Merge "Do not start biometric auth if encrypted or lockdown" into rvc-dev am: 9253ddb5eb
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11840350 Change-Id: I411c8d013e404fb41d6307f57c46af0076dabbd5
This commit is contained in:
Kevin Chyn
@@ -1903,6 +1903,12 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
|||||||
private boolean shouldListenForFingerprint() {
|
private boolean shouldListenForFingerprint() {
|
||||||
final boolean allowedOnBouncer =
|
final boolean allowedOnBouncer =
|
||||||
!(mFingerprintLockedOut && mBouncer && mCredentialAttempted);
|
!(mFingerprintLockedOut && mBouncer && mCredentialAttempted);
|
||||||
|
final int user = getCurrentUser();
|
||||||
|
final int strongAuth = mStrongAuthTracker.getStrongAuthForUser(user);
|
||||||
|
final boolean isLockDown =
|
||||||
|
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
|
||||||
|
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
|
final boolean isEncrypted = containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
||||||
|
|
||||||
// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
|
// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
|
||||||
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
|
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
|
||||||
@@ -1911,7 +1917,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
|||||||
shouldListenForFingerprintAssistant() || (mKeyguardOccluded && mIsDreaming))
|
shouldListenForFingerprintAssistant() || (mKeyguardOccluded && mIsDreaming))
|
||||||
&& !mSwitchingUser && !isFingerprintDisabled(getCurrentUser())
|
&& !mSwitchingUser && !isFingerprintDisabled(getCurrentUser())
|
||||||
&& (!mKeyguardGoingAway || !mDeviceInteractive) && mIsPrimaryUser
|
&& (!mKeyguardGoingAway || !mDeviceInteractive) && mIsPrimaryUser
|
||||||
&& allowedOnBouncer;
|
&& allowedOnBouncer && !isLockDown && !isEncrypted;
|
||||||
return shouldListen;
|
return shouldListen;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1928,9 +1934,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
|||||||
final boolean isLockDown =
|
final boolean isLockDown =
|
||||||
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
|
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW)
|
||||||
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
final boolean isEncryptedOrTimedOut =
|
final boolean isEncrypted =
|
||||||
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT)
|
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
||||||
|| containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);
|
final boolean isTimedOut =
|
||||||
|
containsFlag(strongAuth, STRONG_AUTH_REQUIRED_AFTER_TIMEOUT);
|
||||||
|
|
||||||
boolean canBypass = mKeyguardBypassController != null
|
boolean canBypass = mKeyguardBypassController != null
|
||||||
&& mKeyguardBypassController.canBypass();
|
&& mKeyguardBypassController.canBypass();
|
||||||
@@ -1939,10 +1946,9 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
|||||||
// TrustAgents or biometrics are keeping the device unlocked.
|
// TrustAgents or biometrics are keeping the device unlocked.
|
||||||
boolean becauseCannotSkipBouncer = !getUserCanSkipBouncer(user) || canBypass;
|
boolean becauseCannotSkipBouncer = !getUserCanSkipBouncer(user) || canBypass;
|
||||||
|
|
||||||
// Scan even when encrypted or timeout to show a preemptive bouncer when bypassing.
|
// Scan even when timeout to show a preemptive bouncer when bypassing.
|
||||||
// Lock-down mode shouldn't scan, since it is more explicit.
|
// Lock-down mode shouldn't scan, since it is more explicit.
|
||||||
boolean strongAuthAllowsScanning = (!isEncryptedOrTimedOut || canBypass && !mBouncer)
|
boolean strongAuthAllowsScanning = (!isTimedOut || canBypass && !mBouncer);
|
||||||
&& !isLockDown;
|
|
||||||
|
|
||||||
// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
|
// Only listen if this KeyguardUpdateMonitor belongs to the primary user. There is an
|
||||||
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
|
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
|
||||||
@@ -1952,7 +1958,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
|
|||||||
&& !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer
|
&& !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer
|
||||||
&& !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed
|
&& !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed
|
||||||
&& strongAuthAllowsScanning && mIsPrimaryUser
|
&& strongAuthAllowsScanning && mIsPrimaryUser
|
||||||
&& !mSecureCameraLaunched;
|
&& !mSecureCameraLaunched && !isLockDown && !isEncrypted;
|
||||||
|
|
||||||
// Aggregate relevant fields for debug logging.
|
// Aggregate relevant fields for debug logging.
|
||||||
if (DEBUG_FACE || DEBUG_SPEW) {
|
if (DEBUG_FACE || DEBUG_SPEW) {
|
||||||
|
|||||||
@@ -451,12 +451,6 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {
|
|||||||
verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
|
verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void requiresAuthentication_whenEncryptedKeyguard_andBypass() {
|
|
||||||
testStrongAuthExceptOnBouncer(
|
|
||||||
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void requiresAuthentication_whenTimeoutKeyguard_andBypass() {
|
public void requiresAuthentication_whenTimeoutKeyguard_andBypass() {
|
||||||
testStrongAuthExceptOnBouncer(
|
testStrongAuthExceptOnBouncer(
|
||||||
@@ -513,10 +507,20 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testIgnoresAuth_whenLockdown() {
|
public void testIgnoresAuth_whenLockdown() {
|
||||||
|
testIgnoresAuth(
|
||||||
|
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testIgnoresAuth_whenEncrypted() {
|
||||||
|
testIgnoresAuth(
|
||||||
|
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void testIgnoresAuth(int strongAuth) {
|
||||||
mKeyguardUpdateMonitor.dispatchStartedWakingUp();
|
mKeyguardUpdateMonitor.dispatchStartedWakingUp();
|
||||||
mTestableLooper.processAllMessages();
|
mTestableLooper.processAllMessages();
|
||||||
when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(
|
when(mStrongAuthTracker.getStrongAuthForUser(anyInt())).thenReturn(strongAuth);
|
||||||
KeyguardUpdateMonitor.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);
|
|
||||||
|
|
||||||
mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);
|
mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true);
|
||||||
verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
|
verify(mFaceManager, never()).authenticate(any(), any(), anyInt(), any(), any(), anyInt());
|
||||||
|
|||||||
Reference in New Issue
Block a user