summaryrefslogtreecommitdiff
path: root/keystore/java/android/security/KeyStore.java
diff options
context:
space:
mode:
Diffstat (limited to 'keystore/java/android/security/KeyStore.java')
-rw-r--r--keystore/java/android/security/KeyStore.java26
1 files changed, 25 insertions, 1 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 835b735ad55f..fec800dcb306 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -23,6 +23,7 @@ import android.app.Application;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.pm.PackageManager;
+import android.hardware.face.FaceManager;
import android.hardware.fingerprint.FingerprintManager;
import android.os.Binder;
import android.os.IBinder;
@@ -1254,7 +1255,7 @@ public class KeyStore {
return new UserNotAuthenticatedException();
}
- long fingerprintOnlySid = getFingerprintOnlySid();
+ final long fingerprintOnlySid = getFingerprintOnlySid();
if ((fingerprintOnlySid != 0)
&& (keySids.contains(KeymasterArguments.toUint64(fingerprintOnlySid)))) {
// One of the key's SIDs is the current fingerprint SID -- user can be
@@ -1262,6 +1263,14 @@ public class KeyStore {
return new UserNotAuthenticatedException();
}
+ final long faceOnlySid = getFaceOnlySid();
+ if ((faceOnlySid != 0)
+ && (keySids.contains(KeymasterArguments.toUint64(faceOnlySid)))) {
+ // One of the key's SIDs is the current face SID -- user can be
+ // authenticated against that SID.
+ return new UserNotAuthenticatedException();
+ }
+
// None of the key's SIDs can ever be authenticated
return new KeyPermanentlyInvalidatedException();
}
@@ -1272,6 +1281,21 @@ public class KeyStore {
}
}
+ private long getFaceOnlySid() {
+ final PackageManager packageManager = mContext.getPackageManager();
+ if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FACE)) {
+ return 0;
+ }
+ FaceManager faceManager = mContext.getSystemService(FaceManager.class);
+ if (faceManager == null) {
+ return 0;
+ }
+
+ // TODO: Restore USE_BIOMETRIC or USE_BIOMETRIC_INTERNAL permission check in
+ // FaceManager.getAuthenticatorId once the ID is no longer needed here.
+ return faceManager.getAuthenticatorId();
+ }
+
private long getFingerprintOnlySid() {
final PackageManager packageManager = mContext.getPackageManager();
if (!packageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 09:39:15 +0000