Do not start biometric auth if encrypted or lockdown (fec0165e) · Commits · e / os / android_frameworks_base

packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java

+14 −8

Original line number	Diff line number	Diff line
		@@ -1903,6 +1903,12 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
		private boolean shouldListenForFingerprint() {
		final boolean allowedOnBouncer =
		!(mFingerprintLockedOut && mBouncer && mCredentialAttempted);
		final int user = getCurrentUser();
		final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user);
		final boolean isLockDown =
		containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
		\|\| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
		final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);

		// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
		// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
		@@ -1911,7 +1917,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
		shouldListenForFingerprintAssistant() \|\| (mKeyguardOccluded && mIsDreaming))
		&& !mSwitchingUser && !isFingerprintDisabled(getCurrentUser())
		&& (!mKeyguardGoingAway \|\| !mDeviceInteractive) && mIsPrimaryUser
		&& allowedOnBouncer;
		&& allowedOnBouncer && !isLockDown && !isEncrypted;
		return shouldListen;
		}

		@@ -1928,9 +1934,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
		final boolean isLockDown =
		containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
		\|\| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
		final boolean isEncryptedOrTimedOut =
		containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT)
		\|\| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);
		final boolean isEncrypted =
		containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);
		final boolean isTimedOut =
		containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);

		boolean canBypass = mKeyguardBypassController != null
		&& mKeyguardBypassController.canBypass();
		@@ -1939,10 +1946,9 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
		// TrustAgents or biometrics are keeping the device unlocked.
		boolean becauseCannotSkipBouncer = !getUserCanSkipBouncer(user) \|\| canBypass;

		// Scan even when encrypted or timeout to show a preemptive bouncer when bypassing.
		// Scan even when timeout to show a preemptive bouncer when bypassing.
		// Lock-down mode shouldn't scan, since it is more explicit.
		boolean strongAuthAllowsScanning = (!isEncryptedOrTimedOut \|\| canBypass && !mBouncer)
		&& !isLockDown;
		boolean strongAuthAllowsScanning = (!isTimedOut \|\| canBypass && !mBouncer);

		// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
		// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
		@@ -1952,7 +1958,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
		&& !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer
		&& !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed
		&& strongAuthAllowsScanning && mIsPrimaryUser
		&& !mSecureCameraLaunched;
		&& !mSecureCameraLaunched && !isLockDown && !isEncrypted;

		// Aggregate relevant fields for debug logging.
		if (DEBUG_FACE \|\| DEBUG_SPEW) {

packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java

+12 −8

Original line number	Diff line number	Diff line
		@@ -451,12 +451,6 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {
		verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
		}

		@Test
		public void requiresAuthentication_whenEncryptedKeyguard_andBypass() {
		testStrongAuthExceptOnBouncer(
		KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);
		}

		@Test
		public void requiresAuthentication_whenTimeoutKeyguard_andBypass() {
		testStrongAuthExceptOnBouncer(
		@@ -513,10 +507,20 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {

		@Test
		public void testIgnoresAuth_whenLockdown() {
		testIgnoresAuth(
		KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
		}

		@Test
		public void testIgnoresAuth_whenEncrypted() {
		testIgnoresAuth(
		KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);
		}

		private void testIgnoresAuth(int strongAuth) {
		mKeyguardUpdateMonitor.dispatchStartedWakingUp();
		mTestableLooper.processAllMessages();
		when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(
		KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
		when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(strongAuth);

		mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);
		verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());