Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / f766281fafc48ce68dcd657c98cb39e33ef425c4^! / .
commitf766281fafc48ce68dcd657c98cb39e33ef425c4[log] [tgz]
authorHaining Chen <hainingc@google.com>Fri Feb 03 15:19:44 2023 -0800
committerHaining Chen <hainingc@google.com>Wed Feb 08 14:48:58 2023 -0800
tree908a4d5931b99b1ece619499d9ed9b656555bc90
parentbb994c9b594bd3ac428e4dacd1261ec5ea73d565 [diff]
Schedule idle timeout when Keyguard state is reset and only if possible

The 4-hour idle timeout is scheduled when the device is locked (by
manually pressing the power button or after the screen timeout). This
usually happends when Keyguard decides to show up.

In the face non-bypass case, Keyguard is already shown and its state
will be reset after locking device. The idle timeout should also be
scheduled in this case.

Additionally, check if any non-strong biometrics are enrolled and
enabled. If not, do not schedule the idle timeout when the device is
locked.

Bug: 244743493, 261813434
Test: On a device with UDFPS, manually
      (1) set up face auth, (2) unlock with face auth and stay on
      Keyguard, (3) lock device, and verify that the alarm for idle
      timeout is scheduled properly by "adb shell dumpsys alarm"
Test: On a device with side FPS, manually
      (1) set up fingerprint (no face auth), (2) lock device, and verify
      that no alarm is schedule for idle timeout, (3) swipe up to show
      bouncer, and verify that the string on bouncer properly shows
      "Enter your PIN" while side FPS can also be used for auth.
      Repeat steps 2-3 after enabling face auth and then deleting it.

Change-Id: I8404927e8155f40496ac1740e4a6b7b38458f1f5

diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
index 204f09e..064dd91 100644
--- a/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java

@@ -96,6 +96,7 @@
 import android.hardware.biometrics.BiometricManager;
 import android.hardware.biometrics.BiometricSourceType;
 import android.hardware.biometrics.IBiometricEnabledOnKeyguardCallback;
+import android.hardware.biometrics.SensorProperties;
 import android.hardware.face.FaceManager;
 import android.hardware.face.FaceSensorPropertiesInternal;
 import android.hardware.fingerprint.FingerprintManager;
@@ -2986,6 +2987,23 @@
         return isUnlockWithFacePossible(userId) || isUnlockWithFingerprintPossible(userId);
     }
 
+    /**
+     * If non-strong (i.e. weak or convenience) biometrics hardware is available, not disabled, and
+     * user has enrolled templates. This does NOT check if the device is encrypted or in lockdown.
+     *
+     * @param userId User that's trying to unlock.
+     * @return {@code true} if possible.
+     */
+    public boolean isUnlockingWithNonStrongBiometricsPossible(int userId) {
+        // This assumes that there is at most one face and at most one fingerprint sensor
+        return (mFaceManager != null && !mFaceSensorProperties.isEmpty()
+                && (mFaceSensorProperties.get(0).sensorStrength != SensorProperties.STRENGTH_STRONG)
+                && isUnlockWithFacePossible(userId))
+                || (mFpm != null && !mFingerprintSensorProperties.isEmpty()
+                && (mFingerprintSensorProperties.get(0).sensorStrength
+                != SensorProperties.STRENGTH_STRONG) && isUnlockWithFingerprintPossible(userId));
+    }
+
     @SuppressLint("MissingPermission")
     @VisibleForTesting
     boolean isUnlockWithFingerprintPossible(int userId) {

diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
index fe84ac5..d62d5aed 100644
--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

@@ -2447,15 +2447,28 @@
         }
         mKeyguardDisplayManager.show();
 
-        // schedule 4hr idle timeout after which non-strong biometrics (i.e. weak or convenience
-        // biometric) can't be used to unlock device until unlocking with strong biometric or
-        // primary auth (i.e. PIN/pattern/password)
-        mLockPatternUtils.scheduleNonStrongBiometricIdleTimeout(
-                KeyguardUpdateMonitor.getCurrentUser());
+        scheduleNonStrongBiometricIdleTimeout();
 
         Trace.endSection();
     }
 
+    /**
+     * Schedule 4-hour idle timeout for non-strong biometrics when the device is locked
+     */
+    private void scheduleNonStrongBiometricIdleTimeout() {
+        final int currentUser = KeyguardUpdateMonitor.getCurrentUser();
+        // If unlocking with non-strong (i.e. weak or convenience) biometrics is possible, schedule
+        // 4hr idle timeout after which non-strong biometrics can't be used to unlock device until
+        // unlocking with strong biometric or primary auth (i.e. PIN/pattern/password)
+        if (mUpdateMonitor.isUnlockingWithNonStrongBiometricsPossible(currentUser)) {
+            if (DEBUG) {
+                Log.d(TAG, "scheduleNonStrongBiometricIdleTimeout: schedule an alarm for "
+                        + "currentUser=" + currentUser);
+            }
+            mLockPatternUtils.scheduleNonStrongBiometricIdleTimeout(currentUser);
+        }
+    }
+
     private final Runnable mKeyguardGoingAwayRunnable = new Runnable() {
         @Override
         public void run() {
@@ -2949,6 +2962,8 @@
             if (DEBUG) Log.d(TAG, "handleReset");
             mKeyguardViewControllerLazy.get().reset(true /* hideBouncerWhenShowing */);
         }
+
+        scheduleNonStrongBiometricIdleTimeout();
     }
 
     /**