4 files changed, 21 insertions, 4 deletions

diff --git a/core/java/android/hardware/biometrics/BiometricAuthenticator.java b/core/java/android/hardware/biometrics/BiometricAuthenticator.java
index c604ff167636..1734b41675e4 100644
--- a/core/java/android/hardware/biometrics/BiometricAuthenticator.java
+++ b/core/java/android/hardware/biometrics/BiometricAuthenticator.java
@@ -201,6 +201,10 @@ public interface BiometricAuthenticator {
         throw new UnsupportedOperationException("Stub!");
     }
 
+    default boolean hasEnrolledTemplates(int userId) {
+        throw new UnsupportedOperationException("Stub!");
+    }
+
     /**
      * This call warms up the hardware and starts scanning for valid biometrics. It terminates
      * when {@link AuthenticationCallback#onAuthenticationError(int,
diff --git a/core/java/android/hardware/face/FaceManager.java b/core/java/android/hardware/face/FaceManager.java
index 873a24a3b53b..7aec43ed4ca2 100644
--- a/core/java/android/hardware/face/FaceManager.java
+++ b/core/java/android/hardware/face/FaceManager.java
@@ -408,6 +408,7 @@ public class FaceManager implements BiometricAuthenticator, BiometricFaceConstan
     @RequiresPermission(allOf = {
             USE_BIOMETRIC_INTERNAL,
             INTERACT_ACROSS_USERS})
+    @Override
     public boolean hasEnrolledTemplates(int userId) {
         if (mService != null) {
             try {
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java
index a4f3ce1b9cce..bf2280d5c39a 100644
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -637,6 +637,14 @@ public class FingerprintManager implements BiometricAuthenticator, BiometricFing
     }
 
     /**
+     * @hide
+     */
+    @Override
+    public boolean hasEnrolledTemplates(int userId) {
+        return hasEnrolledFingerprints(userId);
+    }
+
+    /**
      * Determine if there is at least one fingerprint enrolled.
      *
      * @return true if at least one fingerprint is enrolled, false otherwise
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index 5eca48961b85..5e860a9f4ab5 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -260,7 +260,7 @@ public class BiometricService extends SystemService {
             final int callingUserId = UserHandle.getCallingUserId();
 
             mHandler.post(() -> {
-                final Pair<Integer, Integer> result = checkAndGetBiometricModality();
+                final Pair<Integer, Integer> result = checkAndGetBiometricModality(callingUserId);
                 final int modality = result.first;
                 final int error = result.second;
 
@@ -351,10 +351,11 @@ public class BiometricService extends SystemService {
             checkPermission();
             checkAppOp(opPackageName, Binder.getCallingUid());
 
+            final int userId = UserHandle.getCallingUserId();
             final long ident = Binder.clearCallingIdentity();
             int error;
             try {
-                final Pair<Integer, Integer> result = checkAndGetBiometricModality();
+                final Pair<Integer, Integer> result = checkAndGetBiometricModality(userId);
                 error = result.second;
             } finally {
                 Binder.restoreCallingIdentity(ident);
@@ -466,7 +467,7 @@ public class BiometricService extends SystemService {
      * {@link #BIOMETRIC_FINGERPRINT}, {@link #BIOMETRIC_IRIS}, {@link #BIOMETRIC_FACE}
      * and the error containing one of the {@link BiometricConstants} errors.
      */
-    private Pair<Integer, Integer> checkAndGetBiometricModality() {
+    private Pair<Integer, Integer> checkAndGetBiometricModality(int callingUid) {
         int modality = BIOMETRIC_NONE;
 
         // No biometric features, send error
@@ -495,9 +496,12 @@ public class BiometricService extends SystemService {
                     // order.
                     firstHwAvailable = modality;
                 }
-                if (authenticator.hasEnrolledTemplates()) {
+                if (authenticator.hasEnrolledTemplates(callingUid)) {
                     hasTemplatesEnrolled = true;
                     if (isEnabledForApp(modality)) {
+                        // TODO(b/110907543): When face settings (and other settings) have both a
+                        // user toggle as well as a work profile settings page, this needs to be
+                        // updated to reflect the correct setting.
                         enabledForApps = true;
                         break;
                     }