1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.settings.biometrics;
18 
19 import android.app.admin.DevicePolicyManager;
20 import android.content.ComponentName;
21 import android.content.Context;
22 import android.hardware.biometrics.BiometricAuthenticator;
23 import android.hardware.biometrics.ParentalControlsUtilsInternal;
24 import android.os.UserHandle;
25 import android.os.UserManager;
26 import android.util.Log;
27 
28 import androidx.annotation.NonNull;
29 import androidx.annotation.Nullable;
30 
31 import com.android.internal.annotations.VisibleForTesting;
32 import com.android.settingslib.RestrictedLockUtils;
33 
34 /**
35  * Utilities for things at the cross-section of biometrics and parental controls. For example,
36  * determining if parental consent is required, determining which strings should be shown, etc.
37  */
38 public class ParentalControlsUtils {
39 
40     private static final String TAG = "ParentalControlsUtils";
41 
42     /**
43      * Public version that enables test paths, see
44      * {@link android.hardware.biometrics.ParentalControlsUtilsInternal#getTestComponentName}
45      * @return non-null EnforcedAdmin if parental consent is required
46      */
parentConsentRequired(@onNull Context context, @BiometricAuthenticator.Modality int modality)47     public static RestrictedLockUtils.EnforcedAdmin parentConsentRequired(@NonNull Context context,
48             @BiometricAuthenticator.Modality int modality) {
49 
50         final int userId = UserHandle.myUserId();
51         final UserHandle userHandle = new UserHandle(userId);
52         final ComponentName testComponentName = ParentalControlsUtilsInternal.getTestComponentName(
53                 context, userId);
54         if (testComponentName != null) {
55             Log.d(TAG, "Requiring consent for test flow");
56             return new RestrictedLockUtils.EnforcedAdmin(testComponentName,
57                     UserManager.DISALLOW_BIOMETRIC, userHandle);
58         }
59 
60         final DevicePolicyManager dpm = context.getSystemService(DevicePolicyManager.class);
61         return parentConsentRequiredInternal(dpm, modality, userHandle);
62     }
63 
64     /**
65      * Internal testable version.
66      * @return non-null EnforcedAdmin if parental consent is required
67      */
68     @Nullable
69     @VisibleForTesting
parentConsentRequiredInternal( @onNull DevicePolicyManager dpm, @BiometricAuthenticator.Modality int modality, @NonNull UserHandle userHandle)70     static RestrictedLockUtils.EnforcedAdmin parentConsentRequiredInternal(
71             @NonNull DevicePolicyManager dpm, @BiometricAuthenticator.Modality int modality,
72             @NonNull UserHandle userHandle) {
73         if (ParentalControlsUtilsInternal.parentConsentRequired(dpm, modality,
74                 userHandle)) {
75             final ComponentName cn =
76                     ParentalControlsUtilsInternal.getSupervisionComponentName(dpm, userHandle);
77             return new RestrictedLockUtils.EnforcedAdmin(cn, UserManager.DISALLOW_BIOMETRIC,
78                     userHandle);
79         } else {
80             return null;
81         }
82     }
83 }
84