Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f711aa38 authored by Jim Miller's avatar Jim Miller Committed by Android Git Automerger
Browse files

am 6f27127b: am 79d9219c: Merge "Only allow fingerprint auth for the current user" into mnc-dev 

* commit '6f27127b':
  Only allow fingerprint auth for the current user
parents 93be2e85 6f27127b

services/core/java/com/android/server/fingerprint/FingerprintService.java

+21 −2
Original line number Original line Diff line number Diff line
@@ -23,6 +23,7 @@ import android.app.IUserSwitchObserver; 
import android.content.ContentResolver;

import android.content.ContentResolver;

import android.content.Context;

import android.content.Context;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager;

import android.content.pm.UserInfo;

import android.os.Binder;

import android.os.Binder;

import android.os.Environment;

import android.os.Environment;

import android.os.Handler;

import android.os.Handler;
@@ -36,6 +37,7 @@ import android.os.SELinux; 
import android.os.ServiceManager;

import android.os.ServiceManager;

import android.os.SystemClock;

import android.os.SystemClock;

import android.os.UserHandle;

import android.os.UserHandle;

import android.os.UserManager;

import android.util.Slog;

import android.util.Slog;





import com.android.server.SystemService;

import com.android.server.SystemService;
@@ -418,9 +420,22 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe 
                "Must have " + permission + " permission.");

                "Must have " + permission + " permission.");

    }

    }





    boolean isCurrentUserOrProfile(int userId) {

        UserManager um = UserManager.get(mContext);



        // Allow current user or profiles of the current user...

        List<UserInfo> profiles = um.getEnabledProfiles(userId);

        final int n = profiles.size();

        for (int i = 0; i < n; i++) {

            if (profiles.get(i).id == userId) {

                return true;

            }

        }

        return false;

    }



    private boolean canUseFingerprint(String opPackageName) {

    private boolean canUseFingerprint(String opPackageName) {

        checkPermission(USE_FINGERPRINT);

        checkPermission(USE_FINGERPRINT);



        return mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, Binder.getCallingUid(),

        return mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, Binder.getCallingUid(),

                opPackageName) == AppOpsManager.MODE_ALLOWED;

                opPackageName) == AppOpsManager.MODE_ALLOWED;

    }

    }
@@ -664,8 +679,12 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe 
        public void authenticate(final IBinder token, final long opId, final int groupId,

        public void authenticate(final IBinder token, final long opId, final int groupId,

                final IFingerprintServiceReceiver receiver, final int flags,

                final IFingerprintServiceReceiver receiver, final int flags,

                final String opPackageName) {

                final String opPackageName) {



            if (!isCurrentUserOrProfile(UserHandle.getCallingUserId())) {

                Slog.w(TAG, "Can't authenticate non-current user");

                return;

            }

            if (!canUseFingerprint(opPackageName)) {

            if (!canUseFingerprint(opPackageName)) {

                Slog.w(TAG, "Calling not granted permission to use fingerprint");

                return;

                return;

            }

            }

            final boolean restricted = isRestricted();

            final boolean restricted = isRestricted();