summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/java/android/hardware/fingerprint/FingerprintManager.java21
-rw-r--r--core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl2
-rw-r--r--packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java9
-rw-r--r--services/core/java/com/android/server/fingerprint/FingerprintService.java25
4 files changed, 39 insertions, 18 deletions
diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java
index 122df23..62396a3 100644
--- a/core/java/android/hardware/fingerprint/FingerprintManager.java
+++ b/core/java/android/hardware/fingerprint/FingerprintManager.java
@@ -258,6 +258,7 @@ public class FingerprintManager {
public static class AuthenticationResult {
private Fingerprint mFingerprint;
private CryptoObject mCryptoObject;
+ private int mUserId;
/**
* Authentication result
@@ -266,9 +267,10 @@ public class FingerprintManager {
* @param fingerprint the recognized fingerprint data, if allowed.
* @hide
*/
- public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint) {
+ public AuthenticationResult(CryptoObject crypto, Fingerprint fingerprint, int userId) {
mCryptoObject = crypto;
mFingerprint = fingerprint;
+ mUserId = userId;
}
/**
@@ -285,6 +287,12 @@ public class FingerprintManager {
* @hide
*/
public Fingerprint getFingerprint() { return mFingerprint; }
+
+ /**
+ * Obtain the userId for which this fingerprint was authenticated.
+ * @hide
+ */
+ public int getUserId() { return mUserId; }
};
/**
@@ -754,7 +762,7 @@ public class FingerprintManager {
sendAcquiredResult((Long) msg.obj /* deviceId */, msg.arg1 /* acquire info */);
break;
case MSG_AUTHENTICATION_SUCCEEDED:
- sendAuthenticatedSucceeded((Fingerprint) msg.obj);
+ sendAuthenticatedSucceeded((Fingerprint) msg.obj, msg.arg1 /* userId */);
break;
case MSG_AUTHENTICATION_FAILED:
sendAuthenticatedFailed();
@@ -799,9 +807,10 @@ public class FingerprintManager {
}
}
- private void sendAuthenticatedSucceeded(Fingerprint fp) {
+ private void sendAuthenticatedSucceeded(Fingerprint fp, int userId) {
if (mAuthenticationCallback != null) {
- final AuthenticationResult result = new AuthenticationResult(mCryptoObject, fp);
+ final AuthenticationResult result =
+ new AuthenticationResult(mCryptoObject, fp, userId);
mAuthenticationCallback.onAuthenticationSucceeded(result);
}
}
@@ -941,8 +950,8 @@ public class FingerprintManager {
}
@Override // binder call
- public void onAuthenticationSucceeded(long deviceId, Fingerprint fp) {
- mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, fp).sendToTarget();
+ public void onAuthenticationSucceeded(long deviceId, Fingerprint fp, int userId) {
+ mHandler.obtainMessage(MSG_AUTHENTICATION_SUCCEEDED, userId, 0, fp).sendToTarget();
}
@Override // binder call
diff --git a/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl b/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl
index 57a429f..b024b29 100644
--- a/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl
+++ b/core/java/android/hardware/fingerprint/IFingerprintServiceReceiver.aidl
@@ -26,7 +26,7 @@ import android.os.UserHandle;
oneway interface IFingerprintServiceReceiver {
void onEnrollResult(long deviceId, int fingerId, int groupId, int remaining);
void onAcquired(long deviceId, int acquiredInfo);
- void onAuthenticationSucceeded(long deviceId, in Fingerprint fp);
+ void onAuthenticationSucceeded(long deviceId, in Fingerprint fp, int userId);
void onAuthenticationFailed(long deviceId);
void onError(long deviceId, int error);
void onRemoved(long deviceId, int fingerId, int groupId);
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
index 57ee319..f31df51 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -430,7 +430,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
}
}
- private void handleFingerprintAuthenticated() {
+
+ private void handleFingerprintAuthenticated(int authUserId) {
try {
final int userId;
try {
@@ -439,6 +440,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
Log.e(TAG, "Failed to get current user id: ", e);
return;
}
+ if (userId != authUserId) {
+ Log.d(TAG, "Fingerprint authenticated for wrong user: " + authUserId);
+ return;
+ }
if (isFingerprintDisabled(userId)) {
Log.d(TAG, "Fingerprint disabled by DPM for userId: " + userId);
return;
@@ -705,7 +710,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
@Override
public void onAuthenticationSucceeded(AuthenticationResult result) {
- handleFingerprintAuthenticated();
+ handleFingerprintAuthenticated(result.getUserId());
}
@Override
diff --git a/services/core/java/com/android/server/fingerprint/FingerprintService.java b/services/core/java/com/android/server/fingerprint/FingerprintService.java
index 103ed0a..84aa2d7 100644
--- a/services/core/java/com/android/server/fingerprint/FingerprintService.java
+++ b/services/core/java/com/android/server/fingerprint/FingerprintService.java
@@ -127,6 +127,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
private IFingerprintDaemon mDaemon;
private final PowerManager mPowerManager;
private final AlarmManager mAlarmManager;
+ private int mCurrentUserId = UserHandle.USER_NULL;
private final BroadcastReceiver mLockoutReceiver = new BroadcastReceiver() {
@Override
@@ -337,7 +338,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
return;
}
stopPendingOperations(true);
- mEnrollClient = new ClientMonitor(token, receiver, groupId, restricted, token.toString());
+ mEnrollClient = new ClientMonitor(token, receiver, mCurrentUserId, groupId, restricted,
+ token.toString());
final int timeout = (int) (ENROLLMENT_TIMEOUT_MS / MS_PER_SEC);
try {
final int result = daemon.enroll(cryptoToken, groupId, timeout);
@@ -425,7 +427,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
return;
}
stopPendingOperations(true);
- mAuthClient = new ClientMonitor(token, receiver, groupId, restricted, opPackageName);
+ mAuthClient = new ClientMonitor(token, receiver, mCurrentUserId, groupId, restricted,
+ opPackageName);
if (inLockoutMode()) {
Slog.v(TAG, "In lockout mode; disallowing authentication");
if (!mAuthClient.sendError(FingerprintManager.FINGERPRINT_ERROR_LOCKOUT)) {
@@ -482,7 +485,8 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
}
stopPendingOperations(true);
- mRemoveClient = new ClientMonitor(token, receiver, userId, restricted, token.toString());
+ mRemoveClient = new ClientMonitor(token, receiver, mCurrentUserId, userId, restricted,
+ token.toString());
// The fingerprint template ids will be removed when we get confirmation from the HAL
try {
final int result = daemon.remove(fingerId, userId);
@@ -605,15 +609,17 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
private class ClientMonitor implements IBinder.DeathRecipient {
IBinder token;
IFingerprintServiceReceiver receiver;
- int userId;
+ int userId; // userId of the caller
+ int currentUserId; // current user id when this was created
boolean restricted; // True if client does not have MANAGE_FINGERPRINT permission
String owner;
- public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver, int userId,
- boolean restricted, String owner) {
+ public ClientMonitor(IBinder token, IFingerprintServiceReceiver receiver,
+ int currentUserId, int userId, boolean restricted, String owner) {
this.token = token;
this.receiver = receiver;
this.userId = userId;
+ this.currentUserId = currentUserId;
this.restricted = restricted;
this.owner = owner; // name of the client that owns this - for debugging
try {
@@ -702,9 +708,9 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
Slog.v(TAG, "onAuthenticated(owner=" + mAuthClient.owner
+ ", id=" + fpId + ", gp=" + groupId + ")");
}
- Fingerprint fp = !restricted ?
- new Fingerprint("" /* TODO */, groupId, fpId, mHalDeviceId) : null;
- receiver.onAuthenticationSucceeded(mHalDeviceId, fp);
+ Fingerprint fp = !restricted ? new Fingerprint("" /* TODO */, groupId, fpId,
+ mHalDeviceId) : null;
+ receiver.onAuthenticationSucceeded(mHalDeviceId, fp, currentUserId);
}
} catch (RemoteException e) {
Slog.w(TAG, "Failed to notify Authenticated:", e);
@@ -1129,6 +1135,7 @@ public class FingerprintService extends SystemService implements IBinder.DeathRe
Slog.e(TAG, "Failed to setActiveGroup():", e);
}
}
+ mCurrentUserId = userId;
}
private void listenForUserSwitches() {