Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Update KeyStore for new biometric modalities"

Browse Source
This commit is contained in:
TreeHugger Robot
2018-11-16 22:52:30 +00:00
committed by Android (Google) Code Review
parent 992cd354fc 057b743fe9
commit 278913ae62
4 changed files with 54 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
keystore/java/android/security/KeyStore.java
View File

@@ -23,6 +23,7 @@ import android.app.Application;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.pm.PackageManager;
import android.hardware.face.FaceManager;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Binder;
import android.os.IBinder;
@@ -1254,7 +1255,7 @@ public class KeyStore {
return new UserNotAuthenticatedException();
}
long fingerprintOnlySid = getFingerprintOnlySid();
final long fingerprintOnlySid = getFingerprintOnlySid();
if ((fingerprintOnlySid != 0)
&& (keySids.contains(KeymasterArguments.toUint64(fingerprintOnlySid)))) {
// One of the key's SIDs is the current fingerprint SID -- user can be
@@ -1262,6 +1263,14 @@ public class KeyStore {
return new UserNotAuthenticatedException();
}
final long faceOnlySid = getFaceOnlySid();
if ((faceOnlySid != 0)
&& (keySids.contains(KeymasterArguments.toUint64(faceOnlySid)))) {
// One of the key's SIDs is the current face SID -- user can be
// authenticated against that SID.
return new UserNotAuthenticatedException();
}
// None of the key's SIDs can ever be authenticated
return new KeyPermanentlyInvalidatedException();
}
@@ -1272,6 +1281,21 @@ public class KeyStore {
}
}
private long getFaceOnlySid() {
final PackageManager packageManager = mContext.getPackageManager();
if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FACE)) {
return 0;
}
FaceManager faceManager = mContext.getSystemService(FaceManager.class);
if (faceManager == null) {
return 0;
}
// TODO: Restore USE_BIOMETRIC or USE_BIOMETRIC_INTERNAL permission check in
// FaceManager.getAuthenticatorId once the ID is no longer needed here.
return faceManager.getAuthenticatorId();
}
private long getFingerprintOnlySid() {
final PackageManager packageManager = mContext.getPackageManager();
if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {