diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java index db5e003456a..3b8f25507e9 100644 --- a/src/com/android/settings/biometrics/BiometricEnrollActivity.java +++ b/src/com/android/settings/biometrics/BiometricEnrollActivity.java @@ -71,6 +71,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { private static final int REQUEST_CHOOSE_OPTIONS = 3; // prompt hand phone back to parent after enrollment private static final int REQUEST_HANDOFF_PARENT = 4; + private static final int REQUEST_SINGLE_ENROLL = 5; public static final int RESULT_SKIP = BiometricEnrollBase.RESULT_SKIP; @@ -78,8 +79,13 @@ public class BiometricEnrollActivity extends InstrumentedActivity { // this only applies to fingerprint. public static final String EXTRA_SKIP_INTRO = "skip_intro"; - // TODO: temporary while waiting for team to add real flag - public static final String EXTRA_TEMP_REQUIRE_PARENTAL_CONSENT = "require_consent"; + // Intent extra. If true, parental consent will be requested before user enrollment. + public static final String EXTRA_REQUIRE_PARENTAL_CONSENT = "require_consent"; + + // If EXTRA_REQUIRE_PARENTAL_CONSENT was used to start the activity then the result + // intent will include this extra containing a bundle of the form: + // "modality" -> consented (boolean). + public static final String EXTRA_PARENTAL_CONSENT_STATUS = "consent_status"; private static final String SAVED_STATE_CONFIRMING_CREDENTIALS = "confirming_credentials"; private static final String SAVED_STATE_ENROLL_ACTION_LOGGED = "enroll_action_logged"; @@ -189,7 +195,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { // TODO(b/188847063): replace with real flag when ready mParentalOptionsRequired = intent.getBooleanExtra( - BiometricEnrollActivity.EXTRA_TEMP_REQUIRE_PARENTAL_CONSENT, false); + BiometricEnrollActivity.EXTRA_REQUIRE_PARENTAL_CONSENT, false); if (mParentalOptionsRequired && mParentalOptions == null) { mParentalConsentHelper = new ParentalConsentHelper( @@ -201,19 +207,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } private void startEnroll() { - // TODO(b/188847063): This can be deleted, but log it now until it's wired up for real. - if (mParentalOptionsRequired) { - if (mParentalOptions == null) { - throw new IllegalStateException("consent options required, but not set"); - } - Log.d(TAG, "consent for face: " - + ParentalConsentHelper.hasFaceConsent(mParentalOptions)); - Log.d(TAG, "consent for fingerprint: " - + ParentalConsentHelper.hasFingerprintConsent(mParentalOptions)); - } else { - Log.d(TAG, "startEnroll without requiring consent"); - } - // Default behavior is to enroll BIOMETRIC_WEAK or above. See ACTION_BIOMETRIC_ENROLL. final int authenticators = getIntent().getIntExtra( EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, Authenticators.BIOMETRIC_WEAK); @@ -234,21 +227,38 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } } + boolean canUseFace = mHasFeatureFace; + boolean canUseFingerprint = mHasFeatureFingerprint; + if (mParentalOptionsRequired) { + if (mParentalOptions == null) { + throw new IllegalStateException("consent options required, but not set"); + } + canUseFace = canUseFace + && ParentalConsentHelper.hasFaceConsent(mParentalOptions); + canUseFingerprint = canUseFingerprint + && ParentalConsentHelper.hasFingerprintConsent(mParentalOptions); + } + // This will need to be updated if the device has sensors other than BIOMETRIC_STRONG if (!setupWizard && authenticators == BiometricManager.Authenticators.DEVICE_CREDENTIAL) { launchCredentialOnlyEnroll(); - } else if (mHasFeatureFace && mHasFeatureFingerprint) { + } else if (canUseFace && canUseFingerprint) { if (mParentalOptionsRequired && mGkPwHandle != null) { launchFaceAndFingerprintEnroll(); } else { setOrConfirmCredentialsNow(); } - } else if (mHasFeatureFingerprint) { + } else if (canUseFingerprint) { launchFingerprintOnlyEnroll(); - } else if (mHasFeatureFace) { + } else if (canUseFace) { launchFaceOnlyEnroll(); - } else { - Log.e(TAG, "Unknown state, finishing (was SUW: " + setupWizard + ")"); + } else { // no modalities available + if (mParentalOptionsRequired) { + Log.d(TAG, "No consent for any modality: skipping enrollment"); + setResult(RESULT_OK, newResultIntent()); + } else { + Log.e(TAG, "Unknown state, finishing (was SUW: " + setupWizard + ")"); + } finish(); } } @@ -275,7 +285,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { if (mParentalConsentHelper != null) { handleOnActivityResultWhileConsenting(requestCode, resultCode, data); } else { - handleOnActivityResultWhileEnrollingMultiple(requestCode, resultCode, data); + handleOnActivityResultWhileEnrolling(requestCode, resultCode, data); } } @@ -305,8 +315,10 @@ public class BiometricEnrollActivity extends InstrumentedActivity { final boolean isStillPrompting = mParentalConsentHelper.launchNext( this, REQUEST_CHOOSE_OPTIONS, resultCode, data); if (!isStillPrompting) { - Log.d(TAG, "Enrollment options set, requesting handoff"); - launchHandoffToParent(); + Log.d(TAG, "Enrollment consent options set, starting enrollment"); + mParentalOptions = mParentalConsentHelper.getConsentResult(); + mParentalConsentHelper = null; + startEnroll(); } } else { Log.d(TAG, "Unknown or cancelled parental consent"); @@ -314,18 +326,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity { finish(); } break; - case REQUEST_HANDOFF_PARENT: - if (resultCode == RESULT_OK) { - Log.d(TAG, "Enrollment options set, starting enrollment"); - mParentalOptions = mParentalConsentHelper.getConsentResult(); - mParentalConsentHelper = null; - startEnroll(); - } else { - Log.d(TAG, "Unknown or cancelled handoff"); - setResult(RESULT_CANCELED); - finish(); - } - break; default: Log.w(TAG, "Unknown consenting requestCode: " + requestCode + ", finishing"); finish(); @@ -333,9 +333,13 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } // handles responses while multi biometric enrollment is pending - private void handleOnActivityResultWhileEnrollingMultiple( + private void handleOnActivityResultWhileEnrolling( int requestCode, int resultCode, Intent data) { - if (mMultiBiometricEnrollHelper == null) { + if (requestCode == REQUEST_HANDOFF_PARENT) { + Log.d(TAG, "Enrollment complete, requesting handoff, result: " + resultCode); + setResult(RESULT_OK, newResultIntent()); + finish(); + } else if (mMultiBiometricEnrollHelper == null) { overridePendingTransition(R.anim.sud_slide_next_in, R.anim.sud_slide_next_out); switch (requestCode) { @@ -355,15 +359,37 @@ public class BiometricEnrollActivity extends InstrumentedActivity { finish(); } break; + case REQUEST_SINGLE_ENROLL: + finishOrLaunchHandToParent(resultCode); + break; default: Log.w(TAG, "Unknown enrolling requestCode: " + requestCode + ", finishing"); finish(); } } else { - mMultiBiometricEnrollHelper.onActivityResult(requestCode, resultCode, data); + Log.d(TAG, "RequestCode: " + requestCode + " resultCode: " + resultCode); + BiometricUtils.removeGatekeeperPasswordHandle(this, mGkPwHandle); + finishOrLaunchHandToParent(resultCode); } } + private void finishOrLaunchHandToParent(int resultCode) { + if (mParentalOptionsRequired) { + launchHandoffToParent(); + } else { + setResult(resultCode); + finish(); + } + } + + private Intent newResultIntent() { + final Intent intent = new Intent(); + final Bundle consentStatus = mParentalOptions.deepCopy(); + intent.putExtra(EXTRA_PARENTAL_CONSENT_STATUS, consentStatus); + Log.v(TAG, "Result consent status: " + consentStatus); + return intent; + } + private static boolean isSuccessfulConfirmOrChooseCredential(int requestCode, int resultCode) { final boolean okChoose = requestCode == REQUEST_CHOOSE_LOCK && resultCode == ChooseLockPattern.RESULT_FINISHED; @@ -384,8 +410,8 @@ public class BiometricEnrollActivity extends InstrumentedActivity { super.onStop(); if (mConfirmingCredentials - || mMultiBiometricEnrollHelper != null - || mParentalConsentHelper != null) { + || mParentalOptionsRequired + || mMultiBiometricEnrollHelper != null) { return; } @@ -395,7 +421,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } } - private void setOrConfirmCredentialsNow() { if (!mConfirmingCredentials) { mConfirmingCredentials = true; @@ -454,21 +479,14 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } } - /** - * This should only be used to launch enrollment for single-sensor devices, which use - * FLAG_ACTIVITY_FORWARD_RESULT path. - * - * @param intent Enrollment activity that should be started (e.g. FaceEnrollIntroduction.class, - * etc). - */ - private void launchSingleSensorEnrollActivity(@NonNull Intent intent) { - intent.setFlags(Intent.FLAG_ACTIVITY_FORWARD_RESULT); + // This should only be used to launch enrollment for single-sensor devices. + private void launchSingleSensorEnrollActivity(@NonNull Intent intent, int requestCode) { byte[] hardwareAuthToken = null; if (this instanceof InternalActivity) { hardwareAuthToken = getIntent().getByteArrayExtra( ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN); } - BiometricUtils.launchEnrollForResult(this, intent, 0 /* requestCode */, hardwareAuthToken, + BiometricUtils.launchEnrollForResult(this, intent, requestCode, hardwareAuthToken, mGkPwHandle, mUserId); } @@ -477,7 +495,7 @@ public class BiometricEnrollActivity extends InstrumentedActivity { // If only device credential was specified, ask the user to only set that up. intent = new Intent(this, ChooseLockGeneric.class); intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_INSECURE_OPTIONS, true); - launchSingleSensorEnrollActivity(intent); + launchSingleSensorEnrollActivity(intent, 0 /* requestCode */); } private void launchFingerprintOnlyEnroll() { @@ -489,12 +507,12 @@ public class BiometricEnrollActivity extends InstrumentedActivity { } else { intent = BiometricUtils.getFingerprintIntroIntent(this, getIntent()); } - launchSingleSensorEnrollActivity(intent); + launchSingleSensorEnrollActivity(intent, REQUEST_SINGLE_ENROLL); } private void launchFaceOnlyEnroll() { final Intent intent = BiometricUtils.getFaceIntroIntent(this, getIntent()); - launchSingleSensorEnrollActivity(intent); + launchSingleSensorEnrollActivity(intent, REQUEST_SINGLE_ENROLL); } private void launchFaceAndFingerprintEnroll() { diff --git a/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java b/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java index 74d7c535e05..44d75c5808d 100644 --- a/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java +++ b/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java @@ -20,7 +20,6 @@ import android.app.PendingIntent; import android.content.Intent; import android.hardware.face.FaceManager; import android.hardware.fingerprint.FingerprintManager; -import android.util.Log; import androidx.annotation.NonNull; import androidx.fragment.app.FragmentActivity; @@ -107,11 +106,4 @@ public class MultiBiometricEnrollHelper { hardwareAuthToken, mGkPwHandle, mUserId); })); } - - void onActivityResult(int requestCode, int resultCode, Intent data) { - Log.d(TAG, "RequestCode: " + requestCode + " resultCode: " + resultCode); - BiometricUtils.removeGatekeeperPasswordHandle(mActivity, mGkPwHandle); - mActivity.setResult(resultCode); - mActivity.finish(); - } } diff --git a/src/com/android/settings/biometrics/ParentalConsentHelper.java b/src/com/android/settings/biometrics/ParentalConsentHelper.java index 905a95527ef..6c4004e5c55 100644 --- a/src/com/android/settings/biometrics/ParentalConsentHelper.java +++ b/src/com/android/settings/biometrics/ParentalConsentHelper.java @@ -46,6 +46,7 @@ public class ParentalConsentHelper { private static final String KEY_FACE_CONSENT = "face"; private static final String KEY_FINGERPRINT_CONSENT = "fingerprint"; + private static final String KEY_IRIS_CONSENT = "iris"; private final boolean mRequireFace; private final boolean mRequireFingerprint; @@ -153,6 +154,7 @@ public class ParentalConsentHelper { result.putBoolean(KEY_FACE_CONSENT, mConsentFace != null ? mConsentFace : false); result.putBoolean(KEY_FINGERPRINT_CONSENT, mConsentFingerprint != null ? mConsentFingerprint : false); + result.putBoolean(KEY_IRIS_CONSENT, false); return result; }