From 837fa7e56dc4e91feaf104bd09ef5e03065b1b86 Mon Sep 17 00:00:00 2001 From: Jim Miller Date: Mon, 8 Aug 2016 20:16:22 -0700 Subject: [PATCH] Bind fingerprint when we start authentication This fixes a bug where it was possible to authenticate the wrong user. We now bind the userId when we start authentication and confirm it when authentication completes. Fixes bug 30744668 Change-Id: I346d92c301414ed81e11fa9c171584c7ae4341c2 --- .../hardware/fingerprint/FingerprintManager.java | 21 +++++++++++++++------ .../fingerprint/IFingerprintServiceReceiver.aidl | 2 +- .../com/android/keyguard/KeyguardUpdateMonitor.java | 8 ++++++-- .../server/fingerprint/AuthenticationClient.java | 6 +++--- .../server/fingerprint/FingerprintService.java | 2 +- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java index 1ff2e8a11a87..f17fd55bd22a 100644 --- a/core/java/android/hardware/fingerprint/FingerprintManager.java +++ b/core/java/android/hardware/fingerprint/FingerprintManager.java @@ -259,6 +259,7 @@ public class FingerprintManager { public static class AuthenticationResult { private Fingerprint mFingerprint; private CryptoObject mCryptoObject; + private int mUserId; /** * Authentication result @@ -267,9 +268,10 @@ public class FingerprintManager { * @param fingerprint the recognized fingerprint data, if allowed. * @hide */ - public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint) { + public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint, int userId) { mCryptoObject = crypto; mFingerprint = fingerprint; + mUserId = userId; } /** @@ -286,6 +288,12 @@ public class FingerprintManager { * @hide */ public Fingerprint getFingerprint() { return mFingerprint; } + + /** + * Obtain the userId for which this fingerprint was authenticated. + * @hide + */ + public int getUserId() { return mUserId; } }; /** @@ -792,7 +800,7 @@ public class FingerprintManager { sendAcquiredResult((Long) msg.obj /* deviceId */, msg.arg1 /* acquire info */); break; case MSG_AUTHENTICATION_SUCCEEDED: - sendAuthenticatedSucceeded((Fingerprint) msg.obj); + sendAuthenticatedSucceeded((Fingerprint) msg.obj, msg.arg1 /* userId */); break; case MSG_AUTHENTICATION_FAILED: sendAuthenticatedFailed(); @@ -840,9 +848,10 @@ public class FingerprintManager { } } - private void sendAuthenticatedSucceeded(Fingerprint fp) { + private void sendAuthenticatedSucceeded(Fingerprint fp, int userId) { if (mAuthenticationCallback != null) { - final AuthenticationResult result = new AuthenticationResult(mCryptoObject, fp); + final AuthenticationResult result = + new AuthenticationResult(mCryptoObject, fp, userId); mAuthenticationCallback.onAuthenticationSucceeded(result); } } @@ -981,8 +990,8 @@ public class FingerprintManager { } @Override // binder call - public void onAuthenticationSucceeded(long deviceId, Fingerprint fp) { - mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, fp).sendToTarget(); + public void onAuthenticationSucceeded(long deviceId, Fingerprint fp, int userId) { + mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, userId, 0, fp).sendToTarget(); } @Override // binder call diff --git a/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl b/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl index 57a429fe5fa7..b024b29fef06 100644 --- a/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl +++ b/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl @@ -26,7 +26,7 @@ import android.os.UserHandle; oneway interface IFingerprintServiceReceiver { void onEnrollResult(long deviceId, int fingerId, int groupId, int remaining); void onAcquired(long deviceId, int acquiredInfo); - void onAuthenticationSucceeded(long deviceId, in Fingerprint fp); + void onAuthenticationSucceeded(long deviceId, in Fingerprint fp, int userId); void onAuthenticationFailed(long deviceId); void onError(long deviceId, int error); void onRemoved(long deviceId, int fingerId, int groupId); diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java index 1b83ccdefe62..0a862914b14f 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java +++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java @@ -444,7 +444,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { } } - private void handleFingerprintAuthenticated() { + private void handleFingerprintAuthenticated(int authUserId) { Trace.beginSection("KeyGuardUpdateMonitor#handlerFingerPrintAuthenticated"); try { final int userId; @@ -454,6 +454,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { Log.e(TAG, "Failed to get current user id: ", e); return; } + if (userId != authUserId) { + Log.d(TAG, "Fingerprint authenticated for wrong user: " + authUserId); + return; + } if (isFingerprintDisabled(userId)) { Log.d(TAG, "Fingerprint disabled by DPM for userId: " + userId); return; @@ -745,7 +749,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { @Override public void onAuthenticationSucceeded(AuthenticationResult result) { Trace.beginSection("KeyguardUpdateMonitor#onAuthenticationSucceeded"); - handleFingerprintAuthenticated(); + handleFingerprintAuthenticated(result.getUserId()); Trace.endSection(); } diff --git a/services/core/java/com/android/server/fingerprint/AuthenticationClient.java b/services/core/java/com/android/server/fingerprint/AuthenticationClient.java index c04b9a1bed0f..87da866603cc 100644 --- a/services/core/java/com/android/server/fingerprint/AuthenticationClient.java +++ b/services/core/java/com/android/server/fingerprint/AuthenticationClient.java @@ -39,9 +39,9 @@ public abstract class AuthenticationClient extends ClientMonitor { public abstract void resetFailedAttempts(); public AuthenticationClient(Context context, long halDeviceId, IBinder token, - IFingerprintServiceReceiver receiver, int callingUserId, int groupId, long opId, + IFingerprintServiceReceiver receiver, int targetUserId, int groupId, long opId, boolean restricted, String owner) { - super(context, halDeviceId, token, receiver, callingUserId, groupId, restricted, owner); + super(context, halDeviceId, token, receiver, targetUserId, groupId, restricted, owner); mOpId = opId; } @@ -65,7 +65,7 @@ public abstract class AuthenticationClient extends ClientMonitor { Fingerprint fp = !getIsRestricted() ? new Fingerprint("" /* TODO */, groupId, fingerId, getHalDeviceId()) : null; - receiver.onAuthenticationSucceeded(getHalDeviceId(), fp); + receiver.onAuthenticationSucceeded(getHalDeviceId(), fp, getTargetUserId()); } } catch (RemoteException e) { Slog.w(TAG, "Failed to notify Authenticated:", e); diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java index 1066434f10f1..cba8b54e25a6 100644 --- a/services/core/java/com/android/server/fingerprint/FingerprintService.java +++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java @@ -528,7 +528,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe if (DEBUG) Slog.v(TAG, "startAuthentication(" + opPackageName + ")"); AuthenticationClient client = new AuthenticationClient(getContext(), mHalDeviceId, token, - receiver, callingUserId, groupId, opId, restricted, opPackageName) { + receiver, mCurrentUserId, groupId, opId, restricted, opPackageName) { @Override public boolean handleFailedAttempt() { mFailedAttempts++; -- 2.11.0