Update KeyStore for new biometric modalities

Biometrics are now generic from KeyStore point of view Bug: 113624536 Test: Unable to create keys when no templates enrolled Test: Able to create keys when templates are enrolled Test: No regression in Fingerprint Keys are invalidated after enrolling another FP Change-Id: I6bdc20eb58c8a0c10a986519d4ba9e1843ebc89d
author: Kevin Chyn <kchyn@google.com> 2018-09-24 14:36:39 -0700
committer: Kevin Chyn <kchyn@google.com> 2018-11-02 18:09:25 -0700
commit: 057b743fe90ff6b9d19db297e12d9f6055439276 (patch)
tree: dc7b240902511fdc9e940150db04388f31b530ea /keystore/java/android/security/KeyStore.java
parent: 353eab924f0a00034189caf7142080a1e6cb346f (diff)
1 files changed, 25 insertions, 1 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 0a4ac8cc5fec..7308f3bad7e1 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -23,6 +23,7 @@ import android.app.Application;
 import android.app.KeyguardManager;
 import android.content.Context;
 import android.content.pm.PackageManager;
+import android.hardware.face.FaceManager;
 import android.hardware.fingerprint.FingerprintManager;
 import android.os.Binder;
 import android.os.IBinder;
@@ -913,7 +914,7 @@ public class KeyStore {
                     return new UserNotAuthenticatedException();
                 }
 
-                long fingerprintOnlySid = getFingerprintOnlySid();
+                final long fingerprintOnlySid = getFingerprintOnlySid();
                 if ((fingerprintOnlySid != 0)
                         && (keySids.contains(KeymasterArguments.toUint64(fingerprintOnlySid)))) {
                     // One of the key's SIDs is the current fingerprint SID -- user can be
@@ -921,6 +922,14 @@ public class KeyStore {
                     return new UserNotAuthenticatedException();
                 }
 
+                final long faceOnlySid = getFaceOnlySid();
+                if ((faceOnlySid != 0)
+                        && (keySids.contains(KeymasterArguments.toUint64(faceOnlySid)))) {
+                    // One of the key's SIDs is the current face SID -- user can be
+                    // authenticated against that SID.
+                    return new UserNotAuthenticatedException();
+                }
+
                 // None of the key's SIDs can ever be authenticated
                 return new KeyPermanentlyInvalidatedException();
             }
@@ -931,6 +940,21 @@ public class KeyStore {
         }
     }
 
+    private long getFaceOnlySid() {
+        final PackageManager packageManager = mContext.getPackageManager();
+        if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FACE)) {
+            return 0;
+        }
+        FaceManager faceManager = mContext.getSystemService(FaceManager.class);
+        if (faceManager == null) {
+            return 0;
+        }
+
+        // TODO: Restore USE_BIOMETRIC or USE_BIOMETRIC_INTERNAL permission check in
+        // FaceManager.getAuthenticatorId once the ID is no longer needed here.
+        return faceManager.getAuthenticatorId();
+    }
+
     private long getFingerprintOnlySid() {
         final PackageManager packageManager = mContext.getPackageManager();
         if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {
author	Kevin Chyn <kchyn@google.com>	2018-09-24 14:36:39 -0700
committer	Kevin Chyn <kchyn@google.com>	2018-11-02 18:09:25 -0700
commit	057b743fe90ff6b9d19db297e12d9f6055439276 (patch)
tree	dc7b240902511fdc9e940150db04388f31b530ea /keystore/java/android/security/KeyStore.java
parent	353eab924f0a00034189caf7142080a1e6cb346f (diff)