Bind fingerprint when we start authentication - DO NOT MERGE

This fixes a bug where it was possible to authenticate the wrong user.
We now bind the userId when we start authentication and confirm it when
authentication completes.

Fixes bug 30744668

Change-Id: I346d92c301414ed81e11fa9c171584c7ae4341c2
(cherry picked from commit b6f4b48df273d210d13631b4c2426482feb40c97)

1 files changed, 7 insertions, 2 deletions

diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
index 57ee319..f31df51 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -430,7 +430,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
         }
     }
 
-    private void handleFingerprintAuthenticated() {
+
+    private void handleFingerprintAuthenticated(int authUserId) {
         try {
             final int userId;
             try {
@@ -439,6 +440,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
                 Log.e(TAG, "Failed to get current user id: ", e);
                 return;
             }
+            if (userId != authUserId) {
+                Log.d(TAG, "Fingerprint authenticated for wrong user: " + authUserId);
+                return;
+            }
             if (isFingerprintDisabled(userId)) {
                 Log.d(TAG, "Fingerprint disabled by DPM for userId: " + userId);
                 return;
@@ -705,7 +710,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
 
         @Override
         public void onAuthenticationSucceeded(AuthenticationResult result) {
-            handleFingerprintAuthenticated();
+            handleFingerprintAuthenticated(result.getUserId());
         }
 
         @Override