Make face auth ineligible when camera access is disabled

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.biometrics;

/**

 * Interface for biometric operations to get camera privacy state.

 */

public interface BiometricSensorPrivacy {

    /* Returns true if privacy is enabled and camera access is disabled. */

    boolean isCameraPrivacyEnabled();

}

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.biometrics;

import static android.hardware.SensorPrivacyManager.Sensors.CAMERA;

import android.annotation.Nullable;

import android.hardware.SensorPrivacyManager;

public class BiometricSensorPrivacyImpl implements

        BiometricSensorPrivacy {

    private final SensorPrivacyManager mSensorPrivacyManager;

    public BiometricSensorPrivacyImpl(@Nullable SensorPrivacyManager sensorPrivacyManager) {

        mSensorPrivacyManager = sensorPrivacyManager;

    }

    @Override

    public boolean isCameraPrivacyEnabled() {

        return mSensorPrivacyManager != null && mSensorPrivacyManager

                .isSensorPrivacyEnabled(SensorPrivacyManager.TOGGLE_TYPE_SOFTWARE, CAMERA);

    }

}

import android.content.pm.PackageManager;

import android.content.pm.UserInfo;

import android.database.ContentObserver;

import android.hardware.SensorPrivacyManager;

import android.hardware.biometrics.BiometricAuthenticator;

import android.hardware.biometrics.BiometricConstants;

import android.hardware.biometrics.BiometricPrompt;

    AuthSession mAuthSession;

    private final Handler mHandler = new Handler(Looper.getMainLooper());

    private final BiometricSensorPrivacy mBiometricSensorPrivacy;

    /**

     * Tracks authenticatorId invalidation. For more details, see

     * {@link com.android.server.biometrics.sensors.InvalidationRequesterClient}.

        return PreAuthInfo.create(mTrustManager, mDevicePolicyManager, mSettingObserver, mSensors,

                userId, promptInfo, opPackageName, false /* checkDevicePolicyManager */,

                getContext());

                getContext(), mBiometricSensorPrivacy);

    }

    /**

        public UserManager getUserManager(Context context) {

            return context.getSystemService(UserManager.class);

        }

        public BiometricSensorPrivacy getBiometricSensorPrivacy(Context context) {

            return new BiometricSensorPrivacyImpl(context.getSystemService(

                    SensorPrivacyManager.class));

        }

    }

    /**

        mRequestCounter = mInjector.getRequestGenerator();

        mBiometricContext = injector.getBiometricContext(context);

        mUserManager = injector.getUserManager(context);

        mBiometricSensorPrivacy = injector.getBiometricSensorPrivacy(context);

        try {

            injector.getActivityManagerService().registerUserSwitchObserver(

                final PreAuthInfo preAuthInfo = PreAuthInfo.create(mTrustManager,

                        mDevicePolicyManager, mSettingObserver, mSensors, userId, promptInfo,

                        opPackageName, promptInfo.isDisallowBiometricsIfPolicyExists(),

                        getContext());

                        getContext(), mBiometricSensorPrivacy);

                final Pair<Integer, Integer> preAuthStatus = preAuthInfo.getPreAuthenticateStatus();

                        + promptInfo.isIgnoreEnrollmentState());

                // BIOMETRIC_ERROR_SENSOR_PRIVACY_ENABLED is added so that BiometricPrompt can

                // be shown for this case.

                if (preAuthStatus.second == BiometricConstants.BIOMETRIC_SUCCESS

                        || preAuthStatus.second

                        == BiometricConstants.BIOMETRIC_ERROR_SENSOR_PRIVACY_ENABLED) {

                if (preAuthStatus.second == BiometricConstants.BIOMETRIC_SUCCESS) {

                    // If BIOMETRIC_WEAK or BIOMETRIC_STRONG are allowed, but not enrolled, but

                    // CREDENTIAL is requested and available, set the bundle to only request

                    // CREDENTIAL.

import android.app.admin.DevicePolicyManager;

import android.app.trust.ITrustManager;

import android.content.Context;

import android.hardware.SensorPrivacyManager;

import android.hardware.biometrics.BiometricAuthenticator;

import android.hardware.biometrics.BiometricManager;

import android.hardware.biometrics.PromptInfo;

    final Context context;

    private final boolean mBiometricRequested;

    private final int mBiometricStrengthRequested;

    private final BiometricSensorPrivacy mBiometricSensorPrivacy;

    private PreAuthInfo(boolean biometricRequested, int biometricStrengthRequested,

            boolean credentialRequested, List<BiometricSensor> eligibleSensors,

            List<Pair<BiometricSensor, Integer>> ineligibleSensors, boolean credentialAvailable,

            boolean confirmationRequested, boolean ignoreEnrollmentState, int userId,

            Context context) {

            Context context, BiometricSensorPrivacy biometricSensorPrivacy) {

        mBiometricRequested = biometricRequested;

        mBiometricStrengthRequested = biometricStrengthRequested;

        mBiometricSensorPrivacy = biometricSensorPrivacy;

        this.credentialRequested = credentialRequested;

        this.eligibleSensors = eligibleSensors;

            BiometricService.SettingObserver settingObserver,

            List<BiometricSensor> sensors,

            int userId, PromptInfo promptInfo, String opPackageName,

            boolean checkDevicePolicyManager, Context context)

            boolean checkDevicePolicyManager, Context context,

            BiometricSensorPrivacy biometricSensorPrivacy)

            throws RemoteException {

        final boolean confirmationRequested = promptInfo.isConfirmationRequested();

                        checkDevicePolicyManager, requestedStrength,

                        promptInfo.getAllowedSensorIds(),

                        promptInfo.isIgnoreEnrollmentState(),

                        context);

                        biometricSensorPrivacy);

                Slog.d(TAG, "Package: " + opPackageName

                        + " Sensor ID: " + sensor.id

                //

                // Note: if only a certain sensor is required and the privacy is enabled,

                // canAuthenticate() will return false.

                if (status == AUTHENTICATOR_OK || status == BIOMETRIC_SENSOR_PRIVACY_ENABLED) {

                if (status == AUTHENTICATOR_OK) {

                    eligibleSensors.add(sensor);

                } else {

                    ineligibleSensors.add(new Pair<>(sensor, status));

        return new PreAuthInfo(biometricRequested, requestedStrength, credentialRequested,

                eligibleSensors, ineligibleSensors, credentialAvailable, confirmationRequested,

                promptInfo.isIgnoreEnrollmentState(), userId, context);

                promptInfo.isIgnoreEnrollmentState(), userId, context, biometricSensorPrivacy);

    }

    /**

            BiometricSensor sensor, int userId, String opPackageName,

            boolean checkDevicePolicyManager, int requestedStrength,

            @NonNull List<Integer> requestedSensorIds,

            boolean ignoreEnrollmentState, Context context) {

            boolean ignoreEnrollmentState, BiometricSensorPrivacy biometricSensorPrivacy) {

        if (!requestedSensorIds.isEmpty() && !requestedSensorIds.contains(sensor.id)) {

            return BIOMETRIC_NO_HARDWARE;

                    && !ignoreEnrollmentState) {

                return BIOMETRIC_NOT_ENROLLED;

            }

            final SensorPrivacyManager sensorPrivacyManager = context

                    .getSystemService(SensorPrivacyManager.class);

            if (sensorPrivacyManager != null && sensor.modality == TYPE_FACE) {

                if (sensorPrivacyManager

                        .isSensorPrivacyEnabled(SensorPrivacyManager.Sensors.CAMERA, userId)) {

            if (biometricSensorPrivacy != null && sensor.modality == TYPE_FACE) {

                if (biometricSensorPrivacy.isCameraPrivacyEnabled()) {

                    //Camera privacy is enabled as the access is disabled

                    return BIOMETRIC_SENSOR_PRIVACY_ENABLED;

                }

            }

        @AuthenticatorStatus final int status;

        @BiometricAuthenticator.Modality int modality = TYPE_NONE;

        final SensorPrivacyManager sensorPrivacyManager = context

                .getSystemService(SensorPrivacyManager.class);

        boolean cameraPrivacyEnabled = false;

        if (sensorPrivacyManager != null) {

            cameraPrivacyEnabled = sensorPrivacyManager

                    .isSensorPrivacyEnabled(SensorPrivacyManager.Sensors.CAMERA, userId);

        if (mBiometricSensorPrivacy != null) {

            cameraPrivacyEnabled = mBiometricSensorPrivacy.isCameraPrivacyEnabled();

        }

        if (mBiometricRequested && credentialRequested) {

                    // and the face sensor privacy is enabled then return

                    // BIOMETRIC_SENSOR_PRIVACY_ENABLED.

                    //

                    // Note: This sensor will still be eligible for calls to authenticate.

                    // Note: This sensor will not be eligible for calls to authenticate.

                    status = BIOMETRIC_SENSOR_PRIVACY_ENABLED;

                } else {

                    status = AUTHENTICATOR_OK;

                    // If the only modality requested is face and the privacy is enabled

                    // then return BIOMETRIC_SENSOR_PRIVACY_ENABLED.

                    //

                    // Note: This sensor will still be eligible for calls to authenticate.

                    // Note: This sensor will not be eligible for calls to authenticate.

                    status = BIOMETRIC_SENSOR_PRIVACY_ENABLED;

                } else {

                    status = AUTHENTICATOR_OK;

    @Mock private KeyStore mKeyStore;

    @Mock private AuthSession.ClientDeathReceiver mClientDeathReceiver;

    @Mock private BiometricFrameworkStatsLogger mBiometricFrameworkStatsLogger;

    @Mock BiometricSensorPrivacy mBiometricSensorPrivacy;

    private Random mRandom;

    private IBinder mToken;

                promptInfo,

                TEST_PACKAGE,

                checkDevicePolicyManager,

                mContext);

                mContext,

                mBiometricSensorPrivacy);

    }

    private AuthSession createAuthSession(List<BiometricSensor> sensors,