Do not use canAuthenticate() to check if user can reset lockout
canAuthenticate() is meant for apps so it will reflect the
FACE_UNLOCK_APP_ENABLED setting. If disabled, resetLockout will not be
run for that user.
Fixes: 138269776
Test: Disable unlocking for apps, get locked out, enter password.
Lockout is reset now.
Change-Id: I5d7bf3abbac7c8982595d5733464a887ab5184ab
diff --git a/core/java/android/hardware/biometrics/BiometricManager.java b/core/java/android/hardware/biometrics/BiometricManager.java
index af66dc1..d8110f3 100644
--- a/core/java/android/hardware/biometrics/BiometricManager.java
+++ b/core/java/android/hardware/biometrics/BiometricManager.java
@@ -129,6 +129,25 @@
}
/**
+ * @hide
+ * @param userId
+ * @return
+ */
+ @RequiresPermission(USE_BIOMETRIC_INTERNAL)
+ public boolean hasEnrolledBiometrics(int userId) {
+ if (mService != null) {
+ try {
+ return mService.hasEnrolledBiometrics(userId);
+ } catch (RemoteException e) {
+ Slog.w(TAG, "Remote exception in hasEnrolledBiometrics(): " + e);
+ return false;
+ }
+ } else {
+ return false;
+ }
+ }
+
+ /**
* Listens for changes to biometric eligibility on keyguard from user settings.
* @param callback
* @hide
diff --git a/core/java/android/hardware/biometrics/IBiometricService.aidl b/core/java/android/hardware/biometrics/IBiometricService.aidl
index 18c14cb..f0a0b2f 100644
--- a/core/java/android/hardware/biometrics/IBiometricService.aidl
+++ b/core/java/android/hardware/biometrics/IBiometricService.aidl
@@ -42,6 +42,9 @@
// Checks if biometrics can be used.
int canAuthenticate(String opPackageName, int userId);
+ // Checks if any biometrics are enrolled.
+ boolean hasEnrolledBiometrics(int userId);
+
// Register callback for when keyguard biometric eligibility changes.
void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback);
diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index bd3cd54..af2f24f 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -789,6 +789,23 @@
return error;
}
+ @Override
+ public boolean hasEnrolledBiometrics(int userId) {
+ checkInternalPermission();
+
+ final long ident = Binder.clearCallingIdentity();
+ try {
+ for (int i = 0; i < mAuthenticators.size(); i++) {
+ if (mAuthenticators.get(i).mAuthenticator.hasEnrolledTemplates(userId)) {
+ return true;
+ }
+ }
+ } finally {
+ Binder.restoreCallingIdentity(ident);
+ }
+ return false;
+ }
+
@Override // Binder call
public void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback)
throws RemoteException {
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 433ce81..9510db0 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -446,7 +446,7 @@
public boolean hasEnrolledBiometrics(int userId) {
BiometricManager bm = mContext.getSystemService(BiometricManager.class);
- return bm.canAuthenticate(userId) == BiometricManager.BIOMETRIC_SUCCESS;
+ return bm.hasEnrolledBiometrics(userId);
}
public int binderGetCallingUid() {