PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove face auth from setup wizard when configured as a convenience.

Browse Source 
Fix: 206867696
Test: manual (enroll via SUW with/without unicorn)
Change-Id: I41bf7488cf30ffe3e0d09282e923347c7f5938df
This commit is contained in:
Joe Bolinger
2021-11-23 00:52:23 +00:00
parent 83a8b76ec2
commit d00fd7f362
1 changed files with 33 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/com/android/settings/biometrics/BiometricEnrollActivity.java
View File

@@ -32,6 +32,7 @@ import android.hardware.biometrics.BiometricAuthenticator;
import android.hardware.biometrics.BiometricManager; import android.hardware.biometrics.BiometricManager;
import android.hardware.biometrics.BiometricManager.Authenticators; import android.hardware.biometrics.BiometricManager.Authenticators;
import android.hardware.biometrics.BiometricManager.BiometricError; import android.hardware.biometrics.BiometricManager.BiometricError;
import android.hardware.biometrics.SensorProperties;
import android.hardware.face.FaceManager; import android.hardware.face.FaceManager;
import android.hardware.face.FaceSensorPropertiesInternal; import android.hardware.face.FaceSensorPropertiesInternal;
import android.hardware.fingerprint.FingerprintManager; import android.hardware.fingerprint.FingerprintManager;
@@ -175,8 +176,22 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
mHasFeatureFingerprint = pm.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT); mHasFeatureFingerprint = pm.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT);
mHasFeatureFace = pm.hasSystemFeature(PackageManager.FEATURE_FACE); mHasFeatureFace = pm.hasSystemFeature(PackageManager.FEATURE_FACE);
// Default behavior is to enroll BIOMETRIC_WEAK or above. See ACTION_BIOMETRIC_ENROLL.
final int authenticators = getIntent().getIntExtra(
EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, Authenticators.BIOMETRIC_WEAK);
Log.d(TAG, "Authenticators: " + authenticators);
mParentalOptionsRequired = intent.getBooleanExtra(EXTRA_REQUIRE_PARENTAL_CONSENT, false);
mSkipReturnToParent = intent.getBooleanExtra(EXTRA_SKIP_RETURN_TO_PARENT, false);
// determine what can be enrolled // determine what can be enrolled
final boolean isSetupWizard = WizardManagerHelper.isAnySetupWizard(getIntent()); final boolean isSetupWizard = WizardManagerHelper.isAnySetupWizard(getIntent());
final boolean isMultiSensor = mHasFeatureFace && mHasFeatureFingerprint;
Log.d(TAG, "parentalOptionsRequired: " + mParentalOptionsRequired
+ ", skipReturnToParent: " + mSkipReturnToParent
+ ", isSetupWizard: " + isSetupWizard
+ ", isMultiSensor: " + isMultiSensor);
if (mHasFeatureFace) { if (mHasFeatureFace) {
final FaceManager faceManager = getSystemService(FaceManager.class); final FaceManager faceManager = getSystemService(FaceManager.class);
@@ -185,11 +200,23 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
final int maxFacesEnrollableIfSUW = getApplicationContext().getResources() final int maxFacesEnrollableIfSUW = getApplicationContext().getResources()
.getInteger(R.integer.suw_max_faces_enrollable); .getInteger(R.integer.suw_max_faces_enrollable);
if (!faceProperties.isEmpty()) { if (!faceProperties.isEmpty()) {
final FaceSensorPropertiesInternal props = faceProperties.get(0);
final int maxEnrolls = final int maxEnrolls =
isSetupWizard ? maxFacesEnrollableIfSUW isSetupWizard ? maxFacesEnrollableIfSUW : props.maxEnrollmentsPerUser;
: faceProperties.get(0).maxEnrollmentsPerUser;
mIsFaceEnrollable = mIsFaceEnrollable =
faceManager.getEnrolledFaces(mUserId).size() < maxEnrolls; faceManager.getEnrolledFaces(mUserId).size() < maxEnrolls;
// exclude face enrollment from setup wizard if configured as a convenience
// isSetupWizard is always false for unicorn enrollment, so if consent is
// required check if setup has completed instead.
final boolean isSettingUp = isSetupWizard || (mParentalOptionsRequired
&& !WizardManagerHelper.isUserSetupComplete(this));
if (isSettingUp && isMultiSensor && mIsFaceEnrollable) {
if (props.sensorStrength == SensorProperties.STRENGTH_CONVENIENCE) {
Log.i(TAG, "Excluding face from SuW enrollment (STRENGTH_CONVENIENCE)");
mIsFaceEnrollable = false;
}
}
} }
} }
if (mHasFeatureFingerprint) { if (mHasFeatureFingerprint) {
@@ -207,13 +234,6 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
} }
} }
mParentalOptionsRequired = intent.getBooleanExtra(EXTRA_REQUIRE_PARENTAL_CONSENT, false);
mSkipReturnToParent = intent.getBooleanExtra(EXTRA_SKIP_RETURN_TO_PARENT, false);
Log.d(TAG, "parentalOptionsRequired: " + mParentalOptionsRequired
+ ", skipReturnToParent: " + mSkipReturnToParent
+ ", isSetupWizard: " + isSetupWizard);
// TODO(b/195128094): remove this restriction // TODO(b/195128094): remove this restriction
// Consent can only be recorded when this activity is launched directly from the kids // Consent can only be recorded when this activity is launched directly from the kids
// module. This can be removed when there is a way to notify consent status out of band. // module. This can be removed when there is a way to notify consent status out of band.
@@ -247,19 +267,10 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
setOrConfirmCredentialsNow(); setOrConfirmCredentialsNow();
} else { } else {
// Start enrollment process if we haven't bailed out yet // Start enrollment process if we haven't bailed out yet
startEnroll(); startEnrollWith(authenticators, isSetupWizard);
} }
} }
private void startEnroll() {
// Default behavior is to enroll BIOMETRIC_WEAK or above. See ACTION_BIOMETRIC_ENROLL.
final int authenticators = getIntent().getIntExtra(
EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, Authenticators.BIOMETRIC_WEAK);
Log.d(TAG, "Authenticators: " + authenticators);
startEnrollWith(authenticators, WizardManagerHelper.isAnySetupWizard(getIntent()));
}
private void startEnrollWith(@Authenticators.Types int authenticators, boolean setupWizard) { private void startEnrollWith(@Authenticators.Types int authenticators, boolean setupWizard) {
// If the caller is not setup wizard, and the user has something enrolled, finish. // If the caller is not setup wizard, and the user has something enrolled, finish.
// Allow parental consent flow to skip this check, since one modality could be consented // Allow parental consent flow to skip this check, since one modality could be consented
@@ -339,7 +350,9 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
final boolean fpConsentRequired = ParentalControlsUtils final boolean fpConsentRequired = ParentalControlsUtils
.parentConsentRequired(this, BiometricAuthenticator.TYPE_FINGERPRINT) != null; .parentConsentRequired(this, BiometricAuthenticator.TYPE_FINGERPRINT) != null;
final boolean requestFaceConsent = faceConsentRequired && mHasFeatureFace; final boolean requestFaceConsent = faceConsentRequired
&& mHasFeatureFace
&& mIsFaceEnrollable;
final boolean requestFpConsent = fpConsentRequired && mHasFeatureFingerprint; final boolean requestFpConsent = fpConsentRequired && mHasFeatureFingerprint;
Log.d(TAG, "faceConsentRequired: " + faceConsentRequired Log.d(TAG, "faceConsentRequired: " + faceConsentRequired