diff options
4 files changed, 23 insertions, 12 deletions
diff --git a/core/java/android/hardware/biometrics/BiometricManager.java b/core/java/android/hardware/biometrics/BiometricManager.java index 70af975c21b3..f3a83422469c 100644 --- a/core/java/android/hardware/biometrics/BiometricManager.java +++ b/core/java/android/hardware/biometrics/BiometricManager.java @@ -558,7 +558,7 @@ public class BiometricManager { * @hide */ public long[] getAuthenticatorIds() { - return getAuthenticatorIds(UserHandle.getCallingUserId()); + return getAuthenticatorIds(UserHandle.myUserId()); } /** diff --git a/keystore/java/android/security/Authorization.java b/keystore/java/android/security/Authorization.java index bd72d45297c1..00219e7f28ac 100644 --- a/keystore/java/android/security/Authorization.java +++ b/keystore/java/android/security/Authorization.java @@ -74,16 +74,19 @@ public class Authorization { * @param locked - whether it is a lock (true) or unlock (false) event * @param syntheticPassword - if it is an unlock event with the password, pass the synthetic * password provided by the LockSettingService + * @param unlockingSids - KeyMint secure user IDs that should be permitted to unlock + * UNLOCKED_DEVICE_REQUIRED keys. * * @return 0 if successful or a {@code ResponseCode}. */ public static int onLockScreenEvent(@NonNull boolean locked, @NonNull int userId, - @Nullable byte[] syntheticPassword) { + @Nullable byte[] syntheticPassword, @Nullable long[] unlockingSids) { try { if (locked) { - getService().onLockScreenEvent(LockScreenEvent.LOCK, userId, null); + getService().onLockScreenEvent(LockScreenEvent.LOCK, userId, null, unlockingSids); } else { - getService().onLockScreenEvent(LockScreenEvent.UNLOCK, userId, syntheticPassword); + getService().onLockScreenEvent( + LockScreenEvent.UNLOCK, userId, syntheticPassword, unlockingSids); } return 0; } catch (RemoteException | NullPointerException e) { diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index ad5be07c7cf2..5b03989f5248 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -1311,7 +1311,7 @@ public class LockSettingsService extends ILockSettings.Stub { private void unlockKeystore(byte[] password, int userHandle) { if (DEBUG) Slog.v(TAG, "Unlock keystore for user: " + userHandle); - Authorization.onLockScreenEvent(false, userHandle, password); + Authorization.onLockScreenEvent(false, userHandle, password, null); } @VisibleForTesting /** Note: this method is overridden in unit tests */ diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index f014b0749396..4b71742c86c8 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -41,6 +41,7 @@ import android.content.res.TypedArray; import android.content.res.XmlResourceParser; import android.database.ContentObserver; import android.graphics.drawable.Drawable; +import android.hardware.biometrics.BiometricManager; import android.hardware.biometrics.BiometricSourceType; import android.net.Uri; import android.os.Binder; @@ -188,8 +189,6 @@ public class TrustManagerService extends SystemService { private boolean mTrustAgentsCanRun = false; private int mCurrentUser = UserHandle.USER_SYSTEM; - private Authorization mAuthorizationService; - public TrustManagerService(Context context) { super(context); mContext = context; @@ -199,7 +198,6 @@ public class TrustManagerService extends SystemService { mStrongAuthTracker = new StrongAuthTracker(context); mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE); mSettingsObserver = new SettingsObserver(mHandler); - mAuthorizationService = new Authorization(); } @Override @@ -701,13 +699,14 @@ public class TrustManagerService extends SystemService { } if (changed) { dispatchDeviceLocked(userId, locked); - - Authorization.onLockScreenEvent(locked, userId, null); + Authorization.onLockScreenEvent(locked, userId, null, + getBiometricSids(userId)); // Also update the user's profiles who have unified challenge, since they // share the same unlocked state (see {@link #isDeviceLocked(int)}) for (int profileHandle : mUserManager.getEnabledProfileIds(userId)) { if (mLockPatternUtils.isManagedProfileWithUnifiedChallenge(profileHandle)) { - mAuthorizationService.onLockScreenEvent(locked, profileHandle, null); + Authorization.onLockScreenEvent(locked, profileHandle, null, + getBiometricSids(profileHandle)); } } } @@ -1047,6 +1046,14 @@ public class TrustManagerService extends SystemService { } } + private long[] getBiometricSids(int userId) { + BiometricManager biometricManager = mContext.getSystemService(BiometricManager.class); + if (biometricManager == null) { + return null; + } + return biometricManager.getAuthenticatorIds(userId); + } + // User lifecycle @Override @@ -1258,7 +1265,8 @@ public class TrustManagerService extends SystemService { mDeviceLockedForUser.put(userId, locked); } - Authorization.onLockScreenEvent(locked, userId, null); + Authorization.onLockScreenEvent(locked, userId, null, + getBiometricSids(userId)); if (locked) { try { |