When requestGatekeeperHat() throws exception in FaceEnrollIntroduction
page, remove gk_pw_handle and recreate activity to trigger confirmLock.
Test: robotest for FaceEnrollIntroductionTest
Bug: 234437174
Change-Id: Ie1dd6f36e4deb3f776e3b39acd165fc47d04f526
We need to watch the lifecycle so that we can unregister callbacks and
not cause leaks.
This change also rewrites the SensorPrivacyManagerHelper. The previous
implmementation was using deprecated apis. It also had an issue where
if a callback was added it would not necessarily register alistener with
the callback with the service since that was only done when the value is
checked. Now we register a listener when the class is instantiated and
with the new API there will only be the 1.
Finally we impove the tests to have more coverage and test both
SensorToggleControllers and the SensorPRivacyManagerHelper class.
Test: Use profiler to verify no more leaks
SensorToggleControllerTest, SensorPrivacyManagerHelperTest
Bug: 244280065
Change-Id: Ibf0bcee455444a104ca6800302907c3dc0de8f1f
Test: Skip FP, Enroll Face, hit back button, observe that you will go
back to Fingerprint enrollment.
Test: Verify that after completing a biometric enroll we no longer
show the introduction activity with a "Done" button.
Fixes: 229813512
Change-Id: Ie0d7ce5d5cef084b3614afce10e05dc72c86b492
Test: During SUW verified Fingerprint enrollment
comes before face.
Test: During SUW enrolled multiple fingerprints than 1 face.
Test: Skipped and cancelled on every possible screen to ensure behavior
was correct.
Bug: 228607474
Change-Id: I4c50763a804fe4eb9d62451eb2f957545857723e
Test: See below
Fixes: 203375738
Change-Id: I3e59191a8c936c7c7a3d8561e908593dbf9710b5
1. Enrolled a face during SUW
2. Pressed back on fingerprint enroll intro
3. Verified that the next button's text is chnaged to done
4. The done action launches the fingerprint enroll intro flow.
Change-Id: Id5d652257445e40426ade3d396a31ebf936cc348
Adds an info row that can be configured to show on the face enroll
introduction screen, indicating the relative security of face compared
to other authentication methods (e.g. pattern or PIN).
Test: Manual
Bug: 196254139
Change-Id: I956083887945ac97d15722b23a14ac458568dd9e
Work profiles and parental management both utilize the
DevicePolicyManager KEYGUARD_DISABLE_* flags. This CL ensures that
work profile strings are only shown for work profiles, and not
parent-managed devices.
Bug: 196060286
Bug: 196443744
Test: Set up child account, then enroll from Settings > Security
Change-Id: Ib5ed1d63dd5d58ac64caf30010e340ac7784c38f
Adds an activity result extra during multi-biometric enroll that
ensures fingerprint setup will not be repeated multiple times if
explicitly finished or skipped by the user. Also updates various
activities in the stack to ensure that they handle all possible result
codes correctly and pass along result data.
Test: Manually skip and complete at each stage of multi-biometric enroll
Test: Manually test single-biometric enroll flows for SUW and Settings
Fixes: 193601823
Change-Id: Ic5a8306068eb4c32009f146ad6fff824fde25a11
Adds an additional message about the "Require eyes to be open" setting
for Face Unlock to the intro/consent screen of enrollment, gated by a
config flag.
Test: Manual
Bug: 192272785
Change-Id: Idcd2395a290b74f4578898fdfebd05b81cd74075
Currently, the primary footer button on the face and fingerprint enroll
consent pages reads "I agree" even before the user has scrolled to the
bottom of the screen. This commit fixes the issue so that "More" is
displayed until the user scrolls to the bottom. The remaining logic is
left intact.
Test: Manual:
1. Start face or fingerprint enrollment
2. Confirm primary button shows "More" and secondary button is hidden
3. Press the "More" button or scroll to the bottom of the screen
4. Ensure primary button shows "I agree" and secondary shows "No thanks"
Fixes: 189268868
Change-Id: I02fa47d1de83bd5b5d82c733495ae579cbd2d6c6
No longer show the "No thanks" button until the user has
scrolled to the bottom of the introduction text.
This applies for both face and fingerprint enroll introduction screens.
Fixes: 189268868
Test: Manual
Change-Id: I0ccf6ae1d329df06f769f05288706ef22183bc21
Makes the following UI changes to the consent screens for face and
fingerprint enrollment:
- Sets description text in XML rather than in Java
- Highlight both primary and secondary buttons
- Use extracted highlight color for all icons
Test: Manually tested SUW flow
Bug: 188922185
Bug: 187458628
Bug: 183710943
Change-Id: I39d9b990dcbb82f443515a2175766dc51ca1180c
Updates the UI of the face enroll intro screen based on the latest
mocks, while still allowing strings to be overlaid depending on the
device and/or face auth implementation.
Test: Manually tested face enrollment
Bug: 187207438
Change-Id: I5d912261b1eecfc7a241d6b48d549c4ff253ecdf
Using the back buttons can cause a crash in at least two cases. Skipping
face enrollment and then starting/stopping any enrollment can lead to
an invalid token and failed HAT request. Backing out of the activity and
restarting it can also lead to using a stale token that fails.
Fix: 179336333
Test: manual on device
Change-Id: I0c1133e4c3d9c97997043ddc9374aa3cfc4f1c97
1) Adds a layout for multi-biometric selection in BiometricEnrollActivity
2) Adds widgets for checkboxes
3) Shows ConfirmLock*/ChooseLock* for multi-biometric devices in
BiometricEnrollActivity
4) finish()'s when loses foreground
5) Adds default string for ChooseLock* and multi-biometrics, e.g.
"Set up Password + Biometrics", as well as associated plumbing
to bring the user back to BiometricEnrollActivity once the
credential is enrolled
6) When max templates enrolled, checkbox becomes disabled and
description string is updated
Bug: 162341940
Bug: 152242790
Fixes: 161742393
No effect on existing devices with the following:
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL
Test: SUW
Test: make -j RunSettingsRoboTests
Exempt-From-Owner-Approval: Biometric-related change
to EncryptionInterstitial
Change-Id: I855460d50228ace24d4ec5fbe330f02ab406cc02
LockSettingsService returns a handle to the gatekeeper password
instead of the password itself now. As such, update areas of code
accordingly.
Bug: 161765592
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Ibc71ec88f8192620d041bfd125f400371708b296
Test: make -j56 RunSettingsRoboTests
Face Tests:
Test: Open face settings, remove face, add face
Test: Open face settings, but cancel credential confirmation.
Face settings does not show up
Test: adb shell am start -a android.app.action.SET_NEW_PASSWORD
Able to enroll face
Fingerprint Tests:
Test: Open fingerprint settings, add button is shown
Test: Open fingerprint settings, but cancel credential confirmation.
Fingerprint settings does not show up
Test: adb shell am start -a android.app.action.SET_NEW_PASSWORD
Able to enroll fingerprint
Bug: 162533680
Change-Id: Ie448ed086e73b0b545bd3a2e62437c543f7aad6c
GenerateChallenge used to block when showing the credential screen.
Now that GenerateChallenge is moved to after the credential screen
is shown, we need to delay the next button instead. This is generally
non percievable to the user, but this is more robust against busy
system server.
Fixes: 161325267
Test: Enroll fingerprint/face device
Change-Id: I0fbbef8bf469e32bed251acf22556ad2ea8e2933
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
The internal implementation of generate/revoke in system_server is now
asynchronous. To keep existing clients working, the manager classes
introduce a blocking version of the generateChallenge calls. This change
updates Settings to use the backward-compatible blocking calls.
Bug: 157790417
Test: Enroll fingerprint/face
Test: After enrollment, toggle setFeature or do subsequent enrollment
in face/fingerprint settings
Change-Id: Ib4dfdc5f12530b938ab9b1745f5a19cd9e2eceee
Currently, there are some biometric security setting and enrollment
screens which remain open after the user has backgrounded them. This
means that they can later be resumed without requiring the user to
confirm their device credential as normal.
This commit fixes the issue in AOSP by adding logic to the affected
biometric enrollment/setting activities in to finish() with
RESULT_TIMEOUT in onStop(). We don't want to finish() these activities
prematurely if the user is currently in a wizard setup flow, however. In
that case, this commit ensures that the newly added logic will not run.
Test: Pixel 3 - Background at each step of fingerprint enroll => finish
Test: Pixel 3 - Rotate at each step of fingerprint enroll => no finish
Test: Pixel 3 - Proceed though fingerprint setup wizard => no change
Bug: 142544519
Change-Id: I8ec0fa1e30bafe097d9dc82991ff786ebf24844b
Test: Verified in SUW/Settings user must scroll through contents in
order to go to the next screen.
Bug: 141380294
Change-Id: I483ab6ae6a282c81ba2f2c4d1d9d1f21c6cb9453
Test: Verified in SUW that enrollment will skip after
tapping the cancel button in the Introduction.
Fixes: 140702414
Change-Id: I9d9da0ff6d10b6ee6929cb52ff4a03a684f43d17
Bug: 134971919
Test: Entering keyguard on any enrollment screen finishes enrollment now
Test: Going back/forward works
Change-Id: I2c80a5586c10fa3feb780a5eadfe203abed52dea
1) Toggles resources between normal and accessibility enrollment
2) Add footer for more detail text
Fixes: 127514618
Bug: 111548033
Test: Builds
Change-Id: Ib0c47f04abc5ce9abbd8b27ef5782d1874379f16
When running in setup flow:
- If fingerprint enrollment is desired, go to
SetupFingerprintEnrollIntroduction
- Makes sure WizardManagerHelper.copyWizardManagerExtras is called
to propagate the extras from the incoming intent, propagating
extras like whether we are in initial / deferred setup flow, theme,
etc.
- Forward the result code in BiometricEnrollActivity using
FLAG_ACTIVITY_FORWARD_RESULT
Bug: 120797018
Test: Manual
Change-Id: Ibc0ecc035141d62339f5f664346ed108570e0905
