Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c4bbfd14 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Clear identity when checking strongauth flags 

Fixes: 161557889
Fixes: 161566755

Test: atest FingerprintManagerTest
Test: AccessibilityFingerprintGestureTest#testGestureDetectionListener_whenAuthenticationStartsAndStops_calledBack

Merged-In: Icb273fc0cf2ce1891550130539c0b2e6e788b533
Change-Id: I9ebed8adc401fc745f581c8e0fe38c3790dd5fb6
parent d24084e9

services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java

+16 −7
Original line number Diff line number Diff line
@@ -247,14 +247,23 @@ public class FingerprintService extends BiometricServiceBase { 
        public void authenticate(final IBinder token, final long opId, final int userId,

                final IFingerprintServiceReceiver receiver, final int flags,

                final String opPackageName) {

            if (Utils.isUserEncryptedOrLockdown(mLockPatternUtils, userId)

                    && Utils.isKeyguard(getContext(), opPackageName)) {

            // Keyguard check must be done on the caller's binder identity, since it also checks

            // permission.

            final boolean isKeyguard = Utils.isKeyguard(getContext(), opPackageName);



            // Clear calling identity when checking LockPatternUtils for StrongAuth flags.

            final long identity = Binder.clearCallingIdentity();

            try {

                if (isKeyguard && Utils.isUserEncryptedOrLockdown(mLockPatternUtils, userId)) {

                    // If this happens, something in KeyguardUpdateMonitor is wrong.

                    // SafetyNet for b/79776455

                    EventLog.writeEvent(0x534e4554, "79776455");

                    Slog.e(TAG, "Authenticate invoked when user is encrypted or lockdown");

                    return;

                }

            } finally {

                Binder.restoreCallingIdentity(identity);

            }



            updateActiveGroup(userId, opPackageName);

            final boolean restricted = isRestricted();