Fix back navigation in biometric enrollment.
Using the back buttons can cause a crash in at least two cases. Skipping face enrollment and then starting/stopping any enrollment can lead to an invalid token and failed HAT request. Backing out of the activity and restarting it can also lead to using a stale token that fails. Fix: 179336333 Test: manual on device Change-Id: I0c1133e4c3d9c97997043ddc9374aa3cfc4f1c97
This commit is contained in:
Joe Bolinger
@@ -211,8 +211,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
|
||||
case REQUEST_CHOOSE_LOCK:
|
||||
mConfirmingCredentials = false;
|
||||
if (resultCode == ChooseLockPattern.RESULT_FINISHED) {
|
||||
mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);
|
||||
startMultiBiometricEnroll();
|
||||
startMultiBiometricEnroll(data);
|
||||
} else {
|
||||
Log.d(TAG, "Unknown result for chooseLock: " + resultCode);
|
||||
setResult(resultCode);
|
||||
@@ -222,8 +221,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
|
||||
case REQUEST_CONFIRM_LOCK:
|
||||
mConfirmingCredentials = false;
|
||||
if (resultCode == RESULT_OK) {
|
||||
mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);
|
||||
startMultiBiometricEnroll();
|
||||
startMultiBiometricEnroll(data);
|
||||
} else {
|
||||
Log.d(TAG, "Unknown result for confirmLock: " + resultCode);
|
||||
finish();
|
||||
@@ -283,7 +281,8 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
|
||||
}
|
||||
}
|
||||
|
||||
private void startMultiBiometricEnroll() {
|
||||
private void startMultiBiometricEnroll(Intent data) {
|
||||
mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);
|
||||
mMultiBiometricEnrollHelper = new MultiBiometricEnrollHelper(this, mUserId,
|
||||
mIsFaceEnrollable, mIsFingerprintEnrollable, mGkPwHandle);
|
||||
mMultiBiometricEnrollHelper.startNextStep();
|
||||
|
||||
@@ -33,6 +33,7 @@ import androidx.annotation.Nullable;
|
||||
import androidx.fragment.app.FragmentActivity;
|
||||
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.VerifyCredentialResponse;
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.SetupWizardUtils;
|
||||
import com.android.settings.biometrics.fingerprint.FingerprintEnrollFindSensor;
|
||||
@@ -72,8 +73,12 @@ public class BiometricUtils {
|
||||
public static byte[] requestGatekeeperHat(@NonNull Context context, long gkPwHandle, int userId,
|
||||
long challenge) {
|
||||
final LockPatternUtils utils = new LockPatternUtils(context);
|
||||
return utils.verifyGatekeeperPasswordHandle(gkPwHandle, challenge, userId)
|
||||
.getGatekeeperHAT();
|
||||
final VerifyCredentialResponse response = utils.verifyGatekeeperPasswordHandle(gkPwHandle,
|
||||
challenge, userId);
|
||||
if (!response.isMatched()) {
|
||||
throw new IllegalStateException("Unable to request Gatekeeper HAT");
|
||||
}
|
||||
return response.getGatekeeperHAT();
|
||||
}
|
||||
|
||||
public static boolean containsGatekeeperPasswordHandle(@Nullable Intent data) {
|
||||
@@ -190,7 +195,7 @@ public class BiometricUtils {
|
||||
hardwareAuthToken);
|
||||
}
|
||||
if (gkPwHandle != null) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, gkPwHandle);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, (long) gkPwHandle);
|
||||
}
|
||||
|
||||
if (activity instanceof BiometricEnrollActivity.InternalActivity) {
|
||||
|
||||
@@ -77,12 +77,14 @@ public class MultiBiometricEnrollHelper {
|
||||
|
||||
if (mRequestEnrollFingerprint) {
|
||||
// Give FaceEnroll a pendingIntent pointing to fingerprint enrollment, so that it
|
||||
// can be started when user skips or finishes face enrollment.
|
||||
// can be started when user skips or finishes face enrollment. FLAG_UPDATE_CURRENT
|
||||
// ensures it is launched with the most recent values.
|
||||
final Intent fpIntent = BiometricUtils.getFingerprintIntroIntent(mActivity,
|
||||
mActivity.getIntent());
|
||||
fpIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, mGkPwHandle);
|
||||
final PendingIntent fpAfterFaceIntent = PendingIntent.getActivity(mActivity,
|
||||
0 /* requestCode */, fpIntent, PendingIntent.FLAG_IMMUTABLE);
|
||||
0 /* requestCode */, fpIntent,
|
||||
PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT);
|
||||
faceIntent.putExtra(EXTRA_ENROLL_AFTER_FACE, fpAfterFaceIntent);
|
||||
}
|
||||
|
||||
|
||||
@@ -114,9 +114,6 @@ public class FaceEnrollIntroduction extends BiometricEnrollIntroduction {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
|
||||
mSensorId = sensorId;
|
||||
mChallenge = challenge;
|
||||
if (BiometricUtils.isMultiBiometricEnrollmentFlow(this)) {
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());
|
||||
}
|
||||
mFooterBarMixin.getPrimaryButton().setEnabled(true);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -85,7 +85,6 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase implements
|
||||
mChallenge = challenge;
|
||||
mSensorId = sensorId;
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());
|
||||
|
||||
// Put this into the intent. This is really just to work around the fact that the
|
||||
// enrollment sidecar gets the HAT from the activity's intent, rather than having
|
||||
|
||||
Reference in New Issue
Block a user