Merge "Remove mandatory_biometrics flag" into main (4982f746) · Commits · e / os / android_frameworks_base

core/java/android/hardware/biometrics/PromptInfo.java

+1 −3

Original line number	Diff line number	Diff line
		@@ -198,9 +198,7 @@ public class PromptInfo implements Parcelable {
		return true;
		} else if (mContentView != null && isContentViewMoreOptionsButtonUsed()) {
		return true;
		} else if (Flags.mandatoryBiometrics()
		&& (mAuthenticators & BiometricManager.Authenticators.IDENTITY_CHECK)
		!= 0) {
		} else if ((mAuthenticators & BiometricManager.Authenticators.IDENTITY_CHECK) != 0) {
		return true;
		}
		return false;

core/java/android/hardware/biometrics/flags.aconfig

+0 −7

Original line number	Diff line number	Diff line
		@@ -25,13 +25,6 @@ flag {
		bug: "302735104"
		}

		flag {
		name: "mandatory_biometrics"
		namespace: "biometrics_framework"
		description: "This flag controls whether LSKF fallback is removed from biometric prompt when the phone is outside trusted locations"
		bug: "322081563"
		}

		flag {
		name: "screen_off_unlock_udfps"
		is_exported: true

services/core/java/com/android/server/biometrics/PreAuthInfo.java

+3 −5

Original line number	Diff line number	Diff line
		@@ -210,8 +210,7 @@ class PreAuthInfo {
		final boolean isMandatoryBiometricsRequested =
		(authenticators & BiometricManager.Authenticators.IDENTITY_CHECK)
		== BiometricManager.Authenticators.IDENTITY_CHECK;
		if (Flags.mandatoryBiometrics() && isMandatoryBiometricsEnabled
		&& isMandatoryBiometricsRequested) {
		if (isMandatoryBiometricsEnabled && isMandatoryBiometricsRequested) {
		try {
		final boolean isInSignificantPlace = trustManager.isInSignificantPlace();
		return !isInSignificantPlace;
		@@ -371,7 +370,7 @@ class PreAuthInfo {
		return hardwareNotDetected;
		}

		if (Flags.mandatoryBiometrics() && biometricAppNotAllowed != null) {
		if (biometricAppNotAllowed != null) {
		return biometricAppNotAllowed;
		}

		@@ -459,8 +458,7 @@ class PreAuthInfo {
		} else if (credentialRequested) {
		modality \|= TYPE_CREDENTIAL;
		status = credentialAvailable ? AUTHENTICATOR_OK : CREDENTIAL_NOT_ENROLLED;
		} else if (Flags.mandatoryBiometrics() && mOnlyMandatoryBiometricsRequested
		&& !mIsMandatoryBiometricsAuthentication) {
		} else if (mOnlyMandatoryBiometricsRequested && !mIsMandatoryBiometricsAuthentication) {
		status = MANDATORY_BIOMETRIC_UNAVAILABLE_ERROR;
		} else {
		// This should not be possible via the public API surface and is here mainly for

services/core/java/com/android/server/biometrics/Utils.java

+6 −15

Original line number	Diff line number	Diff line
		@@ -50,7 +50,6 @@ import android.hardware.biometrics.BiometricConstants;
		import android.hardware.biometrics.BiometricManager;
		import android.hardware.biometrics.BiometricPrompt;
		import android.hardware.biometrics.BiometricPrompt.AuthenticationResultType;
		import android.hardware.biometrics.Flags;
		import android.hardware.biometrics.IBiometricService;
		import android.hardware.biometrics.PromptInfo;
		import android.hardware.biometrics.SensorProperties;
		@@ -254,14 +253,10 @@ public class Utils {
		// Check if any of the non-biometric and non-credential bits are set. If so, this is
		// invalid.
		final int testBits;
		if (Flags.mandatoryBiometrics()) {
		testBits = ~(Authenticators.DEVICE_CREDENTIAL
		\| Authenticators.BIOMETRIC_MIN_STRENGTH
		\| Authenticators.IDENTITY_CHECK);
		} else {
		testBits = ~(Authenticators.DEVICE_CREDENTIAL
		\| Authenticators.BIOMETRIC_MIN_STRENGTH);
		}

		if ((authenticators & testBits) != 0) {
		Slog.e(BiometricService.TAG, "Non-biometric, non-credential bits found."
		+ " Authenticators: " + authenticators);
		@@ -322,9 +317,7 @@ public class Utils {
		break;
		case BiometricConstants.BIOMETRIC_ERROR_LOCKOUT:
		case BiometricConstants.BIOMETRIC_ERROR_LOCKOUT_PERMANENT:
		biometricManagerCode = Flags.mandatoryBiometrics()
		? BiometricManager.BIOMETRIC_ERROR_LOCKOUT
		: BiometricManager.BIOMETRIC_SUCCESS;
		biometricManagerCode = BiometricManager.BIOMETRIC_ERROR_LOCKOUT;
		break;
		case BiometricConstants.BIOMETRIC_ERROR_SENSOR_PRIVACY_ENABLED:
		biometricManagerCode = BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE;
		@@ -399,9 +392,7 @@ public class Utils {
		case MANDATORY_BIOMETRIC_UNAVAILABLE_ERROR:
		return BiometricConstants.BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE;
		case BIOMETRIC_NOT_ENABLED_FOR_APPS:
		if (Flags.mandatoryBiometrics()) {
		return BiometricConstants.BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS;
		}
		case BIOMETRIC_DISABLED_BY_DEVICE_POLICY:
		case BIOMETRIC_HARDWARE_NOT_DETECTED:
		default:

services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java

+4 −57

Original line number	Diff line number	Diff line
		@@ -597,9 +597,7 @@ public class BiometricServiceTest {
		waitForIdle();
		verify(mReceiver1).onError(
		eq(BiometricAuthenticator.TYPE_NONE),
		eq(Flags.mandatoryBiometrics()
		? BiometricConstants.BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS
		: BiometricConstants.BIOMETRIC_ERROR_HW_UNAVAILABLE),
		eq(BiometricConstants.BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS),
		eq(0 /* vendorCode */));

		// Enrolled, not disabled in settings, user requires confirmation in settings
		@@ -1492,28 +1490,6 @@ public class BiometricServiceTest {
		}

		@Test
		@RequiresFlagsDisabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		public void testCanAuthenticate_whenBiometricsNotEnabledForApps_returnsHardwareUnavailable()
		throws Exception {
		setupAuthForOnly(TYPE_FACE, Authenticators.BIOMETRIC_STRONG);
		when(mBiometricService.mSettingObserver.getEnabledForApps(anyInt(), anyInt()))
		.thenReturn(false);
		when(mTrustManager.isDeviceSecure(anyInt(), anyInt()))
		.thenReturn(true);

		// When only biometric is requested
		int authenticators = Authenticators.BIOMETRIC_STRONG;
		assertEquals(BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE,
		invokeCanAuthenticate(mBiometricService, authenticators));

		// When credential and biometric are requested
		authenticators = Authenticators.BIOMETRIC_STRONG \| Authenticators.DEVICE_CREDENTIAL;
		assertEquals(BiometricManager.BIOMETRIC_SUCCESS,
		invokeCanAuthenticate(mBiometricService, authenticators));
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		public void testCanAuthenticate_whenBiometricsNotEnabledForApps() throws Exception {
		setupAuthForOnly(TYPE_FACE, Authenticators.BIOMETRIC_STRONG);
		when(mBiometricService.mSettingObserver.getEnabledForApps(anyInt(), anyInt()))
		@@ -1555,44 +1531,15 @@ public class BiometricServiceTest {
		}

		@Test
		@RequiresFlagsDisabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		public void testCanAuthenticate_whenLockoutTimed() throws Exception {
		testCanAuthenticate_whenLockedOut(LockoutTracker.LOCKOUT_TIMED);
		}

		@Test
		@RequiresFlagsDisabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		public void testCanAuthenticate_whenLockoutPermanent() throws Exception {
		testCanAuthenticate_whenLockedOut(LockoutTracker.LOCKOUT_PERMANENT);
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		public void testCanAuthenticate_whenLockoutTimed_returnsLockoutError() throws Exception {
		testCanAuthenticate_whenLockedOut_returnLockoutError(LockoutTracker.LOCKOUT_TIMED);
		}

		@Test
		@RequiresFlagsEnabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		public void testCanAuthenticate_whenLockoutPermanent_returnsLockoutError() throws Exception {
		testCanAuthenticate_whenLockedOut_returnLockoutError(LockoutTracker.LOCKOUT_PERMANENT);
		}

		@RequiresFlagsDisabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		private void testCanAuthenticate_whenLockedOut(@LockoutTracker.LockoutMode int lockoutMode)
		throws Exception {
		// When only biometric is requested, and sensor is strong enough
		setupAuthForOnly(TYPE_FINGERPRINT, Authenticators.BIOMETRIC_STRONG);

		when(mFingerprintAuthenticator.getLockoutModeForUser(anyInt()))
		.thenReturn(lockoutMode);

		// Lockout is not considered an error for BiometricManager#canAuthenticate
		assertEquals(BiometricManager.BIOMETRIC_SUCCESS,
		invokeCanAuthenticate(mBiometricService, Authenticators.BIOMETRIC_STRONG));
		}

		@RequiresFlagsEnabled(Flags.FLAG_MANDATORY_BIOMETRICS)
		private void testCanAuthenticate_whenLockedOut_returnLockoutError(
		@LockoutTracker.LockoutMode int lockoutMode)
		throws Exception {
		@@ -1608,7 +1555,7 @@ public class BiometricServiceTest {
		}

		@Test
		@RequiresFlagsEnabled({Flags.FLAG_MANDATORY_BIOMETRICS, Flags.FLAG_IDENTITY_CHECK_TEST_API})
		@RequiresFlagsEnabled(Flags.FLAG_IDENTITY_CHECK_TEST_API)
		public void testCanAuthenticate_whenMandatoryBiometricsRequested()
		throws Exception {
		mBiometricService = new BiometricService(mContext, mInjector, mBiometricHandlerProvider);
		@@ -1630,7 +1577,7 @@ public class BiometricServiceTest {
		}

		@Test
		@RequiresFlagsEnabled({Flags.FLAG_MANDATORY_BIOMETRICS, Flags.FLAG_IDENTITY_CHECK_TEST_API})
		@RequiresFlagsEnabled(Flags.FLAG_IDENTITY_CHECK_TEST_API)
		public void testCanAuthenticate_whenMandatoryBiometricsAndStrongAuthenticatorsRequested()
		throws Exception {
		mBiometricService = new BiometricService(mContext, mInjector, mBiometricHandlerProvider);
		@@ -1654,7 +1601,7 @@ public class BiometricServiceTest {
		}

		@Test
		@RequiresFlagsEnabled({Flags.FLAG_MANDATORY_BIOMETRICS, Flags.FLAG_IDENTITY_CHECK_TEST_API})
		@RequiresFlagsEnabled(Flags.FLAG_IDENTITY_CHECK_TEST_API)
		public void testCanAuthenticate_whenMandatoryBiometricsRequestedAndDeviceCredentialAvailable()
		throws Exception {
		mBiometricService = new BiometricService(mContext, mInjector, mBiometricHandlerProvider);