Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 6f27127b: am 79d9219c: Merge "Only allow fingerprint auth for the current user" into mnc-dev

Browse Source 
* commit '6f27127b7c63422c1a805afd1adc46c7120e4046':
  Only allow fingerprint auth for the current user
This commit is contained in:
Jim Miller
2015-07-06 19:40:14 +00:00
committed by Android Git Automerger
parent 93be2e8562 6f27127b7c
commit f711aa386c
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
services/core/java/com/android/server/fingerprint/FingerprintService.java
View File

@@ -23,6 +23,7 @@ import android.app.IUserSwitchObserver;
import android.content.ContentResolver;
import android.content.Context;
import android.content.pm.PackageManager;
import android.content.pm.UserInfo;
import android.os.Binder;
import android.os.Environment;
import android.os.Handler;
@@ -36,6 +37,7 @@ import android.os.SELinux;
import android.os.ServiceManager;
import android.os.SystemClock;
import android.os.UserHandle;
import android.os.UserManager;
import android.util.Slog;
import com.android.server.SystemService;
@@ -418,9 +420,22 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
"Must have " + permission + " permission.");
}
boolean isCurrentUserOrProfile(int userId) {
UserManager um = UserManager.get(mContext);
// Allow current user or profiles of the current user...
List<UserInfo> profiles = um.getEnabledProfiles(userId);
final int n = profiles.size();
for (int i = 0; i < n; i++) {
if (profiles.get(i).id == userId) {
return true;
}
}
return false;
}
private boolean canUseFingerprint(String opPackageName) {
checkPermission(USE_FINGERPRINT);
return mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, Binder.getCallingUid(),
opPackageName) == AppOpsManager.MODE_ALLOWED;
}
@@ -664,8 +679,12 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
public void authenticate(final IBinder token, final long opId, final int groupId,
final IFingerprintServiceReceiver receiver, final int flags,
final String opPackageName) {
if (!isCurrentUserOrProfile(UserHandle.getCallingUserId())) {
Slog.w(TAG, "Can't authenticate non-current user");
return;
}
if (!canUseFingerprint(opPackageName)) {
Slog.w(TAG, "Calling not granted permission to use fingerprint");
return;
}
final boolean restricted = isRestricted();