Hide enrollment options that don't match requested biometric strength

Austin Delgado · Austin Delgado · commit 0ea56b4fec23 · 2023-04-20T11:20:37.000-07:00
When calling biometric enroll intent with biometric_strong, don't include
weak enrollments as options.

Bug: 265898482
Test: Tested manually by calling enrollment and verifying correct
options are shown
Test: atest BiometricEnrollActivityTest

Change-Id: I5fa650a593aee536955ae806f5963ffbdc135a2e
diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java
@@ -35,6 +35,7 @@
 import android.hardware.biometrics.BiometricManager;
 import android.hardware.biometrics.BiometricManager.Authenticators;
 import android.hardware.biometrics.BiometricManager.BiometricError;
+import android.hardware.biometrics.SensorProperties;
 import android.hardware.face.FaceManager;
 import android.hardware.face.FaceSensorPropertiesInternal;
 import android.hardware.fingerprint.FingerprintManager;
@@ -198,7 +199,7 @@ public void onCreate(@Nullable Bundle savedInstanceState) {
         // Default behavior is to enroll BIOMETRIC_WEAK or above. See ACTION_BIOMETRIC_ENROLL.
         final int authenticators = getIntent().getIntExtra(
                 EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, Authenticators.BIOMETRIC_WEAK);
-        Log.d(TAG, "Authenticators: " + authenticators);
+        Log.d(TAG, "Authenticators: " + BiometricManager.authenticatorToStr(authenticators));
 
         mParentalOptionsRequired = intent.getBooleanExtra(EXTRA_REQUIRE_PARENTAL_CONSENT, false);
         mSkipReturnToParent = intent.getBooleanExtra(EXTRA_SKIP_RETURN_TO_PARENT, false);
@@ -222,9 +223,16 @@ public void onCreate(@Nullable Bundle savedInstanceState) {
                 final FaceSensorPropertiesInternal props = faceProperties.get(0);
                 final int maxEnrolls =
                         isSetupWizard ? maxFacesEnrollableIfSUW : props.maxEnrollmentsPerUser;
+                final boolean isFaceStrong =
+                        props.sensorStrength == SensorProperties.STRENGTH_STRONG;
                 mIsFaceEnrollable =
                         faceManager.getEnrolledFaces(mUserId).size() < maxEnrolls;
 
+                // If we expect strong bio only, check if face is strong
+                if (authenticators == Authenticators.BIOMETRIC_STRONG && !isFaceStrong) {
+                    mIsFaceEnrollable = false;
+                }
+
                 final boolean parentalConsent = isSetupWizard || (mParentalOptionsRequired
                         && !WizardManagerHelper.isUserSetupComplete(this));
                 if (parentalConsent && isMultiSensor && mIsFaceEnrollable) {
@@ -278,6 +286,9 @@ public void onCreate(@Nullable Bundle savedInstanceState) {
 
     private void updateFingerprintEnrollable(boolean isSetupWizard) {
         if (mHasFeatureFingerprint) {
+            final int authenticators = getIntent().getIntExtra(
+                    EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, Authenticators.BIOMETRIC_WEAK);
+
             final FingerprintManager fpManager = getSystemService(FingerprintManager.class);
             final List<FingerprintSensorPropertiesInternal> fpProperties =
                     fpManager.getSensorPropertiesInternal();
@@ -287,8 +298,15 @@ private void updateFingerprintEnrollable(boolean isSetupWizard) {
                 final int maxEnrolls =
                         isSetupWizard ? maxFingerprintsEnrollableIfSUW
                                 : fpProperties.get(0).maxEnrollmentsPerUser;
+                final boolean isFingerprintStrong =
+                        fpProperties.get(0).sensorStrength == SensorProperties.STRENGTH_STRONG;
                 mIsFingerprintEnrollable =
                         fpManager.getEnrolledFingerprints(mUserId).size() < maxEnrolls;
+
+                // If we expect strong bio only, check if fingerprint is strong
+                if (authenticators == Authenticators.BIOMETRIC_STRONG && !isFingerprintStrong) {
+                    mIsFingerprintEnrollable = false;
+                }
             }
         }
     }
@@ -308,8 +326,8 @@ private void startEnrollWith(@Authenticators.Types int authenticators, boolean s
             }
         }
 
-        boolean canUseFace = mHasFeatureFace;
-        boolean canUseFingerprint = mHasFeatureFingerprint;
+        boolean canUseFace = mIsFaceEnrollable;
+        boolean canUseFingerprint = mIsFingerprintEnrollable;
         if (mParentalOptionsRequired) {
             if (mParentalOptions == null) {
                 throw new IllegalStateException("consent options required, but not set");
@@ -612,11 +630,11 @@ private void launchChooseLock() {
         Intent intent = BiometricUtils.getChooseLockIntent(this, getIntent());
         intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_INSECURE_OPTIONS, true);
         intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true);
-        if (mHasFeatureFingerprint && mHasFeatureFace) {
+        if (mIsFingerprintEnrollable && mIsFaceEnrollable) {
             intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_BIOMETRICS, true);
-        } else if (mHasFeatureFace) {
+        } else if (mIsFaceEnrollable) {
             intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, true);
-        } else if (mHasFeatureFingerprint) {
+        } else if (mIsFingerprintEnrollable) {
             intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, true);
         }
 
diff --git a/tests/componenttests/src/com/android/settings/biometrics/BiometricEnrollActivityTest.java b/tests/componenttests/src/com/android/settings/biometrics/BiometricEnrollActivityTest.java
@@ -16,6 +16,7 @@
 
 package com.android.settings.biometrics;
 
+import static android.hardware.biometrics.BiometricManager.Authenticators.BIOMETRIC_STRONG;
 import static android.provider.Settings.ACTION_BIOMETRIC_ENROLL;
 
 import static androidx.test.espresso.intent.Intents.intended;
@@ -33,7 +34,13 @@
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.PackageManager;
+import android.hardware.biometrics.SensorProperties;
+import android.hardware.face.FaceManager;
+import android.hardware.face.FaceSensorPropertiesInternal;
+import android.hardware.fingerprint.FingerprintManager;
+import android.hardware.fingerprint.FingerprintSensorPropertiesInternal;
 import android.os.UserHandle;
+import android.provider.Settings;
 
 import androidx.test.core.app.ActivityScenario;
 import androidx.test.core.app.ApplicationProvider;
@@ -56,6 +63,8 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import java.util.List;
+
 @RunWith(AndroidJUnit4.class)
 @MediumTest
 public class BiometricEnrollActivityTest {
@@ -67,13 +76,37 @@ public class BiometricEnrollActivityTest {
     private final Context  mContext = ApplicationProvider.getApplicationContext();
     private boolean mHasFace;
     private boolean mHasFingerprint;
+    private boolean mIsFaceStrong;
+    private boolean mIsFingerprintStrong;
 
     @Before
     public void setup() {
         Intents.init();
         final PackageManager pm = mContext.getPackageManager();
         mHasFingerprint = pm.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT);
         mHasFace = pm.hasSystemFeature(PackageManager.FEATURE_FACE);
+
+        if (mHasFace) {
+            final FaceManager faceManager = mContext.getSystemService(FaceManager.class);
+            final List<FaceSensorPropertiesInternal> faceProperties =
+                    faceManager.getSensorPropertiesInternal();
+            if (!faceProperties.isEmpty()) {
+                final FaceSensorPropertiesInternal faceProp = faceProperties.get(0);
+                mIsFaceStrong = faceProp.sensorStrength == SensorProperties.STRENGTH_STRONG;
+            }
+        }
+
+        if (mHasFingerprint) {
+            final FingerprintManager fingerprintManager = mContext.getSystemService(
+                    FingerprintManager.class);
+            final List<FingerprintSensorPropertiesInternal> fingerProperties =
+                    fingerprintManager.getSensorPropertiesInternal();
+            if (!fingerProperties.isEmpty()) {
+                final FingerprintSensorPropertiesInternal fingerProp = fingerProperties.get(0);
+                mIsFingerprintStrong =
+                        fingerProp.sensorStrength == SensorProperties.STRENGTH_STRONG;
+            }
+        }
     }
 
     @After
@@ -129,6 +162,27 @@ public void launchWithPinAndPwHandle_confirmsPin() throws Exception {
         }
     }
 
+    @Test
+    public void launchWithStrongBiometricAllowed_doNotEnrollWeak() throws Exception {
+        assumeTrue(mHasFace || mHasFingerprint);
+
+        // Allow only strong biometrics
+        Intent intent = getIntent();
+        intent.putExtra(Settings.EXTRA_BIOMETRIC_AUTHENTICATORS_ALLOWED, BIOMETRIC_STRONG);
+
+        try (ActivityScenario<BiometricEnrollActivity> scenario =
+                     ActivityScenario.launch(intent)) {
+            intended(hasComponent(ChooseLockGeneric.class.getName()));
+            if (mIsFaceStrong && mIsFingerprintStrong) {
+                intended(hasExtra(EXTRA_KEY_FOR_BIOMETRICS, true));
+            } else if (mIsFaceStrong) {
+                intended(hasExtra(EXTRA_KEY_FOR_FACE, true));
+            } else if (mIsFingerprintStrong) {
+                intended(hasExtra(EXTRA_KEY_FOR_FINGERPRINT, true));
+            }
+        }
+    }
+
     private Intent getIntent() {
         return getIntent(false /* useInternal */);
     }
