Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a372cb1c authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Add resetLockoutRequiresChallenge property 

IFace and IFingerprint AIDL interfaces do not require challenge
for resetLockout. Rather, they are time-based. See the HAL interface
for more details.

Bug: 182327296
Test: reset lockout on Pixel4
Test: atest com.android.systemui
Test: atest com.android.server.biometrics
Change-Id: Ibf1130d77e714d15fb9eccd3175027a28de08f7b
parent dd77d27c

core/java/android/hardware/biometrics/SensorPropertiesInternal.java

+8 −2
Original line number Diff line number Diff line
@@ -32,18 +32,22 @@ public class SensorPropertiesInternal implements Parcelable { 
    @SensorProperties.Strength public final int sensorStrength;

    public final int maxEnrollmentsPerUser;

    public final boolean resetLockoutRequiresHardwareAuthToken;

    public final boolean resetLockoutRequiresChallenge;



    public static SensorPropertiesInternal from(@NonNull SensorPropertiesInternal prop) {

        return new SensorPropertiesInternal(prop.sensorId, prop.sensorStrength,

                prop.maxEnrollmentsPerUser, prop.resetLockoutRequiresHardwareAuthToken);

                prop.maxEnrollmentsPerUser, prop.resetLockoutRequiresHardwareAuthToken,

                prop.resetLockoutRequiresChallenge);

    }



    protected SensorPropertiesInternal(int sensorId, @SensorProperties.Strength int sensorStrength,

            int maxEnrollmentsPerUser, boolean resetLockoutRequiresHardwareAuthToken) {

            int maxEnrollmentsPerUser, boolean resetLockoutRequiresHardwareAuthToken,

            boolean resetLockoutRequiresChallenge) {

        this.sensorId = sensorId;

        this.sensorStrength = sensorStrength;

        this.maxEnrollmentsPerUser = maxEnrollmentsPerUser;

        this.resetLockoutRequiresHardwareAuthToken = resetLockoutRequiresHardwareAuthToken;

        this.resetLockoutRequiresChallenge = resetLockoutRequiresChallenge;

    }



    protected SensorPropertiesInternal(Parcel in) {
@@ -51,6 +55,7 @@ public class SensorPropertiesInternal implements Parcelable { 
        sensorStrength = in.readInt();

        maxEnrollmentsPerUser = in.readInt();

        resetLockoutRequiresHardwareAuthToken = in.readBoolean();

        resetLockoutRequiresChallenge = in.readBoolean();

    }



    public static final Creator<SensorPropertiesInternal> CREATOR =
@@ -77,6 +82,7 @@ public class SensorPropertiesInternal implements Parcelable { 
        dest.writeInt(sensorStrength);

        dest.writeInt(maxEnrollmentsPerUser);

        dest.writeBoolean(resetLockoutRequiresHardwareAuthToken);

        dest.writeBoolean(resetLockoutRequiresChallenge);

    }



    @Override

core/java/android/hardware/face/FaceSensorPropertiesInternal.java

+2 −2
Original line number Diff line number Diff line
@@ -41,11 +41,11 @@ public class FaceSensorPropertiesInternal extends SensorPropertiesInternal { 
     */

    public FaceSensorPropertiesInternal(int sensorId, @SensorProperties.Strength int strength,

            int maxEnrollmentsPerUser, boolean supportsFaceDetection,

            boolean supportsSelfIllumination) {

            boolean supportsSelfIllumination, boolean resetLockoutRequiresChallenge) {

        // resetLockout is managed by the HAL and requires a HardwareAuthToken for all face

        // HAL interfaces (IBiometricsFace@1.0 HIDL and IFace@1.0 AIDL).

        super(sensorId, strength, maxEnrollmentsPerUser,

                true /* resetLockoutRequiresHardwareAuthToken */);

                true /* resetLockoutRequiresHardwareAuthToken */, resetLockoutRequiresChallenge);

        this.supportsFaceDetection = supportsFaceDetection;

        this.supportsSelfIllumination = supportsSelfIllumination;

    }

core/java/android/hardware/fingerprint/FingerprintSensorPropertiesInternal.java

+8 −2
Original line number Diff line number Diff line
@@ -62,7 +62,12 @@ public class FingerprintSensorPropertiesInternal extends SensorPropertiesInterna 
            @FingerprintSensorProperties.SensorType int sensorType,

            boolean resetLockoutRequiresHardwareAuthToken, int sensorLocationX, int sensorLocationY,

            int sensorRadius) {

        super(sensorId, strength, maxEnrollmentsPerUser, resetLockoutRequiresHardwareAuthToken);

        // IBiometricsFingerprint@2.1 handles lockout in the framework, so the challenge is not

        // required as it can only be generated/attested/verified by TEE components.

        // IFingerprint@1.0 handles lockout below the HAL, but does not require a challenge. See

        // the HAL interface for more details.

        super(sensorId, strength, maxEnrollmentsPerUser, resetLockoutRequiresHardwareAuthToken,

                false /* resetLockoutRequiresChallenge */);

        this.sensorType = sensorType;

        this.sensorLocationX = sensorLocationX;

        this.sensorLocationY = sensorLocationY;
@@ -91,7 +96,8 @@ public class FingerprintSensorPropertiesInternal extends SensorPropertiesInterna 
            @SensorProperties.Strength int strength, int maxEnrollmentsPerUser,

            @FingerprintSensorProperties.SensorType int sensorType,

            boolean resetLockoutRequiresHardwareAuthToken) {

        super(sensorId, strength, maxEnrollmentsPerUser, resetLockoutRequiresHardwareAuthToken);

        super(sensorId, strength, maxEnrollmentsPerUser, resetLockoutRequiresHardwareAuthToken,

                false /* resetLockoutRequiresChallenge */);

        this.sensorType = sensorType;



        int[] props = context.getResources().getIntArray(

packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java

+2 −1
Original line number Diff line number Diff line
@@ -195,7 +195,8 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { 
        when(mFaceSensorProperties.get(anyInt())).thenReturn(new FaceSensorPropertiesInternal(

                0 /* id */,

                FaceSensorProperties.STRENGTH_STRONG, 1 /* maxTemplatesAllowed */,

                false /* supportsFaceDetection */, true /* supportsSelfIllumination */));

                false /* supportsFaceDetection */, true /* supportsSelfIllumination */,

                false /* resetLockoutRequiresChallenge */));



        when(mFingerprintManager.isHardwareDetected()).thenReturn(true);

        when(mFingerprintManager.hasEnrolledTemplates(anyInt())).thenReturn(true);

services/core/java/com/android/server/biometrics/sensors/face/aidl/FaceProvider.java

+1 −1
Original line number Diff line number Diff line
@@ -137,7 +137,7 @@ public class FaceProvider implements IBinder.DeathRecipient, ServiceProvider { 
            final FaceSensorPropertiesInternal internalProp = new FaceSensorPropertiesInternal(

                    prop.commonProps.sensorId, prop.commonProps.sensorStrength,

                    prop.commonProps.maxEnrollmentsPerUser, false /* supportsFaceDetection */,

                    prop.halControlsPreview);

                    prop.halControlsPreview, false /* resetLockoutRequiresChallenge */);

            final Sensor sensor = new Sensor(getTag() + "/" + sensorId, this, mContext, mHandler,

                    internalProp);