7b0867c6d3
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
152 lines
5.0 KiB
Java
152 lines
5.0 KiB
Java
/*
|
|
* Copyright (C) 2015 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package com.android.settings.password;
|
|
|
|
import android.content.Context;
|
|
import android.content.Intent;
|
|
import android.os.AsyncTask;
|
|
import android.os.Bundle;
|
|
import android.os.UserHandle;
|
|
import android.os.UserManager;
|
|
import android.util.Pair;
|
|
import android.widget.Toast;
|
|
|
|
import androidx.fragment.app.Fragment;
|
|
|
|
import com.android.internal.widget.LockPatternUtils;
|
|
import com.android.internal.widget.LockscreenCredential;
|
|
import com.android.settings.R;
|
|
|
|
/**
|
|
* An invisible retained worker fragment to track the AsyncWork that saves (and optionally
|
|
* verifies if a challenge is given) the chosen lock credential (pattern/pin/password).
|
|
*/
|
|
abstract class SaveChosenLockWorkerBase extends Fragment {
|
|
|
|
private Listener mListener;
|
|
private boolean mFinished;
|
|
private Intent mResultData;
|
|
|
|
protected LockPatternUtils mUtils;
|
|
protected boolean mRequestGatekeeperPassword;
|
|
protected boolean mWasSecureBefore;
|
|
protected int mUserId;
|
|
protected int mUnificationProfileId = UserHandle.USER_NULL;
|
|
protected LockscreenCredential mUnificationProfileCredential;
|
|
|
|
private boolean mBlocking;
|
|
|
|
@Override
|
|
public void onCreate(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setRetainInstance(true);
|
|
}
|
|
|
|
public void setListener(Listener listener) {
|
|
if (mListener == listener) {
|
|
return;
|
|
}
|
|
|
|
mListener = listener;
|
|
if (mFinished && mListener != null) {
|
|
mListener.onChosenLockSaveFinished(mWasSecureBefore, mResultData);
|
|
}
|
|
}
|
|
|
|
protected void prepare(LockPatternUtils utils, boolean credentialRequired,
|
|
boolean requestGatekeeperPassword, int userId) {
|
|
mUtils = utils;
|
|
mUserId = userId;
|
|
mRequestGatekeeperPassword = requestGatekeeperPassword;
|
|
// This will be a no-op for non managed profiles.
|
|
mWasSecureBefore = mUtils.isSecure(mUserId);
|
|
|
|
Context context = getContext();
|
|
// If context is null, we're being invoked to change the setCredentialRequiredToDecrypt,
|
|
// and we made sure that this is the primary user already.
|
|
if (context == null || UserManager.get(context).getUserInfo(mUserId).isPrimary()) {
|
|
mUtils.setCredentialRequiredToDecrypt(credentialRequired);
|
|
}
|
|
|
|
mFinished = false;
|
|
mResultData = null;
|
|
}
|
|
|
|
protected void start() {
|
|
if (mBlocking) {
|
|
finish(saveAndVerifyInBackground().second);
|
|
} else {
|
|
new Task().execute();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Executes the save and verify work in background.
|
|
* @return pair where the first is a boolean confirming whether the change was successful or not
|
|
* and second is the Intent which has the challenge token or is null.
|
|
*/
|
|
protected abstract Pair<Boolean, Intent> saveAndVerifyInBackground();
|
|
|
|
protected void finish(Intent resultData) {
|
|
mFinished = true;
|
|
mResultData = resultData;
|
|
if (mListener != null) {
|
|
mListener.onChosenLockSaveFinished(mWasSecureBefore, mResultData);
|
|
}
|
|
if (mUnificationProfileCredential != null) {
|
|
mUnificationProfileCredential.zeroize();
|
|
}
|
|
}
|
|
|
|
public void setBlocking(boolean blocking) {
|
|
mBlocking = blocking;
|
|
}
|
|
|
|
public void setProfileToUnify(int profileId, LockscreenCredential credential) {
|
|
mUnificationProfileId = profileId;
|
|
mUnificationProfileCredential = credential.duplicate();
|
|
}
|
|
|
|
protected void unifyProfileCredentialIfRequested() {
|
|
if (mUnificationProfileId != UserHandle.USER_NULL) {
|
|
mUtils.setSeparateProfileChallengeEnabled(mUnificationProfileId, false,
|
|
mUnificationProfileCredential);
|
|
}
|
|
}
|
|
|
|
private class Task extends AsyncTask<Void, Void, Pair<Boolean, Intent>> {
|
|
|
|
@Override
|
|
protected Pair<Boolean, Intent> doInBackground(Void... params){
|
|
return saveAndVerifyInBackground();
|
|
}
|
|
|
|
@Override
|
|
protected void onPostExecute(Pair<Boolean, Intent> resultData) {
|
|
if (!resultData.first) {
|
|
Toast.makeText(getContext(), R.string.lockpassword_credential_changed,
|
|
Toast.LENGTH_LONG).show();
|
|
}
|
|
finish(resultData.second);
|
|
}
|
|
}
|
|
|
|
interface Listener {
|
|
void onChosenLockSaveFinished(boolean wasSecureBefore, Intent resultData);
|
|
}
|
|
}
|