Fix back navigation in biometric enrollment.
Using the back buttons can cause a crash in at least two cases. Skipping
face enrollment and then starting/stopping any enrollment can lead to
an invalid token and failed HAT request. Backing out of the activity and
restarting it can also lead to using a stale token that fails.
Fix: 179336333
Test: manual on device
Change-Id: I0c1133e4c3d9c97997043ddc9374aa3cfc4f1c97
diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java
index 0a2e5fe..eede22a 100644
--- a/src/com/android/settings/biometrics/BiometricEnrollActivity.java
+++ b/src/com/android/settings/biometrics/BiometricEnrollActivity.java
@@ -211,8 +211,7 @@
case REQUEST_CHOOSE_LOCK:
mConfirmingCredentials = false;
if (resultCode == ChooseLockPattern.RESULT_FINISHED) {
- mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);
- startMultiBiometricEnroll();
+ startMultiBiometricEnroll(data);
} else {
Log.d(TAG, "Unknown result for chooseLock: " + resultCode);
setResult(resultCode);
@@ -222,8 +221,7 @@
case REQUEST_CONFIRM_LOCK:
mConfirmingCredentials = false;
if (resultCode == RESULT_OK) {
- mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);
- startMultiBiometricEnroll();
+ startMultiBiometricEnroll(data);
} else {
Log.d(TAG, "Unknown result for confirmLock: " + resultCode);
finish();
@@ -283,7 +281,8 @@
}
}
- private void startMultiBiometricEnroll() {
+ private void startMultiBiometricEnroll(Intent data) {
+ mGkPwHandle = BiometricUtils.getGatekeeperPasswordHandle(data);
mMultiBiometricEnrollHelper = new MultiBiometricEnrollHelper(this, mUserId,
mIsFaceEnrollable, mIsFingerprintEnrollable, mGkPwHandle);
mMultiBiometricEnrollHelper.startNextStep();
diff --git a/src/com/android/settings/biometrics/BiometricUtils.java b/src/com/android/settings/biometrics/BiometricUtils.java
index e12badf..9de8105 100644
--- a/src/com/android/settings/biometrics/BiometricUtils.java
+++ b/src/com/android/settings/biometrics/BiometricUtils.java
@@ -33,6 +33,7 @@
import androidx.fragment.app.FragmentActivity;
import com.android.internal.widget.LockPatternUtils;
+import com.android.internal.widget.VerifyCredentialResponse;
import com.android.settings.R;
import com.android.settings.SetupWizardUtils;
import com.android.settings.biometrics.fingerprint.FingerprintEnrollFindSensor;
@@ -72,8 +73,12 @@
public static byte[] requestGatekeeperHat(@NonNull Context context, long gkPwHandle, int userId,
long challenge) {
final LockPatternUtils utils = new LockPatternUtils(context);
- return utils.verifyGatekeeperPasswordHandle(gkPwHandle, challenge, userId)
- .getGatekeeperHAT();
+ final VerifyCredentialResponse response = utils.verifyGatekeeperPasswordHandle(gkPwHandle,
+ challenge, userId);
+ if (!response.isMatched()) {
+ throw new IllegalStateException("Unable to request Gatekeeper HAT");
+ }
+ return response.getGatekeeperHAT();
}
public static boolean containsGatekeeperPasswordHandle(@Nullable Intent data) {
@@ -190,7 +195,7 @@
hardwareAuthToken);
}
if (gkPwHandle != null) {
- intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, gkPwHandle);
+ intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, (long) gkPwHandle);
}
if (activity instanceof BiometricEnrollActivity.InternalActivity) {
diff --git a/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java b/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java
index 7d3be87..018c815 100644
--- a/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java
+++ b/src/com/android/settings/biometrics/MultiBiometricEnrollHelper.java
@@ -77,12 +77,14 @@
if (mRequestEnrollFingerprint) {
// Give FaceEnroll a pendingIntent pointing to fingerprint enrollment, so that it
- // can be started when user skips or finishes face enrollment.
+ // can be started when user skips or finishes face enrollment. FLAG_UPDATE_CURRENT
+ // ensures it is launched with the most recent values.
final Intent fpIntent = BiometricUtils.getFingerprintIntroIntent(mActivity,
mActivity.getIntent());
fpIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, mGkPwHandle);
final PendingIntent fpAfterFaceIntent = PendingIntent.getActivity(mActivity,
- 0 /* requestCode */, fpIntent, PendingIntent.FLAG_IMMUTABLE);
+ 0 /* requestCode */, fpIntent,
+ PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_UPDATE_CURRENT);
faceIntent.putExtra(EXTRA_ENROLL_AFTER_FACE, fpAfterFaceIntent);
}
diff --git a/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java b/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java
index 9110292..4129fa5 100644
--- a/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java
+++ b/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java
@@ -114,9 +114,6 @@
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
mSensorId = sensorId;
mChallenge = challenge;
- if (BiometricUtils.isMultiBiometricEnrollmentFlow(this)) {
- BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());
- }
mFooterBarMixin.getPrimaryButton().setEnabled(true);
});
}
diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java b/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java
index 69624ab..db03a3d 100644
--- a/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java
+++ b/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java
@@ -85,7 +85,6 @@
mChallenge = challenge;
mSensorId = sensorId;
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
- BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());
// Put this into the intent. This is really just to work around the fact that the
// enrollment sidecar gets the HAT from the activity's intent, rather than having