From 397ee8b5635711b80a7455a230cbfce5c84ce725 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Tue, 17 Mar 2020 16:34:26 +0000 Subject: [PATCH] Do not reset incorrect password attempts after biometric authentication For work challenges, do not reset incorrect password attempts if challenge is resolved via biometric authentication. This is the behaviour for personal keyguard and work challenge should be consistent. Bug: 139438785 Test: manual: enroll work challenge with fingerprint, set failed wipe count (3) via TestDPC and attempt two failed attempts (via cmd lock_settings). Resolve work challenge with fingerprint and attempt one last failed attempt. Verify work profiel is wiped. Change-Id: Ic64d3e44f3faa5adf8ac43db09e33c8403427990 --- .../android/settings/password/BiometricFragment.java | 7 +++++++ .../password/ConfirmDeviceCredentialActivity.java | 12 ++++++++++-- .../password/ConfirmDeviceCredentialUtils.java | 9 +++++++-- .../settings/password/ConfirmLockPassword.java | 3 ++- .../settings/password/ConfirmLockPattern.java | 3 ++- 5 files changed, 28 insertions(+), 6 deletions(-) diff --git a/src/com/android/settings/password/BiometricFragment.java b/src/com/android/settings/password/BiometricFragment.java index bc0e5c75231..7e783227362 100644 --- a/src/com/android/settings/password/BiometricFragment.java +++ b/src/com/android/settings/password/BiometricFragment.java @@ -70,6 +70,13 @@ public class BiometricFragment extends InstrumentedFragment { }); cleanup(); } + + @Override + public void onAuthenticationFailed() { + mClientExecutor.execute(() -> { + mClientCallback.onAuthenticationFailed(); + }); + } }; private final DialogInterface.OnClickListener mNegativeButtonListener = diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java index 83368f95e0f..220b64929ad 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java @@ -111,6 +111,7 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity { }); private AuthenticationCallback mAuthenticationCallback = new AuthenticationCallback() { + @Override public void onAuthenticationError(int errorCode, @NonNull CharSequence errString) { if (!mGoingToBackground) { if (errorCode == BiometricPrompt.BIOMETRIC_ERROR_USER_CANCELED @@ -123,17 +124,24 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity { } } + @Override public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { mTrustManager.setDeviceLockedForUser(mUserId, false); - + final boolean isStrongAuth = result.getAuthenticationType() + == BiometricPrompt.AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL; ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils, mUserManager, - mUserId); + mDevicePolicyManager, mUserId, isStrongAuth); ConfirmDeviceCredentialUtils.checkForPendingIntent( ConfirmDeviceCredentialActivity.this); setResult(Activity.RESULT_OK); finish(); } + + @Override + public void onAuthenticationFailed() { + mDevicePolicyManager.reportFailedBiometricAttempt(mUserId); + } }; private String getStringForError(int errorCode) { diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java index 11d69246206..a5febebc198 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java @@ -20,6 +20,7 @@ import android.app.Activity; import android.app.ActivityManager; import android.app.ActivityOptions; import android.app.IActivityManager; +import android.app.admin.DevicePolicyManager; import android.content.Intent; import android.content.IntentSender; import android.os.RemoteException; @@ -54,8 +55,12 @@ public class ConfirmDeviceCredentialUtils { } public static void reportSuccessfulAttempt(LockPatternUtils utils, UserManager userManager, - int userId) { - utils.reportSuccessfulPasswordAttempt(userId); + DevicePolicyManager dpm, int userId, boolean isStrongAuth) { + if (isStrongAuth) { + utils.reportSuccessfulPasswordAttempt(userId); + } else { + dpm.reportSuccessfulBiometricAttempt(userId); + } if (userManager.isManagedProfile(userId)) { // Keyguard is responsible to disable StrongAuth for primary user. Disable StrongAuth // for work challenge only here. diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java index ce8813ffbad..260919dbcee 100644 --- a/src/com/android/settings/password/ConfirmLockPassword.java +++ b/src/com/android/settings/password/ConfirmLockPassword.java @@ -475,7 +475,8 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity { if (matched) { if (newResult) { ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils, - mUserManager, mEffectiveUserId); + mUserManager, mDevicePolicyManager, mEffectiveUserId, + /* isStrongAuth */ true); } startDisappearAnimation(intent); ConfirmDeviceCredentialUtils.checkForPendingIntent(getActivity()); diff --git a/src/com/android/settings/password/ConfirmLockPattern.java b/src/com/android/settings/password/ConfirmLockPattern.java index b2afb22da96..06f3d93d3c8 100644 --- a/src/com/android/settings/password/ConfirmLockPattern.java +++ b/src/com/android/settings/password/ConfirmLockPattern.java @@ -509,7 +509,8 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity { if (matched) { if (newResult) { ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils, - mUserManager, mEffectiveUserId); + mUserManager, mDevicePolicyManager, mEffectiveUserId, + /* isStrongAuth */ true); } startDisappearAnimation(intent); ConfirmDeviceCredentialUtils.checkForPendingIntent(getActivity());