Add sensorId to IFingerprintService#authenticate

Adds permission-protected sensorId parameter for internal clients. Fixes: 173046031 Test: atest KeyguardUpdateMonitorTest Change-Id: I5ccea9f55ae0d541fc381a24549695b32b797ef6
author: Kevin Chyn <kchyn@google.com> 2020-11-16 15:15:00 -0800
committer: Kevin Chyn <kchyn@google.com> 2020-11-16 16:12:10 -0800
commit: 8fa1280e2d710cde352d3fee07c0568e99f734e7 (patch)
tree: 109d5c420ad85799f0681c784add443c6e1a92a7
parent: 1baf2aa687cb74b93ce44a485e3fd80a5dfa1ab8 (diff)
5 files changed, 44 insertions, 10 deletions
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java
index 51e0eba1ec23..a4e573876218 100644
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -24,6 +24,7 @@ import static android.Manifest.permission.USE_BIOMETRIC;
 import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;
 import static android.Manifest.permission.USE_FINGERPRINT;
 
+import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.RequiresFeature;
@@ -55,6 +56,8 @@ import android.security.identity.IdentityCredential;
 import android.util.Slog;
 import android.view.Surface;
 
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 import java.security.Signature;
 import java.util.ArrayList;
 import java.util.List;
@@ -87,6 +90,19 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
     private static final int MSG_CHALLENGE_GENERATED = 106;
     private static final int MSG_FINGERPRINT_DETECTED = 107;
 
+    /**
+     * Request authentication with any single sensor.
+     * @hide
+     */
+    public static final int SENSOR_ID_ANY = -1;
+
+    /**
+     * @hide
+     */
+    @IntDef({SENSOR_ID_ANY})
+    @Retention(RetentionPolicy.SOURCE)
+    public @interface SensorId {}
+
     private IFingerprintService mService;
     private Context mContext;
     private IBinder mToken = new Binder();
@@ -461,15 +477,23 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
     }
 
     /**
-     * Per-user version, see {@link FingerprintManager#authenticate(CryptoObject,
-     * CancellationSignal, int, AuthenticationCallback, Handler)}. This version does not
-     * display the BiometricPrompt.
-     * @param userId the user ID that the fingerprint hardware will authenticate for.
+     * Per-user version of authenticate.
      * @hide
      */
     @RequiresPermission(anyOf = {USE_BIOMETRIC, USE_FINGERPRINT})
     public void authenticate(@Nullable CryptoObject crypto, @Nullable CancellationSignal cancel,
             @NonNull AuthenticationCallback callback, Handler handler, int userId) {
+        authenticate(crypto, cancel, callback, handler, SENSOR_ID_ANY, userId);
+    }
+
+    /**
+     * Per-user and per-sensor version of authenticate.
+     * @hide
+     */
+    @RequiresPermission(anyOf = {USE_BIOMETRIC, USE_FINGERPRINT})
+    public void authenticate(@Nullable CryptoObject crypto, @Nullable CancellationSignal cancel,
+            @NonNull AuthenticationCallback callback, Handler handler, @SensorId int sensorId,
+            int userId) {
         if (callback == null) {
             throw new IllegalArgumentException("Must supply an authentication callback");
         }
@@ -489,7 +513,7 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
                 mAuthenticationCallback = callback;
                 mCryptoObject = crypto;
                 final long operationId = crypto != null ? crypto.getOpId() : 0;
-                mService.authenticate(mToken, operationId, userId, mServiceReceiver,
+                mService.authenticate(mToken, operationId, sensorId, userId, mServiceReceiver,
                         mContext.getOpPackageName());
             } catch (RemoteException e) {
                 Slog.w(TAG, "Remote exception while authenticating: ", e);
diff --git a/core/java/android/hardware/fingerprint/IFingerprintService.aidl b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
index 2128d67f80ae..355ef6a1232c 100644
--- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
@@ -40,7 +40,7 @@ interface IFingerprintService {
     // Authenticate the given sessionId with a fingerprint. This is protected by
     // USE_FINGERPRINT/USE_BIOMETRIC permission. This is effectively deprecated, since it only comes
     // through FingerprintManager now.
-    void authenticate(IBinder token, long operationId, int userId,
+    void authenticate(IBinder token, long operationId, int sensorId, int userId,
             IFingerprintServiceReceiver receiver, String opPackageName);
 
     // Uses the fingerprint hardware to detect for the presence of a finger, without giving details
diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
index 42680e663849..767afa78b935 100644
--- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -2141,7 +2141,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener, Dumpab
                         userId);
             } else {
                 mFpm.authenticate(null /* crypto */, mFingerprintCancelSignal,
-                        mFingerprintAuthenticationCallback, null /* handler */, userId);
+                        mFingerprintAuthenticationCallback, null /* handler */,
+                        FingerprintManager.SENSOR_ID_ANY, userId);
             }
             setFingerprintRunningState(BIOMETRIC_STATE_RUNNING);
         }
diff --git a/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java b/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java
index 51cbff8f309b..36baf68d8af6 100644
--- a/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java
+++ b/packages/SystemUI/tests/src/com/android/keyguard/KeyguardUpdateMonitorTest.java
@@ -448,7 +448,7 @@ public class KeyguardUpdateMonitorTest extends SysuiTestCase {
         mKeyguardUpdateMonitor.dispatchStartedGoingToSleep(0 /* why */);
         mTestableLooper.processAllMessages();
 
-        verify(mFingerprintManager).authenticate(any(), any(), any(), any(), anyInt());
+        verify(mFingerprintManager).authenticate(any(), any(), any(), any(), anyInt(), anyInt());
         verify(mFingerprintManager, never()).detectFingerprint(any(), any(), anyInt());
     }
 
diff --git a/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java b/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
index b84d0958e426..614eed35ca22 100644
--- a/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/biometrics/sensors/fingerprint/FingerprintService.java
@@ -40,6 +40,7 @@ import android.hardware.biometrics.ITestSession;
 import android.hardware.biometrics.fingerprint.IFingerprint;
 import android.hardware.biometrics.fingerprint.SensorProps;
 import android.hardware.fingerprint.Fingerprint;
+import android.hardware.fingerprint.FingerprintManager;
 import android.hardware.fingerprint.FingerprintSensorPropertiesInternal;
 import android.hardware.fingerprint.IFingerprintClientActiveCallback;
 import android.hardware.fingerprint.IFingerprintService;
@@ -185,8 +186,10 @@ public class FingerprintService extends SystemService implements BiometricServic
             provider.second.cancelEnrollment(provider.first, token);
         }
 
+        @SuppressWarnings("deprecation")
         @Override // Binder call
-        public void authenticate(final IBinder token, final long operationId, final int userId,
+        public void authenticate(final IBinder token, final long operationId,
+                @FingerprintManager.SensorId final int sensorId, final int userId,
                 final IFingerprintServiceReceiver receiver, final String opPackageName) {
             final int callingUid = Binder.getCallingUid();
             final int callingPid = Binder.getCallingPid();
@@ -221,7 +224,13 @@ public class FingerprintService extends SystemService implements BiometricServic
             final int statsClient = isKeyguard ? BiometricsProtoEnums.CLIENT_KEYGUARD
                     : BiometricsProtoEnums.CLIENT_FINGERPRINT_MANAGER;
 
-            final Pair<Integer, ServiceProvider> provider = getSingleProvider();
+            final Pair<Integer, ServiceProvider> provider;
+            if (sensorId == FingerprintManager.SENSOR_ID_ANY) {
+                provider = getSingleProvider();
+            } else {
+                Utils.checkPermission(getContext(), USE_BIOMETRIC_INTERNAL);
+                provider = new Pair<>(sensorId, getProviderForSensor(sensorId));
+            }
             if (provider == null) {
                 Slog.w(TAG, "Null provider for authenticate");
                 return;
author	Kevin Chyn <kchyn@google.com>	2020-11-16 15:15:00 -0800
committer	Kevin Chyn <kchyn@google.com>	2020-11-16 16:12:10 -0800
commit	8fa1280e2d710cde352d3fee07c0568e99f734e7 (patch)
tree	109d5c420ad85799f0681c784add443c6e1a92a7
parent	1baf2aa687cb74b93ce44a485e3fd80a5dfa1ab8 (diff)