Define strong auth flags for Secure Lock Device

                        STRONG_AUTH_REQUIRED_AFTER_NON_STRONG_BIOMETRICS_TIMEOUT,

                        SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED,

                        SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST,

                        SOME_AUTH_REQUIRED_AFTER_WATCH_DISCONNECTED})

                        SOME_AUTH_REQUIRED_AFTER_WATCH_DISCONNECTED,

                        PRIMARY_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE,

                        STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE

                })

        @Retention(RetentionPolicy.SOURCE)

        public @interface StrongAuthFlags {}

         */

        public static final int SOME_AUTH_REQUIRED_AFTER_WATCH_DISCONNECTED = 0x400;

        /**

         * Primary authentication is required as the first factor in Secure Lock Device

         * authentication - all biometric authentication is disabled.

         */

        public static final int PRIMARY_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE = 0x800;

        /**

         * Class 3 biometric-only authentication is required as the second factor

         * in Secure Lock Device authentication - primary authentication and non strong biometric

         * authentication are disabled.

         */

        public static final int STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE = 0x1000;

        /**

         * Strong auth flags that do not prevent biometric methods from being accepted as auth.

         * If any other flags are set, biometric authentication is disabled.

                | SOME_AUTH_REQUIRED_AFTER_USER_REQUEST

                | SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED

                | SOME_AUTH_REQUIRED_AFTER_ADAPTIVE_AUTH_REQUEST

                | SOME_AUTH_REQUIRED_AFTER_WATCH_DISCONNECTED;

                | SOME_AUTH_REQUIRED_AFTER_WATCH_DISCONNECTED

                | STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE;

        private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray();

        private final H mHandler;

import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED;

import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.PRIMARY_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE;

import static com.google.common.truth.Truth.assertThat;

import android.os.UserHandle;

import android.os.UserManager;

import android.platform.test.annotations.DisableFlags;

import android.platform.test.annotations.EnableFlags;

import android.platform.test.annotations.DisabledOnRavenwood;

import android.platform.test.annotations.EnableFlags;

import android.platform.test.flag.junit.SetFlagsRule;

import android.platform.test.ravenwood.RavenwoodRule;

import android.provider.Settings;

                DEMO_USER_ID));

    }

    @Test

    public void biometricsAllowedUpdates_onSecureLockDeviceStrongAuthFlagChanges() {

        // Creates strong auth tracker

        TestStrongAuthTracker tracker = createStrongAuthTracker();

        tracker.changeStrongAuth(STRONG_AUTH_NOT_REQUIRED);

        // Mock auth flag changes when enabling secure lock device

        tracker.changeStrongAuth(

                PRIMARY_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE

                        | STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE);

        // Non-strong biometrics are not allowed during secure lock device

        tracker.changeIsNonStrongBiometricAllowed(false);

        // User has not completed any authentication, all biometrics should be disallowed

        assertFalse(tracker.isBiometricAllowedForUser(

                /* isStrongBiometric = */ false, DEMO_USER_ID));

        assertFalse(tracker.isBiometricAllowedForUser(

                /* isStrongBiometric = */ true, DEMO_USER_ID));

        // After primary auth, secure lock device clears

        // PRIMARY_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE flag, only

        // STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE is set

        tracker.changeStrongAuth(STRONG_BIOMETRIC_AUTH_REQUIRED_FOR_SECURE_LOCK_DEVICE);

        // Non-strong biometrics should still be disallowed

        assertFalse(tracker.isBiometricAllowedForUser(

                /* isStrongBiometric = */ false, DEMO_USER_ID));

        // Strong biometrics should be allowed

        assertTrue(tracker.isBiometricAllowedForUser(

                /* isStrongBiometric = */ true, DEMO_USER_ID));

        // After biometric auth, secure lock device is disabled

        tracker.changeStrongAuth(STRONG_AUTH_NOT_REQUIRED);

        tracker.changeIsNonStrongBiometricAllowed(true);

        // All biometrics should be re-allowed

        assertTrue(tracker.isBiometricAllowedForUser(

                /* isStrongBiometric = */ false, DEMO_USER_ID));

        assertTrue(tracker.isBiometricAllowedForUser(

                /* isStrongBiometric = */ true, DEMO_USER_ID));

    }

    @Test

    public void testUserFrp_isNotRegularUser() throws Exception {

        assertTrue(LockPatternUtils.USER_FRP < 0);

        public void changeStrongAuth(@StrongAuthFlags int strongAuthFlags) {

            handleStrongAuthRequiredChanged(strongAuthFlags, DEMO_USER_ID);

        }

        public void changeIsNonStrongBiometricAllowed(boolean allowed) {

            handleIsNonStrongBiometricAllowedChanged(allowed, DEMO_USER_ID);

        }

    }

    private ILockSettings createTestLockSettings() {