5/n: Remove requireConfirmation round trip (f6c1ae32) · Commits · e / os / android_frameworks_base

core/java/android/hardware/biometrics/IBiometricSensorReceiver.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -22,7 +22,7 @@ package android.hardware.biometrics;
		oneway interface IBiometricSensorReceiver {
		// Notify BiometricService that authentication was successful. If user confirmation is required,
		// the auth token must be submitted into KeyStore.
		void onAuthenticationSucceeded(int sensorId, boolean requireConfirmation, in byte[] token);
		void onAuthenticationSucceeded(int sensorId, in byte[] token);
		// Notify BiometricService authentication was rejected.
		void onAuthenticationFailed();
		// Notify BiometricService than an error has occured. Forward to the correct receiver depending

core/java/android/hardware/biometrics/IBiometricService.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -57,7 +57,7 @@ interface IBiometricService {

		// Notify BiometricService when <Biometric>Service is ready to start the prepared client.
		// Client lifecycle is still managed in <Biometric>Service.
		void onReadyForAuthentication(int cookie, boolean requireConfirmation);
		void onReadyForAuthentication(int cookie);

		// Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)
		void resetLockout(in byte [] token);

services/core/java/com/android/server/biometrics/AuthSession.java

+23 −6

Original line number	Diff line number	Diff line
		@@ -184,9 +184,7 @@ final class AuthSession {
		private void setSensorsToStateWaitingForCookie() throws RemoteException {
		for (BiometricSensor sensor : mPreAuthInfo.eligibleSensors) {
		final int cookie = mRandom.nextInt(Integer.MAX_VALUE - 1) + 1;
		final boolean requireConfirmation = sensor.confirmationSupported()
		&& (sensor.confirmationAlwaysRequired(mUserId)
		\|\| mPreAuthInfo.confirmationRequested);
		final boolean requireConfirmation = isConfirmationRequired(sensor);
		sensor.goToStateWaitingForCookie(requireConfirmation, mToken, mOperationId,
		mUserId, mSensorReceiver, mOpPackageName, cookie, mCallingUid, mCallingPid,
		mCallingUserId);
		@@ -219,7 +217,7 @@ final class AuthSession {
		}
		}

		void onCookieReceived(int cookie, boolean requireConfirmation) {
		void onCookieReceived(int cookie) {
		for (BiometricSensor sensor : mPreAuthInfo.eligibleSensors) {
		sensor.goToStateCookieReturnedIfCookieMatches(cookie);
		}
		@@ -228,9 +226,11 @@ final class AuthSession {
		mStartTimeMs = System.currentTimeMillis();
		startAllPreparedSensors();

		// No need to request the UI if we're coming from the paused state
		// No need to request the UI if we're coming from the paused state.
		if (mState != STATE_AUTH_PAUSED_RESUMING) {
		try {
		// If any sensor requires confirmation, request it to be shown.
		final boolean requireConfirmation = isConfirmationRequiredByAnyEligibleSensor();
		final @BiometricAuthenticator.Modality int modality =
		getEligibleModalities();
		mStatusBarService.showAuthenticationDialog(mBundle,
		@@ -248,6 +248,21 @@ final class AuthSession {
		}
		}

		private boolean isConfirmationRequired(BiometricSensor sensor) {
		return sensor.confirmationSupported()
		&& (sensor.confirmationAlwaysRequired(mUserId)
		\|\| mPreAuthInfo.confirmationRequested);
		}

		private boolean isConfirmationRequiredByAnyEligibleSensor() {
		for (BiometricSensor sensor : mPreAuthInfo.eligibleSensors) {
		if (isConfirmationRequired(sensor)) {
		return true;
		}
		}
		return false;
		}

		private void startAllPreparedSensors() {
		for (BiometricSensor sensor : mPreAuthInfo.eligibleSensors) {
		try {
		@@ -406,7 +421,7 @@ final class AuthSession {
		}
		}

		void onAuthenticationSucceeded(int sensorId, boolean requireConfirmation, boolean strong,
		void onAuthenticationSucceeded(int sensorId, boolean strong,
		byte[] token) {
		if (strong) {
		mTokenEscrow = token;
		@@ -421,6 +436,8 @@ final class AuthSession {
		// the implicit/explicit state and will react accordingly.
		mStatusBarService.onBiometricAuthenticated();

		final boolean requireConfirmation = isConfirmationRequiredByAnyEligibleSensor();

		if (!requireConfirmation) {
		mState = STATE_AUTHENTICATED_PENDING_SYSUI;
		} else {

services/core/java/com/android/server/biometrics/AuthenticationClient.java

+1 −6

Original line number	Diff line number	Diff line
		@@ -109,10 +109,6 @@ public abstract class AuthenticationClient extends ClientMonitor {
		return getCookie() != 0;
		}

		public boolean getRequireConfirmation() {
		return mRequireConfirmation;
		}

		@Override
		protected boolean isCryptoOperation() {
		return mOpId != 0;
		@@ -178,8 +174,7 @@ public abstract class AuthenticationClient extends ClientMonitor {
		}
		if (isBiometricPrompt() && listener != null) {
		// BiometricService will add the token to keystore
		listener.onAuthenticationSucceededInternal(getSensorId(),
		mRequireConfirmation, byteToken);
		listener.onAuthenticationSucceededInternal(getSensorId(), byteToken);
		} else if (!isBiometricPrompt() && listener != null) {
		if (isStrongBiometric()) {
		KeyStore.getInstance().addAuthToken(byteToken);

services/core/java/com/android/server/biometrics/BiometricService.java

+9 −17

Original line number	Diff line number	Diff line
		@@ -17,7 +17,6 @@
		package com.android.server.biometrics;

		import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;
		import static android.hardware.biometrics.BiometricAuthenticator.TYPE_NONE;
		import static android.hardware.biometrics.BiometricManager.Authenticators;

		import android.annotation.Nullable;
		@@ -127,8 +126,7 @@ public class BiometricService extends SystemService {
		SomeArgs args = (SomeArgs) msg.obj;
		handleAuthenticationSucceeded(
		args.argi1 /* sensorId */,
		(boolean) args.arg1 /* requireConfirmation */,
		(byte[]) args.arg2 /* token */);
		(byte[]) args.arg1 /* token */);
		args.recycle();
		break;
		}
		@@ -171,8 +169,7 @@ public class BiometricService extends SystemService {
		case MSG_ON_READY_FOR_AUTHENTICATION: {
		SomeArgs args = (SomeArgs) msg.obj;
		handleOnReadyForAuthentication(
		args.argi1 /* cookie */,
		(boolean) args.arg1 /* requireConfirmation */);
		args.argi1 /* cookie */);
		args.recycle();
		break;
		}
		@@ -378,12 +375,11 @@ public class BiometricService extends SystemService {
		@VisibleForTesting
		final IBiometricSensorReceiver mBiometricSensorReceiver = new IBiometricSensorReceiver.Stub() {
		@Override
		public void onAuthenticationSucceeded(int sensorId, boolean requireConfirmation,
		public void onAuthenticationSucceeded(int sensorId,
		byte[] token) {
		SomeArgs args = SomeArgs.obtain();
		args.argi1 = sensorId;
		args.arg1 = requireConfirmation;
		args.arg2 = token;
		args.arg1 = token;
		mHandler.obtainMessage(MSG_ON_AUTHENTICATION_SUCCEEDED, args).sendToTarget();
		}

		@@ -458,12 +454,11 @@ public class BiometricService extends SystemService {
		*/
		private final class BiometricServiceWrapper extends IBiometricService.Stub {
		@Override // Binder call
		public void onReadyForAuthentication(int cookie, boolean requireConfirmation) {
		public void onReadyForAuthentication(int cookie) {
		checkInternalPermission();

		SomeArgs args = SomeArgs.obtain();
		args.argi1 = cookie;
		args.arg1 = requireConfirmation;
		mHandler.obtainMessage(MSG_ON_READY_FOR_AUTHENTICATION, args).sendToTarget();
		}

		@@ -928,8 +923,7 @@ public class BiometricService extends SystemService {
		return modality;
		}

		private void handleAuthenticationSucceeded(int sensorId, boolean requireConfirmation,
		byte[] token) {
		private void handleAuthenticationSucceeded(int sensorId, byte[] token) {
		Slog.v(TAG, "handleAuthenticationSucceeded(), sensorId: " + sensorId);
		// Should never happen, log this to catch bad HAL behavior (e.g. auth succeeded
		// after user dismissed/canceled dialog).
		@@ -938,8 +932,7 @@ public class BiometricService extends SystemService {
		return;
		}

		mCurrentAuthSession.onAuthenticationSucceeded(sensorId, requireConfirmation,
		isStrongBiometric(sensorId), token);
		mCurrentAuthSession.onAuthenticationSucceeded(sensorId, isStrongBiometric(sensorId), token);
		}

		private void handleAuthenticationRejected() {
		@@ -1050,7 +1043,7 @@ public class BiometricService extends SystemService {
		* Invoked when each service has notified that its client is ready to be started. When
		* all biometrics are ready, this invokes the SystemUI dialog through StatusBar.
		*/
		private void handleOnReadyForAuthentication(int cookie, boolean requireConfirmation) {
		private void handleOnReadyForAuthentication(int cookie) {
		if (mCurrentAuthSession == null) {
		// Only should happen if a biometric was locked out when authenticate() was invoked.
		// In that case, if device credentials are allowed, the UI is already showing. If not
		@@ -1059,8 +1052,7 @@ public class BiometricService extends SystemService {
		return;
		}

		// TODO: RequireConfirmation does not need to exist in <Biometric>Services
		mCurrentAuthSession.onCookieReceived(cookie, requireConfirmation);
		mCurrentAuthSession.onCookieReceived(cookie);
		}

		private void handleAuthenticate(IBinder token, long operationId, int userId,