From 6a9945a3c8cb57197bccf7b04122167c18d9ec62 Mon Sep 17 00:00:00 2001 From: Kevin Chyn Date: Fri, 12 Jun 2020 11:52:56 -0700 Subject: [PATCH] Add SafetyNet logging for b/79776455 Test: Auth is not started after lockdown or reboot Fixes: 79776455 Change-Id: I9df6cb7fa59a611f81baf4f368df208598f3de3a --- .../keyguard/KeyguardUpdateMonitor.java | 36 ++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java index 34c85877577be..7914d864da0fd 100644 --- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java +++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java @@ -79,6 +79,7 @@ import android.telephony.SubscriptionInfo; import android.telephony.SubscriptionManager; import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener; import android.telephony.TelephonyManager; +import android.util.EventLog; import android.util.Log; import android.util.SparseArray; import android.util.SparseBooleanArray; @@ -1074,6 +1075,17 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab != LockPatternUtils.StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED; } + private boolean isUserEncryptedOrLockdown(int userId) { + // Biometrics should not be started in this case. Think carefully before modifying this + // method, see b/79776455 + final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(userId); + final boolean isLockDown = + containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW) + || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); + final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT); + return isLockDown || isEncrypted; + } + private boolean containsFlag(int haystack, int needle) { return (haystack & needle) != 0; } @@ -1904,11 +1916,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab final boolean allowedOnBouncer = !(mFingerprintLockedOut && mBouncer && mCredentialAttempted); final int user = getCurrentUser(); - final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user); - final boolean isLockDown = - containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW) - || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); - final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT); // Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an // instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware. @@ -1917,7 +1924,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab shouldListenForFingerprintAssistant() || (mKeyguardOccluded && mIsDreaming)) && !mSwitchingUser && !isFingerprintDisabled(getCurrentUser()) && (!mKeyguardGoingAway || !mDeviceInteractive) && mIsPrimaryUser - && allowedOnBouncer && !isLockDown && !isEncrypted; + && allowedOnBouncer && !isUserEncryptedOrLockdown(user); return shouldListen; } @@ -1931,11 +1938,6 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab && !statusBarShadeLocked; final int user = getCurrentUser(); final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user); - final boolean isLockDown = - containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW) - || containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); - final boolean isEncrypted = - containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT); final boolean isTimedOut = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT); @@ -1958,7 +1960,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab && !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer && !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed && strongAuthAllowsScanning && mIsPrimaryUser - && !mSecureCameraLaunched && !isLockDown && !isEncrypted; + && !mSecureCameraLaunched && !isUserEncryptedOrLockdown(user); // Aggregate relevant fields for debug logging. if (DEBUG_FACE || DEBUG_SPEW) { @@ -2031,6 +2033,11 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab if (mFingerprintCancelSignal != null) { mFingerprintCancelSignal.cancel(); } + + if (isUserEncryptedOrLockdown(userId)) { + // If this happens, shouldListenForFingerprint() is wrong. SafetyNet for b/79776455 + EventLog.writeEvent(0x534e4554, "79776455", "startListeningForFingerprint"); + } mFingerprintCancelSignal = new CancellationSignal(); mFpm.authenticate(null, mFingerprintCancelSignal, 0, mFingerprintAuthenticationCallback, null, userId); @@ -2049,6 +2056,11 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab if (mFaceCancelSignal != null) { mFaceCancelSignal.cancel(); } + + if (isUserEncryptedOrLockdown(userId)) { + // If this happens, shouldListenForFace() is wrong. SafetyNet for b/79776455 + EventLog.writeEvent(0x534e4554, "79776455", "startListeningForFace"); + } mFaceCancelSignal = new CancellationSignal(); mFaceManager.authenticate(null, mFaceCancelSignal, 0, mFaceAuthenticationCallback, null, userId);