Merge changes from topic "b/159260556" into rvc-dev
* changes: Revert "Do not start biometric auth if encrypted or lockdown" Revert "Add SafetyNet logging for b/79776455"
This commit is contained in:
Kevin Chyn
@@ -79,7 +79,6 @@ import android.telephony.SubscriptionInfo;
|
||||
import android.telephony.SubscriptionManager;
|
||||
import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
|
||||
import android.telephony.TelephonyManager;
|
||||
import android.util.EventLog;
|
||||
import android.util.Log;
|
||||
import android.util.SparseArray;
|
||||
import android.util.SparseBooleanArray;
|
||||
@@ -1075,17 +1074,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
!= LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED;
|
||||
}
|
||||
|
||||
private boolean isUserEncryptedOrLockdown(int userId) {
|
||||
// Biometrics should not be started in this case. Think carefully before modifying this
|
||||
// method, see b/79776455
|
||||
final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(userId);
|
||||
final boolean isLockDown =
|
||||
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
|
||||
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||
final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
||||
return isLockDown || isEncrypted;
|
||||
}
|
||||
|
||||
private boolean containsFlag(int haystack, int needle) {
|
||||
return (haystack & needle) != 0;
|
||||
}
|
||||
@@ -1915,7 +1903,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
private boolean shouldListenForFingerprint() {
|
||||
final boolean allowedOnBouncer =
|
||||
!(mFingerprintLockedOut && mBouncer && mCredentialAttempted);
|
||||
final int user = getCurrentUser();
|
||||
|
||||
// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
|
||||
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
|
||||
@@ -1924,7 +1911,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
shouldListenForFingerprintAssistant() || (mKeyguardOccluded && mIsDreaming))
|
||||
&& !mSwitchingUser && !isFingerprintDisabled(getCurrentUser())
|
||||
&& (!mKeyguardGoingAway || !mDeviceInteractive) && mIsPrimaryUser
|
||||
&& allowedOnBouncer && !isUserEncryptedOrLockdown(user);
|
||||
&& allowedOnBouncer;
|
||||
return shouldListen;
|
||||
}
|
||||
|
||||
@@ -1938,8 +1925,12 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
&& !statusBarShadeLocked;
|
||||
final int user = getCurrentUser();
|
||||
final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user);
|
||||
final boolean isTimedOut =
|
||||
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);
|
||||
final boolean isLockDown =
|
||||
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
|
||||
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||
final boolean isEncryptedOrTimedOut =
|
||||
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT)
|
||||
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);
|
||||
|
||||
boolean canBypass = mKeyguardBypassController != null
|
||||
&& mKeyguardBypassController.canBypass();
|
||||
@@ -1948,9 +1939,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
// TrustAgents or biometrics are keeping the device unlocked.
|
||||
boolean becauseCannotSkipBouncer = !getUserCanSkipBouncer(user) || canBypass;
|
||||
|
||||
// Scan even when timeout to show a preemptive bouncer when bypassing.
|
||||
// Scan even when encrypted or timeout to show a preemptive bouncer when bypassing.
|
||||
// Lock-down mode shouldn't scan, since it is more explicit.
|
||||
boolean strongAuthAllowsScanning = (!isTimedOut || canBypass && !mBouncer);
|
||||
boolean strongAuthAllowsScanning = (!isEncryptedOrTimedOut || canBypass && !mBouncer)
|
||||
&& !isLockDown;
|
||||
|
||||
// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
|
||||
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
|
||||
@@ -1960,7 +1952,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
&& !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer
|
||||
&& !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed
|
||||
&& strongAuthAllowsScanning && mIsPrimaryUser
|
||||
&& !mSecureCameraLaunched && !isUserEncryptedOrLockdown(user);
|
||||
&& !mSecureCameraLaunched;
|
||||
|
||||
// Aggregate relevant fields for debug logging.
|
||||
if (DEBUG_FACE || DEBUG_SPEW) {
|
||||
@@ -2033,11 +2025,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
if (mFingerprintCancelSignal != null) {
|
||||
mFingerprintCancelSignal.cancel();
|
||||
}
|
||||
|
||||
if (isUserEncryptedOrLockdown(userId)) {
|
||||
// If this happens, shouldListenForFingerprint() is wrong. SafetyNet for b/79776455
|
||||
EventLog.writeEvent(0x534e4554, "79776455", "startListeningForFingerprint");
|
||||
}
|
||||
mFingerprintCancelSignal = new CancellationSignal();
|
||||
mFpm.authenticate(null, mFingerprintCancelSignal, 0, mFingerprintAuthenticationCallback,
|
||||
null, userId);
|
||||
@@ -2056,11 +2043,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
||||
if (mFaceCancelSignal != null) {
|
||||
mFaceCancelSignal.cancel();
|
||||
}
|
||||
|
||||
if (isUserEncryptedOrLockdown(userId)) {
|
||||
// If this happens, shouldListenForFace() is wrong. SafetyNet for b/79776455
|
||||
EventLog.writeEvent(0x534e4554, "79776455", "startListeningForFace");
|
||||
}
|
||||
mFaceCancelSignal = new CancellationSignal();
|
||||
mFaceManager.authenticate(null, mFaceCancelSignal, 0,
|
||||
mFaceAuthenticationCallback, null, userId);
|
||||
|
||||
@@ -451,6 +451,12 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {
|
||||
verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requiresAuthentication_whenEncryptedKeyguard_andBypass() {
|
||||
testStrongAuthExceptOnBouncer(
|
||||
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requiresAuthentication_whenTimeoutKeyguard_andBypass() {
|
||||
testStrongAuthExceptOnBouncer(
|
||||
@@ -507,20 +513,10 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {
|
||||
|
||||
@Test
|
||||
public void testIgnoresAuth_whenLockdown() {
|
||||
testIgnoresAuth(
|
||||
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIgnoresAuth_whenEncrypted() {
|
||||
testIgnoresAuth(
|
||||
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
||||
}
|
||||
|
||||
private void testIgnoresAuth(int strongAuth) {
|
||||
mKeyguardUpdateMonitor.dispatchStartedWakingUp();
|
||||
mTestableLooper.processAllMessages();
|
||||
when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(strongAuth);
|
||||
when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(
|
||||
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||
|
||||
mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);
|
||||
verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
|
||||
|
||||
Reference in New Issue
Block a user