Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / df9d33e9039d8567ea82f67a76d95a7ae7ab8df8^! / . / services / core / java / com / android / server / fingerprint / AuthenticationClient.java
commitdf9d33e9039d8567ea82f67a76d95a7ae7ab8df8[log] [tgz]
authorKevin Chyn <kchyn@google.com>Wed May 03 21:40:12 2017 -0700
committerKevin Chyn <kchyn@google.com>Fri May 12 13:01:01 2017 -0700
treecf1f0385686f410e41ee5a60d5d905b32b0866dd
parenta5b396b5cbbd7874b2bf3f5ca9eb819f97ad75ad [diff] [blame]
strong fp lockout after 20 failed attempts

Fingerprint currently locks out for 30s after every 5 failed attempts.

This change makes it so that in addition to the above,
PIN/pattern/password will be required after 20 failed attempts.

Fixes: 35954316

Test: manual
Change-Id: I3aeb0e5b5b4d5011555f60fbe6cc2c1ce702a670

diff --git a/services/core/java/com/android/server/fingerprint/AuthenticationClient.java b/services/core/java/com/android/server/fingerprint/AuthenticationClient.java
index fe49813..4fc6ddd 100644
--- a/services/core/java/com/android/server/fingerprint/AuthenticationClient.java
+++ b/services/core/java/com/android/server/fingerprint/AuthenticationClient.java

@@ -34,8 +34,13 @@
 public abstract class AuthenticationClient extends ClientMonitor {
     private long mOpId;
 
-    public abstract boolean handleFailedAttempt();
+    public abstract int handleFailedAttempt();
     public abstract void resetFailedAttempts();
+
+    public static final int LOCKOUT_NONE = 0;
+    public static final int LOCKOUT_TIMED = 1;
+    public static final int LOCKOUT_PERMANENT = 2;
+
     private boolean mAlreadyCancelled;
 
     public AuthenticationClient(Context context, long halDeviceId, IBinder token,
@@ -79,19 +84,21 @@
                 FingerprintUtils.vibrateFingerprintError(getContext());
             }
             // allow system-defined limit of number of attempts before giving up
-            boolean inLockoutMode =  handleFailedAttempt();
-            // send lockout event in case driver doesn't enforce it.
-            if (inLockoutMode) {
+            int lockoutMode =  handleFailedAttempt();
+            if (lockoutMode != LOCKOUT_NONE) {
                 try {
-                    Slog.w(TAG, "Forcing lockout (fp driver code should do this!)");
-                    stop(false); // cancel fingerprint authentication
-                    receiver.onError(getHalDeviceId(),
-                            FingerprintManager.FINGERPRINT_ERROR_LOCKOUT, 0 /* vendorCode */);
+                    Slog.w(TAG, "Forcing lockout (fp driver code should do this!), mode(" +
+                            lockoutMode + ")");
+                    stop(false);
+                    int errorCode = lockoutMode == LOCKOUT_TIMED ?
+                            FingerprintManager.FINGERPRINT_ERROR_LOCKOUT :
+                            FingerprintManager.FINGERPRINT_ERROR_LOCKOUT_PERMANENT;
+                    receiver.onError(getHalDeviceId(), errorCode, 0 /* vendorCode */);
                 } catch (RemoteException e) {
                     Slog.w(TAG, "Failed to notify lockout:", e);
                 }
             }
-            result |= inLockoutMode;
+            result |= lockoutMode != LOCKOUT_NONE; // in a lockout mode
         } else {
             if (receiver != null) {
                 FingerprintUtils.vibrateFingerprintSuccess(getContext());