am 5be4d295: Merge "Only enable fingerprint auth after first regular auth" into mnc-dev

* commit '5be4d295c08614eaf8afd012f90e5c7726bc293e':
  Only enable fingerprint auth after first regular auth

core/java/android/app/trust/ITrustManager.aidl

@@ -32,4 +32,5 @@ interface ITrustManager {
     void reportKeyguardShowingChanged();
     boolean isDeviceLocked(int userId);
     boolean isDeviceSecure(int userId);
+    boolean hasUserAuthenticatedSinceBoot(int userId);
 }

core/java/android/app/trust/TrustManager.java

@@ -147,6 +147,23 @@ public class TrustManager {
         }
     }
 
+    /**
+     * Checks whether the specified user has been authenticated since the last boot.
+     *
+     * @param userId the user id of the user to check for
+     * @return true if the user has authenticated since boot, false otherwise
+     *
+     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
+     */
+    public boolean hasUserAuthenticatedSinceBoot(int userId) {
+        try {
+            return mService.hasUserAuthenticatedSinceBoot(userId);
+        } catch (RemoteException e) {
+            onError(e);
+            return false;
+        }
+    }
+
     private void onError(Exception e) {
         Log.e(TAG, "Error while calling TrustManagerService", e);
     }

packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java

@@ -58,7 +58,6 @@ import android.hardware.fingerprint.FingerprintManager;
 import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback;
 import android.hardware.fingerprint.FingerprintUtils;
 import android.hardware.fingerprint.FingerprintManager.AuthenticationResult;
-import android.service.trust.TrustAgentService;
 import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
@@ -154,6 +153,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
     private SubscriptionManager mSubscriptionManager;
     private List<SubscriptionInfo> mSubscriptionInfo;
     private boolean mFingerprintDetectionRunning;
+    private TrustManager mTrustManager;
 
     private final Handler mHandler = new Handler() {
         @Override
@@ -784,8 +784,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
             e.printStackTrace();
         }
 
-        TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
+        mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
-        trustManager.registerTrustListener(this);
+        mTrustManager.registerTrustListener(this);
 
         mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
         updateFingerprintListeningState();
@@ -801,7 +801,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
     }
 
     private boolean shouldListenForFingerprint() {
-        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser;
+        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser
+                && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser());
     }
 
     private void startListeningForFingerprint() {

services/core/java/com/android/server/trust/TrustManagerService.java

@@ -227,7 +227,7 @@ public class TrustManagerService extends SystemService {
             if (!userInfo.supportsSwitchTo()) continue;
             if (!mActivityManager.isUserRunning(userInfo.id)) continue;
             if (!lockPatternUtils.isSecure(userInfo.id)) continue;
-            if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue;
+            if (!getUserHasAuthenticated(userInfo.id)) continue;
             DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
             int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
             final boolean disableTrustAgents =
@@ -506,7 +506,7 @@ public class TrustManagerService extends SystemService {
     // Agent dispatch and aggregation
 
     private boolean aggregateIsTrusted(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        if (!getUserHasAuthenticated(userId)) {
             return false;
         }
         for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -521,7 +521,7 @@ public class TrustManagerService extends SystemService {
     }
 
     private boolean aggregateIsTrustManaged(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        if (!getUserHasAuthenticated(userId)) {
             return false;
         }
         for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -549,21 +549,44 @@ public class TrustManagerService extends SystemService {
     }
 
     private void updateUserHasAuthenticated(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        boolean changed = setUserHasAuthenticated(userId);
-            mUserHasAuthenticatedSinceBoot.put(userId, true);
+        if (changed) {
             refreshAgentList(userId);
         }
     }
 
+    private boolean getUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            return mUserHasAuthenticatedSinceBoot.get(userId);
+        }
+    }
+
+    /**
+     * @return whether the value has changed
+     */
+    private boolean setUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+                mUserHasAuthenticatedSinceBoot.put(userId, true);
+                return true;
+            }
+            return false;
+        }
+    }
+
+    private void clearUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            if (userId == UserHandle.USER_ALL) {
+                mUserHasAuthenticatedSinceBoot.clear();
+            } else {
+                mUserHasAuthenticatedSinceBoot.put(userId, false);
+            }
+        }
+    }
 
     private void requireCredentialEntry(int userId) {
-        if (userId == UserHandle.USER_ALL) {
+        clearUserHasAuthenticated(userId);
-            mUserHasAuthenticatedSinceBoot.clear();
+        refreshAgentList(userId);
-            refreshAgentList(UserHandle.USER_ALL);
-        } else {
-            mUserHasAuthenticatedSinceBoot.put(userId, false);
-            refreshAgentList(userId);
-        }
     }
 
     // Listeners
@@ -705,6 +728,18 @@ public class TrustManagerService extends SystemService {
             }
         }
 
+        @Override
+        public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException {
+            mContext.enforceCallingOrSelfPermission(
+                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null);
+            long token = Binder.clearCallingIdentity();
+            try {
+                return getUserHasAuthenticated(userId);
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
+        }
+
         private void enforceReportPermission() {
             mContext.enforceCallingOrSelfPermission(
                     Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");