Merge "Add SafetyNet logging for b/79776455" into rvc-dev am: 0b2bb19db4

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11853950 Change-Id: Ic741b43434aa171b72da5de961020b153bb06976
2020-06-12 21:42:21 +00:00
parent 6474cf0230 0b2bb19db4
commit 8c79a511cb
1 changed files with 24 additions and 12 deletions
--- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -79,6 +79,7 @@ import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
 import android.telephony.TelephonyManager;
+import android.util.EventLog;
 import android.util.Log;
 import android.util.SparseArray;
 import android.util.SparseBooleanArray;
@@ -1074,6 +1075,17 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
                != LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED;
    }

+    private boolean isUserEncryptedOrLockdown(int userId) {
+        // Biometrics should not be started in this case. Think carefully before modifying this
+        // method, see b/79776455
+        final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(userId);
+        final boolean isLockDown =
+                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
+                        || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
+        final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);
+        return isLockDown || isEncrypted;
+    }
+
    private boolean containsFlag(int haystack, int needle) {
        return (haystack & needle) != 0;
    }
@@ -1904,11 +1916,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
        final boolean allowedOnBouncer =
                !(mFingerprintLockedOut && mBouncer && mCredentialAttempted);
        final int user = getCurrentUser();
-        final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user);
-        final boolean isLockDown =
-                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
-                        || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
-        final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);

        // Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
        // instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
@@ -1917,7 +1924,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
                shouldListenForFingerprintAssistant() || (mKeyguardOccluded && mIsDreaming))
                && !mSwitchingUser && !isFingerprintDisabled(getCurrentUser())
                && (!mKeyguardGoingAway || !mDeviceInteractive) && mIsPrimaryUser
-                && allowedOnBouncer && !isLockDown && !isEncrypted;
+                && allowedOnBouncer && !isUserEncryptedOrLockdown(user);
        return shouldListen;
    }

@@ -1931,11 +1938,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
                && !statusBarShadeLocked;
        final int user = getCurrentUser();
        final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user);
-        final boolean isLockDown =
-                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
-                        || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
-        final boolean isEncrypted =
-                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);
        final boolean isTimedOut =
                containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);

@@ -1958,7 +1960,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
                && !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer
                && !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed
                && strongAuthAllowsScanning && mIsPrimaryUser
-                && !mSecureCameraLaunched && !isLockDown && !isEncrypted;
+                && !mSecureCameraLaunched && !isUserEncryptedOrLockdown(user);

        // Aggregate relevant fields for debug logging.
        if (DEBUG_FACE || DEBUG_SPEW) {
@@ -2031,6 +2033,11 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
            if (mFingerprintCancelSignal != null) {
                mFingerprintCancelSignal.cancel();
            }
+
+            if (isUserEncryptedOrLockdown(userId)) {
+                // If this happens, shouldListenForFingerprint() is wrong. SafetyNet for b/79776455
+                EventLog.writeEvent(0x534e4554, "79776455", "startListeningForFingerprint");
+            }
            mFingerprintCancelSignal = new CancellationSignal();
            mFpm.authenticate(null, mFingerprintCancelSignal, 0, mFingerprintAuthenticationCallback,
                    null, userId);
@@ -2049,6 +2056,11 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
            if (mFaceCancelSignal != null) {
                mFaceCancelSignal.cancel();
            }
+
+            if (isUserEncryptedOrLockdown(userId)) {
+                // If this happens, shouldListenForFace() is wrong. SafetyNet for b/79776455
+                EventLog.writeEvent(0x534e4554, "79776455", "startListeningForFace");
+            }
            mFaceCancelSignal = new CancellationSignal();
            mFaceManager.authenticate(null, mFaceCancelSignal, 0,
                    mFaceAuthenticationCallback, null, userId);