4/n: Remove challenge from choose/confirm, use new path
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
This commit is contained in:
Kevin Chyn
@@ -28,6 +28,7 @@ import com.android.settings.R;
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settings.biometrics.BiometricEnrollBase;
|
||||
import com.android.settings.biometrics.BiometricEnrollSidecar.Listener;
|
||||
import com.android.settings.biometrics.BiometricUtils;
|
||||
import com.android.settings.password.ChooseLockSettingsHelper;
|
||||
|
||||
import com.google.android.setupcompat.template.FooterBarMixin;
|
||||
@@ -60,6 +61,16 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase {
|
||||
|
||||
setHeaderText(R.string.security_settings_fingerprint_enroll_find_sensor_title);
|
||||
|
||||
if (mToken == null && BiometricUtils.containsGatekeeperPassword(getIntent())) {
|
||||
final FingerprintManager fpm = getSystemService(FingerprintManager.class);
|
||||
final long challenge = fpm.generateChallengeBlocking();
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
|
||||
|
||||
// Put this into the intent. This is really just to work around the fact that the
|
||||
// enrollment sidecar gets the HAT from the activity's intent, rather than having
|
||||
// it passed in.
|
||||
getIntent().putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, mToken);
|
||||
}
|
||||
|
||||
startLookingForFingerprint(); // already confirmed, so start looking for fingerprint
|
||||
|
||||
@@ -160,10 +171,13 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase {
|
||||
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
|
||||
if (requestCode == CONFIRM_REQUEST) {
|
||||
if (resultCode == RESULT_OK && data != null) {
|
||||
throw new IllegalStateException("Pretty sure this is dead code");
|
||||
/*
|
||||
mToken = data.getByteArrayExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN);
|
||||
overridePendingTransition(R.anim.sud_slide_next_in, R.anim.sud_slide_next_out);
|
||||
getIntent().putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, mToken);
|
||||
startLookingForFingerprint();
|
||||
*/
|
||||
} else {
|
||||
finish();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user