Merge "Add attribution tags to FingerprintService" into tm-dev

author: Matt Gilbride <mattgilbride@google.com> 2022-03-31 14:24:03 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2022-03-31 14:24:03 +0000
commit: 336b6a15773fd76f91395d06d65cb3f52ab83b88 (patch)
tree: a795f6541ef8be9fae5ea0f94b69d95796e57711
parent: 8c13b43b855b4a11d5fdc5a62f31b10bac99ad6a (diff)
parent: f8d398ab113b751210ba8cc90d506f1c7821a25f (diff)
3 files changed, 89 insertions, 38 deletions
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java
index 29221b801ef6..6d2cdf3cfadc 100644
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -594,8 +594,16 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
                 mAuthenticationCallback = callback;
                 mCryptoObject = crypto;
                 final long operationId = crypto != null ? crypto.getOpId() : 0;
-                final long authId = mService.authenticate(mToken, operationId, sensorId, userId,
-                        mServiceReceiver, mContext.getOpPackageName(), ignoreEnrollmentState);
+                final long authId =
+                        mService.authenticate(
+                                mToken,
+                                operationId,
+                                sensorId,
+                                userId,
+                                mServiceReceiver,
+                                mContext.getOpPackageName(),
+                                mContext.getAttributionTag(),
+                                ignoreEnrollmentState);
                 if (cancel != null) {
                     cancel.setOnCancelListener(new OnAuthenticationCancelListener(authId));
                 }
@@ -838,7 +846,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
     public List<Fingerprint> getEnrolledFingerprints(int userId) {
         if (mService != null) try {
-            return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName());
+                return mService.getEnrolledFingerprints(
+                        userId, mContext.getOpPackageName(), mContext.getAttributionTag());
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
@@ -997,7 +1006,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
             INTERACT_ACROSS_USERS})
     public boolean hasEnrolledFingerprints(int userId) {
         if (mService != null) try {
-            return mService.hasEnrolledFingerprintsDeprecated(userId, mContext.getOpPackageName());
+                return mService.hasEnrolledFingerprintsDeprecated(
+                        userId, mContext.getOpPackageName(), mContext.getAttributionTag());
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
@@ -1021,7 +1031,8 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
 
         if (mService != null) {
             try {
-                return mService.isHardwareDetectedDeprecated(mContext.getOpPackageName());
+                return mService.isHardwareDetectedDeprecated(
+                        mContext.getOpPackageName(), mContext.getAttributionTag());
             } catch (RemoteException e) {
                 throw e.rethrowFromSystemServer();
             }
@@ -1331,7 +1342,11 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
 
     private void cancelAuthentication(long requestId) {
         if (mService != null) try {
-            mService.cancelAuthentication(mToken, mContext.getOpPackageName(), requestId);
+                mService.cancelAuthentication(
+                        mToken,
+                        mContext.getOpPackageName(),
+                        mContext.getAttributionTag(),
+                        requestId);
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
diff --git a/core/java/android/hardware/fingerprint/IFingerprintService.aidl b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
index 12114aa3fa33..d60bb6ef1543 100644
--- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
@@ -52,7 +52,7 @@ interface IFingerprintService {
     // permission. This is effectively deprecated, since it only comes through FingerprintManager
     // now. A requestId is returned that can be used to cancel this operation.
     long authenticate(IBinder token, long operationId, int sensorId, int userId,
-            IFingerprintServiceReceiver receiver, String opPackageName,
+            IFingerprintServiceReceiver receiver, String opPackageName, String attributionTag,
             boolean shouldIgnoreEnrollmentState);
 
     // Uses the fingerprint hardware to detect for the presence of a finger, without giving details
@@ -74,7 +74,7 @@ interface IFingerprintService {
     void startPreparedClient(int sensorId, int cookie);
 
     // Cancel authentication for the given requestId.
-    void cancelAuthentication(IBinder token, String opPackageName, long requestId);
+    void cancelAuthentication(IBinder token, String opPackageName, String attributionTag, long requestId);
 
     // Cancel finger detection for the given requestId.
     void cancelFingerprintDetect(IBinder token, String opPackageName, long requestId);
@@ -101,10 +101,10 @@ interface IFingerprintService {
     void rename(int fingerId, int userId, String name);
 
     // Get a list of enrolled fingerprints in the given userId.
-    List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName);
+    List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName, String attributionTag);
 
     // Determine if the HAL is loaded and ready. Meant to support the deprecated FingerprintManager APIs
-    boolean isHardwareDetectedDeprecated(String opPackageName);
+    boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag);
 
     // Determine if the specified HAL is loaded and ready
     boolean isHardwareDetected(int sensorId, String opPackageName);
@@ -116,7 +116,7 @@ interface IFingerprintService {
     void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, long challenge);
 
     // Determine if a user has at least one enrolled fingerprint. Meant to support the deprecated FingerprintManager APIs
-    boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName);
+    boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName, String attributionTag);
 
     // Determine if a user has at least one enrolled fingerprint.
     boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName);
diff --git a/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java b/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
index e8d8fb828542..5727ffc468df 100644
--- a/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
@@ -280,15 +280,26 @@ public class FingerprintService extends SystemService {
 
         @SuppressWarnings("deprecation")
         @Override // Binder call
-        public long authenticate(final IBinder token, final long operationId,
-                final int sensorId, final int userId, final IFingerprintServiceReceiver receiver,
-                final String opPackageName, boolean ignoreEnrollmentState) {
+        public long authenticate(
+                final IBinder token,
+                final long operationId,
+                final int sensorId,
+                final int userId,
+                final IFingerprintServiceReceiver receiver,
+                final String opPackageName,
+                final String attributionTag,
+                boolean ignoreEnrollmentState) {
             final int callingUid = Binder.getCallingUid();
             final int callingPid = Binder.getCallingPid();
             final int callingUserId = UserHandle.getCallingUserId();
 
-            if (!canUseFingerprint(opPackageName, true /* requireForeground */, callingUid,
-                    callingPid, callingUserId)) {
+            if (!canUseFingerprint(
+                    opPackageName,
+                    attributionTag,
+                    true /* requireForeground */,
+                    callingUid,
+                    callingPid,
+                    callingUserId)) {
                 Slog.w(TAG, "Authenticate rejecting package: " + opPackageName);
                 return -1;
             }
@@ -487,16 +498,23 @@ public class FingerprintService extends SystemService {
             provider.startPreparedClient(sensorId, cookie);
         }
 
-
         @Override // Binder call
-        public void cancelAuthentication(final IBinder token, final String opPackageName,
+        public void cancelAuthentication(
+                final IBinder token,
+                final String opPackageName,
+                final String attributionTag,
                 long requestId) {
             final int callingUid = Binder.getCallingUid();
             final int callingPid = Binder.getCallingPid();
             final int callingUserId = UserHandle.getCallingUserId();
 
-            if (!canUseFingerprint(opPackageName, true /* requireForeground */, callingUid,
-                    callingPid, callingUserId)) {
+            if (!canUseFingerprint(
+                    opPackageName,
+                    attributionTag,
+                    true /* requireForeground */,
+                    callingUid,
+                    callingPid,
+                    callingUserId)) {
                 Slog.w(TAG, "cancelAuthentication rejecting package: " + opPackageName);
                 return;
             }
@@ -645,9 +663,13 @@ public class FingerprintService extends SystemService {
         }
 
         @Override // Binder call
-        public boolean isHardwareDetectedDeprecated(String opPackageName) {
-            if (!canUseFingerprint(opPackageName, false /* foregroundOnly */,
-                    Binder.getCallingUid(), Binder.getCallingPid(),
+        public boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag) {
+            if (!canUseFingerprint(
+                    opPackageName,
+                    attributionTag,
+                    false /* foregroundOnly */,
+                    Binder.getCallingUid(),
+                    Binder.getCallingPid(),
                     UserHandle.getCallingUserId())) {
                 return false;
             }
@@ -696,9 +718,14 @@ public class FingerprintService extends SystemService {
         }
 
         @Override // Binder call
-        public List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName) {
-            if (!canUseFingerprint(opPackageName, false /* foregroundOnly */,
-                    Binder.getCallingUid(), Binder.getCallingPid(),
+        public List<Fingerprint> getEnrolledFingerprints(
+                int userId, String opPackageName, String attributionTag) {
+            if (!canUseFingerprint(
+                    opPackageName,
+                    attributionTag,
+                    false /* foregroundOnly */,
+                    Binder.getCallingUid(),
+                    Binder.getCallingPid(),
                     UserHandle.getCallingUserId())) {
                 return Collections.emptyList();
             }
@@ -711,9 +738,14 @@ public class FingerprintService extends SystemService {
         }
 
         @Override // Binder call
-        public boolean hasEnrolledFingerprintsDeprecated(int userId, String opPackageName) {
-            if (!canUseFingerprint(opPackageName, false /* foregroundOnly */,
-                    Binder.getCallingUid(), Binder.getCallingPid(),
+        public boolean hasEnrolledFingerprintsDeprecated(
+                int userId, String opPackageName, String attributionTag) {
+            if (!canUseFingerprint(
+                    opPackageName,
+                    attributionTag,
+                    false /* foregroundOnly */,
+                    Binder.getCallingUid(),
+                    Binder.getCallingPid(),
                     UserHandle.getCallingUserId())) {
                 return false;
             }
@@ -1093,12 +1125,15 @@ public class FingerprintService extends SystemService {
         return provider.second.getEnrolledFingerprints(provider.first, userId);
     }
 
-    /**
-     * Checks for public API invocations to ensure that permissions, etc are granted/correct.
-     */
+    /** Checks for public API invocations to ensure that permissions, etc are granted/correct. */
     @SuppressWarnings("BooleanMethodIsAlwaysInverted")
-    private boolean canUseFingerprint(String opPackageName, boolean requireForeground, int uid,
-            int pid, int userId) {
+    private boolean canUseFingerprint(
+            String opPackageName,
+            String attributionTag,
+            boolean requireForeground,
+            int uid,
+            int pid,
+            int userId) {
         if (getContext().checkCallingPermission(USE_FINGERPRINT)
                 != PackageManager.PERMISSION_GRANTED) {
             Utils.checkPermission(getContext(), USE_BIOMETRIC);
@@ -1114,7 +1149,7 @@ public class FingerprintService extends SystemService {
             Slog.w(TAG, "Rejecting " + opPackageName + "; not a current user or profile");
             return false;
         }
-        if (!checkAppOps(uid, opPackageName)) {
+        if (!checkAppOps(uid, opPackageName, attributionTag)) {
             Slog.w(TAG, "Rejecting " + opPackageName + "; permission denied");
             return false;
         }
@@ -1125,12 +1160,13 @@ public class FingerprintService extends SystemService {
         return true;
     }
 
-    private boolean checkAppOps(int uid, String opPackageName) {
+    private boolean checkAppOps(int uid, String opPackageName, String attributionTag) {
         boolean appOpsOk = false;
-        if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName)
+        if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName, attributionTag, null)
                 == AppOpsManager.MODE_ALLOWED) {
             appOpsOk = true;
-        } else if (mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName)
+        } else if (mAppOps.noteOp(
+                        AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName, attributionTag, null)
                 == AppOpsManager.MODE_ALLOWED) {
             appOpsOk = true;
         }
author	Matt Gilbride <mattgilbride@google.com>	2022-03-31 14:24:03 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2022-03-31 14:24:03 +0000
commit	336b6a15773fd76f91395d06d65cb3f52ab83b88 (patch)
tree	a795f6541ef8be9fae5ea0f94b69d95796e57711
parent	8c13b43b855b4a11d5fdc5a62f31b10bac99ad6a (diff)
parent	f8d398ab113b751210ba8cc90d506f1c7821a25f (diff)