Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 47f27e64 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Specify UID in getAuthenticatorIds"

parents 9974b955 6e14fdc4

core/java/android/hardware/biometrics/BiometricManager.java

+15 −4
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ import android.annotation.SystemApi; 
import android.annotation.SystemService;

import android.content.Context;

import android.os.RemoteException;

import android.security.keystore.KeyGenParameterSpec;

import android.os.UserHandle;

import android.security.keystore.KeyProperties;

import android.util.Slog;
@@ -334,11 +334,23 @@ public class BiometricManager { 
     * in Keystore land as SIDs, and are used during key generation.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public long[] getAuthenticatorIds() {

        return getAuthenticatorIds(UserHandle.getCallingUserId());

    }



    /**

     * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates,

     * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known

     * in Keystore land as SIDs, and are used during key generation.

     *

     * @param userId Android user ID for user to look up.

     *

     * @hide

     */

    public long[] getAuthenticatorIds(int userId) {

        if (mService != null) {

            try {

                return mService.getAuthenticatorIds();

                return mService.getAuthenticatorIds(userId);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }
@@ -347,6 +359,5 @@ public class BiometricManager { 
            return new long[0];

        }

    }



}

core/java/android/hardware/biometrics/IAuthService.aidl

+3 −1
Original line number Diff line number Diff line
@@ -55,5 +55,7 @@ interface IAuthService { 
    // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet

    // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore

    // land as SIDs, and are used during key generation.

    long[] getAuthenticatorIds();

    // If userId is not equal to the calling user ID, the caller must have the

    // USE_BIOMETRIC_INTERNAL permission.

    long[] getAuthenticatorIds(in int userId);

}

services/core/java/com/android/server/biometrics/AuthService.java

+6 −2
Original line number Diff line number Diff line
@@ -289,7 +289,7 @@ public class AuthService extends SystemService { 
        }



        @Override

        public long[] getAuthenticatorIds() throws RemoteException {

        public long[] getAuthenticatorIds(int userId) throws RemoteException {

            // In this method, we're not checking whether the caller is permitted to use face

            // API because current authenticator ID is leaked (in a more contrived way) via Android

            // Keystore (android.security.keystore package): the user of that API can create a key
@@ -307,9 +307,13 @@ public class AuthService extends SystemService { 
            // method from inside app processes.



            final int callingUserId = UserHandle.getCallingUserId();

            if (userId != callingUserId) {

                getContext().enforceCallingOrSelfPermission(USE_BIOMETRIC_INTERNAL,

                        "Must have " + USE_BIOMETRIC_INTERNAL + " permission.");

            }

            final long identity = Binder.clearCallingIdentity();

            try {

                return mBiometricService.getAuthenticatorIds(callingUserId);

                return mBiometricService.getAuthenticatorIds(userId);

            } finally {

                Binder.restoreCallingIdentity(identity);

            }