Merge "Update KeyStore for new biometric modalities"

author: TreeHugger Robot <treehugger-gerrit@google.com> 2018-11-16 22:52:30 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2018-11-16 22:52:30 +0000
commit: 278913ae620c06f1bbdf70e8d52c0a6eae33ce29 (patch)
tree: 078be8d2624cd984f0a82ec7161c5eb7220ee1af /keystore/java/android/security/KeyStore.java
parent: 992cd354fcebfd78ff7dc0eb2acf362d14497eef (diff)
parent: 057b743fe90ff6b9d19db297e12d9f6055439276 (diff)
1 files changed, 25 insertions, 1 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 835b735ad55f..fec800dcb306 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -23,6 +23,7 @@ import android.app.Application;
 import android.app.KeyguardManager;
 import android.content.Context;
 import android.content.pm.PackageManager;
+import android.hardware.face.FaceManager;
 import android.hardware.fingerprint.FingerprintManager;
 import android.os.Binder;
 import android.os.IBinder;
@@ -1254,7 +1255,7 @@ public class KeyStore {
                     return new UserNotAuthenticatedException();
                 }
 
-                long fingerprintOnlySid = getFingerprintOnlySid();
+                final long fingerprintOnlySid = getFingerprintOnlySid();
                 if ((fingerprintOnlySid != 0)
                         && (keySids.contains(KeymasterArguments.toUint64(fingerprintOnlySid)))) {
                     // One of the key's SIDs is the current fingerprint SID -- user can be
@@ -1262,6 +1263,14 @@ public class KeyStore {
                     return new UserNotAuthenticatedException();
                 }
 
+                final long faceOnlySid = getFaceOnlySid();
+                if ((faceOnlySid != 0)
+                        && (keySids.contains(KeymasterArguments.toUint64(faceOnlySid)))) {
+                    // One of the key's SIDs is the current face SID -- user can be
+                    // authenticated against that SID.
+                    return new UserNotAuthenticatedException();
+                }
+
                 // None of the key's SIDs can ever be authenticated
                 return new KeyPermanentlyInvalidatedException();
             }
@@ -1272,6 +1281,21 @@ public class KeyStore {
         }
     }
 
+    private long getFaceOnlySid() {
+        final PackageManager packageManager = mContext.getPackageManager();
+        if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FACE)) {
+            return 0;
+        }
+        FaceManager faceManager = mContext.getSystemService(FaceManager.class);
+        if (faceManager == null) {
+            return 0;
+        }
+
+        // TODO: Restore USE_BIOMETRIC or USE_BIOMETRIC_INTERNAL permission check in
+        // FaceManager.getAuthenticatorId once the ID is no longer needed here.
+        return faceManager.getAuthenticatorId();
+    }
+
     private long getFingerprintOnlySid() {
         final PackageManager packageManager = mContext.getPackageManager();
         if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {
author	TreeHugger Robot <treehugger-gerrit@google.com>	2018-11-16 22:52:30 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2018-11-16 22:52:30 +0000
commit	278913ae620c06f1bbdf70e8d52c0a6eae33ce29 (patch)
tree	078be8d2624cd984f0a82ec7161c5eb7220ee1af /keystore/java/android/security/KeyStore.java
parent	992cd354fcebfd78ff7dc0eb2acf362d14497eef (diff)
parent	057b743fe90ff6b9d19db297e12d9f6055439276 (diff)