1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.settings.biometrics; 18 19 import android.app.admin.DevicePolicyManager; 20 import android.app.supervision.SupervisionManager; 21 import android.content.ComponentName; 22 import android.content.Context; 23 import android.hardware.biometrics.BiometricAuthenticator; 24 import android.hardware.biometrics.ParentalControlsUtilsInternal; 25 import android.os.UserHandle; 26 import android.os.UserManager; 27 import android.util.Log; 28 29 import androidx.annotation.NonNull; 30 import androidx.annotation.Nullable; 31 32 import com.android.internal.annotations.VisibleForTesting; 33 import com.android.settingslib.RestrictedLockUtils; 34 import com.android.settingslib.supervision.SupervisionRestrictionsHelper; 35 36 /** 37 * Utilities for things at the cross-section of biometrics and parental controls. For example, 38 * determining if parental consent is required, determining which strings should be shown, etc. 39 */ 40 public class ParentalControlsUtils { 41 42 private static final String TAG = "ParentalControlsUtils"; 43 44 /** 45 * Public version that enables test paths, see 46 * {@link android.hardware.biometrics.ParentalControlsUtilsInternal#getTestComponentName} 47 * @return non-null EnforcedAdmin if parental consent is required 48 */ 49 @Nullable parentConsentRequired(@onNull Context context, @BiometricAuthenticator.Modality int modality)50 public static RestrictedLockUtils.EnforcedAdmin parentConsentRequired(@NonNull Context context, 51 @BiometricAuthenticator.Modality int modality) { 52 53 final int userId = UserHandle.myUserId(); 54 final UserHandle userHandle = new UserHandle(userId); 55 final ComponentName testComponentName = ParentalControlsUtilsInternal.getTestComponentName( 56 context, userId); 57 if (testComponentName != null) { 58 Log.d(TAG, "Requiring consent for test flow"); 59 return new RestrictedLockUtils.EnforcedAdmin(testComponentName, 60 UserManager.DISALLOW_BIOMETRIC, userHandle); 61 } 62 63 return parentConsentRequiredInternal(context, modality, userHandle); 64 } 65 66 /** 67 * Internal testable version. 68 * @return non-null EnforcedAdmin if parental consent is required 69 */ 70 @Nullable 71 @VisibleForTesting parentConsentRequiredInternal( @onNull Context context, @BiometricAuthenticator.Modality int modality, @NonNull UserHandle userHandle)72 static RestrictedLockUtils.EnforcedAdmin parentConsentRequiredInternal( 73 @NonNull Context context, 74 @BiometricAuthenticator.Modality int modality, 75 @NonNull UserHandle userHandle) { 76 final DevicePolicyManager dpm = context.getSystemService(DevicePolicyManager.class); 77 final SupervisionManager sm = 78 android.app.supervision.flags.Flags.deprecateDpmSupervisionApis() 79 ? context.getSystemService(SupervisionManager.class) 80 : null; 81 82 if (!ParentalControlsUtilsInternal.parentConsentRequired( 83 dpm, sm, modality, userHandle)) { 84 return null; 85 } 86 if (android.app.supervision.flags.Flags.deprecateDpmSupervisionApis()) { 87 return SupervisionRestrictionsHelper.createEnforcedAdmin( 88 context, UserManager.DISALLOW_BIOMETRIC, userHandle); 89 } else { 90 final ComponentName cn = 91 ParentalControlsUtilsInternal.getSupervisionComponentName(dpm, userHandle); 92 return new RestrictedLockUtils.EnforcedAdmin(cn, UserManager.DISALLOW_BIOMETRIC, 93 userHandle); 94 } 95 } 96 } 97