Merge changes from topic "biometric-ui-credentials"

    public static final String ACTION_CONFIRM_FRP_CREDENTIAL =

            "android.app.action.CONFIRM_FRP_CREDENTIAL";

    /**

     * @hide

     */

    public static final String EXTRA_BIOMETRIC_PROMPT_BUNDLE =

            "android.app.extra.BIOMETRIC_PROMPT_BUNDLE";

    /**

     * A CharSequence dialog title to show to the user when used with a

     * {@link #ACTION_CONFIRM_DEVICE_CREDENTIAL}.

package android.hardware.biometrics;

/**

 * Communication channel between ConfirmDeviceCredential / ConfirmLock* and BiometricService.

 * Type of authenticators defined on a granularity that the BiometricManager / BiometricPrompt

 * supports.

 * @hide

 */

interface IBiometricConfirmDeviceCredentialCallback {

    // Invoked when authentication should be canceled.

    oneway void cancel();

public class Authenticator {

    /**

     * Device credential, e.g. Pin/Pattern/Password.

     */

    public static final int TYPE_CREDENTIAL = 1 << 0;

    /**

     * Encompasses all biometrics on the device, e.g. Fingerprint/Iris/Face.

     */

    public static final int TYPE_BIOMETRIC = 1 << 1;

}

        }

    }

    /**

     * TODO(b/123378871): Remove when moved.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void onConfirmDeviceCredentialSuccess() {

        if (mService != null) {

            try {

                mService.onConfirmDeviceCredentialSuccess();

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        } else {

            Slog.w(TAG, "onConfirmDeviceCredentialSuccess(): Service not connected");

        }

    }

    /**

     * TODO(b/123378871): Remove when moved.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void onConfirmDeviceCredentialError(int error, String message) {

        if (mService != null) {

            try {

                mService.onConfirmDeviceCredentialError(error, message);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        } else {

            Slog.w(TAG, "onConfirmDeviceCredentialError(): Service not connected");

        }

    }

    /**

     * TODO(b/123378871): Remove when moved.

     * @hide

     */

    @RequiresPermission(USE_BIOMETRIC_INTERNAL)

    public void registerCancellationCallback(IBiometricConfirmDeviceCredentialCallback callback) {

        if (mService != null) {

            try {

                mService.registerCancellationCallback(callback);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        } else {

            Slog.w(TAG, "registerCancellationCallback(): Service not connected");

        }

    }

}

     * @hide

     */

    public static final String KEY_DESCRIPTION = "description";

    /**

     * @hide

     */

    public static final String KEY_POSITIVE_TEXT = "positive_text";

    /**

     * @hide

     */

     */

    public static final String KEY_REQUIRE_CONFIRMATION = "require_confirmation";

    /**

     * This is deprecated. Internally we should use {@link #KEY_AUTHENTICATORS_ALLOWED}

     * @hide

     */

    public static final String KEY_ALLOW_DEVICE_CREDENTIAL = "allow_device_credential";

    /**

     * If this key is set, we will ignore {@link #KEY_ALLOW_DEVICE_CREDENTIAL}

     * @hide

     */

    public static final String KEY_FROM_CONFIRM_DEVICE_CREDENTIAL

            = "from_confirm_device_credential";

    public static final String KEY_AUTHENTICATORS_ALLOWED = "authenticators_allowed";

    /**

     * Error/help message will show for this amount of time.

    /**

     * @hide

     */

    public static final int DISMISSED_REASON_CONFIRMED = 1;

    public static final int DISMISSED_REASON_BIOMETRIC_CONFIRMED = 1;

    /**

     * Dialog is done animating away after user clicked on the button set via

     * Authenticated, confirmation not required. Dialog animated away.

     * @hide

     */

    public static final int DISMISSED_REASON_CONFIRM_NOT_REQUIRED = 4;

    public static final int DISMISSED_REASON_BIOMETRIC_CONFIRM_NOT_REQUIRED = 4;

    /**

     * Error message shown on SystemUI. When BiometricService receives this, the UI is already

     */

    public static final int DISMISSED_REASON_SERVER_REQUESTED = 6;

    /**

     * @hide

     */

    public static final int DISMISSED_REASON_CREDENTIAL_CONFIRMED = 7;

    private static class ButtonInfo {

        Executor executor;

        DialogInterface.OnClickListener listener;

            return this;

        }

        /**

         * Optional: Set the text for the positive button. If not set, the positive button

         * will not show.

         * @param text

         * @return

         * @hide

         */

        @NonNull public Builder setPositiveButton(@NonNull CharSequence text,

                @NonNull @CallbackExecutor Executor executor,

                @NonNull DialogInterface.OnClickListener listener) {

            if (TextUtils.isEmpty(text)) {

                throw new IllegalArgumentException("Text must be set and non-empty");

            }

            if (executor == null) {

                throw new IllegalArgumentException("Executor must not be null");

            }

            if (listener == null) {

                throw new IllegalArgumentException("Listener must not be null");

            }

            mBundle.putCharSequence(KEY_POSITIVE_TEXT, text);

            mPositiveButtonInfo = new ButtonInfo(executor, listener);

            return this;

        }

        /**

         * Required: Set the text for the negative button. This would typically be used as a

         * "Cancel" button, but may be also used to show an alternative method for authentication,

            return this;

        }

        /**

         * TODO(123378871): Remove when moved.

         * @return

         * @hide

         */

        @RequiresPermission(USE_BIOMETRIC_INTERNAL)

        @NonNull public Builder setFromConfirmDeviceCredential() {

            mBundle.putBoolean(KEY_FROM_CONFIRM_DEVICE_CREDENTIAL, true);

            return this;

        }

        /**

         * Creates a {@link BiometricPrompt}.

         * @return a {@link BiometricPrompt}

            final CharSequence title = mBundle.getCharSequence(KEY_TITLE);

            final CharSequence negative = mBundle.getCharSequence(KEY_NEGATIVE_TEXT);

            final boolean useDefaultTitle = mBundle.getBoolean(KEY_USE_DEFAULT_TITLE);

            final boolean enableFallback = mBundle.getBoolean(KEY_ALLOW_DEVICE_CREDENTIAL);

            final boolean allowCredential = mBundle.getBoolean(KEY_ALLOW_DEVICE_CREDENTIAL);

            final Object authenticatorsAllowed = mBundle.get(KEY_AUTHENTICATORS_ALLOWED);

            if (TextUtils.isEmpty(title) && !useDefaultTitle) {

                throw new IllegalArgumentException("Title must be set and non-empty");

            } else if (TextUtils.isEmpty(negative) && !enableFallback) {

            } else if (TextUtils.isEmpty(negative) && !allowCredential) {

                throw new IllegalArgumentException("Negative text must be set and non-empty");

            } else if (!TextUtils.isEmpty(negative) && enableFallback) {

            } else if (!TextUtils.isEmpty(negative) && allowCredential) {

                throw new IllegalArgumentException("Can't have both negative button behavior"

                        + " and device credential enabled");

            } else if (authenticatorsAllowed != null && allowCredential) {

                throw new IllegalArgumentException("setAuthenticatorsAllowed and"

                        + " setDeviceCredentialAllowed should not be used simultaneously");

            }

            return new BiometricPrompt(mContext, mBundle, mPositiveButtonInfo, mNegativeButtonInfo);

        }

        @Override

        public void onDialogDismissed(int reason) throws RemoteException {

            // Check the reason and invoke OnClickListener(s) if necessary

            if (reason == DISMISSED_REASON_CONFIRMED) {

            if (reason == DISMISSED_REASON_BIOMETRIC_CONFIRMED) {

                mPositiveButtonInfo.executor.execute(() -> {

                    mPositiveButtonInfo.listener.onClick(null, DialogInterface.BUTTON_POSITIVE);

                });

    public void authenticateUser(@NonNull CancellationSignal cancel,

            @NonNull @CallbackExecutor Executor executor,

            @NonNull AuthenticationCallback callback,

            int userId,

            IBiometricConfirmDeviceCredentialCallback confirmDeviceCredentialCallback) {

            int userId) {

        if (cancel == null) {

            throw new IllegalArgumentException("Must supply a cancellation signal");

        }

        if (callback == null) {

            throw new IllegalArgumentException("Must supply a callback");

        }

        authenticateInternal(null /* crypto */, cancel, executor, callback, userId,

                confirmDeviceCredentialCallback);

        authenticateInternal(null /* crypto */, cancel, executor, callback, userId);

    }

    /**

        if (mBundle.getBoolean(KEY_ALLOW_DEVICE_CREDENTIAL)) {

            throw new IllegalArgumentException("Device credential not supported with crypto");

        }

        authenticateInternal(crypto, cancel, executor, callback, mContext.getUserId(),

                null /* confirmDeviceCredentialCallback */);

        authenticateInternal(crypto, cancel, executor, callback, mContext.getUserId());

    }

    /**

        if (callback == null) {

            throw new IllegalArgumentException("Must supply a callback");

        }

        authenticateInternal(null /* crypto */, cancel, executor, callback, mContext.getUserId(),

                null /* confirmDeviceCredentialCallback */);

        authenticateInternal(null /* crypto */, cancel, executor, callback, mContext.getUserId());

    }

    private void cancelAuthentication() {

            @NonNull CancellationSignal cancel,

            @NonNull @CallbackExecutor Executor executor,

            @NonNull AuthenticationCallback callback,

            int userId,

            IBiometricConfirmDeviceCredentialCallback confirmDeviceCredentialCallback) {

            int userId) {

        try {

            if (cancel.isCanceled()) {

                Log.w(TAG, "Authentication already canceled");

            final long sessionId = crypto != null ? crypto.getOpId() : 0;

            if (BiometricManager.hasBiometrics(mContext)) {

                mService.authenticate(mToken, sessionId, userId, mBiometricServiceReceiver,

                        mContext.getOpPackageName(), mBundle, confirmDeviceCredentialCallback);

                        mContext.getOpPackageName(), mBundle);

            } else {

                mExecutor.execute(() -> {

                    callback.onAuthenticationError(BiometricPrompt.BIOMETRIC_ERROR_HW_NOT_PRESENT,

package android.hardware.biometrics;

import android.os.Bundle;

import android.hardware.biometrics.IBiometricConfirmDeviceCredentialCallback;

import android.hardware.biometrics.IBiometricEnabledOnKeyguardCallback;

import android.hardware.biometrics.IBiometricServiceReceiver;

interface IBiometricService {

    // Requests authentication. The service choose the appropriate biometric to use, and show

    // the corresponding BiometricDialog.

    // TODO(b/123378871): Remove callback when moved.

    void authenticate(IBinder token, long sessionId, int userId,

            IBiometricServiceReceiver receiver, String opPackageName, in Bundle bundle,

            IBiometricConfirmDeviceCredentialCallback callback);

            IBiometricServiceReceiver receiver, String opPackageName, in Bundle bundle);

    // Cancel authentication for the given sessionId

    void cancelAuthentication(IBinder token, String opPackageName);

    // Reset the lockout when user authenticates with strong auth (e.g. PIN, pattern or password)

    void resetLockout(in byte [] token);

    // TODO(b/123378871): Remove when moved.

    // CDCA needs to send results to BiometricService if it was invoked using BiometricPrompt's

    // setAllowDeviceCredential method, since there's no way for us to intercept onActivityResult.

    // CDCA is launched from BiometricService (startActivityAsUser) instead of *ForResult.

    void onConfirmDeviceCredentialSuccess();

    // TODO(b/123378871): Remove when moved.

    void onConfirmDeviceCredentialError(int error, String message);

    // TODO(b/123378871): Remove when moved.

    // When ConfirmLock* is invoked from BiometricPrompt, it needs to register a callback so that

    // it can receive the cancellation signal.

    void registerCancellationCallback(IBiometricConfirmDeviceCredentialCallback callback);

}