Merge "Return enrollment consent status to caller." into sc-dev

src/com/android/settings/biometrics/BiometricEnrollActivity.java

@@ -71,6 +71,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
     private static final int REQUEST_CHOOSE_OPTIONS = 3;
     // prompt hand phone back to parent after enrollment
     private static final int REQUEST_HANDOFF_PARENT = 4;
+    private static final int REQUEST_SINGLE_ENROLL = 5;
 
     public static final int RESULT_SKIP = BiometricEnrollBase.RESULT_SKIP;
 
@@ -78,8 +79,13 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
     // this only applies to fingerprint.
     public static final String EXTRA_SKIP_INTRO = "skip_intro";
 
-    // TODO: temporary while waiting for team to add real flag
-    public static final String EXTRA_TEMP_REQUIRE_PARENTAL_CONSENT = "require_consent";
+    // Intent extra. If true, parental consent will be requested before user enrollment.
+    public static final String EXTRA_REQUIRE_PARENTAL_CONSENT = "require_consent";
+
+    // If EXTRA_REQUIRE_PARENTAL_CONSENT was used to start the activity then the result
+    // intent will include this extra containing a bundle of the form:
+    // "modality" -> consented (boolean).
+    public static final String EXTRA_PARENTAL_CONSENT_STATUS = "consent_status";
 
     private static final String SAVED_STATE_CONFIRMING_CREDENTIALS = "confirming_credentials";
     private static final String SAVED_STATE_ENROLL_ACTION_LOGGED = "enroll_action_logged";
@@ -189,7 +195,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
 
         // TODO(b/188847063): replace with real flag when ready
         mParentalOptionsRequired = intent.getBooleanExtra(
-                BiometricEnrollActivity.EXTRA_TEMP_REQUIRE_PARENTAL_CONSENT, false);
+                BiometricEnrollActivity.EXTRA_REQUIRE_PARENTAL_CONSENT, false);
 
         if (mParentalOptionsRequired && mParentalOptions == null) {
             mParentalConsentHelper = new ParentalConsentHelper(
@@ -201,19 +207,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
     }
 
     private void startEnroll() {
-        // TODO(b/188847063): This can be deleted, but log it now until it's wired up for real.
-        if (mParentalOptionsRequired) {
-            if (mParentalOptions == null) {
-                throw new IllegalStateException("consent options required, but not set");
-            }
-            Log.d(TAG, "consent for face: "
-                    + ParentalConsentHelper.hasFaceConsent(mParentalOptions));
-            Log.d(TAG, "consent for fingerprint: "
-                    + ParentalConsentHelper.hasFingerprintConsent(mParentalOptions));
-        } else {
-            Log.d(TAG, "startEnroll without requiring consent");
-        }
-
         // Default behavior is to enroll BIOMETRIC_WEAK or above. See ACTION_BIOMETRIC_ENROLL.
         final int authenticators = getIntent().getIntExtra(
                 EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, Authenticators.BIOMETRIC_WEAK);
@@ -234,21 +227,38 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
             }
         }
 
+        boolean canUseFace = mHasFeatureFace;
+        boolean canUseFingerprint = mHasFeatureFingerprint;
+        if (mParentalOptionsRequired) {
+            if (mParentalOptions == null) {
+                throw new IllegalStateException("consent options required, but not set");
+            }
+            canUseFace = canUseFace
+                    && ParentalConsentHelper.hasFaceConsent(mParentalOptions);
+            canUseFingerprint = canUseFingerprint
+                    && ParentalConsentHelper.hasFingerprintConsent(mParentalOptions);
+        }
+
         // This will need to be updated if the device has sensors other than BIOMETRIC_STRONG
         if (!setupWizard && authenticators == BiometricManager.Authenticators.DEVICE_CREDENTIAL) {
             launchCredentialOnlyEnroll();
-        } else if (mHasFeatureFace && mHasFeatureFingerprint) {
+        } else if (canUseFace && canUseFingerprint) {
             if (mParentalOptionsRequired && mGkPwHandle != null) {
                 launchFaceAndFingerprintEnroll();
             } else {
                 setOrConfirmCredentialsNow();
             }
-        } else if (mHasFeatureFingerprint) {
+        } else if (canUseFingerprint) {
             launchFingerprintOnlyEnroll();
-        } else if (mHasFeatureFace) {
+        } else if (canUseFace) {
             launchFaceOnlyEnroll();
-        } else {
-            Log.e(TAG, "Unknown state, finishing (was SUW: " + setupWizard + ")");
+        } else { // no modalities available
+            if (mParentalOptionsRequired) {
+                Log.d(TAG, "No consent for any modality: skipping enrollment");
+                setResult(RESULT_OK, newResultIntent());
+            } else {
+                Log.e(TAG, "Unknown state, finishing (was SUW: " + setupWizard + ")");
+            }
             finish();
         }
     }
@@ -275,7 +285,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
         if (mParentalConsentHelper != null) {
             handleOnActivityResultWhileConsenting(requestCode, resultCode, data);
         } else {
-            handleOnActivityResultWhileEnrollingMultiple(requestCode, resultCode, data);
+            handleOnActivityResultWhileEnrolling(requestCode, resultCode, data);
         }
     }
 
@@ -305,8 +315,10 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
                     final boolean isStillPrompting = mParentalConsentHelper.launchNext(
                             this, REQUEST_CHOOSE_OPTIONS, resultCode, data);
                     if (!isStillPrompting) {
-                        Log.d(TAG, "Enrollment options set, requesting handoff");
-                        launchHandoffToParent();
+                        Log.d(TAG, "Enrollment consent options set, starting enrollment");
+                        mParentalOptions = mParentalConsentHelper.getConsentResult();
+                        mParentalConsentHelper = null;
+                        startEnroll();
                     }
                 } else {
                     Log.d(TAG, "Unknown or cancelled parental consent");
@@ -314,18 +326,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
                     finish();
                 }
                 break;
-            case REQUEST_HANDOFF_PARENT:
-                if (resultCode == RESULT_OK) {
-                    Log.d(TAG, "Enrollment options set, starting enrollment");
-                    mParentalOptions = mParentalConsentHelper.getConsentResult();
-                    mParentalConsentHelper = null;
-                    startEnroll();
-                } else {
-                    Log.d(TAG, "Unknown or cancelled handoff");
-                    setResult(RESULT_CANCELED);
-                    finish();
-                }
-                break;
             default:
                 Log.w(TAG, "Unknown consenting requestCode: " + requestCode + ", finishing");
                 finish();
@@ -333,9 +333,13 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
     }
 
     // handles responses while multi biometric enrollment is pending
-    private void handleOnActivityResultWhileEnrollingMultiple(
+    private void handleOnActivityResultWhileEnrolling(
             int requestCode, int resultCode, Intent data) {
-        if (mMultiBiometricEnrollHelper == null) {
+        if (requestCode == REQUEST_HANDOFF_PARENT) {
+            Log.d(TAG, "Enrollment complete, requesting handoff, result: " + resultCode);
+            setResult(RESULT_OK, newResultIntent());
+            finish();
+        } else if (mMultiBiometricEnrollHelper == null) {
             overridePendingTransition(R.anim.sud_slide_next_in, R.anim.sud_slide_next_out);
 
             switch (requestCode) {
@@ -355,15 +359,37 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
                         finish();
                     }
                     break;
+                case REQUEST_SINGLE_ENROLL:
+                    finishOrLaunchHandToParent(resultCode);
+                    break;
                 default:
                     Log.w(TAG, "Unknown enrolling requestCode: " + requestCode + ", finishing");
                     finish();
             }
         } else {
-            mMultiBiometricEnrollHelper.onActivityResult(requestCode, resultCode, data);
+            Log.d(TAG, "RequestCode: " + requestCode + " resultCode: " + resultCode);
+            BiometricUtils.removeGatekeeperPasswordHandle(this, mGkPwHandle);
+            finishOrLaunchHandToParent(resultCode);
         }
     }
 
+    private void finishOrLaunchHandToParent(int resultCode) {
+        if (mParentalOptionsRequired) {
+            launchHandoffToParent();
+        } else {
+            setResult(resultCode);
+            finish();
+        }
+    }
+
+    private Intent newResultIntent() {
+        final Intent intent = new Intent();
+        final Bundle consentStatus = mParentalOptions.deepCopy();
+        intent.putExtra(EXTRA_PARENTAL_CONSENT_STATUS, consentStatus);
+        Log.v(TAG, "Result consent status: " + consentStatus);
+        return intent;
+    }
+
     private static boolean isSuccessfulConfirmOrChooseCredential(int requestCode, int resultCode) {
         final boolean okChoose = requestCode == REQUEST_CHOOSE_LOCK
                 && resultCode == ChooseLockPattern.RESULT_FINISHED;
@@ -384,8 +410,8 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
         super.onStop();
 
         if (mConfirmingCredentials
-                || mMultiBiometricEnrollHelper != null
-                || mParentalConsentHelper != null) {
+                || mParentalOptionsRequired
+                || mMultiBiometricEnrollHelper != null) {
             return;
         }
 
@@ -395,7 +421,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
         }
     }
 
-
     private void setOrConfirmCredentialsNow() {
         if (!mConfirmingCredentials) {
             mConfirmingCredentials = true;
@@ -454,21 +479,14 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
         }
     }
 
-    /**
-     * This should only be used to launch enrollment for single-sensor devices, which use
-     * FLAG_ACTIVITY_FORWARD_RESULT path.
-     *
-     * @param intent Enrollment activity that should be started (e.g. FaceEnrollIntroduction.class,
-     *               etc).
-     */
-    private void launchSingleSensorEnrollActivity(@NonNull Intent intent) {
-        intent.setFlags(Intent.FLAG_ACTIVITY_FORWARD_RESULT);
+    // This should only be used to launch enrollment for single-sensor devices.
+    private void launchSingleSensorEnrollActivity(@NonNull Intent intent, int requestCode) {
         byte[] hardwareAuthToken = null;
         if (this instanceof InternalActivity) {
             hardwareAuthToken = getIntent().getByteArrayExtra(
                     ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN);
         }
-        BiometricUtils.launchEnrollForResult(this, intent, 0 /* requestCode */, hardwareAuthToken,
+        BiometricUtils.launchEnrollForResult(this, intent, requestCode, hardwareAuthToken,
                 mGkPwHandle, mUserId);
     }
 
@@ -477,7 +495,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
         // If only device credential was specified, ask the user to only set that up.
         intent = new Intent(this, ChooseLockGeneric.class);
         intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_INSECURE_OPTIONS, true);
-        launchSingleSensorEnrollActivity(intent);
+        launchSingleSensorEnrollActivity(intent, 0 /* requestCode */);
     }
 
     private void launchFingerprintOnlyEnroll() {
@@ -489,12 +507,12 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
         } else {
             intent = BiometricUtils.getFingerprintIntroIntent(this, getIntent());
         }
-        launchSingleSensorEnrollActivity(intent);
+        launchSingleSensorEnrollActivity(intent, REQUEST_SINGLE_ENROLL);
     }
 
     private void launchFaceOnlyEnroll() {
         final Intent intent = BiometricUtils.getFaceIntroIntent(this, getIntent());
-        launchSingleSensorEnrollActivity(intent);
+        launchSingleSensorEnrollActivity(intent, REQUEST_SINGLE_ENROLL);
     }
 
     private void launchFaceAndFingerprintEnroll() {

src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java

@@ -20,7 +20,6 @@ import android.app.PendingIntent;
 import android.content.Intent;
 import android.hardware.face.FaceManager;
 import android.hardware.fingerprint.FingerprintManager;
-import android.util.Log;
 
 import androidx.annotation.NonNull;
 import androidx.fragment.app.FragmentActivity;
@@ -107,11 +106,4 @@ public class MultiBiometricEnrollHelper {
                     hardwareAuthToken, mGkPwHandle, mUserId);
         }));
     }
-
-    void onActivityResult(int requestCode, int resultCode, Intent data) {
-        Log.d(TAG, "RequestCode: " + requestCode + " resultCode: " + resultCode);
-        BiometricUtils.removeGatekeeperPasswordHandle(mActivity, mGkPwHandle);
-        mActivity.setResult(resultCode);
-        mActivity.finish();
-    }
 }

src/com/android/settings/biometrics/ParentalConsentHelper.java

@@ -46,6 +46,7 @@ public class ParentalConsentHelper {
 
     private static final String KEY_FACE_CONSENT = "face";
     private static final String KEY_FINGERPRINT_CONSENT = "fingerprint";
+    private static final String KEY_IRIS_CONSENT = "iris";
 
     private final boolean mRequireFace;
     private final boolean mRequireFingerprint;
@@ -153,6 +154,7 @@ public class ParentalConsentHelper {
         result.putBoolean(KEY_FACE_CONSENT, mConsentFace != null ? mConsentFace : false);
         result.putBoolean(KEY_FINGERPRINT_CONSENT,
                 mConsentFingerprint != null ? mConsentFingerprint : false);
+        result.putBoolean(KEY_IRIS_CONSENT, false);
         return result;
     }