4/n: Remove challenge from choose/confirm, use new path

Biometric enrollment will not request a Gatekeeper HAT during initial credential setup or credential confirmation anymore. Instead, it is broken down into the following steps now. Bug: 161765592 1) Request credential setup / confirmation to return a Gatekeeper Password 2) Biometric enrollment will generate a challenge 3) Biometric enrollment will request LockSettingsService to verify(GatekeeperPassword, challenge), and upon verification, the Gatekeeper HAT will be returned. Since both LockSettingsService and Biometric enroll/settings make use of biometric challenges, this allows us to make the challenge ownership/lifecycle clear (vs. previously, where LockSettingsService has no idea who the challenge belongs to). Exempt-From-Owner-Approval:For files not owned by our team, (StorageWizard), this change is just a method rename Test: RunSettingsRoboTests Run the following on face/fingerprint devices Test: Remove credential adb shell am start -a android.app.action.SET_NEW_PASSWORD Set up credential + fingerprint Test: Remove credential, adb shell am start -a android.settings.FINGERPRINT_SETTINGS This tests the ChooseLock* logic in FingerprintSettings Test: Set up credential, adb shell am start -a android.settings.FINGERPRINT_SETTINGS This tests the ConfirmLock* logic in FingerprintSettings Test: Remove device credential, enroll fingerprint/face. Succeeds. This tests the ChooseLock* returning SP path from BiometricEnrollIntro Test: With credential and fingerprint/face enrolled, go to fingerprint/face settings and enroll. This tests the ConfirmLock* path in Fingerprint/FaceSettings Test: Remove device credential, enroll credential-only, enroll fingerprint/face separately. Succeeds. This tests the ConfirmLock* returning SP path in BiometricEnrollIntro Test: In SUW, set up credential, then biometric. This tests the ChooseLock* path in SUW Test: In SUW, set up credential, go back, then set up biometric. This tests the ConfirmLock* path in SUW Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
2020-07-23 19:36:26 -07:00
parent e67a0afc41
commit 7b0867c6d3
25 changed files with 269 additions and 235 deletions
--- a/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java
+++ b/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java
@@ -164,7 +164,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
                // It's possible to have a token but mLaunchedConfirmLock == false, since
                // ChooseLockGeneric can pass us a token.
                mConfirmingCredentials = true;
-                launchConfirmLock(getConfirmLockTitleResId(), getChallenge());
+                launchConfirmLock(getConfirmLockTitleResId());
            }
        }
    }
@@ -217,12 +217,10 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase

    private void launchChooseLock() {
        Intent intent = getChooseLockIntent();
-        long challenge = getChallenge();
        intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY,
                DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
        intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true);
-        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
-        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
+        intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
        intent.putExtra(getExtraKeyForBiometric(), true);
        if (mUserId != UserHandle.USER_NULL) {
            intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
@@ -271,8 +269,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
        } else if (requestCode == CHOOSE_LOCK_GENERIC_REQUEST) {
            if (resultCode == RESULT_FINISHED) {
                updatePasswordQuality();
-                mToken = data.getByteArrayExtra(
-                        ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN);
+                mToken = BiometricUtils.requestGatekeeperHat(this, data, mUserId, getChallenge());
                overridePendingTransition(R.anim.sud_slide_next_in, R.anim.sud_slide_next_out);
                mConfirmingCredentials = false;
                return;
@@ -283,7 +280,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
        } else if (requestCode == CONFIRM_REQUEST) {
            mConfirmingCredentials = false;
            if (resultCode == RESULT_OK && data != null) {
-                mToken = data.getByteArrayExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN);
+                mToken = BiometricUtils.requestGatekeeperHat(this, data, mUserId, getChallenge());
                overridePendingTransition(R.anim.sud_slide_next_in, R.anim.sud_slide_next_out);
            } else {
                setResult(resultCode, data);