Limit number of fingerprint templates that can be enrolled per device user (599ef0e3) · Commits · e / os / android_frameworks_base

core/res/res/values/config.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -2196,6 +2196,9 @@
		<!-- Keyguard component -->
		<string name="config_keyguardComponent" translatable="false">com.android.systemui/com.android.systemui.keyguard.KeyguardService</string>

		<!-- For performance and storage reasons, limit the number of fingerprints per user -->
		<integer name="config_fingerprintMaxTemplatesPerUser">5</integer>

		<!-- This config is used to force VoiceInteractionService to start on certain low ram devices.
		It declares the package name of VoiceInteractionService that should be started. -->
		<string translatable="false" name="config_forceVoiceInteractionServicePackage"></string>

core/res/res/values/symbols.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -2125,6 +2125,9 @@
		<java-symbol type="string" name="fingerprint_error_lockout" />
		<java-symbol type="string" name="fingerprint_name_template" />

		<!-- Fingerprint config -->
		<java-symbol type="integer" name="config_fingerprintMaxTemplatesPerUser"/>

		<!-- From various Material changes -->
		<java-symbol type="attr" name="titleTextAppearance" />
		<java-symbol type="attr" name="subtitleTextAppearance" />

services/core/java/com/android/server/fingerprint/FingerprintService.java

+16 −6

Original line number	Diff line number	Diff line
		@@ -33,6 +33,7 @@ import android.os.MessageQueue;
		import android.os.RemoteException;
		import android.os.SELinux;
		import android.os.ServiceManager;
		import android.os.UserHandle;
		import android.util.Slog;

		import com.android.server.SystemService;
		@@ -389,12 +390,12 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
		}
		}

		public List<Fingerprint> getEnrolledFingerprints(int groupId) {
		return mFingerprintUtils.getFingerprintsForUser(mContext, groupId);
		public List<Fingerprint> getEnrolledFingerprints(int userId) {
		return mFingerprintUtils.getFingerprintsForUser(mContext, userId);
		}

		public boolean hasEnrolledFingerprints(int groupId) {
		return mFingerprintUtils.getFingerprintsForUser(mContext, groupId).size() > 0;
		public boolean hasEnrolledFingerprints(int userId) {
		return mFingerprintUtils.getFingerprintsForUser(mContext, userId).size() > 0;
		}

		boolean hasPermission(String permission) {
		@@ -598,6 +599,15 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
		public void enroll(final IBinder token, final byte[] cryptoToken, final int groupId,
		final IFingerprintServiceReceiver receiver, final int flags) {
		checkPermission(MANAGE_FINGERPRINT);
		final int limit = mContext.getResources().getInteger(
		com.android.internal.R.integer.config_fingerprintMaxTemplatesPerUser);
		final int callingUid = Binder.getCallingUid();
		final int userId = UserHandle.getUserId(callingUid);
		final int enrolled = FingerprintService.this.getEnrolledFingerprints(userId).size();
		if (enrolled >= limit) {
		Slog.w(TAG, "Too many fingerprints registered");
		return;
		}
		final byte [] cryptoClone = Arrays.copyOf(cryptoToken, cryptoToken.length);

		final boolean restricted = isRestricted();
		@@ -689,11 +699,11 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
		}

		@Override // Binder call
		public List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName) {
		public List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName) {
		if (!canUseFingerprint(opPackageName)) {
		return Collections.emptyList();
		}
		return FingerprintService.this.getEnrolledFingerprints(groupId);
		return FingerprintService.this.getEnrolledFingerprints(userId);
		}

		@Override // Binder call