commit 5be4d295c08614eaf8afd012f90e5c7726bc293e
author Jorim Jaggi <jjaggi@google.com> Tue May 05 20:51:17 2015 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Tue May 05 20:51:18 2015 +0000
tree b7d340c271363c0ce777cb2b27d3ea0649d065d0
parent d5304020b29762ce79d66c1ed3028b0ee30c68ad
parent 237b061182d36fd3bf2238092ccf3d529ec8877b

Merge "Only enable fingerprint auth after first regular auth" into mnc-dev

core/java/android/app/trust/ITrustManager.aidl

diff --git a/core/java/android/app/trust/ITrustManager.aidl b/core/java/android/app/trust/ITrustManager.aidl
index 17cff5c..32951d9 100644
--- a/core/java/android/app/trust/ITrustManager.aidl
+++ b/core/java/android/app/trust/ITrustManager.aidl
@@ -32,4 +32,5 @@
     void reportKeyguardShowingChanged();
     boolean isDeviceLocked(int userId);
     boolean isDeviceSecure(int userId);
+    boolean hasUserAuthenticatedSinceBoot(int userId);
 }

core/java/android/app/trust/TrustManager.java

diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index b5c5317..8cab565 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -147,6 +147,23 @@
         }
     }
 
+    /**
+     * Checks whether the specified user has been authenticated since the last boot.
+     *
+     * @param userId the user id of the user to check for
+     * @return true if the user has authenticated since boot, false otherwise
+     *
+     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
+     */
+    public boolean hasUserAuthenticatedSinceBoot(int userId) {
+        try {
+            return mService.hasUserAuthenticatedSinceBoot(userId);
+        } catch (RemoteException e) {
+            onError(e);
+            return false;
+        }
+    }
+
     private void onError(Exception e) {
         Log.e(TAG, "Error while calling TrustManagerService", e);
     }

packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java

diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
index c7b7628..842cf73 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -58,7 +58,6 @@
 import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback;
 import android.hardware.fingerprint.FingerprintUtils;
 import android.hardware.fingerprint.FingerprintManager.AuthenticationResult;
-import android.service.trust.TrustAgentService;
 import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
@@ -154,6 +153,7 @@
     private SubscriptionManager mSubscriptionManager;
     private List<SubscriptionInfo> mSubscriptionInfo;
     private boolean mFingerprintDetectionRunning;
+    private TrustManager mTrustManager;
 
     private final Handler mHandler = new Handler() {
         @Override
@@ -784,8 +784,8 @@
             e.printStackTrace();
         }
 
-        TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
-        trustManager.registerTrustListener(this);
+        mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
+        mTrustManager.registerTrustListener(this);
 
         mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
         updateFingerprintListeningState();
@@ -801,7 +801,8 @@
     }
 
     private boolean shouldListenForFingerprint() {
-        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser;
+        return mScreenOn && mKeyguardIsVisible && !mSwitchingUser
+                && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser());
     }
 
     private void startListeningForFingerprint() {

services/core/java/com/android/server/trust/TrustManagerService.java

diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 7d2fb43..726db4e 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -227,7 +227,7 @@
             if (!userInfo.supportsSwitchTo()) continue;
             if (!mActivityManager.isUserRunning(userInfo.id)) continue;
             if (!lockPatternUtils.isSecure(userInfo.id)) continue;
-            if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue;
+            if (!getUserHasAuthenticated(userInfo.id)) continue;
             DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
             int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
             final boolean disableTrustAgents =
@@ -506,7 +506,7 @@
     // Agent dispatch and aggregation
 
     private boolean aggregateIsTrusted(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        if (!getUserHasAuthenticated(userId)) {
             return false;
         }
         for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -521,7 +521,7 @@
     }
 
     private boolean aggregateIsTrustManaged(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+        if (!getUserHasAuthenticated(userId)) {
             return false;
         }
         for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -549,21 +549,44 @@
     }
 
     private void updateUserHasAuthenticated(int userId) {
-        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
-            mUserHasAuthenticatedSinceBoot.put(userId, true);
+        boolean changed = setUserHasAuthenticated(userId);
+        if (changed) {
             refreshAgentList(userId);
         }
     }
 
+    private boolean getUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            return mUserHasAuthenticatedSinceBoot.get(userId);
+        }
+    }
+
+    /**
+     * @return whether the value has changed
+     */
+    private boolean setUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+                mUserHasAuthenticatedSinceBoot.put(userId, true);
+                return true;
+            }
+            return false;
+        }
+    }
+
+    private void clearUserHasAuthenticated(int userId) {
+        synchronized (mUserHasAuthenticatedSinceBoot) {
+            if (userId == UserHandle.USER_ALL) {
+                mUserHasAuthenticatedSinceBoot.clear();
+            } else {
+                mUserHasAuthenticatedSinceBoot.put(userId, false);
+            }
+        }
+    }
 
     private void requireCredentialEntry(int userId) {
-        if (userId == UserHandle.USER_ALL) {
-            mUserHasAuthenticatedSinceBoot.clear();
-            refreshAgentList(UserHandle.USER_ALL);
-        } else {
-            mUserHasAuthenticatedSinceBoot.put(userId, false);
-            refreshAgentList(userId);
-        }
+        clearUserHasAuthenticated(userId);
+        refreshAgentList(userId);
     }
 
     // Listeners
@@ -705,6 +728,18 @@
             }
         }
 
+        @Override
+        public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException {
+            mContext.enforceCallingOrSelfPermission(
+                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null);
+            long token = Binder.clearCallingIdentity();
+            try {
+                return getUserHasAuthenticated(userId);
+            } finally {
+                Binder.restoreCallingIdentity(token);
+            }
+        }
+
         private void enforceReportPermission() {
             mContext.enforceCallingOrSelfPermission(
                     Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");