From 1e6a356911c1c3dbf83f0393ea6122a34434861d Mon Sep 17 00:00:00 2001
From: Curtis Belmonte <curtislb@google.com>
Date: Tue, 24 Mar 2020 18:07:08 -0700
Subject: [PATCH] Fix display of BiometricPrompt wipe warning dialogs

Ensure that both local wipe dialogs are shown by the BiometricPrompt
credential view as appropriate:
- A "last attempt" warning dialog when the user is one failure from a wipe
- The "now wiping" dialog shows before the prompt is dismissed

Test: Manual:
1. Create a work profile via TestDPC (go/testdpc)
2. Set a work profile lock pattern/PIN/password via Settings > Security
3. Launch the work profile instance of TestDPC
4. Scroll down to "Lock screen"
5. Tap "Lock screen restrictions"
6. Select the "Work profile" tab
7. Set "Max password failures for local wipe" to 3
8. Lock & unlock the screen
9. Launch work profile app
10. Enter the wrong pattern/PIN/password three times

Fixes: 152016710
Change-Id: I3771d222aaaacef5fa70c1246432a6fd1afdcd42
---
 packages/SystemUI/res/values/strings.xml      | 22 ++++++
 .../biometrics/AuthCredentialView.java        | 79 +++++++++++++++++--
 2 files changed, 95 insertions(+), 6 deletions(-)

diff --git a/packages/SystemUI/res/values/strings.xml b/packages/SystemUI/res/values/strings.xml
index c8c35c704297d..8a3a16e9a6cfc 100644
--- a/packages/SystemUI/res/values/strings.xml
+++ b/packages/SystemUI/res/values/strings.xml
@@ -374,9 +374,31 @@
     <string name="biometric_dialog_wrong_password">Wrong password</string>
     <!-- Error string shown when the user enters too many incorrect attempts [CHAR LIMIT=120]-->
     <string name="biometric_dialog_credential_too_many_attempts">Too many incorrect attempts.\nTry again in <xliff:g id="number">%d</xliff:g> seconds.</string>
+
     <!-- Error string shown when the user enters an incorrect PIN/pattern/password and it counts towards the max attempts before the data on the device is wiped. [CHAR LIMIT=NONE]-->
     <string name="biometric_dialog_credential_attempts_before_wipe">Try again. Attempt <xliff:g id="attempts" example="1">%1$d</xliff:g> of <xliff:g id="max_attempts" example="3">%2$d</xliff:g>.</string>
 
+    <!-- Title of a dialog shown when the user only has one attempt left to provide the correct PIN/pattern/password before the device, one of its users, or a work profile is wiped. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_attempt_before_wipe_dialog_title">Your data will be deleted</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct lock pattern before the device is wiped. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_pattern_attempt_before_wipe_device">If you enter an incorrect pattern on the next attempt, this device\u2019s data will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct PIN before the device is wiped. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_pin_attempt_before_wipe_device">If you enter an incorrect PIN on the next attempt, this device\u2019s data will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct password before the device is wiped. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_password_attempt_before_wipe_device">If you enter an incorrect password on the next attempt, this device\u2019s data will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct lock pattern before the user is removed. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_pattern_attempt_before_wipe_user">If you enter an incorrect pattern on the next attempt, this user will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct PIN before the user is removed. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_pin_attempt_before_wipe_user">If you enter an incorrect PIN on the next attempt, this user will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct password before the user is removed. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_password_attempt_before_wipe_user">If you enter an incorrect password on the next attempt, this user will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct pattern before the work profile is removed. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_pattern_attempt_before_wipe_profile">If you enter an incorrect pattern on the next attempt, your work profile and its data will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct PIN before the work profile is removed. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_pin_attempt_before_wipe_profile">If you enter an incorrect PIN on the next attempt, your work profile and its data will be deleted.</string>
+    <!-- Content of a dialog shown when the user only has one attempt left to provide the correct password before the work profile is removed. [CHAR LIMIT=NONE] -->
+    <string name="biometric_dialog_last_password_attempt_before_wipe_profile">If you enter an incorrect password on the next attempt, your work profile and its data will be deleted.</string>
+
     <!-- Content of a dialog shown when the user has failed to provide the device lock too many times and the device is wiped. [CHAR LIMIT=NONE] -->
     <string name="biometric_dialog_failed_attempts_now_wiping_device">Too many incorrect attempts. This device\u2019s data will be deleted.</string>
     <!-- Content of a dialog shown when the user has failed to provide the user lock too many times and the user is removed. [CHAR LIMIT=NONE] -->
diff --git a/packages/SystemUI/src/com/android/systemui/biometrics/AuthCredentialView.java b/packages/SystemUI/src/com/android/systemui/biometrics/AuthCredentialView.java
index 13f3c0fce5c21..b006bc1351a32 100644
--- a/packages/SystemUI/src/com/android/systemui/biometrics/AuthCredentialView.java
+++ b/packages/SystemUI/src/com/android/systemui/biometrics/AuthCredentialView.java
@@ -347,21 +347,35 @@ public abstract class AuthCredentialView extends LinearLayout {
             showError(message);
         }
 
-        // Only show popup dialog before wipe.
+        // Only show dialog if <=1 attempts are left before wiping.
         final int remainingAttempts = maxAttempts - numAttempts;
-        if (remainingAttempts <= 0) {
-            showNowWipingMessage();
-            mContainerView.animateAway(AuthDialogCallback.DISMISSED_ERROR);
+        if (remainingAttempts == 1) {
+            showLastAttemptBeforeWipeDialog();
+        } else if (remainingAttempts <= 0) {
+            showNowWipingDialog();
         }
         return true;
     }
 
-    private void showNowWipingMessage() {
+    private void showLastAttemptBeforeWipeDialog() {
+        final AlertDialog alertDialog = new AlertDialog.Builder(mContext)
+                .setTitle(R.string.biometric_dialog_last_attempt_before_wipe_dialog_title)
+                .setMessage(
+                        getLastAttemptBeforeWipeMessageRes(getUserTypeForWipe(), mCredentialType))
+                .setPositiveButton(android.R.string.ok, null)
+                .create();
+        alertDialog.getWindow().setType(WindowManager.LayoutParams.TYPE_STATUS_BAR_SUB_PANEL);
+        alertDialog.show();
+    }
+
+    private void showNowWipingDialog() {
         final AlertDialog alertDialog = new AlertDialog.Builder(mContext)
                 .setMessage(getNowWipingMessageRes(getUserTypeForWipe()))
                 .setPositiveButton(R.string.biometric_dialog_now_wiping_dialog_dismiss, null)
+                .setOnDismissListener(
+                        dialog -> mContainerView.animateAway(AuthDialogCallback.DISMISSED_ERROR))
                 .create();
-        alertDialog.getWindow().setType(WindowManager.LayoutParams.TYPE_SYSTEM_ALERT);
+        alertDialog.getWindow().setType(WindowManager.LayoutParams.TYPE_STATUS_BAR_SUB_PANEL);
         alertDialog.show();
     }
 
@@ -377,6 +391,59 @@ public abstract class AuthCredentialView extends LinearLayout {
         }
     }
 
+    private static @StringRes int getLastAttemptBeforeWipeMessageRes(
+            @UserType int userType, @Utils.CredentialType int credentialType) {
+        switch (userType) {
+            case USER_TYPE_PRIMARY:
+                return getLastAttemptBeforeWipeDeviceMessageRes(credentialType);
+            case USER_TYPE_MANAGED_PROFILE:
+                return getLastAttemptBeforeWipeProfileMessageRes(credentialType);
+            case USER_TYPE_SECONDARY:
+                return getLastAttemptBeforeWipeUserMessageRes(credentialType);
+            default:
+                throw new IllegalArgumentException("Unrecognized user type:" + userType);
+        }
+    }
+
+    private static @StringRes int getLastAttemptBeforeWipeDeviceMessageRes(
+            @Utils.CredentialType int credentialType) {
+        switch (credentialType) {
+            case Utils.CREDENTIAL_PIN:
+                return R.string.biometric_dialog_last_pin_attempt_before_wipe_device;
+            case Utils.CREDENTIAL_PATTERN:
+                return R.string.biometric_dialog_last_pattern_attempt_before_wipe_device;
+            case Utils.CREDENTIAL_PASSWORD:
+            default:
+                return R.string.biometric_dialog_last_password_attempt_before_wipe_device;
+        }
+    }
+
+    private static @StringRes int getLastAttemptBeforeWipeProfileMessageRes(
+            @Utils.CredentialType int credentialType) {
+        switch (credentialType) {
+            case Utils.CREDENTIAL_PIN:
+                return R.string.biometric_dialog_last_pin_attempt_before_wipe_profile;
+            case Utils.CREDENTIAL_PATTERN:
+                return R.string.biometric_dialog_last_pattern_attempt_before_wipe_profile;
+            case Utils.CREDENTIAL_PASSWORD:
+            default:
+                return R.string.biometric_dialog_last_password_attempt_before_wipe_profile;
+        }
+    }
+
+    private static @StringRes int getLastAttemptBeforeWipeUserMessageRes(
+            @Utils.CredentialType int credentialType) {
+        switch (credentialType) {
+            case Utils.CREDENTIAL_PIN:
+                return R.string.biometric_dialog_last_pin_attempt_before_wipe_user;
+            case Utils.CREDENTIAL_PATTERN:
+                return R.string.biometric_dialog_last_pattern_attempt_before_wipe_user;
+            case Utils.CREDENTIAL_PASSWORD:
+            default:
+                return R.string.biometric_dialog_last_password_attempt_before_wipe_user;
+        }
+    }
+
     private static @StringRes int getNowWipingMessageRes(@UserType int userType) {
         switch (userType) {
             case USER_TYPE_PRIMARY: