1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.hardware.biometrics; 18 19 import static android.hardware.biometrics.BiometricManager.Authenticators; 20 21 import android.annotation.FlaggedApi; 22 import android.annotation.IntDef; 23 import android.compat.annotation.UnsupportedAppUsage; 24 import android.os.Build; 25 26 import java.lang.annotation.Retention; 27 import java.lang.annotation.RetentionPolicy; 28 29 /** 30 * Interface containing all of the biometric modality agnostic constants. 31 * 32 * NOTE: The error messages must be consistent between BiometricConstants, Biometric*Constants, 33 * and the frameworks/support/biometric/.../BiometricConstants files. 34 * 35 * @hide 36 */ 37 public interface BiometricConstants { 38 // 39 // Error messages from biometric hardware during initilization, enrollment, authentication or 40 // removal. 41 // 42 43 /** 44 * This was not added here since it would update BiometricPrompt API. But, is used in 45 * BiometricManager. 46 * @hide 47 */ 48 int BIOMETRIC_SUCCESS = 0; 49 50 /** 51 * The hardware is unavailable. Try again later. 52 */ 53 int BIOMETRIC_ERROR_HW_UNAVAILABLE = 1; 54 55 /** 56 * Error state returned when the sensor was unable to process the current image. 57 */ 58 int BIOMETRIC_ERROR_UNABLE_TO_PROCESS = 2; 59 60 /** 61 * Error state returned when the current request has been running too long. This is intended to 62 * prevent programs from waiting for the biometric sensor indefinitely. The timeout is platform 63 * and sensor-specific, but is generally on the order of 30 seconds. 64 */ 65 int BIOMETRIC_ERROR_TIMEOUT = 3; 66 67 /** 68 * Error state returned for operations like enrollment; the operation cannot be completed 69 * because there's not enough storage remaining to complete the operation. 70 */ 71 int BIOMETRIC_ERROR_NO_SPACE = 4; 72 73 /** 74 * The operation was canceled because the biometric sensor is unavailable. For example, this may 75 * happen when the user is switched, the device is locked or another pending operation prevents 76 * or disables it. 77 */ 78 int BIOMETRIC_ERROR_CANCELED = 5; 79 80 /** 81 * The {@link BiometricManager#remove} call failed. Typically this will happen when the provided 82 * biometric id was incorrect. 83 * 84 * @hide 85 */ 86 int BIOMETRIC_ERROR_UNABLE_TO_REMOVE = 6; 87 88 /** 89 * The operation was canceled because the API is locked out due to too many attempts. 90 * This occurs after 5 failed attempts, and lasts for 30 seconds. 91 */ 92 int BIOMETRIC_ERROR_LOCKOUT = 7; 93 94 /** 95 * OEMs should use this constant if there are conditions that do not fit under any of the other 96 * publicly defined constants, and must provide appropriate strings for these 97 * errors to the {@link BiometricPrompt.AuthenticationCallback#onAuthenticationError(int, 98 * CharSequence)} callback. OEMs should expect that the error message will be shown to users. 99 */ 100 int BIOMETRIC_ERROR_VENDOR = 8; 101 102 /** 103 * The operation was canceled because BIOMETRIC_ERROR_LOCKOUT occurred too many times. 104 * Biometric authentication is disabled until the user unlocks with strong authentication 105 * (PIN/Pattern/Password) 106 */ 107 int BIOMETRIC_ERROR_LOCKOUT_PERMANENT = 9; 108 109 /** 110 * The user canceled the operation. Upon receiving this, applications should use alternate 111 * authentication (e.g. a password). The application should also provide the means to return to 112 * biometric authentication, such as a "use <biometric>" button. 113 */ 114 int BIOMETRIC_ERROR_USER_CANCELED = 10; 115 116 /** 117 * The user does not have any biometrics enrolled. 118 */ 119 int BIOMETRIC_ERROR_NO_BIOMETRICS = 11; 120 121 /** 122 * The device does not have a biometric sensor. 123 */ 124 int BIOMETRIC_ERROR_HW_NOT_PRESENT = 12; 125 126 /** 127 * The user pressed the negative button. This is a placeholder that is currently only used 128 * by the support library. 129 * @hide 130 */ 131 int BIOMETRIC_ERROR_NEGATIVE_BUTTON = 13; 132 133 /** 134 * The device does not have pin, pattern, or password set up. See 135 * {@link BiometricPrompt.Builder#setAllowedAuthenticators(int)}, 136 * {@link Authenticators#DEVICE_CREDENTIAL}, and {@link BiometricManager#canAuthenticate(int)}. 137 */ 138 int BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL = 14; 139 140 /** 141 * A security vulnerability has been discovered and the sensor is unavailable until a 142 * security update has addressed this issue. This error can be received if for example, 143 * authentication was requested with {@link Authenticators#BIOMETRIC_STRONG}, but the 144 * sensor's strength can currently only meet {@link Authenticators#BIOMETRIC_WEAK}. 145 */ 146 int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED = 15; 147 148 /** 149 * Authentication cannot proceed because re-enrollment is required. 150 * @hide 151 */ 152 int BIOMETRIC_ERROR_RE_ENROLL = 16; 153 154 /** 155 * The privacy setting has been enabled and will block use of the sensor. 156 * @hide 157 */ 158 int BIOMETRIC_ERROR_SENSOR_PRIVACY_ENABLED = 18; 159 160 /** 161 * A power press stopped this biometric operation. 162 * @hide 163 */ 164 int BIOMETRIC_ERROR_POWER_PRESSED = 19; 165 166 /** 167 * Identity Check is currently not active. 168 * 169 * This device either doesn't have this feature enabled, or it's not considered in a 170 * high-risk environment that requires extra security measures for accessing sensitive data. 171 */ 172 @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API) 173 int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE = 20; 174 175 /** 176 * Biometrics is not allowed to verify the user in apps. 177 */ 178 @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API) 179 int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS = 21; 180 181 182 /** 183 * The user pressed the more options button on prompt content. This is a placeholder that is 184 * currently only used by the support library. 185 * 186 * @hide 187 */ 188 int BIOMETRIC_ERROR_CONTENT_VIEW_MORE_OPTIONS_BUTTON = 22; 189 190 /** 191 * This constant is only used by SystemUI. It notifies SystemUI that authentication was paused 192 * because the authentication attempt was unsuccessful. 193 * @hide 194 */ 195 int BIOMETRIC_PAUSED_REJECTED = 100; 196 197 /** 198 * @hide 199 */ 200 @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) 201 int BIOMETRIC_ERROR_VENDOR_BASE = 1000; 202 203 @IntDef({BIOMETRIC_SUCCESS, 204 BIOMETRIC_ERROR_HW_UNAVAILABLE, 205 BIOMETRIC_ERROR_UNABLE_TO_PROCESS, 206 BIOMETRIC_ERROR_TIMEOUT, 207 BIOMETRIC_ERROR_NO_SPACE, 208 BIOMETRIC_ERROR_CANCELED, 209 BIOMETRIC_ERROR_UNABLE_TO_REMOVE, 210 BIOMETRIC_ERROR_LOCKOUT, 211 BIOMETRIC_ERROR_VENDOR, 212 BIOMETRIC_ERROR_LOCKOUT_PERMANENT, 213 BIOMETRIC_ERROR_USER_CANCELED, 214 BIOMETRIC_ERROR_NO_BIOMETRICS, 215 BIOMETRIC_ERROR_HW_NOT_PRESENT, 216 BIOMETRIC_ERROR_NEGATIVE_BUTTON, 217 BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL, 218 BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED, 219 BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE, 220 BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS, 221 BIOMETRIC_ERROR_CONTENT_VIEW_MORE_OPTIONS_BUTTON, 222 BIOMETRIC_PAUSED_REJECTED}) 223 @Retention(RetentionPolicy.SOURCE) 224 @interface Errors {} 225 226 // 227 // Image acquisition messages. 228 // 229 230 /** 231 * @hide 232 */ 233 @IntDef({BIOMETRIC_ACQUIRED_GOOD, 234 BIOMETRIC_ACQUIRED_PARTIAL, 235 BIOMETRIC_ACQUIRED_INSUFFICIENT, 236 BIOMETRIC_ACQUIRED_IMAGER_DIRTY, 237 BIOMETRIC_ACQUIRED_TOO_SLOW, 238 BIOMETRIC_ACQUIRED_TOO_FAST, 239 BIOMETRIC_ACQUIRED_VENDOR}) 240 @Retention(RetentionPolicy.SOURCE) 241 @interface Acquired {} 242 243 /** 244 * The image acquired was good. 245 */ 246 int BIOMETRIC_ACQUIRED_GOOD = 0; 247 248 /** 249 * Only a partial biometric image was detected. During enrollment, the user should be informed 250 * on what needs to happen to resolve this problem, e.g. "press firmly on sensor." (for 251 * fingerprint) 252 */ 253 int BIOMETRIC_ACQUIRED_PARTIAL = 1; 254 255 /** 256 * The biometric image was too noisy to process due to a detected condition or a possibly dirty 257 * sensor (See {@link #BIOMETRIC_ACQUIRED_IMAGER_DIRTY}). 258 */ 259 int BIOMETRIC_ACQUIRED_INSUFFICIENT = 2; 260 261 /** 262 * The biometric image was too noisy due to suspected or detected dirt on the sensor. For 263 * example, it's reasonable return this after multiple {@link #BIOMETRIC_ACQUIRED_INSUFFICIENT} 264 * or actual detection of dirt on the sensor (stuck pixels, swaths, etc.). The user is expected 265 * to take action to clean the sensor when this is returned. 266 */ 267 int BIOMETRIC_ACQUIRED_IMAGER_DIRTY = 3; 268 269 /** 270 * The biometric image was unreadable due to lack of motion. 271 */ 272 int BIOMETRIC_ACQUIRED_TOO_SLOW = 4; 273 274 /** 275 * The biometric image was incomplete due to quick motion. For example, this could also happen 276 * if the user moved during acquisition. The user should be asked to repeat the operation more 277 * slowly. 278 */ 279 int BIOMETRIC_ACQUIRED_TOO_FAST = 5; 280 281 /** 282 * Hardware vendors may extend this list if there are conditions that do not fall under one of 283 * the above categories. Vendors are responsible for providing error strings for these errors. 284 * @hide 285 */ 286 int BIOMETRIC_ACQUIRED_VENDOR = 6; 287 /** 288 * @hide 289 */ 290 int BIOMETRIC_ACQUIRED_VENDOR_BASE = 1000; 291 292 // 293 // Internal messages. 294 // 295 296 /** 297 * See {@link BiometricPrompt.Builder#setReceiveSystemEvents(boolean)}. This message is sent 298 * immediately when the user cancels authentication for example by tapping the back button or 299 * tapping the scrim. This is before {@link #BIOMETRIC_ERROR_USER_CANCELED}, which is sent when 300 * dismissal animation completes. 301 * @hide 302 */ 303 int BIOMETRIC_SYSTEM_EVENT_EARLY_USER_CANCEL = 1; 304 305 /** 306 * No lockout. 307 * @hide 308 */ 309 int BIOMETRIC_LOCKOUT_NONE = 0; 310 /** 311 * The biometric is in a temporary lockout state that will expire after some time. 312 * @hide 313 */ 314 int BIOMETRIC_LOCKOUT_TIMED = 1; 315 /** 316 * The biometric is locked out until a reset occurs. Resets are typically triggered by 317 * successfully authenticating via a stronger method than the one that is locked out. 318 * @hide 319 */ 320 int BIOMETRIC_LOCKOUT_PERMANENT = 2; 321 322 /** 323 * @hide 324 */ 325 @Retention(RetentionPolicy.SOURCE) 326 @IntDef({BIOMETRIC_LOCKOUT_NONE, BIOMETRIC_LOCKOUT_TIMED, BIOMETRIC_LOCKOUT_PERMANENT}) 327 @interface LockoutMode {} 328 329 // 330 // Other miscellaneous constants 331 // 332 333 /** 334 * Returned from {@link BiometricManager#getLastAuthenticationTime(int)} when there has 335 * been no successful authentication for the given authenticator since boot. 336 */ 337 long BIOMETRIC_NO_AUTHENTICATION = -1; 338 } 339