diff options
| author | Svetoslav <svetoslavganov@google.com> | 2015-04-30 18:39:32 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-04-30 18:39:32 +0000 |
| commit | cae8686c8853de745baf8a26406d18efab09a380 (patch) | |
| tree | c670f1d05e6f7805898e8b7cbfe7fd2145c975a7 | |
| parent | bc4affc982c508da58c934d5d30f393dfd701a9a (diff) | |
| parent | 0165cf4d719ab6560507a18ffd7375b0ad850622 (diff) | |
| download | frameworks_base-cae8686c8853de745baf8a26406d18efab09a380.zip frameworks_base-cae8686c8853de745baf8a26406d18efab09a380.tar.gz frameworks_base-cae8686c8853de745baf8a26406d18efab09a380.tar.bz2 | |
am 0165cf4d: am 3327f3d6: Merge "Add use fingerprint app op - framework" into mnc-dev
* commit '0165cf4d719ab6560507a18ffd7375b0ad850622':
Add use fingerprint app op - framework
4 files changed, 67 insertions, 30 deletions
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index 75f987f..8a3c9c8 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -221,8 +221,10 @@ public class AppOpsManager { public static final int OP_USE_SIP = 53; /** @hide Intercept outgoing calls. */ public static final int OP_PROCESS_OUTGOING_CALLS = 54; + /** @hide User the fingerprint API. */ + public static final int OP_USE_FINGERPRINT = 55; /** @hide */ - public static final int _NUM_OP = 55; + public static final int _NUM_OP = 56; /** Access to coarse location information. */ public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; @@ -357,7 +359,8 @@ public class AppOpsManager { OP_READ_PHONE_STATE, OP_ADD_VOICEMAIL, OP_USE_SIP, - OP_PROCESS_OUTGOING_CALLS + OP_PROCESS_OUTGOING_CALLS, + OP_USE_FINGERPRINT }; /** @@ -419,6 +422,7 @@ public class AppOpsManager { null, null, null, + null, null }; @@ -481,7 +485,8 @@ public class AppOpsManager { "OP_READ_PHONE_STATE", "ADD_VOICEMAIL", "USE_SIP", - "PROCESS_OUTGOING_CALLS" + "PROCESS_OUTGOING_CALLS", + "USE_FINGERPRINT" }; /** @@ -543,7 +548,8 @@ public class AppOpsManager { Manifest.permission.READ_PHONE_STATE, Manifest.permission.ADD_VOICEMAIL, Manifest.permission.USE_SIP, - Manifest.permission.PROCESS_OUTGOING_CALLS + Manifest.permission.PROCESS_OUTGOING_CALLS, + Manifest.permission.USE_FINGERPRINT }; /** @@ -606,7 +612,8 @@ public class AppOpsManager { null, // READ_PHONE_STATE null, // ADD_VOICEMAIL null, // USE_SIP - null // PROCESS_OUTGOING_CALLS + null, // PROCESS_OUTGOING_CALLS + null // USE_FINGERPRINT }; /** @@ -668,7 +675,8 @@ public class AppOpsManager { false, //READ_PHONE_STATE false, //ADD_VOICEMAIL false, // USE_SIP - false // PROCESS_OUTGOING_CALLS + false, // PROCESS_OUTGOING_CALLS + false // USE_FINGERPRINT }; /** @@ -729,6 +737,7 @@ public class AppOpsManager { AppOpsManager.MODE_ALLOWED, AppOpsManager.MODE_ALLOWED, AppOpsManager.MODE_ALLOWED, + AppOpsManager.MODE_ALLOWED, AppOpsManager.MODE_ALLOWED }; @@ -794,6 +803,7 @@ public class AppOpsManager { false, false, false, + false, false }; diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java index 9f344ad..779448b 100644 --- a/core/java/android/hardware/fingerprint/FingerprintManager.java +++ b/core/java/android/hardware/fingerprint/FingerprintManager.java @@ -434,7 +434,8 @@ public class FingerprintManager { mAuthenticationCallback = callback; mCryptoObject = crypto; long sessionId = crypto != null ? crypto.getOpId() : 0; - mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags); + mService.authenticate(mToken, sessionId, userId, mServiceReceiver, flags, + mContext.getOpPackageName()); } catch (RemoteException e) { Log.w(TAG, "Remote exception while authenticating: ", e); if (callback != null) { @@ -555,7 +556,7 @@ public class FingerprintManager { */ public List<Fingerprint> getEnrolledFingerprints(int userId) { if (mService != null) try { - return mService.getEnrolledFingerprints(userId); + return mService.getEnrolledFingerprints(userId, mContext.getOpPackageName()); } catch (RemoteException e) { Log.v(TAG, "Remote exception in getEnrolledFingerprints: ", e); } @@ -579,7 +580,8 @@ public class FingerprintManager { */ public boolean hasEnrolledFingerprints() { if (mService != null) try { - return mService.hasEnrolledFingerprints(UserHandle.myUserId()); + return mService.hasEnrolledFingerprints(UserHandle.myUserId(), + mContext.getOpPackageName()); } catch (RemoteException e) { Log.v(TAG, "Remote exception in getEnrolledFingerprints: ", e); } @@ -595,7 +597,7 @@ public class FingerprintManager { if (mService != null) { try { long deviceId = 0; /* TODO: plumb hardware id to FPMS */ - return mService.isHardwareDetected(deviceId); + return mService.isHardwareDetected(deviceId, mContext.getOpPackageName()); } catch (RemoteException e) { Log.v(TAG, "Remote exception in isFingerprintHardwareDetected(): ", e); } @@ -614,7 +616,7 @@ public class FingerprintManager { public long getAuthenticatorId() { if (mService != null) { try { - return mService.getAuthenticatorId(); + return mService.getAuthenticatorId(mContext.getOpPackageName()); } catch (RemoteException e) { Log.v(TAG, "Remote exception in getAuthenticatorId(): ", e); } @@ -736,7 +738,7 @@ public class FingerprintManager { private void cancelAuthentication(CryptoObject cryptoObject) { if (mService != null) try { - mService.cancelAuthentication(mToken); + mService.cancelAuthentication(mToken, mContext.getOpPackageName()); } catch (RemoteException e) { if (DEBUG) Log.w(TAG, "Remote exception while canceling enrollment"); } diff --git a/core/java/android/hardware/fingerprint/IFingerprintService.aidl b/core/java/android/hardware/fingerprint/IFingerprintService.aidl index c5ec08c..0484806 100644 --- a/core/java/android/hardware/fingerprint/IFingerprintService.aidl +++ b/core/java/android/hardware/fingerprint/IFingerprintService.aidl @@ -27,10 +27,10 @@ import java.util.List; interface IFingerprintService { // Authenticate the given sessionId with a fingerprint void authenticate(IBinder token, long sessionId, int groupId, - IFingerprintServiceReceiver receiver, int flags); + IFingerprintServiceReceiver receiver, int flags, String opPackageName); // Cancel authentication for the given sessionId - void cancelAuthentication(IBinder token); + void cancelAuthentication(IBinder token, String opPackageName); // Start fingerprint enrollment void enroll(IBinder token, in byte [] cryptoToken, int groupId, IFingerprintServiceReceiver receiver, @@ -46,16 +46,16 @@ interface IFingerprintService { void rename(int fingerId, int groupId, String name); // Get a list of enrolled fingerprints in the given group. - List<Fingerprint> getEnrolledFingerprints(int groupId); + List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName); // Determine if HAL is loaded and ready - boolean isHardwareDetected(long deviceId); + boolean isHardwareDetected(long deviceId, String opPackageName); // Get a pre-enrollment authentication token long preEnroll(IBinder token); // Determine if a user has at least one enrolled fingerprint - boolean hasEnrolledFingerprints(int groupId); + boolean hasEnrolledFingerprints(int groupId, String opPackageName); // Gets the number of hardware devices // int getHardwareDeviceCount(); @@ -64,5 +64,5 @@ interface IFingerprintService { // long getHardwareDevice(int i); // Gets the authenticator ID for fingerprint - long getAuthenticatorId(); + long getAuthenticatorId(String opPackageName); } diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java index 6b5908d..ed8519a 100644 --- a/services/core/java/com/android/server/fingerprint/FingerprintService.java +++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java @@ -16,14 +16,15 @@ package com.android.server.fingerprint; +import android.app.AppOpsManager; import android.content.ContentResolver; import android.content.Context; +import android.os.Binder; import android.os.Handler; import android.os.IBinder; import android.os.Looper; import android.os.MessageQueue; import android.os.RemoteException; -import android.util.ArrayMap; import android.util.Slog; import com.android.server.SystemService; @@ -39,6 +40,7 @@ import static android.Manifest.permission.USE_FINGERPRINT; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; /** @@ -55,6 +57,8 @@ public class FingerprintService extends SystemService { private ClientMonitor mEnrollClient = null; private ClientMonitor mRemoveClient = null; + private final AppOpsManager mAppOps; + private static final int MSG_NOTIFY = 10; private static final int ENROLLMENT_TIMEOUT_MS = 60 * 1000; // 1 minute @@ -96,6 +100,7 @@ public class FingerprintService extends SystemService { public FingerprintService(Context context) { super(context); mContext = context; + mAppOps = context.getSystemService(AppOpsManager.class); nativeInit(Looper.getMainLooper().getQueue(), this); } @@ -361,6 +366,13 @@ public class FingerprintService extends SystemService { "Must have " + permission + " permission."); } + private boolean canUserFingerPrint(String opPackageName) { + checkPermission(USE_FINGERPRINT); + + return mAppOps.noteOp(AppOpsManager.OP_USE_FINGERPRINT, Binder.getCallingUid(), + opPackageName) == AppOpsManager.MODE_ALLOWED; + } + private class ClientMonitor implements IBinder.DeathRecipient { IBinder token; IFingerprintServiceReceiver receiver; @@ -522,8 +534,11 @@ public class FingerprintService extends SystemService { @Override // Binder call public void authenticate(final IBinder token, final long opId, final int groupId, - final IFingerprintServiceReceiver receiver, final int flags) { + final IFingerprintServiceReceiver receiver, final int flags, String opPackageName) { checkPermission(USE_FINGERPRINT); + if (!canUserFingerPrint(opPackageName)) { + return; + } mHandler.post(new Runnable() { @Override public void run() { @@ -535,8 +550,10 @@ public class FingerprintService extends SystemService { @Override // Binder call - public void cancelAuthentication(final IBinder token) { - checkPermission(USE_FINGERPRINT); + public void cancelAuthentication(final IBinder token, String opPackageName) { + if (!canUserFingerPrint(opPackageName)) { + return; + } mHandler.post(new Runnable() { @Override public void run() { @@ -561,8 +578,10 @@ public class FingerprintService extends SystemService { @Override // Binder call - public boolean isHardwareDetected(long deviceId) { - checkPermission(USE_FINGERPRINT); + public boolean isHardwareDetected(long deviceId, String opPackageName) { + if (!canUserFingerPrint(opPackageName)) { + return false; + } return mHalDeviceId != 0; // TODO } @@ -580,21 +599,27 @@ public class FingerprintService extends SystemService { @Override // Binder call - public List<Fingerprint> getEnrolledFingerprints(int groupId) { - checkPermission(USE_FINGERPRINT); + public List<Fingerprint> getEnrolledFingerprints(int groupId, String opPackageName) { + if (!canUserFingerPrint(opPackageName)) { + return Collections.emptyList(); + } return FingerprintService.this.getEnrolledFingerprints(groupId); } @Override // Binder call - public boolean hasEnrolledFingerprints(int groupId) { - checkPermission(USE_FINGERPRINT); + public boolean hasEnrolledFingerprints(int groupId, String opPackageName) { + if (!canUserFingerPrint(opPackageName)) { + return false; + } return FingerprintService.this.hasEnrolledFingerprints(groupId); } @Override - public long getAuthenticatorId() { - checkPermission(USE_FINGERPRINT); + public long getAuthenticatorId(String opPackageName) { + if (!canUserFingerPrint(opPackageName)) { + return 0; + } return nativeGetAuthenticatorId(); } } |