Add BiometricPromptService
The change introduces the following:
- BiometricPrompt communicatates with BiometricPromptService (new)
system service. The service does the decision making for which
biometric modality to use.
- As a result, a lot of logic is moved from <Biometric>Manager
to BiometricPrompt. FingerprintManager now does not care about
BiometricPrompt logic anymore (reverts several P changes).
Face, and all future <Biometric>Service interfaces must be protected by
the signature-only MANAGE_BIOMETRIC permission. Settings, SystemUI, and
BiometricPromptService are their only clients.
Bug: 72825012
Test: BiometricPromptDemo works
Test: Keyguard works
Test: Settings works
Change-Id: I2b7d6eff81bc07950202c50e592d733032523bf0
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 67bdbf6..5258518 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3748,9 +3748,13 @@
<permission android:name="android.permission.RESET_FINGERPRINT_LOCKOUT"
android:protectionLevel="signature" />
- <!-- Allows managing (adding, removing) facial templates. Reserved for the system. @hide -->
- <permission android:name="android.permission.MANAGE_FACE"
- android:protectionLevel="signature|privileged" />
+ <!-- Allows direct access to the <Biometric>Service interfaces. Reserved for the system. @hide -->
+ <permission android:name="android.permission.MANAGE_BIOMETRIC"
+ android:protectionLevel="signature" />
+
+ <!-- Allows direct access to the <Biometric>Service authentication methods. Reserved for the system. @hide -->
+ <permission android:name="android.permission.USE_BIOMETRIC_INTERNAL"
+ android:protectionLevel="signature" />
<!-- Allows an app to reset face authentication attempt counter. Reserved for the system. @hide -->
<permission android:name="android.permission.RESET_FACE_LOCKOUT"
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index dfd5e81..e3b90526 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -1397,6 +1397,9 @@
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_mediaLocation">Allows the app to read locations from your media collection.</string>
+ <!-- Message shown when biometric hardware is not available [CHAR LIMIT=50] -->
+ <string name="biometric_error_hw_unavailable">Biometric hardware unavailable</string>
+
<!-- Message shown during fingerprint acquisision when the fingerprint cannot be recognized -->
<string name="fingerprint_acquired_partial">Partial fingerprint detected. Please try again.</string>
<!-- Message shown during fingerprint acquisision when the fingerprint cannot be recognized -->
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 8ac2474..c6387f0 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -2392,6 +2392,9 @@
<!-- From KeyguardServiceDelegate -->
<java-symbol type="string" name="config_keyguardComponent" />
+ <!-- Biometric messages -->
+ <java-symbol type="string" name="biometric_error_hw_unavailable" />
+
<!-- Fingerprint messages -->
<java-symbol type="string" name="fingerprint_error_unable_to_process" />
<java-symbol type="string" name="fingerprint_error_hw_not_available" />