Loading core/java/android/hardware/biometrics/IBiometricServiceReceiverInternal.aidl +3 −1 Original line number Diff line number Diff line Loading @@ -26,7 +26,9 @@ package android.hardware.biometrics; oneway interface IBiometricServiceReceiverInternal { // Notify BiometricService that authentication was successful. If user confirmation is required, // the auth token must be submitted into KeyStore. void onAuthenticationSucceeded(boolean requireConfirmation, in byte[] token); // TODO(b/151967372): Strength should be changed to authenticatorId void onAuthenticationSucceeded(boolean requireConfirmation, in byte[] token, boolean isStrongBiometric); // Notify BiometricService authentication was rejected. void onAuthenticationFailed(); // Notify BiometricService than an error has occured. Forward to the correct receiver depending Loading services/core/java/com/android/server/biometrics/AuthService.java +8 −3 Original line number Diff line number Diff line Loading @@ -202,8 +202,7 @@ public class AuthService extends SystemService { // Only allow internal clients to call canAuthenticate with a different userId. final int callingUserId = UserHandle.getCallingUserId(); Slog.d(TAG, "canAuthenticate, userId: " + userId + ", callingUserId: " + callingUserId + ", authenticators: " + authenticators); if (userId != callingUserId) { checkInternalPermission(); } else { Loading @@ -212,8 +211,14 @@ public class AuthService extends SystemService { final long identity = Binder.clearCallingIdentity(); try { return mBiometricService.canAuthenticate( final int result = mBiometricService.canAuthenticate( opPackageName, userId, callingUserId, authenticators); Slog.d(TAG, "canAuthenticate" + ", userId: " + userId + ", callingUserId: " + callingUserId + ", authenticators: " + authenticators + ", result: " + result); return result; } finally { Binder.restoreCallingIdentity(identity); } Loading services/core/java/com/android/server/biometrics/AuthenticationClient.java +10 −2 Original line number Diff line number Diff line Loading @@ -66,6 +66,8 @@ public abstract class AuthenticationClient extends ClientMonitor { public abstract boolean wasUserDetected(); public abstract boolean isStrongBiometric(); public AuthenticationClient(Context context, Constants constants, BiometricServiceBase.DaemonWrapper daemon, long halDeviceId, IBinder token, BiometricServiceBase.ServiceListener listener, int targetUserId, int groupId, long opId, Loading Loading @@ -167,9 +169,15 @@ public abstract class AuthenticationClient extends ClientMonitor { } if (isBiometricPrompt() && listener != null) { // BiometricService will add the token to keystore listener.onAuthenticationSucceededInternal(mRequireConfirmation, byteToken); listener.onAuthenticationSucceededInternal(mRequireConfirmation, byteToken, isStrongBiometric()); } else if (!isBiometricPrompt() && listener != null) { if (isStrongBiometric()) { KeyStore.getInstance().addAuthToken(byteToken); } else { Slog.d(getLogTag(), "Skipping addAuthToken"); } try { // Explicitly have if/else here to make it super obvious in case the code is // touched in the future. Loading services/core/java/com/android/server/biometrics/BiometricService.java +26 −8 Original line number Diff line number Diff line Loading @@ -266,7 +266,8 @@ public class BiometricService extends SystemService { SomeArgs args = (SomeArgs) msg.obj; handleAuthenticationSucceeded( (boolean) args.arg1 /* requireConfirmation */, (byte[]) args.arg2 /* token */); (byte[]) args.arg2 /* token */, (boolean) args.arg3 /* isStrongBiometric */); args.recycle(); break; } Loading Loading @@ -568,10 +569,12 @@ public class BiometricService extends SystemService { final IBiometricServiceReceiverInternal mInternalReceiver = new IBiometricServiceReceiverInternal.Stub() { @Override public void onAuthenticationSucceeded(boolean requireConfirmation, byte[] token) { public void onAuthenticationSucceeded(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) { SomeArgs args = SomeArgs.obtain(); args.arg1 = requireConfirmation; args.arg2 = token; args.arg3 = isStrongBiometric; mHandler.obtainMessage(MSG_ON_AUTHENTICATION_SUCCEEDED, args).sendToTarget(); } Loading Loading @@ -761,8 +764,13 @@ public class BiometricService extends SystemService { + " config_biometric_sensors?"); } // Note that we allow BIOMETRIC_CONVENIENCE to register because BiometricService // also does / will do other things such as keep track of lock screen timeout, etc. // Just because a biometric is registered does not mean it can participate in // the android.hardware.biometrics APIs. if (strength != Authenticators.BIOMETRIC_STRONG && strength != Authenticators.BIOMETRIC_WEAK) { && strength != Authenticators.BIOMETRIC_WEAK && strength != Authenticators.BIOMETRIC_CONVENIENCE) { throw new IllegalStateException("Unsupported strength"); } Loading Loading @@ -1189,8 +1197,10 @@ public class BiometricService extends SystemService { BiometricConstants.BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL); } } else { // This should not be possible via the public API surface and is here mainly for // "correctness". An exception should have been thrown before getting here. Slog.e(TAG, "No authenticators requested"); return new Pair<>(TYPE_NONE, BiometricConstants.BIOMETRIC_ERROR_HW_UNAVAILABLE); return new Pair<>(TYPE_NONE, BiometricConstants.BIOMETRIC_ERROR_HW_NOT_PRESENT); } } Loading Loading @@ -1286,7 +1296,8 @@ public class BiometricService extends SystemService { return modality; } private void handleAuthenticationSucceeded(boolean requireConfirmation, byte[] token) { private void handleAuthenticationSucceeded(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) { try { // Should never happen, log this to catch bad HAL behavior (e.g. auth succeeded // after user dismissed/canceled dialog). Loading @@ -1295,9 +1306,16 @@ public class BiometricService extends SystemService { return; } if (isStrongBiometric) { // Store the auth token and submit it to keystore after the dialog is confirmed / // animating away. mCurrentAuthSession.mTokenEscrow = token; } else { if (token != null) { Slog.w(TAG, "Dropping authToken for non-strong biometric"); } } if (!requireConfirmation) { mCurrentAuthSession.mState = STATE_AUTHENTICATED_PENDING_SYSUI; } else { Loading services/core/java/com/android/server/biometrics/BiometricServiceBase.java +6 −5 Original line number Diff line number Diff line Loading @@ -413,8 +413,8 @@ public abstract class BiometricServiceBase extends SystemService throw new UnsupportedOperationException("Stub!"); } default void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token) throws RemoteException { default void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) throws RemoteException { throw new UnsupportedOperationException("Stub!"); } Loading Loading @@ -451,10 +451,11 @@ public abstract class BiometricServiceBase extends SystemService } @Override public void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token) throws RemoteException { public void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) throws RemoteException { if (getWrapperReceiver() != null) { getWrapperReceiver().onAuthenticationSucceeded(requireConfirmation, token); getWrapperReceiver().onAuthenticationSucceeded(requireConfirmation, token, isStrongBiometric); } } Loading Loading
core/java/android/hardware/biometrics/IBiometricServiceReceiverInternal.aidl +3 −1 Original line number Diff line number Diff line Loading @@ -26,7 +26,9 @@ package android.hardware.biometrics; oneway interface IBiometricServiceReceiverInternal { // Notify BiometricService that authentication was successful. If user confirmation is required, // the auth token must be submitted into KeyStore. void onAuthenticationSucceeded(boolean requireConfirmation, in byte[] token); // TODO(b/151967372): Strength should be changed to authenticatorId void onAuthenticationSucceeded(boolean requireConfirmation, in byte[] token, boolean isStrongBiometric); // Notify BiometricService authentication was rejected. void onAuthenticationFailed(); // Notify BiometricService than an error has occured. Forward to the correct receiver depending Loading
services/core/java/com/android/server/biometrics/AuthService.java +8 −3 Original line number Diff line number Diff line Loading @@ -202,8 +202,7 @@ public class AuthService extends SystemService { // Only allow internal clients to call canAuthenticate with a different userId. final int callingUserId = UserHandle.getCallingUserId(); Slog.d(TAG, "canAuthenticate, userId: " + userId + ", callingUserId: " + callingUserId + ", authenticators: " + authenticators); if (userId != callingUserId) { checkInternalPermission(); } else { Loading @@ -212,8 +211,14 @@ public class AuthService extends SystemService { final long identity = Binder.clearCallingIdentity(); try { return mBiometricService.canAuthenticate( final int result = mBiometricService.canAuthenticate( opPackageName, userId, callingUserId, authenticators); Slog.d(TAG, "canAuthenticate" + ", userId: " + userId + ", callingUserId: " + callingUserId + ", authenticators: " + authenticators + ", result: " + result); return result; } finally { Binder.restoreCallingIdentity(identity); } Loading
services/core/java/com/android/server/biometrics/AuthenticationClient.java +10 −2 Original line number Diff line number Diff line Loading @@ -66,6 +66,8 @@ public abstract class AuthenticationClient extends ClientMonitor { public abstract boolean wasUserDetected(); public abstract boolean isStrongBiometric(); public AuthenticationClient(Context context, Constants constants, BiometricServiceBase.DaemonWrapper daemon, long halDeviceId, IBinder token, BiometricServiceBase.ServiceListener listener, int targetUserId, int groupId, long opId, Loading Loading @@ -167,9 +169,15 @@ public abstract class AuthenticationClient extends ClientMonitor { } if (isBiometricPrompt() && listener != null) { // BiometricService will add the token to keystore listener.onAuthenticationSucceededInternal(mRequireConfirmation, byteToken); listener.onAuthenticationSucceededInternal(mRequireConfirmation, byteToken, isStrongBiometric()); } else if (!isBiometricPrompt() && listener != null) { if (isStrongBiometric()) { KeyStore.getInstance().addAuthToken(byteToken); } else { Slog.d(getLogTag(), "Skipping addAuthToken"); } try { // Explicitly have if/else here to make it super obvious in case the code is // touched in the future. Loading
services/core/java/com/android/server/biometrics/BiometricService.java +26 −8 Original line number Diff line number Diff line Loading @@ -266,7 +266,8 @@ public class BiometricService extends SystemService { SomeArgs args = (SomeArgs) msg.obj; handleAuthenticationSucceeded( (boolean) args.arg1 /* requireConfirmation */, (byte[]) args.arg2 /* token */); (byte[]) args.arg2 /* token */, (boolean) args.arg3 /* isStrongBiometric */); args.recycle(); break; } Loading Loading @@ -568,10 +569,12 @@ public class BiometricService extends SystemService { final IBiometricServiceReceiverInternal mInternalReceiver = new IBiometricServiceReceiverInternal.Stub() { @Override public void onAuthenticationSucceeded(boolean requireConfirmation, byte[] token) { public void onAuthenticationSucceeded(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) { SomeArgs args = SomeArgs.obtain(); args.arg1 = requireConfirmation; args.arg2 = token; args.arg3 = isStrongBiometric; mHandler.obtainMessage(MSG_ON_AUTHENTICATION_SUCCEEDED, args).sendToTarget(); } Loading Loading @@ -761,8 +764,13 @@ public class BiometricService extends SystemService { + " config_biometric_sensors?"); } // Note that we allow BIOMETRIC_CONVENIENCE to register because BiometricService // also does / will do other things such as keep track of lock screen timeout, etc. // Just because a biometric is registered does not mean it can participate in // the android.hardware.biometrics APIs. if (strength != Authenticators.BIOMETRIC_STRONG && strength != Authenticators.BIOMETRIC_WEAK) { && strength != Authenticators.BIOMETRIC_WEAK && strength != Authenticators.BIOMETRIC_CONVENIENCE) { throw new IllegalStateException("Unsupported strength"); } Loading Loading @@ -1189,8 +1197,10 @@ public class BiometricService extends SystemService { BiometricConstants.BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL); } } else { // This should not be possible via the public API surface and is here mainly for // "correctness". An exception should have been thrown before getting here. Slog.e(TAG, "No authenticators requested"); return new Pair<>(TYPE_NONE, BiometricConstants.BIOMETRIC_ERROR_HW_UNAVAILABLE); return new Pair<>(TYPE_NONE, BiometricConstants.BIOMETRIC_ERROR_HW_NOT_PRESENT); } } Loading Loading @@ -1286,7 +1296,8 @@ public class BiometricService extends SystemService { return modality; } private void handleAuthenticationSucceeded(boolean requireConfirmation, byte[] token) { private void handleAuthenticationSucceeded(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) { try { // Should never happen, log this to catch bad HAL behavior (e.g. auth succeeded // after user dismissed/canceled dialog). Loading @@ -1295,9 +1306,16 @@ public class BiometricService extends SystemService { return; } if (isStrongBiometric) { // Store the auth token and submit it to keystore after the dialog is confirmed / // animating away. mCurrentAuthSession.mTokenEscrow = token; } else { if (token != null) { Slog.w(TAG, "Dropping authToken for non-strong biometric"); } } if (!requireConfirmation) { mCurrentAuthSession.mState = STATE_AUTHENTICATED_PENDING_SYSUI; } else { Loading
services/core/java/com/android/server/biometrics/BiometricServiceBase.java +6 −5 Original line number Diff line number Diff line Loading @@ -413,8 +413,8 @@ public abstract class BiometricServiceBase extends SystemService throw new UnsupportedOperationException("Stub!"); } default void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token) throws RemoteException { default void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) throws RemoteException { throw new UnsupportedOperationException("Stub!"); } Loading Loading @@ -451,10 +451,11 @@ public abstract class BiometricServiceBase extends SystemService } @Override public void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token) throws RemoteException { public void onAuthenticationSucceededInternal(boolean requireConfirmation, byte[] token, boolean isStrongBiometric) throws RemoteException { if (getWrapperReceiver() != null) { getWrapperReceiver().onAuthenticationSucceeded(requireConfirmation, token); getWrapperReceiver().onAuthenticationSucceeded(requireConfirmation, token, isStrongBiometric); } } Loading
