Merge "Reset fingerprint lockout timer when strong auth is used." into mnc-dr-dev

2015-08-18 23:12:18 +00:00
parent 358fcc795e e0507bbbf9
commit bea9d7b94c
6 changed files with 42 additions and 0 deletions
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -668,6 +668,25 @@ public class FingerprintManager {
        return 0;
    }

+    /**
+     * Reset the lockout timer when asked to do so by keyguard.
+     *
+     * @param token an opaque token returned by password confirmation.
+     *
+     * @hide
+     */
+    public void resetTimeout(byte[] token) {
+        if (mService != null) {
+            try {
+                mService.resetTimeout(token);
+            } catch (RemoteException e) {
+                Log.v(TAG, "Remote exception in getAuthenticatorId(): ", e);
+            }
+        } else {
+            Log.w(TAG, "getAuthenticatorId(): Service not connected!");
+        }
+    }
+
    private class MyHandler extends Handler {
        private MyHandler(Context context) {
            super(context.getMainLooper());
@@ -677,6 +696,7 @@ public class FingerprintManager {
            super(looper);
        }

+        @Override
        public void handleMessage(android.os.Message msg) {
            switch(msg.what) {
                case MSG_ENROLL_RESULT:
--- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
@@ -68,4 +68,7 @@ interface IFingerprintService {

    // Gets the authenticator ID for fingerprint
    long getAuthenticatorId(String opPackageName);
+
+    // Reset the timeout when user authenticates with strong auth (e.g. PIN, pattern or password)
+    void resetTimeout(in byte [] cryptoToken);
 }
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2465,6 +2465,10 @@
    <permission android:name="android.permission.MANAGE_FINGERPRINT"
        android:protectionLevel="system|signature" />

+    <!-- Allows an app to reset fingerprint attempt counter. Reserved for the system. @hide -->
+    <permission android:name="android.permission.RESET_FINGERPRINT_LOCKOUT"
+        android:protectionLevel="signature" />
+
    <!-- Allows an application to control keyguard.  Only allowed for system processes.
        @hide -->
    <permission android:name="android.permission.CONTROL_KEYGUARD"
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -578,6 +578,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
    public void reportSuccessfulStrongAuthUnlockAttempt() {
        mStrongAuthTimedOut.remove(sCurrentUser);
        scheduleStrongAuthTimeout();
+        if (mFpm != null) {
+            byte[] token = null; /* TODO: pass real auth token once fp HAL supports it */
+            mFpm.resetTimeout(token);
+        }
    }

    private void scheduleStrongAuthTimeout() {
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml
@@ -108,6 +108,7 @@
    <uses-permission android:name="android.permission.ACCESS_KEYGUARD_SECURE_STORAGE" />
    <uses-permission android:name="android.permission.TRUST_LISTENER" />
    <uses-permission android:name="android.permission.USE_FINGERPRINT" />
+    <uses-permission android:name="android.permission.RESET_FINGERPRINT_LOCKOUT" />

    <!-- Needed for WallpaperManager.clear in ImageWallpaper.updateWallpaperLocked -->
    <uses-permission android:name="android.permission.SET_WALLPAPER"/>
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -54,6 +54,7 @@ import android.hardware.fingerprint.IFingerprintServiceReceiver;
 import android.view.Display;

 import static android.Manifest.permission.MANAGE_FINGERPRINT;
+import static android.Manifest.permission.RESET_FINGERPRINT_LOCKOUT;
 import static android.Manifest.permission.USE_FINGERPRINT;

 import java.io.File;
@@ -255,6 +256,9 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
            Slog.v(TAG, "Reset fingerprint lockout");
        }
        mFailedAttempts = 0;
+        // If we're asked to reset failed attempts externally (i.e. from Keyguard), the runnable
+        // may still be in the queue; remove it.
+        mHandler.removeCallbacks(mLockoutReset);
    }

    private boolean handleFailedAttempt(ClientMonitor clientMonitor) {
@@ -878,6 +882,12 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
                Binder.restoreCallingIdentity(ident);
            }
        }
+        @Override // Binder call
+        public void resetTimeout(byte [] token) {
+            checkPermission(RESET_FINGERPRINT_LOCKOUT);
+            // TODO: confirm security token when we move timeout management into the HAL layer.
+            mLockoutReset.run();
+        }
    }

    private void dumpInternal(PrintWriter pw) {