LSS must check canAuthenticate(userId) for correct user/profile (28623b6d) · Commits · e / os / android_frameworks_base

core/java/android/hardware/biometrics/BiometricManager.java

+9 −1

Original line number	Diff line number	Diff line
		@@ -104,9 +104,17 @@ public class BiometricManager {
		*/
		@RequiresPermission(USE_BIOMETRIC)
		public @BiometricError int canAuthenticate() {
		return canAuthenticate(mContext.getUserId());
		}

		/**
		* @hide
		*/
		@RequiresPermission(USE_BIOMETRIC_INTERNAL)
		public @BiometricError int canAuthenticate(int userId) {
		if (mService != null) {
		try {
		return mService.canAuthenticate(mContext.getOpPackageName());
		return mService.canAuthenticate(mContext.getOpPackageName(), userId);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -40,7 +40,7 @@ interface IBiometricService {
		void cancelAuthentication(IBinder token, String opPackageName);

		// Checks if biometrics can be used.
		int canAuthenticate(String opPackageName);
		int canAuthenticate(String opPackageName, int userId);

		// Register callback for when keyguard biometric eligibility changes.
		void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback);

+9 −3

Original line number	Diff line number	Diff line
		@@ -766,10 +766,16 @@ public class BiometricService extends SystemService {
		}

		@Override // Binder call
		public int canAuthenticate(String opPackageName) {
		public int canAuthenticate(String opPackageName, int userId) {
		Slog.d(TAG, "canAuthenticate: User=" + userId
		+ ", Caller=" + UserHandle.getCallingUserId());

		if (userId != UserHandle.getCallingUserId()) {
		checkInternalPermission();
		} else {
		checkPermission();
		}

		final int userId = UserHandle.getCallingUserId();
		final long ident = Binder.clearCallingIdentity();
		int error;
		try {

+3 −3

Original line number	Diff line number	Diff line
		@@ -420,9 +420,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		new PasswordSlotManager());
		}

		public boolean hasEnrolledBiometrics() {
		public boolean hasEnrolledBiometrics(int userId) {
		BiometricManager bm = mContext.getSystemService(BiometricManager.class);
		return bm.canAuthenticate() == BiometricManager.BIOMETRIC_SUCCESS;
		return bm.canAuthenticate(userId) == BiometricManager.BIOMETRIC_SUCCESS;
		}

		public int binderGetCallingUid() {
		@@ -2494,7 +2494,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		@CredentialType int credentialType, boolean hasChallenge, long challenge, int userId,
		ICheckCredentialProgressCallback progressCallback) throws RemoteException {

		final boolean hasEnrolledBiometrics = mInjector.hasEnrolledBiometrics();
		final boolean hasEnrolledBiometrics = mInjector.hasEnrolledBiometrics(userId);

		Slog.d(TAG, "spBasedDoVerifyCredential: user=" + userId + " hasChallenge=" + hasChallenge
		+ " hasEnrolledBiometrics=" + hasEnrolledBiometrics);

+1 −1

Original line number	Diff line number	Diff line
		@@ -110,7 +110,7 @@ public class LockSettingsServiceTestable extends LockSettingsService {
		}

		@Override
		public boolean hasEnrolledBiometrics() {
		public boolean hasEnrolledBiometrics(int userId) {
		return false;
		}