Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / a24e9fd9acf0c7abbdbe40dbc2c2015d28acad49^! / . / core / res
commita24e9fd9acf0c7abbdbe40dbc2c2015d28acad49[log] [tgz]
authorKevin Chyn <kchyn@google.com>Mon Aug 27 12:39:17 2018 -0700
committerKevin Chyn <kchyn@google.com>Thu Aug 30 14:49:32 2018 -0700
treea5407268d03f9a7198161fe786670cffb6106c03
parent836f2cfb9eaee16458876f8ddaa2d3f778f02be1 [diff]
Add BiometricPromptService

The change introduces the following:
  - BiometricPrompt communicatates with BiometricPromptService (new)
    system service. The service does the decision making for which
    biometric modality to use.
  - As a result, a lot of logic is moved from <Biometric>Manager
    to BiometricPrompt. FingerprintManager now does not care about
    BiometricPrompt logic anymore (reverts several P changes).

Face, and all future <Biometric>Service interfaces must be protected by
the signature-only MANAGE_BIOMETRIC permission. Settings, SystemUI, and
BiometricPromptService are their only clients.

Bug: 72825012

Test: BiometricPromptDemo works
Test: Keyguard works
Test: Settings works

Change-Id: I2b7d6eff81bc07950202c50e592d733032523bf0

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 67bdbf6..5258518 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -3748,9 +3748,13 @@
     <permission android:name="android.permission.RESET_FINGERPRINT_LOCKOUT"
         android:protectionLevel="signature" />
 
-    <!-- Allows managing (adding, removing) facial templates. Reserved for the system. @hide -->
-    <permission android:name="android.permission.MANAGE_FACE"
-        android:protectionLevel="signature|privileged" />
+    <!-- Allows direct access to the <Biometric>Service interfaces. Reserved for the system. @hide -->
+    <permission android:name="android.permission.MANAGE_BIOMETRIC"
+        android:protectionLevel="signature" />
+
+    <!-- Allows direct access to the <Biometric>Service authentication methods. Reserved for the system. @hide -->
+    <permission android:name="android.permission.USE_BIOMETRIC_INTERNAL"
+        android:protectionLevel="signature" />
 
     <!-- Allows an app to reset face authentication attempt counter. Reserved for the system. @hide -->
     <permission android:name="android.permission.RESET_FACE_LOCKOUT"

diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index dfd5e81..e3b90526 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml

@@ -1397,6 +1397,9 @@
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permdesc_mediaLocation">Allows the app to read locations from your media collection.</string>
 
+    <!-- Message shown when biometric hardware is not available [CHAR LIMIT=50] -->
+    <string name="biometric_error_hw_unavailable">Biometric hardware unavailable</string>
+
     <!-- Message shown during fingerprint acquisision when the fingerprint cannot be recognized -->
     <string name="fingerprint_acquired_partial">Partial fingerprint detected. Please try again.</string>
     <!-- Message shown during fingerprint acquisision when the fingerprint cannot be recognized -->

diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 8ac2474..c6387f0 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml

@@ -2392,6 +2392,9 @@
   <!-- From KeyguardServiceDelegate -->
   <java-symbol type="string" name="config_keyguardComponent" />
 
+  <!-- Biometric messages -->
+  <java-symbol type="string" name="biometric_error_hw_unavailable" />
+
   <!-- Fingerprint messages -->
   <java-symbol type="string" name="fingerprint_error_unable_to_process" />
   <java-symbol type="string" name="fingerprint_error_hw_not_available" />