Loading core/java/android/hardware/fingerprint/FingerprintManager.java +21 −6 Original line number Diff line number Diff line Loading @@ -594,8 +594,16 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing mAuthenticationCallback = callback; mCryptoObject = crypto; final long operationId = crypto != null ? crypto.getOpId() : 0; final long authId = mService.authenticate(mToken, operationId, sensorId, userId, mServiceReceiver, mContext.getOpPackageName(), ignoreEnrollmentState); final long authId = mService.authenticate( mToken, operationId, sensorId, userId, mServiceReceiver, mContext.getOpPackageName(), mContext.getAttributionTag(), ignoreEnrollmentState); if (cancel != null) { cancel.setOnCancelListener(new OnAuthenticationCancelListener(authId)); } Loading Loading @@ -838,7 +846,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public List<Fingerprint> getEnrolledFingerprints(int userId) { if (mService != null) try { return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName()); return mService.getEnrolledFingerprints( userId, mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading Loading @@ -997,7 +1006,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing INTERACT_ACROSS_USERS}) public boolean hasEnrolledFingerprints(int userId) { if (mService != null) try { return mService.hasEnrolledFingerprintsDeprecated(userId, mContext.getOpPackageName()); return mService.hasEnrolledFingerprintsDeprecated( userId, mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -1021,7 +1031,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing if (mService != null) { try { return mService.isHardwareDetectedDeprecated(mContext.getOpPackageName()); return mService.isHardwareDetectedDeprecated( mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading Loading @@ -1331,7 +1342,11 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing private void cancelAuthentication(long requestId) { if (mService != null) try { mService.cancelAuthentication(mToken, mContext.getOpPackageName(), requestId); mService.cancelAuthentication( mToken, mContext.getOpPackageName(), mContext.getAttributionTag(), requestId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading core/java/android/hardware/fingerprint/IFingerprintService.aidl +5 −5 Original line number Diff line number Diff line Loading @@ -52,7 +52,7 @@ interface IFingerprintService { // permission. This is effectively deprecated, since it only comes through FingerprintManager // now. A requestId is returned that can be used to cancel this operation. long authenticate(IBinder token, long operationId, int sensorId, int userId, IFingerprintServiceReceiver receiver, String opPackageName, IFingerprintServiceReceiver receiver, String opPackageName, String attributionTag, boolean shouldIgnoreEnrollmentState); // Uses the fingerprint hardware to detect for the presence of a finger, without giving details Loading @@ -74,7 +74,7 @@ interface IFingerprintService { void startPreparedClient(int sensorId, int cookie); // Cancel authentication for the given requestId. void cancelAuthentication(IBinder token, String opPackageName, long requestId); void cancelAuthentication(IBinder token, String opPackageName, String attributionTag, long requestId); // Cancel finger detection for the given requestId. void cancelFingerprintDetect(IBinder token, String opPackageName, long requestId); Loading @@ -101,10 +101,10 @@ interface IFingerprintService { void rename(int fingerId, int userId, String name); // Get a list of enrolled fingerprints in the given userId. List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName); List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName, String attributionTag); // Determine if the HAL is loaded and ready. Meant to support the deprecated FingerprintManager APIs boolean isHardwareDetectedDeprecated(String opPackageName); boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag); // Determine if the specified HAL is loaded and ready boolean isHardwareDetected(int sensorId, String opPackageName); Loading @@ -116,7 +116,7 @@ interface IFingerprintService { void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); // Determine if a user has at least one enrolled fingerprint. Meant to support the deprecated FingerprintManager APIs boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName); boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName, String attributionTag); // Determine if a user has at least one enrolled fingerprint. boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName); Loading services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java +63 −27 Original line number Diff line number Diff line Loading @@ -280,15 +280,26 @@ public class FingerprintService extends SystemService { @SuppressWarnings("deprecation") @Override // Binder call public long authenticate(final IBinder token, final long operationId, final int sensorId, final int userId, final IFingerprintServiceReceiver receiver, final String opPackageName, boolean ignoreEnrollmentState) { public long authenticate( final IBinder token, final long operationId, final int sensorId, final int userId, final IFingerprintServiceReceiver receiver, final String opPackageName, final String attributionTag, boolean ignoreEnrollmentState) { final int callingUid = Binder.getCallingUid(); final int callingPid = Binder.getCallingPid(); final int callingUserId = UserHandle.getCallingUserId(); if (!canUseFingerprint(opPackageName, true /* requireForeground */, callingUid, callingPid, callingUserId)) { if (!canUseFingerprint( opPackageName, attributionTag, true /* requireForeground */, callingUid, callingPid, callingUserId)) { Slog.w(TAG, "Authenticate rejecting package: " + opPackageName); return -1; } Loading Loading @@ -487,16 +498,23 @@ public class FingerprintService extends SystemService { provider.startPreparedClient(sensorId, cookie); } @Override // Binder call public void cancelAuthentication(final IBinder token, final String opPackageName, public void cancelAuthentication( final IBinder token, final String opPackageName, final String attributionTag, long requestId) { final int callingUid = Binder.getCallingUid(); final int callingPid = Binder.getCallingPid(); final int callingUserId = UserHandle.getCallingUserId(); if (!canUseFingerprint(opPackageName, true /* requireForeground */, callingUid, callingPid, callingUserId)) { if (!canUseFingerprint( opPackageName, attributionTag, true /* requireForeground */, callingUid, callingPid, callingUserId)) { Slog.w(TAG, "cancelAuthentication rejecting package: " + opPackageName); return; } Loading Loading @@ -645,9 +663,13 @@ public class FingerprintService extends SystemService { } @Override // Binder call public boolean isHardwareDetectedDeprecated(String opPackageName) { if (!canUseFingerprint(opPackageName, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), public boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag) { if (!canUseFingerprint( opPackageName, attributionTag, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.getCallingUserId())) { return false; } Loading Loading @@ -696,9 +718,14 @@ public class FingerprintService extends SystemService { } @Override // Binder call public List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName) { if (!canUseFingerprint(opPackageName, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), public List<Fingerprint> getEnrolledFingerprints( int userId, String opPackageName, String attributionTag) { if (!canUseFingerprint( opPackageName, attributionTag, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.getCallingUserId())) { return Collections.emptyList(); } Loading @@ -711,9 +738,14 @@ public class FingerprintService extends SystemService { } @Override // Binder call public boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName) { if (!canUseFingerprint(opPackageName, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), public boolean hasEnrolledFingerprintsDeprecated( int userId, String opPackageName, String attributionTag) { if (!canUseFingerprint( opPackageName, attributionTag, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.getCallingUserId())) { return false; } Loading Loading @@ -1093,12 +1125,15 @@ public class FingerprintService extends SystemService { return provider.second.getEnrolledFingerprints(provider.first, userId); } /** * Checks for public API invocations to ensure that permissions, etc are granted/correct. */ /** Checks for public API invocations to ensure that permissions, etc are granted/correct. */ @SuppressWarnings("BooleanMethodIsAlwaysInverted") private boolean canUseFingerprint(String opPackageName, boolean requireForeground, int uid, int pid, int userId) { private boolean canUseFingerprint( String opPackageName, String attributionTag, boolean requireForeground, int uid, int pid, int userId) { if (getContext().checkCallingPermission(USE_FINGERPRINT) != PackageManager.PERMISSION_GRANTED) { Utils.checkPermission(getContext(), USE_BIOMETRIC); Loading @@ -1114,7 +1149,7 @@ public class FingerprintService extends SystemService { Slog.w(TAG, "Rejecting " + opPackageName + "; not a current user or profile"); return false; } if (!checkAppOps(uid, opPackageName)) { if (!checkAppOps(uid, opPackageName, attributionTag)) { Slog.w(TAG, "Rejecting " + opPackageName + "; permission denied"); return false; } Loading @@ -1125,12 +1160,13 @@ public class FingerprintService extends SystemService { return true; } private boolean checkAppOps(int uid, String opPackageName) { private boolean checkAppOps(int uid, String opPackageName, String attributionTag) { boolean appOpsOk = false; if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName) if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName, attributionTag, null) == AppOpsManager.MODE_ALLOWED) { appOpsOk = true; } else if (mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName) } else if (mAppOps.noteOp( AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName, attributionTag, null) == AppOpsManager.MODE_ALLOWED) { appOpsOk = true; } Loading Loading
core/java/android/hardware/fingerprint/FingerprintManager.java +21 −6 Original line number Diff line number Diff line Loading @@ -594,8 +594,16 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing mAuthenticationCallback = callback; mCryptoObject = crypto; final long operationId = crypto != null ? crypto.getOpId() : 0; final long authId = mService.authenticate(mToken, operationId, sensorId, userId, mServiceReceiver, mContext.getOpPackageName(), ignoreEnrollmentState); final long authId = mService.authenticate( mToken, operationId, sensorId, userId, mServiceReceiver, mContext.getOpPackageName(), mContext.getAttributionTag(), ignoreEnrollmentState); if (cancel != null) { cancel.setOnCancelListener(new OnAuthenticationCancelListener(authId)); } Loading Loading @@ -838,7 +846,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public List<Fingerprint> getEnrolledFingerprints(int userId) { if (mService != null) try { return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName()); return mService.getEnrolledFingerprints( userId, mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading Loading @@ -997,7 +1006,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing INTERACT_ACROSS_USERS}) public boolean hasEnrolledFingerprints(int userId) { if (mService != null) try { return mService.hasEnrolledFingerprintsDeprecated(userId, mContext.getOpPackageName()); return mService.hasEnrolledFingerprintsDeprecated( userId, mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -1021,7 +1031,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing if (mService != null) { try { return mService.isHardwareDetectedDeprecated(mContext.getOpPackageName()); return mService.isHardwareDetectedDeprecated( mContext.getOpPackageName(), mContext.getAttributionTag()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading Loading @@ -1331,7 +1342,11 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing private void cancelAuthentication(long requestId) { if (mService != null) try { mService.cancelAuthentication(mToken, mContext.getOpPackageName(), requestId); mService.cancelAuthentication( mToken, mContext.getOpPackageName(), mContext.getAttributionTag(), requestId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading
core/java/android/hardware/fingerprint/IFingerprintService.aidl +5 −5 Original line number Diff line number Diff line Loading @@ -52,7 +52,7 @@ interface IFingerprintService { // permission. This is effectively deprecated, since it only comes through FingerprintManager // now. A requestId is returned that can be used to cancel this operation. long authenticate(IBinder token, long operationId, int sensorId, int userId, IFingerprintServiceReceiver receiver, String opPackageName, IFingerprintServiceReceiver receiver, String opPackageName, String attributionTag, boolean shouldIgnoreEnrollmentState); // Uses the fingerprint hardware to detect for the presence of a finger, without giving details Loading @@ -74,7 +74,7 @@ interface IFingerprintService { void startPreparedClient(int sensorId, int cookie); // Cancel authentication for the given requestId. void cancelAuthentication(IBinder token, String opPackageName, long requestId); void cancelAuthentication(IBinder token, String opPackageName, String attributionTag, long requestId); // Cancel finger detection for the given requestId. void cancelFingerprintDetect(IBinder token, String opPackageName, long requestId); Loading @@ -101,10 +101,10 @@ interface IFingerprintService { void rename(int fingerId, int userId, String name); // Get a list of enrolled fingerprints in the given userId. List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName); List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName, String attributionTag); // Determine if the HAL is loaded and ready. Meant to support the deprecated FingerprintManager APIs boolean isHardwareDetectedDeprecated(String opPackageName); boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag); // Determine if the specified HAL is loaded and ready boolean isHardwareDetected(int sensorId, String opPackageName); Loading @@ -116,7 +116,7 @@ interface IFingerprintService { void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge); // Determine if a user has at least one enrolled fingerprint. Meant to support the deprecated FingerprintManager APIs boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName); boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName, String attributionTag); // Determine if a user has at least one enrolled fingerprint. boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName); Loading
services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java +63 −27 Original line number Diff line number Diff line Loading @@ -280,15 +280,26 @@ public class FingerprintService extends SystemService { @SuppressWarnings("deprecation") @Override // Binder call public long authenticate(final IBinder token, final long operationId, final int sensorId, final int userId, final IFingerprintServiceReceiver receiver, final String opPackageName, boolean ignoreEnrollmentState) { public long authenticate( final IBinder token, final long operationId, final int sensorId, final int userId, final IFingerprintServiceReceiver receiver, final String opPackageName, final String attributionTag, boolean ignoreEnrollmentState) { final int callingUid = Binder.getCallingUid(); final int callingPid = Binder.getCallingPid(); final int callingUserId = UserHandle.getCallingUserId(); if (!canUseFingerprint(opPackageName, true /* requireForeground */, callingUid, callingPid, callingUserId)) { if (!canUseFingerprint( opPackageName, attributionTag, true /* requireForeground */, callingUid, callingPid, callingUserId)) { Slog.w(TAG, "Authenticate rejecting package: " + opPackageName); return -1; } Loading Loading @@ -487,16 +498,23 @@ public class FingerprintService extends SystemService { provider.startPreparedClient(sensorId, cookie); } @Override // Binder call public void cancelAuthentication(final IBinder token, final String opPackageName, public void cancelAuthentication( final IBinder token, final String opPackageName, final String attributionTag, long requestId) { final int callingUid = Binder.getCallingUid(); final int callingPid = Binder.getCallingPid(); final int callingUserId = UserHandle.getCallingUserId(); if (!canUseFingerprint(opPackageName, true /* requireForeground */, callingUid, callingPid, callingUserId)) { if (!canUseFingerprint( opPackageName, attributionTag, true /* requireForeground */, callingUid, callingPid, callingUserId)) { Slog.w(TAG, "cancelAuthentication rejecting package: " + opPackageName); return; } Loading Loading @@ -645,9 +663,13 @@ public class FingerprintService extends SystemService { } @Override // Binder call public boolean isHardwareDetectedDeprecated(String opPackageName) { if (!canUseFingerprint(opPackageName, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), public boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag) { if (!canUseFingerprint( opPackageName, attributionTag, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.getCallingUserId())) { return false; } Loading Loading @@ -696,9 +718,14 @@ public class FingerprintService extends SystemService { } @Override // Binder call public List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName) { if (!canUseFingerprint(opPackageName, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), public List<Fingerprint> getEnrolledFingerprints( int userId, String opPackageName, String attributionTag) { if (!canUseFingerprint( opPackageName, attributionTag, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.getCallingUserId())) { return Collections.emptyList(); } Loading @@ -711,9 +738,14 @@ public class FingerprintService extends SystemService { } @Override // Binder call public boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName) { if (!canUseFingerprint(opPackageName, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), public boolean hasEnrolledFingerprintsDeprecated( int userId, String opPackageName, String attributionTag) { if (!canUseFingerprint( opPackageName, attributionTag, false /* foregroundOnly */, Binder.getCallingUid(), Binder.getCallingPid(), UserHandle.getCallingUserId())) { return false; } Loading Loading @@ -1093,12 +1125,15 @@ public class FingerprintService extends SystemService { return provider.second.getEnrolledFingerprints(provider.first, userId); } /** * Checks for public API invocations to ensure that permissions, etc are granted/correct. */ /** Checks for public API invocations to ensure that permissions, etc are granted/correct. */ @SuppressWarnings("BooleanMethodIsAlwaysInverted") private boolean canUseFingerprint(String opPackageName, boolean requireForeground, int uid, int pid, int userId) { private boolean canUseFingerprint( String opPackageName, String attributionTag, boolean requireForeground, int uid, int pid, int userId) { if (getContext().checkCallingPermission(USE_FINGERPRINT) != PackageManager.PERMISSION_GRANTED) { Utils.checkPermission(getContext(), USE_BIOMETRIC); Loading @@ -1114,7 +1149,7 @@ public class FingerprintService extends SystemService { Slog.w(TAG, "Rejecting " + opPackageName + "; not a current user or profile"); return false; } if (!checkAppOps(uid, opPackageName)) { if (!checkAppOps(uid, opPackageName, attributionTag)) { Slog.w(TAG, "Rejecting " + opPackageName + "; permission denied"); return false; } Loading @@ -1125,12 +1160,13 @@ public class FingerprintService extends SystemService { return true; } private boolean checkAppOps(int uid, String opPackageName) { private boolean checkAppOps(int uid, String opPackageName, String attributionTag) { boolean appOpsOk = false; if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName) if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName, attributionTag, null) == AppOpsManager.MODE_ALLOWED) { appOpsOk = true; } else if (mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName) } else if (mAppOps.noteOp( AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName, attributionTag, null) == AppOpsManager.MODE_ALLOWED) { appOpsOk = true; } Loading
