Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 30f1dd8b authored by Ilya Matyukhin's avatar Ilya Matyukhin Committed by Kevin Chyn
Browse files

Use @Authenticators.Types for authenticator selection 

This CL adds "canAuthenticate(int)" to BiometricManager.

Currently, authenticators can be one or more of the following:
    DEVICE_CREDENTIAL
    BIOMETRIC_STRONG
    BIOMETRIC_WEAK

Test: Auth on existing devices
Test: atest com.android.server.biometrics

Bug: 141025588
Change-Id: Idf52c5a76a0e24a8610ee5f46d55cd4197605fe7
parent 13eb5813

api/current.txt

+2 −1
Original line number Diff line number Diff line
@@ -16775,7 +16775,8 @@ package android.hardware { 
package android.hardware.biometrics {















  public class BiometricManager {













    method @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public int canAuthenticate();













    method @Deprecated @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public int canAuthenticate();













    method @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public int canAuthenticate(int);















    field public static final int BIOMETRIC_ERROR_HW_UNAVAILABLE = 1; // 0x1















    field public static final int BIOMETRIC_ERROR_NONE_ENROLLED = 11; // 0xb















    field public static final int BIOMETRIC_ERROR_NO_HARDWARE = 12; // 0xc

























core/java/android/hardware/biometrics/BiometricConstants.java



+4
−3




























Original line number
Diff line number
Diff line








@@ -16,8 +16,9 @@





























package android.hardware.biometrics;





























import static android.hardware.biometrics.BiometricManager.Authenticators;





























import android.annotation.UnsupportedAppUsage;













import android.app.KeyguardManager;















































/**










@@ -128,8 +129,8 @@ public interface BiometricConstants {





























    /**















     * The device does not have pin, pattern, or password set up. See













     * {@link BiometricPrompt.Builder#setDeviceCredentialAllowed(boolean)} and













     * {@link KeyguardManager#isDeviceSecure()}













     * {@link BiometricPrompt.Builder#setAllowedAuthenticators(int)},













     * {@link Authenticators#DEVICE_CREDENTIAL}, and {@link BiometricManager#canAuthenticate(int)}.















     */















    int BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL = 14;

















































core/java/android/hardware/biometrics/BiometricManager.java



+46
−9




























Original line number
Diff line number
Diff line








@@ -166,27 +166,64 @@ public class BiometricManager {













    }































    /**













     * Determine if biometrics can be used. In other words, determine if {@link BiometricPrompt}













     * can be expected to be shown (hardware available, templates enrolled, user-enabled).













     * Determine if biometrics can be used. In other words, determine if













     * {@link BiometricPrompt} can be expected to be shown (hardware available, templates enrolled,













     * user-enabled). This is the equivalent of {@link #canAuthenticate(int)} with













     * {@link Authenticators#BIOMETRIC_WEAK}















     *













     * @return Returns {@link #BIOMETRIC_ERROR_NONE_ENROLLED} if the user does not have any













     *     enrolled, or {@link #BIOMETRIC_ERROR_HW_UNAVAILABLE} if none are currently













     *     supported/enabled. Returns {@link #BIOMETRIC_SUCCESS} if a biometric can currently be













     *     used (enrolled and available).













     * @return {@link #BIOMETRIC_ERROR_NONE_ENROLLED} if the user does not have any strong













     *     biometrics enrolled, or {@link #BIOMETRIC_ERROR_HW_UNAVAILABLE} if none are currently













     *     supported/enabled. Returns {@link #BIOMETRIC_SUCCESS} if a strong biometric can currently













     *     be used (enrolled and available).













     *













     * @deprecated See {@link #canAuthenticate(int)}.















     */













    @Deprecated















    @RequiresPermission(USE_BIOMETRIC)















    public @BiometricError int canAuthenticate() {













        return canAuthenticate(mContext.getUserId());













        return canAuthenticate(Authenticators.BIOMETRIC_WEAK);













    }



























    /**













     * Determine if any of the provided authenticators can be used. In other words, determine if













     * {@link BiometricPrompt} can be expected to be shown (hardware available, templates enrolled,













     * user-enabled).













     *













     * For biometric authenticators, determine if the device can currently authenticate with at













     * least the requested strength. For example, invoking this API with













     * {@link Authenticators#BIOMETRIC_WEAK} on a device that currently only has













     * {@link Authenticators#BIOMETRIC_STRONG} enrolled will return {@link #BIOMETRIC_SUCCESS}.













     *













     * Invoking this API with {@link Authenticators#DEVICE_CREDENTIAL} can be used to determine













     * if the user has a PIN/Pattern/Password set up.













     *













     * @param authenticators bit field consisting of constants defined in {@link Authenticators}.













     *                       If multiple authenticators are queried, a logical OR will be applied.













     *                       For example, if {@link Authenticators#DEVICE_CREDENTIAL} |













     *                       {@link Authenticators#BIOMETRIC_STRONG} is queried and only













     *                       {@link Authenticators#DEVICE_CREDENTIAL} is set up, this API will













     *                       return {@link #BIOMETRIC_SUCCESS}













     *













     * @return {@link #BIOMETRIC_ERROR_NONE_ENROLLED} if the user does not have any of the













     *     requested authenticators enrolled, or {@link #BIOMETRIC_ERROR_HW_UNAVAILABLE} if none are













     *     currently supported/enabled. Returns {@link #BIOMETRIC_SUCCESS} if one of the requested













     *     authenticators can currently be used (enrolled and available).













     */













    @RequiresPermission(USE_BIOMETRIC)













    public @BiometricError int canAuthenticate(@Authenticators.Types int authenticators) {













        return canAuthenticate(mContext.getUserId(), authenticators);















    }































    /**















     * @hide















     */















    @RequiresPermission(USE_BIOMETRIC_INTERNAL)













    public @BiometricError int canAuthenticate(int userId) {













    public @BiometricError int canAuthenticate(int userId,













            @Authenticators.Types int authenticators) {















        if (mService != null) {















            try {













                return mService.canAuthenticate(mContext.getOpPackageName(), userId);













                final String opPackageName = mContext.getOpPackageName();













                return mService.canAuthenticate(opPackageName, userId, authenticators);















            } catch (RemoteException e) {















                throw e.rethrowFromSystemServer();















            }

































core/java/android/hardware/biometrics/IAuthService.aidl



+1
−1




























Original line number
Diff line number
Diff line








@@ -35,7 +35,7 @@ interface IAuthService {





























    // TODO(b/141025588): Make userId the first arg to be consistent with hasEnrolledBiometrics.















    // Checks if biometrics can be used.













    int canAuthenticate(String opPackageName, int userId);













    int canAuthenticate(String opPackageName, int userId, int authenticators);































    // Checks if any biometrics are enrolled.















    boolean hasEnrolledBiometrics(int userId, String opPackageName);

































core/java/android/hardware/biometrics/IBiometricService.aidl



+3
−2




























Original line number
Diff line number
Diff line








@@ -35,7 +35,7 @@ interface IBiometricService {













    void cancelAuthentication(IBinder token, String opPackageName);































    // Checks if biometrics can be used.













    int canAuthenticate(String opPackageName, int userId);













    int canAuthenticate(String opPackageName, int userId, int authenticators);































    // Checks if any biometrics are enrolled.















    boolean hasEnrolledBiometrics(int userId, String opPackageName);









@@ -43,7 +43,8 @@ interface IBiometricService {













    // Registers an authenticator (e.g. face, fingerprint, iris).















    // Id must be unique, whereas strength and modality don't need to be.















    // TODO(b/123321528): Turn strength and modality into enums.













    void registerAuthenticator(int id, int strength, int modality, IBiometricAuthenticator authenticator);













    void registerAuthenticator(int id, int strength, int modality,













            IBiometricAuthenticator authenticator);































    // Register callback for when keyguard biometric eligibility changes.















    void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback);