Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dbaecba4 authored by Kevin Chyn's avatar Kevin Chyn
Browse files

Require permission check when caller's package name is keyguard 

Fixes: 128598130

Test: Auth on keyguard, auth on BiometricPromptDemo
Change-Id: Ib6395a33c74c24c7ac7eaf1f10ee5f69946568e5
parent 24e9073b

services/core/java/com/android/server/biometrics/BiometricServiceBase.java

+6 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server.biometrics;



import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;

import static android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREGROUND_SERVICE;



import android.app.ActivityManager;
@@ -1211,6 +1212,11 @@ public abstract class BiometricServiceBase extends SystemService 
     * @return authenticator id for the calling user

     */

    protected long getAuthenticatorId(String opPackageName) {

        if (isKeyguard(opPackageName)) {

            // If an app tells us it's keyguard, check that it actually is.

            checkPermission(USE_BIOMETRIC_INTERNAL);

        }



        final int userId = getUserOrWorkProfileId(opPackageName, UserHandle.getCallingUserId());

        return mAuthenticatorIds.getOrDefault(userId, 0L);

    }