Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 56d6b079 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Finish authentication client when rejected 

For passive modalities, the HAL enters the idle state after getting
a reject. This is in contrast to fingerprint, which currently stays
in the authenticating state until either onAuthenticated(true) lockout.

Fixes: 124340515

Test: manual
Change-Id: Ifd4f1d34c77c847e3844185c748f59e8e3ed6106
parent a38653cb

services/core/java/com/android/server/biometrics/BiometricService.java

+14 −32
Original line number Diff line number Diff line
@@ -273,15 +273,12 @@ public class BiometricService extends SystemService { 
         */

        private static final int STATE_AUTH_STARTED = 2;

        /**

         * Authentication is paused, waiting for the user to press "try again" button. Since the

         * try again button requires us to cancel authentication, this represents the state where

         * ERROR_CANCELED is not received yet.

         * Authentication is paused, waiting for the user to press "try again" button. Only

         * passive modalities such as Face or Iris should have this state. Note that for passive

         * modalities, the HAL enters the idle state after onAuthenticated(false) which differs from

         * fingerprint.

         */

        private static final int STATE_AUTH_PAUSED = 3;

        /**

         * Same as above, except the ERROR_CANCELED has been received.

         */

        private static final int STATE_AUTH_PAUSED_CANCELED = 4;

        /**

         * Authentication is successful, but we're waiting for the user to press "confirm" button.

         */
@@ -457,11 +454,6 @@ public class BiometricService extends SystemService { 
                        // Pause authentication. onBiometricAuthenticated(false) causes the

                        // dialog to show a "try again" button for passive modalities.

                        mCurrentAuthSession.mState = STATE_AUTH_PAUSED;

                        // Cancel authentication. Skip the token/package check since we are

                        // cancelling from system server. The interface is permission protected so

                        // this is fine.

                        cancelInternal(null /* token */, null /* package */,

                                false /* fromClient */);

                    }



                    mCurrentAuthSession.mClientReceiver.onAuthenticationFailed();
@@ -507,15 +499,7 @@ public class BiometricService extends SystemService { 
                                    }

                                }, BiometricPrompt.HIDE_DIALOG_DELAY);

                            }

                        } else if (mCurrentAuthSession.mState == STATE_AUTH_PAUSED

                                || mCurrentAuthSession.mState == STATE_AUTH_PAUSED_CANCELED) {

                            if (mCurrentAuthSession.mState == STATE_AUTH_PAUSED

                                    && error == BiometricConstants.BIOMETRIC_ERROR_CANCELED) {

                                // Skip the first ERROR_CANCELED message when this happens, since

                                // "try again" requires us to cancel authentication but keep

                                // the prompt showing.

                                mCurrentAuthSession.mState = STATE_AUTH_PAUSED_CANCELED;

                            } else {

                        } else if (mCurrentAuthSession.mState == STATE_AUTH_PAUSED) {

                            // In the "try again" state, we should forward canceled errors to

                            // the client and and clean up.

                            mCurrentAuthSession.mClientReceiver.onError(error, message);
@@ -524,7 +508,6 @@ public class BiometricService extends SystemService { 
                                    mTaskStackListener);

                            mCurrentAuthSession.mState = STATE_AUTH_IDLE;

                            mCurrentAuthSession = null;

                            }

                        } else {

                            Slog.e(TAG, "Impossible session error state: "

                                    + mCurrentAuthSession.mState);
@@ -705,8 +688,7 @@ public class BiometricService extends SystemService { 


            if (mPendingAuthSession.mModalitiesWaiting.isEmpty()) {

                final boolean continuing = mCurrentAuthSession != null &&

                        (mCurrentAuthSession.mState == STATE_AUTH_PAUSED

                                || mCurrentAuthSession.mState == STATE_AUTH_PAUSED_CANCELED);

                        (mCurrentAuthSession.mState == STATE_AUTH_PAUSED);



                mCurrentAuthSession = mPendingAuthSession;

                mPendingAuthSession = null;

services/core/java/com/android/server/biometrics/face/FaceService.java

+14 −0
Original line number Diff line number Diff line
@@ -103,6 +103,20 @@ public class FaceService extends BiometricServiceBase { 
        public boolean shouldFrameworkHandleLockout() {

            return false;

        }



        @Override

        public boolean onAuthenticated(BiometricAuthenticator.Identifier identifier,

                boolean authenticated, ArrayList<Byte> token) {

            final boolean result = super.onAuthenticated(identifier, authenticated, token);



            // For face, the authentication lifecycle ends either when

            // 1) Authenticated == true

            // 2) Error occurred

            // 3) Authenticated == false

            // Fingerprint currently does not end when the third condition is met which is a bug,

            // but let's leave it as-is for now.

            return result || !authenticated;

        }

    }



    /**