PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Prevent fingerprint from bypassing work challenge" into oc-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2017-04-25 18:59:33 +00:00
committed by Android (Google) Code Review
parent db68ddc1cc 991ccc26d8
commit 24157209c5
3 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/com/android/settings/ConfirmDeviceCredentialBaseFragment.java
View File

@@ -68,8 +68,6 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
PACKAGE + ".ConfirmCredentials.showWhenLocked"; PACKAGE + ".ConfirmCredentials.showWhenLocked";
private FingerprintUiHelper mFingerprintHelper; private FingerprintUiHelper mFingerprintHelper;
protected boolean mIsStrongAuthRequired;
private boolean mAllowFpAuthentication;
protected boolean mReturnCredentials = false; protected boolean mReturnCredentials = false;
protected Button mCancelButton; protected Button mCancelButton;
protected ImageView mFingerprintIcon; protected ImageView mFingerprintIcon;
@@ -83,8 +81,6 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
@Override @Override
public void onCreate(@Nullable Bundle savedInstanceState) { public void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState); super.onCreate(savedInstanceState);
mAllowFpAuthentication = getActivity().getIntent().getBooleanExtra(
ALLOW_FP_AUTHENTICATION, false);
mReturnCredentials = getActivity().getIntent().getBooleanExtra( mReturnCredentials = getActivity().getIntent().getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false); ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false);
// Only take this argument into account if it belongs to the current profile. // Only take this argument into account if it belongs to the current profile.
@@ -133,23 +129,26 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
// credential. Otherwise, fingerprint can't unlock fbe/keystore through // credential. Otherwise, fingerprint can't unlock fbe/keystore through
// verifyTiedProfileChallenge. In such case, we also wanna show the user message that // verifyTiedProfileChallenge. In such case, we also wanna show the user message that
// fingerprint is disabled due to device restart. // fingerprint is disabled due to device restart.
private boolean isFingerprintDisallowedByStrongAuth() { protected boolean isFingerprintDisallowedByStrongAuth() {
return !(mLockPatternUtils.isFingerprintAllowedForUser(mEffectiveUserId) return !(mLockPatternUtils.isFingerprintAllowedForUser(mEffectiveUserId)
&& mUserManager.isUserUnlocked(mUserId)); && mUserManager.isUserUnlocked(mUserId));
} }
private boolean isFingerprintAllowed() {
return !mReturnCredentials
&& getActivity().getIntent().getBooleanExtra(ALLOW_FP_AUTHENTICATION, false)
&& !isFingerprintDisallowedByStrongAuth()
&& !isFingerprintDisabledByAdmin();
}
@Override @Override
public void onResume() { public void onResume() {
super.onResume(); super.onResume();
mIsStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
mAllowFpAuthentication = getActivity().getIntent().getBooleanExtra(
ALLOW_FP_AUTHENTICATION, false)
&& !isFingerprintDisabledByAdmin() && !mReturnCredentials && !mIsStrongAuthRequired;
refreshLockScreen(); refreshLockScreen();
} }
protected void refreshLockScreen() { protected void refreshLockScreen() {
if (mAllowFpAuthentication) { if (isFingerprintAllowed()) {
mFingerprintHelper.startListening(); mFingerprintHelper.startListening();
} else { } else {
if (mFingerprintHelper.isListening()) { if (mFingerprintHelper.isListening()) {

4
src/com/android/settings/ConfirmLockPassword.java
View File

@@ -191,9 +191,10 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
} }
private int getDefaultDetails() { private int getDefaultDetails() {
boolean isStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
boolean isProfile = UserManager.get(getActivity()).isManagedProfile(mEffectiveUserId); boolean isProfile = UserManager.get(getActivity()).isManagedProfile(mEffectiveUserId);
// Map boolean flags to an index by isStrongAuth << 2 + isProfile << 1 + isAlpha. // Map boolean flags to an index by isStrongAuth << 2 + isProfile << 1 + isAlpha.
int index = ((mIsStrongAuthRequired ? 1 : 0) << 2) + ((isProfile ? 1 : 0) << 1) int index = ((isStrongAuthRequired ? 1 : 0) << 2) + ((isProfile ? 1 : 0) << 1)
+ (mIsAlpha ? 1 : 0); + (mIsAlpha ? 1 : 0);
return DETAIL_TEXTS[index]; return DETAIL_TEXTS[index];
} }
@@ -443,6 +444,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
checkForPendingIntent(); checkForPendingIntent();
} else { } else {
if (timeoutMs > 0) { if (timeoutMs > 0) {
refreshLockScreen();
long deadline = mLockPatternUtils.setLockoutAttemptDeadline( long deadline = mLockPatternUtils.setLockoutAttemptDeadline(
effectiveUserId, timeoutMs); effectiveUserId, timeoutMs);
handleAttemptLockout(deadline); handleAttemptLockout(deadline);

5
src/com/android/settings/ConfirmLockPattern.java
View File

@@ -236,12 +236,13 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
} }
private int getDefaultDetails() { private int getDefaultDetails() {
boolean isStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
if (UserManager.get(getActivity()).isManagedProfile(mEffectiveUserId)) { if (UserManager.get(getActivity()).isManagedProfile(mEffectiveUserId)) {
return mIsStrongAuthRequired return isStrongAuthRequired
? R.string.lockpassword_strong_auth_required_reason_restart_work_pattern ? R.string.lockpassword_strong_auth_required_reason_restart_work_pattern
: R.string.lockpassword_confirm_your_pattern_generic_profile; : R.string.lockpassword_confirm_your_pattern_generic_profile;
} else { } else {
return mIsStrongAuthRequired return isStrongAuthRequired
? R.string.lockpassword_strong_auth_required_reason_restart_device_pattern ? R.string.lockpassword_strong_auth_required_reason_restart_device_pattern
: R.string.lockpassword_confirm_your_pattern_generic; : R.string.lockpassword_confirm_your_pattern_generic;
} }