From 873010dfeea11e0f9982c66ad9bdc990d055b129 Mon Sep 17 00:00:00 2001
From: Adrian Roos <roosa@google.com>
Date: Tue, 25 Aug 2015 15:59:00 -0700
Subject: [PATCH] Disable fingerprint after user lockout

Bug: 22677859
Change-Id: I38b918d2e40b5bb423f2e5c171fe65bed8d440a6
---
 core/java/com/android/internal/widget/LockPatternUtils.java | 6 ++++++
 .../core/java/com/android/server/LockSettingsService.java   | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index b3871f1091bf5..d24b10be9db28 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -1275,6 +1275,12 @@ public class LockPatternUtils {
          */
         public static final int SOME_AUTH_REQUIRED_AFTER_USER_REQUEST = 0x4;
 
+        /**
+         * Strong authentication is required because the user has been locked out after too many
+         * attempts.
+         */
+        public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8;
+
         public static final int DEFAULT = STRONG_AUTH_REQUIRED_AFTER_BOOT;
         private static final int ALLOWING_FINGERPRINT = SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;
 
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 005d6a4f24c00..f1d7da4ee629c 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -29,6 +29,8 @@ import android.content.pm.UserInfo;
 import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;
 import static android.content.Context.USER_SERVICE;
 import static android.Manifest.permission.READ_CONTACTS;
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
+
 import android.database.sqlite.SQLiteDatabase;
 import android.os.Binder;
 import android.os.IBinder;
@@ -664,6 +666,10 @@ public class LockSettingsService extends ILockSettings.Stub {
             if (shouldReEnroll) {
                 credentialUtil.setCredential(credential, credential, userId);
             }
+        } else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) {
+            if (response.getTimeout() > 0) {
+                requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId);
+            }
         }
 
         return response;