Add much needed logging for face auth challenge / lockout path (be67ce0d) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/biometrics/BiometricService.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -965,6 +965,11 @@ public class BiometricService extends SystemService {
		}
		}

		Slog.d(TAG, "checkAndGetBiometricModality: user=" + userId
		+ " isHardwareDetected=" + isHardwareDetected
		+ " hasTemplatesEnrolled=" + hasTemplatesEnrolled
		+ " enabledForApps=" + enabledForApps);

		// Check error conditions
		if (!isHardwareDetected) {
		return new Pair<>(TYPE_NONE, BiometricConstants.BIOMETRIC_ERROR_HW_UNAVAILABLE);

services/core/java/com/android/server/biometrics/BiometricServiceBase.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -1090,6 +1090,8 @@ public abstract class BiometricServiceBase extends SystemService
		if (DEBUG) Slog.v(getTag(), "starting client "
		+ mCurrentClient.getClass().getSuperclass().getSimpleName()
		+ "(" + mCurrentClient.getOwnerString() + ")"
		+ " targetUserId: " + mCurrentClient.getTargetUserId()
		+ " currentUserId: " + mCurrentUserId
		+ " cookie: " + cookie + "/" + mCurrentClient.getCookie());
		if (cookie != mCurrentClient.getCookie()) {
		Slog.e(getTag(), "Mismatched cookie");

services/core/java/com/android/server/biometrics/face/FaceService.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -480,6 +480,8 @@ public class FaceService extends BiometricServiceBase {
		return;
		}

		Slog.d(TAG, "Resetting lockout for user: " + mCurrentUserId);

		try {
		mDaemonWrapper.resetLockout(token);
		} catch (RemoteException e) {

services/core/java/com/android/server/locksettings/LockSettingsService.java

+7 −4

Original line number	Diff line number	Diff line
		@@ -2493,7 +2493,11 @@ public class LockSettingsService extends ILockSettings.Stub {
		private VerifyCredentialResponse spBasedDoVerifyCredential(byte[] userCredential,
		@CredentialType int credentialType, boolean hasChallenge, long challenge, int userId,
		ICheckCredentialProgressCallback progressCallback) throws RemoteException {
		if (DEBUG) Slog.d(TAG, "spBasedDoVerifyCredential: user=" + userId);

		final boolean hasEnrolledBiometrics = mInjector.hasEnrolledBiometrics();

		Slog.d(TAG, "spBasedDoVerifyCredential: user=" + userId + " hasChallenge=" + hasChallenge
		+ " hasEnrolledBiometrics=" + hasEnrolledBiometrics);
		if (credentialType == CREDENTIAL_TYPE_NONE) {
		userCredential = null;
		}
		@@ -2503,7 +2507,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		// we need to generate challenge for each one, have it signed by GK and reset lockout
		// for each modality.
		if (!hasChallenge && pm.hasSystemFeature(PackageManager.FEATURE_FACE)
		&& mInjector.hasEnrolledBiometrics()) {
		&& hasEnrolledBiometrics) {
		challenge = mContext.getSystemService(FaceManager.class).generateChallenge();
		}

		@@ -2546,9 +2550,8 @@ public class LockSettingsService extends ILockSettings.Stub {
		notifyActivePasswordMetricsAvailable(credentialType, userCredential, userId);
		unlockKeystore(authResult.authToken.deriveKeyStorePassword(), userId);
		// Reset lockout only if user has enrolled templates
		if (mInjector.hasEnrolledBiometrics()) {
		if (hasEnrolledBiometrics) {
		BiometricManager bm = mContext.getSystemService(BiometricManager.class);
		Slog.i(TAG, "Resetting lockout, length: " + response.getPayload().length);
		bm.resetLockout(response.getPayload());

		if (!hasChallenge && pm.hasSystemFeature(PackageManager.FEATURE_FACE)) {