Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c52f8678 authored by Michal Karpinski's avatar Michal Karpinski
Browse files

Strong auth timeout for trust agents 

The fingerprint timeout tracking in KeyguardUpdateMonitor has been
extended with use of StrongAuthTracker.

Test: timeout will be CTS tested, testing of unlocking TBD
Bug: 29825955
Change-Id: I5cc49ef46631c412f2d1db88e68a308322b27027
parent 86829749

core/java/com/android/internal/widget/LockPatternUtils.java

+8 −1
Original line number Diff line number Diff line
@@ -1432,7 +1432,8 @@ public class LockPatternUtils { 
                        STRONG_AUTH_REQUIRED_AFTER_BOOT,

                        STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,

                        SOME_AUTH_REQUIRED_AFTER_USER_REQUEST,

                        STRONG_AUTH_REQUIRED_AFTER_LOCKOUT})

                        STRONG_AUTH_REQUIRED_AFTER_LOCKOUT,

                        STRONG_AUTH_REQUIRED_AFTER_TIMEOUT})

        @Retention(RetentionPolicy.SOURCE)

        public @interface StrongAuthFlags {}
@@ -1462,6 +1463,12 @@ public class LockPatternUtils { 
         */

        public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8;



        /**

         * Strong authentication is required because it hasn't been used for a time required by

         * a device admin.

         */

        public static final int STRONG_AUTH_REQUIRED_AFTER_TIMEOUT = 0x10;



        /**

         * Strong auth flags that do not prevent fingerprint from being accepted as auth.

         *

packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java

+6 −16
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ import static android.os.BatteryManager.EXTRA_MAX_CHARGING_CURRENT; 
import static android.os.BatteryManager.EXTRA_MAX_CHARGING_VOLTAGE;

import static android.os.BatteryManager.EXTRA_PLUGGED;

import static android.os.BatteryManager.EXTRA_STATUS;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_TIMEOUT;



import android.app.ActivityManager;

import android.app.AlarmManager;
@@ -191,8 +192,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
    // Password attempts

    private SparseIntArray mFailedAttempts = new SparseIntArray();



    /** Tracks whether strong authentication hasn't been used since quite some time per user. */

    private ArraySet<Integer> mStrongAuthNotTimedOut = new ArraySet<>();

    private final StrongAuthTracker mStrongAuthTracker;



    private final ArrayList<WeakReference<KeyguardUpdateMonitorCallback>>
@@ -209,6 +208,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
    private TrustManager mTrustManager;

    private UserManager mUserManager;

    private int mFingerprintRunningState = FINGERPRINT_STATE_STOPPED;

    private LockPatternUtils mLockPatternUtils;



    private final Handler mHandler = new Handler() {

        @Override
@@ -576,8 +576,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
    }



    public boolean isUnlockingWithFingerprintAllowed() {

        return mStrongAuthTracker.isUnlockingWithFingerprintAllowed()

                && !hasFingerprintUnlockTimedOut(sCurrentUser);

        return mStrongAuthTracker.isUnlockingWithFingerprintAllowed();

    }



    public boolean needsSlowUnlockTransition() {
@@ -588,16 +587,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
        return mStrongAuthTracker;

    }



    /**

     * @return true if the user hasn't use strong authentication (pattern, PIN, password) since a

     *         while and thus can't unlock with fingerprint, false otherwise

     */

    public boolean hasFingerprintUnlockTimedOut(int userId) {

        return !mStrongAuthNotTimedOut.contains(userId);

    }



    public void reportSuccessfulStrongAuthUnlockAttempt() {

        mStrongAuthNotTimedOut.add(sCurrentUser);

        scheduleStrongAuthTimeout();

        if (mFpm != null) {

            byte[] token = null; /* TODO: pass real auth token once fp HAL supports it */
@@ -738,7 +728,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
        public void onReceive(Context context, Intent intent) {

            if (ACTION_STRONG_AUTH_TIMEOUT.equals(intent.getAction())) {

                int userId = intent.getIntExtra(USER_ID, -1);

                mStrongAuthNotTimedOut.remove(userId);

                mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_TIMEOUT, userId);

                notifyStrongAuthStateChanged(userId);

            }

        }
@@ -1110,7 +1100,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
                PERMISSION_SELF, null /* handler */);

        mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);

        mTrustManager.registerTrustListener(this);

        new LockPatternUtils(context).registerStrongAuthTracker(mStrongAuthTracker);

        mLockPatternUtils = new LockPatternUtils(context);

        mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker);



        mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);

        updateFingerprintListeningState();
@@ -1837,7 +1828,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { 
            pw.println("    disabled(DPM)=" + isFingerprintDisabled(userId));

            pw.println("    possible=" + isUnlockWithFingerprintPossible(userId));

            pw.println("    strongAuthFlags=" + Integer.toHexString(strongAuthFlags));

            pw.println("    timedout=" + hasFingerprintUnlockTimedOut(userId));

            pw.println("    trustManaged=" + getUserTrustIsManaged(userId));

        }

    }

packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

+2 −1
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT; 
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_TIMEOUT;



import android.app.Activity;

import android.app.ActivityManager;
@@ -600,7 +601,7 @@ public class KeyguardViewMediator extends SystemUI { 


            if (any && !strongAuthTracker.hasUserAuthenticatedSinceBoot()) {

                return KeyguardSecurityView.PROMPT_REASON_RESTART;

            } else if (fingerprint && mUpdateMonitor.hasFingerprintUnlockTimedOut(currentUser)) {

            } else if (any && (strongAuth & STRONG_AUTH_REQUIRED_AFTER_TIMEOUT) != 0) {

                return KeyguardSecurityView.PROMPT_REASON_TIMEOUT;

            } else if (any && (strongAuth & STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW) != 0) {

                return KeyguardSecurityView.PROMPT_REASON_DEVICE_ADMIN;