Architecture and Startup Process of the Android Fingerprint Recognition Module

This article introduces the overall architecture and initialization flow of the fingerprint recognition module in Android 10.0 based on the open‑source system code.

1. Overall Framework

The Android fingerprint software is divided into four layers:

Application layer: developers call AOSP‑provided interfaces, which communicate with the fingerprint service in the Framework layer via Binder.

Framework layer: the fingerprint framework service mediates between the application layer and the HAL layer.

HAL (Hardware Abstraction Layer) layer: contains the vendor‑specific fingerprint algorithms and result‑feedback logic; it is the "soul" of fingerprint recognition.

Driver layer: receives requests from the HAL and directly controls the fingerprint hardware.

2. Fingerprint Startup Process

The startup is split into two independent parts: the Framework layer startup and the HAL layer startup. Their order is not strictly enforced; the Framework repeatedly attempts to bind to the HAL until successful, after which the application layer can use fingerprint functions.

2.1 Framework Layer Startup

When Android boots, the first process zygote launches. The Framework services start from the zygote main function.

SystemServer().run() calls startOtherServices() .

startOtherServices() checks hasFeatureFingerprint . If the device supports fingerprint, it starts FingerprintService.class .

The service’s onStart() method is implemented in FingerprintService.java .

Inside FingerprintService , FingerprintServiceWrapper creates Framework‑level interfaces, notably getFingerprintDaemon() .

getFingerprintDaemon() repeatedly calls getService() to bind to the HAL, sets a notification callback with setNotify , and loads user‑related data. At this point the Framework side is fully initialized.

2.2 HAL Layer Startup

The HAL is launched by an rc file (path shown in the original diagram).

The source files BiometricsFingerprint.cpp and service.cpp are referenced from Android.bp .

service.cpp is the entry point. It creates a biometric service instance via BiometricsFingerprint::getInstance() , configures the HIDL thread pool, registers the service with serviceManager , and enters joinRpcThreadpool() to keep running.

getInstance() constructs a BiometricsFingerprint object and calls openHal() .

openHal() uses hw_get_module(FINGERPRINT_HARDWARE_MODULE_ID) to load the vendor‑specific fingerprint .so module (located at /Android_Q/hardware/libhardware/modules/fingerprint/fingerprint.c ).

The module’s open function assigns concrete methods to the HAL device and sets up callbacks for communication between the HAL service and the fingerprint hardware.

Many vendor methods (e.g., fingerprint_enroll ) are stubbed in the AOSP source and must be implemented by the hardware manufacturer.

3. End‑to‑End Data Flow

The complete path from the Android framework to the secure element is:

FingerprintService.java → BiometricsFingerprint.cpp → fingerprint.c → FPIC_Hal.cpp → FPIC_CA.cpp → TEE.c → TA.c

References: Android security biometric documentation and a CSDN technical blog.