diff options
| author | 2015-08-19 01:43:12 +0000 | |
|---|---|---|
| committer | 2015-08-19 01:43:12 +0000 | |
| commit | 849b9e58d6775a393f7d86a6305b658c6af9d16f (patch) | |
| tree | 8a0e68085d59722a210330bb2e3d9a5598a39409 | |
| parent | fc010d00f3d98e0fa35e9dc32f8c07354b12cbb7 (diff) | |
| parent | ce6fb7bba967a9b33e5d3afe60fff66c5b2ca034 (diff) | |
am ce6fb7bb: am 7ef77271: am bea9d7b9: Merge "Reset fingerprint lockout timer when strong auth is used." into mnc-dr-dev
* commit 'ce6fb7bba967a9b33e5d3afe60fff66c5b2ca034':
Reset fingerprint lockout timer when strong auth is used.
6 files changed, 42 insertions, 0 deletions
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java index ee3704704425..061fad96ed25 100644 --- a/core/java/android/hardware/fingerprint/FingerprintManager.java +++ b/core/java/android/hardware/fingerprint/FingerprintManager.java @@ -668,6 +668,25 @@ public class FingerprintManager { return 0; } + /** + * Reset the lockout timer when asked to do so by keyguard. + * + * @param token an opaque token returned by password confirmation. + * + * @hide + */ + public void resetTimeout(byte[] token) { + if (mService != null) { + try { + mService.resetTimeout(token); + } catch (RemoteException e) { + Log.v(TAG, "Remote exception in getAuthenticatorId(): ", e); + } + } else { + Log.w(TAG, "getAuthenticatorId(): Service not connected!"); + } + } + private class MyHandler extends Handler { private MyHandler(Context context) { super(context.getMainLooper()); @@ -677,6 +696,7 @@ public class FingerprintManager { super(looper); } + @Override public void handleMessage(android.os.Message msg) { switch(msg.what) { case MSG_ENROLL_RESULT: diff --git a/core/java/android/hardware/fingerprint/IFingerprintService.aidl b/core/java/android/hardware/fingerprint/IFingerprintService.aidl index 5e233b87343e..33563549b2ba 100644 --- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl +++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl @@ -68,4 +68,7 @@ interface IFingerprintService { // Gets the authenticator ID for fingerprint long getAuthenticatorId(String opPackageName); + + // Reset the timeout when user authenticates with strong auth (e.g. PIN, pattern or password) + void resetTimeout(in byte [] cryptoToken); } diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index ec98aba3f5db..03bc9c604527 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2472,6 +2472,10 @@ <permission android:name="android.permission.MANAGE_FINGERPRINT" android:protectionLevel="system|signature" /> + <!-- Allows an app to reset fingerprint attempt counter. Reserved for the system. @hide --> + <permission android:name="android.permission.RESET_FINGERPRINT_LOCKOUT" + android:protectionLevel="signature" /> + <!-- Allows an application to control keyguard. Only allowed for system processes. @hide --> <permission android:name="android.permission.CONTROL_KEYGUARD" diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java index 0a3fd05f5ee2..eddee7bbad79 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java +++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java @@ -578,6 +578,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { public void reportSuccessfulStrongAuthUnlockAttempt() { mStrongAuthTimedOut.remove(sCurrentUser); scheduleStrongAuthTimeout(); + if (mFpm != null) { + byte[] token = null; /* TODO: pass real auth token once fp HAL supports it */ + mFpm.resetTimeout(token); + } } private void scheduleStrongAuthTimeout() { diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml index 677ab91a012f..372fa037eecf 100644 --- a/packages/SystemUI/AndroidManifest.xml +++ b/packages/SystemUI/AndroidManifest.xml @@ -108,6 +108,7 @@ <uses-permission android:name="android.permission.ACCESS_KEYGUARD_SECURE_STORAGE" /> <uses-permission android:name="android.permission.TRUST_LISTENER" /> <uses-permission android:name="android.permission.USE_FINGERPRINT" /> + <uses-permission android:name="android.permission.RESET_FINGERPRINT_LOCKOUT" /> <!-- Needed for WallpaperManager.clear in ImageWallpaper.updateWallpaperLocked --> <uses-permission android:name="android.permission.SET_WALLPAPER"/> diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java index 17607ff1ce8c..befa3116bc8c 100644 --- a/services/core/java/com/android/server/fingerprint/FingerprintService.java +++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java @@ -54,6 +54,7 @@ import android.hardware.fingerprint.IFingerprintServiceReceiver; import android.view.Display; import static android.Manifest.permission.MANAGE_FINGERPRINT; +import static android.Manifest.permission.RESET_FINGERPRINT_LOCKOUT; import static android.Manifest.permission.USE_FINGERPRINT; import java.io.File; @@ -255,6 +256,9 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe Slog.v(TAG, "Reset fingerprint lockout"); } mFailedAttempts = 0; + // If we're asked to reset failed attempts externally (i.e. from Keyguard), the runnable + // may still be in the queue; remove it. + mHandler.removeCallbacks(mLockoutReset); } private boolean handleFailedAttempt(ClientMonitor clientMonitor) { @@ -878,6 +882,12 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe Binder.restoreCallingIdentity(ident); } } + @Override // Binder call + public void resetTimeout(byte [] token) { + checkPermission(RESET_FINGERPRINT_LOCKOUT); + // TODO: confirm security token when we move timeout management into the HAL layer. + mLockoutReset.run(); + } } private void dumpInternal(PrintWriter pw) { |