commit 27f9231e496a725b4752b59f0bb66b7632fe5643
author Kevin Chyn <kchyn@google.com> Fri Jul 26 12:41:33 2019 -0700
committer Kevin Chyn <kchyn@google.com> Fri Jul 26 13:10:47 2019 -0700
tree 262924b52b6ce163a0e701ac56715a8f40d9572f
parent 5818412305a0c2fbaa399874ca00d479dd20d135

Do not use canAuthenticate() to check if user can reset lockout

canAuthenticate() is meant for apps so it will reflect the
FACE_UNLOCK_APP_ENABLED setting. If disabled, resetLockout will not be
run for that user.

Fixes: 138269776

Test: Disable unlocking for apps, get locked out, enter password.
      Lockout is reset now.

Change-Id: I5d7bf3abbac7c8982595d5733464a887ab5184ab

core/java/android/hardware/biometrics/BiometricManager.java

diff --git a/core/java/android/hardware/biometrics/BiometricManager.java b/core/java/android/hardware/biometrics/BiometricManager.java
index af66dc1..d8110f3 100644
--- a/core/java/android/hardware/biometrics/BiometricManager.java
+++ b/core/java/android/hardware/biometrics/BiometricManager.java
@@ -129,6 +129,25 @@
     }
 
     /**
+     * @hide
+     * @param userId
+     * @return
+     */
+    @RequiresPermission(USE_BIOMETRIC_INTERNAL)
+    public boolean hasEnrolledBiometrics(int userId) {
+        if (mService != null) {
+            try {
+                return mService.hasEnrolledBiometrics(userId);
+            } catch (RemoteException e) {
+                Slog.w(TAG, "Remote exception in hasEnrolledBiometrics(): " + e);
+                return false;
+            }
+        } else {
+            return false;
+        }
+    }
+
+    /**
      * Listens for changes to biometric eligibility on keyguard from user settings.
      * @param callback
      * @hide

core/java/android/hardware/biometrics/IBiometricService.aidl

diff --git a/core/java/android/hardware/biometrics/IBiometricService.aidl b/core/java/android/hardware/biometrics/IBiometricService.aidl
index 18c14cb..f0a0b2f 100644
--- a/core/java/android/hardware/biometrics/IBiometricService.aidl
+++ b/core/java/android/hardware/biometrics/IBiometricService.aidl
@@ -42,6 +42,9 @@
     // Checks if biometrics can be used.
     int canAuthenticate(String opPackageName, int userId);
 
+    // Checks if any biometrics are enrolled.
+    boolean hasEnrolledBiometrics(int userId);
+
     // Register callback for when keyguard biometric eligibility changes.
     void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback);
 

services/core/java/com/android/server/biometrics/BiometricService.java

diff --git a/services/core/java/com/android/server/biometrics/BiometricService.java b/services/core/java/com/android/server/biometrics/BiometricService.java
index bd3cd54..af2f24f 100644
--- a/services/core/java/com/android/server/biometrics/BiometricService.java
+++ b/services/core/java/com/android/server/biometrics/BiometricService.java
@@ -789,6 +789,23 @@
             return error;
         }
 
+        @Override
+        public boolean hasEnrolledBiometrics(int userId) {
+            checkInternalPermission();
+
+            final long ident = Binder.clearCallingIdentity();
+            try {
+                for (int i = 0; i < mAuthenticators.size(); i++) {
+                    if (mAuthenticators.get(i).mAuthenticator.hasEnrolledTemplates(userId)) {
+                        return true;
+                    }
+                }
+            } finally {
+                Binder.restoreCallingIdentity(ident);
+            }
+            return false;
+        }
+
         @Override // Binder call
         public void registerEnabledOnKeyguardCallback(IBiometricEnabledOnKeyguardCallback callback)
                 throws RemoteException {

services/core/java/com/android/server/locksettings/LockSettingsService.java

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 433ce81..9510db0 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -446,7 +446,7 @@
 
         public boolean hasEnrolledBiometrics(int userId) {
             BiometricManager bm = mContext.getSystemService(BiometricManager.class);
-            return bm.canAuthenticate(userId) == BiometricManager.BIOMETRIC_SUCCESS;
+            return bm.hasEnrolledBiometrics(userId);
         }
 
         public int binderGetCallingUid() {