/* * Copyright (C) 2021 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.hardware.biometrics; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; import android.content.Context; import android.os.Build; import android.os.UserHandle; import android.provider.Settings; /** * "Base" functionality. For settings-specific functionality (which may rely on this base * functionality), see {@link com.android.settings.biometrics.ParentalControlsUtils} * @hide */ public class ParentalControlsUtilsInternal { private static final String TEST_ALWAYS_REQUIRE_CONSENT_PACKAGE = "android.hardware.biometrics.ParentalControlsUtilsInternal.require_consent_package"; private static final String TEST_ALWAYS_REQUIRE_CONSENT_CLASS = "android.hardware.biometrics.ParentalControlsUtilsInternal.require_consent_class"; /** * ComponentName of Parent Consent activity for testing Biometric authentication disabled by * Parental Controls. * *

Component could be defined by values of {@link #TEST_ALWAYS_REQUIRE_CONSENT_PACKAGE} and * {@link #TEST_ALWAYS_REQUIRE_CONSENT_CLASS} Secure settings. */ public static ComponentName getTestComponentName(@NonNull Context context, int userId) { if (Build.IS_USERDEBUG || Build.IS_ENG) { final String pkg = Settings.Secure.getStringForUser(context.getContentResolver(), TEST_ALWAYS_REQUIRE_CONSENT_PACKAGE, userId); final String cls = Settings.Secure.getStringForUser(context.getContentResolver(), TEST_ALWAYS_REQUIRE_CONSENT_CLASS, userId); return pkg != null && cls != null ? new ComponentName(pkg, cls) : null; } return null; } public static boolean parentConsentRequired(@NonNull Context context, @NonNull DevicePolicyManager dpm, @BiometricAuthenticator.Modality int modality, @NonNull UserHandle userHandle) { if (getTestComponentName(context, userHandle.getIdentifier()) != null) { return true; } return parentConsentRequired(dpm, modality, userHandle); } /** * @return true if parental consent is required in order for biometric sensors to be used. */ public static boolean parentConsentRequired(@NonNull DevicePolicyManager dpm, @BiometricAuthenticator.Modality int modality, @NonNull UserHandle userHandle) { final ComponentName cn = getSupervisionComponentName(dpm, userHandle); if (cn == null) { return false; } final int keyguardDisabledFeatures = dpm.getKeyguardDisabledFeatures(cn); final boolean dpmFpDisabled = containsFlag(keyguardDisabledFeatures, DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT); final boolean dpmFaceDisabled = containsFlag(keyguardDisabledFeatures, DevicePolicyManager.KEYGUARD_DISABLE_FACE); final boolean dpmIrisDisabled = containsFlag(keyguardDisabledFeatures, DevicePolicyManager.KEYGUARD_DISABLE_IRIS); final boolean consentRequired; if (containsFlag(modality, BiometricAuthenticator.TYPE_FINGERPRINT) && dpmFpDisabled) { consentRequired = true; } else if (containsFlag(modality, BiometricAuthenticator.TYPE_FACE) && dpmFaceDisabled) { consentRequired = true; } else if (containsFlag(modality, BiometricAuthenticator.TYPE_IRIS) && dpmIrisDisabled) { consentRequired = true; } else { consentRequired = false; } return consentRequired; } @Nullable public static ComponentName getSupervisionComponentName(@NonNull DevicePolicyManager dpm, @NonNull UserHandle userHandle) { return dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(userHandle); } private static boolean containsFlag(int haystack, int needle) { return (haystack & needle) != 0; } }