Update KeyStore for new biometric modalities

Biometrics are now generic from KeyStore point of view Bug: 113624536 Test: Unable to create keys when no templates enrolled Test: Able to create keys when templates are enrolled Test: No regression in Fingerprint Keys are invalidated after enrolling another FP Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
2018-09-24 14:36:39 -07:00
parent 353eab924f
commit 057b743fe9
4 changed files with 54 additions and 19 deletions
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -23,6 +23,7 @@ import android.app.Application;
 import android.app.KeyguardManager;
 import android.content.Context;
 import android.content.pm.PackageManager;
+import android.hardware.face.FaceManager;
 import android.hardware.fingerprint.FingerprintManager;
 import android.os.Binder;
 import android.os.IBinder;
@@ -913,7 +914,7 @@ public class KeyStore {
                    return new UserNotAuthenticatedException();
                }

-                long fingerprintOnlySid = getFingerprintOnlySid();
+                final long fingerprintOnlySid = getFingerprintOnlySid();
                if ((fingerprintOnlySid != 0)
                        && (keySids.contains(KeymasterArguments.toUint64(fingerprintOnlySid)))) {
                    // One of the key's SIDs is the current fingerprint SID -- user can be
@@ -921,6 +922,14 @@ public class KeyStore {
                    return new UserNotAuthenticatedException();
                }

+                final long faceOnlySid = getFaceOnlySid();
+                if ((faceOnlySid != 0)
+                        && (keySids.contains(KeymasterArguments.toUint64(faceOnlySid)))) {
+                    // One of the key's SIDs is the current face SID -- user can be
+                    // authenticated against that SID.
+                    return new UserNotAuthenticatedException();
+                }
+
                // None of the key's SIDs can ever be authenticated
                return new KeyPermanentlyInvalidatedException();
            }
@@ -931,6 +940,21 @@ public class KeyStore {
        }
    }

+    private long getFaceOnlySid() {
+        final PackageManager packageManager = mContext.getPackageManager();
+        if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FACE)) {
+            return 0;
+        }
+        FaceManager faceManager = mContext.getSystemService(FaceManager.class);
+        if (faceManager == null) {
+            return 0;
+        }
+
+        // TODO: Restore USE_BIOMETRIC or USE_BIOMETRIC_INTERNAL permission check in
+        // FaceManager.getAuthenticatorId once the ID is no longer needed here.
+        return faceManager.getAuthenticatorId();
+    }
+
    private long getFingerprintOnlySid() {
        final PackageManager packageManager = mContext.getPackageManager();
        if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {