1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.biometrics.sensors.fingerprint; 18 19 import static android.Manifest.permission.INTERACT_ACROSS_USERS; 20 import static android.Manifest.permission.MANAGE_FINGERPRINT; 21 import static android.Manifest.permission.TEST_BIOMETRIC; 22 import static android.Manifest.permission.USE_BIOMETRIC; 23 import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL; 24 import static android.Manifest.permission.USE_FINGERPRINT; 25 import static android.hardware.biometrics.BiometricFingerprintConstants.FINGERPRINT_ACQUIRED_VENDOR; 26 import static android.hardware.biometrics.BiometricFingerprintConstants.FINGERPRINT_ERROR_USER_CANCELED; 27 import static android.hardware.biometrics.BiometricFingerprintConstants.FINGERPRINT_ERROR_VENDOR; 28 import static android.hardware.biometrics.SensorProperties.STRENGTH_STRONG; 29 30 import android.annotation.NonNull; 31 import android.annotation.Nullable; 32 import android.app.ActivityManager; 33 import android.app.AppOpsManager; 34 import android.content.Context; 35 import android.content.pm.PackageManager; 36 import android.hardware.biometrics.BiometricPrompt; 37 import android.hardware.biometrics.BiometricsProtoEnums; 38 import android.hardware.biometrics.IBiometricSensorReceiver; 39 import android.hardware.biometrics.IBiometricService; 40 import android.hardware.biometrics.IBiometricServiceLockoutResetCallback; 41 import android.hardware.biometrics.IBiometricStateListener; 42 import android.hardware.biometrics.IInvalidationCallback; 43 import android.hardware.biometrics.ITestSession; 44 import android.hardware.biometrics.ITestSessionCallback; 45 import android.hardware.biometrics.fingerprint.IFingerprint; 46 import android.hardware.biometrics.fingerprint.PointerContext; 47 import android.hardware.fingerprint.Fingerprint; 48 import android.hardware.fingerprint.FingerprintAuthenticateOptions; 49 import android.hardware.fingerprint.FingerprintManager; 50 import android.hardware.fingerprint.FingerprintSensorPropertiesInternal; 51 import android.hardware.fingerprint.FingerprintServiceReceiver; 52 import android.hardware.fingerprint.IFingerprintAuthenticatorsRegisteredCallback; 53 import android.hardware.fingerprint.IFingerprintClientActiveCallback; 54 import android.hardware.fingerprint.IFingerprintService; 55 import android.hardware.fingerprint.IFingerprintServiceReceiver; 56 import android.hardware.fingerprint.ISidefpsController; 57 import android.hardware.fingerprint.IUdfpsOverlayController; 58 import android.os.Binder; 59 import android.os.Build; 60 import android.os.CancellationSignal; 61 import android.os.Handler; 62 import android.os.IBinder; 63 import android.os.Looper; 64 import android.os.Process; 65 import android.os.RemoteException; 66 import android.os.ResultReceiver; 67 import android.os.ServiceManager; 68 import android.os.ShellCallback; 69 import android.os.UserHandle; 70 import android.os.UserManager; 71 import android.provider.Settings; 72 import android.util.EventLog; 73 import android.util.Pair; 74 import android.util.Slog; 75 import android.util.proto.ProtoOutputStream; 76 77 import com.android.internal.R; 78 import com.android.internal.annotations.VisibleForTesting; 79 import com.android.internal.util.DumpUtils; 80 import com.android.internal.widget.LockPatternUtils; 81 import com.android.server.SystemService; 82 import com.android.server.biometrics.Utils; 83 import com.android.server.biometrics.log.BiometricContext; 84 import com.android.server.biometrics.sensors.BaseClientMonitor; 85 import com.android.server.biometrics.sensors.BiometricStateCallback; 86 import com.android.server.biometrics.sensors.ClientMonitorCallback; 87 import com.android.server.biometrics.sensors.ClientMonitorCallbackConverter; 88 import com.android.server.biometrics.sensors.LockoutResetDispatcher; 89 import com.android.server.biometrics.sensors.LockoutTracker; 90 import com.android.server.biometrics.sensors.fingerprint.aidl.FingerprintProvider; 91 import com.android.server.biometrics.sensors.fingerprint.hidl.Fingerprint21; 92 import com.android.server.biometrics.sensors.fingerprint.hidl.Fingerprint21UdfpsMock; 93 import com.android.server.companion.virtual.VirtualDeviceManagerInternal; 94 95 import com.google.android.collect.Lists; 96 97 import java.io.FileDescriptor; 98 import java.io.PrintWriter; 99 import java.util.ArrayList; 100 import java.util.Collections; 101 import java.util.List; 102 import java.util.concurrent.CountDownLatch; 103 import java.util.concurrent.Executor; 104 import java.util.concurrent.TimeUnit; 105 import java.util.function.Function; 106 import java.util.function.Supplier; 107 108 /** 109 * A service to manage multiple clients that want to access the fingerprint HAL API. 110 * The service is responsible for maintaining a list of clients and dispatching all 111 * fingerprint-related events. 112 */ 113 public class FingerprintService extends SystemService { 114 115 protected static final String TAG = "FingerprintService"; 116 117 private final AppOpsManager mAppOps; 118 private final LockoutResetDispatcher mLockoutResetDispatcher; 119 private final GestureAvailabilityDispatcher mGestureAvailabilityDispatcher; 120 private final LockPatternUtils mLockPatternUtils; 121 @NonNull 122 private final BiometricContext mBiometricContext; 123 @NonNull 124 private final Supplier<String[]> mAidlInstanceNameSupplier; 125 @NonNull 126 private final Function<String, FingerprintProvider> mFingerprintProvider; 127 @NonNull 128 private final BiometricStateCallback<ServiceProvider, FingerprintSensorPropertiesInternal> 129 mBiometricStateCallback; 130 @NonNull 131 private final Handler mHandler; 132 @NonNull 133 private final FingerprintServiceRegistry mRegistry; 134 135 /** Receives the incoming binder calls from FingerprintManager. */ 136 @VisibleForTesting 137 final IFingerprintService.Stub mServiceWrapper = new IFingerprintService.Stub() { 138 @android.annotation.EnforcePermission(android.Manifest.permission.TEST_BIOMETRIC) 139 @Override 140 public ITestSession createTestSession(int sensorId, @NonNull ITestSessionCallback callback, 141 @NonNull String opPackageName) { 142 super.createTestSession_enforcePermission(); 143 144 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 145 146 if (provider == null) { 147 Slog.w(TAG, "Null provider for createTestSession, sensorId: " + sensorId); 148 return null; 149 } 150 151 return provider.createTestSession(sensorId, callback, opPackageName); 152 } 153 154 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 155 @Override 156 public byte[] dumpSensorServiceStateProto(int sensorId, boolean clearSchedulerBuffer) { 157 super.dumpSensorServiceStateProto_enforcePermission(); 158 159 final ProtoOutputStream proto = new ProtoOutputStream(); 160 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 161 if (provider != null) { 162 provider.dumpProtoState(sensorId, proto, clearSchedulerBuffer); 163 } 164 proto.flush(); 165 return proto.getBytes(); 166 } 167 168 @Override // Binder call 169 public List<FingerprintSensorPropertiesInternal> getSensorPropertiesInternal( 170 @NonNull String opPackageName) { 171 if (getContext().checkCallingOrSelfPermission(USE_BIOMETRIC_INTERNAL) 172 != PackageManager.PERMISSION_GRANTED) { 173 Utils.checkPermission(getContext(), TEST_BIOMETRIC); 174 } 175 return mRegistry.getAllProperties(); 176 } 177 178 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 179 @Override 180 public FingerprintSensorPropertiesInternal getSensorProperties(int sensorId, 181 @NonNull String opPackageName) { 182 super.getSensorProperties_enforcePermission(); 183 184 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 185 if (provider == null) { 186 Slog.w(TAG, "No matching sensor for getSensorProperties, sensorId: " + sensorId 187 + ", caller: " + opPackageName); 188 return null; 189 } 190 return provider.getSensorProperties(sensorId); 191 } 192 193 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 194 @Override // Binder call 195 public void generateChallenge(IBinder token, int sensorId, int userId, 196 IFingerprintServiceReceiver receiver, String opPackageName) { 197 super.generateChallenge_enforcePermission(); 198 199 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 200 if (provider == null) { 201 Slog.w(TAG, "No matching sensor for generateChallenge, sensorId: " + sensorId); 202 return; 203 } 204 205 provider.scheduleGenerateChallenge(sensorId, userId, token, receiver, opPackageName); 206 } 207 208 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 209 @Override // Binder call 210 public void revokeChallenge(IBinder token, int sensorId, int userId, String opPackageName, 211 long challenge) { 212 super.revokeChallenge_enforcePermission(); 213 214 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 215 if (provider == null) { 216 Slog.w(TAG, "No matching sensor for revokeChallenge, sensorId: " + sensorId); 217 return; 218 } 219 220 provider.scheduleRevokeChallenge(sensorId, userId, token, opPackageName, 221 challenge); 222 } 223 224 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 225 @Override // Binder call 226 public long enroll(final IBinder token, @NonNull final byte[] hardwareAuthToken, 227 final int userId, final IFingerprintServiceReceiver receiver, 228 final String opPackageName, @FingerprintManager.EnrollReason int enrollReason) { 229 super.enroll_enforcePermission(); 230 231 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 232 if (provider == null) { 233 Slog.w(TAG, "Null provider for enroll"); 234 return -1; 235 } 236 237 return provider.second.scheduleEnroll(provider.first, token, hardwareAuthToken, userId, 238 receiver, opPackageName, enrollReason); 239 } 240 241 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 242 @Override // Binder call 243 public void cancelEnrollment(final IBinder token, long requestId) { 244 super.cancelEnrollment_enforcePermission(); 245 246 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 247 if (provider == null) { 248 Slog.w(TAG, "Null provider for cancelEnrollment"); 249 return; 250 } 251 252 provider.second.cancelEnrollment(provider.first, token, requestId); 253 } 254 255 @SuppressWarnings("deprecation") 256 @Override // Binder call 257 public long authenticate( 258 final IBinder token, 259 final long operationId, 260 final IFingerprintServiceReceiver receiver, 261 final FingerprintAuthenticateOptions options) { 262 final int callingUid = Binder.getCallingUid(); 263 final int callingPid = Binder.getCallingPid(); 264 final int callingUserId = UserHandle.getCallingUserId(); 265 final String opPackageName = options.getOpPackageName(); 266 final String attributionTag = options.getAttributionTag(); 267 final int userId = options.getUserId(); 268 269 if (!canUseFingerprint( 270 opPackageName, 271 attributionTag, 272 true /* requireForeground */, 273 callingUid, 274 callingPid, 275 callingUserId)) { 276 Slog.w(TAG, "Authenticate rejecting package: " + opPackageName); 277 return -1; 278 } 279 280 // Keyguard check must be done on the caller's binder identity, since it also checks 281 // permission. 282 final boolean isKeyguard = Utils.isKeyguard(getContext(), opPackageName); 283 284 // Clear calling identity when checking LockPatternUtils for StrongAuth flags. 285 final long identity1 = Binder.clearCallingIdentity(); 286 try { 287 if (isKeyguard && Utils.isUserEncryptedOrLockdown(mLockPatternUtils, userId)) { 288 // If this happens, something in KeyguardUpdateMonitor is wrong. 289 // SafetyNet for b/79776455 290 EventLog.writeEvent(0x534e4554, "79776455"); 291 Slog.e(TAG, "Authenticate invoked when user is encrypted or lockdown"); 292 return -1; 293 } 294 } finally { 295 Binder.restoreCallingIdentity(identity1); 296 } 297 298 final boolean restricted = getContext().checkCallingPermission(MANAGE_FINGERPRINT) 299 != PackageManager.PERMISSION_GRANTED; 300 final int statsClient = isKeyguard ? BiometricsProtoEnums.CLIENT_KEYGUARD 301 : BiometricsProtoEnums.CLIENT_FINGERPRINT_MANAGER; 302 303 final Pair<Integer, ServiceProvider> provider; 304 if (options.getSensorId() == FingerprintManager.SENSOR_ID_ANY) { 305 provider = mRegistry.getSingleProvider(); 306 } else { 307 Utils.checkPermission(getContext(), USE_BIOMETRIC_INTERNAL); 308 provider = new Pair<>(options.getSensorId(), 309 mRegistry.getProviderForSensor(options.getSensorId())); 310 } 311 312 if (provider == null) { 313 Slog.w(TAG, "Null provider for authenticate"); 314 return -1; 315 } 316 options.setSensorId(provider.first); 317 318 final FingerprintSensorPropertiesInternal sensorProps = 319 provider.second.getSensorProperties(options.getSensorId()); 320 if (!isKeyguard && !Utils.isSettings(getContext(), opPackageName) 321 && sensorProps != null && (sensorProps.isAnyUdfpsType() 322 || sensorProps.isAnySidefpsType())) { 323 try { 324 return authenticateWithPrompt(operationId, sensorProps, callingUid, 325 callingUserId, receiver, opPackageName, 326 options.isIgnoreEnrollmentState()); 327 } catch (PackageManager.NameNotFoundException e) { 328 Slog.e(TAG, "Invalid package", e); 329 return -1; 330 } 331 } 332 final long identity2 = Binder.clearCallingIdentity(); 333 try { 334 VirtualDeviceManagerInternal vdm = getLocalService( 335 VirtualDeviceManagerInternal.class); 336 if (vdm != null) { 337 vdm.onAuthenticationPrompt(callingUid); 338 } 339 } finally { 340 Binder.restoreCallingIdentity(identity2); 341 } 342 return provider.second.scheduleAuthenticate(token, operationId, 343 0 /* cookie */, new ClientMonitorCallbackConverter(receiver), options, 344 restricted, statsClient, isKeyguard); 345 } 346 347 private long authenticateWithPrompt( 348 final long operationId, 349 @NonNull final FingerprintSensorPropertiesInternal props, 350 final int uId, 351 final int userId, 352 final IFingerprintServiceReceiver receiver, 353 final String opPackageName, 354 boolean ignoreEnrollmentState) throws PackageManager.NameNotFoundException { 355 final Context context = getUiContext(); 356 final Context promptContext = context.createPackageContextAsUser( 357 opPackageName, 0 /* flags */, UserHandle.getUserHandleForUid(uId)); 358 final Executor executor = context.getMainExecutor(); 359 360 final BiometricPrompt biometricPrompt = new BiometricPrompt.Builder(promptContext) 361 .setTitle(context.getString(R.string.biometric_dialog_default_title)) 362 .setSubtitle(context.getString(R.string.fingerprint_dialog_default_subtitle)) 363 .setNegativeButton( 364 context.getString(R.string.cancel), 365 executor, 366 (dialog, which) -> { 367 try { 368 receiver.onError( 369 FINGERPRINT_ERROR_USER_CANCELED, 0 /* vendorCode */); 370 } catch (RemoteException e) { 371 Slog.e(TAG, "Remote exception in negative button onClick()", e); 372 } 373 }) 374 .setIsForLegacyFingerprintManager(props.sensorId) 375 .setIgnoreEnrollmentState(ignoreEnrollmentState) 376 .build(); 377 378 final BiometricPrompt.AuthenticationCallback promptCallback = 379 new BiometricPrompt.AuthenticationCallback() { 380 @Override 381 public void onAuthenticationError(int errorCode, CharSequence errString) { 382 try { 383 if (FingerprintUtils.isKnownErrorCode(errorCode)) { 384 receiver.onError(errorCode, 0 /* vendorCode */); 385 } else { 386 receiver.onError(FINGERPRINT_ERROR_VENDOR, errorCode); 387 } 388 } catch (RemoteException e) { 389 Slog.e(TAG, "Remote exception in onAuthenticationError()", e); 390 } 391 } 392 393 @Override 394 public void onAuthenticationSucceeded( 395 BiometricPrompt.AuthenticationResult result) { 396 final Fingerprint fingerprint = new Fingerprint("", 0, 0L); 397 final boolean isStrong = props.sensorStrength == STRENGTH_STRONG; 398 try { 399 receiver.onAuthenticationSucceeded(fingerprint, userId, isStrong); 400 } catch (RemoteException e) { 401 Slog.e(TAG, "Remote exception in onAuthenticationSucceeded()", e); 402 } 403 } 404 405 @Override 406 public void onAuthenticationFailed() { 407 try { 408 receiver.onAuthenticationFailed(); 409 } catch (RemoteException e) { 410 Slog.e(TAG, "Remote exception in onAuthenticationFailed()", e); 411 } 412 } 413 414 @Override 415 public void onAuthenticationAcquired(int acquireInfo) { 416 try { 417 if (FingerprintUtils.isKnownAcquiredCode(acquireInfo)) { 418 receiver.onAcquired(acquireInfo, 0 /* vendorCode */); 419 } else { 420 receiver.onAcquired(FINGERPRINT_ACQUIRED_VENDOR, acquireInfo); 421 } 422 } catch (RemoteException e) { 423 Slog.e(TAG, "Remote exception in onAuthenticationAcquired()", e); 424 } 425 } 426 427 @Override 428 public void onAuthenticationHelp(int acquireInfo, CharSequence helpString) { 429 onAuthenticationAcquired(acquireInfo); 430 } 431 }; 432 433 return biometricPrompt.authenticateForOperation( 434 new CancellationSignal(), executor, promptCallback, operationId); 435 } 436 437 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 438 @Override 439 public long detectFingerprint(final IBinder token, 440 final IFingerprintServiceReceiver receiver, 441 final FingerprintAuthenticateOptions options) { 442 super.detectFingerprint_enforcePermission(); 443 444 final String opPackageName = options.getOpPackageName(); 445 if (!Utils.isKeyguard(getContext(), opPackageName)) { 446 Slog.w(TAG, "detectFingerprint called from non-sysui package: " + opPackageName); 447 return -1; 448 } 449 450 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 451 if (provider == null) { 452 Slog.w(TAG, "Null provider for detectFingerprint"); 453 return -1; 454 } 455 options.setSensorId(provider.first); 456 457 return provider.second.scheduleFingerDetect(token, 458 new ClientMonitorCallbackConverter(receiver), options, 459 BiometricsProtoEnums.CLIENT_KEYGUARD); 460 } 461 462 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_BIOMETRIC) 463 @Override // Binder call 464 public void prepareForAuthentication(IBinder token, long operationId, 465 IBiometricSensorReceiver sensorReceiver, 466 @NonNull FingerprintAuthenticateOptions options, 467 long requestId, int cookie, boolean allowBackgroundAuthentication, 468 boolean isForLegacyFingerprintManager) { 469 super.prepareForAuthentication_enforcePermission(); 470 471 final ServiceProvider provider = mRegistry.getProviderForSensor(options.getSensorId()); 472 if (provider == null) { 473 Slog.w(TAG, "Null provider for prepareForAuthentication"); 474 return; 475 } 476 477 final int statsClient = 478 isForLegacyFingerprintManager ? BiometricsProtoEnums.CLIENT_FINGERPRINT_MANAGER 479 : BiometricsProtoEnums.CLIENT_BIOMETRIC_PROMPT; 480 final boolean restricted = true; // BiometricPrompt is always restricted 481 provider.scheduleAuthenticate(token, operationId, cookie, 482 new ClientMonitorCallbackConverter(sensorReceiver), options, requestId, 483 restricted, statsClient, 484 allowBackgroundAuthentication); 485 } 486 487 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_BIOMETRIC) 488 @Override // Binder call 489 public void startPreparedClient(int sensorId, int cookie) { 490 super.startPreparedClient_enforcePermission(); 491 492 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 493 if (provider == null) { 494 Slog.w(TAG, "Null provider for startPreparedClient"); 495 return; 496 } 497 498 provider.startPreparedClient(sensorId, cookie); 499 } 500 501 @Override // Binder call 502 public void cancelAuthentication( 503 final IBinder token, 504 final String opPackageName, 505 final String attributionTag, 506 long requestId) { 507 final int callingUid = Binder.getCallingUid(); 508 final int callingPid = Binder.getCallingPid(); 509 final int callingUserId = UserHandle.getCallingUserId(); 510 511 if (!canUseFingerprint( 512 opPackageName, 513 attributionTag, 514 true /* requireForeground */, 515 callingUid, 516 callingPid, 517 callingUserId)) { 518 Slog.w(TAG, "cancelAuthentication rejecting package: " + opPackageName); 519 return; 520 } 521 522 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 523 if (provider == null) { 524 Slog.w(TAG, "Null provider for cancelAuthentication"); 525 return; 526 } 527 528 provider.second.cancelAuthentication(provider.first, token, requestId); 529 } 530 531 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 532 @Override // Binder call 533 public void cancelFingerprintDetect(final IBinder token, final String opPackageName, 534 final long requestId) { 535 super.cancelFingerprintDetect_enforcePermission(); 536 537 if (!Utils.isKeyguard(getContext(), opPackageName)) { 538 Slog.w(TAG, "cancelFingerprintDetect called from non-sysui package: " 539 + opPackageName); 540 return; 541 } 542 543 // For IBiometricsFingerprint2.1, cancelling fingerprint detect is the same as 544 // cancelling authentication. 545 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 546 if (provider == null) { 547 Slog.w(TAG, "Null provider for cancelFingerprintDetect"); 548 return; 549 } 550 551 provider.second.cancelAuthentication(provider.first, token, requestId); 552 } 553 554 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_BIOMETRIC) 555 @Override // Binder call 556 public void cancelAuthenticationFromService(final int sensorId, final IBinder token, 557 final String opPackageName, final long requestId) { 558 super.cancelAuthenticationFromService_enforcePermission(); 559 560 Slog.d(TAG, "cancelAuthenticationFromService, sensorId: " + sensorId); 561 562 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 563 if (provider == null) { 564 Slog.w(TAG, "Null provider for cancelAuthenticationFromService"); 565 return; 566 } 567 568 provider.cancelAuthentication(sensorId, token, requestId); 569 } 570 571 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 572 @Override // Binder call 573 public void remove(final IBinder token, final int fingerId, final int userId, 574 final IFingerprintServiceReceiver receiver, final String opPackageName) { 575 super.remove_enforcePermission(); 576 577 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 578 if (provider == null) { 579 Slog.w(TAG, "Null provider for remove"); 580 return; 581 } 582 provider.second.scheduleRemove(provider.first, token, receiver, fingerId, userId, 583 opPackageName); 584 } 585 586 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 587 @Override // Binder call 588 public void removeAll(final IBinder token, final int userId, 589 final IFingerprintServiceReceiver receiver, final String opPackageName) { 590 591 super.removeAll_enforcePermission(); 592 593 final FingerprintServiceReceiver internalReceiver = new FingerprintServiceReceiver() { 594 int sensorsFinishedRemoving = 0; 595 final int numSensors = getSensorPropertiesInternal( 596 getContext().getOpPackageName()).size(); 597 @Override 598 public void onRemoved(Fingerprint fp, int remaining) throws RemoteException { 599 if (remaining == 0) { 600 sensorsFinishedRemoving++; 601 Slog.d(TAG, "sensorsFinishedRemoving: " + sensorsFinishedRemoving 602 + ", numSensors: " + numSensors); 603 if (sensorsFinishedRemoving == numSensors) { 604 receiver.onRemoved(null, 0 /* remaining */); 605 } 606 } 607 } 608 }; 609 610 // This effectively iterates through all sensors, but has to do so by finding all 611 // sensors under each provider. 612 for (ServiceProvider provider : mRegistry.getProviders()) { 613 List<FingerprintSensorPropertiesInternal> props = provider.getSensorProperties(); 614 for (FingerprintSensorPropertiesInternal prop : props) { 615 provider.scheduleRemoveAll(prop.sensorId, token, internalReceiver, userId, 616 opPackageName); 617 } 618 } 619 } 620 621 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 622 @Override // Binder call 623 public void addLockoutResetCallback(final IBiometricServiceLockoutResetCallback callback, 624 final String opPackageName) { 625 super.addLockoutResetCallback_enforcePermission(); 626 627 mLockoutResetDispatcher.addCallback(callback, opPackageName); 628 } 629 630 @Override // Binder call 631 public void onShellCommand(@Nullable FileDescriptor in, @Nullable FileDescriptor out, 632 @Nullable FileDescriptor err, @NonNull String[] args, 633 @Nullable ShellCallback callback, @NonNull ResultReceiver resultReceiver) 634 throws RemoteException { 635 (new FingerprintShellCommand(getContext(), FingerprintService.this)) 636 .exec(this, in, out, err, args, callback, resultReceiver); 637 } 638 639 @Override // Binder call 640 protected void dump(@NonNull FileDescriptor fd, @NonNull PrintWriter pw, String[] args) { 641 if (!DumpUtils.checkDumpPermission(getContext(), TAG, pw)) { 642 return; 643 } 644 645 final long ident = Binder.clearCallingIdentity(); 646 try { 647 if (args.length > 1 && "--proto".equals(args[0]) && "--state".equals(args[1])) { 648 final ProtoOutputStream proto = new ProtoOutputStream(fd); 649 for (ServiceProvider provider : mRegistry.getProviders()) { 650 for (FingerprintSensorPropertiesInternal props 651 : provider.getSensorProperties()) { 652 provider.dumpProtoState(props.sensorId, proto, false); 653 } 654 } 655 proto.flush(); 656 } else if (args.length > 0 && "--proto".equals(args[0])) { 657 for (ServiceProvider provider : mRegistry.getProviders()) { 658 for (FingerprintSensorPropertiesInternal props 659 : provider.getSensorProperties()) { 660 provider.dumpProtoMetrics(props.sensorId, fd); 661 } 662 } 663 } else { 664 for (ServiceProvider provider : mRegistry.getProviders()) { 665 for (FingerprintSensorPropertiesInternal props 666 : provider.getSensorProperties()) { 667 pw.println("Dumping for sensorId: " + props.sensorId 668 + ", provider: " + provider.getClass().getSimpleName()); 669 pw.println("Fps state: " 670 + mBiometricStateCallback.getBiometricState()); 671 provider.dumpInternal(props.sensorId, pw); 672 pw.println(); 673 } 674 } 675 } 676 } finally { 677 Binder.restoreCallingIdentity(ident); 678 } 679 } 680 681 @Override // Binder call 682 public boolean isHardwareDetectedDeprecated(String opPackageName, String attributionTag) { 683 if (!canUseFingerprint( 684 opPackageName, 685 attributionTag, 686 false /* foregroundOnly */, 687 Binder.getCallingUid(), 688 Binder.getCallingPid(), 689 UserHandle.getCallingUserId())) { 690 return false; 691 } 692 693 final long token = Binder.clearCallingIdentity(); 694 try { 695 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 696 if (provider == null) { 697 Slog.w(TAG, "Null provider for isHardwareDetectedDeprecated, caller: " 698 + opPackageName); 699 return false; 700 } 701 return provider.second.isHardwareDetected(provider.first); 702 } finally { 703 Binder.restoreCallingIdentity(token); 704 } 705 } 706 707 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 708 @Override // Binder call 709 public boolean isHardwareDetected(int sensorId, String opPackageName) { 710 super.isHardwareDetected_enforcePermission(); 711 712 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 713 if (provider == null) { 714 Slog.w(TAG, "Null provider for isHardwareDetected, caller: " + opPackageName); 715 return false; 716 } 717 718 return provider.isHardwareDetected(sensorId); 719 } 720 721 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 722 @Override // Binder call 723 public void rename(final int fingerId, final int userId, final String name) { 724 super.rename_enforcePermission(); 725 726 if (!Utils.isCurrentUserOrProfile(getContext(), userId)) { 727 return; 728 } 729 730 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 731 if (provider == null) { 732 Slog.w(TAG, "Null provider for rename"); 733 return; 734 } 735 736 provider.second.rename(provider.first, fingerId, userId, name); 737 } 738 739 @Override // Binder call 740 public List<Fingerprint> getEnrolledFingerprints( 741 int userId, String opPackageName, String attributionTag) { 742 if (!canUseFingerprint( 743 opPackageName, 744 attributionTag, 745 false /* foregroundOnly */, 746 Binder.getCallingUid(), 747 Binder.getCallingPid(), 748 UserHandle.getCallingUserId())) { 749 return Collections.emptyList(); 750 } 751 752 if (userId != UserHandle.getCallingUserId()) { 753 Utils.checkPermission(getContext(), INTERACT_ACROSS_USERS); 754 } 755 756 return FingerprintService.this.getEnrolledFingerprintsDeprecated(userId, opPackageName); 757 } 758 759 @Override // Binder call 760 public boolean hasEnrolledFingerprintsDeprecated( 761 int userId, String opPackageName, String attributionTag) { 762 if (!canUseFingerprint( 763 opPackageName, 764 attributionTag, 765 false /* foregroundOnly */, 766 Binder.getCallingUid(), 767 Binder.getCallingPid(), 768 UserHandle.getCallingUserId())) { 769 return false; 770 } 771 772 if (userId != UserHandle.getCallingUserId()) { 773 Utils.checkPermission(getContext(), INTERACT_ACROSS_USERS); 774 } 775 return !FingerprintService.this.getEnrolledFingerprintsDeprecated(userId, opPackageName) 776 .isEmpty(); 777 } 778 779 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 780 public boolean hasEnrolledFingerprints(int sensorId, int userId, String opPackageName) { 781 super.hasEnrolledFingerprints_enforcePermission(); 782 783 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 784 if (provider == null) { 785 Slog.w(TAG, "Null provider for hasEnrolledFingerprints, caller: " + opPackageName); 786 return false; 787 } 788 789 return provider.getEnrolledFingerprints(sensorId, userId).size() > 0; 790 } 791 792 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 793 @Override // Binder call 794 public @LockoutTracker.LockoutMode int getLockoutModeForUser(int sensorId, int userId) { 795 super.getLockoutModeForUser_enforcePermission(); 796 797 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 798 if (provider == null) { 799 Slog.w(TAG, "Null provider for getLockoutModeForUser"); 800 return LockoutTracker.LOCKOUT_NONE; 801 } 802 return provider.getLockoutModeForUser(sensorId, userId); 803 } 804 805 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 806 @Override 807 public void invalidateAuthenticatorId(int sensorId, int userId, 808 IInvalidationCallback callback) { 809 super.invalidateAuthenticatorId_enforcePermission(); 810 811 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 812 if (provider == null) { 813 Slog.w(TAG, "Null provider for invalidateAuthenticatorId"); 814 return; 815 } 816 provider.scheduleInvalidateAuthenticatorId(sensorId, userId, callback); 817 } 818 819 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 820 @Override // Binder call 821 public long getAuthenticatorId(int sensorId, int userId) { 822 super.getAuthenticatorId_enforcePermission(); 823 824 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 825 if (provider == null) { 826 Slog.w(TAG, "Null provider for getAuthenticatorId"); 827 return 0; 828 } 829 return provider.getAuthenticatorId(sensorId, userId); 830 } 831 832 @android.annotation.EnforcePermission(android.Manifest.permission.RESET_FINGERPRINT_LOCKOUT) 833 @Override // Binder call 834 public void resetLockout(IBinder token, int sensorId, int userId, 835 @Nullable byte[] hardwareAuthToken, String opPackageName) { 836 super.resetLockout_enforcePermission(); 837 838 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 839 if (provider == null) { 840 Slog.w(TAG, "Null provider for resetLockout, caller: " + opPackageName); 841 return; 842 } 843 844 provider.scheduleResetLockout(sensorId, userId, hardwareAuthToken); 845 } 846 847 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 848 @Override 849 public boolean isClientActive() { 850 super.isClientActive_enforcePermission(); 851 852 return mGestureAvailabilityDispatcher.isAnySensorActive(); 853 } 854 855 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 856 @Override 857 public void addClientActiveCallback(IFingerprintClientActiveCallback callback) { 858 super.addClientActiveCallback_enforcePermission(); 859 860 mGestureAvailabilityDispatcher.registerCallback(callback); 861 } 862 863 @android.annotation.EnforcePermission(android.Manifest.permission.MANAGE_FINGERPRINT) 864 @Override 865 public void removeClientActiveCallback(IFingerprintClientActiveCallback callback) { 866 super.removeClientActiveCallback_enforcePermission(); 867 868 mGestureAvailabilityDispatcher.removeCallback(callback); 869 } 870 871 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 872 @Override // Binder call 873 public void registerAuthenticators( 874 @NonNull List<FingerprintSensorPropertiesInternal> hidlSensors) { 875 super.registerAuthenticators_enforcePermission(); 876 877 mRegistry.registerAll(() -> { 878 List<String> aidlSensors = new ArrayList<>(); 879 final String[] instances = mAidlInstanceNameSupplier.get(); 880 if (instances != null) { 881 aidlSensors.addAll(Lists.newArrayList(instances)); 882 } 883 884 final Pair<List<FingerprintSensorPropertiesInternal>, List<String>> 885 filteredInstances = filterAvailableHalInstances(hidlSensors, aidlSensors); 886 887 final List<ServiceProvider> providers = new ArrayList<>(); 888 providers.addAll(getHidlProviders(filteredInstances.first)); 889 providers.addAll(getAidlProviders(filteredInstances.second)); 890 891 return providers; 892 }); 893 } 894 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 895 @Override 896 public void addAuthenticatorsRegisteredCallback( 897 IFingerprintAuthenticatorsRegisteredCallback callback) { 898 super.addAuthenticatorsRegisteredCallback_enforcePermission(); 899 900 mRegistry.addAllRegisteredCallback(callback); 901 } 902 903 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 904 @Override 905 public void registerBiometricStateListener(@NonNull IBiometricStateListener listener) { 906 super.registerBiometricStateListener_enforcePermission(); 907 908 mBiometricStateCallback.registerBiometricStateListener(listener); 909 } 910 911 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 912 @Override 913 public void onPointerDown(long requestId, int sensorId, PointerContext pc) { 914 super.onPointerDown_enforcePermission(); 915 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 916 if (provider == null) { 917 Slog.w(TAG, "No matching provider for onFingerDown, sensorId: " + sensorId); 918 return; 919 } 920 provider.onPointerDown(requestId, sensorId, pc); 921 } 922 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 923 @Override 924 925 public void onPointerUp(long requestId, int sensorId, PointerContext pc) { 926 super.onPointerUp_enforcePermission(); 927 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 928 if (provider == null) { 929 Slog.w(TAG, "No matching provider for onFingerUp, sensorId: " + sensorId); 930 return; 931 } 932 provider.onPointerUp(requestId, sensorId, pc); 933 } 934 935 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 936 @Override 937 public void onUdfpsUiEvent(@FingerprintManager.UdfpsUiEvent int event, long requestId, 938 int sensorId) { 939 super.onUdfpsUiEvent_enforcePermission(); 940 941 final ServiceProvider provider = mRegistry.getProviderForSensor(sensorId); 942 if (provider == null) { 943 Slog.w(TAG, "No matching provider for onUdfpsUiEvent, sensorId: " + sensorId); 944 return; 945 } 946 provider.onUdfpsUiEvent(event, requestId, sensorId); 947 } 948 949 950 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 951 @Override 952 public void setUdfpsOverlayController(@NonNull IUdfpsOverlayController controller) { 953 super.setUdfpsOverlayController_enforcePermission(); 954 955 for (ServiceProvider provider : mRegistry.getProviders()) { 956 provider.setUdfpsOverlayController(controller); 957 } 958 } 959 960 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 961 @Override 962 public void setSidefpsController(@NonNull ISidefpsController controller) { 963 super.setSidefpsController_enforcePermission(); 964 965 for (ServiceProvider provider : mRegistry.getProviders()) { 966 provider.setSidefpsController(controller); 967 } 968 } 969 970 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 971 @Override 972 public void onPowerPressed() { 973 super.onPowerPressed_enforcePermission(); 974 975 for (ServiceProvider provider : mRegistry.getProviders()) { 976 provider.onPowerPressed(); 977 } 978 } 979 980 @android.annotation.EnforcePermission(android.Manifest.permission.USE_BIOMETRIC_INTERNAL) 981 @Override 982 public void scheduleWatchdog() { 983 super.scheduleWatchdog_enforcePermission(); 984 985 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 986 if (provider == null) { 987 Slog.w(TAG, "Null provider for scheduling watchdog"); 988 return; 989 } 990 991 provider.second.scheduleWatchdog(provider.first); 992 } 993 }; 994 FingerprintService(Context context)995 public FingerprintService(Context context) { 996 this(context, BiometricContext.getInstance(context), 997 () -> IBiometricService.Stub.asInterface( 998 ServiceManager.getService(Context.BIOMETRIC_SERVICE)), 999 () -> ServiceManager.getDeclaredInstances(IFingerprint.DESCRIPTOR), 1000 null /* fingerprintProvider */); 1001 } 1002 1003 @VisibleForTesting FingerprintService(Context context, BiometricContext biometricContext, Supplier<IBiometricService> biometricServiceSupplier, Supplier<String[]> aidlInstanceNameSupplier, Function<String, FingerprintProvider> fingerprintProvider)1004 FingerprintService(Context context, 1005 BiometricContext biometricContext, 1006 Supplier<IBiometricService> biometricServiceSupplier, 1007 Supplier<String[]> aidlInstanceNameSupplier, 1008 Function<String, FingerprintProvider> fingerprintProvider) { 1009 super(context); 1010 mBiometricContext = biometricContext; 1011 mAidlInstanceNameSupplier = aidlInstanceNameSupplier; 1012 mAppOps = context.getSystemService(AppOpsManager.class); 1013 mGestureAvailabilityDispatcher = new GestureAvailabilityDispatcher(); 1014 mLockoutResetDispatcher = new LockoutResetDispatcher(context); 1015 mLockPatternUtils = new LockPatternUtils(context); 1016 mBiometricStateCallback = new BiometricStateCallback<>(UserManager.get(context)); 1017 mFingerprintProvider = fingerprintProvider != null ? fingerprintProvider : 1018 (name) -> { 1019 final String fqName = IFingerprint.DESCRIPTOR + "/" + name; 1020 final IFingerprint fp = IFingerprint.Stub.asInterface( 1021 Binder.allowBlocking(ServiceManager.waitForDeclaredService(fqName))); 1022 if (fp != null) { 1023 try { 1024 return new FingerprintProvider(getContext(), 1025 mBiometricStateCallback, fp.getSensorProps(), name, 1026 mLockoutResetDispatcher, mGestureAvailabilityDispatcher, 1027 mBiometricContext); 1028 } catch (RemoteException e) { 1029 Slog.e(TAG, "Remote exception in getSensorProps: " + fqName); 1030 } 1031 } else { 1032 Slog.e(TAG, "Unable to get declared service: " + fqName); 1033 } 1034 1035 return null; 1036 }; 1037 mHandler = new Handler(Looper.getMainLooper()); 1038 mRegistry = new FingerprintServiceRegistry(mServiceWrapper, biometricServiceSupplier); 1039 mRegistry.addAllRegisteredCallback(new IFingerprintAuthenticatorsRegisteredCallback.Stub() { 1040 @Override 1041 public void onAllAuthenticatorsRegistered( 1042 List<FingerprintSensorPropertiesInternal> sensors) { 1043 mBiometricStateCallback.start(mRegistry.getProviders()); 1044 } 1045 }); 1046 } 1047 1048 private Pair<List<FingerprintSensorPropertiesInternal>, List<String>> filterAvailableHalInstances( @onNull List<FingerprintSensorPropertiesInternal> hidlInstances, @NonNull List<String> aidlInstances)1049 filterAvailableHalInstances( 1050 @NonNull List<FingerprintSensorPropertiesInternal> hidlInstances, 1051 @NonNull List<String> aidlInstances) { 1052 if ((hidlInstances.size() + aidlInstances.size()) <= 1) { 1053 return new Pair(hidlInstances, aidlInstances); 1054 } 1055 1056 final int virtualAt = aidlInstances.indexOf("virtual"); 1057 if (Utils.isVirtualEnabled(getContext())) { 1058 if (virtualAt != -1) { 1059 //only virtual instance should be returned 1060 return new Pair(new ArrayList<>(), List.of(aidlInstances.get(virtualAt))); 1061 } else { 1062 Slog.e(TAG, "Could not find virtual interface while it is enabled"); 1063 return new Pair(hidlInstances, aidlInstances); 1064 } 1065 } else { 1066 //remove virtual instance 1067 aidlInstances = new ArrayList<>(aidlInstances); 1068 if (virtualAt != -1) { 1069 aidlInstances.remove(virtualAt); 1070 } 1071 return new Pair(hidlInstances, aidlInstances); 1072 } 1073 } 1074 1075 @NonNull getHidlProviders( @onNull List<FingerprintSensorPropertiesInternal> hidlSensors)1076 private List<ServiceProvider> getHidlProviders( 1077 @NonNull List<FingerprintSensorPropertiesInternal> hidlSensors) { 1078 final List<ServiceProvider> providers = new ArrayList<>(); 1079 1080 for (FingerprintSensorPropertiesInternal hidlSensor : hidlSensors) { 1081 final Fingerprint21 fingerprint21; 1082 if ((Build.IS_USERDEBUG || Build.IS_ENG) 1083 && getContext().getResources().getBoolean(R.bool.allow_test_udfps) 1084 && Settings.Secure.getIntForUser(getContext().getContentResolver(), 1085 Fingerprint21UdfpsMock.CONFIG_ENABLE_TEST_UDFPS, 0 /* default */, 1086 UserHandle.USER_CURRENT) != 0) { 1087 fingerprint21 = Fingerprint21UdfpsMock.newInstance(getContext(), 1088 mBiometricStateCallback, hidlSensor, 1089 mLockoutResetDispatcher, mGestureAvailabilityDispatcher, 1090 BiometricContext.getInstance(getContext())); 1091 } else { 1092 fingerprint21 = Fingerprint21.newInstance(getContext(), 1093 mBiometricStateCallback, hidlSensor, mHandler, 1094 mLockoutResetDispatcher, mGestureAvailabilityDispatcher); 1095 } 1096 providers.add(fingerprint21); 1097 } 1098 1099 return providers; 1100 } 1101 1102 @NonNull getAidlProviders(@onNull List<String> instances)1103 private List<ServiceProvider> getAidlProviders(@NonNull List<String> instances) { 1104 final List<ServiceProvider> providers = new ArrayList<>(); 1105 1106 for (String instance : instances) { 1107 final FingerprintProvider provider = mFingerprintProvider.apply(instance); 1108 Slog.i(TAG, "Adding AIDL provider: " + instance); 1109 providers.add(provider); 1110 } 1111 1112 return providers; 1113 } 1114 1115 @Override onStart()1116 public void onStart() { 1117 publishBinderService(Context.FINGERPRINT_SERVICE, mServiceWrapper); 1118 } 1119 1120 @NonNull getEnrolledFingerprintsDeprecated(int userId, String opPackageName)1121 private List<Fingerprint> getEnrolledFingerprintsDeprecated(int userId, String opPackageName) { 1122 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 1123 if (provider == null) { 1124 Slog.w(TAG, "Null provider for getEnrolledFingerprintsDeprecated, caller: " 1125 + opPackageName); 1126 return Collections.emptyList(); 1127 } 1128 1129 return provider.second.getEnrolledFingerprints(provider.first, userId); 1130 } 1131 1132 /** Checks for public API invocations to ensure that permissions, etc are granted/correct. */ 1133 @SuppressWarnings("BooleanMethodIsAlwaysInverted") canUseFingerprint( String opPackageName, String attributionTag, boolean requireForeground, int uid, int pid, int userId)1134 private boolean canUseFingerprint( 1135 String opPackageName, 1136 String attributionTag, 1137 boolean requireForeground, 1138 int uid, 1139 int pid, 1140 int userId) { 1141 if (getContext().checkCallingPermission(USE_FINGERPRINT) 1142 != PackageManager.PERMISSION_GRANTED) { 1143 Utils.checkPermission(getContext(), USE_BIOMETRIC); 1144 } 1145 1146 if (Binder.getCallingUid() == Process.SYSTEM_UID) { 1147 return true; // System process (BiometricService, etc) is always allowed 1148 } 1149 if (Utils.isKeyguard(getContext(), opPackageName)) { 1150 return true; 1151 } 1152 if (!Utils.isCurrentUserOrProfile(getContext(), userId)) { 1153 Slog.w(TAG, "Rejecting " + opPackageName + "; not a current user or profile"); 1154 return false; 1155 } 1156 if (!checkAppOps(uid, opPackageName, attributionTag)) { 1157 Slog.w(TAG, "Rejecting " + opPackageName + "; permission denied"); 1158 return false; 1159 } 1160 if (requireForeground && !Utils.isForeground(uid, pid)) { 1161 Slog.w(TAG, "Rejecting " + opPackageName + "; not in foreground"); 1162 return false; 1163 } 1164 return true; 1165 } 1166 checkAppOps(int uid, String opPackageName, String attributionTag)1167 private boolean checkAppOps(int uid, String opPackageName, String attributionTag) { 1168 boolean appOpsOk = false; 1169 if (mAppOps.noteOp(AppOpsManager.OP_USE_BIOMETRIC, uid, opPackageName, attributionTag, null) 1170 == AppOpsManager.MODE_ALLOWED) { 1171 appOpsOk = true; 1172 } else if (mAppOps.noteOp( 1173 AppOpsManager.OP_USE_FINGERPRINT, uid, opPackageName, attributionTag, null) 1174 == AppOpsManager.MODE_ALLOWED) { 1175 appOpsOk = true; 1176 } 1177 return appOpsOk; 1178 } 1179 syncEnrollmentsNow()1180 void syncEnrollmentsNow() { 1181 Utils.checkPermissionOrShell(getContext(), MANAGE_FINGERPRINT); 1182 if (Utils.isVirtualEnabled(getContext())) { 1183 Slog.i(TAG, "Sync virtual enrollments"); 1184 final int userId = ActivityManager.getCurrentUser(); 1185 final CountDownLatch latch = new CountDownLatch(mRegistry.getProviders().size()); 1186 for (ServiceProvider provider : mRegistry.getProviders()) { 1187 for (FingerprintSensorPropertiesInternal props : provider.getSensorProperties()) { 1188 provider.scheduleInternalCleanup(props.sensorId, userId, 1189 new ClientMonitorCallback() { 1190 @Override 1191 public void onClientFinished( 1192 @NonNull BaseClientMonitor clientMonitor, 1193 boolean success) { 1194 latch.countDown(); 1195 if (!success) { 1196 Slog.e(TAG, "Sync virtual enrollments failed"); 1197 } 1198 } 1199 }, true /* favorHalEnrollments */); 1200 } 1201 } 1202 try { 1203 latch.await(3, TimeUnit.SECONDS); 1204 } catch (Exception e) { 1205 Slog.e(TAG, "Failed to wait for sync finishing", e); 1206 } 1207 } 1208 } 1209 simulateVhalFingerDown()1210 void simulateVhalFingerDown() { 1211 if (Utils.isVirtualEnabled(getContext())) { 1212 Slog.i(TAG, "Simulate virtual HAL finger down event"); 1213 final Pair<Integer, ServiceProvider> provider = mRegistry.getSingleProvider(); 1214 if (provider != null) { 1215 provider.second.simulateVhalFingerDown(UserHandle.getCallingUserId(), 1216 provider.first); 1217 } 1218 } 1219 } 1220 } 1221