am 3bf26f1d: am 5be4d295: Merge "Only enable fingerprint auth after first regular auth" into mnc-dev

* commit '3bf26f1dd734ad18e3d027ecb5a421fbacbf13ba': Only enable fingerprint auth after first regular auth
2015-05-05 21:00:15 +00:00
parent 3e6913e488 3bf26f1dd7
commit 4eca706731
4 changed files with 70 additions and 16 deletions
--- a/core/java/android/app/trust/ITrustManager.aidl
+++ b/core/java/android/app/trust/ITrustManager.aidl
@@ -32,4 +32,5 @@ interface ITrustManager {
    void reportKeyguardShowingChanged();
    boolean isDeviceLocked(int userId);
    boolean isDeviceSecure(int userId);
+    boolean hasUserAuthenticatedSinceBoot(int userId);
 }
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -147,6 +147,23 @@ public class TrustManager {
        }
    }

+    /**
+     * Checks whether the specified user has been authenticated since the last boot.
+     *
+     * @param userId the user id of the user to check for
+     * @return true if the user has authenticated since boot, false otherwise
+     *
+     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
+     */
+    public boolean hasUserAuthenticatedSinceBoot(int userId) {
+        try {
+            return mService.hasUserAuthenticatedSinceBoot(userId);
+        } catch (RemoteException e) {
+            onError(e);
+            return false;
+        }
+    }
+
    private void onError(Exception e) {
        Log.e(TAG, "Error while calling TrustManagerService", e);
    }
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -58,7 +58,6 @@ import android.hardware.fingerprint.FingerprintManager;
 import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback;
 import android.hardware.fingerprint.FingerprintUtils;
 import android.hardware.fingerprint.FingerprintManager.AuthenticationResult;
-import android.service.trust.TrustAgentService;
 import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
@@ -154,6 +153,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
    private SubscriptionManager mSubscriptionManager;
    private List<SubscriptionInfo> mSubscriptionInfo;
    private boolean mFingerprintDetectionRunning;
+    private TrustManager mTrustManager;

    private final Handler mHandler = new Handler() {
        @Override
@@ -784,8 +784,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
            e.printStackTrace();
        }

-        TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
-        trustManager.registerTrustListener(this);
+        mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
+        mTrustManager.registerTrustListener(this);

        mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
        updateFingerprintListeningState();
@@ -801,7 +801,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
    }

    private boolean shouldListenForFingerprint() {
-        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser;
+        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser
+                && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser());
    }

    private void startListeningForFingerprint() {
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -227,7 +227,7 @@ public class TrustManagerService extends SystemService {
            if (!userInfo.supportsSwitchTo()) continue;
            if (!mActivityManager.isUserRunning(userInfo.id)) continue;
            if (!lockPatternUtils.isSecure(userInfo.id)) continue;
-            if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue;
+            if (!getUserHasAuthenticated(userInfo.id)) continue;
            DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
            int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
            final boolean disableTrustAgents =
@@ -506,7 +506,7 @@ public class TrustManagerService extends SystemService {
    // Agent dispatch and aggregation

    private boolean aggregateIsTrusted(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        if (!getUserHasAuthenticated(userId)) {
            return false;
        }
        for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -521,7 +521,7 @@ public class TrustManagerService extends SystemService {
    }

    private boolean aggregateIsTrustManaged(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        if (!getUserHasAuthenticated(userId)) {
            return false;
        }
        for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -549,21 +549,44 @@ public class TrustManagerService extends SystemService {
    }

    private void updateUserHasAuthenticated(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
-            mUserHasAuthenticatedSinceBoot.put(userId, true);
+        boolean changed = setUserHasAuthenticated(userId);
+        if (changed) {
            refreshAgentList(userId);
        }
    }

+    private boolean getUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            return mUserHasAuthenticatedSinceBoot.get(userId);
+        }
+    }
+
+    /**
+     * @return whether the value has changed
+     */
+    private boolean setUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+                mUserHasAuthenticatedSinceBoot.put(userId, true);
+                return true;
+            }
+            return false;
+        }
+    }
+
+    private void clearUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            if (userId == UserHandle.USER_ALL) {
+                mUserHasAuthenticatedSinceBoot.clear();
+            } else {
+                mUserHasAuthenticatedSinceBoot.put(userId, false);
+            }
+        }
+    }

    private void requireCredentialEntry(int userId) {
-        if (userId == UserHandle.USER_ALL) {
-            mUserHasAuthenticatedSinceBoot.clear();
-            refreshAgentList(UserHandle.USER_ALL);
-        } else {
-            mUserHasAuthenticatedSinceBoot.put(userId, false);
-            refreshAgentList(userId);
-        }
+        clearUserHasAuthenticated(userId);
+        refreshAgentList(userId);
    }

    // Listeners
@@ -705,6 +728,18 @@ public class TrustManagerService extends SystemService {
            }
        }

+        @Override
+        public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException {
+            mContext.enforceCallingOrSelfPermission(
+                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null);
+            long token = Binder.clearCallingIdentity();
+            try {
+                return getUserHasAuthenticated(userId);
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
+        }
+
        private void enforceReportPermission() {
            mContext.enforceCallingOrSelfPermission(
                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");