am 5bc2a2c0: am d56892da: Merge "Disable fingerprint after user lockout" into mnc-dr-dev

* commit '5bc2a2c0ce2002f28147bba92abd4de40f8b7f3d':
  Disable fingerprint after user lockout

core/java/com/android/internal/widget/LockPatternUtils.java

@@ -1275,6 +1275,12 @@ public class LockPatternUtils {
          */
         public static final int SOME_AUTH_REQUIRED_AFTER_USER_REQUEST = 0x4;
 
+        /**
+         * Strong authentication is required because the user has been locked out after too many
+         * attempts.
+         */
+        public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8;
+
         public static final int DEFAULT = STRONG_AUTH_REQUIRED_AFTER_BOOT;
         private static final int ALLOWING_FINGERPRINT = SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;
 

services/core/java/com/android/server/LockSettingsService.java

@@ -29,6 +29,8 @@ import android.content.pm.UserInfo;
 import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;
 import static android.content.Context.USER_SERVICE;
 import static android.Manifest.permission.READ_CONTACTS;
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
+
 import android.database.sqlite.SQLiteDatabase;
 import android.os.Binder;
 import android.os.IBinder;
@@ -664,6 +666,10 @@ public class LockSettingsService extends ILockSettings.Stub {
             if (shouldReEnroll) {
                 credentialUtil.setCredential(credential, credential, userId);
             }
+        } else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) {
+            if (response.getTimeout() > 0) {
+                requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId);
+            }
         }
 
         return response;