been running too long. This is intended to
62      * prevent programs from waiting for the biometric sensor indefinitely. The timeout is platform
63      * and sensor-specific, but is generally on the order of 30 seconds.
64      */
65     int BIOMETRIC_ERROR_TIMEOUT = 3;
66 
67     /**
68      * Error state returned for operations like enrollment; the operation cannot be completed
69      * because there's not enough storage remaining to complete the operation.
70      */
71     int BIOMETRIC_ERROR_NO_SPACE = 4;
72 
73     /**
74      * The operation was canceled because the biometric sensor is unavailable. For example, this may
75      * happen when the user is switched, the device is locked or another pending operation prevents
76      * or disables it.
77      */
78     int BIOMETRIC_ERROR_CANCELED = 5;
79 
80     /**
81      * The {@link BiometricManager#remove} call failed. Typically this will happen when the provided
82      * biometric id was incorrect.
83      *
84      * @hide
85      */
86     int BIOMETRIC_ERROR_UNABLE_TO_REMOVE = 6;
87 
88     /**
89      * The operation was canceled because the API is locked out due to too many attempts.
90      * This occurs after 5 failed attempts, and lasts for 30 seconds.
91      */
92     int BIOMETRIC_ERROR_LOCKOUT = 7;
93 
94     /**
95      * OEMs should use this constant if there are conditions that do not fit under any of the other
96      * publicly defined constants, and must provide appropriate strings for these
97      * errors to the {@link BiometricPrompt.AuthenticationCallback#onAuthenticationError(int,
98      * CharSequence)} callback. OEMs should expect that the error message will be shown to users.
99      */
100     int BIOMETRIC_ERROR_VENDOR = 8;
101 
102     /**
103      * The operation was canceled because BIOMETRIC_ERROR_LOCKOUT occurred too many times.
104      * Biometric authentication is disabled until the user unlocks with strong authentication
105      * (PIN/Pattern/Password)
106      */
107     int BIOMETRIC_ERROR_LOCKOUT_PERMANENT = 9;
108 
109     /**
110      * The user canceled the operation. Upon receiving this, applications should use alternate
111      * authentication (e.g. a password). The application should also provide the means to return to
112      * biometric authentication, such as a "use <biometric>" button.
113      */
114     int BIOMETRIC_ERROR_USER_CANCELED = 10;
115 
116     /**
117      * The user does not have any biometrics enrolled.
118      */
119     int BIOMETRIC_ERROR_NO_BIOMETRICS = 11;
120 
121     /**
122      * The device does not have a biometric sensor.
123      */
124     int BIOMETRIC_ERROR_HW_NOT_PRESENT = 12;
125 
126     /**
127      * The user pressed the negative button. This is a placeholder that is currently only used
128      * by the support library.
129      * @hide
130      */
131     int BIOMETRIC_ERROR_NEGATIVE_BUTTON = 13;
132 
133     /**
134      * The device does not have pin, pattern, or password set up. See
135      * {@link BiometricPrompt.Builder#setAllowedAuthenticators(int)},
136      * {@link Authenticators#DEVICE_CREDENTIAL}, and {@link BiometricManager#canAuthenticate(int)}.
137      */
138     int BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL = 14;
139 
140     /**
141      * A security vulnerability has been discovered and the sensor is unavailable until a
142      * security update has addressed this issue. This error can be received if for example,
143      * authentication was requested with {@link Authenticators#BIOMETRIC_STRONG}, but the
144      * sensor's strength can currently only meet {@link Authenticators#BIOMETRIC_WEAK}.
145      */
146     int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED = 15;
147 
148     /**
149      * Authentication cannot proceed because re-enrollment is required.
150      * @hide
151      */
152     int BIOMETRIC_ERROR_RE_ENROLL = 16;
153 
154     /**
155      * The privacy setting has been enabled and will block use of the sensor.
156      * @hide
157      */
158     int BIOMETRIC_ERROR_SENSOR_PRIVACY_ENABLED = 18;
159 
160     /**
161      * A power press stopped this biometric operation.
162      * @hide
163      */
164     int BIOMETRIC_ERROR_POWER_PRESSED = 19;
165     /**
166      * This constant is only used by SystemUI. It notifies SystemUI that authentication was paused
167      * because the authentication attempt was unsuccessful.
168      * @hide
169      */
170     int BIOMETRIC_PAUSED_REJECTED = 100;
171 
172     /**
173      * @hide
174      */
175     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
176     int BIOMETRIC_ERROR_VENDOR_BASE = 1000;
177 
178     @IntDef({BIOMETRIC_SUCCESS,
179             BIOMETRIC_ERROR_HW_UNAVAILABLE,
180             BIOMETRIC_ERROR_UNABLE_TO_PROCESS,
181             BIOMETRIC_ERROR_TIMEOUT,
182             BIOMETRIC_ERROR_NO_SPACE,
183             BIOMETRIC_ERROR_CANCELED,
184             BIOMETRIC_ERROR_UNABLE_TO_REMOVE,
185             BIOMETRIC_ERROR_LOCKOUT,
186             BIOMETRIC_ERROR_VENDOR,
187             BIOMETRIC_ERROR_LOCKOUT_PERMANENT,
188             BIOMETRIC_ERROR_USER_CANCELED,
189             BIOMETRIC_ERROR_NO_BIOMETRICS,
190             BIOMETRIC_ERROR_HW_NOT_PRESENT,
191             BIOMETRIC_ERROR_NEGATIVE_BUTTON,
192             BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL,
193             BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED,
194             BIOMETRIC_PAUSED_REJECTED})
195     @Retention(RetentionPolicy.SOURCE)
196     @interface Errors {}
197 
198     //
199     // Image acquisition messages.
200     //
201 
202     /**
203      * @hide
204      */
205     @IntDef({BIOMETRIC_ACQUIRED_GOOD,
206             BIOMETRIC_ACQUIRED_PARTIAL,
207             BIOMETRIC_ACQUIRED_INSUFFICIENT,
208             BIOMETRIC_ACQUIRED_IMAGER_DIRTY,
209             BIOMETRIC_ACQUIRED_TOO_SLOW,
210             BIOMETRIC_ACQUIRED_TOO_FAST,
211             BIOMETRIC_ACQUIRED_VENDOR})
212     @Retention(RetentionPolicy.SOURCE)
213     @interface Acquired {}
214 
215     /**
216      * The image acquired was good.
217      */
218     int BIOMETRIC_ACQUIRED_GOOD = 0;
219 
220     /**
221      * Only a partial biometric image was detected. During enrollment, the user should be informed
222      * on what needs to happen to resolve this problem, e.g. "press firmly on sensor." (for
223      * fingerprint)
224      */
225     int BIOMETRIC_ACQUIRED_PARTIAL = 1;
226 
227     /**
228      * The biometric image was too noisy to process due to a detected condition or a possibly dirty
229      * sensor (See {@link #BIOMETRIC_ACQUIRED_IMAGER_DIRTY}).
230      */
231     int BIOMETRIC_ACQUIRED_INSUFFICIENT = 2;
232 
233     /**
234      * The biometric image was too noisy due to suspected or detected dirt on the sensor.  For
235      * example, it's reasonable return this after multiple {@link #BIOMETRIC_ACQUIRED_INSUFFICIENT}
236      * or actual detection of dirt on the sensor (stuck pixels, swaths, etc.). The user is expected
237      * to take action to clean the sensor when this is returned.
238      */
239     int BIOMETRIC_ACQUIRED_IMAGER_DIRTY = 3;
240 
241     /**
242      * The biometric image was unreadable due to lack of motion.
243      */
244     int BIOMETRIC_ACQUIRED_TOO_SLOW = 4;
245 
246     /**
247      * The biometric image was incomplete due to quick motion. For example, this could also happen
248      * if the user moved during acquisition. The user should be asked to repeat the operation more
249      * slowly.
250      */
251     int BIOMETRIC_ACQUIRED_TOO_FAST = 5;
252 
253     /**
254      * Hardware vendors may extend this list if there are conditions that do not fall under one of
255      * the above categories. Vendors are responsible for providing error strings for these errors.
256      * @hide
257      */
258     int BIOMETRIC_ACQUIRED_VENDOR = 6;
259     /**
260      * @hide
261      */
262     int BIOMETRIC_ACQUIRED_VENDOR_BASE = 1000;
263 
264     //
265     // Internal messages.
266     //
267 
268     /**
269      * See {@link BiometricPrompt.Builder#setReceiveSystemEvents(boolean)}. This message is sent
270      * immediately when the user cancels authentication for example by tapping the back button or
271      * tapping the scrim. This is before {@link #BIOMETRIC_ERROR_USER_CANCELED}, which is sent when
272      * dismissal animation completes.
273      * @hide
274      */
275     int BIOMETRIC_SYSTEM_EVENT_EARLY_USER_CANCEL = 1;
276 
277     /**
278      * No lockout.
279      * @hide
280      */
281     int BIOMETRIC_LOCKOUT_NONE = 0;
282     /**
283      * The biometric is in a temporary lockout state that will expire after some time.
284      * @hide
285      */
286     int BIOMETRIC_LOCKOUT_TIMED = 1;
287     /**
288      * The biometric is locked out until a reset occurs. Resets are typically triggered by
289      * successfully authenticating via a stronger method than the one that is locked out.
290      * @hide
291      */
292     int BIOMETRIC_LOCKOUT_PERMANENT = 2;
293 
294     /**
295      * @hide
296      */
297     @Retention(RetentionPolicy.SOURCE)
298     @IntDef({BIOMETRIC_LOCKOUT_NONE, BIOMETRIC_LOCKOUT_TIMED, BIOMETRIC_LOCKOUT_PERMANENT})
299     @interface LockoutMode {}
300 
301     //
302     // Other miscellaneous constants
303     //
304 
305     /**
306      * Returned from {@link BiometricManager#getLastAuthenticationTime(int)} when there has
307      * been no successful authentication for the given authenticator since boot.
308      */
309     @FlaggedApi(Flags.FLAG_LAST_AUTHENTICATION_TIME)
310     long BIOMETRIC_NO_AUTHENTICATION = -1;
311 }
312