Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 1 | /** |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.fingerprint; |
| 18 | |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 19 | import android.Manifest; |
Sasha Levitskiy | 80db9ba | 2015-05-08 14:31:48 -0700 | [diff] [blame] | 20 | import android.app.ActivityManager; |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 21 | import android.app.ActivityManager.RunningAppProcessInfo; |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 22 | import android.app.trust.TrustManager; |
Jorim Jaggi | aa4d32a | 2015-05-13 16:30:04 -0700 | [diff] [blame] | 23 | import android.app.ActivityManagerNative; |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 24 | import android.app.AlarmManager; |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 25 | import android.app.AppOpsManager; |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 26 | import android.app.PendingIntent; |
Fyodor Kupolov | 6005b3f | 2015-11-23 17:41:50 -0800 | [diff] [blame] | 27 | import android.app.SynchronousUserSwitchObserver; |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 28 | import android.content.ComponentName; |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 29 | import android.content.BroadcastReceiver; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 30 | import android.content.Context; |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 31 | import android.content.Intent; |
| 32 | import android.content.IntentFilter; |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 33 | import android.content.pm.PackageManager; |
Jim Miller | cb7d9e9 | 2015-06-16 15:05:48 -0700 | [diff] [blame] | 34 | import android.content.pm.UserInfo; |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 35 | import android.hardware.fingerprint.IFingerprintServiceLockoutResetCallback; |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 36 | import android.os.Binder; |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 37 | import android.os.DeadObjectException; |
Sasha Levitskiy | 80db9ba | 2015-05-08 14:31:48 -0700 | [diff] [blame] | 38 | import android.os.Environment; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 39 | import android.os.Handler; |
| 40 | import android.os.IBinder; |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 41 | import android.os.PowerManager; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 42 | import android.os.RemoteException; |
Jim Miller | 16ef71f | 2015-05-21 17:02:21 -0700 | [diff] [blame] | 43 | import android.os.SELinux; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 44 | import android.os.ServiceManager; |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 45 | import android.os.SystemClock; |
Jim Miller | 599ef0e | 2015-06-15 20:39:44 -0700 | [diff] [blame] | 46 | import android.os.UserHandle; |
Jim Miller | cb7d9e9 | 2015-06-16 15:05:48 -0700 | [diff] [blame] | 47 | import android.os.UserManager; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 48 | import android.util.Slog; |
| 49 | |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 50 | import com.android.internal.logging.MetricsLogger; |
Chris Wren | f6e9228b | 2016-01-26 18:04:35 -0500 | [diff] [blame] | 51 | import com.android.internal.logging.MetricsProto.MetricsEvent; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 52 | import com.android.server.SystemService; |
| 53 | |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 54 | import org.json.JSONArray; |
| 55 | import org.json.JSONException; |
| 56 | import org.json.JSONObject; |
| 57 | |
Jim Miller | ebbf205 | 2015-03-31 17:24:34 -0700 | [diff] [blame] | 58 | import android.hardware.fingerprint.Fingerprint; |
| 59 | import android.hardware.fingerprint.FingerprintManager; |
| 60 | import android.hardware.fingerprint.IFingerprintService; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 61 | import android.hardware.fingerprint.IFingerprintDaemon; |
| 62 | import android.hardware.fingerprint.IFingerprintDaemonCallback; |
Jim Miller | ebbf205 | 2015-03-31 17:24:34 -0700 | [diff] [blame] | 63 | import android.hardware.fingerprint.IFingerprintServiceReceiver; |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 64 | |
Clara Bayarri | 33fd3cf | 2016-02-19 16:54:49 +0000 | [diff] [blame] | 65 | import static android.Manifest.permission.INTERACT_ACROSS_USERS; |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 66 | import static android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREGROUND; |
Jim Miller | ba67aee | 2015-02-20 16:21:26 -0800 | [diff] [blame] | 67 | import static android.Manifest.permission.MANAGE_FINGERPRINT; |
Jim Miller | e0507bb | 2015-08-12 20:30:34 -0700 | [diff] [blame] | 68 | import static android.Manifest.permission.RESET_FINGERPRINT_LOCKOUT; |
Jim Miller | ba67aee | 2015-02-20 16:21:26 -0800 | [diff] [blame] | 69 | import static android.Manifest.permission.USE_FINGERPRINT; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 70 | |
Sasha Levitskiy | 80db9ba | 2015-05-08 14:31:48 -0700 | [diff] [blame] | 71 | import java.io.File; |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 72 | import java.io.FileDescriptor; |
| 73 | import java.io.PrintWriter; |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 74 | import java.util.ArrayList; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 75 | import java.util.Arrays; |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 76 | import java.util.Collections; |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 77 | import java.util.List; |
Jim Miller | 16ef71f | 2015-05-21 17:02:21 -0700 | [diff] [blame] | 78 | import java.util.NoSuchElementException; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 79 | |
| 80 | /** |
| 81 | * A service to manage multiple clients that want to access the fingerprint HAL API. |
| 82 | * The service is responsible for maintaining a list of clients and dispatching all |
| 83 | * fingerprint -related events. |
| 84 | * |
| 85 | * @hide |
| 86 | */ |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 87 | public class FingerprintService extends SystemService implements IBinder.DeathRecipient { |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 88 | private static final String TAG = "FingerprintService"; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 89 | private static final boolean DEBUG = true; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 90 | private static final String FP_DATA_DIR = "fpdata"; |
| 91 | private static final String FINGERPRINTD = "android.hardware.fingerprint.IFingerprintDaemon"; |
| 92 | private static final int MSG_USER_SWITCHING = 10; |
| 93 | private static final int ENROLLMENT_TIMEOUT_MS = 60 * 1000; // 1 minute |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 94 | private static final String ACTION_LOCKOUT_RESET = |
| 95 | "com.android.server.fingerprint.ACTION_LOCKOUT_RESET"; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 96 | |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 97 | private ClientMonitor mAuthClient = null; |
| 98 | private ClientMonitor mEnrollClient = null; |
| 99 | private ClientMonitor mRemoveClient = null; |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 100 | private final ArrayList<FingerprintServiceLockoutResetMonitor> mLockoutMonitors = |
| 101 | new ArrayList<>(); |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 102 | private final AppOpsManager mAppOps; |
| 103 | |
Jim Miller | af281ca | 2015-04-20 19:04:21 -0700 | [diff] [blame] | 104 | private static final long MS_PER_SEC = 1000; |
| 105 | private static final long FAIL_LOCKOUT_TIMEOUT_MS = 30*1000; |
| 106 | private static final int MAX_FAILED_ATTEMPTS = 5; |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 107 | private static final int FINGERPRINT_ACQUIRED_GOOD = 0; |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 108 | private final String mKeyguardPackage; |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 109 | private int mCurrentUserId = UserHandle.USER_CURRENT; |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 110 | |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 111 | Handler mHandler = new Handler() { |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 112 | @Override |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 113 | public void handleMessage(android.os.Message msg) { |
| 114 | switch (msg.what) { |
Jorim Jaggi | aa4d32a | 2015-05-13 16:30:04 -0700 | [diff] [blame] | 115 | case MSG_USER_SWITCHING: |
| 116 | handleUserSwitching(msg.arg1); |
| 117 | break; |
| 118 | |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 119 | default: |
| 120 | Slog.w(TAG, "Unknown message:" + msg.what); |
| 121 | } |
| 122 | } |
| 123 | }; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 124 | |
Jorim Jaggi | ee77ceb | 2015-05-12 15:00:12 -0700 | [diff] [blame] | 125 | private final FingerprintUtils mFingerprintUtils = FingerprintUtils.getInstance(); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 126 | private Context mContext; |
| 127 | private long mHalDeviceId; |
| 128 | private int mFailedAttempts; |
| 129 | private IFingerprintDaemon mDaemon; |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 130 | private final PowerManager mPowerManager; |
| 131 | private final AlarmManager mAlarmManager; |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 132 | private final UserManager mUserManager; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 133 | |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 134 | private final BroadcastReceiver mLockoutReceiver = new BroadcastReceiver() { |
| 135 | @Override |
| 136 | public void onReceive(Context context, Intent intent) { |
| 137 | if (ACTION_LOCKOUT_RESET.equals(intent.getAction())) { |
| 138 | resetFailedAttempts(); |
| 139 | } |
| 140 | } |
| 141 | }; |
| 142 | |
| 143 | private final Runnable mResetFailedAttemptsRunnable = new Runnable() { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 144 | @Override |
| 145 | public void run() { |
| 146 | resetFailedAttempts(); |
| 147 | } |
| 148 | }; |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 149 | |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 150 | public FingerprintService(Context context) { |
| 151 | super(context); |
| 152 | mContext = context; |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 153 | mKeyguardPackage = ComponentName.unflattenFromString(context.getResources().getString( |
| 154 | com.android.internal.R.string.config_keyguardComponent)).getPackageName(); |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 155 | mAppOps = context.getSystemService(AppOpsManager.class); |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 156 | mPowerManager = mContext.getSystemService(PowerManager.class); |
| 157 | mAlarmManager = mContext.getSystemService(AlarmManager.class); |
| 158 | mContext.registerReceiver(mLockoutReceiver, new IntentFilter(ACTION_LOCKOUT_RESET), |
| 159 | RESET_FINGERPRINT_LOCKOUT, null /* handler */); |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 160 | mUserManager = UserManager.get(mContext); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 161 | } |
| 162 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 163 | @Override |
| 164 | public void binderDied() { |
| 165 | Slog.v(TAG, "fingerprintd died"); |
| 166 | mDaemon = null; |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 167 | handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 168 | } |
| 169 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 170 | public IFingerprintDaemon getFingerprintDaemon() { |
| 171 | if (mDaemon == null) { |
| 172 | mDaemon = IFingerprintDaemon.Stub.asInterface(ServiceManager.getService(FINGERPRINTD)); |
Jim Miller | 091f0e5 | 2015-07-21 16:58:46 -0700 | [diff] [blame] | 173 | if (mDaemon != null) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 174 | try { |
| 175 | mDaemon.asBinder().linkToDeath(this, 0); |
Jim Miller | 091f0e5 | 2015-07-21 16:58:46 -0700 | [diff] [blame] | 176 | mDaemon.init(mDaemonCallback); |
| 177 | mHalDeviceId = mDaemon.openHal(); |
| 178 | if (mHalDeviceId != 0) { |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 179 | updateActiveGroup(ActivityManager.getCurrentUser(), null); |
Jim Miller | 091f0e5 | 2015-07-21 16:58:46 -0700 | [diff] [blame] | 180 | } else { |
| 181 | Slog.w(TAG, "Failed to open Fingerprint HAL!"); |
| 182 | mDaemon = null; |
| 183 | } |
| 184 | } catch (RemoteException e) { |
| 185 | Slog.e(TAG, "Failed to open fingeprintd HAL", e); |
| 186 | mDaemon = null; // try again later! |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 187 | } |
Jim Miller | 091f0e5 | 2015-07-21 16:58:46 -0700 | [diff] [blame] | 188 | } else { |
| 189 | Slog.w(TAG, "fingerprint service not available"); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 190 | } |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 191 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 192 | return mDaemon; |
| 193 | } |
| 194 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 195 | protected void handleEnumerate(long deviceId, int[] fingerIds, int[] groupIds) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 196 | if (fingerIds.length != groupIds.length) { |
| 197 | Slog.w(TAG, "fingerIds and groupIds differ in length: f[]=" |
Andreas Gampe | e6748ce | 2015-12-11 18:00:38 -0800 | [diff] [blame] | 198 | + Arrays.toString(fingerIds) + ", g[]=" + Arrays.toString(groupIds)); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 199 | return; |
| 200 | } |
| 201 | if (DEBUG) Slog.w(TAG, "Enumerate: f[]=" + fingerIds + ", g[]=" + groupIds); |
| 202 | // TODO: update fingerprint/name pairs |
| 203 | } |
| 204 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 205 | protected void handleRemoved(long deviceId, int fingerId, int groupId) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 206 | final ClientMonitor client = mRemoveClient; |
| 207 | if (fingerId != 0) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 208 | removeTemplateForUser(mRemoveClient, fingerId); |
| 209 | } |
| 210 | if (client != null && client.sendRemoved(fingerId, groupId)) { |
| 211 | removeClient(mRemoveClient); |
| 212 | } |
| 213 | } |
| 214 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 215 | protected void handleError(long deviceId, int error) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 216 | if (mEnrollClient != null) { |
| 217 | final IBinder token = mEnrollClient.token; |
| 218 | if (mEnrollClient.sendError(error)) { |
| 219 | stopEnrollment(token, false); |
| 220 | } |
| 221 | } else if (mAuthClient != null) { |
| 222 | final IBinder token = mAuthClient.token; |
| 223 | if (mAuthClient.sendError(error)) { |
| 224 | stopAuthentication(token, false); |
| 225 | } |
| 226 | } else if (mRemoveClient != null) { |
| 227 | if (mRemoveClient.sendError(error)) removeClient(mRemoveClient); |
| 228 | } |
| 229 | } |
| 230 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 231 | protected void handleAuthenticated(long deviceId, int fingerId, int groupId) { |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 232 | if (mAuthClient != null) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 233 | final IBinder token = mAuthClient.token; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 234 | if (mAuthClient.sendAuthenticated(fingerId, groupId)) { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 235 | stopAuthentication(token, false); |
| 236 | removeClient(mAuthClient); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 237 | } |
| 238 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 239 | } |
| 240 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 241 | protected void handleAcquired(long deviceId, int acquiredInfo) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 242 | if (mEnrollClient != null) { |
| 243 | if (mEnrollClient.sendAcquired(acquiredInfo)) { |
| 244 | removeClient(mEnrollClient); |
| 245 | } |
| 246 | } else if (mAuthClient != null) { |
| 247 | if (mAuthClient.sendAcquired(acquiredInfo)) { |
| 248 | removeClient(mAuthClient); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 249 | } |
| 250 | } |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 251 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 252 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 253 | protected void handleEnrollResult(long deviceId, int fingerId, int groupId, int remaining) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 254 | if (mEnrollClient != null) { |
| 255 | if (mEnrollClient.sendEnrollResult(fingerId, groupId, remaining)) { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 256 | if (remaining == 0) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 257 | addTemplateForUser(mEnrollClient, fingerId); |
| 258 | removeClient(mEnrollClient); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 259 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 260 | } |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 261 | } |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 262 | } |
| 263 | |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 264 | private void userActivity() { |
| 265 | long now = SystemClock.uptimeMillis(); |
| 266 | mPowerManager.userActivity(now, PowerManager.USER_ACTIVITY_EVENT_TOUCH, 0); |
| 267 | } |
| 268 | |
| 269 | void handleUserSwitching(int userId) { |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 270 | updateActiveGroup(userId, null); |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 271 | } |
| 272 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 273 | private void removeClient(ClientMonitor client) { |
| 274 | if (client == null) return; |
| 275 | client.destroy(); |
| 276 | if (client == mAuthClient) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 277 | mAuthClient = null; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 278 | } else if (client == mEnrollClient) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 279 | mEnrollClient = null; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 280 | } else if (client == mRemoveClient) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 281 | mRemoveClient = null; |
| 282 | } |
| 283 | } |
| 284 | |
| 285 | private boolean inLockoutMode() { |
Jim Miller | 73633dd | 2015-09-02 15:35:33 -0700 | [diff] [blame] | 286 | return mFailedAttempts >= MAX_FAILED_ATTEMPTS; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 287 | } |
| 288 | |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 289 | private void scheduleLockoutReset() { |
| 290 | mAlarmManager.set(AlarmManager.ELAPSED_REALTIME_WAKEUP, |
| 291 | SystemClock.elapsedRealtime() + FAIL_LOCKOUT_TIMEOUT_MS, getLockoutResetIntent()); |
| 292 | } |
| 293 | |
| 294 | private void cancelLockoutReset() { |
| 295 | mAlarmManager.cancel(getLockoutResetIntent()); |
| 296 | } |
| 297 | |
| 298 | private PendingIntent getLockoutResetIntent() { |
| 299 | return PendingIntent.getBroadcast(mContext, 0, |
| 300 | new Intent(ACTION_LOCKOUT_RESET), PendingIntent.FLAG_UPDATE_CURRENT); |
| 301 | } |
| 302 | |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 303 | private void resetFailedAttempts() { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 304 | if (DEBUG && inLockoutMode()) { |
| 305 | Slog.v(TAG, "Reset fingerprint lockout"); |
| 306 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 307 | mFailedAttempts = 0; |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 308 | // If we're asked to reset failed attempts externally (i.e. from Keyguard), the alarm might |
| 309 | // still be pending; remove it. |
| 310 | cancelLockoutReset(); |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 311 | notifyLockoutResetMonitors(); |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 312 | } |
| 313 | |
| 314 | private boolean handleFailedAttempt(ClientMonitor clientMonitor) { |
| 315 | mFailedAttempts++; |
Jim Miller | 73633dd | 2015-09-02 15:35:33 -0700 | [diff] [blame] | 316 | if (inLockoutMode()) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 317 | // Failing multiple times will continue to push out the lockout time. |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 318 | scheduleLockoutReset(); |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 319 | if (clientMonitor != null |
| 320 | && !clientMonitor.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) { |
| 321 | Slog.w(TAG, "Cannot send lockout message to client"); |
| 322 | } |
| 323 | return true; |
| 324 | } |
| 325 | return false; |
| 326 | } |
| 327 | |
Jorim Jaggi | ee77ceb | 2015-05-12 15:00:12 -0700 | [diff] [blame] | 328 | private void removeTemplateForUser(ClientMonitor clientMonitor, int fingerId) { |
| 329 | mFingerprintUtils.removeFingerprintIdForUser(mContext, fingerId, clientMonitor.userId); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 330 | } |
| 331 | |
Jorim Jaggi | ee77ceb | 2015-05-12 15:00:12 -0700 | [diff] [blame] | 332 | private void addTemplateForUser(ClientMonitor clientMonitor, int fingerId) { |
| 333 | mFingerprintUtils.addFingerprintForUser(mContext, fingerId, clientMonitor.userId); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 334 | } |
| 335 | |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 336 | void startEnrollment(IBinder token, byte[] cryptoToken, int groupId, |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 337 | IFingerprintServiceReceiver receiver, int flags, boolean restricted) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 338 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 339 | if (daemon == null) { |
| 340 | Slog.w(TAG, "enroll: no fingeprintd!"); |
| 341 | return; |
| 342 | } |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 343 | stopPendingOperations(true); |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 344 | mEnrollClient = new ClientMonitor(token, receiver, groupId, restricted, token.toString()); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 345 | final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 346 | try { |
| 347 | final int result = daemon.enroll(cryptoToken, groupId, timeout); |
| 348 | if (result != 0) { |
| 349 | Slog.w(TAG, "startEnroll failed, result=" + result); |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 350 | handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 351 | } |
| 352 | } catch (RemoteException e) { |
| 353 | Slog.e(TAG, "startEnroll failed", e); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 354 | } |
| 355 | } |
| 356 | |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 357 | public long startPreEnroll(IBinder token) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 358 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 359 | if (daemon == null) { |
| 360 | Slog.w(TAG, "startPreEnroll: no fingeprintd!"); |
| 361 | return 0; |
| 362 | } |
| 363 | try { |
| 364 | return daemon.preEnroll(); |
| 365 | } catch (RemoteException e) { |
| 366 | Slog.e(TAG, "startPreEnroll failed", e); |
| 367 | } |
| 368 | return 0; |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 369 | } |
| 370 | |
Sasha Levitskiy | e0943cf | 2015-07-08 13:22:20 -0700 | [diff] [blame] | 371 | public int startPostEnroll(IBinder token) { |
| 372 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 373 | if (daemon == null) { |
| 374 | Slog.w(TAG, "startPostEnroll: no fingeprintd!"); |
| 375 | return 0; |
| 376 | } |
| 377 | try { |
| 378 | return daemon.postEnroll(); |
| 379 | } catch (RemoteException e) { |
| 380 | Slog.e(TAG, "startPostEnroll failed", e); |
| 381 | } |
| 382 | return 0; |
| 383 | } |
| 384 | |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 385 | private void stopPendingOperations(boolean initiatedByClient) { |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 386 | if (mEnrollClient != null) { |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 387 | stopEnrollment(mEnrollClient.token, initiatedByClient); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 388 | } |
| 389 | if (mAuthClient != null) { |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 390 | stopAuthentication(mAuthClient.token, initiatedByClient); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 391 | } |
| 392 | // mRemoveClient is allowed to continue |
| 393 | } |
| 394 | |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 395 | /** |
| 396 | * Stop enrollment in progress and inform client if they initiated it. |
| 397 | * |
| 398 | * @param token token for client |
| 399 | * @param initiatedByClient if this call is the result of client action (e.g. calling cancel) |
| 400 | */ |
| 401 | void stopEnrollment(IBinder token, boolean initiatedByClient) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 402 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 403 | if (daemon == null) { |
| 404 | Slog.w(TAG, "stopEnrollment: no fingeprintd!"); |
| 405 | return; |
| 406 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 407 | final ClientMonitor client = mEnrollClient; |
| 408 | if (client == null || client.token != token) return; |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 409 | if (initiatedByClient) { |
| 410 | try { |
| 411 | int result = daemon.cancelEnrollment(); |
| 412 | if (result != 0) { |
| 413 | Slog.w(TAG, "startEnrollCancel failed, result = " + result); |
| 414 | } |
| 415 | } catch (RemoteException e) { |
| 416 | Slog.e(TAG, "stopEnrollment failed", e); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 417 | } |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 418 | client.sendError(FingerprintManager.FINGERPRINT_ERROR_CANCELED); |
| 419 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 420 | removeClient(mEnrollClient); |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 421 | } |
| 422 | |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 423 | void startAuthentication(IBinder token, long opId, int realUserId, int groupId, |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 424 | IFingerprintServiceReceiver receiver, int flags, boolean restricted, |
| 425 | String opPackageName) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 426 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 427 | if (daemon == null) { |
| 428 | Slog.w(TAG, "startAuthentication: no fingeprintd!"); |
| 429 | return; |
| 430 | } |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 431 | stopPendingOperations(true); |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 432 | updateActiveGroup(groupId, opPackageName); |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 433 | mAuthClient = new ClientMonitor(token, receiver, groupId, restricted, opPackageName); |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 434 | if (inLockoutMode()) { |
| 435 | Slog.v(TAG, "In lockout mode; disallowing authentication"); |
| 436 | if (!mAuthClient.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) { |
| 437 | Slog.w(TAG, "Cannot send timeout message to client"); |
| 438 | } |
| 439 | mAuthClient = null; |
| 440 | return; |
| 441 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 442 | try { |
| 443 | final int result = daemon.authenticate(opId, groupId); |
| 444 | if (result != 0) { |
| 445 | Slog.w(TAG, "startAuthentication failed, result=" + result); |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 446 | handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 447 | } |
| 448 | } catch (RemoteException e) { |
| 449 | Slog.e(TAG, "startAuthentication failed", e); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 450 | } |
| 451 | } |
| 452 | |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 453 | /** |
| 454 | * Stop authentication in progress and inform client if they initiated it. |
| 455 | * |
| 456 | * @param token token for client |
| 457 | * @param initiatedByClient if this call is the result of client action (e.g. calling cancel) |
| 458 | */ |
| 459 | void stopAuthentication(IBinder token, boolean initiatedByClient) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 460 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 461 | if (daemon == null) { |
| 462 | Slog.w(TAG, "stopAuthentication: no fingeprintd!"); |
| 463 | return; |
| 464 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 465 | final ClientMonitor client = mAuthClient; |
| 466 | if (client == null || client.token != token) return; |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 467 | if (initiatedByClient) { |
| 468 | try { |
| 469 | int result = daemon.cancelAuthentication(); |
| 470 | if (result != 0) { |
| 471 | Slog.w(TAG, "stopAuthentication failed, result=" + result); |
| 472 | } |
| 473 | } catch (RemoteException e) { |
| 474 | Slog.e(TAG, "stopAuthentication failed", e); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 475 | } |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 476 | client.sendError(FingerprintManager.FINGERPRINT_ERROR_CANCELED); |
| 477 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 478 | removeClient(mAuthClient); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 479 | } |
| 480 | |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 481 | void startRemove(IBinder token, int fingerId, int userId, |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 482 | IFingerprintServiceReceiver receiver, boolean restricted) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 483 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 484 | if (daemon == null) { |
| 485 | Slog.w(TAG, "startRemove: no fingeprintd!"); |
| 486 | return; |
| 487 | } |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 488 | |
Jim Miller | 827afda | 2015-08-21 18:45:15 -0700 | [diff] [blame] | 489 | stopPendingOperations(true); |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 490 | mRemoveClient = new ClientMonitor(token, receiver, userId, restricted, token.toString()); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 491 | // The fingerprint template ids will be removed when we get confirmation from the HAL |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 492 | try { |
| 493 | final int result = daemon.remove(fingerId, userId); |
| 494 | if (result != 0) { |
| 495 | Slog.w(TAG, "startRemove with id = " + fingerId + " failed, result=" + result); |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 496 | handleError(mHalDeviceId, FingerprintManager.FINGERPRINT_ERROR_HW_UNAVAILABLE); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 497 | } |
| 498 | } catch (RemoteException e) { |
| 499 | Slog.e(TAG, "startRemove failed", e); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 500 | } |
| 501 | } |
| 502 | |
Jim Miller | 599ef0e | 2015-06-15 20:39:44 -0700 | [diff] [blame] | 503 | public List<Fingerprint> getEnrolledFingerprints(int userId) { |
| 504 | return mFingerprintUtils.getFingerprintsForUser(mContext, userId); |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 505 | } |
| 506 | |
Jim Miller | 599ef0e | 2015-06-15 20:39:44 -0700 | [diff] [blame] | 507 | public boolean hasEnrolledFingerprints(int userId) { |
Clara Bayarri | 33fd3cf | 2016-02-19 16:54:49 +0000 | [diff] [blame] | 508 | if (userId != Binder.getCallingUid()) { |
| 509 | checkPermission(INTERACT_ACROSS_USERS); |
| 510 | } |
Jim Miller | 599ef0e | 2015-06-15 20:39:44 -0700 | [diff] [blame] | 511 | return mFingerprintUtils.getFingerprintsForUser(mContext, userId).size() > 0; |
Jorim Jaggi | 2aad7ee | 2015-04-14 15:25:06 -0700 | [diff] [blame] | 512 | } |
| 513 | |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 514 | boolean hasPermission(String permission) { |
| 515 | return getContext().checkCallingOrSelfPermission(permission) |
| 516 | == PackageManager.PERMISSION_GRANTED; |
| 517 | } |
| 518 | |
Jim Miller | ba67aee | 2015-02-20 16:21:26 -0800 | [diff] [blame] | 519 | void checkPermission(String permission) { |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 520 | getContext().enforceCallingOrSelfPermission(permission, |
| 521 | "Must have " + permission + " permission."); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 522 | } |
| 523 | |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 524 | int getEffectiveUserId(int userId) { |
| 525 | UserManager um = UserManager.get(mContext); |
| 526 | if (um != null) { |
| 527 | final long callingIdentity = Binder.clearCallingIdentity(); |
| 528 | userId = um.getCredentialOwnerProfile(userId); |
| 529 | Binder.restoreCallingIdentity(callingIdentity); |
| 530 | } else { |
| 531 | Slog.e(TAG, "Unable to acquire UserManager"); |
| 532 | } |
| 533 | return userId; |
| 534 | } |
| 535 | |
Jim Miller | cb7d9e9 | 2015-06-16 15:05:48 -0700 | [diff] [blame] | 536 | boolean isCurrentUserOrProfile(int userId) { |
| 537 | UserManager um = UserManager.get(mContext); |
| 538 | |
| 539 | // Allow current user or profiles of the current user... |
| 540 | List<UserInfo> profiles = um.getEnabledProfiles(userId); |
| 541 | final int n = profiles.size(); |
| 542 | for (int i = 0; i < n; i++) { |
| 543 | if (profiles.get(i).id == userId) { |
| 544 | return true; |
| 545 | } |
| 546 | } |
| 547 | return false; |
| 548 | } |
| 549 | |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 550 | private boolean isForegroundActivity(int uid, int pid) { |
| 551 | try { |
| 552 | List<RunningAppProcessInfo> procs = |
| 553 | ActivityManagerNative.getDefault().getRunningAppProcesses(); |
| 554 | int N = procs.size(); |
| 555 | for (int i = 0; i < N; i++) { |
| 556 | RunningAppProcessInfo proc = procs.get(i); |
| 557 | if (proc.pid == pid && proc.uid == uid |
| 558 | && proc.importance == IMPORTANCE_FOREGROUND) { |
| 559 | return true; |
| 560 | } |
| 561 | } |
| 562 | } catch (RemoteException e) { |
| 563 | Slog.w(TAG, "am.getRunningAppProcesses() failed"); |
| 564 | } |
| 565 | return false; |
| 566 | } |
| 567 | |
| 568 | /** |
| 569 | * @param opPackageName name of package for caller |
| 570 | * @param foregroundOnly only allow this call while app is in the foreground |
| 571 | * @return true if caller can use fingerprint API |
| 572 | */ |
| 573 | private boolean canUseFingerprint(String opPackageName, boolean foregroundOnly) { |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 574 | checkPermission(USE_FINGERPRINT); |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 575 | final int uid = Binder.getCallingUid(); |
| 576 | final int pid = Binder.getCallingPid(); |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 577 | if (isKeyguard(opPackageName)) { |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 578 | return true; // Keyguard is always allowed |
| 579 | } |
| 580 | if (!isCurrentUserOrProfile(UserHandle.getCallingUserId())) { |
| 581 | Slog.w(TAG,"Rejecting " + opPackageName + " ; not a current user or profile"); |
| 582 | return false; |
| 583 | } |
| 584 | if (mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName) |
| 585 | != AppOpsManager.MODE_ALLOWED) { |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 586 | Slog.w(TAG, "Rejecting " + opPackageName + " ; permission denied"); |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 587 | return false; |
| 588 | } |
| 589 | if (foregroundOnly && !isForegroundActivity(uid, pid)) { |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 590 | Slog.w(TAG, "Rejecting " + opPackageName + " ; not in foreground"); |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 591 | return false; |
| 592 | } |
| 593 | return true; |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 594 | } |
| 595 | |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 596 | /** |
| 597 | * @param clientPackage |
| 598 | * @return true if this is keyguard package |
| 599 | */ |
| 600 | private boolean isKeyguard(String clientPackage) { |
| 601 | return mKeyguardPackage.equals(clientPackage); |
| 602 | } |
| 603 | |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 604 | private void addLockoutResetMonitor(FingerprintServiceLockoutResetMonitor monitor) { |
| 605 | if (!mLockoutMonitors.contains(monitor)) { |
| 606 | mLockoutMonitors.add(monitor); |
| 607 | } |
| 608 | } |
| 609 | |
| 610 | private void removeLockoutResetCallback( |
| 611 | FingerprintServiceLockoutResetMonitor monitor) { |
| 612 | mLockoutMonitors.remove(monitor); |
| 613 | } |
| 614 | |
| 615 | private void notifyLockoutResetMonitors() { |
| 616 | for (int i = 0; i < mLockoutMonitors.size(); i++) { |
| 617 | mLockoutMonitors.get(i).sendLockoutReset(); |
| 618 | } |
| 619 | } |
| 620 | |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 621 | private class ClientMonitor implements IBinder.DeathRecipient { |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 622 | IBinder token; |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 623 | IFingerprintServiceReceiver receiver; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 624 | int userId; |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 625 | boolean restricted; // True if client does not have MANAGE_FINGERPRINT permission |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 626 | String owner; |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 627 | |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 628 | public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver, int userId, |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 629 | boolean restricted, String owner) { |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 630 | this.token = token; |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 631 | this.receiver = receiver; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 632 | this.userId = userId; |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 633 | this.restricted = restricted; |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 634 | this.owner = owner; // name of the client that owns this - for debugging |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 635 | try { |
| 636 | token.linkToDeath(this, 0); |
| 637 | } catch (RemoteException e) { |
| 638 | Slog.w(TAG, "caught remote exception in linkToDeath: ", e); |
| 639 | } |
| 640 | } |
| 641 | |
| 642 | public void destroy() { |
| 643 | if (token != null) { |
Jim Miller | 16ef71f | 2015-05-21 17:02:21 -0700 | [diff] [blame] | 644 | try { |
| 645 | token.unlinkToDeath(this, 0); |
| 646 | } catch (NoSuchElementException e) { |
| 647 | // TODO: remove when duplicate call bug is found |
| 648 | Slog.e(TAG, "destroy(): " + this + ":", new Exception("here")); |
| 649 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 650 | token = null; |
| 651 | } |
| 652 | receiver = null; |
| 653 | } |
| 654 | |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 655 | @Override |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 656 | public void binderDied() { |
| 657 | token = null; |
| 658 | removeClient(this); |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 659 | receiver = null; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 660 | } |
| 661 | |
Jim Miller | 80a776e | 2015-07-15 18:57:14 -0700 | [diff] [blame] | 662 | @Override |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 663 | protected void finalize() throws Throwable { |
| 664 | try { |
| 665 | if (token != null) { |
| 666 | if (DEBUG) Slog.w(TAG, "removing leaked reference: " + token); |
| 667 | removeClient(this); |
| 668 | } |
| 669 | } finally { |
| 670 | super.finalize(); |
| 671 | } |
| 672 | } |
| 673 | |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 674 | /* |
| 675 | * @return true if we're done. |
| 676 | */ |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 677 | private boolean sendRemoved(int fingerId, int groupId) { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 678 | if (receiver == null) return true; // client not listening |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 679 | try { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 680 | receiver.onRemoved(mHalDeviceId, fingerId, groupId); |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 681 | return fingerId == 0; |
| 682 | } catch (RemoteException e) { |
| 683 | Slog.w(TAG, "Failed to notify Removed:", e); |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 684 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 685 | return false; |
| 686 | } |
| 687 | |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 688 | /* |
| 689 | * @return true if we're done. |
| 690 | */ |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 691 | private boolean sendEnrollResult(int fpId, int groupId, int remaining) { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 692 | if (receiver == null) return true; // client not listening |
Jim Miller | af281ca | 2015-04-20 19:04:21 -0700 | [diff] [blame] | 693 | FingerprintUtils.vibrateFingerprintSuccess(getContext()); |
Chris Wren | f6e9228b | 2016-01-26 18:04:35 -0500 | [diff] [blame] | 694 | MetricsLogger.action(mContext, MetricsEvent.ACTION_FINGERPRINT_ENROLL); |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 695 | try { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 696 | receiver.onEnrollResult(mHalDeviceId, fpId, groupId, remaining); |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 697 | return remaining == 0; |
| 698 | } catch (RemoteException e) { |
| 699 | Slog.w(TAG, "Failed to notify EnrollResult:", e); |
| 700 | return true; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 701 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 702 | } |
| 703 | |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 704 | /* |
| 705 | * @return true if we're done. |
| 706 | */ |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 707 | private boolean sendAuthenticated(int fpId, int groupId) { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 708 | boolean result = false; |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 709 | boolean authenticated = fpId != 0; |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 710 | if (receiver != null) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 711 | try { |
Chris Wren | f6e9228b | 2016-01-26 18:04:35 -0500 | [diff] [blame] | 712 | MetricsLogger.action(mContext, MetricsEvent.ACTION_FINGERPRINT_AUTH, |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 713 | authenticated); |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 714 | if (!authenticated) { |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 715 | receiver.onAuthenticationFailed(mHalDeviceId); |
| 716 | } else { |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 717 | if (DEBUG) { |
| 718 | Slog.v(TAG, "onAuthenticated(owner=" + mAuthClient.owner |
| 719 | + ", id=" + fpId + ", gp=" + groupId + ")"); |
| 720 | } |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 721 | Fingerprint fp = !restricted ? |
| 722 | new Fingerprint("" /* TODO */, groupId, fpId, mHalDeviceId) : null; |
| 723 | receiver.onAuthenticationSucceeded(mHalDeviceId, fp); |
| 724 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 725 | } catch (RemoteException e) { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 726 | Slog.w(TAG, "Failed to notify Authenticated:", e); |
| 727 | result = true; // client failed |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 728 | } |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 729 | } else { |
| 730 | result = true; // client not listening |
Vineeta Srivastava | 99b8820 | 2015-07-08 13:37:09 -0700 | [diff] [blame] | 731 | } |
| 732 | if (fpId == 0) { |
Jorim Jaggi | 055eafd | 2015-08-12 18:06:22 -0700 | [diff] [blame] | 733 | if (receiver != null) { |
| 734 | FingerprintUtils.vibrateFingerprintError(getContext()); |
| 735 | } |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 736 | result |= handleFailedAttempt(this); |
| 737 | } else { |
Jorim Jaggi | 055eafd | 2015-08-12 18:06:22 -0700 | [diff] [blame] | 738 | if (receiver != null) { |
| 739 | FingerprintUtils.vibrateFingerprintSuccess(getContext()); |
| 740 | } |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 741 | result |= true; // we have a valid fingerprint |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 742 | resetFailedAttempts(); |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 743 | } |
| 744 | return result; |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 745 | } |
| 746 | |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 747 | /* |
| 748 | * @return true if we're done. |
| 749 | */ |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 750 | private boolean sendAcquired(int acquiredInfo) { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 751 | if (receiver == null) return true; // client not listening |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 752 | try { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 753 | receiver.onAcquired(mHalDeviceId, acquiredInfo); |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 754 | return false; // acquisition continues... |
| 755 | } catch (RemoteException e) { |
| 756 | Slog.w(TAG, "Failed to invoke sendAcquired:", e); |
| 757 | return true; // client failed |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 758 | } |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 759 | finally { |
| 760 | // Good scans will keep the device awake |
| 761 | if (acquiredInfo == FINGERPRINT_ACQUIRED_GOOD) { |
| 762 | userActivity(); |
| 763 | } |
| 764 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 765 | } |
| 766 | |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 767 | /* |
| 768 | * @return true if we're done. |
| 769 | */ |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 770 | private boolean sendError(int error) { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 771 | if (receiver != null) { |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 772 | try { |
Jim Miller | b21e1b2 | 2015-04-24 16:59:11 -0700 | [diff] [blame] | 773 | receiver.onError(mHalDeviceId, error); |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 774 | } catch (RemoteException e) { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 775 | Slog.w(TAG, "Failed to invoke sendError:", e); |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 776 | } |
| 777 | } |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 778 | return true; // errors always terminate progress |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 779 | } |
| 780 | } |
| 781 | |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 782 | private class FingerprintServiceLockoutResetMonitor { |
| 783 | |
| 784 | private final IFingerprintServiceLockoutResetCallback mCallback; |
| 785 | |
| 786 | public FingerprintServiceLockoutResetMonitor( |
| 787 | IFingerprintServiceLockoutResetCallback callback) { |
| 788 | mCallback = callback; |
| 789 | } |
| 790 | |
| 791 | public void sendLockoutReset() { |
| 792 | if (mCallback != null) { |
| 793 | try { |
| 794 | mCallback.onLockoutReset(mHalDeviceId); |
| 795 | } catch (DeadObjectException e) { |
| 796 | Slog.w(TAG, "Death object while invoking onLockoutReset: ", e); |
| 797 | mHandler.post(mRemoveCallbackRunnable); |
| 798 | } catch (RemoteException e) { |
| 799 | Slog.w(TAG, "Failed to invoke onLockoutReset: ", e); |
| 800 | } |
| 801 | } |
| 802 | } |
| 803 | |
| 804 | private final Runnable mRemoveCallbackRunnable = new Runnable() { |
| 805 | @Override |
| 806 | public void run() { |
| 807 | removeLockoutResetCallback(FingerprintServiceLockoutResetMonitor.this); |
| 808 | } |
| 809 | }; |
| 810 | } |
| 811 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 812 | private IFingerprintDaemonCallback mDaemonCallback = new IFingerprintDaemonCallback.Stub() { |
| 813 | |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 814 | @Override |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 815 | public void onEnrollResult(final long deviceId, final int fingerId, final int groupId, |
| 816 | final int remaining) { |
| 817 | mHandler.post(new Runnable() { |
| 818 | @Override |
| 819 | public void run() { |
| 820 | handleEnrollResult(deviceId, fingerId, groupId, remaining); |
| 821 | } |
| 822 | }); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 823 | } |
| 824 | |
| 825 | @Override |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 826 | public void onAcquired(final long deviceId, final int acquiredInfo) { |
| 827 | mHandler.post(new Runnable() { |
| 828 | @Override |
| 829 | public void run() { |
| 830 | handleAcquired(deviceId, acquiredInfo); |
| 831 | } |
| 832 | }); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 833 | } |
| 834 | |
| 835 | @Override |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 836 | public void onAuthenticated(final long deviceId, final int fingerId, final int groupId) { |
| 837 | mHandler.post(new Runnable() { |
| 838 | @Override |
| 839 | public void run() { |
| 840 | handleAuthenticated(deviceId, fingerId, groupId); |
| 841 | } |
| 842 | }); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 843 | } |
| 844 | |
| 845 | @Override |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 846 | public void onError(final long deviceId, final int error) { |
| 847 | mHandler.post(new Runnable() { |
| 848 | @Override |
| 849 | public void run() { |
| 850 | handleError(deviceId, error); |
| 851 | } |
| 852 | }); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 853 | } |
| 854 | |
| 855 | @Override |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 856 | public void onRemoved(final long deviceId, final int fingerId, final int groupId) { |
| 857 | mHandler.post(new Runnable() { |
| 858 | @Override |
| 859 | public void run() { |
| 860 | handleRemoved(deviceId, fingerId, groupId); |
| 861 | } |
| 862 | }); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 863 | } |
| 864 | |
| 865 | @Override |
Jim Miller | 8b3c25a | 2015-08-28 17:29:49 -0700 | [diff] [blame] | 866 | public void onEnumerate(final long deviceId, final int[] fingerIds, final int[] groupIds) { |
| 867 | mHandler.post(new Runnable() { |
| 868 | @Override |
| 869 | public void run() { |
| 870 | handleEnumerate(deviceId, fingerIds, groupIds); |
| 871 | } |
| 872 | }); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 873 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 874 | }; |
| 875 | |
| 876 | private final class FingerprintServiceWrapper extends IFingerprintService.Stub { |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 877 | private static final String KEYGUARD_PACKAGE = "com.android.systemui"; |
| 878 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 879 | @Override // Binder call |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 880 | public long preEnroll(IBinder token) { |
Jim Miller | ba67aee | 2015-02-20 16:21:26 -0800 | [diff] [blame] | 881 | checkPermission(MANAGE_FINGERPRINT); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 882 | return startPreEnroll(token); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 883 | } |
| 884 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 885 | @Override // Binder call |
Sasha Levitskiy | e0943cf | 2015-07-08 13:22:20 -0700 | [diff] [blame] | 886 | public int postEnroll(IBinder token) { |
| 887 | checkPermission(MANAGE_FINGERPRINT); |
| 888 | return startPostEnroll(token); |
| 889 | } |
| 890 | |
| 891 | @Override // Binder call |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 892 | public void enroll(final IBinder token, final byte[] cryptoToken, final int groupId, |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 893 | final IFingerprintServiceReceiver receiver, final int flags) { |
| 894 | checkPermission(MANAGE_FINGERPRINT); |
Jim Miller | 599ef0e | 2015-06-15 20:39:44 -0700 | [diff] [blame] | 895 | final int limit = mContext.getResources().getInteger( |
| 896 | com.android.internal.R.integer.config_fingerprintMaxTemplatesPerUser); |
| 897 | final int callingUid = Binder.getCallingUid(); |
| 898 | final int userId = UserHandle.getUserId(callingUid); |
| 899 | final int enrolled = FingerprintService.this.getEnrolledFingerprints(userId).size(); |
| 900 | if (enrolled >= limit) { |
| 901 | Slog.w(TAG, "Too many fingerprints registered"); |
| 902 | return; |
| 903 | } |
Jim Miller | fe6439f | 2015-04-11 18:07:57 -0700 | [diff] [blame] | 904 | final byte [] cryptoClone = Arrays.copyOf(cryptoToken, cryptoToken.length); |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 905 | |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 906 | // Group ID is arbitrarily set to parent profile user ID. It just represents |
| 907 | // the default fingerprints for the user. |
| 908 | final int effectiveGroupId = getEffectiveUserId(groupId); |
| 909 | |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 910 | final boolean restricted = isRestricted(); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 911 | mHandler.post(new Runnable() { |
| 912 | @Override |
| 913 | public void run() { |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 914 | startEnrollment(token, cryptoClone, effectiveGroupId, receiver, flags, restricted); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 915 | } |
| 916 | }); |
| 917 | } |
| 918 | |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 919 | private boolean isRestricted() { |
| 920 | // Only give privileged apps (like Settings) access to fingerprint info |
| 921 | final boolean restricted = !hasPermission(MANAGE_FINGERPRINT); |
| 922 | return restricted; |
| 923 | } |
| 924 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 925 | @Override // Binder call |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 926 | public void cancelEnrollment(final IBinder token) { |
| 927 | checkPermission(MANAGE_FINGERPRINT); |
| 928 | mHandler.post(new Runnable() { |
| 929 | @Override |
| 930 | public void run() { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 931 | stopEnrollment(token, true); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 932 | } |
| 933 | }); |
| 934 | } |
| 935 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 936 | @Override // Binder call |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 937 | public void authenticate(final IBinder token, final long opId, final int groupId, |
Jim Miller | dca15d2 | 2015-06-16 20:55:13 -0700 | [diff] [blame] | 938 | final IFingerprintServiceReceiver receiver, final int flags, |
| 939 | final String opPackageName) { |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 940 | if (!canUseFingerprint(opPackageName, true /* foregroundOnly */)) { |
Jim Miller | 1adb4a7 | 2015-09-14 18:58:08 -0700 | [diff] [blame] | 941 | if (DEBUG) Slog.v(TAG, "authenticate(): reject " + opPackageName); |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 942 | return; |
| 943 | } |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 944 | |
| 945 | // Group ID is arbitrarily set to parent profile user ID. It just represents |
| 946 | // the default fingerprints for the user. |
| 947 | final int effectiveGroupId = getEffectiveUserId(groupId); |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 948 | final int realUserId = Binder.getCallingUid(); |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 949 | |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 950 | final boolean restricted = isRestricted(); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 951 | mHandler.post(new Runnable() { |
| 952 | @Override |
| 953 | public void run() { |
Chris Wren | 9521231 | 2015-08-24 16:19:03 -0400 | [diff] [blame] | 954 | MetricsLogger.histogram(mContext, "fingerprint_token", opId != 0L ? 1 : 0); |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 955 | startAuthentication(token, opId, realUserId, effectiveGroupId, receiver, |
| 956 | flags, restricted, opPackageName); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 957 | } |
| 958 | }); |
| 959 | } |
| 960 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 961 | @Override // Binder call |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 962 | public void cancelAuthentication(final IBinder token, String opPackageName) { |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 963 | if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) { |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 964 | return; |
| 965 | } |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 966 | mHandler.post(new Runnable() { |
| 967 | @Override |
| 968 | public void run() { |
Jim Miller | 1304137 | 2015-04-16 14:48:55 -0700 | [diff] [blame] | 969 | stopAuthentication(token, true); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 970 | } |
| 971 | }); |
Jim Miller | ba67aee | 2015-02-20 16:21:26 -0800 | [diff] [blame] | 972 | } |
Jim Miller | 99d6019 | 2015-03-11 17:41:58 -0700 | [diff] [blame] | 973 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 974 | @Override // Binder call |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 975 | public void setActiveUser(final int userId) { |
| 976 | checkPermission(MANAGE_FINGERPRINT); |
| 977 | mHandler.post(new Runnable() { |
| 978 | @Override |
| 979 | public void run() { |
| 980 | updateActiveGroup(userId, null); |
| 981 | } |
| 982 | }); |
| 983 | } |
| 984 | |
| 985 | @Override // Binder call |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 986 | public void remove(final IBinder token, final int fingerId, final int groupId, |
| 987 | final IFingerprintServiceReceiver receiver) { |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 988 | checkPermission(MANAGE_FINGERPRINT); // TODO: Maybe have another permission |
Jim Miller | f501b58 | 2015-06-03 16:36:31 -0700 | [diff] [blame] | 989 | final boolean restricted = isRestricted(); |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 990 | |
| 991 | // Group ID is arbitrarily set to parent profile user ID. It just represents |
| 992 | // the default fingerprints for the user. |
| 993 | final int effectiveGroupId = getEffectiveUserId(groupId); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 994 | mHandler.post(new Runnable() { |
| 995 | @Override |
| 996 | public void run() { |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 997 | startRemove(token, fingerId, effectiveGroupId, receiver, restricted); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 998 | } |
| 999 | }); |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1000 | |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1001 | } |
| 1002 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1003 | @Override // Binder call |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 1004 | public boolean isHardwareDetected(long deviceId, String opPackageName) { |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 1005 | if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) { |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 1006 | return false; |
| 1007 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1008 | return mHalDeviceId != 0; |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1009 | } |
| 1010 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1011 | @Override // Binder call |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 1012 | public void rename(final int fingerId, final int groupId, final String name) { |
Jim Miller | 99d6019 | 2015-03-11 17:41:58 -0700 | [diff] [blame] | 1013 | checkPermission(MANAGE_FINGERPRINT); |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 1014 | |
| 1015 | // Group ID is arbitrarily set to parent profile user ID. It just represents |
| 1016 | // the default fingerprints for the user. |
| 1017 | final int effectiveGroupId = getEffectiveUserId(groupId); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 1018 | mHandler.post(new Runnable() { |
| 1019 | @Override |
| 1020 | public void run() { |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 1021 | mFingerprintUtils.renameFingerprintForUser(mContext, fingerId, |
| 1022 | effectiveGroupId, name); |
Jim Miller | ce7eb6d | 2015-04-03 19:29:13 -0700 | [diff] [blame] | 1023 | } |
| 1024 | }); |
Jim Miller | 99d6019 | 2015-03-11 17:41:58 -0700 | [diff] [blame] | 1025 | } |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1026 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1027 | @Override // Binder call |
Jim Miller | 599ef0e | 2015-06-15 20:39:44 -0700 | [diff] [blame] | 1028 | public List<Fingerprint> getEnrolledFingerprints(int userId, String opPackageName) { |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 1029 | if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) { |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 1030 | return Collections.emptyList(); |
| 1031 | } |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 1032 | int effectiveUserId = getEffectiveUserId(userId); |
| 1033 | |
| 1034 | return FingerprintService.this.getEnrolledFingerprints(effectiveUserId); |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1035 | } |
Jorim Jaggi | 2aad7ee | 2015-04-14 15:25:06 -0700 | [diff] [blame] | 1036 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1037 | @Override // Binder call |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 1038 | public boolean hasEnrolledFingerprints(int userId, String opPackageName) { |
Jim Miller | 975f145 | 2015-08-31 18:18:22 -0700 | [diff] [blame] | 1039 | if (!canUseFingerprint(opPackageName, false /* foregroundOnly */)) { |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 1040 | return false; |
| 1041 | } |
Andres Morales | 494d6e9 | 2015-08-06 15:01:41 -0700 | [diff] [blame] | 1042 | |
| 1043 | int effectiveUserId = getEffectiveUserId(userId); |
| 1044 | return FingerprintService.this.hasEnrolledFingerprints(effectiveUserId); |
Jorim Jaggi | 2aad7ee | 2015-04-14 15:25:06 -0700 | [diff] [blame] | 1045 | } |
Andres Morales | 4d41a20 | 2015-04-16 14:12:38 -0700 | [diff] [blame] | 1046 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1047 | @Override // Binder call |
Svetoslav | 4af76a5 | 2015-04-29 15:29:46 -0700 | [diff] [blame] | 1048 | public long getAuthenticatorId(String opPackageName) { |
Alex Klyubin | a99b8b5 | 2015-06-11 13:27:34 -0700 | [diff] [blame] | 1049 | // In this method, we're not checking whether the caller is permitted to use fingerprint |
| 1050 | // API because current authenticator ID is leaked (in a more contrived way) via Android |
| 1051 | // Keystore (android.security.keystore package): the user of that API can create a key |
| 1052 | // which requires fingerprint authentication for its use, and then query the key's |
| 1053 | // characteristics (hidden API) which returns, among other things, fingerprint |
| 1054 | // authenticator ID which was active at key creation time. |
| 1055 | // |
| 1056 | // Reason: The part of Android Keystore which runs inside an app's process invokes this |
| 1057 | // method in certain cases. Those cases are not always where the developer demonstrates |
| 1058 | // explicit intent to use fingerprint functionality. Thus, to avoiding throwing an |
| 1059 | // unexpected SecurityException this method does not check whether its caller is |
| 1060 | // permitted to use fingerprint API. |
| 1061 | // |
| 1062 | // The permission check should be restored once Android Keystore no longer invokes this |
| 1063 | // method from inside app processes. |
| 1064 | |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1065 | return FingerprintService.this.getAuthenticatorId(); |
Andres Morales | 4d41a20 | 2015-04-16 14:12:38 -0700 | [diff] [blame] | 1066 | } |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 1067 | |
| 1068 | @Override // Binder call |
| 1069 | protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { |
| 1070 | if (mContext.checkCallingOrSelfPermission(Manifest.permission.DUMP) |
| 1071 | != PackageManager.PERMISSION_GRANTED) { |
| 1072 | pw.println("Permission Denial: can't dump Fingerprint from from pid=" |
| 1073 | + Binder.getCallingPid() |
| 1074 | + ", uid=" + Binder.getCallingUid()); |
| 1075 | return; |
| 1076 | } |
| 1077 | |
| 1078 | final long ident = Binder.clearCallingIdentity(); |
| 1079 | try { |
| 1080 | dumpInternal(pw); |
| 1081 | } finally { |
| 1082 | Binder.restoreCallingIdentity(ident); |
| 1083 | } |
| 1084 | } |
Jim Miller | e0507bb | 2015-08-12 20:30:34 -0700 | [diff] [blame] | 1085 | @Override // Binder call |
| 1086 | public void resetTimeout(byte [] token) { |
| 1087 | checkPermission(RESET_FINGERPRINT_LOCKOUT); |
| 1088 | // TODO: confirm security token when we move timeout management into the HAL layer. |
Jorim Jaggi | 5e35422 | 2015-09-04 14:17:58 -0700 | [diff] [blame] | 1089 | mHandler.post(mResetFailedAttemptsRunnable); |
Jorim Jaggi | 3a46478 | 2015-08-28 16:59:13 -0700 | [diff] [blame] | 1090 | } |
| 1091 | |
| 1092 | @Override |
| 1093 | public void addLockoutResetCallback(final IFingerprintServiceLockoutResetCallback callback) |
| 1094 | throws RemoteException { |
| 1095 | mHandler.post(new Runnable() { |
| 1096 | @Override |
| 1097 | public void run() { |
| 1098 | addLockoutResetMonitor( |
| 1099 | new FingerprintServiceLockoutResetMonitor(callback)); |
| 1100 | } |
| 1101 | }); |
Jim Miller | e0507bb | 2015-08-12 20:30:34 -0700 | [diff] [blame] | 1102 | } |
Chris Wren | c510ad5 | 2015-08-14 15:43:15 -0400 | [diff] [blame] | 1103 | } |
| 1104 | |
| 1105 | private void dumpInternal(PrintWriter pw) { |
| 1106 | JSONObject dump = new JSONObject(); |
| 1107 | try { |
| 1108 | dump.put("service", "Fingerprint Manager"); |
| 1109 | |
| 1110 | JSONArray sets = new JSONArray(); |
| 1111 | for (UserInfo user : UserManager.get(getContext()).getUsers()) { |
| 1112 | final int userId = user.getUserHandle().getIdentifier(); |
| 1113 | final int N = mFingerprintUtils.getFingerprintsForUser(mContext, userId).size(); |
| 1114 | JSONObject set = new JSONObject(); |
| 1115 | set.put("id", userId); |
| 1116 | set.put("count", N); |
| 1117 | sets.put(set); |
| 1118 | } |
| 1119 | |
| 1120 | dump.put("prints", sets); |
| 1121 | } catch (JSONException e) { |
| 1122 | Slog.e(TAG, "dump formatting failure", e); |
| 1123 | } |
| 1124 | pw.println(dump); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 1125 | } |
| 1126 | |
| 1127 | @Override |
| 1128 | public void onStart() { |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1129 | publishBinderService(Context.FINGERPRINT_SERVICE, new FingerprintServiceWrapper()); |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1130 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
Jim Miller | 9f0753f | 2015-03-23 23:59:22 -0700 | [diff] [blame] | 1131 | if (DEBUG) Slog.v(TAG, "Fingerprint HAL id: " + mHalDeviceId); |
Jorim Jaggi | aa4d32a | 2015-05-13 16:30:04 -0700 | [diff] [blame] | 1132 | listenForUserSwitches(); |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 1133 | } |
| 1134 | |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 1135 | private void updateActiveGroup(int userId, String clientPackage) { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1136 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 1137 | if (daemon != null) { |
| 1138 | try { |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 1139 | userId = getUserOrWorkProfileId(clientPackage, userId); |
| 1140 | if (userId != mCurrentUserId) { |
| 1141 | final File systemDir = Environment.getUserSystemDirectory(userId); |
| 1142 | final File fpDir = new File(systemDir, FP_DATA_DIR); |
| 1143 | if (!fpDir.exists()) { |
| 1144 | if (!fpDir.mkdir()) { |
| 1145 | Slog.v(TAG, "Cannot make directory: " + fpDir.getAbsolutePath()); |
| 1146 | return; |
| 1147 | } |
| 1148 | // Calling mkdir() from this process will create a directory with our |
| 1149 | // permissions (inherited from the containing dir). This command fixes |
| 1150 | // the label. |
| 1151 | if (!SELinux.restorecon(fpDir)) { |
| 1152 | Slog.w(TAG, "Restorecons failed. Directory will have wrong label."); |
| 1153 | return; |
| 1154 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1155 | } |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 1156 | daemon.setActiveGroup(userId, fpDir.getAbsolutePath().getBytes()); |
| 1157 | mCurrentUserId = userId; |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1158 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1159 | } catch (RemoteException e) { |
| 1160 | Slog.e(TAG, "Failed to setActiveGroup():", e); |
| 1161 | } |
Jim Miller | dbe780f | 2015-05-18 13:55:00 -0700 | [diff] [blame] | 1162 | } |
Jorim Jaggi | aa4d32a | 2015-05-13 16:30:04 -0700 | [diff] [blame] | 1163 | } |
| 1164 | |
Clara Bayarri | d1f722d | 2016-01-07 14:17:39 +0000 | [diff] [blame] | 1165 | /** |
| 1166 | * @param clientPackage the package of the caller |
| 1167 | * @return the profile id |
| 1168 | */ |
| 1169 | private int getUserOrWorkProfileId(String clientPackage, int userId) { |
| 1170 | if (!isKeyguard(clientPackage) && isWorkProfile(userId)) { |
| 1171 | return userId; |
| 1172 | } |
| 1173 | return getEffectiveUserId(userId); |
| 1174 | } |
| 1175 | |
| 1176 | /** |
| 1177 | * @param userId |
| 1178 | * @return true if this is a work profile |
| 1179 | */ |
| 1180 | private boolean isWorkProfile(int userId) { |
| 1181 | UserInfo info = mUserManager.getUserInfo(userId); |
| 1182 | return info != null && info.isManagedProfile(); |
| 1183 | } |
| 1184 | |
Jorim Jaggi | aa4d32a | 2015-05-13 16:30:04 -0700 | [diff] [blame] | 1185 | private void listenForUserSwitches() { |
| 1186 | try { |
| 1187 | ActivityManagerNative.getDefault().registerUserSwitchObserver( |
Fyodor Kupolov | 6005b3f | 2015-11-23 17:41:50 -0800 | [diff] [blame] | 1188 | new SynchronousUserSwitchObserver() { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1189 | @Override |
Fyodor Kupolov | 6005b3f | 2015-11-23 17:41:50 -0800 | [diff] [blame] | 1190 | public void onUserSwitching(int newUserId) throws RemoteException { |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1191 | mHandler.obtainMessage(MSG_USER_SWITCHING, newUserId, 0 /* unused */) |
| 1192 | .sendToTarget(); |
| 1193 | } |
| 1194 | @Override |
| 1195 | public void onUserSwitchComplete(int newUserId) throws RemoteException { |
| 1196 | // Ignore. |
| 1197 | } |
| 1198 | @Override |
| 1199 | public void onForegroundProfileSwitch(int newProfileId) { |
| 1200 | // Ignore. |
| 1201 | } |
| 1202 | }); |
Jorim Jaggi | aa4d32a | 2015-05-13 16:30:04 -0700 | [diff] [blame] | 1203 | } catch (RemoteException e) { |
| 1204 | Slog.w(TAG, "Failed to listen for user switching event" ,e); |
| 1205 | } |
| 1206 | } |
Jim Miller | be67542 | 2015-05-11 20:45:25 -0700 | [diff] [blame] | 1207 | |
| 1208 | public long getAuthenticatorId() { |
| 1209 | IFingerprintDaemon daemon = getFingerprintDaemon(); |
| 1210 | if (daemon != null) { |
| 1211 | try { |
| 1212 | return daemon.getAuthenticatorId(); |
| 1213 | } catch (RemoteException e) { |
| 1214 | Slog.e(TAG, "getAuthenticatorId failed", e); |
| 1215 | } |
| 1216 | } |
| 1217 | return 0; |
| 1218 | } |
| 1219 | |
Jim Miller | a7596147 | 2014-06-06 15:00:49 -0700 | [diff] [blame] | 1220 | } |