Merge "Add use fingerprint app op - framework" into mnc-dev
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 75f987f..8a3c9c8 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -221,8 +221,10 @@
public static final int OP_USE_SIP = 53;
/** @hide Intercept outgoing calls. */
public static final int OP_PROCESS_OUTGOING_CALLS = 54;
+ /** @hide User the fingerprint API. */
+ public static final int OP_USE_FINGERPRINT = 55;
/** @hide */
- public static final int _NUM_OP = 55;
+ public static final int _NUM_OP = 56;
/** Access to coarse location information. */
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
@@ -357,7 +359,8 @@
OP_READ_PHONE_STATE,
OP_ADD_VOICEMAIL,
OP_USE_SIP,
- OP_PROCESS_OUTGOING_CALLS
+ OP_PROCESS_OUTGOING_CALLS,
+ OP_USE_FINGERPRINT
};
/**
@@ -419,6 +422,7 @@
null,
null,
null,
+ null,
null
};
@@ -481,7 +485,8 @@
"OP_READ_PHONE_STATE",
"ADD_VOICEMAIL",
"USE_SIP",
- "PROCESS_OUTGOING_CALLS"
+ "PROCESS_OUTGOING_CALLS",
+ "USE_FINGERPRINT"
};
/**
@@ -543,7 +548,8 @@
Manifest.permission.READ_PHONE_STATE,
Manifest.permission.ADD_VOICEMAIL,
Manifest.permission.USE_SIP,
- Manifest.permission.PROCESS_OUTGOING_CALLS
+ Manifest.permission.PROCESS_OUTGOING_CALLS,
+ Manifest.permission.USE_FINGERPRINT
};
/**
@@ -606,7 +612,8 @@
null, // READ_PHONE_STATE
null, // ADD_VOICEMAIL
null, // USE_SIP
- null // PROCESS_OUTGOING_CALLS
+ null, // PROCESS_OUTGOING_CALLS
+ null // USE_FINGERPRINT
};
/**
@@ -668,7 +675,8 @@
false, //READ_PHONE_STATE
false, //ADD_VOICEMAIL
false, // USE_SIP
- false // PROCESS_OUTGOING_CALLS
+ false, // PROCESS_OUTGOING_CALLS
+ false // USE_FINGERPRINT
};
/**
@@ -729,6 +737,7 @@
AppOpsManager.MODE_ALLOWED,
AppOpsManager.MODE_ALLOWED,
AppOpsManager.MODE_ALLOWED,
+ AppOpsManager.MODE_ALLOWED,
AppOpsManager.MODE_ALLOWED
};
@@ -794,6 +803,7 @@
false,
false,
false,
+ false,
false
};
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java
index 9f344ad..779448b 100644
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -434,7 +434,8 @@
mAuthenticationCallback = callback;
mCryptoObject = crypto;
long sessionId = crypto != null ? crypto.getOpId() : 0;
- mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags);
+ mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags,
+ mContext.getOpPackageName());
} catch (RemoteException e) {
Log.w(TAG, "Remote exception while authenticating: ", e);
if (callback != null) {
@@ -555,7 +556,7 @@
*/
public List<Fingerprint> getEnrolledFingerprints(int userId) {
if (mService != null) try {
- return mService.getEnrolledFingerprints(userId);
+ return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName());
} catch (RemoteException e) {
Log.v(TAG, "Remote exception in getEnrolledFingerprints: ", e);
}
@@ -579,7 +580,8 @@
*/
public boolean hasEnrolledFingerprints() {
if (mService != null) try {
- return mService.hasEnrolledFingerprints(UserHandle.myUserId());
+ return mService.hasEnrolledFingerprints(UserHandle.myUserId(),
+ mContext.getOpPackageName());
} catch (RemoteException e) {
Log.v(TAG, "Remote exception in getEnrolledFingerprints: ", e);
}
@@ -595,7 +597,7 @@
if (mService != null) {
try {
long deviceId = 0; /* TODO: plumb hardware id to FPMS */
- return mService.isHardwareDetected(deviceId);
+ return mService.isHardwareDetected(deviceId, mContext.getOpPackageName());
} catch (RemoteException e) {
Log.v(TAG, "Remote exception in isFingerprintHardwareDetected(): ", e);
}
@@ -614,7 +616,7 @@
public long getAuthenticatorId() {
if (mService != null) {
try {
- return mService.getAuthenticatorId();
+ return mService.getAuthenticatorId(mContext.getOpPackageName());
} catch (RemoteException e) {
Log.v(TAG, "Remote exception in getAuthenticatorId(): ", e);
}
@@ -736,7 +738,7 @@
private void cancelAuthentication(CryptoObject cryptoObject) {
if (mService != null) try {
- mService.cancelAuthentication(mToken);
+ mService.cancelAuthentication(mToken, mContext.getOpPackageName());
} catch (RemoteException e) {
if (DEBUG) Log.w(TAG, "Remote exception while canceling enrollment");
}
diff --git a/core/java/android/hardware/fingerprint/IFingerprintService.aidl b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
index c5ec08c..0484806 100644
--- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl
@@ -27,10 +27,10 @@
interface IFingerprintService {
// Authenticate the given sessionId with a fingerprint
void authenticate(IBinder token, long sessionId, int groupId,
- IFingerprintServiceReceiver receiver, int flags);
+ IFingerprintServiceReceiver receiver, int flags, String opPackageName);
// Cancel authentication for the given sessionId
- void cancelAuthentication(IBinder token);
+ void cancelAuthentication(IBinder token, String opPackageName);
// Start fingerprint enrollment
void enroll(IBinder token, in byte [] cryptoToken, int groupId, IFingerprintServiceReceiver receiver,
@@ -46,16 +46,16 @@
void rename(int fingerId, int groupId, String name);
// Get a list of enrolled fingerprints in the given group.
- List<Fingerprint> getEnrolledFingerprints(int groupId);
+ List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName);
// Determine if HAL is loaded and ready
- boolean isHardwareDetected(long deviceId);
+ boolean isHardwareDetected(long deviceId, String opPackageName);
// Get a pre-enrollment authentication token
long preEnroll(IBinder token);
// Determine if a user has at least one enrolled fingerprint
- boolean hasEnrolledFingerprints(int groupId);
+ boolean hasEnrolledFingerprints(int groupId, String opPackageName);
// Gets the number of hardware devices
// int getHardwareDeviceCount();
@@ -64,5 +64,5 @@
// long getHardwareDevice(int i);
// Gets the authenticator ID for fingerprint
- long getAuthenticatorId();
+ long getAuthenticatorId(String opPackageName);
}
diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java
index 6b5908d..ed8519a 100644
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -16,14 +16,15 @@
package com.android.server.fingerprint;
+import android.app.AppOpsManager;
import android.content.ContentResolver;
import android.content.Context;
+import android.os.Binder;
import android.os.Handler;
import android.os.IBinder;
import android.os.Looper;
import android.os.MessageQueue;
import android.os.RemoteException;
-import android.util.ArrayMap;
import android.util.Slog;
import com.android.server.SystemService;
@@ -39,6 +40,7 @@
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
/**
@@ -55,6 +57,8 @@
private ClientMonitor mEnrollClient = null;
private ClientMonitor mRemoveClient = null;
+ private final AppOpsManager mAppOps;
+
private static final int MSG_NOTIFY = 10;
private static final int ENROLLMENT_TIMEOUT_MS = 60 * 1000; // 1 minute
@@ -96,6 +100,7 @@
public FingerprintService(Context context) {
super(context);
mContext = context;
+ mAppOps = context.getSystemService(AppOpsManager.class);
nativeInit(Looper.getMainLooper().getQueue(), this);
}
@@ -361,6 +366,13 @@
"Must have " + permission + " permission.");
}
+ private boolean canUserFingerPrint(String opPackageName) {
+ checkPermission(USE_FINGERPRINT);
+
+ return mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, Binder.getCallingUid(),
+ opPackageName) == AppOpsManager.MODE_ALLOWED;
+ }
+
private class ClientMonitor implements IBinder.DeathRecipient {
IBinder token;
IFingerprintServiceReceiver receiver;
@@ -522,8 +534,11 @@
@Override
// Binder call
public void authenticate(final IBinder token, final long opId, final int groupId,
- final IFingerprintServiceReceiver receiver, final int flags) {
+ final IFingerprintServiceReceiver receiver, final int flags, String opPackageName) {
checkPermission(USE_FINGERPRINT);
+ if (!canUserFingerPrint(opPackageName)) {
+ return;
+ }
mHandler.post(new Runnable() {
@Override
public void run() {
@@ -535,8 +550,10 @@
@Override
// Binder call
- public void cancelAuthentication(final IBinder token) {
- checkPermission(USE_FINGERPRINT);
+ public void cancelAuthentication(final IBinder token, String opPackageName) {
+ if (!canUserFingerPrint(opPackageName)) {
+ return;
+ }
mHandler.post(new Runnable() {
@Override
public void run() {
@@ -561,8 +578,10 @@
@Override
// Binder call
- public boolean isHardwareDetected(long deviceId) {
- checkPermission(USE_FINGERPRINT);
+ public boolean isHardwareDetected(long deviceId, String opPackageName) {
+ if (!canUserFingerPrint(opPackageName)) {
+ return false;
+ }
return mHalDeviceId != 0; // TODO
}
@@ -580,21 +599,27 @@
@Override
// Binder call
- public List<Fingerprint> getEnrolledFingerprints(int groupId) {
- checkPermission(USE_FINGERPRINT);
+ public List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName) {
+ if (!canUserFingerPrint(opPackageName)) {
+ return Collections.emptyList();
+ }
return FingerprintService.this.getEnrolledFingerprints(groupId);
}
@Override
// Binder call
- public boolean hasEnrolledFingerprints(int groupId) {
- checkPermission(USE_FINGERPRINT);
+ public boolean hasEnrolledFingerprints(int groupId, String opPackageName) {
+ if (!canUserFingerPrint(opPackageName)) {
+ return false;
+ }
return FingerprintService.this.hasEnrolledFingerprints(groupId);
}
@Override
- public long getAuthenticatorId() {
- checkPermission(USE_FINGERPRINT);
+ public long getAuthenticatorId(String opPackageName) {
+ if (!canUserFingerPrint(opPackageName)) {
+ return 0;
+ }
return nativeGetAuthenticatorId();
}
}