diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index b3871f1091bf5..d24b10be9db28 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -1275,6 +1275,12 @@ public class LockPatternUtils { */ public static final int SOME_AUTH_REQUIRED_AFTER_USER_REQUEST = 0x4; + /** + * Strong authentication is required because the user has been locked out after too many + * attempts. + */ + public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8; + public static final int DEFAULT = STRONG_AUTH_REQUIRED_AFTER_BOOT; private static final int ALLOWING_FINGERPRINT = SOME_AUTH_REQUIRED_AFTER_USER_REQUEST; diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index 005d6a4f24c00..f1d7da4ee629c 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -29,6 +29,8 @@ import android.content.pm.UserInfo; import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE; import static android.content.Context.USER_SERVICE; import static android.Manifest.permission.READ_CONTACTS; +import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT; + import android.database.sqlite.SQLiteDatabase; import android.os.Binder; import android.os.IBinder; @@ -664,6 +666,10 @@ public class LockSettingsService extends ILockSettings.Stub { if (shouldReEnroll) { credentialUtil.setCredential(credential, credential, userId); } + } else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) { + if (response.getTimeout() > 0) { + requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId); + } } return response;