Biometric phenotype updates

1) Always update strength after registerAuthenticator. Otherwise the flag will not be applied (e.g. after reboot) 2) Add strings for onAuthenticationError Bug: 148419762 Test: manual Test: atest BiometricServiceTest Change-Id: Ia20a91e401d6753b55d6aa4a36d487fc15465ba5
author: Kevin Chyn <kchyn@google.com> 2020-02-11 14:39:02 -0800
committer: Kevin Chyn <kchyn@google.com> 2020-02-12 14:54:31 -0800
commit: eab9fe1560dc1ed6474fe51247e584cad520460c (patch)
tree: 5925a7bc376381041468ac873e78c8377504ff2b
parent: 98e9225f19dc0dad5990043faa3f32ed82c48254 (diff)
7 files changed, 45 insertions, 15 deletions
diff --git a/core/java/android/hardware/face/FaceManager.java b/core/java/android/hardware/face/FaceManager.java
index 55ebe285af1e..4ab1a9135689 100644
--- a/core/java/android/hardware/face/FaceManager.java
+++ b/core/java/android/hardware/face/FaceManager.java
@@ -629,6 +629,9 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan
                 return context.getString(com.android.internal.R.string.face_error_not_enrolled);
             case FACE_ERROR_HW_NOT_PRESENT:
                 return context.getString(com.android.internal.R.string.face_error_hw_not_present);
+            case BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED:
+                return context.getString(
+                        com.android.internal.R.string.face_error_security_update_required);
             case FACE_ERROR_VENDOR: {
                 String[] msgArray = context.getResources().getStringArray(
                         com.android.internal.R.array.face_error_vendor);
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java
index ff9d14510d4b..c3bc460480cc 100644
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -967,6 +967,9 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
             case FINGERPRINT_ERROR_HW_NOT_PRESENT:
                 return context.getString(
                         com.android.internal.R.string.fingerprint_error_hw_not_present);
+            case BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED:
+                return context.getString(
+                        com.android.internal.R.string.fingerprint_error_security_update_required);
             case FINGERPRINT_ERROR_VENDOR: {
                     String[] msgArray = context.getResources().getStringArray(
                             com.android.internal.R.array.fingerprint_error_vendor);
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index a54566cfed17..2336794c8319 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -1473,6 +1473,8 @@
     <string name="fingerprint_error_no_fingerprints">No fingerprints enrolled.</string>
     <!-- Generic error message shown when the app requests fingerprint authentication on a device without a sensor -->
     <string name="fingerprint_error_hw_not_present">This device does not have a fingerprint sensor.</string>
+    <!-- Generic error message shown when fingerprint is not available due to a security vulnerability. [CHAR LIMIT=50] -->
+    <string name="fingerprint_error_security_update_required">Sensor temporarily disabled.</string>
 
     <!-- Template to be used to name enrolled fingerprints by default. -->
     <string name="fingerprint_name_template">Finger <xliff:g id="fingerId" example="1">%d</xliff:g></string>
@@ -1564,6 +1566,8 @@
     <string name="face_error_not_enrolled">You haven\u2019t set up face unlock.</string>
     <!-- Generic error message shown when the app requests face unlock on a device without a sensor. [CHAR LIMIT=61] -->
     <string name="face_error_hw_not_present">Face unlock is not supported on this device.</string>
+    <!-- Generic error message shown when face unlock is not available due to a security vulnerability. [CHAR LIMIT=50] -->
+    <string name="face_error_security_update_required">Sensor temporarily disabled.</string>
 
     <!-- Template to be used to name enrolled faces by default. [CHAR LIMIT=10] -->
     <string name="face_name_template">Face <xliff:g id="faceId" example="1">%d</xliff:g></string>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index c59d25f10b0b..a26b20f343e0 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -2446,6 +2446,7 @@
   <java-symbol type="string" name="fingerprint_authenticated" />
   <java-symbol type="string" name="fingerprint_error_no_fingerprints" />
   <java-symbol type="string" name="fingerprint_error_hw_not_present" />
+  <java-symbol type="string" name="fingerprint_error_security_update_required" />
 
   <!-- Fingerprint config -->
   <java-symbol type="integer" name="config_fingerprintMaxTemplatesPerUser"/>
@@ -2490,6 +2491,7 @@
   <java-symbol type="string" name="face_name_template" />
   <java-symbol type="string" name="face_authenticated_no_confirmation_required" />
   <java-symbol type="string" name="face_authenticated_confirmation_required" />
+  <java-symbol type="string" name="face_error_security_update_required" />
 
   <java-symbol type="array" name="config_biometric_sensors" />
 
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index ed1174062cad..86d94fdcf9fe 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -812,6 +812,8 @@ public class BiometricService extends SystemService {
             }
 
             mAuthenticators.add(new AuthenticatorWrapper(id, modality, strength, authenticator));
+
+            mBiometricStrengthController.updateStrengths();
         }
 
         @Override // Binder call
diff --git a/services/core/java/com/android/server/biometrics/BiometricStrengthController.java b/services/core/java/com/android/server/biometrics/BiometricStrengthController.java
index 4e16189e3ad1..ca7ca5b7cbcc 100644
--- a/services/core/java/com/android/server/biometrics/BiometricStrengthController.java
+++ b/services/core/java/com/android/server/biometrics/BiometricStrengthController.java
@@ -29,7 +29,7 @@ import java.util.Map;
  * Class for maintaining and updating the strengths for biometric sensors. Strengths can only
  * be downgraded from the device's default, and never upgraded.
  */
-public class BiometricStrengthController implements DeviceConfig.OnPropertiesChangedListener {
+public class BiometricStrengthController {
     private static final String TAG = "BiometricStrengthController";
 
     private final BiometricService mService;
@@ -41,7 +41,7 @@ public class BiometricStrengthController implements DeviceConfig.OnPropertiesCha
      * "id1:strength1,id2:strength2,id3:strength3"
      *
      * where strength is one of the values defined in
-     * {@link android.hardware.biometrics.Authenticators}
+     * {@link android.hardware.biometrics.BiometricManager.Authenticators}
      *
      * Both id and strength should be int, otherwise Exception will be thrown when parsing and the
      * downgrade will fail.
@@ -53,30 +53,28 @@ public class BiometricStrengthController implements DeviceConfig.OnPropertiesCha
      */
     public static final String DEFAULT_BIOMETRIC_STRENGTHS = null;
 
-    BiometricStrengthController(@NonNull BiometricService service) {
-        mService = service;
-    }
-
-    void startListening() {
-        DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_BIOMETRICS,
-                BackgroundThread.getExecutor(), this);
-        updateStrengths();
-    }
-
-    @Override
-    public void onPropertiesChanged(@NonNull DeviceConfig.Properties properties) {
+    private DeviceConfig.OnPropertiesChangedListener mDeviceConfigListener = properties -> {
         for (String name : properties.getKeyset()) {
             if (KEY_BIOMETRIC_STRENGTHS.equals(name)) {
                 updateStrengths();
             }
         }
+    };
+
+    public BiometricStrengthController(@NonNull BiometricService service) {
+        mService = service;
+    }
+
+    public void startListening() {
+        DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_BIOMETRICS,
+                BackgroundThread.getExecutor(), mDeviceConfigListener);
     }
 
     /**
      * Updates the strengths of authenticators in BiometricService if a matching ID's configuration
      * has been changed.
      */
-    private void updateStrengths() {
+    public void updateStrengths() {
         final Map<Integer, Integer> idToStrength = getIdToStrengthMap();
         if (idToStrength == null) {
             return;
diff --git a/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java b/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java
index e5adb80e6ef9..fc25dee122fe 100644
--- a/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/biometrics/BiometricServiceTest.java
@@ -1095,6 +1095,24 @@ public class BiometricServiceTest {
     }
 
     @Test
+    public void testRegisterAuthenticator_updatesStrengths() throws Exception {
+        mBiometricService = new BiometricService(mContext, mInjector);
+        mBiometricService.onStart();
+
+        verify(mBiometricService.mBiometricStrengthController).startListening();
+        verify(mBiometricService.mBiometricStrengthController, never()).updateStrengths();
+
+        when(mFingerprintAuthenticator.hasEnrolledTemplates(anyInt(), any()))
+                .thenReturn(true);
+        when(mFingerprintAuthenticator.isHardwareDetected(any())).thenReturn(true);
+        mBiometricService.mImpl.registerAuthenticator(0 /* testId */,
+                BiometricAuthenticator.TYPE_FINGERPRINT, Authenticators.BIOMETRIC_STRONG,
+                mFingerprintAuthenticator);
+
+        verify(mBiometricService.mBiometricStrengthController).updateStrengths();
+    }
+
+    @Test
     public void testWithDowngradedAuthenticator() throws Exception {
         mBiometricService = new BiometricService(mContext, mInjector);
         mBiometricService.onStart();
author	Kevin Chyn <kchyn@google.com>	2020-02-11 14:39:02 -0800
committer	Kevin Chyn <kchyn@google.com>	2020-02-12 14:54:31 -0800
commit	eab9fe1560dc1ed6474fe51247e584cad520460c (patch)
tree	5925a7bc376381041468ac873e78c8377504ff2b
parent	98e9225f19dc0dad5990043faa3f32ed82c48254 (diff)