Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 26567258 authored by Grace Cheng's avatar Grace Cheng
Browse files

Update DeviceEntryFaceAuth for secure lock device 

Update DeviceEntryFaceAuthRepository/Interactor dagger setup to allow
for injection into SecureLockDeviceInteractor.

Also adds secure lock device auth flags into face auth and detect gating
conditions, and adds method for secure lock device to request face auth
when the biometric auth screen is shown, and cancel face auth when the
biometric auth screen is hidden.

Bug: 401645997
Bug: 398058587
Bug: 396641431
Flag: android.security.secure_lock_device
Test: atest DeviceEntryFaceAuthRepositoryTest
Test: atest DeviceEntryFaceAuthInteractorTest
Change-Id: I25f6b873226eccdce58a494dd11ed3e211157092
parent a9c62dcb

packages/SystemUI/multivalentTests/src/com/android/systemui/deviceentry/data/repository/DeviceEntryFaceAuthRepositoryTest.kt

+21 −0
Original line number Diff line number Diff line
@@ -32,6 +32,8 @@ import android.hardware.face.FaceManager 
import android.hardware.face.FaceSensorProperties

import android.hardware.face.FaceSensorPropertiesInternal

import android.os.CancellationSignal

import android.platform.test.annotations.EnableFlags

import android.security.Flags.FLAG_SECURE_LOCK_DEVICE

import androidx.test.ext.junit.runners.AndroidJUnit4

import androidx.test.filters.SmallTest

import com.android.compose.animation.scene.ObservableTransitionState
@@ -531,6 +533,15 @@ class DeviceEntryFaceAuthRepositoryTest : SysuiTestCase() { 
            testGatingCheckForFaceAuth { biometricSettingsRepository.setIsUserInLockdown(true) }

        }



    @EnableFlags(FLAG_SECURE_LOCK_DEVICE)

    @Test

    fun authenticateDoesNotRunIfRequiringPrimaryAuthForSecureLockDevice() =

        testScope.runTest {

            testGatingCheckForFaceAuth {

                biometricSettingsRepository.setIsSecureLockDeviceEnabled(true)

            }

        }



    @Test

    fun authenticateDoesNotRunIfUserSwitchingIsCurrentlyInProgress() =

        testScope.runTest {
@@ -1123,6 +1134,15 @@ class DeviceEntryFaceAuthRepositoryTest : SysuiTestCase() { 
            testGatingCheckForDetect { biometricSettingsRepository.setIsUserInLockdown(true) }

        }



    @EnableFlags(FLAG_SECURE_LOCK_DEVICE)

    @Test

    fun detectDoesNotRunWhenInSecureLockDevicePrimaryAuth() =

        testScope.runTest {

            testGatingCheckForDetect {

                biometricSettingsRepository.setIsSecureLockDeviceEnabled(true)

            }

        }



    @Test

    fun detectDoesNotRunWhenBypassIsNotEnabled() =

        testScope.runTest {
@@ -1427,6 +1447,7 @@ class DeviceEntryFaceAuthRepositoryTest : SysuiTestCase() { 
        biometricSettingsRepository.setIsFaceAuthSupportedInCurrentPosture(true)

        biometricSettingsRepository.setIsFaceAuthCurrentlyAllowed(true)

        biometricSettingsRepository.setIsUserInLockdown(false)

        biometricSettingsRepository.setIsSecureLockDeviceEnabled(false)

        fakeUserRepository.setSelectedUserInfo(primaryUser, SelectionStatus.SELECTION_COMPLETE)

        faceLockoutResetCallback.value.onLockoutReset(0)

        bouncerRepository.setAlternateVisible(true)

packages/SystemUI/multivalentTests/src/com/android/systemui/deviceentry/domain/interactor/DeviceEntryFaceAuthInteractorTest.kt

+16 −0
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import android.hardware.biometrics.BiometricFaceConstants 
import android.hardware.biometrics.BiometricSourceType

import android.os.PowerManager

import android.platform.test.annotations.EnableFlags

import android.security.Flags.FLAG_SECURE_LOCK_DEVICE

import android.service.dreams.Flags.FLAG_DREAMS_V2

import androidx.test.ext.junit.runners.AndroidJUnit4

import androidx.test.filters.SmallTest
@@ -854,6 +855,21 @@ class DeviceEntryFaceAuthInteractorTest : SysuiTestCase() { 
            assertThat(faceAuthRepository.runningAuthRequest.value).isNull()

        }



    @EnableFlags(FLAG_SECURE_LOCK_DEVICE)

    @Test

    fun faceAuthIsRequestedForSecureLockDeviceBiometricAuth_cancelledWhenHidden() =

        kosmos.runTest {

            underTest.onSecureLockDeviceBiometricAuthRequested()

            underTest.start()



            runCurrent()

            assertThat(faceAuthRepository.runningAuthRequest.value).isNotNull()



            underTest.onSecureLockDeviceBiometricAuthHidden()

            runCurrent()

            assertThat(faceAuthRepository.runningAuthRequest.value).isNull()

        }



    @Test

    fun lockedOut_providesSameValueFromRepository() =

        kosmos.runTest {

packages/SystemUI/src/com/android/systemui/deviceentry/data/repository/DeviceEntryFaceAuthRepository.kt

+6 −0
Original line number Diff line number Diff line
@@ -66,6 +66,7 @@ import com.android.systemui.user.data.model.SelectionStatus 
import com.android.systemui.user.data.repository.UserRepository

import com.android.systemui.utils.coroutines.flow.conflatedCallbackFlow

import com.google.errorprone.annotations.CompileTimeConstant

import dagger.Lazy

import java.io.PrintWriter

import java.util.concurrent.Executor

import javax.inject.Inject
@@ -351,6 +352,7 @@ constructor( 
                userRepository.selectedUser.map {

                    it.selectionStatus == SelectionStatus.SELECTION_IN_PROGRESS

                },

                biometricSettingsRepository.requiresStrongBiometricAuthForSecureLockDevice,

            )

            .flowOn(mainDispatcher) // should revoke auth ASAP in the main thread

            .onEach { anyOfThemIsTrue ->
@@ -456,6 +458,10 @@ constructor( 
                biometricSettingsRepository.isCurrentUserInLockdown.isFalse(),

                "userHasNotLockedDownDevice",

            ),

            Pair(

                biometricSettingsRepository.requiresPrimaryAuthForSecureLockDevice.isFalse(),

                "doesNotRequirePrimaryAuthOnBouncerForSecureLockDevice",

            ),

            Pair(keyguardRepository.isKeyguardShowing, "isKeyguardShowing"),

            Pair(

                userRepository.selectedUser.map {

packages/SystemUI/src/com/android/systemui/deviceentry/domain/interactor/DeviceEntryFaceAuthInteractor.kt

+4 −0
Original line number Diff line number Diff line
@@ -89,6 +89,10 @@ interface DeviceEntryFaceAuthInteractor : CoreStartable { 


    fun onDeviceUnfolded()



    fun onSecureLockDeviceBiometricAuthRequested()



    fun onSecureLockDeviceBiometricAuthHidden()



    /** Whether face auth is considered class 3 */

    fun isFaceAuthStrong(): Boolean

packages/SystemUI/src/com/android/systemui/deviceentry/domain/interactor/NoopDeviceEntryFaceAuthInteractor.kt

+4 −0
Original line number Diff line number Diff line
@@ -70,6 +70,10 @@ class NoopDeviceEntryFaceAuthInteractor @Inject constructor() : DeviceEntryFaceA 


    override fun onSwipeUpOnBouncer() {}



    override fun onSecureLockDeviceBiometricAuthRequested() {}



    override fun onSecureLockDeviceBiometricAuthHidden() {}



    override fun onPrimaryBouncerUserInput() {}



    override fun onAccessibilityAction() {}