Fingerprints: allow devices to restrict 3rd party access (e4cb8d8f) · Commits · e / os / android_frameworks_base

core/res/res/values/cm_symbols.xml

+4 −0

Original line number	Diff line number	Diff line
		@@ -153,4 +153,8 @@
		<java-symbol type="drawable" name="stat_notify_protected" />
		<java-symbol type="string" name="notify_package_component_protected_title" />
		<java-symbol type="string" name="notify_package_component_protected_text" />

		<!-- Restricted fingerprint config -->
		<java-symbol type="bool" name="config_fingerprintRestrictedToSystemAndOwner" />

		</resources>

core/res/res/values/config.xml

+4 −0

Original line number	Diff line number	Diff line
		@@ -2393,6 +2393,10 @@
		<!-- Keyguard component -->
		<string name="config_keyguardComponent" translatable="false">com.android.systemui/com.android.systemui.keyguard.KeyguardService</string>

		<!-- Set to true to disallow 3rd party apps access to the fingerprint reader, for older
		hardware compatibility. This also disables fingerprints for secondary users. -->
		<bool name="config_fingerprintRestrictedToSystemAndOwner">false</bool>

		<!-- For performance and storage reasons, limit the number of fingerprints per user -->
		<integer name="config_fingerprintMaxTemplatesPerUser">5</integer>

services/core/java/com/android/server/fingerprint/FingerprintService.java

+19 −1

Original line number	Diff line number	Diff line
		@@ -19,7 +19,6 @@ package com.android.server.fingerprint;
		import android.Manifest;
		import android.app.ActivityManager;
		import android.app.ActivityManager.RunningAppProcessInfo;
		import android.app.ActivityManager.RunningTaskInfo;
		import android.app.ActivityManagerNative;
		import android.app.AlarmManager;
		import android.app.AppOpsManager;
		@@ -30,6 +29,7 @@ import android.content.BroadcastReceiver;
		import android.content.Context;
		import android.content.Intent;
		import android.content.IntentFilter;
		import android.content.pm.ApplicationInfo;
		import android.content.pm.PackageManager;
		import android.content.pm.UserInfo;
		import android.hardware.fingerprint.IFingerprintServiceLockoutResetCallback;
		@@ -143,12 +143,15 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
		resetFailedAttempts();
		}
		};
		private boolean mFingerprintManagerRestrictedToSystemAndOwner;

		public FingerprintService(Context context) {
		super(context);
		mContext = context;
		mKeyguardPackage = ComponentName.unflattenFromString(context.getResources().getString(
		com.android.internal.R.string.config_keyguardComponent)).getPackageName();
		mFingerprintManagerRestrictedToSystemAndOwner = mContext.getResources().getBoolean(
		com.android.internal.R.bool.config_fingerprintRestrictedToSystemAndOwner);
		mAppOps = context.getSystemService(AppOpsManager.class);
		mPowerManager = mContext.getSystemService(PowerManager.class);
		mAlarmManager = mContext.getSystemService(AlarmManager.class);
		@@ -582,6 +585,21 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
		Slog.w(TAG, "Rejecting " + opPackageName + " ; not in foreground");
		return false;
		}
		if (mFingerprintManagerRestrictedToSystemAndOwner) {
		try {
		ApplicationInfo ai = mContext.getPackageManager()
		.getApplicationInfo(opPackageName, PackageManager.GET_META_DATA);
		if (ai != null && ai.isSystemApp() && Binder.getCallingUserHandle().isOwner()) {
		return true;
		}
		Slog.w(TAG, "Rejecting " + opPackageName
		+ "(uid: " + uid + ") ; fingerprint restricted to system apps.");
		} catch (PackageManager.NameNotFoundException e) {
		Slog.e(TAG, opPackageName + " package not found, not allowing fingerprint access.");
		return false;
		}
		return false;
		}
		return true;
		}