1*4d7e907cSAndroid Build Coastguard Worker# Face Virtual HAL (VHAL) 2*4d7e907cSAndroid Build Coastguard Worker 3*4d7e907cSAndroid Build Coastguard WorkerThis is a virtual HAL implementation that is backed by system properties instead 4*4d7e907cSAndroid Build Coastguard Workerof actual hardware. It's intended for testing and UI development on debuggable 5*4d7e907cSAndroid Build Coastguard Workerbuilds to allow devices to masquerade as alternative device types and for 6*4d7e907cSAndroid Build Coastguard Workeremulators. Note: The virtual face HAL feature development will be done in 7*4d7e907cSAndroid Build Coastguard Workerphases. Refer to this doc often for the latest supported features 8*4d7e907cSAndroid Build Coastguard Worker 9*4d7e907cSAndroid Build Coastguard Worker## Supported Devices 10*4d7e907cSAndroid Build Coastguard Worker 11*4d7e907cSAndroid Build Coastguard WorkerThe face virtual hal is automatically built in in all debug builds (userdebug<br/> 12*4d7e907cSAndroid Build Coastguard Workerand eng) for the latest pixel devices and CF. The instructions in this doc<br/> 13*4d7e907cSAndroid Build Coastguard Workerapplies to all 14*4d7e907cSAndroid Build Coastguard Worker 15*4d7e907cSAndroid Build Coastguard Worker## Enabling Face Virtual HAL 16*4d7e907cSAndroid Build Coastguard Worker 17*4d7e907cSAndroid Build Coastguard WorkerOn pixel devicse (non-CF), by default (after manufacture reset), Face VHAL is <br/> 18*4d7e907cSAndroid Build Coastguard Workernot enabled. Therefore real Face HAL is used. Face VHAL enabling is gated by the<br/> 19*4d7e907cSAndroid Build Coastguard Workerfollowing two AND conditions:<br/> 20*4d7e907cSAndroid Build Coastguard Worker1. The Face VHAL feature flag (as part ofTrunk-development strategy) must be<br/> 21*4d7e907cSAndroid Build Coastguard Worker turned on until the flags life-cycle ends. 22*4d7e907cSAndroid Build Coastguard Worker2. The Face VHAL must be enabled via sysprop. 23*4d7e907cSAndroid Build Coastguard Worker 24*4d7e907cSAndroid Build Coastguard WorkerSee the adb commands below 25*4d7e907cSAndroid Build Coastguard Worker 26*4d7e907cSAndroid Build Coastguard Worker## Getting Stared 27*4d7e907cSAndroid Build Coastguard Worker 28*4d7e907cSAndroid Build Coastguard WorkerA basic use case for a successful authentication via Face VHAL is given as an 29*4d7e907cSAndroid Build Coastguard Workerexmple below. 30*4d7e907cSAndroid Build Coastguard Worker 31*4d7e907cSAndroid Build Coastguard Worker### Enabling VHAL 32*4d7e907cSAndroid Build Coastguard Worker 33*4d7e907cSAndroid Build Coastguard Worker```shell 34*4d7e907cSAndroid Build Coastguard Worker$ adb root 35*4d7e907cSAndroid Build Coastguard Worker$ adb shell device_config put biometrics_framework com.android.server.biometrics.face_vhal_feature true 36*4d7e907cSAndroid Build Coastguard Worker$ adb shell settings put secure biometric_virtual_enabled 1 37*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.strength strong 38*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.type RGB 39*4d7e907cSAndroid Build Coastguard Worker$ adb reboot 40*4d7e907cSAndroid Build Coastguard Worker``` 41*4d7e907cSAndroid Build Coastguard Worker 42*4d7e907cSAndroid Build Coastguard Worker### Direct Enrollment 43*4d7e907cSAndroid Build Coastguard Worker 44*4d7e907cSAndroid Build Coastguard Worker```shell 45*4d7e907cSAndroid Build Coastguard Worker$ adb shell locksettings set-pin 0000 46*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.enrollments 1 47*4d7e907cSAndroid Build Coastguard Worker$ adb shell cmd face syncadb shell cmd face sync 48*4d7e907cSAndroid Build Coastguard Worker``` 49*4d7e907cSAndroid Build Coastguard Worker 50*4d7e907cSAndroid Build Coastguard Worker## Authenticating 51*4d7e907cSAndroid Build Coastguard Worker 52*4d7e907cSAndroid Build Coastguard WorkerTo authenticate successfully, the captured (hit) must match the enrollment id<br/> 53*4d7e907cSAndroid Build Coastguard Workerset above. To trigger authentication failure, set the hit id to a different value. 54*4d7e907cSAndroid Build Coastguard Worker`shell 55*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop vendor.face.virtual.operation_authenticate_duration 800 56*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop vendor.face.virtual.enrollment_hit 1` 57*4d7e907cSAndroid Build Coastguard Worker 58*4d7e907cSAndroid Build Coastguard Worker### AcquiredInfo 59*4d7e907cSAndroid Build Coastguard Worker 60*4d7e907cSAndroid Build Coastguard WorkerAcquiredInfo codes can be sent during authentication by specifying the sysprop.<br/> 61*4d7e907cSAndroid Build Coastguard WorkerThe codes is sent in sequence and in the interval of operation_authentication_duration/numberOfAcquiredInfoCode 62*4d7e907cSAndroid Build Coastguard Worker`shell 63*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop vendor.face.virtual.operation_authenticate_acquired 6,9,1013` 64*4d7e907cSAndroid Build Coastguard WorkerRefer to [AcquiredInfo.aidl](https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:hardware/interfaces/biometrics/face/aidl/android/hardware/biometrics/face/AcquiredInfo.aidl) for full face acquiredInfo codes. 65*4d7e907cSAndroid Build Coastguard WorkerNote: For vendor specific acquired info, acquiredInfo = 1000 + vendorCode. 66*4d7e907cSAndroid Build Coastguard Worker 67*4d7e907cSAndroid Build Coastguard Worker### Error Insertion 68*4d7e907cSAndroid Build Coastguard Worker 69*4d7e907cSAndroid Build Coastguard WorkerError can be inserted during authentction by specifying the authenticate_error 70*4d7e907cSAndroid Build Coastguard Workersysprop. `shell $ adb shell setprop 71*4d7e907cSAndroid Build Coastguard Workervendor.face.virtual.operation_authenticate_error 4` Refer to 72*4d7e907cSAndroid Build Coastguard Worker[Error.aidl](https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:hardware/interfaces/biometrics/face/aidl/android/hardware/biometrics/face/Error.aidl) 73*4d7e907cSAndroid Build Coastguard Workerfor full face error codes 74*4d7e907cSAndroid Build Coastguard Worker 75*4d7e907cSAndroid Build Coastguard Worker## Enrollment via Settings 76*4d7e907cSAndroid Build Coastguard Worker 77*4d7e907cSAndroid Build Coastguard WorkerEnrollment process is specified by sysprop `next_enrollment` in the following 78*4d7e907cSAndroid Build Coastguard Workerformat 79*4d7e907cSAndroid Build Coastguard Worker 80*4d7e907cSAndroid Build Coastguard Worker```shell 81*4d7e907cSAndroid Build Coastguard WorkerFormat: <id>:<progress_ms-[acquiredInfo,...],...:<success> 82*4d7e907cSAndroid Build Coastguard Worker ----:-----------------------------------:--------- 83*4d7e907cSAndroid Build Coastguard Worker | | |--->sucess (true/false) 84*4d7e907cSAndroid Build Coastguard Worker | |--> progress_step(s) 85*4d7e907cSAndroid Build Coastguard Worker | 86*4d7e907cSAndroid Build Coastguard Worker |-->enrollment_id 87*4d7e907cSAndroid Build Coastguard Worker 88*4d7e907cSAndroid Build Coastguard WorkerE.g. 89*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop vendor.face.virtual.next_enrollment 1:6000-[21,8,1,1108,1,10,1113,1,1118,1124]:true 90*4d7e907cSAndroid Build Coastguard Worker``` 91*4d7e907cSAndroid Build Coastguard Worker 92*4d7e907cSAndroid Build Coastguard WorkerIf next_enrollment prop is not set, the following default value is used:<br/> 93*4d7e907cSAndroid Build Coastguard Worker defaultNextEnrollment="1:1000-[21,7,1,1103],1500-[1108,1],2000-[1113,1],2500-[1118,1]:true"<br/> 94*4d7e907cSAndroid Build Coastguard WorkerNote: Enrollment data and configuration can be supported upon request in case of needs 95*4d7e907cSAndroid Build Coastguard Worker 96*4d7e907cSAndroid Build Coastguard Worker## Lockout 97*4d7e907cSAndroid Build Coastguard Worker 98*4d7e907cSAndroid Build Coastguard WorkerDevice lockout is based on the number of consecutive failed authentication attempts. There are a few 99*4d7e907cSAndroid Build Coastguard Workerflavors of lockout mechanisms that are supported by virtula HAL <br/> 100*4d7e907cSAndroid Build Coastguard Worker 101*4d7e907cSAndroid Build Coastguard Worker### Permanent Lockout 102*4d7e907cSAndroid Build Coastguard Worker 103*4d7e907cSAndroid Build Coastguard WorkerThere are two sysprop to control permanent lockout <br/> 104*4d7e907cSAndroid Build Coastguard Worker1. general lockout feature enable <br/> 105*4d7e907cSAndroid Build Coastguard Worker2. threshold of failed attempts <br/> 106*4d7e907cSAndroid Build Coastguard Worker`shell 107*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout_enable true 108*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout_permanent_threshold 3` 109*4d7e907cSAndroid Build Coastguard Worker 110*4d7e907cSAndroid Build Coastguard Worker### Temporary Lockout 111*4d7e907cSAndroid Build Coastguard Worker 112*4d7e907cSAndroid Build Coastguard WorkerThere are a few parameters to control temporary lockout (aka timed lockout): <br/> 113*4d7e907cSAndroid Build Coastguard Worker1. enable lockout (general lockout feature enable, and timed lcokout enable) <br/> 114*4d7e907cSAndroid Build Coastguard Worker2. threshold of failed attempts <br/> 115*4d7e907cSAndroid Build Coastguard Worker3. timeout in ms <br/> 116*4d7e907cSAndroid Build Coastguard Worker`shell 117*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout_enable true 118*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout_timed_enable true 119*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout_timed_threshold 5 120*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout_timed_duration 10000` 121*4d7e907cSAndroid Build Coastguard Worker 122*4d7e907cSAndroid Build Coastguard Worker### Forced Lockout 123*4d7e907cSAndroid Build Coastguard Worker 124*4d7e907cSAndroid Build Coastguard WorkerA permanent lockout can be inserted on next authentication attempt independent of the failed <br/> 125*4d7e907cSAndroid Build Coastguard Workerattempt count. This is a feature purely for test purpose. 126*4d7e907cSAndroid Build Coastguard Worker`shell 127*4d7e907cSAndroid Build Coastguard Worker$ adb shell setprop persist.vendor.face.virtual.lockout true` 128