Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 46386324 authored by Haining Chen's avatar Haining Chen Committed by Android (Google) Code Review
Browse files

Merge changes Iec5752e3,Ie6140a86,If15115e4,I1cbc41dd into main 

* changes:
  Add Keyguard bottom area string for adaptive auth
  Add a bouncer string for adaptive auth
  Add adaptive authentication service
  Add flag for enabling adaptive auth
parents 2f0c5f20 c728c37f

core/java/android/adaptiveauth/flags.aconfig

+7 −0
Original line number Diff line number Diff line 
package: "android.adaptiveauth"



flag {

  name: "enable_adaptive_auth"

  namespace: "biometrics"

  description: "Feature flag for enabling the new adaptive auth service"

  bug: "285053096"

}



flag {

  name: "report_biometric_auth_attempts"

  namespace: "biometrics"

core/java/com/android/internal/widget/LockPatternUtils.java

+16 −3
Original line number Diff line number Diff line
@@ -1615,7 +1615,8 @@ public class LockPatternUtils { 
                        STRONG_AUTH_REQUIRED_AFTER_TIMEOUT,

                        STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN,

                        STRONG_AUTH_REQUIRED_AFTER_NON_STRONG_BIOMETRICS_TIMEOUT,

                        SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED})

                        SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED,

                        SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST})

        @Retention(RetentionPolicy.SOURCE)

        public @interface StrongAuthFlags {}
@@ -1641,7 +1642,8 @@ public class LockPatternUtils { 


        /**

         * Strong authentication is required because the user has been locked out after too many

         * attempts.

         * attempts using primary auth methods (i.e. PIN/pattern/password) from the lock screen,

         * Android Settings, and BiometricPrompt where user authentication is required.

         */

        public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8;
@@ -1673,13 +1675,24 @@ public class LockPatternUtils { 
         */

        public static final int SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED = 0x100;



        /**

         * Some authentication is required because adaptive auth has requested to lock device due to

         * repeated failed primary auth (i.e. PIN/pattern/password) or biometric auth attempts which

         * can come from Android Settings or BiometricPrompt where user authentication is required,

         * in addition to from the lock screen. When a risk is determined, adaptive auth will

         * proactively prompt the lock screen and will require users to re-enter the device with

         * either primary auth or biometric auth (if not prohibited by other flags).

         */

        public static final int SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST = 0x200;



        /**

         * Strong auth flags that do not prevent biometric methods from being accepted as auth.

         * If any other flags are set, biometric authentication is disabled.

         */

        private static final int ALLOWING_BIOMETRIC = STRONG_AUTH_NOT_REQUIRED

                | SOME_AUTH_REQUIRED_AFTER_USER_REQUEST

                | SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED;

                | SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED

                | SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST;



        private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray();

        private final H mHandler;

packages/SystemUI/res/values/strings.xml

+3 −0
Original line number Diff line number Diff line
@@ -1416,6 +1416,9 @@ 
    <!-- Indication on the keyguard that appears when a trust agents unlocks the device. [CHAR LIMIT=40] -->

    <string name="keyguard_indication_trust_unlocked">Kept unlocked by TrustAgent</string>



    <!-- Message asking the user to authenticate with primary authentication methods (PIN/pattern/password) or biometrics after the device is locked by adaptive auth. [CHAR LIMIT=60] -->

    <string name="kg_prompt_after_adaptive_auth_lock">Theft protection\nDevice locked, too many unlock attempts</string>



    <!-- Accessibility string for current zen mode and selected exit condition. A template that simply concatenates existing mode string and the current condition description. [CHAR LIMIT=20] -->

    <string name="zen_mode_and_condition"><xliff:g id="zen_mode" example="Priority interruptions only">%1$s</xliff:g>. <xliff:g id="exit_condition" example="For one hour">%2$s</xliff:g></string>

packages/SystemUI/src/com/android/keyguard/KeyguardPasswordView.java

+3 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.keyguard; 
import static android.content.res.Configuration.ORIENTATION_LANDSCAPE;

import static android.view.WindowInsets.Type.ime;



import static com.android.keyguard.KeyguardSecurityView.PROMPT_REASON_ADAPTIVE_AUTH_REQUEST;

import static com.android.keyguard.KeyguardSecurityView.PROMPT_REASON_DEVICE_ADMIN;

import static com.android.keyguard.KeyguardSecurityView.PROMPT_REASON_NONE;

import static com.android.keyguard.KeyguardSecurityView.PROMPT_REASON_NON_STRONG_BIOMETRIC_TIMEOUT;
@@ -126,6 +127,8 @@ public class KeyguardPasswordView extends KeyguardAbsKeyInputView { 
                return R.string.kg_prompt_reason_timeout_password;

            case PROMPT_REASON_TRUSTAGENT_EXPIRED:

                return R.string.kg_prompt_reason_timeout_password;

            case PROMPT_REASON_ADAPTIVE_AUTH_REQUEST:

                return R.string.kg_prompt_after_adaptive_auth_lock;

            case PROMPT_REASON_NONE:

                return 0;

            default:

packages/SystemUI/src/com/android/keyguard/KeyguardPatternViewController.java

+3 −0
Original line number Diff line number Diff line
@@ -331,6 +331,9 @@ public class KeyguardPatternViewController 
            case PROMPT_REASON_TRUSTAGENT_EXPIRED:

                resId = R.string.kg_prompt_reason_timeout_pattern;

                break;

            case PROMPT_REASON_ADAPTIVE_AUTH_REQUEST:

                resId = R.string.kg_prompt_after_adaptive_auth_lock;

                break;

            case PROMPT_REASON_NONE:

                break;

            default: