Merge "Bind fingerprint when we start authentication - DO NOT MERGE" into mnc-dr-dev
This commit is contained in:
TreeHugger Robot
committed by
Android (Google) Code Review
Android (Google) Code Review
commit
02e9affa42
@@ -258,6 +258,7 @@ public class FingerprintManager {
|
|||||||
public static class AuthenticationResult {
|
public static class AuthenticationResult {
|
||||||
private Fingerprint mFingerprint;
|
private Fingerprint mFingerprint;
|
||||||
private CryptoObject mCryptoObject;
|
private CryptoObject mCryptoObject;
|
||||||
|
private int mUserId;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentication result
|
* Authentication result
|
||||||
@@ -266,9 +267,10 @@ public class FingerprintManager {
|
|||||||
* @param fingerprint the recognized fingerprint data, if allowed.
|
* @param fingerprint the recognized fingerprint data, if allowed.
|
||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint) {
|
public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint, int userId) {
|
||||||
mCryptoObject = crypto;
|
mCryptoObject = crypto;
|
||||||
mFingerprint = fingerprint;
|
mFingerprint = fingerprint;
|
||||||
|
mUserId = userId;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -285,6 +287,12 @@ public class FingerprintManager {
|
|||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
public Fingerprint getFingerprint() { return mFingerprint; }
|
public Fingerprint getFingerprint() { return mFingerprint; }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Obtain the userId for which this fingerprint was authenticated.
|
||||||
|
* @hide
|
||||||
|
*/
|
||||||
|
public int getUserId() { return mUserId; }
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -754,7 +762,7 @@ public class FingerprintManager {
|
|||||||
sendAcquiredResult((Long) msg.obj /* deviceId */, msg.arg1 /* acquire info */);
|
sendAcquiredResult((Long) msg.obj /* deviceId */, msg.arg1 /* acquire info */);
|
||||||
break;
|
break;
|
||||||
case MSG_AUTHENTICATION_SUCCEEDED:
|
case MSG_AUTHENTICATION_SUCCEEDED:
|
||||||
sendAuthenticatedSucceeded((Fingerprint) msg.obj);
|
sendAuthenticatedSucceeded((Fingerprint) msg.obj, msg.arg1 /* userId */);
|
||||||
break;
|
break;
|
||||||
case MSG_AUTHENTICATION_FAILED:
|
case MSG_AUTHENTICATION_FAILED:
|
||||||
sendAuthenticatedFailed();
|
sendAuthenticatedFailed();
|
||||||
@@ -799,9 +807,10 @@ public class FingerprintManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void sendAuthenticatedSucceeded(Fingerprint fp) {
|
private void sendAuthenticatedSucceeded(Fingerprint fp, int userId) {
|
||||||
if (mAuthenticationCallback != null) {
|
if (mAuthenticationCallback != null) {
|
||||||
final AuthenticationResult result = new AuthenticationResult(mCryptoObject, fp);
|
final AuthenticationResult result =
|
||||||
|
new AuthenticationResult(mCryptoObject, fp, userId);
|
||||||
mAuthenticationCallback.onAuthenticationSucceeded(result);
|
mAuthenticationCallback.onAuthenticationSucceeded(result);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -941,8 +950,8 @@ public class FingerprintManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override // binder call
|
@Override // binder call
|
||||||
public void onAuthenticationSucceeded(long deviceId, Fingerprint fp) {
|
public void onAuthenticationSucceeded(long deviceId, Fingerprint fp, int userId) {
|
||||||
mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, fp).sendToTarget();
|
mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, userId, 0, fp).sendToTarget();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override // binder call
|
@Override // binder call
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ import android.os.UserHandle;
|
|||||||
oneway interface IFingerprintServiceReceiver {
|
oneway interface IFingerprintServiceReceiver {
|
||||||
void onEnrollResult(long deviceId, int fingerId, int groupId, int remaining);
|
void onEnrollResult(long deviceId, int fingerId, int groupId, int remaining);
|
||||||
void onAcquired(long deviceId, int acquiredInfo);
|
void onAcquired(long deviceId, int acquiredInfo);
|
||||||
void onAuthenticationSucceeded(long deviceId, in Fingerprint fp);
|
void onAuthenticationSucceeded(long deviceId, in Fingerprint fp, int userId);
|
||||||
void onAuthenticationFailed(long deviceId);
|
void onAuthenticationFailed(long deviceId);
|
||||||
void onError(long deviceId, int error);
|
void onError(long deviceId, int error);
|
||||||
void onRemoved(long deviceId, int fingerId, int groupId);
|
void onRemoved(long deviceId, int fingerId, int groupId);
|
||||||
|
|||||||
@@ -430,7 +430,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void handleFingerprintAuthenticated() {
|
|
||||||
|
private void handleFingerprintAuthenticated(int authUserId) {
|
||||||
try {
|
try {
|
||||||
final int userId;
|
final int userId;
|
||||||
try {
|
try {
|
||||||
@@ -439,6 +440,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
|
|||||||
Log.e(TAG, "Failed to get current user id: ", e);
|
Log.e(TAG, "Failed to get current user id: ", e);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (userId != authUserId) {
|
||||||
|
Log.d(TAG, "Fingerprint authenticated for wrong user: " + authUserId);
|
||||||
|
return;
|
||||||
|
}
|
||||||
if (isFingerprintDisabled(userId)) {
|
if (isFingerprintDisabled(userId)) {
|
||||||
Log.d(TAG, "Fingerprint disabled by DPM for userId: " + userId);
|
Log.d(TAG, "Fingerprint disabled by DPM for userId: " + userId);
|
||||||
return;
|
return;
|
||||||
@@ -705,7 +710,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onAuthenticationSucceeded(AuthenticationResult result) {
|
public void onAuthenticationSucceeded(AuthenticationResult result) {
|
||||||
handleFingerprintAuthenticated();
|
handleFingerprintAuthenticated(result.getUserId());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@@ -127,6 +127,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
private IFingerprintDaemon mDaemon;
|
private IFingerprintDaemon mDaemon;
|
||||||
private final PowerManager mPowerManager;
|
private final PowerManager mPowerManager;
|
||||||
private final AlarmManager mAlarmManager;
|
private final AlarmManager mAlarmManager;
|
||||||
|
private int mCurrentUserId = UserHandle.USER_NULL;
|
||||||
|
|
||||||
private final BroadcastReceiver mLockoutReceiver = new BroadcastReceiver() {
|
private final BroadcastReceiver mLockoutReceiver = new BroadcastReceiver() {
|
||||||
@Override
|
@Override
|
||||||
@@ -337,7 +338,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
stopPendingOperations(true);
|
stopPendingOperations(true);
|
||||||
mEnrollClient = new ClientMonitor(token, receiver, groupId, restricted, token.toString());
|
mEnrollClient = new ClientMonitor(token, receiver, mCurrentUserId, groupId, restricted,
|
||||||
|
token.toString());
|
||||||
final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC);
|
final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC);
|
||||||
try {
|
try {
|
||||||
final int result = daemon.enroll(cryptoToken, groupId, timeout);
|
final int result = daemon.enroll(cryptoToken, groupId, timeout);
|
||||||
@@ -425,7 +427,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
stopPendingOperations(true);
|
stopPendingOperations(true);
|
||||||
mAuthClient = new ClientMonitor(token, receiver, groupId, restricted, opPackageName);
|
mAuthClient = new ClientMonitor(token, receiver, mCurrentUserId, groupId, restricted,
|
||||||
|
opPackageName);
|
||||||
if (inLockoutMode()) {
|
if (inLockoutMode()) {
|
||||||
Slog.v(TAG, "In lockout mode; disallowing authentication");
|
Slog.v(TAG, "In lockout mode; disallowing authentication");
|
||||||
if (!mAuthClient.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) {
|
if (!mAuthClient.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) {
|
||||||
@@ -482,7 +485,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
}
|
}
|
||||||
|
|
||||||
stopPendingOperations(true);
|
stopPendingOperations(true);
|
||||||
mRemoveClient = new ClientMonitor(token, receiver, userId, restricted, token.toString());
|
mRemoveClient = new ClientMonitor(token, receiver, mCurrentUserId, userId, restricted,
|
||||||
|
token.toString());
|
||||||
// The fingerprint template ids will be removed when we get confirmation from the HAL
|
// The fingerprint template ids will be removed when we get confirmation from the HAL
|
||||||
try {
|
try {
|
||||||
final int result = daemon.remove(fingerId, userId);
|
final int result = daemon.remove(fingerId, userId);
|
||||||
@@ -605,15 +609,17 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
private class ClientMonitor implements IBinder.DeathRecipient {
|
private class ClientMonitor implements IBinder.DeathRecipient {
|
||||||
IBinder token;
|
IBinder token;
|
||||||
IFingerprintServiceReceiver receiver;
|
IFingerprintServiceReceiver receiver;
|
||||||
int userId;
|
int userId; // userId of the caller
|
||||||
|
int currentUserId; // current user id when this was created
|
||||||
boolean restricted; // True if client does not have MANAGE_FINGERPRINT permission
|
boolean restricted; // True if client does not have MANAGE_FINGERPRINT permission
|
||||||
String owner;
|
String owner;
|
||||||
|
|
||||||
public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver, int userId,
|
public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver,
|
||||||
boolean restricted, String owner) {
|
int currentUserId, int userId, boolean restricted, String owner) {
|
||||||
this.token = token;
|
this.token = token;
|
||||||
this.receiver = receiver;
|
this.receiver = receiver;
|
||||||
this.userId = userId;
|
this.userId = userId;
|
||||||
|
this.currentUserId = currentUserId;
|
||||||
this.restricted = restricted;
|
this.restricted = restricted;
|
||||||
this.owner = owner; // name of the client that owns this - for debugging
|
this.owner = owner; // name of the client that owns this - for debugging
|
||||||
try {
|
try {
|
||||||
@@ -702,9 +708,9 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
Slog.v(TAG, "onAuthenticated(owner=" + mAuthClient.owner
|
Slog.v(TAG, "onAuthenticated(owner=" + mAuthClient.owner
|
||||||
+ ", id=" + fpId + ", gp=" + groupId + ")");
|
+ ", id=" + fpId + ", gp=" + groupId + ")");
|
||||||
}
|
}
|
||||||
Fingerprint fp = !restricted ?
|
Fingerprint fp = !restricted ? new Fingerprint("" /* TODO */, groupId, fpId,
|
||||||
new Fingerprint("" /* TODO */, groupId, fpId, mHalDeviceId) : null;
|
mHalDeviceId) : null;
|
||||||
receiver.onAuthenticationSucceeded(mHalDeviceId, fp);
|
receiver.onAuthenticationSucceeded(mHalDeviceId, fp, currentUserId);
|
||||||
}
|
}
|
||||||
} catch (RemoteException e) {
|
} catch (RemoteException e) {
|
||||||
Slog.w(TAG, "Failed to notify Authenticated:", e);
|
Slog.w(TAG, "Failed to notify Authenticated:", e);
|
||||||
@@ -1129,6 +1135,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
|
|||||||
Slog.e(TAG, "Failed to setActiveGroup():", e);
|
Slog.e(TAG, "Failed to setActiveGroup():", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
mCurrentUserId = userId;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void listenForUserSwitches() {
|
private void listenForUserSwitches() {
|
||||||
|
|||||||
Reference in New Issue
Block a user