1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.settings.biometrics.face; 18 19 import static android.app.Activity.RESULT_OK; 20 import static android.app.admin.DevicePolicyResources.Strings.Settings.FACE_SETTINGS_FOR_WORK_TITLE; 21 22 import static com.android.settings.biometrics.BiometricEnrollBase.CONFIRM_REQUEST; 23 import static com.android.settings.biometrics.BiometricEnrollBase.ENROLL_REQUEST; 24 import static com.android.settings.biometrics.BiometricEnrollBase.RESULT_FINISHED; 25 import static com.android.settings.biometrics.BiometricEnrollBase.RESULT_TIMEOUT; 26 27 import android.app.admin.DevicePolicyManager; 28 import android.app.settings.SettingsEnums; 29 import android.content.Context; 30 import android.content.Intent; 31 import android.hardware.face.FaceManager; 32 import android.os.Bundle; 33 import android.os.UserHandle; 34 import android.os.UserManager; 35 import android.util.Log; 36 37 import androidx.preference.Preference; 38 39 import com.android.settings.R; 40 import com.android.settings.SettingsActivity; 41 import com.android.settings.Utils; 42 import com.android.settings.biometrics.BiometricEnrollBase; 43 import com.android.settings.biometrics.BiometricUtils; 44 import com.android.settings.dashboard.DashboardFragment; 45 import com.android.settings.overlay.FeatureFactory; 46 import com.android.settings.password.ChooseLockSettingsHelper; 47 import com.android.settings.search.BaseSearchIndexProvider; 48 import com.android.settingslib.core.AbstractPreferenceController; 49 import com.android.settingslib.search.SearchIndexable; 50 51 import java.util.ArrayList; 52 import java.util.Arrays; 53 import java.util.List; 54 55 /** 56 * Settings screen for face authentication. 57 */ 58 @SearchIndexable 59 public class FaceSettings extends DashboardFragment { 60 61 private static final String TAG = "FaceSettings"; 62 private static final String KEY_TOKEN = "hw_auth_token"; 63 64 private static final String PREF_KEY_DELETE_FACE_DATA = 65 "security_settings_face_delete_faces_container"; 66 private static final String PREF_KEY_ENROLL_FACE_UNLOCK = 67 "security_settings_face_enroll_faces_container"; 68 69 private UserManager mUserManager; 70 private FaceManager mFaceManager; 71 private DevicePolicyManager mDevicePolicyManager; 72 private int mUserId; 73 private int mSensorId; 74 private long mChallenge; 75 private byte[] mToken; 76 private FaceSettingsAttentionPreferenceController mAttentionController; 77 private FaceSettingsRemoveButtonPreferenceController mRemoveController; 78 private FaceSettingsEnrollButtonPreferenceController mEnrollController; 79 private FaceSettingsLockscreenBypassPreferenceController mLockscreenController; 80 private List<AbstractPreferenceController> mControllers; 81 82 private List<Preference> mTogglePreferences; 83 private Preference mRemoveButton; 84 private Preference mEnrollButton; 85 private FaceFeatureProvider mFaceFeatureProvider; 86 87 private boolean mConfirmingPassword; 88 89 private final FaceSettingsRemoveButtonPreferenceController.Listener mRemovalListener = () -> { 90 91 // Disable the toggles until the user re-enrolls 92 for (Preference preference : mTogglePreferences) { 93 preference.setEnabled(false); 94 } 95 96 // Hide the "remove" button and show the "set up face authentication" button. 97 mRemoveButton.setVisible(false); 98 mEnrollButton.setVisible(true); 99 }; 100 101 private final FaceSettingsEnrollButtonPreferenceController.Listener mEnrollListener = intent -> 102 startActivityForResult(intent, ENROLL_REQUEST); 103 104 /** 105 * @param context 106 * @return true if the Face hardware is detected. 107 */ isFaceHardwareDetected(Context context)108 public static boolean isFaceHardwareDetected(Context context) { 109 FaceManager manager = Utils.getFaceManagerOrNull(context); 110 boolean isHardwareDetected = false; 111 if (manager == null) { 112 Log.d(TAG, "FaceManager is null"); 113 } else { 114 isHardwareDetected = manager.isHardwareDetected(); 115 Log.d(TAG, "FaceManager is not null. Hardware detected: " + isHardwareDetected); 116 } 117 return manager != null && isHardwareDetected; 118 } 119 120 @Override getMetricsCategory()121 public int getMetricsCategory() { 122 return SettingsEnums.FACE; 123 } 124 125 @Override getPreferenceScreenResId()126 protected int getPreferenceScreenResId() { 127 return R.xml.security_settings_face; 128 } 129 130 @Override getLogTag()131 protected String getLogTag() { 132 return TAG; 133 } 134 135 @Override onSaveInstanceState(Bundle outState)136 public void onSaveInstanceState(Bundle outState) { 137 super.onSaveInstanceState(outState); 138 outState.putByteArray(KEY_TOKEN, mToken); 139 } 140 141 @Override onCreate(Bundle savedInstanceState)142 public void onCreate(Bundle savedInstanceState) { 143 super.onCreate(savedInstanceState); 144 145 final Context context = getPrefContext(); 146 if (!isFaceHardwareDetected(context)) { 147 Log.w(TAG, "no faceManager, finish this"); 148 finish(); 149 return; 150 } 151 152 mUserManager = context.getSystemService(UserManager.class); 153 mFaceManager = context.getSystemService(FaceManager.class); 154 mDevicePolicyManager = context.getSystemService(DevicePolicyManager.class); 155 mToken = getIntent().getByteArrayExtra(KEY_TOKEN); 156 mSensorId = getIntent().getIntExtra(BiometricEnrollBase.EXTRA_KEY_SENSOR_ID, -1); 157 mChallenge = getIntent().getLongExtra(BiometricEnrollBase.EXTRA_KEY_CHALLENGE, 0L); 158 159 mUserId = getActivity().getIntent().getIntExtra( 160 Intent.EXTRA_USER_ID, UserHandle.myUserId()); 161 mFaceFeatureProvider = FeatureFactory.getFactory(getContext()).getFaceFeatureProvider(); 162 163 if (mUserManager.getUserInfo(mUserId).isManagedProfile()) { 164 getActivity().setTitle( 165 mDevicePolicyManager.getResources().getString(FACE_SETTINGS_FOR_WORK_TITLE, 166 () -> getActivity().getResources().getString( 167 R.string.security_settings_face_profile_preference_title))); 168 } 169 170 mLockscreenController = Utils.isMultipleBiometricsSupported(context) 171 ? use(BiometricLockscreenBypassPreferenceController.class) 172 : use(FaceSettingsLockscreenBypassPreferenceController.class); 173 mLockscreenController.setUserId(mUserId); 174 175 Preference keyguardPref = findPreference(FaceSettingsKeyguardPreferenceController.KEY); 176 Preference appPref = findPreference(FaceSettingsAppPreferenceController.KEY); 177 Preference attentionPref = findPreference(FaceSettingsAttentionPreferenceController.KEY); 178 Preference confirmPref = findPreference(FaceSettingsConfirmPreferenceController.KEY); 179 Preference bypassPref = 180 findPreference(mLockscreenController.getPreferenceKey()); 181 mTogglePreferences = new ArrayList<>( 182 Arrays.asList(keyguardPref, appPref, attentionPref, confirmPref, bypassPref)); 183 184 mRemoveButton = findPreference(FaceSettingsRemoveButtonPreferenceController.KEY); 185 mEnrollButton = findPreference(FaceSettingsEnrollButtonPreferenceController.KEY); 186 187 // There is no better way to do this :/ 188 for (AbstractPreferenceController controller : mControllers) { 189 if (controller instanceof FaceSettingsPreferenceController) { 190 ((FaceSettingsPreferenceController) controller).setUserId(mUserId); 191 } else if (controller instanceof FaceSettingsEnrollButtonPreferenceController) { 192 ((FaceSettingsEnrollButtonPreferenceController) controller).setUserId(mUserId); 193 } 194 } 195 mRemoveController.setUserId(mUserId); 196 197 // Don't show keyguard controller for work profile settings. 198 if (mUserManager.isManagedProfile(mUserId)) { 199 removePreference(FaceSettingsKeyguardPreferenceController.KEY); 200 removePreference(mLockscreenController.getPreferenceKey()); 201 } 202 203 if (savedInstanceState != null) { 204 mToken = savedInstanceState.getByteArray(KEY_TOKEN); 205 } 206 } 207 208 @Override onResume()209 public void onResume() { 210 super.onResume(); 211 212 if (mToken == null && !mConfirmingPassword) { 213 final ChooseLockSettingsHelper.Builder builder = 214 new ChooseLockSettingsHelper.Builder(getActivity(), this); 215 final boolean launched = builder.setRequestCode(CONFIRM_REQUEST) 216 .setTitle(getString(R.string.security_settings_face_preference_title)) 217 .setRequestGatekeeperPasswordHandle(true) 218 .setUserId(mUserId) 219 .setForegroundOnly(true) 220 .setReturnCredentials(true) 221 .show(); 222 223 mConfirmingPassword = true; 224 if (!launched) { 225 Log.e(TAG, "Password not set"); 226 finish(); 227 } 228 } else { 229 mAttentionController.setToken(mToken); 230 mEnrollController.setToken(mToken); 231 } 232 233 final boolean hasEnrolled = mFaceManager.hasEnrolledTemplates(mUserId); 234 mEnrollButton.setVisible(!hasEnrolled); 235 mRemoveButton.setVisible(hasEnrolled); 236 237 if (!mFaceFeatureProvider.isAttentionSupported(getContext())) { 238 removePreference(FaceSettingsAttentionPreferenceController.KEY); 239 } 240 } 241 242 @Override onActivityResult(int requestCode, int resultCode, Intent data)243 public void onActivityResult(int requestCode, int resultCode, Intent data) { 244 super.onActivityResult(requestCode, resultCode, data); 245 246 if (mToken == null && !BiometricUtils.containsGatekeeperPasswordHandle(data)) { 247 Log.e(TAG, "No credential"); 248 finish(); 249 } 250 251 if (requestCode == CONFIRM_REQUEST) { 252 if (resultCode == RESULT_FINISHED || resultCode == RESULT_OK) { 253 // The pin/pattern/password was set. 254 mFaceManager.generateChallenge(mUserId, (sensorId, userId, challenge) -> { 255 mToken = BiometricUtils.requestGatekeeperHat(getPrefContext(), data, mUserId, 256 challenge); 257 mSensorId = sensorId; 258 mChallenge = challenge; 259 BiometricUtils.removeGatekeeperPasswordHandle(getPrefContext(), data); 260 mAttentionController.setToken(mToken); 261 mEnrollController.setToken(mToken); 262 mConfirmingPassword = false; 263 }); 264 } 265 } else if (requestCode == ENROLL_REQUEST) { 266 if (resultCode == RESULT_TIMEOUT) { 267 setResult(resultCode, data); 268 finish(); 269 } 270 } 271 } 272 273 @Override onStop()274 public void onStop() { 275 super.onStop(); 276 277 if (!mEnrollController.isClicked() && !getActivity().isChangingConfigurations() 278 && !mConfirmingPassword) { 279 // Revoke challenge and finish 280 if (mToken != null) { 281 mFaceManager.revokeChallenge(mSensorId, mUserId, mChallenge); 282 mToken = null; 283 } 284 finish(); 285 } 286 } 287 288 @Override getHelpResource()289 public int getHelpResource() { 290 return R.string.help_url_face; 291 } 292 293 @Override createPreferenceControllers(Context context)294 protected List<AbstractPreferenceController> createPreferenceControllers(Context context) { 295 if (!isFaceHardwareDetected(context)) { 296 return null; 297 } 298 mControllers = buildPreferenceControllers(context); 299 // There's no great way of doing this right now :/ 300 for (AbstractPreferenceController controller : mControllers) { 301 if (controller instanceof FaceSettingsAttentionPreferenceController) { 302 mAttentionController = (FaceSettingsAttentionPreferenceController) controller; 303 } else if (controller instanceof FaceSettingsRemoveButtonPreferenceController) { 304 mRemoveController = (FaceSettingsRemoveButtonPreferenceController) controller; 305 mRemoveController.setListener(mRemovalListener); 306 mRemoveController.setActivity((SettingsActivity) getActivity()); 307 } else if (controller instanceof FaceSettingsEnrollButtonPreferenceController) { 308 mEnrollController = (FaceSettingsEnrollButtonPreferenceController) controller; 309 mEnrollController.setListener(mEnrollListener); 310 mEnrollController.setActivity((SettingsActivity) getActivity()); 311 } 312 } 313 314 return mControllers; 315 } 316 buildPreferenceControllers(Context context)317 private static List<AbstractPreferenceController> buildPreferenceControllers(Context context) { 318 final List<AbstractPreferenceController> controllers = new ArrayList<>(); 319 controllers.add(new FaceSettingsKeyguardPreferenceController(context)); 320 controllers.add(new FaceSettingsAppPreferenceController(context)); 321 controllers.add(new FaceSettingsAttentionPreferenceController(context)); 322 controllers.add(new FaceSettingsRemoveButtonPreferenceController(context)); 323 controllers.add(new FaceSettingsConfirmPreferenceController(context)); 324 controllers.add(new FaceSettingsEnrollButtonPreferenceController(context)); 325 return controllers; 326 } 327 328 public static final BaseSearchIndexProvider SEARCH_INDEX_DATA_PROVIDER = 329 new BaseSearchIndexProvider(R.xml.security_settings_face) { 330 331 @Override 332 public List<AbstractPreferenceController> createPreferenceControllers( 333 Context context) { 334 if (isFaceHardwareDetected(context)) { 335 return buildPreferenceControllers(context); 336 } else { 337 return null; 338 } 339 } 340 341 @Override 342 protected boolean isPageSearchEnabled(Context context) { 343 if (isFaceHardwareDetected(context)) { 344 return hasEnrolledBiometrics(context); 345 } 346 347 return false; 348 } 349 350 @Override 351 public List<String> getNonIndexableKeys(Context context) { 352 final List<String> keys = super.getNonIndexableKeys(context); 353 final boolean isFaceHardwareDetected = isFaceHardwareDetected(context); 354 Log.d(TAG, "Get non indexable keys. isFaceHardwareDetected: " 355 + isFaceHardwareDetected + ", size:" + keys.size()); 356 if (isFaceHardwareDetected) { 357 final boolean hasEnrolled = hasEnrolledBiometrics(context); 358 keys.add(hasEnrolled ? PREF_KEY_ENROLL_FACE_UNLOCK 359 : PREF_KEY_DELETE_FACE_DATA); 360 } 361 362 if (!isAttentionSupported(context)) { 363 keys.add(FaceSettingsAttentionPreferenceController.KEY); 364 } 365 366 return keys; 367 } 368 369 private boolean isAttentionSupported(Context context) { 370 FaceFeatureProvider featureProvider = FeatureFactory.getFactory( 371 context).getFaceFeatureProvider(); 372 boolean isAttentionSupported = false; 373 if (featureProvider != null) { 374 isAttentionSupported = featureProvider.isAttentionSupported(context); 375 } 376 return isAttentionSupported; 377 } 378 379 private boolean hasEnrolledBiometrics(Context context) { 380 final FaceManager faceManager = Utils.getFaceManagerOrNull(context); 381 if (faceManager != null) { 382 return faceManager.hasEnrolledTemplates(UserHandle.myUserId()); 383 } 384 return false; 385 } 386 }; 387 } 388