1. Add config_suw_support_face_enroll default is TRUE
2. Impl FaceFeatureProvider to obtain the config
3. Overlay config_suw_support_face_enroll by requirements
Test: Flash build and manual check if device go through face enroll in SUW
Bug: 262469686
Change-Id: I61aa5c818bedfb490f2172a7481f59fda7295c1a
ChooseLockGeneneric uses intent extra key to determine correct strings
on "Choose screen lock" screen.
Bug: 219419005
Test: atest BiometricEnrollActivityTest
Test: Manully test SUW as following combinations
1. W/ unicorn flow or W/O unicorn flow
2. Fingerprint only devices or Fingerpirnt+Face devices
Change-Id: I2abf9555676f3fb3b92dd6ddcc091ea8158bfe9f
Run setOrConfirmCredentialsNow() before enrolling for devices w/
single-sensor
Bug: 239105333
Test: atest BiometricEnrollActivityTest
Test: Manually test multi-sensor and single-sensor devices
Change-Id: I807418c842eb076974f839a0d08bae67d3bc51dc
Add metric intent if ChooseLockGeneric is triggered in SUW.
1. Save the result bundle data from ChooseLockGeneric to cache inside
BiometricEnrollActivity and pass back to SUW after all finished.
2. Since fingerprint enrollment trigger points in SUW for
fingerprint-only or fingerprint + faceAuth devices are all moved
from SetupFingerprintEnrollIntroduction to BiometricEnrollActivity,
remove deprecated code from SetupFingerprintEnrollIntroduction.
Bug: 235458700
Test: Manually test fingerprint enroll with SUW or w/o SUW
Test: Manually test fingerprint enroll with unicorn SUW
Test: atest BiometricEnrollActivityTest
Test: robo tests FingerprintEnrollIntroductionTest
Change-Id: I34b2884ab4c2c65d464d91eaef0f58c72dad438b
Run setOrConfirmCredentialsNow() before enrolling fingerprint for
fingerprint-only device.
Bug: 237433373
Test: atest BiometricEnrollActivityTest
Test: Manually test SUW flows for fingerprint-only device
1. check confirm pin case
2. check choose pin case
3. enable always_finish_activities, check confirm pin case
4. enable always_finish_activities, check choose pin case
Change-Id: I68da429145835fc79f83f3292749088dc25fdeee
Test: Verified that Unicorn SUW flows can now
enroll a face.
Test: Verified normal SUW flow works as expected.
Fixes: 237088482
Fixes: 234663447
Change-Id: I9c4100f61b5e7d40fc9ed67c6918ec7bf31fc30a
Test: During SUW verified Fingerprint enrollment
comes before face.
Test: During SUW enrolled multiple fingerprints than 1 face.
Test: Skipped and cancelled on every possible screen to ensure behavior
was correct.
Bug: 228607474
Change-Id: I4c50763a804fe4eb9d62451eb2f957545857723e
Additionally, ensure that consent is only requested for modalities
that have not been previously consented to. We retrieve the consent
requirement (which come from DPM) in onActivityResult instead of
onCreate, since the signal may not be ready immediately.
Fixes: 196060286
Fixes: 204592495
Test: make -j56 RunSettingsRoboTests ROBOTEST_FILTER=CombinedBiometricStatusPreferenceControllerTest
Change-Id: I984e61f28ffbf957c16cac4ea84f40b6ad7d8ae9
Test: See below
Fixes: 203375738
Change-Id: I3e59191a8c936c7c7a3d8561e908593dbf9710b5
1. Enrolled a face during SUW
2. Pressed back on fingerprint enroll intro
3. Verified that the next button's text is chnaged to done
4. The done action launches the fingerprint enroll intro flow.
Change-Id: Id5d652257445e40426ade3d396a31ebf936cc348
Managed accounts may set the pin/pattern before enrollment begins.
Fix: 191608999
Test: atest BiometricEnrollActivityTest
Change-Id: I4065989ecc26ce72ffd0e06e7c6e68029a11908f
This prevents biometric enrollment from happening after consent
has been obtained and is being managed by family link.
Note that this requires a corresponding change the setup wizard app
to work in most cases.
Bug: 193577587
Test: manual (enroll then relaunch SuW and repeat)
Change-Id: If260e49f38a141931d7f3362c1faf80ee7790232
Settings flow does not need to show this screen
Fixes: 192586840
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL --ez require_consent true --ez skip_return_to_parent <true/false>
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL --ez require_consent true
Test: atest com.android.settings.biometrics.ParentalConsentHelperTest
Change-Id: Ic2edbb5ec9693d05c89206d49249f59fd968aa2f
This reverts commit c358adad56.
Reason for revert: Applying original change with additional change for single sensor devices.
Bug: 192420564
Bug: 188847063
Test: manual enroll face & fingerprint via setup wizard (on fp, face, & fp+face device variants)
Change-Id: Idfaaa2b6f4611056f9999325bac8401e28a7510b
This reverts commit eb1dac69f0.
Reason for revert: Based on bisection, this CL is the root cause for bug 192420564, which breaks Setup Wizard.
Bug: 192420564
Change-Id: I8d9aee7fe2415e134fcc981b0548bd9ce300db55
Currently, if a user has completed a fingerprint/face enrollment
in SUW and they press the back button, we show the UI for each, and
it fails with no error.
This change makes it so that if a user completes 1 fingerprint or 1
face enrollment, it will no longer try and enroll them again if they
have failed.
Test: Manual
Bug: 191073296
Change-Id: I020c423b5d34797cd7c8be66a2e24051135c9be0
* Move all logics around aggregating password policies
to the controller
* Replace HIDE_DISABLED_PREFS and MINIMUM_QUALITY_KEY
with HIDE_INSECURE_OPTIONS as all call sites are just
using them to hide insecure screenlock options.
* Remove password policy aggregation logic from
ChooseLockPassword and make it use policies passed in.
* Remove padlock from disabled screen lock options,
per UX mock.
* Increase char limit for some strings
Bug: 177638284
Bug: 177641868
Bug: 182561862
Test: m RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.password
Test: 1. set profile password quality/complexity and enroll device lock
2. set profile password quality/complexity and enroll work challenge
3. set parent password quality/complexity and enroll device lock
4. set parent password quality/complexity and enroll work challenge
5. set profile and parent password complexity, then enroll work challenge
6. set profile and parent password complexity, then unify work challenge
7. Enroll device lock during SUW
Change-Id: Iba1d37e6f33eba7b7e8e1f805f8e37aaec108404
Using the back buttons can cause a crash in at least two cases. Skipping
face enrollment and then starting/stopping any enrollment can lead to
an invalid token and failed HAT request. Backing out of the activity and
restarting it can also lead to using a stale token that fails.
Fix: 179336333
Test: manual on device
Change-Id: I0c1133e4c3d9c97997043ddc9374aa3cfc4f1c97
Adds logging to Settings for new authentication and biometric atoms
introduced as part of ag/13856328.
Test: Manually trigger each case and verify log statements are called.
Bug: 185136248
Change-Id: Ic41a89da4f148dc94864f140e85b55f63643681b
On devices with multiple biometric sensors, this removes the
interstitial screen in Setup Wizard that let the user choose whether to
enroll face, fingerprint, or both. Instead, such devices will always
show face enrollment followed by fingerprint, with the option to skip
either or both.
Test: Manually tested all enroll/skip combinations in SUW
Fixes: 183720580
Change-Id: I7f045579f732196bde28dd96e9443e4bb4c906ae
Fixes: 169629017
Test: Wipe device, go through setup flow with a managed account.
Successfully set up credential and fingerprint
During the conversion to GkPwHandle (instead of HAT), the code in
Choose/ConfirmLock* and most of the biometric paths were updated, with
the exception of 2a below.
1) Only multi-biometric devices request Choose/ConfirmLock in
BiometricEnrollActivity.
2) Single-biometric devices (in almost all paths) request credentials
in their intro activities (FingerprintEnrollIntro, etc).
2a) However, there is a special path used by work profiles where
credentials are first set up, and the GkPwHandle is passed into
BiometricEnrollActivity, with the request to skip the fingerprint
enroll introduction page. In this case, we must remember to
forward the GkPwHandle to the relavent enrollment page
(FingerprintEnrollFindSensor).
At some point in the future we should have all credential stuff
done in BiometricEnrollActivity. However, due to legacy APIs, etc,
it may be more work than it's worth right now.
Change-Id: I3f95876de6969fee7130d7a19c8db363da69c4c2
1) Adds a layout for multi-biometric selection in BiometricEnrollActivity
2) Adds widgets for checkboxes
3) Shows ConfirmLock*/ChooseLock* for multi-biometric devices in
BiometricEnrollActivity
4) finish()'s when loses foreground
5) Adds default string for ChooseLock* and multi-biometrics, e.g.
"Set up Password + Biometrics", as well as associated plumbing
to bring the user back to BiometricEnrollActivity once the
credential is enrolled
6) When max templates enrolled, checkbox becomes disabled and
description string is updated
Bug: 162341940
Bug: 152242790
Fixes: 161742393
No effect on existing devices with the following:
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL
Test: SUW
Test: make -j RunSettingsRoboTests
Exempt-From-Owner-Approval: Biometric-related change
to EncryptionInterstitial
Change-Id: I855460d50228ace24d4ec5fbe330f02ab406cc02
Test: fingerprint and face enroll via
adb shell am start -a android.settings.BIOMETRIC_ENROLL
Test: credential enroll via
adb shell am start -a android.settings.BIOMETRIC_ENROLL --ei android.provider.extra.BIOMETRIC_AUTHENTICATORS_ALLOWED 32768
Bug: 162341940
Bug: 152242790
Change-Id: Idfdf96891ba9a2394f61eedb0adde2adf9fd85e6
LockSettingsService returns a handle to the gatekeeper password
instead of the password itself now. As such, update areas of code
accordingly.
Bug: 161765592
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Ibc71ec88f8192620d041bfd125f400371708b296
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
Fixes: 151576034
Test: Wipe device, go past fingerprint enrollment in SUW, press
back button. SUW should not get stuck
Change-Id: I9021946dd169acfa205e6bacc4c4581242452983
SUW is using activity result codes already. Let's stick with the old
behavior until/if there's a way to make it work nicely.
Fixes: 151058692
Test: Skip fingerprint in SUW. Fingerprint not shown again in SUW.
Change-Id: I3c52cddd568dc5ded6bf810272ffb77f0841c692
Bug: 145601433
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL --ei "android.provider.extra.BIOMETRIC_MINIMUM_STRENGTH_REQUIRED" 1
Test: Log is seen
Change-Id: Ied5fba6de257f72a809536402d7afc8061570abe
- Default backup screen lock type to PIN when in SUW
- Propagate the result codes in BiometricEnrollIntroduction, so that
when the user hits back, SUW will get RESULT_CANCELED
- Follow-up change that was missed in ag/6664364 to not start activity
when neither fingerprint nor face is available
Test: Manual
Bug: 120797018
Change-Id: I6d4f662928451fb86f301ddb5c6586622c7e6cf7
When running in setup flow:
- If fingerprint enrollment is desired, go to
SetupFingerprintEnrollIntroduction
- Makes sure WizardManagerHelper.copyWizardManagerExtras is called
to propagate the extras from the incoming intent, propagating
extras like whether we are in initial / deferred setup flow, theme,
etc.
- Forward the result code in BiometricEnrollActivity using
FLAG_ACTIVITY_FORWARD_RESULT
Bug: 120797018
Test: Manual
Change-Id: Ibc0ecc035141d62339f5f664346ed108570e0905
