Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4443159c authored by Kevin Chyn's avatar Kevin Chyn
Browse files

12/n: Send bypassEnabled to AuthenticationClient 

Adds this flag via FaceManager#authenticate (instead of other other
potential ways, such as reading the settings/config values from
system_server directly). This allows for a single source of truth.

Stores this flag in AuthenticationClient, which can then be retrieved
from the CoexCoordinator.

Also removes unnecessary FaceManager#authenticate method, as keyguard
is really the only supported client

Bug: 193089985
Test: atest KeyguardUpdateMonitorTest
Test: atest com.android.server.biometrics
Change-Id: I647c2e5926d1bb964b12dc580d2cd2178c30a790
parent 19b68448

core/java/android/hardware/face/FaceManager.java

+4 −27
Original line number Diff line number Diff line
@@ -168,31 +168,6 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
        mHandler = new MyHandler(context);

    }



    /**

     * Request authentication of a crypto object. This call operates the face recognition hardware

     * and starts capturing images. It terminates when

     * {@link AuthenticationCallback#onAuthenticationError(int, CharSequence)} or

     * {@link AuthenticationCallback#onAuthenticationSucceeded(AuthenticationResult)} is called, at

     * which point the object is no longer valid. The operation can be canceled by using the

     * provided cancel object.

     *

     * @param crypto   object associated with the call or null if none required.

     * @param cancel   an object that can be used to cancel authentication

     * @param callback an object to receive authentication events

     * @param handler  an optional handler to handle callback events

     * @throws IllegalArgumentException if the crypto operation is not supported or is not backed

     *                                  by

     *                                  <a href="{@docRoot}training/articles/keystore.html">Android

     *                                  Keystore facility</a>.

     * @throws IllegalStateException    if the crypto primitive is not initialized.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void authenticate(@Nullable CryptoObject crypto, @Nullable CancellationSignal cancel,

            @NonNull AuthenticationCallback callback, @Nullable Handler handler) {

        authenticate(crypto, cancel, callback, handler, mContext.getUserId());

    }



    /**

     * Use the provided handler thread for events.

     */
@@ -224,8 +199,10 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
     * @throws IllegalStateException    if the crypto primitive is not initialized.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void authenticate(@Nullable CryptoObject crypto, @Nullable CancellationSignal cancel,

            @NonNull AuthenticationCallback callback, @Nullable Handler handler, int userId) {

            @NonNull AuthenticationCallback callback, @Nullable Handler handler, int userId,

            boolean isKeyguardBypassEnabled) {

        if (callback == null) {

            throw new IllegalArgumentException("Must supply an authentication callback");

        }
@@ -247,7 +224,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan 
                final long operationId = crypto != null ? crypto.getOpId() : 0;

                Trace.beginSection("FaceManager#authenticate");

                mService.authenticate(mToken, operationId, userId, mServiceReceiver,

                        mContext.getOpPackageName());

                        mContext.getOpPackageName(), isKeyguardBypassEnabled);

            } catch (RemoteException e) {

                Slog.w(TAG, "Remote exception while authenticating: ", e);

                if (callback != null) {

core/java/android/hardware/face/IFaceService.aidl

+1 −1
Original line number Diff line number Diff line
@@ -46,7 +46,7 @@ interface IFaceService { 


    // Authenticate the given sessionId with a face

    void authenticate(IBinder token, long operationId, int userId, IFaceServiceReceiver receiver,

            String opPackageName);

            String opPackageName, boolean isKeyguardBypassEnabled);



    // Uses the face hardware to detect for the presence of a face, without giving details

    // about accept/reject/lockout.

packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java

+3 −1
Original line number Diff line number Diff line
@@ -2348,8 +2348,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab 
            if (isEncryptedOrLockdown(userId) && supportsFaceDetection) {

                mFaceManager.detectFace(mFaceCancelSignal, mFaceDetectionCallback, userId);

            } else {

                final boolean isBypassEnabled = mKeyguardBypassController != null

                        && mKeyguardBypassController.isBypassEnabled();

                mFaceManager.authenticate(null /* crypto */, mFaceCancelSignal,

                        mFaceAuthenticationCallback, null /* handler */, userId);

                        mFaceAuthenticationCallback, null /* handler */, userId, isBypassEnabled);

            }

            setFaceRunningState(BIOMETRIC_STATE_RUNNING);

        }

packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java

+18 −12
Original line number Diff line number Diff line
@@ -513,7 +513,7 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
    public void testTriesToAuthenticate_whenBouncer() {

        setKeyguardBouncerVisibility(true);



        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt(), anyBoolean());

        verify(mFaceManager).isHardwareDetected();

        verify(mFaceManager).hasEnrolledTemplates(anyInt());

    }
@@ -523,7 +523,7 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.dispatchStartedWakingUp();

        mTestableLooper.processAllMessages();

        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt(), anyBoolean());

    }



    @Test
@@ -533,7 +533,8 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mTestableLooper.processAllMessages();



        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt(),

                anyBoolean());

    }



    @Test
@@ -545,7 +546,8 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.dispatchStartedWakingUp();

        mTestableLooper.processAllMessages();

        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt(),

                anyBoolean());

    }



    @Test
@@ -568,13 +570,14 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.dispatchStartedWakingUp();

        mTestableLooper.processAllMessages();

        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt(), anyBoolean());



        // Stop scanning when bouncer becomes visible

        setKeyguardBouncerVisibility(true);

        clearInvocations(mFaceManager);

        mKeyguardUpdateMonitor.requestFaceAuth(true);

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt(),

                anyBoolean());

    }



    @Test
@@ -582,7 +585,7 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.setKeyguardOccluded(true);

        mKeyguardUpdateMonitor.setAssistantVisible(true);



        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt(), anyBoolean());

    }



    @Test
@@ -594,7 +597,7 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.onTrustChanged(true /* enabled */,

                KeyguardUpdateMonitor.getCurrentUser(), 0 /* flags */);

        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt(), anyBoolean());

    }



    @Test
@@ -604,7 +607,8 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.onTrustChanged(true /* enabled */,

                KeyguardUpdateMonitor.getCurrentUser(), 0 /* flags */);

        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt(),

                anyBoolean());

    }



    @Test
@@ -615,7 +619,8 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
                KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);



        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt(),

                anyBoolean());

    }



    @Test
@@ -626,7 +631,7 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
                KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT);



        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt());

        verify(mFaceManager).authenticate(any(), any(), any(), any(), anyInt(), anyBoolean());

    }



    @Test
@@ -638,7 +643,8 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        mKeyguardUpdateMonitor.sendKeyguardBouncerChanged(true);

        mTestableLooper.processAllMessages();



        verify(mFaceManager, never()).authenticate(any(), any(), any(), any());

        verify(mFaceManager, never()).authenticate(any(), any(), any(), any(), anyInt(),

                anyBoolean());

    }



    @Test

services/core/java/com/android/server/biometrics/sensors/AuthenticationClient.java

+11 −1
Original line number Diff line number Diff line
@@ -70,6 +70,7 @@ public abstract class AuthenticationClient<T> extends AcquisitionClient<T> 
    private final LockoutTracker mLockoutTracker;

    private final boolean mIsRestricted;

    private final boolean mAllowBackgroundAuthentication;

    private final boolean mIsKeyguardBypassEnabled;



    protected final long mOperationId;
@@ -97,7 +98,7 @@ public abstract class AuthenticationClient<T> extends AcquisitionClient<T> 
            int cookie, boolean requireConfirmation, int sensorId, boolean isStrongBiometric,

            int statsModality, int statsClient, @Nullable TaskStackListener taskStackListener,

            @NonNull LockoutTracker lockoutTracker, boolean allowBackgroundAuthentication,

            boolean shouldVibrate) {

            boolean shouldVibrate, boolean isKeyguardBypassEnabled) {

        super(context, lazyDaemon, token, listener, targetUserId, owner, cookie, sensorId,

                shouldVibrate, statsModality, BiometricsProtoEnums.ACTION_AUTHENTICATE,

                statsClient);
@@ -110,6 +111,7 @@ public abstract class AuthenticationClient<T> extends AcquisitionClient<T> 
        mLockoutTracker = lockoutTracker;

        mIsRestricted = restricted;

        mAllowBackgroundAuthentication = allowBackgroundAuthentication;

        mIsKeyguardBypassEnabled = isKeyguardBypassEnabled;

    }



    public @LockoutTracker.LockoutMode int handleFailedAttempt(int userId) {
@@ -394,6 +396,14 @@ public abstract class AuthenticationClient<T> extends AcquisitionClient<T> 
        return mState;

    }



    /**

     * @return true if the client supports bypass (e.g. passive auth such as face), and if it's

     * enabled by the user.

     */

    public boolean isKeyguardBypassEnabled() {

        return mIsKeyguardBypassEnabled;

    }



    @Override

    public int getProtoEnum() {

        return BiometricsProto.CM_AUTHENTICATE;