Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8115bfc7 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Add BiometricPrompt.Builder#setAllowBackgroundAuthentication TestApi 

By default, auth via BiometricPrompt is not allowed unless the
caller is foreground. However, for cases like CTS, which may request
auth from the test itself (and not a test activity, which has no
way of getting access to protected TestApis), auth is requested
from background.

This would also allow us to easily add regression tests for the
security bug b/159249069

Bug: 163058911
Test: atest CtsBiometricsTestCases
Test: atest com.android.server.biometrics
Change-Id: I74bfdcd7989aa9256d1bf10eefae354983b42e6c
parent f8e775a3

core/api/test-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -1028,9 +1028,11 @@ package android.hardware.biometrics { 


  public class BiometricPrompt {

    method @NonNull public java.util.List<java.lang.Integer> getAllowedSensorIds();

    method public boolean isAllowBackgroundAuthentication();

  }



  public static class BiometricPrompt.Builder {

    method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.TEST_BIOMETRIC, "android.permission.USE_BIOMETRIC_INTERNAL"}) public android.hardware.biometrics.BiometricPrompt.Builder setAllowBackgroundAuthentication(boolean);

    method @NonNull @RequiresPermission(anyOf={android.Manifest.permission.TEST_BIOMETRIC, "android.permission.USE_BIOMETRIC_INTERNAL"}) public android.hardware.biometrics.BiometricPrompt.Builder setAllowedSensorIds(@NonNull java.util.List<java.lang.Integer>);

  }

core/java/android/hardware/biometrics/BiometricPrompt.java

+23 −0
Original line number Diff line number Diff line
@@ -367,6 +367,20 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan 
            return this;

        }



        /**

         * @param allow If true, allows authentication when the calling package is not in the

         *              foreground. This is set to false by default.

         * @return This builder

         * @hide

         */

        @TestApi

        @NonNull

        @RequiresPermission(anyOf = {TEST_BIOMETRIC, USE_BIOMETRIC_INTERNAL})

        public Builder setAllowBackgroundAuthentication(boolean allow) {

            mPromptInfo.setAllowBackgroundAuthentication(allow);

            return this;

        }



        /**

         * If set check the Device Policy Manager for disabled biometrics.

         *
@@ -619,6 +633,15 @@ public class BiometricPrompt implements BiometricAuthenticator, BiometricConstan 
        return mPromptInfo.getAllowedSensorIds();

    }



    /**

     * @return The value set by {@link Builder#setAllowBackgroundAuthentication(boolean)}

     * @hide

     */

    @TestApi

    public boolean isAllowBackgroundAuthentication() {

        return mPromptInfo.isAllowBackgroundAuthentication();

    }



    /**

     * A wrapper class for the cryptographic operations supported by BiometricPrompt.

     *

core/java/android/hardware/biometrics/IBiometricAuthenticator.aidl

+1 −1
Original line number Diff line number Diff line
@@ -48,7 +48,7 @@ interface IBiometricAuthenticator { 
    // startPreparedClient().

    void prepareForAuthentication(boolean requireConfirmation, IBinder token, long operationId,

            int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName,

            int cookie);

            int cookie, boolean allowBackgroundAuthentication);



    // Starts authentication with the previously prepared client.

    void startPreparedClient(int cookie);

core/java/android/hardware/biometrics/PromptInfo.java

+13 −0
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ public class PromptInfo implements Parcelable { 
    private boolean mDisallowBiometricsIfPolicyExists;

    private boolean mReceiveSystemEvents;

    @NonNull private List<Integer> mAllowedSensorIds = new ArrayList<>();

    private boolean mAllowBackgroundAuthentication;



    public PromptInfo() {
@@ -64,6 +65,7 @@ public class PromptInfo implements Parcelable { 
        mDisallowBiometricsIfPolicyExists = in.readBoolean();

        mReceiveSystemEvents = in.readBoolean();

        mAllowedSensorIds = in.readArrayList(Integer.class.getClassLoader());

        mAllowBackgroundAuthentication = in.readBoolean();

    }



    public static final Creator<PromptInfo> CREATOR = new Creator<PromptInfo>() {
@@ -99,11 +101,14 @@ public class PromptInfo implements Parcelable { 
        dest.writeBoolean(mDisallowBiometricsIfPolicyExists);

        dest.writeBoolean(mReceiveSystemEvents);

        dest.writeList(mAllowedSensorIds);

        dest.writeBoolean(mAllowBackgroundAuthentication);

    }



    public boolean containsTestConfigurations() {

        if (!mAllowedSensorIds.isEmpty()) {

            return true;

        } else if (mAllowBackgroundAuthentication) {

            return true;

        }

        return false;

    }
@@ -183,6 +188,10 @@ public class PromptInfo implements Parcelable { 
        mAllowedSensorIds = sensorIds;

    }



    public void setAllowBackgroundAuthentication(boolean allow) {

        mAllowBackgroundAuthentication = allow;

    }



    // Getters



    public CharSequence getTitle() {
@@ -248,4 +257,8 @@ public class PromptInfo implements Parcelable { 
    public List<Integer> getAllowedSensorIds() {

        return mAllowedSensorIds;

    }



    public boolean isAllowBackgroundAuthentication() {

        return mAllowBackgroundAuthentication;

    }

}

core/java/android/hardware/face/IFaceService.aidl

+1 −1
Original line number Diff line number Diff line
@@ -59,7 +59,7 @@ interface IFaceService { 
    // startPreparedClient().

    void prepareForAuthentication(int sensorId, boolean requireConfirmation, IBinder token, long operationId,

            int userId, IBiometricSensorReceiver sensorReceiver, String opPackageName,

            int cookie);

            int cookie, boolean allowBackgroundAuthentication);



    // Starts authentication with the previously prepared client.

    void startPreparedClient(int sensorId, int cookie);