Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4797928f authored by Kevin Chyn's avatar Kevin Chyn Committed by Automerger Merge Worker
Browse files

Merge "Do not start biometric auth if encrypted or lockdown" into rvc-dev am: 9253ddb5 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11840350

Change-Id: I989ea960659991c6c8572dc8e23dfb10449e0b99
parents bc7f6711 9253ddb5

packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java

+14 −8
Original line number Diff line number Diff line
@@ -1903,6 +1903,12 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab 
    private boolean shouldListenForFingerprint() {

        final boolean allowedOnBouncer =

                !(mFingerprintLockedOut && mBouncer && mCredentialAttempted);

        final int user = getCurrentUser();

        final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user);

        final boolean isLockDown =

                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)

                        || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);

        final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);



        // Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an

        // instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
@@ -1911,7 +1917,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab 
                shouldListenForFingerprintAssistant() || (mKeyguardOccluded && mIsDreaming))

                && !mSwitchingUser && !isFingerprintDisabled(getCurrentUser())

                && (!mKeyguardGoingAway || !mDeviceInteractive) && mIsPrimaryUser

                && allowedOnBouncer;

                && allowedOnBouncer && !isLockDown && !isEncrypted;

        return shouldListen;

    }
@@ -1928,9 +1934,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab 
        final boolean isLockDown =

                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)

                        || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);

        final boolean isEncryptedOrTimedOut =

                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT)

                        || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);

        final boolean isEncrypted =

                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);

        final boolean isTimedOut =

                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);



        boolean canBypass = mKeyguardBypassController != null

                && mKeyguardBypassController.canBypass();
@@ -1939,10 +1946,9 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab 
        // TrustAgents or biometrics are keeping the device unlocked.

        boolean becauseCannotSkipBouncer = !getUserCanSkipBouncer(user) || canBypass;



        // Scan even when encrypted or timeout to show a preemptive bouncer when bypassing.

        // Scan even when timeout to show a preemptive bouncer when bypassing.

        // Lock-down mode shouldn't scan, since it is more explicit.

        boolean strongAuthAllowsScanning = (!isEncryptedOrTimedOut || canBypass && !mBouncer)

                && !isLockDown;

        boolean strongAuthAllowsScanning = (!isTimedOut || canBypass && !mBouncer);



        // Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an

        // instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
@@ -1952,7 +1958,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab 
                && !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer

                && !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed

                && strongAuthAllowsScanning && mIsPrimaryUser

                && !mSecureCameraLaunched;

                && !mSecureCameraLaunched && !isLockDown && !isEncrypted;



        // Aggregate relevant fields for debug logging.

        if (DEBUG_FACE || DEBUG_SPEW) {

packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java

+12 −8
Original line number Diff line number Diff line
@@ -451,12 +451,6 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());

    }



    @Test

    public void requiresAuthentication_whenEncryptedKeyguard_andBypass() {

        testStrongAuthExceptOnBouncer(

                KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);

    }



    @Test

    public void requiresAuthentication_whenTimeoutKeyguard_andBypass() {

        testStrongAuthExceptOnBouncer(
@@ -513,10 +507,20 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 


    @Test

    public void testIgnoresAuth_whenLockdown() {

        testIgnoresAuth(

                KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);

    }



    @Test

    public void testIgnoresAuth_whenEncrypted() {

        testIgnoresAuth(

                KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);

    }



    private void testIgnoresAuth(int strongAuth) {

        mKeyguardUpdateMonitor.dispatchStartedWakingUp();

        mTestableLooper.processAllMessages();

        when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(

                KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);

        when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(strongAuth);



        mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);

        verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());