diff options
3 files changed, 10 insertions, 9 deletions
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java index 88919df04f00..b9a6a1020a77 100644 --- a/services/core/java/com/android/server/biometrics/BiometricService.java +++ b/services/core/java/com/android/server/biometrics/BiometricService.java @@ -760,7 +760,6 @@ public class BiometricService extends SystemService { @Override // Binder call public int canAuthenticate(String opPackageName) { checkPermission(); - checkAppOp(opPackageName, Binder.getCallingUid()); final int userId = UserHandle.getCallingUserId(); final long ident = Binder.clearCallingIdentity(); @@ -833,9 +832,9 @@ public class BiometricService extends SystemService { } private void checkPermission() { - if (getContext().checkCallingPermission(USE_FINGERPRINT) + if (getContext().checkCallingOrSelfPermission(USE_FINGERPRINT) != PackageManager.PERMISSION_GRANTED) { - getContext().enforceCallingPermission(USE_BIOMETRIC, + getContext().enforceCallingOrSelfPermission(USE_BIOMETRIC, "Must have USE_BIOMETRIC permission"); } } diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index c2125b0a997d..b246eb6d38bd 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -421,8 +421,9 @@ public class LockSettingsService extends ILockSettings.Stub { new PasswordSlotManager()); } - public boolean hasBiometrics() { - return BiometricManager.hasBiometrics(mContext); + public boolean hasEnrolledBiometrics() { + BiometricManager bm = mContext.getSystemService(BiometricManager.class); + return bm.canAuthenticate() == BiometricManager.BIOMETRIC_SUCCESS; } public int binderGetCallingUid() { @@ -2502,7 +2503,8 @@ public class LockSettingsService extends ILockSettings.Stub { // TODO: When lockout is handled under the HAL for all biometrics (fingerprint), // we need to generate challenge for each one, have it signed by GK and reset lockout // for each modality. - if (!hasChallenge && pm.hasSystemFeature(PackageManager.FEATURE_FACE)) { + if (!hasChallenge && pm.hasSystemFeature(PackageManager.FEATURE_FACE) + && mInjector.hasEnrolledBiometrics()) { challenge = mContext.getSystemService(FaceManager.class).generateChallenge(); } @@ -2544,8 +2546,8 @@ public class LockSettingsService extends ILockSettings.Stub { if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { notifyActivePasswordMetricsAvailable(credentialType, userCredential, userId); unlockKeystore(authResult.authToken.deriveKeyStorePassword(), userId); - // Reset lockout - if (mInjector.hasBiometrics()) { + // Reset lockout only if user has enrolled templates + if (mInjector.hasEnrolledBiometrics()) { BiometricManager bm = mContext.getSystemService(BiometricManager.class); Slog.i(TAG, "Resetting lockout, length: " + authResult.gkResponse.getPayload().length); diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java index 10fb3ba938d4..19ed5f349abe 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java @@ -110,7 +110,7 @@ public class LockSettingsServiceTestable extends LockSettingsService { } @Override - public boolean hasBiometrics() { + public boolean hasEnrolledBiometrics() { return false; } |