diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java index 0a2e5fe804d..eede22ac868 100644 --- a/src/com/android/settings/biometrics/BiometricEnrollActivity.java +++ b/src/com/android/settings/biometrics/BiometricEnrollActivity.java @@ -211,8 +211,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { case REQUEST_CHOOSE_LOCK: mConfirmingCredentials = false; if (resultCode == ChooseLockPattern.RESULT_FINISHED) { - mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data); - startMultiBiometricEnroll(); + startMultiBiometricEnroll(data); } else { Log.d(TAG, "Unknown result for chooseLock: " + resultCode); setResult(resultCode); @@ -222,8 +221,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { case REQUEST_CONFIRM_LOCK: mConfirmingCredentials = false; if (resultCode == RESULT_OK) { - mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data); - startMultiBiometricEnroll(); + startMultiBiometricEnroll(data); } else { Log.d(TAG, "Unknown result for confirmLock: " + resultCode); finish(); @@ -283,7 +281,8 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } } - private void startMultiBiometricEnroll() { + private void startMultiBiometricEnroll(Intent data) { + mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data); mMultiBiometricEnrollHelper = new MultiBiometricEnrollHelper(this, mUserId, mIsFaceEnrollable, mIsFingerprintEnrollable, mGkPwHandle); mMultiBiometricEnrollHelper.startNextStep(); diff --git a/src/com/android/settings/biometrics/BiometricUtils.java b/src/com/android/settings/biometrics/BiometricUtils.java index e12badfd860..9de81054dca 100644 --- a/src/com/android/settings/biometrics/BiometricUtils.java +++ b/src/com/android/settings/biometrics/BiometricUtils.java @@ -33,6 +33,7 @@ import androidx.annotation.Nullable; import androidx.fragment.app.FragmentActivity; import com.android.internal.widget.LockPatternUtils; +import com.android.internal.widget.VerifyCredentialResponse; import com.android.settings.R; import com.android.settings.SetupWizardUtils; import com.android.settings.biometrics.fingerprint.FingerprintEnrollFindSensor; @@ -72,8 +73,12 @@ public class BiometricUtils { public static byte[] requestGatekeeperHat(@NonNull Context context, long gkPwHandle, int userId, long challenge) { final LockPatternUtils utils = new LockPatternUtils(context); - return utils.verifyGatekeeperPasswordHandle(gkPwHandle, challenge, userId) - .getGatekeeperHAT(); + final VerifyCredentialResponse response = utils.verifyGatekeeperPasswordHandle(gkPwHandle, + challenge, userId); + if (!response.isMatched()) { + throw new IllegalStateException("Unable to request Gatekeeper HAT"); + } + return response.getGatekeeperHAT(); } public static boolean containsGatekeeperPasswordHandle(@Nullable Intent data) { @@ -190,7 +195,7 @@ public class BiometricUtils { hardwareAuthToken); } if (gkPwHandle != null) { - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, gkPwHandle); + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, (long) gkPwHandle); } if (activity instanceof BiometricEnrollActivity.InternalActivity) { diff --git a/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java b/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java index 7d3be878e83..018c81539fc 100644 --- a/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java +++ b/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java @@ -77,12 +77,14 @@ public class MultiBiometricEnrollHelper { if (mRequestEnrollFingerprint) { // Give FaceEnroll a pendingIntent pointing to fingerprint enrollment, so that it - // can be started when user skips or finishes face enrollment. + // can be started when user skips or finishes face enrollment. FLAG_UPDATE_CURRENT + // ensures it is launched with the most recent values. final Intent fpIntent = BiometricUtils.getFingerprintIntroIntent(mActivity, mActivity.getIntent()); fpIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, mGkPwHandle); final PendingIntent fpAfterFaceIntent = PendingIntent.getActivity(mActivity, - 0 /* requestCode */, fpIntent, PendingIntent.FLAG_IMMUTABLE); + 0 /* requestCode */, fpIntent, + PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT); faceIntent.putExtra(EXTRA_ENROLL_AFTER_FACE, fpAfterFaceIntent); } diff --git a/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java b/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java index 9110292b2b3..4129fa58a43 100644 --- a/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java +++ b/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java @@ -114,9 +114,6 @@ public class FaceEnrollIntroduction extends BiometricEnrollIntroduction { mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge); mSensorId = sensorId; mChallenge = challenge; - if (BiometricUtils.isMultiBiometricEnrollmentFlow(this)) { - BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent()); - } mFooterBarMixin.getPrimaryButton().setEnabled(true); }); } diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java b/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java index 69624ab50bf..db03a3d1efc 100644 --- a/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java +++ b/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java @@ -85,7 +85,6 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase implements mChallenge = challenge; mSensorId = sensorId; mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge); - BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent()); // Put this into the intent. This is really just to work around the fact that the // enrollment sidecar gets the HAT from the activity's intent, rather than having