summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Kevin Chyn <kchyn@google.com> 2020-07-20 11:25:46 -0700
committer Kevin Chyn <kchyn@google.com> 2020-07-20 11:25:46 -0700
commitc4bbfd14a128cb3572e5db3872659c04b8202639 (patch)
tree0146552104ce00deb6972a03baef23ecb392bf2f
parentd24084e95a9ff52a8c4a384dcce9bbf0d301bf6a (diff)
Clear identity when checking strongauth flags
Fixes: 161557889 Fixes: 161566755 Test: atest FingerprintManagerTest Test: AccessibilityFingerprintGestureTest#testGestureDetectionListener_whenAuthenticationStartsAndStops_calledBack Merged-In: Icb273fc0cf2ce1891550130539c0b2e6e788b533 Change-Id: I9ebed8adc401fc745f581c8e0fe38c3790dd5fb6
Diffstat
-rw-r--r--services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java23
1 files changed, 16 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
index a53fe47e4d3f..a90fee6788a8 100644
--- a/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/biometrics/fingerprint/FingerprintService.java
@@ -247,13 +247,22 @@ public class FingerprintService extends BiometricServiceBase {
public void authenticate(final IBinder token, final long opId, final int userId,
final IFingerprintServiceReceiver receiver, final int flags,
final String opPackageName) {
- if (Utils.isUserEncryptedOrLockdown(mLockPatternUtils, userId)
- && Utils.isKeyguard(getContext(), opPackageName)) {
- // If this happens, something in KeyguardUpdateMonitor is wrong.
- // SafetyNet for b/79776455
- EventLog.writeEvent(0x534e4554, "79776455");
- Slog.e(TAG, "Authenticate invoked when user is encrypted or lockdown");
- return;
+ // Keyguard check must be done on the caller's binder identity, since it also checks
+ // permission.
+ final boolean isKeyguard = Utils.isKeyguard(getContext(), opPackageName);
+
+ // Clear calling identity when checking LockPatternUtils for StrongAuth flags.
+ final long identity = Binder.clearCallingIdentity();
+ try {
+ if (isKeyguard && Utils.isUserEncryptedOrLockdown(mLockPatternUtils, userId)) {
+ // If this happens, something in KeyguardUpdateMonitor is wrong.
+ // SafetyNet for b/79776455
+ EventLog.writeEvent(0x534e4554, "79776455");
+ Slog.e(TAG, "Authenticate invoked when user is encrypted or lockdown");
+ return;
+ }
+ } finally {
+ Binder.restoreCallingIdentity(identity);
}
updateActiveGroup(userId, opPackageName);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-10 13:39:26 +0000