Merge "Add BiometricManager.getLastAuthenticationTime()" into main

  public class BiometricManager {

    method @Deprecated @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public int canAuthenticate();

    method @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public int canAuthenticate(int);

    method @FlaggedApi("android.hardware.biometrics.last_authentication_time") @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public long getLastAuthenticationTime(int);

    method @NonNull @RequiresPermission(android.Manifest.permission.USE_BIOMETRIC) public android.hardware.biometrics.BiometricManager.Strings getStrings(int);

    field public static final int BIOMETRIC_ERROR_HW_UNAVAILABLE = 1; // 0x1

    field public static final int BIOMETRIC_ERROR_NONE_ENROLLED = 11; // 0xb

    field public static final int BIOMETRIC_ERROR_NO_HARDWARE = 12; // 0xc

    field public static final int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED = 15; // 0xf

    field @FlaggedApi("android.hardware.biometrics.last_authentication_time") public static final long BIOMETRIC_NO_AUTHENTICATION = -1L; // 0xffffffffffffffffL

    field public static final int BIOMETRIC_SUCCESS = 0; // 0x0

  }

    field public static final int BIOMETRIC_ERROR_UNABLE_TO_PROCESS = 2; // 0x2

    field public static final int BIOMETRIC_ERROR_USER_CANCELED = 10; // 0xa

    field public static final int BIOMETRIC_ERROR_VENDOR = 8; // 0x8

    field @FlaggedApi("android.hardware.biometrics.last_authentication_time") public static final long BIOMETRIC_NO_AUTHENTICATION = -1L; // 0xffffffffffffffffL

  }

  public abstract static class BiometricPrompt.AuthenticationCallback {

import static android.hardware.biometrics.BiometricManager.Authenticators;

import android.annotation.FlaggedApi;

import android.annotation.IntDef;

import android.compat.annotation.UnsupportedAppUsage;

import android.os.Build;

    @Retention(RetentionPolicy.SOURCE)

    @IntDef({BIOMETRIC_LOCKOUT_NONE, BIOMETRIC_LOCKOUT_TIMED, BIOMETRIC_LOCKOUT_PERMANENT})

    @interface LockoutMode {}

    //

    // Other miscellaneous constants

    //

    /**

     * Returned from {@link BiometricManager#getLastAuthenticationTime(int)} when there has

     * been no successful authentication for the given authenticator since boot.

     */

    @FlaggedApi(Flags.FLAG_LAST_AUTHENTICATION_TIME)

    long BIOMETRIC_NO_AUTHENTICATION = -1;

}

import static com.android.internal.util.FrameworkStatsLog.AUTH_DEPRECATED_APIUSED__DEPRECATED_API__API_BIOMETRIC_MANAGER_CAN_AUTHENTICATE;

import android.annotation.ElapsedRealtimeLong;

import android.annotation.FlaggedApi;

import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.SystemApi;

import android.annotation.SystemService;

import android.annotation.TestApi;

import android.app.KeyguardManager;

import android.content.Context;

import android.os.IBinder;

import android.os.RemoteException;

    public static final int BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED =

            BiometricConstants.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED;

    /**

     * Returned from {@link BiometricManager#getLastAuthenticationTime(int)} when no matching

     * successful authentication has been performed since boot.

     */

    @FlaggedApi(Flags.FLAG_LAST_AUTHENTICATION_TIME)

    public static final long BIOMETRIC_NO_AUTHENTICATION =

            BiometricConstants.BIOMETRIC_NO_AUTHENTICATION;

    private static final int GET_LAST_AUTH_TIME_ALLOWED_AUTHENTICATORS =

            Authenticators.DEVICE_CREDENTIAL | Authenticators.BIOMETRIC_STRONG;

    /**

     * @hide

     */

        }

    }

    /**

     * Gets the last time the user successfully authenticated using one of the given authenticators.

     * The returned value is time in

     * {@link android.os.SystemClock#elapsedRealtime SystemClock.elapsedRealtime()} (time since

     * boot, including sleep).

     * <p>

     * {@link BiometricManager#BIOMETRIC_NO_AUTHENTICATION} is returned in the case where there

     * has been no successful authentication using any of the given authenticators since boot.

     * <p>

     * Currently, only {@link Authenticators#DEVICE_CREDENTIAL} and

     * {@link Authenticators#BIOMETRIC_STRONG} are accepted. {@link IllegalArgumentException} will

     * be thrown if {@code authenticators} contains other authenticator types.

     * <p>

     * Note that this may return successful authentication times even if the device is currently

     * locked. You may use {@link KeyguardManager#isDeviceLocked()} to determine if the device

     * is unlocked or not. Additionally, this method may return valid times for an authentication

     * method that is no longer available. For instance, if the user unlocked the device with a

     * {@link Authenticators#BIOMETRIC_STRONG} authenticator but then deleted that authenticator

     * (e.g., fingerprint data), this method will still return the time of that unlock for

     * {@link Authenticators#BIOMETRIC_STRONG} if it is the most recent successful event. The caveat

     * is that {@link BiometricManager#BIOMETRIC_NO_AUTHENTICATION} will be returned if the device

     * no longer has a secure lock screen at all, even if there were successful authentications

     * performed before the lock screen was made insecure.

     *

     * @param authenticators bit field consisting of constants defined in {@link Authenticators}.

     * @return the time of last authentication or

     * {@link BiometricManager#BIOMETRIC_NO_AUTHENTICATION}

     * @throws IllegalArgumentException if {@code authenticators} contains values other than

     * {@link Authenticators#DEVICE_CREDENTIAL} and {@link Authenticators#BIOMETRIC_STRONG} or is

     * 0.

     */

    @RequiresPermission(USE_BIOMETRIC)

    @ElapsedRealtimeLong

    @FlaggedApi(Flags.FLAG_LAST_AUTHENTICATION_TIME)

    public long getLastAuthenticationTime(

            @BiometricManager.Authenticators.Types int authenticators) {

        if (authenticators == 0

                || (GET_LAST_AUTH_TIME_ALLOWED_AUTHENTICATORS & authenticators) != authenticators) {

            throw new IllegalArgumentException(

                    "Only BIOMETRIC_STRONG and DEVICE_CREDENTIAL authenticators may be used.");

        }

        if (mService != null) {

            try {

                return mService.getLastAuthenticationTime(UserHandle.myUserId(), authenticators);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        } else {

            return BIOMETRIC_NO_AUTHENTICATION;

        }

    }

}

    // Checks if biometrics can be used.

    int canAuthenticate(String opPackageName, int userId, int authenticators);

    // Gets the time of last authentication for the given user and authenticators.

    long getLastAuthenticationTime(int userId, int authenticators);

    // Checks if any biometrics are enrolled.

    boolean hasEnrolledBiometrics(int userId, String opPackageName);

    @EnforcePermission("USE_BIOMETRIC_INTERNAL")

    int canAuthenticate(String opPackageName, int userId, int callingUserId, int authenticators);

    // Gets the time of last authentication for the given user and authenticators.

    @EnforcePermission("USE_BIOMETRIC_INTERNAL")

    long getLastAuthenticationTime(int userId, int authenticators);

    // Checks if any biometrics are enrolled.

    @EnforcePermission("USE_BIOMETRIC_INTERNAL")

    boolean hasEnrolledBiometrics(int userId, String opPackageName);