Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 43d978bd authored by Joe Bolinger's avatar Joe Bolinger
Browse files

Fix back navigation in biometric enrollment. 

Using the back buttons can cause a crash in at least two cases. Skipping
face enrollment and then starting/stopping any enrollment can lead to
an invalid token and failed HAT request. Backing out of the activity and
restarting it can also lead to using a stale token that fails.

Fix: 179336333
Test: manual on device
Change-Id: I0c1133e4c3d9c97997043ddc9374aa3cfc4f1c97
parent cc28a082

src/com/android/settings/biometrics/BiometricEnrollActivity.java

+4 −5
Original line number Diff line number Diff line
@@ -211,8 +211,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { 
                case REQUEST_CHOOSE_LOCK:

                    mConfirmingCredentials = false;

                    if (resultCode == ChooseLockPattern.RESULT_FINISHED) {

                        mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);

                        startMultiBiometricEnroll();

                        startMultiBiometricEnroll(data);

                    } else {

                        Log.d(TAG, "Unknown result for chooseLock: " + resultCode);

                        setResult(resultCode);
@@ -222,8 +221,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { 
                case REQUEST_CONFIRM_LOCK:

                    mConfirmingCredentials = false;

                    if (resultCode == RESULT_OK) {

                        mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);

                        startMultiBiometricEnroll();

                        startMultiBiometricEnroll(data);

                    } else {

                        Log.d(TAG, "Unknown result for confirmLock: " + resultCode);

                        finish();
@@ -283,7 +281,8 @@ public class BiometricEnrollActivity extends InstrumentedActivity { 
        }

    }



    private void startMultiBiometricEnroll() {

    private void startMultiBiometricEnroll(Intent data) {

        mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);

        mMultiBiometricEnrollHelper = new MultiBiometricEnrollHelper(this, mUserId,

                mIsFaceEnrollable, mIsFingerprintEnrollable, mGkPwHandle);

        mMultiBiometricEnrollHelper.startNextStep();

src/com/android/settings/biometrics/BiometricUtils.java

+8 −3
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ import androidx.annotation.Nullable; 
import androidx.fragment.app.FragmentActivity;



import com.android.internal.widget.LockPatternUtils;

import com.android.internal.widget.VerifyCredentialResponse;

import com.android.settings.R;

import com.android.settings.SetupWizardUtils;

import com.android.settings.biometrics.fingerprint.FingerprintEnrollFindSensor;
@@ -72,8 +73,12 @@ public class BiometricUtils { 
    public static byte[] requestGatekeeperHat(@NonNull Context context, long gkPwHandle, int userId,

            long challenge) {

        final LockPatternUtils utils = new LockPatternUtils(context);

        return utils.verifyGatekeeperPasswordHandle(gkPwHandle, challenge, userId)

                .getGatekeeperHAT();

        final VerifyCredentialResponse response = utils.verifyGatekeeperPasswordHandle(gkPwHandle,

                challenge, userId);

        if (!response.isMatched()) {

            throw new IllegalStateException("Unable to request Gatekeeper HAT");

        }

        return response.getGatekeeperHAT();

    }



    public static boolean containsGatekeeperPasswordHandle(@Nullable Intent data) {
@@ -190,7 +195,7 @@ public class BiometricUtils { 
                    hardwareAuthToken);

        }

        if (gkPwHandle != null) {

            intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, gkPwHandle);

            intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, (long) gkPwHandle);

        }



        if (activity instanceof BiometricEnrollActivity.InternalActivity) {

src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java

+4 −2
Original line number Diff line number Diff line
@@ -77,12 +77,14 @@ public class MultiBiometricEnrollHelper { 


            if (mRequestEnrollFingerprint) {

                // Give FaceEnroll a pendingIntent pointing to fingerprint enrollment, so that it

                // can be started when user skips or finishes face enrollment.

                // can be started when user skips or finishes face enrollment. FLAG_UPDATE_CURRENT

                // ensures it is launched with the most recent values.

                final Intent fpIntent = BiometricUtils.getFingerprintIntroIntent(mActivity,

                        mActivity.getIntent());

                fpIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, mGkPwHandle);

                final PendingIntent fpAfterFaceIntent = PendingIntent.getActivity(mActivity,

                        0 /* requestCode */, fpIntent, PendingIntent.FLAG_IMMUTABLE);

                        0 /* requestCode */, fpIntent,

                        PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT);

                faceIntent.putExtra(EXTRA_ENROLL_AFTER_FACE, fpAfterFaceIntent);

            }

src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java

+0 −3
Original line number Diff line number Diff line
@@ -114,9 +114,6 @@ public class FaceEnrollIntroduction extends BiometricEnrollIntroduction { 
                mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);

                mSensorId = sensorId;

                mChallenge = challenge;

                if (BiometricUtils.isMultiBiometricEnrollmentFlow(this)) {

                    BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());

                }

                mFooterBarMixin.getPrimaryButton().setEnabled(true);

            });

        }

src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java

+0 −1
Original line number Diff line number Diff line
@@ -85,7 +85,6 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase implements 
                mChallenge = challenge;

                mSensorId = sensorId;

                mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);

                BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());



                // Put this into the intent. This is really just to work around the fact that the

                // enrollment sidecar gets the HAT from the activity's intent, rather than having