Merge "Prevent fingerprint from bypassing work challenge" into oc-dev

2017-04-25 18:59:33 +00:00
parent db68ddc1cc 991ccc26d8
commit 24157209c5
3 changed files with 15 additions and 13 deletions
--- a/src/com/android/settings/ConfirmDeviceCredentialBaseFragment.java
+++ b/src/com/android/settings/ConfirmDeviceCredentialBaseFragment.java
@@ -68,8 +68,6 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
            PACKAGE + ".ConfirmCredentials.showWhenLocked";

    private FingerprintUiHelper mFingerprintHelper;
-    protected boolean mIsStrongAuthRequired;
-    private boolean mAllowFpAuthentication;
    protected boolean mReturnCredentials = false;
    protected Button mCancelButton;
    protected ImageView mFingerprintIcon;
@@ -83,8 +81,6 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
    @Override
    public void onCreate(@Nullable Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
-        mAllowFpAuthentication = getActivity().getIntent().getBooleanExtra(
-                ALLOW_FP_AUTHENTICATION, false);
        mReturnCredentials = getActivity().getIntent().getBooleanExtra(
                ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false);
        // Only take this argument into account if it belongs to the current profile.
@@ -133,23 +129,26 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
    // credential. Otherwise, fingerprint can't unlock fbe/keystore through
    // verifyTiedProfileChallenge. In such case, we also wanna show the user message that
    // fingerprint is disabled due to device restart.
-    private boolean isFingerprintDisallowedByStrongAuth() {
+    protected boolean isFingerprintDisallowedByStrongAuth() {
        return !(mLockPatternUtils.isFingerprintAllowedForUser(mEffectiveUserId)
                && mUserManager.isUserUnlocked(mUserId));
    }

+    private boolean isFingerprintAllowed() {
+        return !mReturnCredentials
+                && getActivity().getIntent().getBooleanExtra(ALLOW_FP_AUTHENTICATION, false)
+                && !isFingerprintDisallowedByStrongAuth()
+                && !isFingerprintDisabledByAdmin();
+    }
+
    @Override
    public void onResume() {
        super.onResume();
-        mIsStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
-        mAllowFpAuthentication = getActivity().getIntent().getBooleanExtra(
-                        ALLOW_FP_AUTHENTICATION, false)
-                && !isFingerprintDisabledByAdmin() && !mReturnCredentials && !mIsStrongAuthRequired;
        refreshLockScreen();
    }

    protected void refreshLockScreen() {
-        if (mAllowFpAuthentication) {
+        if (isFingerprintAllowed()) {
            mFingerprintHelper.startListening();
        } else {
            if (mFingerprintHelper.isListening()) {
--- a/src/com/android/settings/ConfirmLockPassword.java
+++ b/src/com/android/settings/ConfirmLockPassword.java
@@ -191,9 +191,10 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
        }

        private int getDefaultDetails() {
+            boolean isStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
            boolean isProfile = UserManager.get(getActivity()).isManagedProfile(mEffectiveUserId);
            // Map boolean flags to an index by isStrongAuth << 2 + isProfile << 1 + isAlpha.
-            int index = ((mIsStrongAuthRequired ? 1 : 0) << 2) + ((isProfile ? 1 : 0) << 1)
+            int index = ((isStrongAuthRequired ? 1 : 0) << 2) + ((isProfile ? 1 : 0) << 1)
                    + (mIsAlpha ? 1 : 0);
            return DETAIL_TEXTS[index];
        }
@@ -443,6 +444,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
                checkForPendingIntent();
            } else {
                if (timeoutMs > 0) {
+                    refreshLockScreen();
                    long deadline = mLockPatternUtils.setLockoutAttemptDeadline(
                            effectiveUserId, timeoutMs);
                    handleAttemptLockout(deadline);
--- a/src/com/android/settings/ConfirmLockPattern.java
+++ b/src/com/android/settings/ConfirmLockPattern.java
@@ -236,12 +236,13 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
        }

        private int getDefaultDetails() {
+            boolean isStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
            if (UserManager.get(getActivity()).isManagedProfile(mEffectiveUserId)) {
-                return mIsStrongAuthRequired
+                return isStrongAuthRequired
                        ? R.string.lockpassword_strong_auth_required_reason_restart_work_pattern
                        : R.string.lockpassword_confirm_your_pattern_generic_profile;
            } else {
-                return mIsStrongAuthRequired
+                return isStrongAuthRequired
                        ? R.string.lockpassword_strong_auth_required_reason_restart_device_pattern
                        : R.string.lockpassword_confirm_your_pattern_generic;
            }