Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Log strength of auth method used into security log

Browse Source 
As approved by Android Security team, added logging of
strength of auth method as well as logging of fingerprint
keyguard actions.

Bug: 26841997
Change-Id: Ic8e3f125f775a7585fe56003f4c6442390edea61
This commit is contained in:
Michal Karpinski
2016-02-09 15:43:41 +00:00
parent 00a6750d37
commit ed5c8f0216
6 changed files with 94 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
core/java/android/app/admin/DevicePolicyManager.java
View File

@@ -3022,14 +3022,40 @@ public class DevicePolicyManager {
}
}
/**
* @hide
*/
public void reportFailedFingerprintAttempt(int userHandle) {
if (mService != null) {
try {
mService.reportFailedFingerprintAttempt(userHandle);
} catch (RemoteException e) {
Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);
}
}
}
/**
* @hide
*/
public void reportSuccessfulFingerprintAttempt(int userHandle) {
if (mService != null) {
try {
mService.reportSuccessfulFingerprintAttempt(userHandle);
} catch (RemoteException e) {
Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);
}
}
}
/**
* Should be called when keyguard has been dismissed.
* @hide
*/
public void reportKeyguardDismissed() {
public void reportKeyguardDismissed(int userHandle) {
if (mService != null) {
try {
mService.reportKeyguardDismissed();
mService.reportKeyguardDismissed(userHandle);
} catch (RemoteException e) {
Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);
}
@@ -3040,10 +3066,10 @@ public class DevicePolicyManager {
* Should be called when keyguard view has been shown to the user.
* @hide
*/
public void reportKeyguardSecured() {
public void reportKeyguardSecured(int userHandle) {
if (mService != null) {
try {
mService.reportKeyguardSecured();
mService.reportKeyguardSecured(userHandle);
} catch (RemoteException e) {
Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);
}

7
core/java/android/app/admin/IDevicePolicyManager.aidl
View File

@@ -116,9 +116,10 @@ interface IDevicePolicyManager {
int numbers, int symbols, int nonletter, int userHandle);
void reportFailedPasswordAttempt(int userHandle);
void reportSuccessfulPasswordAttempt(int userHandle);
void reportKeyguardDismissed();
void reportKeyguardSecured();
void reportFailedFingerprintAttempt(int userHandle);
void reportSuccessfulFingerprintAttempt(int userHandle);
void reportKeyguardDismissed(int userHandle);
void reportKeyguardSecured(int userHandle);
boolean setDeviceOwner(in ComponentName who, String ownerName, int userId);
ComponentName getDeviceOwnerComponent(boolean callingUserOnly);

6
core/java/android/auditing/SecurityLog.java
View File

@@ -77,8 +77,10 @@ public class SecurityLog {
SecurityLogTags.SECURITY_KEYGUARD_DISMISSED;
/**
* Indicate that there has been an authentication attempt to dismiss the keyguard. The log entry
* contains the attempt result (integer, 1 for successful, 0 for unsuccessful), accessible via
* {@link SecurityEvent#getData()}}
* contains the following information about the attempt in order, accessible via
* {@link SecurityEvent#getData()}}: attempt result (integer, 1 for successful, 0 for
* unsuccessful), strength of auth method (integer, 1 if strong auth method was used,
* 0 otherwise)
*/
public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT =
SecurityLogTags.SECURITY_KEYGUARD_DISMISS_AUTH_ATTEMPT;

2
core/java/android/auditing/SecurityLogTags.logtags
View File

@@ -8,5 +8,5 @@ option java_package android.auditing
210004 security_adb_sync_send (path|3)
210005 security_app_process_start (process|3),(start_time|2|3),(uid|1),(pid|1),(seinfo|3),(sha256|3)
210006 security_keyguard_dismissed
210007 security_keyguard_dismiss_auth_attempt (success|1)
210007 security_keyguard_dismiss_auth_attempt (success|1),(method_strength|1)
210008 security_keyguard_secured

27
packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
View File

@@ -475,6 +475,23 @@ public class KeyguardViewMediator extends SystemUI {
break;
}
}
@Override
public void onFingerprintAuthFailed() {
final int currentUser = KeyguardUpdateMonitor.getCurrentUser();
if (mLockPatternUtils.isSecure(currentUser)) {
mLockPatternUtils.getDevicePolicyManager().reportFailedFingerprintAttempt(
currentUser);
}
}
@Override
public void onFingerprintAuthenticated(int userId) {
if (mLockPatternUtils.isSecure(userId)) {
mLockPatternUtils.getDevicePolicyManager().reportSuccessfulFingerprintAttempt(
userId);
}
}
};
ViewMediatorCallback mViewMediatorCallback = new ViewMediatorCallback() {
@@ -1370,8 +1387,9 @@ public class KeyguardViewMediator extends SystemUI {
* @see #KEYGUARD_DONE
*/
private void handleKeyguardDone(boolean authenticated) {
if (mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) {
mLockPatternUtils.getDevicePolicyManager().reportKeyguardDismissed();
final int currentUser = KeyguardUpdateMonitor.getCurrentUser();
if (mLockPatternUtils.isSecure(currentUser)) {
mLockPatternUtils.getDevicePolicyManager().reportKeyguardDismissed(currentUser);
}
if (DEBUG) Log.d(TAG, "handleKeyguardDone");
synchronized (this) {
@@ -1484,8 +1502,9 @@ public class KeyguardViewMediator extends SystemUI {
* @see #SHOW
*/
private void handleShow(Bundle options) {
if (mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) {
mLockPatternUtils.getDevicePolicyManager().reportKeyguardSecured();
final int currentUser = KeyguardUpdateMonitor.getCurrentUser();
if (mLockPatternUtils.isSecure(currentUser)) {
mLockPatternUtils.getDevicePolicyManager().reportKeyguardSecured(currentUser);
}
synchronized (KeyguardViewMediator.this) {
if (!mSystemReady) {

36
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -4486,7 +4486,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
if (mInjector.securityLogIsLoggingEnabled()) {
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0);
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0,
/*method strength*/ 1);
}
}
@@ -4516,23 +4517,50 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
if (mInjector.securityLogIsLoggingEnabled()) {
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1);
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1,
/*method strength*/ 1);
}
}
@Override
public void reportKeyguardDismissed() {
public void reportFailedFingerprintAttempt(int userHandle) {
enforceFullCrossUsersPermission(userHandle);
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
if (mInjector.securityLogIsLoggingEnabled()) {
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0,
/*method strength*/ 0);
}
}
@Override
public void reportSuccessfulFingerprintAttempt(int userHandle) {
enforceFullCrossUsersPermission(userHandle);
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
if (mInjector.securityLogIsLoggingEnabled()) {
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1,
/*method strength*/ 0);
}
}
@Override
public void reportKeyguardDismissed(int userHandle) {
enforceFullCrossUsersPermission(userHandle);
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
if (mInjector.securityLogIsLoggingEnabled()) {
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED);
}
}
@Override
public void reportKeyguardSecured() {
public void reportKeyguardSecured(int userHandle) {
enforceFullCrossUsersPermission(userHandle);
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
if (mInjector.securityLogIsLoggingEnabled()) {
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED);
}