Bind fingerprint when we start authentication - DO NOT MERGE

author Jim Miller <jaggies@google.com>

Fri, 19 Aug 2016 03:22:33 +0000 (20:22 -0700)

committer gitbuildkicker <android-build@google.com>

Fri, 26 Aug 2016 04:56:22 +0000 (21:56 -0700)
author Jim Miller <jaggies@google.com>
Fri, 19 Aug 2016 03:22:33 +0000 (20:22 -0700)
committer gitbuildkicker <android-build@google.com>
Fri, 26 Aug 2016 04:56:22 +0000 (21:56 -0700)
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java

index 122df23..62396a3 100644 (file)
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -258,6 +258,7 @@ public class FingerprintManager {
      public static class AuthenticationResult {
          private Fingerprint mFingerprint;
          private CryptoObject mCryptoObject;
+        private int mUserId;
  
          /**
           * Authentication result
@@ -266,9 +267,10 @@ public class FingerprintManager {
           * @param fingerprint the recognized fingerprint data, if allowed.
           * @hide
           */
-        public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint) {
+        public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint, int userId) {
              mCryptoObject = crypto;
              mFingerprint = fingerprint;
+            mUserId = userId;
          }
  
          /**
@@ -285,6 +287,12 @@ public class FingerprintManager {
           * @hide
           */
          public Fingerprint getFingerprint() { return mFingerprint; }
+
+        /**
+         * Obtain the userId for which this fingerprint was authenticated.
+         * @hide
+         */
+        public int getUserId() { return mUserId; }
      };
  
      /**
@@ -754,7 +762,7 @@ public class FingerprintManager {
                      sendAcquiredResult((Long) msg.obj /* deviceId */, msg.arg1 /* acquire info */);
                      break;
                  case MSG_AUTHENTICATION_SUCCEEDED:
-                    sendAuthenticatedSucceeded((Fingerprint) msg.obj);
+                    sendAuthenticatedSucceeded((Fingerprint) msg.obj, msg.arg1 /* userId */);
                      break;
                  case MSG_AUTHENTICATION_FAILED:
                      sendAuthenticatedFailed();
@@ -799,9 +807,10 @@ public class FingerprintManager {
              }
          }
  
-        private void sendAuthenticatedSucceeded(Fingerprint fp) {
+        private void sendAuthenticatedSucceeded(Fingerprint fp, int userId) {
              if (mAuthenticationCallback != null) {
-                final AuthenticationResult result = new AuthenticationResult(mCryptoObject, fp);
+                final AuthenticationResult result =
+                        new AuthenticationResult(mCryptoObject, fp, userId);
                  mAuthenticationCallback.onAuthenticationSucceeded(result);
              }
          }
@@ -941,8 +950,8 @@ public class FingerprintManager {
          }
  
          @Override // binder call
-        public void onAuthenticationSucceeded(long deviceId, Fingerprint fp) {
-            mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, fp).sendToTarget();
+        public void onAuthenticationSucceeded(long deviceId, Fingerprint fp, int userId) {
+            mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, userId, 0, fp).sendToTarget();
          }
  
          @Override // binder call
diff --git a/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl b/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl

index 57a429f..b024b29 100644 (file)
--- a/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl
@@ -26,7 +26,7 @@ import android.os.UserHandle;
  oneway interface IFingerprintServiceReceiver {
      void onEnrollResult(long deviceId, int fingerId, int groupId, int remaining);
      void onAcquired(long deviceId, int acquiredInfo);
-    void onAuthenticationSucceeded(long deviceId, in Fingerprint fp);
+    void onAuthenticationSucceeded(long deviceId, in Fingerprint fp, int userId);
      void onAuthenticationFailed(long deviceId);
      void onError(long deviceId, int error);
      void onRemoved(long deviceId, int fingerId, int groupId);
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java

index 57ee319..f31df51 100644 (file)
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -430,7 +430,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
          }
      }
  
-    private void handleFingerprintAuthenticated() {
+
+    private void handleFingerprintAuthenticated(int authUserId) {
          try {
              final int userId;
              try {
@@ -439,6 +440,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
                  Log.e(TAG, "Failed to get current user id: ", e);
                  return;
              }
+            if (userId != authUserId) {
+                Log.d(TAG, "Fingerprint authenticated for wrong user: " + authUserId);
+                return;
+            }
              if (isFingerprintDisabled(userId)) {
                  Log.d(TAG, "Fingerprint disabled by DPM for userId: " + userId);
                  return;
@@ -705,7 +710,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
  
          @Override
          public void onAuthenticationSucceeded(AuthenticationResult result) {
-            handleFingerprintAuthenticated();
+            handleFingerprintAuthenticated(result.getUserId());
          }
  
          @Override
diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java

index 103ed0a..84aa2d7 100644 (file)
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -127,6 +127,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
      private IFingerprintDaemon mDaemon;
      private final PowerManager mPowerManager;
      private final AlarmManager mAlarmManager;
+    private int mCurrentUserId = UserHandle.USER_NULL;
  
      private final BroadcastReceiver mLockoutReceiver = new BroadcastReceiver() {
          @Override
@@ -337,7 +338,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
              return;
          }
          stopPendingOperations(true);
-        mEnrollClient = new ClientMonitor(token, receiver, groupId, restricted, token.toString());
+        mEnrollClient = new ClientMonitor(token, receiver, mCurrentUserId, groupId, restricted,
+                token.toString());
          final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC);
          try {
              final int result = daemon.enroll(cryptoToken, groupId, timeout);
@@ -425,7 +427,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
              return;
          }
          stopPendingOperations(true);
-        mAuthClient = new ClientMonitor(token, receiver, groupId, restricted, opPackageName);
+        mAuthClient = new ClientMonitor(token, receiver, mCurrentUserId, groupId, restricted,
+                opPackageName);
          if (inLockoutMode()) {
              Slog.v(TAG, "In lockout mode; disallowing authentication");
              if (!mAuthClient.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) {
@@ -482,7 +485,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
          }
  
          stopPendingOperations(true);
-        mRemoveClient = new ClientMonitor(token, receiver, userId, restricted, token.toString());
+        mRemoveClient = new ClientMonitor(token, receiver, mCurrentUserId, userId, restricted,
+                token.toString());
          // The fingerprint template ids will be removed when we get confirmation from the HAL
          try {
              final int result = daemon.remove(fingerId, userId);
@@ -605,15 +609,17 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
      private class ClientMonitor implements IBinder.DeathRecipient {
          IBinder token;
          IFingerprintServiceReceiver receiver;
-        int userId;
+        int userId; // userId of the caller
+        int currentUserId; // current user id when this was created
          boolean restricted; // True if client does not have MANAGE_FINGERPRINT permission
          String owner;
  
-        public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver, int userId,
-                boolean restricted, String owner) {
+        public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver,
+                int currentUserId, int userId, boolean restricted, String owner) {
              this.token = token;
              this.receiver = receiver;
              this.userId = userId;
+            this.currentUserId = currentUserId;
              this.restricted = restricted;
              this.owner = owner; // name of the client that owns this - for debugging
              try {
@@ -702,9 +708,9 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
                              Slog.v(TAG, "onAuthenticated(owner=" + mAuthClient.owner
                                      + ", id=" + fpId + ", gp=" + groupId + ")");
                          }
-                        Fingerprint fp = !restricted ?
-                                new Fingerprint("" /* TODO */, groupId, fpId, mHalDeviceId) : null;
-                        receiver.onAuthenticationSucceeded(mHalDeviceId, fp);
+                        Fingerprint fp = !restricted ? new Fingerprint("" /* TODO */, groupId, fpId,
+                                mHalDeviceId) : null;
+                        receiver.onAuthenticationSucceeded(mHalDeviceId, fp, currentUserId);
                      }
                  } catch (RemoteException e) {
                      Slog.w(TAG, "Failed to notify Authenticated:", e);
@@ -1129,6 +1135,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
                  Slog.e(TAG, "Failed to setActiveGroup():", e);
              }
          }
+        mCurrentUserId = userId;
      }
  
      private void listenForUserSwitches() {
author	Jim Miller <jaggies@google.com>
	Fri, 19 Aug 2016 03:22:33 +0000 (20:22 -0700)
committer	gitbuildkicker <android-build@google.com>
	Fri, 26 Aug 2016 04:56:22 +0000 (21:56 -0700)
core/java/android/hardware/fingerprint/FingerprintManager.java		patch \| blob \| history
core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl		patch \| blob \| history
packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java		patch \| blob \| history
services/core/java/com/android/server/fingerprint/FingerprintService.java		patch \| blob \| history