Merge changes from topic "biometric-unlocked-required" am: c36995ec84 am: cf5f4d6cbf am: 9c975f2335

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1671106 Change-Id: I2c7e8050ca82f81ca865a76bd11a39d82eb09dcc
2021-04-28 20:26:08 +00:00
parent 3be17c6711 9c975f2335
commit 0809d53d07
4 changed files with 23 additions and 12 deletions
--- a/core/java/android/hardware/biometrics/BiometricManager.java
+++ b/core/java/android/hardware/biometrics/BiometricManager.java
@@ -558,7 +558,7 @@ public class BiometricManager {
     * @hide
     */
    public long[] getAuthenticatorIds() {
-        return getAuthenticatorIds(UserHandle.getCallingUserId());
+        return getAuthenticatorIds(UserHandle.myUserId());
    }

    /**
--- a/keystore/java/android/security/Authorization.java
+++ b/keystore/java/android/security/Authorization.java
@@ -74,16 +74,19 @@ public class Authorization {
     * @param locked            - whether it is a lock (true) or unlock (false) event
     * @param syntheticPassword - if it is an unlock event with the password, pass the synthetic
     *                            password provided by the LockSettingService
+     * @param unlockingSids     - KeyMint secure user IDs that should be permitted to unlock
+     *                            UNLOCKED_DEVICE_REQUIRED keys.
     *
     * @return 0 if successful or a {@code ResponseCode}.
     */
    public static int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId,
-            @Nullable byte[] syntheticPassword) {
+            @Nullable byte[] syntheticPassword, @Nullable long[] unlockingSids) {
        try {
            if (locked) {
-                getService().onLockScreenEvent(LockScreenEvent.LOCK, userId, null);
+                getService().onLockScreenEvent(LockScreenEvent.LOCK, userId, null, unlockingSids);
            } else {
-                getService().onLockScreenEvent(LockScreenEvent.UNLOCK, userId, syntheticPassword);
+                getService().onLockScreenEvent(
+                        LockScreenEvent.UNLOCK, userId, syntheticPassword, unlockingSids);
            }
            return 0;
        } catch (RemoteException | NullPointerException e) {
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1311,7 +1311,7 @@ public class LockSettingsService extends ILockSettings.Stub {

    private void unlockKeystore(byte[] password, int userHandle) {
        if (DEBUG) Slog.v(TAG, "Unlock keystore for user: " + userHandle);
-        Authorization.onLockScreenEvent(false, userHandle, password);
+        Authorization.onLockScreenEvent(false, userHandle, password, null);
    }

    @VisibleForTesting /** Note: this method is overridden in unit tests */
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -41,6 +41,7 @@ import android.content.res.TypedArray;
 import android.content.res.XmlResourceParser;
 import android.database.ContentObserver;
 import android.graphics.drawable.Drawable;
+import android.hardware.biometrics.BiometricManager;
 import android.hardware.biometrics.BiometricSourceType;
 import android.net.Uri;
 import android.os.Binder;
@@ -188,8 +189,6 @@ public class TrustManagerService extends SystemService {
    private boolean mTrustAgentsCanRun = false;
    private int mCurrentUser = UserHandle.USER_SYSTEM;

-    private Authorization mAuthorizationService;
-
    public TrustManagerService(Context context) {
        super(context);
        mContext = context;
@@ -199,7 +198,6 @@ public class TrustManagerService extends SystemService {
        mStrongAuthTracker = new StrongAuthTracker(context);
        mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE);
        mSettingsObserver = new SettingsObserver(mHandler);
-        mAuthorizationService = new Authorization();
    }

    @Override
@@ -701,13 +699,14 @@ public class TrustManagerService extends SystemService {
        }
        if (changed) {
            dispatchDeviceLocked(userId, locked);
-
-            Authorization.onLockScreenEvent(locked, userId, null);
+            Authorization.onLockScreenEvent(locked, userId, null,
+                    getBiometricSids(userId));
            // Also update the user's profiles who have unified challenge, since they
            // share the same unlocked state (see {@link #isDeviceLocked(int)})
            for (int profileHandle : mUserManager.getEnabledProfileIds(userId)) {
                if (mLockPatternUtils.isManagedProfileWithUnifiedChallenge(profileHandle)) {
-                    mAuthorizationService.onLockScreenEvent(locked, profileHandle, null);
+                    Authorization.onLockScreenEvent(locked, profileHandle, null,
+                            getBiometricSids(profileHandle));
                }
            }
        }
@@ -1047,6 +1046,14 @@ public class TrustManagerService extends SystemService {
        }
    }

+    private long[] getBiometricSids(int userId) {
+        BiometricManager biometricManager = mContext.getSystemService(BiometricManager.class);
+        if (biometricManager == null) {
+            return null;
+        }
+        return biometricManager.getAuthenticatorIds(userId);
+    }
+
    // User lifecycle

    @Override
@@ -1258,7 +1265,8 @@ public class TrustManagerService extends SystemService {
                        mDeviceLockedForUser.put(userId, locked);
                    }

-                    Authorization.onLockScreenEvent(locked, userId, null);
+                    Authorization.onLockScreenEvent(locked, userId, null,
+                            getBiometricSids(userId));

                    if (locked) {
                        try {