KeyguardUpdateMonitor#isUnlockWithFacePossible was returning true
when the user had disabled face unlock.
This was causing bypass to still be enabled (hiding all notifications)
and bouncer was also being delayed, even though we were not scanning.
Fixes:
134977472
Test: auth with bypass (toggling face auth setting on/off)
Test: auth without bypass (toggling face auth setting on/off)
Change-Id: I234eb303db87fe0dafa2073a9bdf819c665018d6
* @hide
*/
oneway interface IBiometricEnabledOnKeyguardCallback {
- void onChanged(in BiometricSourceType type, boolean enabled);
+ void onChanged(in BiometricSourceType type, boolean enabled, int userId);
}
\ No newline at end of file
}
};
- private boolean mFaceSettingEnabledForUser;
+ private SparseBooleanArray mFaceSettingEnabledForUser = new SparseBooleanArray();
private BiometricManager mBiometricManager;
private IBiometricEnabledOnKeyguardCallback mBiometricEnabledCallback =
new IBiometricEnabledOnKeyguardCallback.Stub() {
@Override
- public void onChanged(BiometricSourceType type, boolean enabled) throws RemoteException {
+ public void onChanged(BiometricSourceType type, boolean enabled, int userId)
+ throws RemoteException {
if (type == BiometricSourceType.FACE) {
- mFaceSettingEnabledForUser = enabled;
+ mFaceSettingEnabledForUser.put(userId, enabled);
updateFaceListeningState();
}
}
// instance of KeyguardUpdateMonitor for each user but KeyguardUpdateMonitor is user-aware.
return (mBouncer || mAuthInterruptActive || awakeKeyguard || shouldListenForFaceAssistant())
&& !mSwitchingUser && !isFaceDisabled(user) && becauseCannotSkipBouncer
- && !mKeyguardGoingAway && mFaceSettingEnabledForUser && !mLockIconPressed
+ && !mKeyguardGoingAway && mFaceSettingEnabledForUser.get(user) && !mLockIconPressed
&& strongAuthAllowsScanning && mIsPrimaryUser
&& !mSecureCameraLaunched;
}
}
/**
- * If face hardware is available and user has enrolled. Not considering encryption or
- * lockdown state.
+ * If face hardware is available, user has enrolled and enabled auth via setting.
+ * Not considering encryption or lock down state.
*/
public boolean isUnlockWithFacePossible(int userId) {
return mFaceManager != null && mFaceManager.isHardwareDetected()
&& !isFaceDisabled(userId)
- && mFaceManager.hasEnrolledTemplates(userId);
+ && mFaceManager.hasEnrolledTemplates(userId)
+ && mFaceSettingEnabledForUser.get(userId);
}
private void stopListeningForFingerprint() {
pw.println(" possible=" + isUnlockWithFacePossible(userId));
pw.println(" strongAuthFlags=" + Integer.toHexString(strongAuthFlags));
pw.println(" trustManaged=" + getUserTrustIsManaged(userId));
- pw.println(" enabledByUser=" + mFaceSettingEnabledForUser);
+ pw.println(" enabledByUser=" + mFaceSettingEnabledForUser.get(userId));
pw.println(" mSecureCameraLaunched=" + mSecureCameraLaunched);
}
}
mListeners.remove(listener);
}
+ /**
+ * If there are faces enrolled and user enabled face auth on keyguard.
+ */
public boolean isUnlockingWithFacePossible() {
return mIsUnlockingWithFacePossible;
}
|| (Build.IS_DEBUGGABLE && DEBUG_AUTH_WITH_ADB && mDebugUnlocked);
boolean trustManaged = mKeyguardUpdateMonitor.getUserTrustIsManaged(user);
boolean trusted = mKeyguardUpdateMonitor.getUserHasTrust(user);
- boolean hasEnrolledFaces = mKeyguardUpdateMonitor.isUnlockWithFacePossible(user);
- boolean changed = secure != mSecure || canSkipBouncer != mCanSkipBouncer ||
- trustManaged != mTrustManaged || mIsUnlockingWithFacePossible != hasEnrolledFaces;
+ boolean isUnlockingWithFacePossible = mKeyguardUpdateMonitor.isUnlockWithFacePossible(user);
+ boolean changed = secure != mSecure || canSkipBouncer != mCanSkipBouncer
+ || trustManaged != mTrustManaged
+ || mIsUnlockingWithFacePossible != isUnlockingWithFacePossible;
if (changed || updateAlways) {
mSecure = secure;
mCanSkipBouncer = canSkipBouncer;
mTrusted = trusted;
mTrustManaged = trustManaged;
- mIsUnlockingWithFacePossible = hasEnrolledFaces;
+ mIsUnlockingWithFacePossible = isUnlockingWithFacePossible;
notifyListeners();
}
Trace.endSection();
when(context.getPackageManager()).thenReturn(mPackageManager);
doAnswer(invocation -> {
IBiometricEnabledOnKeyguardCallback callback = invocation.getArgument(0);
- callback.onChanged(BiometricSourceType.FACE, true /* enabled */);
+ callback.onChanged(BiometricSourceType.FACE, true /* enabled */,
+ KeyguardUpdateMonitor.getCurrentUser());
return null;
}).when(mBiometricManager).registerEnabledOnKeyguardCallback(any());
when(mFaceManager.isHardwareDetected()).thenReturn(true);
List<EnabledOnKeyguardCallback> callbacks = mEnabledOnKeyguardCallbacks;
for (int i = 0; i < callbacks.size(); i++) {
callbacks.get(i).notify(BiometricSourceType.FACE,
- mFaceEnabledOnKeyguard.getOrDefault(userId,
- DEFAULT_KEYGUARD_ENABLED));
+ mFaceEnabledOnKeyguard.getOrDefault(userId, DEFAULT_KEYGUARD_ENABLED),
+ userId);
}
}
}
}
}
- void notify(BiometricSourceType sourceType, boolean enabled) {
+ void notify(BiometricSourceType sourceType, boolean enabled, int userId) {
try {
- mCallback.onChanged(sourceType, enabled);
+ mCallback.onChanged(sourceType, enabled, userId);
} catch (DeadObjectException e) {
Slog.w(TAG, "Death while invoking notify", e);
mEnabledOnKeyguardCallbacks.remove(this);
mEnabledOnKeyguardCallbacks.add(new EnabledOnKeyguardCallback(callback));
try {
callback.onChanged(BiometricSourceType.FACE,
- mSettingObserver.getFaceEnabledOnKeyguard());
+ mSettingObserver.getFaceEnabledOnKeyguard(),
+ UserHandle.getCallingUserId());
} catch (RemoteException e) {
Slog.w(TAG, "Remote exception", e);
}