Merge "Add test API for AuthenticationPolicyManager CTS tests" into main

}

package android.security.authenticationpolicy {

  @FlaggedApi("android.security.secure_lockdown") public final class AuthenticationPolicyManager {

    method @FlaggedApi("android.security.secure_lock_device") @RequiresPermission(android.Manifest.permission.TEST_BIOMETRIC) public void setSecureLockDeviceTestStatus(boolean);

  }

}

package android.security.keystore {

  public static final class KeyGenParameterSpec.Builder {

import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE;

import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;

import static android.hardware.biometrics.Flags.FLAG_IDENTITY_CHECK_WATCH;

import static android.Manifest.permission.TEST_BIOMETRIC;

import static android.security.Flags.FLAG_SECURE_LOCKDOWN;

import static android.security.Flags.FLAG_SECURE_LOCK_DEVICE;

import android.annotation.RequiresPermission;

import android.annotation.SystemApi;

import android.annotation.SystemService;

import android.annotation.TestApi;

import android.content.Context;

import android.os.Binder;

import android.os.Build;

        }

    }

    /**

     * Sets test mode for Secure Lock Device. This allows tests to indicate that security features

     * that would interfere with testing (disabling ADB, USB) should be skipped.

     * @hide

     */

    @TestApi

    @RequiresPermission(TEST_BIOMETRIC)

    @FlaggedApi(FLAG_SECURE_LOCK_DEVICE)

    public void setSecureLockDeviceTestStatus(boolean isTestMode) {

        try {

            Slog.d(TAG, "#setTestModeForSecureLockDevice(isTestMode=" + isTestMode + ")");

            mAuthenticationPolicyService.setSecureLockDeviceTestStatus(isTestMode);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }

    /**

     * This function will start watch ranging for Identity Check. We will remove specific

     * Identity Check implementation when this is generalized.

    @EnforcePermission("MANAGE_SECURE_LOCK_DEVICE")

    void unregisterSecureLockDeviceStatusListener(in ISecureLockDeviceStatusListener listener);

    @EnforcePermission("TEST_BIOMETRIC")

    void setSecureLockDeviceTestStatus(boolean isTestMode);

    @EnforcePermission("USE_BIOMETRIC_INTERNAL")

    void startWatchRangingForIdentityCheck(in long authenticationRequestId, in IProximityResultCallback resultCallback);

    <!-- Allows access to TestApis for various components in the biometric stack, including

         FingerprintService, FaceService, BiometricService. Used by com.android.server.biometrics

         CTS tests. @hide @TestApi -->

         CTS tests. Also allows access to TestApis for Secure Lock Device, which are used by

         android.security.authenticationpolicy CTS tests.

         @hide @TestApi

     -->

    <permission android:name="android.permission.TEST_BIOMETRIC"

        android:protectionLevel="signature" />

import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;

import static android.Manifest.permission.MANAGE_SECURE_LOCK_DEVICE;

import static android.Manifest.permission.TEST_BIOMETRIC;

import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;

import static android.security.Flags.disableAdaptiveAuthCounterLock;

import static android.security.Flags.failedAuthLockToggle;

            }

        }

        /**

         * @see AuthenticationPolicyManager#setSecureLockDeviceTestStatus(boolean)

         * @param isTestMode boolean indicating whether to enable test mode for secure lock device

         */

        @Override

        @EnforcePermission(TEST_BIOMETRIC)

        public void setSecureLockDeviceTestStatus(boolean isTestMode) {

            setSecureLockDeviceTestStatus_enforcePermission();

            mSecureLockDeviceService.setSecureLockDeviceTestStatus(isTestMode);

        }

        @Override

        @EnforcePermission(USE_BIOMETRIC_INTERNAL)

        public void startWatchRangingForIdentityCheck(long authenticationRequestId,