Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 237b0611 authored by Jorim Jaggi's avatar Jorim Jaggi
Browse files

Only enable fingerprint auth after first regular auth 

- Add method hasUserAuthenticatedSinceBoot to TrustManagerService
- Use this information to only enable fingerprint auth after the user
has at least once authenticated with his regular authentication
method.

Change-Id: Icf073ac3b340d557b044f6bf27f1a7f8511048e2
parent 28a51628

core/java/android/app/trust/ITrustManager.aidl

+1 −0
Original line number Diff line number Diff line
@@ -32,4 +32,5 @@ interface ITrustManager { 
    void reportKeyguardShowingChanged();

    boolean isDeviceLocked(int userId);

    boolean isDeviceSecure(int userId);

    boolean hasUserAuthenticatedSinceBoot(int userId);

}

core/java/android/app/trust/TrustManager.java

+17 −0
Original line number Diff line number Diff line
@@ -147,6 +147,23 @@ public class TrustManager { 
        }

    }



    /**

     * Checks whether the specified user has been authenticated since the last boot.

     *

     * @param userId the user id of the user to check for

     * @return true if the user has authenticated since boot, false otherwise

     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     */

    public boolean hasUserAuthenticatedSinceBoot(int userId) {

        try {

            return mService.hasUserAuthenticatedSinceBoot(userId);

        } catch (RemoteException e) {

            onError(e);

            return false;

        }

    }



    private void onError(Exception e) {

        Log.e(TAG, "Error while calling TrustManagerService", e);

    }

packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java

+5 −4
Original line number Diff line number Diff line
@@ -58,7 +58,6 @@ import android.hardware.fingerprint.FingerprintManager; 
import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback;

import android.hardware.fingerprint.FingerprintUtils;

import android.hardware.fingerprint.FingerprintManager.AuthenticationResult;

import android.service.trust.TrustAgentService;

import android.telephony.SubscriptionInfo;

import android.telephony.SubscriptionManager;

import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
@@ -154,6 +153,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
    private SubscriptionManager mSubscriptionManager;

    private List<SubscriptionInfo> mSubscriptionInfo;

    private boolean mFingerprintDetectionRunning;

    private TrustManager mTrustManager;



    private final Handler mHandler = new Handler() {

        @Override
@@ -784,8 +784,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
            e.printStackTrace();

        }



        TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);

        trustManager.registerTrustListener(this);

        mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);

        mTrustManager.registerTrustListener(this);



        mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);

        updateFingerprintListeningState();
@@ -801,7 +801,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
    }



    private boolean shouldListenForFingerprint() {

        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser;

        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser

                && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser());

    }



    private void startListeningForFingerprint() {

services/core/java/com/android/server/trust/TrustManagerService.java

+47 −12
Original line number Diff line number Diff line
@@ -227,7 +227,7 @@ public class TrustManagerService extends SystemService { 
            if (!userInfo.supportsSwitchTo()) continue;

            if (!mActivityManager.isUserRunning(userInfo.id)) continue;

            if (!lockPatternUtils.isSecure(userInfo.id)) continue;

            if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue;

            if (!getUserHasAuthenticated(userInfo.id)) continue;

            DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();

            int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);

            final boolean disableTrustAgents =
@@ -506,7 +506,7 @@ public class TrustManagerService extends SystemService { 
    // Agent dispatch and aggregation



    private boolean aggregateIsTrusted(int userId) {

        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {

        if (!getUserHasAuthenticated(userId)) {

            return false;

        }

        for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -521,7 +521,7 @@ public class TrustManagerService extends SystemService { 
    }



    private boolean aggregateIsTrustManaged(int userId) {

        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {

        if (!getUserHasAuthenticated(userId)) {

            return false;

        }

        for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -549,23 +549,46 @@ public class TrustManagerService extends SystemService { 
    }



    private void updateUserHasAuthenticated(int userId) {

        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {

            mUserHasAuthenticatedSinceBoot.put(userId, true);

        boolean changed = setUserHasAuthenticated(userId);

        if (changed) {

            refreshAgentList(userId);

        }

    }



    private boolean getUserHasAuthenticated(int userId) {

        synchronized (mUserHasAuthenticatedSinceBoot) {

            return mUserHasAuthenticatedSinceBoot.get(userId);

        }

    }



    private void requireCredentialEntry(int userId) {

    /**

     * @return whether the value has changed

     */

    private boolean setUserHasAuthenticated(int userId) {

        synchronized (mUserHasAuthenticatedSinceBoot) {

            if (!mUserHasAuthenticatedSinceBoot.get(userId)) {

                mUserHasAuthenticatedSinceBoot.put(userId, true);

                return true;

            }

            return false;

        }

    }



    private void clearUserHasAuthenticated(int userId) {

        synchronized (mUserHasAuthenticatedSinceBoot) {

            if (userId == UserHandle.USER_ALL) {

                mUserHasAuthenticatedSinceBoot.clear();

            refreshAgentList(UserHandle.USER_ALL);

            } else {

                mUserHasAuthenticatedSinceBoot.put(userId, false);

            refreshAgentList(userId);

            }

        }

    }



    private void requireCredentialEntry(int userId) {

        clearUserHasAuthenticated(userId);

        refreshAgentList(userId);

    }



    // Listeners



    private void addListener(ITrustListener listener) {
@@ -705,6 +728,18 @@ public class TrustManagerService extends SystemService { 
            }

        }



        @Override

        public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException {

            mContext.enforceCallingOrSelfPermission(

                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null);

            long token = Binder.clearCallingIdentity();

            try {

                return getUserHasAuthenticated(userId);

            } finally {

                Binder.restoreCallingIdentity(token);

            }

        }



        private void enforceReportPermission() {

            mContext.enforceCallingOrSelfPermission(

                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");