Merge "Merge "Generate challenge and reset lockout only if user has enrolled biometrics" into qt-dev am: c6dd30da9f" into qt-dev-plus-aosp

am: 18f4dfd31d Change-Id: Id0fd6cbf57e2408739f88f3fb2f50a5c6245b92b
author: Kevin Chyn <kchyn@google.com> 2019-05-14 22:08:06 -0700
committer: android-build-merger <android-build-merger@google.com> 2019-05-14 22:08:06 -0700
commit: 70982e393f0e56bc550e327f48b53f9cc6d25b64 (patch)
tree: d7b1eaa196c58b208c2021068933ebea9f8133a0
parent: 4c5e082dd38ef0479119c17cbf048d82a9dd9ebf (diff)
parent: 18f4dfd31df548071b5ea36266e927449ca025ee (diff)
3 files changed, 10 insertions, 9 deletions
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index 88919df04f00..b9a6a1020a77 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -760,7 +760,6 @@ public class BiometricService extends SystemService {
         @Override // Binder call
         public int canAuthenticate(String opPackageName) {
             checkPermission();
-            checkAppOp(opPackageName, Binder.getCallingUid());
 
             final int userId = UserHandle.getCallingUserId();
             final long ident = Binder.clearCallingIdentity();
@@ -833,9 +832,9 @@ public class BiometricService extends SystemService {
     }
 
     private void checkPermission() {
-        if (getContext().checkCallingPermission(USE_FINGERPRINT)
+        if (getContext().checkCallingOrSelfPermission(USE_FINGERPRINT)
                 != PackageManager.PERMISSION_GRANTED) {
-            getContext().enforceCallingPermission(USE_BIOMETRIC,
+            getContext().enforceCallingOrSelfPermission(USE_BIOMETRIC,
                     "Must have USE_BIOMETRIC permission");
         }
     }
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index c2125b0a997d..b246eb6d38bd 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -421,8 +421,9 @@ public class LockSettingsService extends ILockSettings.Stub {
                     new PasswordSlotManager());
         }
 
-        public boolean hasBiometrics() {
-            return BiometricManager.hasBiometrics(mContext);
+        public boolean hasEnrolledBiometrics() {
+            BiometricManager bm = mContext.getSystemService(BiometricManager.class);
+            return bm.canAuthenticate() == BiometricManager.BIOMETRIC_SUCCESS;
         }
 
         public int binderGetCallingUid() {
@@ -2502,7 +2503,8 @@ public class LockSettingsService extends ILockSettings.Stub {
         // TODO: When lockout is handled under the HAL for all biometrics (fingerprint),
         // we need to generate challenge for each one, have it signed by GK and reset lockout
         // for each modality.
-        if (!hasChallenge && pm.hasSystemFeature(PackageManager.FEATURE_FACE)) {
+        if (!hasChallenge && pm.hasSystemFeature(PackageManager.FEATURE_FACE)
+                && mInjector.hasEnrolledBiometrics()) {
             challenge = mContext.getSystemService(FaceManager.class).generateChallenge();
         }
 
@@ -2544,8 +2546,8 @@ public class LockSettingsService extends ILockSettings.Stub {
         if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) {
             notifyActivePasswordMetricsAvailable(credentialType, userCredential, userId);
             unlockKeystore(authResult.authToken.deriveKeyStorePassword(), userId);
-            // Reset lockout
-            if (mInjector.hasBiometrics()) {
+            // Reset lockout only if user has enrolled templates
+            if (mInjector.hasEnrolledBiometrics()) {
                 BiometricManager bm = mContext.getSystemService(BiometricManager.class);
                 Slog.i(TAG, "Resetting lockout, length: "
                         + authResult.gkResponse.getPayload().length);
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
index 10fb3ba938d4..19ed5f349abe 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
@@ -110,7 +110,7 @@ public class LockSettingsServiceTestable extends LockSettingsService {
         }
 
         @Override
-        public boolean hasBiometrics() {
+        public boolean hasEnrolledBiometrics() {
             return false;
         }
author	Kevin Chyn <kchyn@google.com>	2019-05-14 22:08:06 -0700
committer	android-build-merger <android-build-merger@google.com>	2019-05-14 22:08:06 -0700
commit	70982e393f0e56bc550e327f48b53f9cc6d25b64 (patch)
tree	d7b1eaa196c58b208c2021068933ebea9f8133a0
parent	4c5e082dd38ef0479119c17cbf048d82a9dd9ebf (diff)
parent	18f4dfd31df548071b5ea36266e927449ca025ee (diff)