From e9e48a5b95fedd1d7c00b8fcb3ba9798f2260404 Mon Sep 17 00:00:00 2001 From: Dmitry Dementyev Date: Mon, 13 Mar 2023 12:49:44 -0700 Subject: [PATCH] Return GK_PW_HANDLE after remote LSKF verification. Handle is returned when LSKF is set after successful verification. It is used by SUW to add biometrics without asking for LSKF. Bug: 272807192 Test: manual Change-Id: I3fe6ed7fd6401421090ccd684509dfede9106076 --- .../biometrics/BiometricEnrollActivity.java | 5 +++++ .../password/ChooseLockSettingsHelper.java | 2 +- .../password/ConfirmDeviceCredentialActivity.java | 3 +++ .../settings/password/ConfirmLockPassword.java | 14 ++++++++++++-- .../settings/password/ConfirmLockPattern.java | 14 ++++++++++++-- 5 files changed, 33 insertions(+), 5 deletions(-) diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java index e63a754e3e3..56c9e89cfe8 100644 --- a/src/com/android/settings/biometrics/BiometricEnrollActivity.java +++ b/src/com/android/settings/biometrics/BiometricEnrollActivity.java @@ -132,6 +132,11 @@ public class BiometricEnrollActivity extends InstrumentedActivity { if (BiometricUtils.containsGatekeeperPasswordHandle(getIntent())) { mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(getIntent()); } + } else if (WizardManagerHelper.isAnySetupWizard(getIntent())) { + if (BiometricUtils.containsGatekeeperPasswordHandle(getIntent())) { + mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(getIntent()); + } + } if (savedInstanceState != null) { diff --git a/src/com/android/settings/password/ChooseLockSettingsHelper.java b/src/com/android/settings/password/ChooseLockSettingsHelper.java index 020b725f5ad..45d973d2262 100644 --- a/src/com/android/settings/password/ChooseLockSettingsHelper.java +++ b/src/com/android/settings/password/ChooseLockSettingsHelper.java @@ -339,7 +339,7 @@ public final class ChooseLockSettingsHelper { Utils.enforceSameOwner(mActivity, mUserId); } - if (mExternal && mReturnCredentials) { + if (mExternal && mReturnCredentials && !mRemoteLockscreenValidation) { throw new IllegalArgumentException("External and ReturnCredentials specified. " + " External callers should never be allowed to receive credentials in" + " onActivityResult"); diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java index 328e44003e5..8dbc0dc17fe 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java @@ -250,12 +250,15 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity { .setRemoteLockscreenValidationSession(remoteLockscreenValidationSession) .setRemoteLockscreenValidationServiceComponent( remoteLockscreenValidationServiceComponent) + .setRequestGatekeeperPasswordHandle(true) + .setReturnCredentials(true) // returns only password handle. .setHeader(mTitle) // Show the title in the header location .setDescription(mDetails) .setCheckboxLabel(checkboxLabel) .setAlternateButton(alternateButton) .setExternal(true) .show(); + return; } else if (isEffectiveUserManagedProfile && isInternalActivity()) { mCredentialMode = CREDENTIAL_MANAGED; if (isBiometricAllowed(effectiveUserId, mUserId)) { diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java index 427b4ffdbae..81bd8c231a6 100644 --- a/src/com/android/settings/password/ConfirmLockPassword.java +++ b/src/com/android/settings/password/ConfirmLockPassword.java @@ -26,6 +26,10 @@ import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROF import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROFILE_PIN_REQUIRED; import static android.app.admin.DevicePolicyResources.UNDEFINED; +import static com.android.settings.biometrics.GatekeeperPasswordProvider.containsGatekeeperPasswordHandle; +import static com.android.settings.biometrics.GatekeeperPasswordProvider.getGatekeeperPasswordHandle; +import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE; + import android.annotation.Nullable; import android.app.KeyguardManager; import android.app.RemoteLockscreenValidationResult; @@ -614,7 +618,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity { saveAndFinishWorker.setListener(this); saveAndFinishWorker.start( mLockPatternUtils, - /* requestGatekeeperPassword= */ false, + /* requestGatekeeperPassword= */ true, mDeviceCredentialGuess, /* currentCredential= */ null, mEffectiveUserId); @@ -705,8 +709,14 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity { if (mDeviceCredentialGuess != null) { mDeviceCredentialGuess.zeroize(); } + + Intent result = new Intent(); + if (mRemoteValidation && containsGatekeeperPasswordHandle(resultData)) { + result.putExtra(EXTRA_KEY_GK_PW_HANDLE, getGatekeeperPasswordHandle(resultData)); + } + mGlifLayout.setProgressBarShown(false); - mCredentialCheckResultTracker.setResult(/* matched= */ true, new Intent(), + mCredentialCheckResultTracker.setResult(/* matched= */ true, result, /* timeoutMs= */ 0, mEffectiveUserId); } } diff --git a/src/com/android/settings/password/ConfirmLockPattern.java b/src/com/android/settings/password/ConfirmLockPattern.java index c664daf9565..7c217399cd5 100644 --- a/src/com/android/settings/password/ConfirmLockPattern.java +++ b/src/com/android/settings/password/ConfirmLockPattern.java @@ -22,6 +22,10 @@ import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROF import static android.app.admin.DevicePolicyResources.Strings.Settings.WORK_PROFILE_PATTERN_REQUIRED; import static android.app.admin.DevicePolicyResources.UNDEFINED; +import static com.android.settings.biometrics.GatekeeperPasswordProvider.containsGatekeeperPasswordHandle; +import static com.android.settings.biometrics.GatekeeperPasswordProvider.getGatekeeperPasswordHandle; +import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE; + import android.annotation.Nullable; import android.annotation.SuppressLint; import android.app.Activity; @@ -627,7 +631,7 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity { saveAndFinishWorker.setListener(this); saveAndFinishWorker.start( mLockPatternUtils, - /* requestGatekeeperPassword= */ false, + /* requestGatekeeperPassword= */ true, mDeviceCredentialGuess, /* currentCredential= */ null, mEffectiveUserId); @@ -732,8 +736,14 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity { if (mDeviceCredentialGuess != null) { mDeviceCredentialGuess.zeroize(); } + + Intent result = new Intent(); + if (mRemoteValidation && containsGatekeeperPasswordHandle(resultData)) { + result.putExtra(EXTRA_KEY_GK_PW_HANDLE, getGatekeeperPasswordHandle(resultData)); + } + mGlifLayout.setProgressBarShown(false); - mCredentialCheckResultTracker.setResult(/* matched= */ true, new Intent(), + mCredentialCheckResultTracker.setResult(/* matched= */ true, result, /* timeoutMs= */ 0, mEffectiveUserId); } }