From f603aea110803cca3f342f8e1001658a4abea990 Mon Sep 17 00:00:00 2001 From: Joe Bolinger Date: Thu, 24 Jun 2021 14:49:45 -0700 Subject: [PATCH] Delay framework lockout request until all biometrics report lockout. Fix: 186492600 Test: atest KeyguardUpdateMonitorTest Test: manual (force face lockout and verify fingerprint works) Change-Id: I1fd7eeb57fd9174de37de3ab07ae625c7dbb639e --- .../keyguard/KeyguardUpdateMonitor.java | 29 +++++++++++--- .../keyguard/KeyguardUpdateMonitorTest.java | 39 +++++++++++++++++++ 2 files changed, 62 insertions(+), 6 deletions(-) diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java index 38f8f7ac321f7..96652db054898 100644 --- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java +++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java @@ -778,8 +778,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab } if (msgId == FingerprintManager.FINGERPRINT_ERROR_LOCKOUT_PERMANENT) { - mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, - getCurrentUser()); + mFingerprintLockedOutPermanent = true; + requireStrongAuthIfAllLockedOut(); } if (msgId == FingerprintManager.FINGERPRINT_ERROR_LOCKOUT @@ -800,6 +800,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab private void handleFingerprintLockoutReset() { mFingerprintLockedOut = false; + mFingerprintLockedOutPermanent = false; updateFingerprintListeningState(); } @@ -960,8 +961,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab } if (msgId == FaceManager.FACE_ERROR_LOCKOUT_PERMANENT) { - mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, - getCurrentUser()); + mFaceLockedOutPermanent = true; + requireStrongAuthIfAllLockedOut(); } for (int i = 0; i < mCallbacks.size(); i++) { @@ -974,6 +975,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab } private void handleFaceLockoutReset() { + mFaceLockedOutPermanent = false; updateFaceListeningState(); } @@ -1049,6 +1051,18 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab || isSimPinSecure()); } + private void requireStrongAuthIfAllLockedOut() { + final boolean faceLock = + mFaceLockedOutPermanent || !shouldListenForFace(); + final boolean fpLock = + mFingerprintLockedOutPermanent || !shouldListenForFingerprint(isUdfpsEnrolled()); + + if (faceLock && fpLock) { + Log.d(TAG, "All biometrics locked out - requiring strong auth"); + mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, + getCurrentUser()); + } + } public boolean getUserCanSkipBouncer(int userId) { return getUserHasTrust(userId) || getUserUnlockedWithBiometric(userId); @@ -1332,7 +1346,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab handleFingerprintAuthenticated(userId, isStrongBiometric); }; - private final FingerprintManager.AuthenticationCallback mFingerprintAuthenticationCallback + @VisibleForTesting + final FingerprintManager.AuthenticationCallback mFingerprintAuthenticationCallback = new AuthenticationCallback() { @Override @@ -1380,7 +1395,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab }; @VisibleForTesting - FaceManager.AuthenticationCallback mFaceAuthenticationCallback + final FaceManager.AuthenticationCallback mFaceAuthenticationCallback = new FaceManager.AuthenticationCallback() { @Override @@ -1417,6 +1432,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab private FaceManager mFaceManager; private List mFaceSensorProperties; private boolean mFingerprintLockedOut; + private boolean mFingerprintLockedOutPermanent; + private boolean mFaceLockedOutPermanent; private TelephonyManager mTelephonyManager; /** diff --git a/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java b/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java index 3d4da270dd448..365679274369e 100644 --- a/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java +++ b/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java @@ -637,6 +637,45 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase { verify(mFaceManager, never()).authenticate(any(), any(), any(), any()); } + @Test + public void testFaceAndFingerprintLockout_onlyFace() { + mKeyguardUpdateMonitor.dispatchStartedWakingUp(); + mTestableLooper.processAllMessages(); + mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true); + + mKeyguardUpdateMonitor.mFaceAuthenticationCallback + .onAuthenticationError(FaceManager.FACE_ERROR_LOCKOUT_PERMANENT, ""); + + verify(mLockPatternUtils, never()).requireStrongAuth(anyInt(), anyInt()); + } + + @Test + public void testFaceAndFingerprintLockout_onlyFingerprint() { + mKeyguardUpdateMonitor.dispatchStartedWakingUp(); + mTestableLooper.processAllMessages(); + mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true); + + mKeyguardUpdateMonitor.mFingerprintAuthenticationCallback + .onAuthenticationError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT_PERMANENT, ""); + + verify(mLockPatternUtils, never()).requireStrongAuth(anyInt(), anyInt()); + } + + + @Test + public void testFaceAndFingerprintLockout() { + mKeyguardUpdateMonitor.dispatchStartedWakingUp(); + mTestableLooper.processAllMessages(); + mKeyguardUpdateMonitor.onKeyguardVisibilityChanged(true); + + mKeyguardUpdateMonitor.mFaceAuthenticationCallback + .onAuthenticationError(FaceManager.FACE_ERROR_LOCKOUT_PERMANENT, ""); + mKeyguardUpdateMonitor.mFingerprintAuthenticationCallback + .onAuthenticationError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT_PERMANENT, ""); + + verify(mLockPatternUtils).requireStrongAuth(anyInt(), anyInt()); + } + @Test public void testGetUserCanSkipBouncer_whenFace() { int user = KeyguardUpdateMonitor.getCurrentUser();