Do not reset incorrect password attempts after biometric authentication
For work challenges, do not reset incorrect password attempts if
challenge is resolved via biometric authentication. This is the
behaviour for personal keyguard and work challenge should be
consistent.
Bug: 139438785
Test: manual: enroll work challenge with fingerprint, set failed wipe
count (3) via TestDPC and attempt two failed attempts (via cmd
lock_settings). Resolve work challenge with fingerprint and attempt one
last failed attempt. Verify work profiel is wiped.
Change-Id: Ic64d3e44f3faa5adf8ac43db09e33c8403427990
diff --git a/src/com/android/settings/password/BiometricFragment.java b/src/com/android/settings/password/BiometricFragment.java
index bc0e5c7..7e78322 100644
--- a/src/com/android/settings/password/BiometricFragment.java
+++ b/src/com/android/settings/password/BiometricFragment.java
@@ -70,6 +70,13 @@
});
cleanup();
}
+
+ @Override
+ public void onAuthenticationFailed() {
+ mClientExecutor.execute(() -> {
+ mClientCallback.onAuthenticationFailed();
+ });
+ }
};
private final DialogInterface.OnClickListener mNegativeButtonListener =
diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
index 83368f9..220b649 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
@@ -111,6 +111,7 @@
});
private AuthenticationCallback mAuthenticationCallback = new AuthenticationCallback() {
+ @Override
public void onAuthenticationError(int errorCode, @NonNull CharSequence errString) {
if (!mGoingToBackground) {
if (errorCode == BiometricPrompt.BIOMETRIC_ERROR_USER_CANCELED
@@ -123,17 +124,24 @@
}
}
+ @Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
mTrustManager.setDeviceLockedForUser(mUserId, false);
-
+ final boolean isStrongAuth = result.getAuthenticationType()
+ == BiometricPrompt.AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL;
ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils, mUserManager,
- mUserId);
+ mDevicePolicyManager, mUserId, isStrongAuth);
ConfirmDeviceCredentialUtils.checkForPendingIntent(
ConfirmDeviceCredentialActivity.this);
setResult(Activity.RESULT_OK);
finish();
}
+
+ @Override
+ public void onAuthenticationFailed() {
+ mDevicePolicyManager.reportFailedBiometricAttempt(mUserId);
+ }
};
private String getStringForError(int errorCode) {
diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
index 11d6924..a5febeb 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialUtils.java
@@ -20,6 +20,7 @@
import android.app.ActivityManager;
import android.app.ActivityOptions;
import android.app.IActivityManager;
+import android.app.admin.DevicePolicyManager;
import android.content.Intent;
import android.content.IntentSender;
import android.os.RemoteException;
@@ -54,8 +55,12 @@
}
public static void reportSuccessfulAttempt(LockPatternUtils utils, UserManager userManager,
- int userId) {
- utils.reportSuccessfulPasswordAttempt(userId);
+ DevicePolicyManager dpm, int userId, boolean isStrongAuth) {
+ if (isStrongAuth) {
+ utils.reportSuccessfulPasswordAttempt(userId);
+ } else {
+ dpm.reportSuccessfulBiometricAttempt(userId);
+ }
if (userManager.isManagedProfile(userId)) {
// Keyguard is responsible to disable StrongAuth for primary user. Disable StrongAuth
// for work challenge only here.
diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java
index ce8813f..260919d 100644
--- a/src/com/android/settings/password/ConfirmLockPassword.java
+++ b/src/com/android/settings/password/ConfirmLockPassword.java
@@ -475,7 +475,8 @@
if (matched) {
if (newResult) {
ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils,
- mUserManager, mEffectiveUserId);
+ mUserManager, mDevicePolicyManager, mEffectiveUserId,
+ /* isStrongAuth */ true);
}
startDisappearAnimation(intent);
ConfirmDeviceCredentialUtils.checkForPendingIntent(getActivity());
diff --git a/src/com/android/settings/password/ConfirmLockPattern.java b/src/com/android/settings/password/ConfirmLockPattern.java
index b2afb22..06f3d93 100644
--- a/src/com/android/settings/password/ConfirmLockPattern.java
+++ b/src/com/android/settings/password/ConfirmLockPattern.java
@@ -509,7 +509,8 @@
if (matched) {
if (newResult) {
ConfirmDeviceCredentialUtils.reportSuccessfulAttempt(mLockPatternUtils,
- mUserManager, mEffectiveUserId);
+ mUserManager, mDevicePolicyManager, mEffectiveUserId,
+ /* isStrongAuth */ true);
}
startDisappearAnimation(intent);
ConfirmDeviceCredentialUtils.checkForPendingIntent(getActivity());