Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 531a34430072b9296aaeb47d9e7d04326a93fee4 / . / services / core / java / com / android / server / fingerprint / FingerprintService.java
blob: e9d684a6154e4102ef99ed2b254d2a4ca770418f [file] [log] [blame]
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]1/**
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.fingerprint;
18
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]19import android.Manifest;
Sasha Levitskiy80db9ba2015-05-08 14:31:48 -0700[diff] [blame]20import android.app.ActivityManager;
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]21import android.app.ActivityManager.RunningAppProcessInfo;
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]22import android.app.trust.TrustManager;
Jorim Jaggiaa4d32a2015-05-13 16:30:04 -0700[diff] [blame]23import android.app.ActivityManagerNative;
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]24import android.app.AlarmManager;
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]25import android.app.AppOpsManager;
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]26import android.app.PendingIntent;
Fyodor Kupolov6005b3f2015-11-23 17:41:50 -0800[diff] [blame]27import android.app.SynchronousUserSwitchObserver;
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]28import android.content.ComponentName;
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]29import android.content.BroadcastReceiver;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]30import android.content.Context;
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]31import android.content.Intent;
32import android.content.IntentFilter;
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]33import android.content.pm.PackageManager;
Jim Millercb7d9e92015-06-16 15:05:48 -0700[diff] [blame]34import android.content.pm.UserInfo;
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]35import android.hardware.fingerprint.IFingerprintServiceLockoutResetCallback;
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]36import android.os.Binder;
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]37import android.os.DeadObjectException;
Sasha Levitskiy80db9ba2015-05-08 14:31:48 -0700[diff] [blame]38import android.os.Environment;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]39import android.os.Handler;
40import android.os.IBinder;
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]41import android.os.PowerManager;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]42import android.os.RemoteException;
Jim Miller16ef71f2015-05-21 17:02:21 -0700[diff] [blame]43import android.os.SELinux;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]44import android.os.ServiceManager;
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]45import android.os.SystemClock;
Jim Miller599ef0e2015-06-15 20:39:44 -0700[diff] [blame]46import android.os.UserHandle;
Jim Millercb7d9e92015-06-16 15:05:48 -0700[diff] [blame]47import android.os.UserManager;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]48import android.util.Slog;
49
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]50import com.android.internal.logging.MetricsLogger;
Chris Wrenf6e9228b2016-01-26 18:04:35 -0500[diff] [blame]51import com.android.internal.logging.MetricsProto.MetricsEvent;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]52import com.android.server.SystemService;
53
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]54import org.json.JSONArray;
55import org.json.JSONException;
56import org.json.JSONObject;
57
Jim Millerebbf2052015-03-31 17:24:34 -0700[diff] [blame]58import android.hardware.fingerprint.Fingerprint;
59import android.hardware.fingerprint.FingerprintManager;
60import android.hardware.fingerprint.IFingerprintService;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]61import android.hardware.fingerprint.IFingerprintDaemon;
62import android.hardware.fingerprint.IFingerprintDaemonCallback;
Jim Millerebbf2052015-03-31 17:24:34 -0700[diff] [blame]63import android.hardware.fingerprint.IFingerprintServiceReceiver;
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]64
Clara Bayarri33fd3cf2016-02-19 16:54:49 +0000[diff] [blame]65import static android.Manifest.permission.INTERACT_ACROSS_USERS;
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]66import static android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREGROUND;
Jim Millerba67aee2015-02-20 16:21:26 -0800[diff] [blame]67import static android.Manifest.permission.MANAGE_FINGERPRINT;
Jim Millere0507bb2015-08-12 20:30:34 -0700[diff] [blame]68import static android.Manifest.permission.RESET_FINGERPRINT_LOCKOUT;
Jim Millerba67aee2015-02-20 16:21:26 -0800[diff] [blame]69import static android.Manifest.permission.USE_FINGERPRINT;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]70
Sasha Levitskiy80db9ba2015-05-08 14:31:48 -0700[diff] [blame]71import java.io.File;
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]72import java.io.FileDescriptor;
73import java.io.PrintWriter;
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]74import java.util.ArrayList;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]75import java.util.Arrays;
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]76import java.util.Collections;
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]77import java.util.List;
Jim Miller16ef71f2015-05-21 17:02:21 -0700[diff] [blame]78import java.util.NoSuchElementException;
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]79
80/**
81 * A service to manage multiple clients that want to access the fingerprint HAL API.
82 * The service is responsible for maintaining a list of clients and dispatching all
83 * fingerprint -related events.
84 *
85 * @hide
86 */
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]87public class FingerprintService extends SystemService implements IBinder.DeathRecipient {
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]88 private static final String TAG = "FingerprintService";
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]89 private static final boolean DEBUG = true;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]90 private static final String FP_DATA_DIR = "fpdata";
91 private static final String FINGERPRINTD = "android.hardware.fingerprint.IFingerprintDaemon";
92 private static final int MSG_USER_SWITCHING = 10;
93 private static final int ENROLLMENT_TIMEOUT_MS = 60 * 1000; // 1 minute
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]94 private static final String ACTION_LOCKOUT_RESET =
95 "com.android.server.fingerprint.ACTION_LOCKOUT_RESET";
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]96
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]97 private ClientMonitor mAuthClient = null;
98 private ClientMonitor mEnrollClient = null;
99 private ClientMonitor mRemoveClient = null;
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]100 private final ArrayList<FingerprintServiceLockoutResetMonitor> mLockoutMonitors =
101 new ArrayList<>();
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]102 private final AppOpsManager mAppOps;
103
Jim Milleraf281ca2015-04-20 19:04:21 -0700[diff] [blame]104 private static final long MS_PER_SEC = 1000;
105 private static final long FAIL_LOCKOUT_TIMEOUT_MS = 30*1000;
106 private static final int MAX_FAILED_ATTEMPTS = 5;
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]107 private static final int FINGERPRINT_ACQUIRED_GOOD = 0;
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]108 private final String mKeyguardPackage;
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]109 private int mCurrentUserId = UserHandle.USER_CURRENT;
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]110
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]111 Handler mHandler = new Handler() {
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]112 @Override
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]113 public void handleMessage(android.os.Message msg) {
114 switch (msg.what) {
Jorim Jaggiaa4d32a2015-05-13 16:30:04 -0700[diff] [blame]115 case MSG_USER_SWITCHING:
116 handleUserSwitching(msg.arg1);
117 break;
118
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]119 default:
120 Slog.w(TAG, "Unknown message:" + msg.what);
121 }
122 }
123 };
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]124
Jorim Jaggiee77ceb2015-05-12 15:00:12 -0700[diff] [blame]125 private final FingerprintUtils mFingerprintUtils = FingerprintUtils.getInstance();
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]126 private Context mContext;
127 private long mHalDeviceId;
128 private int mFailedAttempts;
129 private IFingerprintDaemon mDaemon;
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]130 private final PowerManager mPowerManager;
131 private final AlarmManager mAlarmManager;
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]132 private final UserManager mUserManager;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]133
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]134 private final BroadcastReceiver mLockoutReceiver = new BroadcastReceiver() {
135 @Override
136 public void onReceive(Context context, Intent intent) {
137 if (ACTION_LOCKOUT_RESET.equals(intent.getAction())) {
138 resetFailedAttempts();
139 }
140 }
141 };
142
143 private final Runnable mResetFailedAttemptsRunnable = new Runnable() {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]144 @Override
145 public void run() {
146 resetFailedAttempts();
147 }
148 };
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]149
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]150 public FingerprintService(Context context) {
151 super(context);
152 mContext = context;
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]153 mKeyguardPackage = ComponentName.unflattenFromString(context.getResources().getString(
154 com.android.internal.R.string.config_keyguardComponent)).getPackageName();
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]155 mAppOps = context.getSystemService(AppOpsManager.class);
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]156 mPowerManager = mContext.getSystemService(PowerManager.class);
157 mAlarmManager = mContext.getSystemService(AlarmManager.class);
158 mContext.registerReceiver(mLockoutReceiver, new IntentFilter(ACTION_LOCKOUT_RESET),
159 RESET_FINGERPRINT_LOCKOUT, null /* handler */);
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]160 mUserManager = UserManager.get(mContext);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]161 }
162
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]163 @Override
164 public void binderDied() {
165 Slog.v(TAG, "fingerprintd died");
166 mDaemon = null;
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]167 handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]168 }
169
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]170 public IFingerprintDaemon getFingerprintDaemon() {
171 if (mDaemon == null) {
172 mDaemon = IFingerprintDaemon.Stub.asInterface(ServiceManager.getService(FINGERPRINTD));
Jim Miller091f0e52015-07-21 16:58:46 -0700[diff] [blame]173 if (mDaemon != null) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]174 try {
175 mDaemon.asBinder().linkToDeath(this, 0);
Jim Miller091f0e52015-07-21 16:58:46 -0700[diff] [blame]176 mDaemon.init(mDaemonCallback);
177 mHalDeviceId = mDaemon.openHal();
178 if (mHalDeviceId != 0) {
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]179 updateActiveGroup(ActivityManager.getCurrentUser(), null);
Jim Miller091f0e52015-07-21 16:58:46 -0700[diff] [blame]180 } else {
181 Slog.w(TAG, "Failed to open Fingerprint HAL!");
182 mDaemon = null;
183 }
184 } catch (RemoteException e) {
185 Slog.e(TAG, "Failed to open fingeprintd HAL", e);
186 mDaemon = null; // try again later!
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]187 }
Jim Miller091f0e52015-07-21 16:58:46 -0700[diff] [blame]188 } else {
189 Slog.w(TAG, "fingerprint service not available");
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]190 }
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]191 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]192 return mDaemon;
193 }
194
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]195 protected void handleEnumerate(long deviceId, int[] fingerIds, int[] groupIds) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]196 if (fingerIds.length != groupIds.length) {
197 Slog.w(TAG, "fingerIds and groupIds differ in length: f[]="
Andreas Gampee6748ce2015-12-11 18:00:38 -0800[diff] [blame]198 + Arrays.toString(fingerIds) + ", g[]=" + Arrays.toString(groupIds));
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]199 return;
200 }
201 if (DEBUG) Slog.w(TAG, "Enumerate: f[]=" + fingerIds + ", g[]=" + groupIds);
202 // TODO: update fingerprint/name pairs
203 }
204
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]205 protected void handleRemoved(long deviceId, int fingerId, int groupId) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]206 final ClientMonitor client = mRemoveClient;
207 if (fingerId != 0) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]208 removeTemplateForUser(mRemoveClient, fingerId);
209 }
210 if (client != null && client.sendRemoved(fingerId, groupId)) {
211 removeClient(mRemoveClient);
212 }
213 }
214
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]215 protected void handleError(long deviceId, int error) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]216 if (mEnrollClient != null) {
217 final IBinder token = mEnrollClient.token;
218 if (mEnrollClient.sendError(error)) {
219 stopEnrollment(token, false);
220 }
221 } else if (mAuthClient != null) {
222 final IBinder token = mAuthClient.token;
223 if (mAuthClient.sendError(error)) {
224 stopAuthentication(token, false);
225 }
226 } else if (mRemoveClient != null) {
227 if (mRemoveClient.sendError(error)) removeClient(mRemoveClient);
228 }
229 }
230
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]231 protected void handleAuthenticated(long deviceId, int fingerId, int groupId) {
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]232 if (mAuthClient != null) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]233 final IBinder token = mAuthClient.token;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]234 if (mAuthClient.sendAuthenticated(fingerId, groupId)) {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]235 stopAuthentication(token, false);
236 removeClient(mAuthClient);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]237 }
238 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]239 }
240
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]241 protected void handleAcquired(long deviceId, int acquiredInfo) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]242 if (mEnrollClient != null) {
243 if (mEnrollClient.sendAcquired(acquiredInfo)) {
244 removeClient(mEnrollClient);
245 }
246 } else if (mAuthClient != null) {
247 if (mAuthClient.sendAcquired(acquiredInfo)) {
248 removeClient(mAuthClient);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]249 }
250 }
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]251 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]252
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]253 protected void handleEnrollResult(long deviceId, int fingerId, int groupId, int remaining) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]254 if (mEnrollClient != null) {
255 if (mEnrollClient.sendEnrollResult(fingerId, groupId, remaining)) {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]256 if (remaining == 0) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]257 addTemplateForUser(mEnrollClient, fingerId);
258 removeClient(mEnrollClient);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]259 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]260 }
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]261 }
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]262 }
263
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]264 private void userActivity() {
265 long now = SystemClock.uptimeMillis();
266 mPowerManager.userActivity(now, PowerManager.USER_ACTIVITY_EVENT_TOUCH, 0);
267 }
268
269 void handleUserSwitching(int userId) {
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]270 updateActiveGroup(userId, null);
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]271 }
272
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]273 private void removeClient(ClientMonitor client) {
274 if (client == null) return;
275 client.destroy();
276 if (client == mAuthClient) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]277 mAuthClient = null;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]278 } else if (client == mEnrollClient) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]279 mEnrollClient = null;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]280 } else if (client == mRemoveClient) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]281 mRemoveClient = null;
282 }
283 }
284
285 private boolean inLockoutMode() {
Jim Miller73633dd2015-09-02 15:35:33 -0700[diff] [blame]286 return mFailedAttempts >= MAX_FAILED_ATTEMPTS;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]287 }
288
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]289 private void scheduleLockoutReset() {
290 mAlarmManager.set(AlarmManager.ELAPSED_REALTIME_WAKEUP,
291 SystemClock.elapsedRealtime() + FAIL_LOCKOUT_TIMEOUT_MS, getLockoutResetIntent());
292 }
293
294 private void cancelLockoutReset() {
295 mAlarmManager.cancel(getLockoutResetIntent());
296 }
297
298 private PendingIntent getLockoutResetIntent() {
299 return PendingIntent.getBroadcast(mContext, 0,
300 new Intent(ACTION_LOCKOUT_RESET), PendingIntent.FLAG_UPDATE_CURRENT);
301 }
302
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]303 private void resetFailedAttempts() {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]304 if (DEBUG && inLockoutMode()) {
305 Slog.v(TAG, "Reset fingerprint lockout");
306 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]307 mFailedAttempts = 0;
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]308 // If we're asked to reset failed attempts externally (i.e. from Keyguard), the alarm might
309 // still be pending; remove it.
310 cancelLockoutReset();
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]311 notifyLockoutResetMonitors();
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]312 }
313
314 private boolean handleFailedAttempt(ClientMonitor clientMonitor) {
315 mFailedAttempts++;
Jim Miller73633dd2015-09-02 15:35:33 -0700[diff] [blame]316 if (inLockoutMode()) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]317 // Failing multiple times will continue to push out the lockout time.
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]318 scheduleLockoutReset();
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]319 if (clientMonitor != null
320 && !clientMonitor.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) {
321 Slog.w(TAG, "Cannot send lockout message to client");
322 }
323 return true;
324 }
325 return false;
326 }
327
Jorim Jaggiee77ceb2015-05-12 15:00:12 -0700[diff] [blame]328 private void removeTemplateForUser(ClientMonitor clientMonitor, int fingerId) {
329 mFingerprintUtils.removeFingerprintIdForUser(mContext, fingerId, clientMonitor.userId);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]330 }
331
Jorim Jaggiee77ceb2015-05-12 15:00:12 -0700[diff] [blame]332 private void addTemplateForUser(ClientMonitor clientMonitor, int fingerId) {
333 mFingerprintUtils.addFingerprintForUser(mContext, fingerId, clientMonitor.userId);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]334 }
335
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]336 void startEnrollment(IBinder token, byte[] cryptoToken, int groupId,
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]337 IFingerprintServiceReceiver receiver, int flags, boolean restricted) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]338 IFingerprintDaemon daemon = getFingerprintDaemon();
339 if (daemon == null) {
340 Slog.w(TAG, "enroll: no fingeprintd!");
341 return;
342 }
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]343 stopPendingOperations(true);
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]344 mEnrollClient = new ClientMonitor(token, receiver, groupId, restricted, token.toString());
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]345 final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC);
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]346 try {
347 final int result = daemon.enroll(cryptoToken, groupId, timeout);
348 if (result != 0) {
349 Slog.w(TAG, "startEnroll failed, result=" + result);
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]350 handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE);
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]351 }
352 } catch (RemoteException e) {
353 Slog.e(TAG, "startEnroll failed", e);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]354 }
355 }
356
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]357 public long startPreEnroll(IBinder token) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]358 IFingerprintDaemon daemon = getFingerprintDaemon();
359 if (daemon == null) {
360 Slog.w(TAG, "startPreEnroll: no fingeprintd!");
361 return 0;
362 }
363 try {
364 return daemon.preEnroll();
365 } catch (RemoteException e) {
366 Slog.e(TAG, "startPreEnroll failed", e);
367 }
368 return 0;
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]369 }
370
Sasha Levitskiye0943cf2015-07-08 13:22:20 -0700[diff] [blame]371 public int startPostEnroll(IBinder token) {
372 IFingerprintDaemon daemon = getFingerprintDaemon();
373 if (daemon == null) {
374 Slog.w(TAG, "startPostEnroll: no fingeprintd!");
375 return 0;
376 }
377 try {
378 return daemon.postEnroll();
379 } catch (RemoteException e) {
380 Slog.e(TAG, "startPostEnroll failed", e);
381 }
382 return 0;
383 }
384
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]385 private void stopPendingOperations(boolean initiatedByClient) {
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]386 if (mEnrollClient != null) {
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]387 stopEnrollment(mEnrollClient.token, initiatedByClient);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]388 }
389 if (mAuthClient != null) {
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]390 stopAuthentication(mAuthClient.token, initiatedByClient);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]391 }
392 // mRemoveClient is allowed to continue
393 }
394
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]395 /**
396 * Stop enrollment in progress and inform client if they initiated it.
397 *
398 * @param token token for client
399 * @param initiatedByClient if this call is the result of client action (e.g. calling cancel)
400 */
401 void stopEnrollment(IBinder token, boolean initiatedByClient) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]402 IFingerprintDaemon daemon = getFingerprintDaemon();
403 if (daemon == null) {
404 Slog.w(TAG, "stopEnrollment: no fingeprintd!");
405 return;
406 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]407 final ClientMonitor client = mEnrollClient;
408 if (client == null || client.token != token) return;
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]409 if (initiatedByClient) {
410 try {
411 int result = daemon.cancelEnrollment();
412 if (result != 0) {
413 Slog.w(TAG, "startEnrollCancel failed, result = " + result);
414 }
415 } catch (RemoteException e) {
416 Slog.e(TAG, "stopEnrollment failed", e);
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]417 }
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]418 client.sendError(FingerprintManager.FINGERPRINT_ERROR_CANCELED);
419 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]420 removeClient(mEnrollClient);
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]421 }
422
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]423 void startAuthentication(IBinder token, long opId, int realUserId, int groupId,
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]424 IFingerprintServiceReceiver receiver, int flags, boolean restricted,
425 String opPackageName) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]426 IFingerprintDaemon daemon = getFingerprintDaemon();
427 if (daemon == null) {
428 Slog.w(TAG, "startAuthentication: no fingeprintd!");
429 return;
430 }
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]431 stopPendingOperations(true);
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]432 updateActiveGroup(groupId, opPackageName);
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]433 mAuthClient = new ClientMonitor(token, receiver, groupId, restricted, opPackageName);
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]434 if (inLockoutMode()) {
435 Slog.v(TAG, "In lockout mode; disallowing authentication");
436 if (!mAuthClient.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) {
437 Slog.w(TAG, "Cannot send timeout message to client");
438 }
439 mAuthClient = null;
440 return;
441 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]442 try {
443 final int result = daemon.authenticate(opId, groupId);
444 if (result != 0) {
445 Slog.w(TAG, "startAuthentication failed, result=" + result);
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]446 handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE);
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]447 }
448 } catch (RemoteException e) {
449 Slog.e(TAG, "startAuthentication failed", e);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]450 }
451 }
452
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]453 /**
454 * Stop authentication in progress and inform client if they initiated it.
455 *
456 * @param token token for client
457 * @param initiatedByClient if this call is the result of client action (e.g. calling cancel)
458 */
459 void stopAuthentication(IBinder token, boolean initiatedByClient) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]460 IFingerprintDaemon daemon = getFingerprintDaemon();
461 if (daemon == null) {
462 Slog.w(TAG, "stopAuthentication: no fingeprintd!");
463 return;
464 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]465 final ClientMonitor client = mAuthClient;
466 if (client == null || client.token != token) return;
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]467 if (initiatedByClient) {
468 try {
469 int result = daemon.cancelAuthentication();
470 if (result != 0) {
471 Slog.w(TAG, "stopAuthentication failed, result=" + result);
472 }
473 } catch (RemoteException e) {
474 Slog.e(TAG, "stopAuthentication failed", e);
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]475 }
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]476 client.sendError(FingerprintManager.FINGERPRINT_ERROR_CANCELED);
477 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]478 removeClient(mAuthClient);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]479 }
480
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]481 void startRemove(IBinder token, int fingerId, int userId,
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]482 IFingerprintServiceReceiver receiver, boolean restricted) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]483 IFingerprintDaemon daemon = getFingerprintDaemon();
484 if (daemon == null) {
485 Slog.w(TAG, "startRemove: no fingeprintd!");
486 return;
487 }
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]488
Jim Miller827afda2015-08-21 18:45:15 -0700[diff] [blame]489 stopPendingOperations(true);
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]490 mRemoveClient = new ClientMonitor(token, receiver, userId, restricted, token.toString());
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]491 // The fingerprint template ids will be removed when we get confirmation from the HAL
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]492 try {
493 final int result = daemon.remove(fingerId, userId);
494 if (result != 0) {
495 Slog.w(TAG, "startRemove with id = " + fingerId + " failed, result=" + result);
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]496 handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE);
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]497 }
498 } catch (RemoteException e) {
499 Slog.e(TAG, "startRemove failed", e);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]500 }
501 }
502
Jim Miller599ef0e2015-06-15 20:39:44 -0700[diff] [blame]503 public List<Fingerprint> getEnrolledFingerprints(int userId) {
504 return mFingerprintUtils.getFingerprintsForUser(mContext, userId);
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]505 }
506
Jim Miller599ef0e2015-06-15 20:39:44 -0700[diff] [blame]507 public boolean hasEnrolledFingerprints(int userId) {
Clara Bayarri33fd3cf2016-02-19 16:54:49 +0000[diff] [blame]508 if (userId != Binder.getCallingUid()) {
509 checkPermission(INTERACT_ACROSS_USERS);
510 }
Jim Miller599ef0e2015-06-15 20:39:44 -0700[diff] [blame]511 return mFingerprintUtils.getFingerprintsForUser(mContext, userId).size() > 0;
Jorim Jaggi2aad7ee2015-04-14 15:25:06 -0700[diff] [blame]512 }
513
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]514 boolean hasPermission(String permission) {
515 return getContext().checkCallingOrSelfPermission(permission)
516 == PackageManager.PERMISSION_GRANTED;
517 }
518
Jim Millerba67aee2015-02-20 16:21:26 -0800[diff] [blame]519 void checkPermission(String permission) {
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]520 getContext().enforceCallingOrSelfPermission(permission,
521 "Must have " + permission + " permission.");
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]522 }
523
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]524 int getEffectiveUserId(int userId) {
525 UserManager um = UserManager.get(mContext);
526 if (um != null) {
527 final long callingIdentity = Binder.clearCallingIdentity();
528 userId = um.getCredentialOwnerProfile(userId);
529 Binder.restoreCallingIdentity(callingIdentity);
530 } else {
531 Slog.e(TAG, "Unable to acquire UserManager");
532 }
533 return userId;
534 }
535
Jim Millercb7d9e92015-06-16 15:05:48 -0700[diff] [blame]536 boolean isCurrentUserOrProfile(int userId) {
537 UserManager um = UserManager.get(mContext);
538
539 // Allow current user or profiles of the current user...
540 List<UserInfo> profiles = um.getEnabledProfiles(userId);
541 final int n = profiles.size();
542 for (int i = 0; i < n; i++) {
543 if (profiles.get(i).id == userId) {
544 return true;
545 }
546 }
547 return false;
548 }
549
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]550 private boolean isForegroundActivity(int uid, int pid) {
551 try {
552 List<RunningAppProcessInfo> procs =
553 ActivityManagerNative.getDefault().getRunningAppProcesses();
554 int N = procs.size();
555 for (int i = 0; i < N; i++) {
556 RunningAppProcessInfo proc = procs.get(i);
557 if (proc.pid == pid && proc.uid == uid
558 && proc.importance == IMPORTANCE_FOREGROUND) {
559 return true;
560 }
561 }
562 } catch (RemoteException e) {
563 Slog.w(TAG, "am.getRunningAppProcesses() failed");
564 }
565 return false;
566 }
567
568 /**
569 * @param opPackageName name of package for caller
570 * @param foregroundOnly only allow this call while app is in the foreground
571 * @return true if caller can use fingerprint API
572 */
573 private boolean canUseFingerprint(String opPackageName, boolean foregroundOnly) {
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]574 checkPermission(USE_FINGERPRINT);
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]575 final int uid = Binder.getCallingUid();
576 final int pid = Binder.getCallingPid();
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]577 if (isKeyguard(opPackageName)) {
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]578 return true; // Keyguard is always allowed
579 }
580 if (!isCurrentUserOrProfile(UserHandle.getCallingUserId())) {
581 Slog.w(TAG,"Rejecting " + opPackageName + " ; not a current user or profile");
582 return false;
583 }
584 if (mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName)
585 != AppOpsManager.MODE_ALLOWED) {
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]586 Slog.w(TAG, "Rejecting " + opPackageName + " ; permission denied");
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]587 return false;
588 }
589 if (foregroundOnly && !isForegroundActivity(uid, pid)) {
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]590 Slog.w(TAG, "Rejecting " + opPackageName + " ; not in foreground");
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]591 return false;
592 }
593 return true;
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]594 }
595
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]596 /**
597 * @param clientPackage
598 * @return true if this is keyguard package
599 */
600 private boolean isKeyguard(String clientPackage) {
601 return mKeyguardPackage.equals(clientPackage);
602 }
603
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]604 private void addLockoutResetMonitor(FingerprintServiceLockoutResetMonitor monitor) {
605 if (!mLockoutMonitors.contains(monitor)) {
606 mLockoutMonitors.add(monitor);
607 }
608 }
609
610 private void removeLockoutResetCallback(
611 FingerprintServiceLockoutResetMonitor monitor) {
612 mLockoutMonitors.remove(monitor);
613 }
614
615 private void notifyLockoutResetMonitors() {
616 for (int i = 0; i < mLockoutMonitors.size(); i++) {
617 mLockoutMonitors.get(i).sendLockoutReset();
618 }
619 }
620
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]621 private class ClientMonitor implements IBinder.DeathRecipient {
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]622 IBinder token;
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]623 IFingerprintServiceReceiver receiver;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]624 int userId;
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]625 boolean restricted; // True if client does not have MANAGE_FINGERPRINT permission
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]626 String owner;
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]627
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]628 public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver, int userId,
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]629 boolean restricted, String owner) {
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]630 this.token = token;
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]631 this.receiver = receiver;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]632 this.userId = userId;
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]633 this.restricted = restricted;
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]634 this.owner = owner; // name of the client that owns this - for debugging
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]635 try {
636 token.linkToDeath(this, 0);
637 } catch (RemoteException e) {
638 Slog.w(TAG, "caught remote exception in linkToDeath: ", e);
639 }
640 }
641
642 public void destroy() {
643 if (token != null) {
Jim Miller16ef71f2015-05-21 17:02:21 -0700[diff] [blame]644 try {
645 token.unlinkToDeath(this, 0);
646 } catch (NoSuchElementException e) {
647 // TODO: remove when duplicate call bug is found
648 Slog.e(TAG, "destroy(): " + this + ":", new Exception("here"));
649 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]650 token = null;
651 }
652 receiver = null;
653 }
654
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]655 @Override
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]656 public void binderDied() {
657 token = null;
658 removeClient(this);
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]659 receiver = null;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]660 }
661
Jim Miller80a776e2015-07-15 18:57:14 -0700[diff] [blame]662 @Override
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]663 protected void finalize() throws Throwable {
664 try {
665 if (token != null) {
666 if (DEBUG) Slog.w(TAG, "removing leaked reference: " + token);
667 removeClient(this);
668 }
669 } finally {
670 super.finalize();
671 }
672 }
673
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]674 /*
675 * @return true if we're done.
676 */
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]677 private boolean sendRemoved(int fingerId, int groupId) {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]678 if (receiver == null) return true; // client not listening
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]679 try {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]680 receiver.onRemoved(mHalDeviceId, fingerId, groupId);
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]681 return fingerId == 0;
682 } catch (RemoteException e) {
683 Slog.w(TAG, "Failed to notify Removed:", e);
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]684 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]685 return false;
686 }
687
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]688 /*
689 * @return true if we're done.
690 */
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]691 private boolean sendEnrollResult(int fpId, int groupId, int remaining) {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]692 if (receiver == null) return true; // client not listening
Jim Milleraf281ca2015-04-20 19:04:21 -0700[diff] [blame]693 FingerprintUtils.vibrateFingerprintSuccess(getContext());
Chris Wrenf6e9228b2016-01-26 18:04:35 -0500[diff] [blame]694 MetricsLogger.action(mContext, MetricsEvent.ACTION_FINGERPRINT_ENROLL);
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]695 try {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]696 receiver.onEnrollResult(mHalDeviceId, fpId, groupId, remaining);
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]697 return remaining == 0;
698 } catch (RemoteException e) {
699 Slog.w(TAG, "Failed to notify EnrollResult:", e);
700 return true;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]701 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]702 }
703
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]704 /*
705 * @return true if we're done.
706 */
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]707 private boolean sendAuthenticated(int fpId, int groupId) {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]708 boolean result = false;
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]709 boolean authenticated = fpId != 0;
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]710 if (receiver != null) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]711 try {
Chris Wrenf6e9228b2016-01-26 18:04:35 -0500[diff] [blame]712 MetricsLogger.action(mContext, MetricsEvent.ACTION_FINGERPRINT_AUTH,
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]713 authenticated);
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]714 if (!authenticated) {
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]715 receiver.onAuthenticationFailed(mHalDeviceId);
716 } else {
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]717 if (DEBUG) {
718 Slog.v(TAG, "onAuthenticated(owner=" + mAuthClient.owner
719 + ", id=" + fpId + ", gp=" + groupId + ")");
720 }
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]721 Fingerprint fp = !restricted ?
722 new Fingerprint("" /* TODO */, groupId, fpId, mHalDeviceId) : null;
723 receiver.onAuthenticationSucceeded(mHalDeviceId, fp);
724 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]725 } catch (RemoteException e) {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]726 Slog.w(TAG, "Failed to notify Authenticated:", e);
727 result = true; // client failed
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]728 }
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]729 } else {
730 result = true; // client not listening
Vineeta Srivastava99b88202015-07-08 13:37:09 -0700[diff] [blame]731 }
732 if (fpId == 0) {
Jorim Jaggi055eafd2015-08-12 18:06:22 -0700[diff] [blame]733 if (receiver != null) {
734 FingerprintUtils.vibrateFingerprintError(getContext());
735 }
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]736 result |= handleFailedAttempt(this);
737 } else {
Jorim Jaggi055eafd2015-08-12 18:06:22 -0700[diff] [blame]738 if (receiver != null) {
739 FingerprintUtils.vibrateFingerprintSuccess(getContext());
740 }
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]741 result |= true; // we have a valid fingerprint
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]742 resetFailedAttempts();
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]743 }
744 return result;
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]745 }
746
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]747 /*
748 * @return true if we're done.
749 */
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]750 private boolean sendAcquired(int acquiredInfo) {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]751 if (receiver == null) return true; // client not listening
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]752 try {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]753 receiver.onAcquired(mHalDeviceId, acquiredInfo);
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]754 return false; // acquisition continues...
755 } catch (RemoteException e) {
756 Slog.w(TAG, "Failed to invoke sendAcquired:", e);
757 return true; // client failed
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]758 }
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]759 finally {
760 // Good scans will keep the device awake
761 if (acquiredInfo == FINGERPRINT_ACQUIRED_GOOD) {
762 userActivity();
763 }
764 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]765 }
766
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]767 /*
768 * @return true if we're done.
769 */
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]770 private boolean sendError(int error) {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]771 if (receiver != null) {
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]772 try {
Jim Millerb21e1b22015-04-24 16:59:11 -0700[diff] [blame]773 receiver.onError(mHalDeviceId, error);
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]774 } catch (RemoteException e) {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]775 Slog.w(TAG, "Failed to invoke sendError:", e);
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]776 }
777 }
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]778 return true; // errors always terminate progress
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]779 }
780 }
781
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]782 private class FingerprintServiceLockoutResetMonitor {
783
784 private final IFingerprintServiceLockoutResetCallback mCallback;
785
786 public FingerprintServiceLockoutResetMonitor(
787 IFingerprintServiceLockoutResetCallback callback) {
788 mCallback = callback;
789 }
790
791 public void sendLockoutReset() {
792 if (mCallback != null) {
793 try {
794 mCallback.onLockoutReset(mHalDeviceId);
795 } catch (DeadObjectException e) {
796 Slog.w(TAG, "Death object while invoking onLockoutReset: ", e);
797 mHandler.post(mRemoveCallbackRunnable);
798 } catch (RemoteException e) {
799 Slog.w(TAG, "Failed to invoke onLockoutReset: ", e);
800 }
801 }
802 }
803
804 private final Runnable mRemoveCallbackRunnable = new Runnable() {
805 @Override
806 public void run() {
807 removeLockoutResetCallback(FingerprintServiceLockoutResetMonitor.this);
808 }
809 };
810 }
811
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]812 private IFingerprintDaemonCallback mDaemonCallback = new IFingerprintDaemonCallback.Stub() {
813
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]814 @Override
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]815 public void onEnrollResult(final long deviceId, final int fingerId, final int groupId,
816 final int remaining) {
817 mHandler.post(new Runnable() {
818 @Override
819 public void run() {
820 handleEnrollResult(deviceId, fingerId, groupId, remaining);
821 }
822 });
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]823 }
824
825 @Override
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]826 public void onAcquired(final long deviceId, final int acquiredInfo) {
827 mHandler.post(new Runnable() {
828 @Override
829 public void run() {
830 handleAcquired(deviceId, acquiredInfo);
831 }
832 });
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]833 }
834
835 @Override
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]836 public void onAuthenticated(final long deviceId, final int fingerId, final int groupId) {
837 mHandler.post(new Runnable() {
838 @Override
839 public void run() {
840 handleAuthenticated(deviceId, fingerId, groupId);
841 }
842 });
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]843 }
844
845 @Override
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]846 public void onError(final long deviceId, final int error) {
847 mHandler.post(new Runnable() {
848 @Override
849 public void run() {
850 handleError(deviceId, error);
851 }
852 });
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]853 }
854
855 @Override
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]856 public void onRemoved(final long deviceId, final int fingerId, final int groupId) {
857 mHandler.post(new Runnable() {
858 @Override
859 public void run() {
860 handleRemoved(deviceId, fingerId, groupId);
861 }
862 });
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]863 }
864
865 @Override
Jim Miller8b3c25a2015-08-28 17:29:49 -0700[diff] [blame]866 public void onEnumerate(final long deviceId, final int[] fingerIds, final int[] groupIds) {
867 mHandler.post(new Runnable() {
868 @Override
869 public void run() {
870 handleEnumerate(deviceId, fingerIds, groupIds);
871 }
872 });
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]873 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]874 };
875
876 private final class FingerprintServiceWrapper extends IFingerprintService.Stub {
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]877 private static final String KEYGUARD_PACKAGE = "com.android.systemui";
878
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]879 @Override // Binder call
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]880 public long preEnroll(IBinder token) {
Jim Millerba67aee2015-02-20 16:21:26 -0800[diff] [blame]881 checkPermission(MANAGE_FINGERPRINT);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]882 return startPreEnroll(token);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]883 }
884
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]885 @Override // Binder call
Sasha Levitskiye0943cf2015-07-08 13:22:20 -0700[diff] [blame]886 public int postEnroll(IBinder token) {
887 checkPermission(MANAGE_FINGERPRINT);
888 return startPostEnroll(token);
889 }
890
891 @Override // Binder call
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]892 public void enroll(final IBinder token, final byte[] cryptoToken, final int groupId,
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]893 final IFingerprintServiceReceiver receiver, final int flags) {
894 checkPermission(MANAGE_FINGERPRINT);
Jim Miller599ef0e2015-06-15 20:39:44 -0700[diff] [blame]895 final int limit = mContext.getResources().getInteger(
896 com.android.internal.R.integer.config_fingerprintMaxTemplatesPerUser);
897 final int callingUid = Binder.getCallingUid();
898 final int userId = UserHandle.getUserId(callingUid);
899 final int enrolled = FingerprintService.this.getEnrolledFingerprints(userId).size();
900 if (enrolled >= limit) {
901 Slog.w(TAG, "Too many fingerprints registered");
902 return;
903 }
Jim Millerfe6439f2015-04-11 18:07:57 -0700[diff] [blame]904 final byte [] cryptoClone = Arrays.copyOf(cryptoToken, cryptoToken.length);
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]905
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]906 // Group ID is arbitrarily set to parent profile user ID. It just represents
907 // the default fingerprints for the user.
908 final int effectiveGroupId = getEffectiveUserId(groupId);
909
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]910 final boolean restricted = isRestricted();
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]911 mHandler.post(new Runnable() {
912 @Override
913 public void run() {
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]914 startEnrollment(token, cryptoClone, effectiveGroupId, receiver, flags, restricted);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]915 }
916 });
917 }
918
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]919 private boolean isRestricted() {
920 // Only give privileged apps (like Settings) access to fingerprint info
921 final boolean restricted = !hasPermission(MANAGE_FINGERPRINT);
922 return restricted;
923 }
924
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]925 @Override // Binder call
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]926 public void cancelEnrollment(final IBinder token) {
927 checkPermission(MANAGE_FINGERPRINT);
928 mHandler.post(new Runnable() {
929 @Override
930 public void run() {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]931 stopEnrollment(token, true);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]932 }
933 });
934 }
935
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]936 @Override // Binder call
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]937 public void authenticate(final IBinder token, final long opId, final int groupId,
Jim Millerdca15d22015-06-16 20:55:13 -0700[diff] [blame]938 final IFingerprintServiceReceiver receiver, final int flags,
939 final String opPackageName) {
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]940 if (!canUseFingerprint(opPackageName, true /* foregroundOnly */)) {
Jim Miller1adb4a72015-09-14 18:58:08 -0700[diff] [blame]941 if (DEBUG) Slog.v(TAG, "authenticate(): reject " + opPackageName);
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]942 return;
943 }
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]944
945 // Group ID is arbitrarily set to parent profile user ID. It just represents
946 // the default fingerprints for the user.
947 final int effectiveGroupId = getEffectiveUserId(groupId);
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]948 final int realUserId = Binder.getCallingUid();
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]949
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]950 final boolean restricted = isRestricted();
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]951 mHandler.post(new Runnable() {
952 @Override
953 public void run() {
Chris Wren95212312015-08-24 16:19:03 -0400[diff] [blame]954 MetricsLogger.histogram(mContext, "fingerprint_token", opId != 0L ? 1 : 0);
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]955 startAuthentication(token, opId, realUserId, effectiveGroupId, receiver,
956 flags, restricted, opPackageName);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]957 }
958 });
959 }
960
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]961 @Override // Binder call
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]962 public void cancelAuthentication(final IBinder token, String opPackageName) {
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]963 if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) {
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]964 return;
965 }
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]966 mHandler.post(new Runnable() {
967 @Override
968 public void run() {
Jim Miller13041372015-04-16 14:48:55 -0700[diff] [blame]969 stopAuthentication(token, true);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]970 }
971 });
Jim Millerba67aee2015-02-20 16:21:26 -0800[diff] [blame]972 }
Jim Miller99d60192015-03-11 17:41:58 -0700[diff] [blame]973
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]974 @Override // Binder call
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]975 public void setActiveUser(final int userId) {
976 checkPermission(MANAGE_FINGERPRINT);
977 mHandler.post(new Runnable() {
978 @Override
979 public void run() {
980 updateActiveGroup(userId, null);
981 }
982 });
983 }
984
985 @Override // Binder call
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]986 public void remove(final IBinder token, final int fingerId, final int groupId,
987 final IFingerprintServiceReceiver receiver) {
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]988 checkPermission(MANAGE_FINGERPRINT); // TODO: Maybe have another permission
Jim Millerf501b582015-06-03 16:36:31 -0700[diff] [blame]989 final boolean restricted = isRestricted();
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]990
991 // Group ID is arbitrarily set to parent profile user ID. It just represents
992 // the default fingerprints for the user.
993 final int effectiveGroupId = getEffectiveUserId(groupId);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]994 mHandler.post(new Runnable() {
995 @Override
996 public void run() {
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]997 startRemove(token, fingerId, effectiveGroupId, receiver, restricted);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]998 }
999 });
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1000
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1001 }
1002
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1003 @Override // Binder call
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]1004 public boolean isHardwareDetected(long deviceId, String opPackageName) {
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]1005 if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) {
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]1006 return false;
1007 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1008 return mHalDeviceId != 0;
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1009 }
1010
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1011 @Override // Binder call
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]1012 public void rename(final int fingerId, final int groupId, final String name) {
Jim Miller99d60192015-03-11 17:41:58 -0700[diff] [blame]1013 checkPermission(MANAGE_FINGERPRINT);
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]1014
1015 // Group ID is arbitrarily set to parent profile user ID. It just represents
1016 // the default fingerprints for the user.
1017 final int effectiveGroupId = getEffectiveUserId(groupId);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]1018 mHandler.post(new Runnable() {
1019 @Override
1020 public void run() {
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]1021 mFingerprintUtils.renameFingerprintForUser(mContext, fingerId,
1022 effectiveGroupId, name);
Jim Millerce7eb6d2015-04-03 19:29:13 -0700[diff] [blame]1023 }
1024 });
Jim Miller99d60192015-03-11 17:41:58 -0700[diff] [blame]1025 }
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1026
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1027 @Override // Binder call
Jim Miller599ef0e2015-06-15 20:39:44 -0700[diff] [blame]1028 public List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName) {
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]1029 if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) {
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]1030 return Collections.emptyList();
1031 }
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]1032 int effectiveUserId = getEffectiveUserId(userId);
1033
1034 return FingerprintService.this.getEnrolledFingerprints(effectiveUserId);
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1035 }
Jorim Jaggi2aad7ee2015-04-14 15:25:06 -0700[diff] [blame]1036
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1037 @Override // Binder call
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]1038 public boolean hasEnrolledFingerprints(int userId, String opPackageName) {
Jim Miller975f1452015-08-31 18:18:22 -0700[diff] [blame]1039 if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) {
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]1040 return false;
1041 }
Andres Morales494d6e92015-08-06 15:01:41 -0700[diff] [blame]1042
1043 int effectiveUserId = getEffectiveUserId(userId);
1044 return FingerprintService.this.hasEnrolledFingerprints(effectiveUserId);
Jorim Jaggi2aad7ee2015-04-14 15:25:06 -0700[diff] [blame]1045 }
Andres Morales4d41a202015-04-16 14:12:38 -0700[diff] [blame]1046
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1047 @Override // Binder call
Svetoslav4af76a52015-04-29 15:29:46 -0700[diff] [blame]1048 public long getAuthenticatorId(String opPackageName) {
Alex Klyubina99b8b52015-06-11 13:27:34 -0700[diff] [blame]1049 // In this method, we're not checking whether the caller is permitted to use fingerprint
1050 // API because current authenticator ID is leaked (in a more contrived way) via Android
1051 // Keystore (android.security.keystore package): the user of that API can create a key
1052 // which requires fingerprint authentication for its use, and then query the key's
1053 // characteristics (hidden API) which returns, among other things, fingerprint
1054 // authenticator ID which was active at key creation time.
1055 //
1056 // Reason: The part of Android Keystore which runs inside an app's process invokes this
1057 // method in certain cases. Those cases are not always where the developer demonstrates
1058 // explicit intent to use fingerprint functionality. Thus, to avoiding throwing an
1059 // unexpected SecurityException this method does not check whether its caller is
1060 // permitted to use fingerprint API.
1061 //
1062 // The permission check should be restored once Android Keystore no longer invokes this
1063 // method from inside app processes.
1064
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1065 return FingerprintService.this.getAuthenticatorId();
Andres Morales4d41a202015-04-16 14:12:38 -0700[diff] [blame]1066 }
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]1067
1068 @Override // Binder call
1069 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
1070 if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP)
1071 != PackageManager.PERMISSION_GRANTED) {
1072 pw.println("Permission Denial: can't dump Fingerprint from from pid="
1073 + Binder.getCallingPid()
1074 + ", uid=" + Binder.getCallingUid());
1075 return;
1076 }
1077
1078 final long ident = Binder.clearCallingIdentity();
1079 try {
1080 dumpInternal(pw);
1081 } finally {
1082 Binder.restoreCallingIdentity(ident);
1083 }
1084 }
Jim Millere0507bb2015-08-12 20:30:34 -0700[diff] [blame]1085 @Override // Binder call
1086 public void resetTimeout(byte [] token) {
1087 checkPermission(RESET_FINGERPRINT_LOCKOUT);
1088 // TODO: confirm security token when we move timeout management into the HAL layer.
Jorim Jaggi5e354222015-09-04 14:17:58 -0700[diff] [blame]1089 mHandler.post(mResetFailedAttemptsRunnable);
Jorim Jaggi3a464782015-08-28 16:59:13 -0700[diff] [blame]1090 }
1091
1092 @Override
1093 public void addLockoutResetCallback(final IFingerprintServiceLockoutResetCallback callback)
1094 throws RemoteException {
1095 mHandler.post(new Runnable() {
1096 @Override
1097 public void run() {
1098 addLockoutResetMonitor(
1099 new FingerprintServiceLockoutResetMonitor(callback));
1100 }
1101 });
Jim Millere0507bb2015-08-12 20:30:34 -0700[diff] [blame]1102 }
Chris Wrenc510ad52015-08-14 15:43:15 -0400[diff] [blame]1103 }
1104
1105 private void dumpInternal(PrintWriter pw) {
1106 JSONObject dump = new JSONObject();
1107 try {
1108 dump.put("service", "Fingerprint Manager");
1109
1110 JSONArray sets = new JSONArray();
1111 for (UserInfo user : UserManager.get(getContext()).getUsers()) {
1112 final int userId = user.getUserHandle().getIdentifier();
1113 final int N = mFingerprintUtils.getFingerprintsForUser(mContext, userId).size();
1114 JSONObject set = new JSONObject();
1115 set.put("id", userId);
1116 set.put("count", N);
1117 sets.put(set);
1118 }
1119
1120 dump.put("prints", sets);
1121 } catch (JSONException e) {
1122 Slog.e(TAG, "dump formatting failure", e);
1123 }
1124 pw.println(dump);
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]1125 }
1126
1127 @Override
1128 public void onStart() {
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1129 publishBinderService(Context.FINGERPRINT_SERVICE, new FingerprintServiceWrapper());
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1130 IFingerprintDaemon daemon = getFingerprintDaemon();
Jim Miller9f0753f2015-03-23 23:59:22 -0700[diff] [blame]1131 if (DEBUG) Slog.v(TAG, "Fingerprint HAL id: " + mHalDeviceId);
Jorim Jaggiaa4d32a2015-05-13 16:30:04 -0700[diff] [blame]1132 listenForUserSwitches();
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]1133 }
1134
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]1135 private void updateActiveGroup(int userId, String clientPackage) {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1136 IFingerprintDaemon daemon = getFingerprintDaemon();
1137 if (daemon != null) {
1138 try {
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]1139 userId = getUserOrWorkProfileId(clientPackage, userId);
1140 if (userId != mCurrentUserId) {
1141 final File systemDir = Environment.getUserSystemDirectory(userId);
1142 final File fpDir = new File(systemDir, FP_DATA_DIR);
1143 if (!fpDir.exists()) {
1144 if (!fpDir.mkdir()) {
1145 Slog.v(TAG, "Cannot make directory: " + fpDir.getAbsolutePath());
1146 return;
1147 }
1148 // Calling mkdir() from this process will create a directory with our
1149 // permissions (inherited from the containing dir). This command fixes
1150 // the label.
1151 if (!SELinux.restorecon(fpDir)) {
1152 Slog.w(TAG, "Restorecons failed. Directory will have wrong label.");
1153 return;
1154 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1155 }
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]1156 daemon.setActiveGroup(userId, fpDir.getAbsolutePath().getBytes());
1157 mCurrentUserId = userId;
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1158 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1159 } catch (RemoteException e) {
1160 Slog.e(TAG, "Failed to setActiveGroup():", e);
1161 }
Jim Millerdbe780f2015-05-18 13:55:00 -0700[diff] [blame]1162 }
Jorim Jaggiaa4d32a2015-05-13 16:30:04 -0700[diff] [blame]1163 }
1164
Clara Bayarrid1f722d2016-01-07 14:17:39 +0000[diff] [blame]1165 /**
1166 * @param clientPackage the package of the caller
1167 * @return the profile id
1168 */
1169 private int getUserOrWorkProfileId(String clientPackage, int userId) {
1170 if (!isKeyguard(clientPackage) && isWorkProfile(userId)) {
1171 return userId;
1172 }
1173 return getEffectiveUserId(userId);
1174 }
1175
1176 /**
1177 * @param userId
1178 * @return true if this is a work profile
1179 */
1180 private boolean isWorkProfile(int userId) {
1181 UserInfo info = mUserManager.getUserInfo(userId);
1182 return info != null && info.isManagedProfile();
1183 }
1184
Jorim Jaggiaa4d32a2015-05-13 16:30:04 -0700[diff] [blame]1185 private void listenForUserSwitches() {
1186 try {
1187 ActivityManagerNative.getDefault().registerUserSwitchObserver(
Fyodor Kupolov6005b3f2015-11-23 17:41:50 -0800[diff] [blame]1188 new SynchronousUserSwitchObserver() {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1189 @Override
Fyodor Kupolov6005b3f2015-11-23 17:41:50 -0800[diff] [blame]1190 public void onUserSwitching(int newUserId) throws RemoteException {
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1191 mHandler.obtainMessage(MSG_USER_SWITCHING, newUserId, 0 /* unused */)
1192 .sendToTarget();
1193 }
1194 @Override
1195 public void onUserSwitchComplete(int newUserId) throws RemoteException {
1196 // Ignore.
1197 }
1198 @Override
1199 public void onForegroundProfileSwitch(int newProfileId) {
1200 // Ignore.
1201 }
1202 });
Jorim Jaggiaa4d32a2015-05-13 16:30:04 -0700[diff] [blame]1203 } catch (RemoteException e) {
1204 Slog.w(TAG, "Failed to listen for user switching event" ,e);
1205 }
1206 }
Jim Millerbe675422015-05-11 20:45:25 -0700[diff] [blame]1207
1208 public long getAuthenticatorId() {
1209 IFingerprintDaemon daemon = getFingerprintDaemon();
1210 if (daemon != null) {
1211 try {
1212 return daemon.getAuthenticatorId();
1213 } catch (RemoteException e) {
1214 Slog.e(TAG, "getAuthenticatorId failed", e);
1215 }
1216 }
1217 return 0;
1218 }
1219
Jim Millera75961472014-06-06 15:00:49 -0700[diff] [blame]1220}