Loading core/java/android/hardware/biometrics/BiometricManager.java +15 −1 Original line number Diff line number Diff line Loading @@ -33,6 +33,7 @@ import android.annotation.TestApi; import android.content.Context; import android.os.IBinder; import android.os.RemoteException; import android.os.UserHandle; import android.security.keystore.KeyProperties; import android.util.Slog; Loading Loading @@ -556,9 +557,22 @@ public class BiometricManager { * @hide */ public long[] getAuthenticatorIds() { return getAuthenticatorIds(UserHandle.getCallingUserId()); } /** * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known * in Keystore land as SIDs, and are used during key generation. * * @param userId Android user ID for user to look up. * * @hide */ public long[] getAuthenticatorIds(int userId) { if (mService != null) { try { return mService.getAuthenticatorIds(); return mService.getAuthenticatorIds(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading core/java/android/hardware/biometrics/IAuthService.aidl +3 −1 Original line number Diff line number Diff line Loading @@ -67,7 +67,9 @@ interface IAuthService { // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. long[] getAuthenticatorIds(); // If userId is not equal to the calling user ID, the caller must have the // USE_BIOMETRIC_INTERNAL permission. long[] getAuthenticatorIds(in int userId); // See documentation in BiometricManager. void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId, int userId, Loading services/core/java/com/android/server/biometrics/AuthService.java +6 −2 Original line number Diff line number Diff line Loading @@ -337,7 +337,7 @@ public class AuthService extends SystemService { } @Override public long[] getAuthenticatorIds() throws RemoteException { public long[] getAuthenticatorIds(int userId) throws RemoteException { // In this method, we're not checking whether the caller is permitted to use face // API because current authenticator ID is leaked (in a more contrived way) via Android // Keystore (android.security.keystore package): the user of that API can create a key Loading @@ -355,9 +355,13 @@ public class AuthService extends SystemService { // method from inside app processes. final int callingUserId = UserHandle.getCallingUserId(); if (userId != callingUserId) { getContext().enforceCallingOrSelfPermission(USE_BIOMETRIC_INTERNAL, "Must have " + USE_BIOMETRIC_INTERNAL + " permission."); } final long identity = Binder.clearCallingIdentity(); try { return mBiometricService.getAuthenticatorIds(callingUserId); return mBiometricService.getAuthenticatorIds(userId); } finally { Binder.restoreCallingIdentity(identity); } Loading Loading
core/java/android/hardware/biometrics/BiometricManager.java +15 −1 Original line number Diff line number Diff line Loading @@ -33,6 +33,7 @@ import android.annotation.TestApi; import android.content.Context; import android.os.IBinder; import android.os.RemoteException; import android.os.UserHandle; import android.security.keystore.KeyProperties; import android.util.Slog; Loading Loading @@ -556,9 +557,22 @@ public class BiometricManager { * @hide */ public long[] getAuthenticatorIds() { return getAuthenticatorIds(UserHandle.getCallingUserId()); } /** * Get a list of AuthenticatorIDs for biometric authenticators which have 1) enrolled templates, * and 2) meet the requirements for integrating with Keystore. The AuthenticatorIDs are known * in Keystore land as SIDs, and are used during key generation. * * @param userId Android user ID for user to look up. * * @hide */ public long[] getAuthenticatorIds(int userId) { if (mService != null) { try { return mService.getAuthenticatorIds(); return mService.getAuthenticatorIds(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading
core/java/android/hardware/biometrics/IAuthService.aidl +3 −1 Original line number Diff line number Diff line Loading @@ -67,7 +67,9 @@ interface IAuthService { // Get a list of AuthenticatorIDs for authenticators which have enrolled templates and meet // the requirements for integrating with Keystore. The AuthenticatorID are known in Keystore // land as SIDs, and are used during key generation. long[] getAuthenticatorIds(); // If userId is not equal to the calling user ID, the caller must have the // USE_BIOMETRIC_INTERNAL permission. long[] getAuthenticatorIds(in int userId); // See documentation in BiometricManager. void resetLockoutTimeBound(IBinder token, String opPackageName, int fromSensorId, int userId, Loading
services/core/java/com/android/server/biometrics/AuthService.java +6 −2 Original line number Diff line number Diff line Loading @@ -337,7 +337,7 @@ public class AuthService extends SystemService { } @Override public long[] getAuthenticatorIds() throws RemoteException { public long[] getAuthenticatorIds(int userId) throws RemoteException { // In this method, we're not checking whether the caller is permitted to use face // API because current authenticator ID is leaked (in a more contrived way) via Android // Keystore (android.security.keystore package): the user of that API can create a key Loading @@ -355,9 +355,13 @@ public class AuthService extends SystemService { // method from inside app processes. final int callingUserId = UserHandle.getCallingUserId(); if (userId != callingUserId) { getContext().enforceCallingOrSelfPermission(USE_BIOMETRIC_INTERNAL, "Must have " + USE_BIOMETRIC_INTERNAL + " permission."); } final long identity = Binder.clearCallingIdentity(); try { return mBiometricService.getAuthenticatorIds(callingUserId); return mBiometricService.getAuthenticatorIds(userId); } finally { Binder.restoreCallingIdentity(identity); } Loading
