Merge "Identity Check API" into main

    method @FlaggedApi("android.hardware.biometrics.last_authentication_time") @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public long getLastAuthenticationTime(int);

    method @NonNull @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public android.hardware.biometrics.BiometricManager.Strings getStrings(int);

    field public static final int BIOMETRIC_ERROR_HW_UNAVAILABLE = 1; // 0x1

    field @FlaggedApi("android.hardware.biometrics.identity_check_api") public static final int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE = 20; // 0x14

    field public static final int BIOMETRIC_ERROR_NONE_ENROLLED = 11; // 0xb

    field @FlaggedApi("android.hardware.biometrics.identity_check_api") public static final int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS = 21; // 0x15

    field public static final int BIOMETRIC_ERROR_NO_HARDWARE = 12; // 0xc

    field public static final int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED = 15; // 0xf

    field @FlaggedApi("android.hardware.biometrics.last_authentication_time") public static final long BIOMETRIC_NO_AUTHENTICATION = -1L; // 0xffffffffffffffffL

    field public static final int BIOMETRIC_STRONG = 15; // 0xf

    field public static final int BIOMETRIC_WEAK = 255; // 0xff

    field public static final int DEVICE_CREDENTIAL = 32768; // 0x8000

    field @FlaggedApi("android.hardware.biometrics.identity_check_api") public static final int IDENTITY_CHECK = 65536; // 0x10000

  }

  public static class BiometricManager.Strings {

    field public static final int BIOMETRIC_ERROR_CANCELED = 5; // 0x5

    field public static final int BIOMETRIC_ERROR_HW_NOT_PRESENT = 12; // 0xc

    field public static final int BIOMETRIC_ERROR_HW_UNAVAILABLE = 1; // 0x1

    field @FlaggedApi("android.hardware.biometrics.identity_check_api") public static final int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE = 20; // 0x14

    field public static final int BIOMETRIC_ERROR_LOCKOUT = 7; // 0x7

    field public static final int BIOMETRIC_ERROR_LOCKOUT_PERMANENT = 9; // 0x9

    field @FlaggedApi("android.hardware.biometrics.identity_check_api") public static final int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS = 21; // 0x15

    field public static final int BIOMETRIC_ERROR_NO_BIOMETRICS = 11; // 0xb

    field public static final int BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL = 14; // 0xe

    field public static final int BIOMETRIC_ERROR_NO_SPACE = 4; // 0x4

    int BIOMETRIC_ERROR_POWER_PRESSED = 19;

    /**

     * Mandatory biometrics is not in effect.

     * @hide

     * Identity Check is currently not active.

     *

     * This device either doesn't have this feature enabled, or it's not considered in a

     * high-risk environment that requires extra security measures for accessing sensitive data.

     */

    int BIOMETRIC_ERROR_MANDATORY_NOT_ACTIVE = 20;

    @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API)

    int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE = 20;

    /**

     * Biometrics is not allowed to verify in apps.

     * @hide

     * Biometrics is not allowed to verify the user in apps.

     */

    @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API)

    int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS = 21;

    /**

            BIOMETRIC_ERROR_NEGATIVE_BUTTON,

            BIOMETRIC_ERROR_NO_DEVICE_CREDENTIAL,

            BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED,

            BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE,

            BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS,

            BIOMETRIC_PAUSED_REJECTED})

    @Retention(RetentionPolicy.SOURCE)

    @interface Errors {}

            BiometricConstants.BIOMETRIC_ERROR_LOCKOUT;

    /**

     * Mandatory biometrics is not effective.

     * @hide

     * Identity Check is currently not active.

     *

     * This device either doesn't have this feature enabled, or it's not considered in a

     * high-risk environment that requires extra security measures for accessing sensitive data.

     */

    public static final int BIOMETRIC_ERROR_MANDATORY_NOT_ACTIVE =

            BiometricConstants.BIOMETRIC_ERROR_MANDATORY_NOT_ACTIVE;

    @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API)

    public static final int BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE =

            BiometricConstants.BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE;

    /**

     * Biometrics is not allowed to verify in apps.

     * @hide

     * Biometrics is not allowed to verify the user in apps.

     */

    @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API)

    public static final int BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS =

            BiometricConstants.BIOMETRIC_ERROR_NOT_ENABLED_FOR_APPS;

            BIOMETRIC_ERROR_NO_HARDWARE,

            BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED,

            BIOMETRIC_ERROR_LOCKOUT,

            BIOMETRIC_ERROR_MANDATORY_NOT_ACTIVE})

            BIOMETRIC_ERROR_IDENTITY_CHECK_NOT_ACTIVE})

    @Retention(RetentionPolicy.SOURCE)

    public @interface BiometricError {}

                BIOMETRIC_WEAK,

                BIOMETRIC_CONVENIENCE,

                DEVICE_CREDENTIAL,

                MANDATORY_BIOMETRICS,

                IDENTITY_CHECK,

        })

        @Retention(RetentionPolicy.SOURCE)

        @interface Types {}

        int DEVICE_CREDENTIAL = 1 << 15;

        /**

         * The bit is used to request for mandatory biometrics.

         * The bit is used to request for Identity Check.

         *

         * <p> The requirements to trigger mandatory biometrics are as follows:

         * 1. User must have enabled the toggle for mandatory biometrics is settings

         * 2. User must have enrollments for all {@link #BIOMETRIC_STRONG} sensors available

         * 3. The device must not be in a trusted location

         * Identity Check is a feature which requires class 3 biometric authentication to access

         * sensitive surfaces when the device is outside trusted places.

         *

         * <p> The requirements to trigger Identity Check are as follows:

         * 1. User must have enabled the toggle for Identity Check in settings

         * 2. User must have enrollments for at least one {@link #BIOMETRIC_STRONG} sensor

         * 3. The device is determined to be in a high risk environment, for example if it is

         *    outside of the user's trusted locations or fails to meet similar conditions.

         * 4. The Identity Check requirements bit must be true

         * </p>

         *

         * <p> If all the above conditions are satisfied, only {@link #BIOMETRIC_STRONG} sensors

         * will be eligible for authentication, and device credential fallback will be dropped.

         * @hide

         */

        int MANDATORY_BIOMETRICS = 1 << 16;

        @FlaggedApi(Flags.FLAG_IDENTITY_CHECK_API)

        int IDENTITY_CHECK = 1 << 16;

    }

    /**

        } else if (mContentView != null && isContentViewMoreOptionsButtonUsed()) {

            return true;

        } else if (Flags.mandatoryBiometrics()

                && (mAuthenticators & BiometricManager.Authenticators.MANDATORY_BIOMETRICS)

                && (mAuthenticators & BiometricManager.Authenticators.IDENTITY_CHECK)

                != 0) {

            return true;

        }

  description: "This flag controls Whether to enable fp unlock when screen turns off on udfps devices"

  bug: "373792870"

}

flag {

  name: "identity_check_api"

  namespace: "biometrics_framework"

  description: "This flag is for API changes related to Identity Check"

  bug: "373424727"

}