Adds logging to Settings for new authentication and biometric atoms
introduced as part of ag/13856328.
Test: Manually trigger each case and verify log statements are called.
Bug: 185136248
Change-Id: Ic41a89da4f148dc94864f140e85b55f63643681b
On devices with multiple biometric sensors, this removes the
interstitial screen in Setup Wizard that let the user choose whether to
enroll face, fingerprint, or both. Instead, such devices will always
show face enrollment followed by fingerprint, with the option to skip
either or both.
Test: Manually tested all enroll/skip combinations in SUW
Fixes: 183720580
Change-Id: I7f045579f732196bde28dd96e9443e4bb4c906ae
Fixes: 169629017
Test: Wipe device, go through setup flow with a managed account.
Successfully set up credential and fingerprint
During the conversion to GkPwHandle (instead of HAT), the code in
Choose/ConfirmLock* and most of the biometric paths were updated, with
the exception of 2a below.
1) Only multi-biometric devices request Choose/ConfirmLock in
BiometricEnrollActivity.
2) Single-biometric devices (in almost all paths) request credentials
in their intro activities (FingerprintEnrollIntro, etc).
2a) However, there is a special path used by work profiles where
credentials are first set up, and the GkPwHandle is passed into
BiometricEnrollActivity, with the request to skip the fingerprint
enroll introduction page. In this case, we must remember to
forward the GkPwHandle to the relavent enrollment page
(FingerprintEnrollFindSensor).
At some point in the future we should have all credential stuff
done in BiometricEnrollActivity. However, due to legacy APIs, etc,
it may be more work than it's worth right now.
Change-Id: I3f95876de6969fee7130d7a19c8db363da69c4c2
1) Adds a layout for multi-biometric selection in BiometricEnrollActivity
2) Adds widgets for checkboxes
3) Shows ConfirmLock*/ChooseLock* for multi-biometric devices in
BiometricEnrollActivity
4) finish()'s when loses foreground
5) Adds default string for ChooseLock* and multi-biometrics, e.g.
"Set up Password + Biometrics", as well as associated plumbing
to bring the user back to BiometricEnrollActivity once the
credential is enrolled
6) When max templates enrolled, checkbox becomes disabled and
description string is updated
Bug: 162341940
Bug: 152242790
Fixes: 161742393
No effect on existing devices with the following:
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL
Test: SUW
Test: make -j RunSettingsRoboTests
Exempt-From-Owner-Approval: Biometric-related change
to EncryptionInterstitial
Change-Id: I855460d50228ace24d4ec5fbe330f02ab406cc02
Test: fingerprint and face enroll via
adb shell am start -a android.settings.BIOMETRIC_ENROLL
Test: credential enroll via
adb shell am start -a android.settings.BIOMETRIC_ENROLL --ei android.provider.extra.BIOMETRIC_AUTHENTICATORS_ALLOWED 32768
Bug: 162341940
Bug: 152242790
Change-Id: Idfdf96891ba9a2394f61eedb0adde2adf9fd85e6
LockSettingsService returns a handle to the gatekeeper password
instead of the password itself now. As such, update areas of code
accordingly.
Bug: 161765592
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Ibc71ec88f8192620d041bfd125f400371708b296
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
Fixes: 151576034
Test: Wipe device, go past fingerprint enrollment in SUW, press
back button. SUW should not get stuck
Change-Id: I9021946dd169acfa205e6bacc4c4581242452983
SUW is using activity result codes already. Let's stick with the old
behavior until/if there's a way to make it work nicely.
Fixes: 151058692
Test: Skip fingerprint in SUW. Fingerprint not shown again in SUW.
Change-Id: I3c52cddd568dc5ded6bf810272ffb77f0841c692
Bug: 145601433
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL --ei "android.provider.extra.BIOMETRIC_MINIMUM_STRENGTH_REQUIRED" 1
Test: Log is seen
Change-Id: Ied5fba6de257f72a809536402d7afc8061570abe
- Default backup screen lock type to PIN when in SUW
- Propagate the result codes in BiometricEnrollIntroduction, so that
when the user hits back, SUW will get RESULT_CANCELED
- Follow-up change that was missed in ag/6664364 to not start activity
when neither fingerprint nor face is available
Test: Manual
Bug: 120797018
Change-Id: I6d4f662928451fb86f301ddb5c6586622c7e6cf7
When running in setup flow:
- If fingerprint enrollment is desired, go to
SetupFingerprintEnrollIntroduction
- Makes sure WizardManagerHelper.copyWizardManagerExtras is called
to propagate the extras from the incoming intent, propagating
extras like whether we are in initial / deferred setup flow, theme,
etc.
- Forward the result code in BiometricEnrollActivity using
FLAG_ACTIVITY_FORWARD_RESULT
Bug: 120797018
Test: Manual
Change-Id: Ibc0ecc035141d62339f5f664346ed108570e0905
