Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2fdab353 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

12/n: Remove the need for setActiveUser(int) 

This is already semi-combined in the Fingerprint/FaceService layer,
for example authenticate() already updates the active group. This
change makes the remainder of user-specific operations (resetLockout,
enroll, etc) atomic from a caller's perspective.

Also fixed some fingerprint naming (passing userId through groupId
parameter since groupId is not used). GroupId is going to be removed
in a follow-up CL.

Removed unused rename() from IFaceService.aidl / FaceService.java

Bug: 157790417
Test: For fingerprint/face, do each of the following
Test: Enroll, rename, auth, remove each for multiple users
Test: 1) Set up work profile with shared challenge
      2) Lock out owner and work profile
      3) Unlock keyguard via password
      4) BiometricPromptDemo for work profile and owner have
         lockout reset
Change-Id: I71d33cccba40e0df09e0faa8a4d3973e77470b93
parent 1225b9cb

core/java/android/hardware/biometrics/BiometricManager.java

+4 −20
Original line number Diff line number Diff line
@@ -285,34 +285,18 @@ public class BiometricManager { 
        }

    }



    /**

     * Sets the active user.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void setActiveUser(int userId) {

        if (mService != null) {

            try {

                mService.setActiveUser(userId);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        } else {

            Slog.w(TAG, "setActiveUser(): Service not connected");

        }

    }



    /**

     * Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)

     *

     * @param token an opaque token returned by password confirmation.

     * @param userId this operation takes effect for.

     * @param hardwareAuthToken an opaque token returned by password confirmation.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void resetLockout(byte[] token) {

    public void resetLockout(int userId, byte[] hardwareAuthToken) {

        if (mService != null) {

            try {

                mService.resetLockout(token);

                mService.resetLockout(userId, hardwareAuthToken);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

core/java/android/hardware/biometrics/IAuthService.aidl

+1 −4
Original line number Diff line number Diff line
@@ -46,11 +46,8 @@ interface IAuthService { 
    // Register callback for when keyguard biometric eligibility changes.

    void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback);



    // Explicitly set the active user.

    void setActiveUser(int userId);



    // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)

    void resetLockout(in byte [] token);

    void resetLockout(int userId, in byte [] hardwareAuthToken);



    // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet

    // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore

core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl

+1 −4
Original line number Diff line number Diff line
@@ -51,10 +51,7 @@ interface IBiometricAuthenticator { 
    boolean hasEnrolledTemplates(int userId, String opPackageName);



    // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)

    void resetLockout(in byte [] token);



    // Explicitly set the active user (for enrolling work profile)

    void setActiveUser(int uid);

    void resetLockout(int userId, in byte [] hardwareAuthToken);



    // Gets the authenticator ID representing the current set of enrolled templates

    long getAuthenticatorId(int callingUserId);

core/java/android/hardware/biometrics/IBiometricService.aidl

+1 −4
Original line number Diff line number Diff line
@@ -52,15 +52,12 @@ interface IBiometricService { 
    void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback,

            int callingUserId);



    // Explicitly set the active user.

    void setActiveUser(int userId);



    // Notify BiometricService when <Biometric>Service is ready to start the prepared client.

    // Client lifecycle is still managed in <Biometric>Service.

    void onReadyForAuthentication(int cookie);



    // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)

    void resetLockout(in byte [] token);

    void resetLockout(int userId, in byte [] hardwareAuthToken);



    // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet

    // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore

core/java/android/hardware/face/FaceManager.java

+0 −18
Original line number Diff line number Diff line
@@ -24,7 +24,6 @@ import android.annotation.NonNull; 
import android.annotation.Nullable;

import android.annotation.RequiresPermission;

import android.annotation.SystemService;

import android.app.ActivityManager;

import android.content.Context;

import android.hardware.biometrics.BiometricAuthenticator;

import android.hardware.biometrics.BiometricConstants;
@@ -441,23 +440,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
        }

    }



    /**

     * Sets the active user. This is meant to be used to select the current profile for enrollment

     * to allow separate enrolled faces for a work profile

     *

     * @hide

     */

    @RequiresPermission(MANAGE_BIOMETRIC)

    public void setActiveUser(int userId) {

        if (mService != null) {

            try {

                mService.setActiveUser(userId);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

    }



    /**

     * Remove given face template from face hardware and/or protected storage.

     *