Log AdaptiveAuthUnlockAfterLockReported atom (9c18e587) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/adaptiveauth/AdaptiveAuthService.java

+51 −3

Original line number	Original line	Diff line number	Diff line
	@@ -32,8 +32,10 @@ import android.os.SystemClock;
	import android.util.Log;		import android.util.Log;
	import android.util.Slog;		import android.util.Slog;
	import android.util.SparseIntArray;		import android.util.SparseIntArray;
			import android.util.SparseLongArray;

	import com.android.internal.annotations.VisibleForTesting;		import com.android.internal.annotations.VisibleForTesting;
			import com.android.internal.util.FrameworkStatsLog;
	import com.android.internal.widget.LockPatternUtils;		import com.android.internal.widget.LockPatternUtils;
	import com.android.internal.widget.LockSettingsInternal;		import com.android.internal.widget.LockSettingsInternal;
	import com.android.internal.widget.LockSettingsStateListener;		import com.android.internal.widget.LockSettingsStateListener;
	@@ -57,6 +59,8 @@ public class AdaptiveAuthService extends SystemService {
	private static final int MSG_REPORT_BIOMETRIC_AUTH_ATTEMPT = 2;		private static final int MSG_REPORT_BIOMETRIC_AUTH_ATTEMPT = 2;
	private static final int AUTH_SUCCESS = 1;		private static final int AUTH_SUCCESS = 1;
	private static final int AUTH_FAILURE = 0;		private static final int AUTH_FAILURE = 0;
			private static final int TYPE_PRIMARY_AUTH = 0;
			private static final int TYPE_BIOMETRIC_AUTH = 1;

	private final LockPatternUtils mLockPatternUtils;		private final LockPatternUtils mLockPatternUtils;
	private final LockSettingsInternal mLockSettings;		private final LockSettingsInternal mLockSettings;
	@@ -67,6 +71,7 @@ public class AdaptiveAuthService extends SystemService {
	private final UserManagerInternal mUserManager;		private final UserManagerInternal mUserManager;
	@VisibleForTesting		@VisibleForTesting
	final SparseIntArray mFailedAttemptsForUser = new SparseIntArray();		final SparseIntArray mFailedAttemptsForUser = new SparseIntArray();
			private final SparseLongArray mLastLockedTimestamp = new SparseLongArray();

	public AdaptiveAuthService(Context context) {		public AdaptiveAuthService(Context context) {
	this(context, new LockPatternUtils(context));		this(context, new LockPatternUtils(context));
	@@ -170,7 +175,7 @@ public class AdaptiveAuthService extends SystemService {
	Slog.d(TAG, "handleReportPrimaryAuthAttempt: success=" + success		Slog.d(TAG, "handleReportPrimaryAuthAttempt: success=" + success
	+ ", userId=" + userId);		+ ", userId=" + userId);
	}		}
	reportAuthAttempt(success, userId);		reportAuthAttempt(TYPE_PRIMARY_AUTH, success, userId);
	}		}

	private void handleReportBiometricAuthAttempt(boolean success, int userId) {		private void handleReportBiometricAuthAttempt(boolean success, int userId) {
	@@ -178,13 +183,24 @@ public class AdaptiveAuthService extends SystemService {
	Slog.d(TAG, "handleReportBiometricAuthAttempt: success=" + success		Slog.d(TAG, "handleReportBiometricAuthAttempt: success=" + success
	+ ", userId=" + userId);		+ ", userId=" + userId);
	}		}
	reportAuthAttempt(success, userId);		reportAuthAttempt(TYPE_BIOMETRIC_AUTH, success, userId);
	}		}

	private void reportAuthAttempt(boolean success, int userId) {		private void reportAuthAttempt(int authType, boolean success, int userId) {
	if (success) {		if (success) {
	// Deleting the entry effectively resets the counter of failed attempts for the user		// Deleting the entry effectively resets the counter of failed attempts for the user
	mFailedAttemptsForUser.delete(userId);		mFailedAttemptsForUser.delete(userId);

			// Collect metrics if the device was locked by adaptive auth before
			if (mLastLockedTimestamp.indexOfKey(userId) >= 0) {
			final long lastLockedTime = mLastLockedTimestamp.get(userId);
			collectTimeElapsedSinceLastLocked(
			lastLockedTime, SystemClock.elapsedRealtime(), authType);

			// Remove the entry for the last locked time because a successful auth just happened
			// and metrics have been collected
			mLastLockedTimestamp.delete(userId);
			}
	return;		return;
	}		}

	@@ -210,6 +226,34 @@ public class AdaptiveAuthService extends SystemService {
	lockDevice(userId);		lockDevice(userId);
	}		}

			private static void collectTimeElapsedSinceLastLocked(long lastLockedTime, long authTime,
			int authType) {
			final int unlockType = switch (authType) {
			case TYPE_PRIMARY_AUTH -> FrameworkStatsLog
			.ADAPTIVE_AUTH_UNLOCK_AFTER_LOCK_REPORTED__UNLOCK_TYPE__PRIMARY_AUTH;
			case TYPE_BIOMETRIC_AUTH -> FrameworkStatsLog
			.ADAPTIVE_AUTH_UNLOCK_AFTER_LOCK_REPORTED__UNLOCK_TYPE__BIOMETRIC_AUTH;
			default -> FrameworkStatsLog
			.ADAPTIVE_AUTH_UNLOCK_AFTER_LOCK_REPORTED__UNLOCK_TYPE__UNKNOWN;
			};

			if (DEBUG) {
			Slog.d(TAG, "collectTimeElapsedSinceLastLockedForUser: "
			+ "lastLockedTime=" + lastLockedTime
			+ ", authTime=" + authTime
			+ ", unlockType=" + unlockType);
			}

			// This usually shouldn't happen, and just check out of an abundance of caution
			if (lastLockedTime > authTime) {
			return;
			}

			// Log to statsd
			FrameworkStatsLog.write(FrameworkStatsLog.ADAPTIVE_AUTH_UNLOCK_AFTER_LOCK_REPORTED,
			lastLockedTime, authTime, unlockType);
			}

	/**		/**
	* Locks the device and requires primary auth or biometric auth for unlocking		* Locks the device and requires primary auth or biometric auth for unlocking
	*/		*/
	@@ -234,5 +278,9 @@ public class AdaptiveAuthService extends SystemService {

	// Lock the device		// Lock the device
	mWindowManager.lockNow();		mWindowManager.lockNow();

			// Record the time that the device is locked by adaptive auth to collect metrics when the
			// next successful primary or biometric auth happens
			mLastLockedTimestamp.put(userId, SystemClock.elapsedRealtime());
	}		}
	}		}