Loading core/java/android/app/AppOpsManager.java +11 −11 Original line number Diff line number Diff line Loading @@ -429,8 +429,8 @@ public class AppOpsManager { /** @hide */ @UnsupportedAppUsage public static final int OP_BLUETOOTH_SCAN = 77; /** @hide Use the face authentication API. */ public static final int OP_USE_FACE = 78; /** @hide Use the BiometricPrompt/BiometricManager APIs. */ public static final int OP_USE_BIOMETRIC = 78; /** @hide */ @UnsupportedAppUsage public static final int _NUM_OP = 79; Loading Loading @@ -678,8 +678,8 @@ public class AppOpsManager { /** @hide */ public static final String OPSTR_BLUETOOTH_SCAN = "android:bluetooth_scan"; /** @hide Use the face authentication API. */ public static final String OPSTR_USE_FACE = "android:use_face"; /** @hide Use the BiometricPrompt/BiometricManager APIs. */ public static final String OPSTR_USE_BIOMETRIC = "android:use_biometric"; // Warning: If an permission is added here it also has to be added to // com.android.packageinstaller.permission.utils.EventLogger Loading Loading @@ -818,7 +818,7 @@ public class AppOpsManager { OP_MANAGE_IPSEC_TUNNELS, // MANAGE_IPSEC_HANDOVERS OP_START_FOREGROUND, // START_FOREGROUND OP_COARSE_LOCATION, // BLUETOOTH_SCAN OP_USE_FACE, // FACE OP_USE_BIOMETRIC, // BIOMETRIC }; /** Loading Loading @@ -903,7 +903,7 @@ public class AppOpsManager { OPSTR_MANAGE_IPSEC_TUNNELS, OPSTR_START_FOREGROUND, OPSTR_BLUETOOTH_SCAN, OPSTR_USE_FACE, OPSTR_USE_BIOMETRIC, }; /** Loading Loading @@ -989,7 +989,7 @@ public class AppOpsManager { "MANAGE_IPSEC_TUNNELS", "START_FOREGROUND", "BLUETOOTH_SCAN", "USE_FACE", "USE_BIOMETRIC", }; /** Loading Loading @@ -1163,7 +1163,7 @@ public class AppOpsManager { null, // MANAGE_IPSEC_TUNNELS null, // START_FOREGROUND null, // maybe should be UserManager.DISALLOW_SHARE_LOCATION, //BLUETOOTH_SCAN null, // USE_FACE null, // USE_BIOMETRIC }; /** Loading Loading @@ -1249,7 +1249,7 @@ public class AppOpsManager { false, // MANAGE_IPSEC_HANDOVERS false, // START_FOREGROUND true, // BLUETOOTH_SCAN false, // USE_FACE false, // USE_BIOMETRIC }; /** Loading Loading @@ -1334,7 +1334,7 @@ public class AppOpsManager { AppOpsManager.MODE_ERRORED, // MANAGE_IPSEC_TUNNELS AppOpsManager.MODE_ALLOWED, // OP_START_FOREGROUND AppOpsManager.MODE_ALLOWED, // OP_BLUETOOTH_SCAN AppOpsManager.MODE_ALLOWED, // USE_FACE AppOpsManager.MODE_ALLOWED, // USE_BIOMETRIC }; /** Loading Loading @@ -1423,7 +1423,7 @@ public class AppOpsManager { false, // MANAGE_IPSEC_TUNNELS false, // START_FOREGROUND false, // BLUETOOTH_SCAN false, // USE_FACE false, // USE_BIOMETRIC }; /** Loading core/java/android/hardware/biometrics/BiometricManager.java +1 −1 Original line number Diff line number Diff line Loading @@ -48,7 +48,7 @@ public class BiometricManager { @RequiresPermission(USE_BIOMETRIC) public boolean hasEnrolledBiometrics() { try { return mService.hasEnrolledBiometrics(); return mService.hasEnrolledBiometrics(mContext.getOpPackageName()); } catch (RemoteException e) { return false; } Loading core/java/android/hardware/biometrics/IBiometricService.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -38,5 +38,5 @@ interface IBiometricService { void cancelAuthentication(IBinder token, String opPackageName); // Returns true if the user has at least one enrolled biometric. boolean hasEnrolledBiometrics(); boolean hasEnrolledBiometrics(String opPackageName); } No newline at end of file services/core/java/com/android/server/biometrics/BiometricService.java +13 −4 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ package com.android.server.biometrics; import static android.Manifest.permission.USE_BIOMETRIC; import static android.Manifest.permission.USE_FINGERPRINT; import android.app.AppOpsManager; import android.content.Context; import android.content.pm.PackageManager; import android.hardware.biometrics.BiometricAuthenticator; Loading Loading @@ -80,6 +81,7 @@ public class BiometricService extends SystemService { BIOMETRIC_FACE }; private final AppOpsManager mAppOps; private final Handler mHandler; private final boolean mHasFeatureFingerprint; private final boolean mHasFeatureIris; Loading Loading @@ -200,14 +202,20 @@ public class BiometricService extends SystemService { } @Override // Binder call public boolean hasEnrolledBiometrics() { public boolean hasEnrolledBiometrics(String opPackageName) { checkPermission(); boolean hasEnrolled = false; if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, Binder.getCallingUid(), opPackageName) != AppOpsManager.MODE_ALLOWED) { Slog.w(TAG, "Rejecting " + opPackageName + "; permission denied"); throw new SecurityException("Permission denied"); } final long ident = Binder.clearCallingIdentity(); boolean hasEnrolled = false; try { // Note: On devices with multi-modal authentication, the selection logic will need to // be updated. // Note: On devices with multi-modal authentication, the selection logic will need // to be updated. for (int i = 0; i < mAuthenticators.size(); i++) { if (mAuthenticators.get(i).getAuthenticator().hasEnrolledTemplates()) { hasEnrolled = true; Loading Loading @@ -241,6 +249,7 @@ public class BiometricService extends SystemService { public BiometricService(Context context) { super(context); mAppOps = context.getSystemService(AppOpsManager.class); mHandler = new Handler(Looper.getMainLooper()); final PackageManager pm = context.getPackageManager(); Loading services/core/java/com/android/server/biometrics/BiometricServiceBase.java +5 −6 Original line number Diff line number Diff line Loading @@ -84,7 +84,6 @@ public abstract class BiometricServiceBase extends SystemService private final Context mContext; private final String mKeyguardPackage; private final AppOpsManager mAppOps; private final SparseBooleanArray mTimedLockoutCleared; private final SparseIntArray mFailedAttempts; private final IActivityTaskManager mActivityTaskManager; Loading @@ -102,6 +101,7 @@ public abstract class BiometricServiceBase extends SystemService Collections.synchronizedMap(new HashMap<>()); protected final ResetFailedAttemptsForUserRunnable mResetFailedAttemptsForCurrentUserRunnable = new ResetFailedAttemptsForUserRunnable(); protected final AppOpsManager mAppOps; protected final H mHandler = new H(); private ClientMonitor mCurrentClient; Loading Loading @@ -206,11 +206,9 @@ public abstract class BiometricServiceBase extends SystemService protected abstract void checkUseBiometricPermission(); /** * @return Returns one of the {@link AppOpsManager} constants which pertains to the specific * biometric service. * Checks if the caller passes the app ops check */ protected abstract int getAppOp(); protected abstract boolean checkAppOps(int uid, String opPackageName); /** * Notifies clients of any change in the biometric state (active / idle). This is mainly for Loading Loading @@ -822,10 +820,11 @@ public abstract class BiometricServiceBase extends SystemService Slog.w(getTag(), "Rejecting " + opPackageName + "; not a current user or profile"); return false; } if (mAppOps.noteOp(getAppOp(), uid, opPackageName) != AppOpsManager.MODE_ALLOWED) { if (!checkAppOps(uid, opPackageName)) { Slog.w(getTag(), "Rejecting " + opPackageName + "; permission denied"); return false; } if (requireForeground && !(isForegroundActivity(uid, pid) || isCurrentClient( opPackageName))) { Slog.w(getTag(), "Rejecting " + opPackageName + "; not in foreground"); Loading Loading
core/java/android/app/AppOpsManager.java +11 −11 Original line number Diff line number Diff line Loading @@ -429,8 +429,8 @@ public class AppOpsManager { /** @hide */ @UnsupportedAppUsage public static final int OP_BLUETOOTH_SCAN = 77; /** @hide Use the face authentication API. */ public static final int OP_USE_FACE = 78; /** @hide Use the BiometricPrompt/BiometricManager APIs. */ public static final int OP_USE_BIOMETRIC = 78; /** @hide */ @UnsupportedAppUsage public static final int _NUM_OP = 79; Loading Loading @@ -678,8 +678,8 @@ public class AppOpsManager { /** @hide */ public static final String OPSTR_BLUETOOTH_SCAN = "android:bluetooth_scan"; /** @hide Use the face authentication API. */ public static final String OPSTR_USE_FACE = "android:use_face"; /** @hide Use the BiometricPrompt/BiometricManager APIs. */ public static final String OPSTR_USE_BIOMETRIC = "android:use_biometric"; // Warning: If an permission is added here it also has to be added to // com.android.packageinstaller.permission.utils.EventLogger Loading Loading @@ -818,7 +818,7 @@ public class AppOpsManager { OP_MANAGE_IPSEC_TUNNELS, // MANAGE_IPSEC_HANDOVERS OP_START_FOREGROUND, // START_FOREGROUND OP_COARSE_LOCATION, // BLUETOOTH_SCAN OP_USE_FACE, // FACE OP_USE_BIOMETRIC, // BIOMETRIC }; /** Loading Loading @@ -903,7 +903,7 @@ public class AppOpsManager { OPSTR_MANAGE_IPSEC_TUNNELS, OPSTR_START_FOREGROUND, OPSTR_BLUETOOTH_SCAN, OPSTR_USE_FACE, OPSTR_USE_BIOMETRIC, }; /** Loading Loading @@ -989,7 +989,7 @@ public class AppOpsManager { "MANAGE_IPSEC_TUNNELS", "START_FOREGROUND", "BLUETOOTH_SCAN", "USE_FACE", "USE_BIOMETRIC", }; /** Loading Loading @@ -1163,7 +1163,7 @@ public class AppOpsManager { null, // MANAGE_IPSEC_TUNNELS null, // START_FOREGROUND null, // maybe should be UserManager.DISALLOW_SHARE_LOCATION, //BLUETOOTH_SCAN null, // USE_FACE null, // USE_BIOMETRIC }; /** Loading Loading @@ -1249,7 +1249,7 @@ public class AppOpsManager { false, // MANAGE_IPSEC_HANDOVERS false, // START_FOREGROUND true, // BLUETOOTH_SCAN false, // USE_FACE false, // USE_BIOMETRIC }; /** Loading Loading @@ -1334,7 +1334,7 @@ public class AppOpsManager { AppOpsManager.MODE_ERRORED, // MANAGE_IPSEC_TUNNELS AppOpsManager.MODE_ALLOWED, // OP_START_FOREGROUND AppOpsManager.MODE_ALLOWED, // OP_BLUETOOTH_SCAN AppOpsManager.MODE_ALLOWED, // USE_FACE AppOpsManager.MODE_ALLOWED, // USE_BIOMETRIC }; /** Loading Loading @@ -1423,7 +1423,7 @@ public class AppOpsManager { false, // MANAGE_IPSEC_TUNNELS false, // START_FOREGROUND false, // BLUETOOTH_SCAN false, // USE_FACE false, // USE_BIOMETRIC }; /** Loading
core/java/android/hardware/biometrics/BiometricManager.java +1 −1 Original line number Diff line number Diff line Loading @@ -48,7 +48,7 @@ public class BiometricManager { @RequiresPermission(USE_BIOMETRIC) public boolean hasEnrolledBiometrics() { try { return mService.hasEnrolledBiometrics(); return mService.hasEnrolledBiometrics(mContext.getOpPackageName()); } catch (RemoteException e) { return false; } Loading
core/java/android/hardware/biometrics/IBiometricService.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -38,5 +38,5 @@ interface IBiometricService { void cancelAuthentication(IBinder token, String opPackageName); // Returns true if the user has at least one enrolled biometric. boolean hasEnrolledBiometrics(); boolean hasEnrolledBiometrics(String opPackageName); } No newline at end of file
services/core/java/com/android/server/biometrics/BiometricService.java +13 −4 Original line number Diff line number Diff line Loading @@ -19,6 +19,7 @@ package com.android.server.biometrics; import static android.Manifest.permission.USE_BIOMETRIC; import static android.Manifest.permission.USE_FINGERPRINT; import android.app.AppOpsManager; import android.content.Context; import android.content.pm.PackageManager; import android.hardware.biometrics.BiometricAuthenticator; Loading Loading @@ -80,6 +81,7 @@ public class BiometricService extends SystemService { BIOMETRIC_FACE }; private final AppOpsManager mAppOps; private final Handler mHandler; private final boolean mHasFeatureFingerprint; private final boolean mHasFeatureIris; Loading Loading @@ -200,14 +202,20 @@ public class BiometricService extends SystemService { } @Override // Binder call public boolean hasEnrolledBiometrics() { public boolean hasEnrolledBiometrics(String opPackageName) { checkPermission(); boolean hasEnrolled = false; if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, Binder.getCallingUid(), opPackageName) != AppOpsManager.MODE_ALLOWED) { Slog.w(TAG, "Rejecting " + opPackageName + "; permission denied"); throw new SecurityException("Permission denied"); } final long ident = Binder.clearCallingIdentity(); boolean hasEnrolled = false; try { // Note: On devices with multi-modal authentication, the selection logic will need to // be updated. // Note: On devices with multi-modal authentication, the selection logic will need // to be updated. for (int i = 0; i < mAuthenticators.size(); i++) { if (mAuthenticators.get(i).getAuthenticator().hasEnrolledTemplates()) { hasEnrolled = true; Loading Loading @@ -241,6 +249,7 @@ public class BiometricService extends SystemService { public BiometricService(Context context) { super(context); mAppOps = context.getSystemService(AppOpsManager.class); mHandler = new Handler(Looper.getMainLooper()); final PackageManager pm = context.getPackageManager(); Loading
services/core/java/com/android/server/biometrics/BiometricServiceBase.java +5 −6 Original line number Diff line number Diff line Loading @@ -84,7 +84,6 @@ public abstract class BiometricServiceBase extends SystemService private final Context mContext; private final String mKeyguardPackage; private final AppOpsManager mAppOps; private final SparseBooleanArray mTimedLockoutCleared; private final SparseIntArray mFailedAttempts; private final IActivityTaskManager mActivityTaskManager; Loading @@ -102,6 +101,7 @@ public abstract class BiometricServiceBase extends SystemService Collections.synchronizedMap(new HashMap<>()); protected final ResetFailedAttemptsForUserRunnable mResetFailedAttemptsForCurrentUserRunnable = new ResetFailedAttemptsForUserRunnable(); protected final AppOpsManager mAppOps; protected final H mHandler = new H(); private ClientMonitor mCurrentClient; Loading Loading @@ -206,11 +206,9 @@ public abstract class BiometricServiceBase extends SystemService protected abstract void checkUseBiometricPermission(); /** * @return Returns one of the {@link AppOpsManager} constants which pertains to the specific * biometric service. * Checks if the caller passes the app ops check */ protected abstract int getAppOp(); protected abstract boolean checkAppOps(int uid, String opPackageName); /** * Notifies clients of any change in the biometric state (active / idle). This is mainly for Loading Loading @@ -822,10 +820,11 @@ public abstract class BiometricServiceBase extends SystemService Slog.w(getTag(), "Rejecting " + opPackageName + "; not a current user or profile"); return false; } if (mAppOps.noteOp(getAppOp(), uid, opPackageName) != AppOpsManager.MODE_ALLOWED) { if (!checkAppOps(uid, opPackageName)) { Slog.w(getTag(), "Rejecting " + opPackageName + "; permission denied"); return false; } if (requireForeground && !(isForegroundActivity(uid, pid) || isCurrentClient( opPackageName))) { Slog.w(getTag(), "Rejecting " + opPackageName + "; not in foreground"); Loading
