Ignoring FUL unlock signal if user changed fixes b/7572354

Brian Colonna · Brian Colonna · commit 5eb83aa89658 · 2012-11-19T17:45:44.000-05:00
Prior to this fix, one user could log into another user's account by
waiting for FUL to recognize them on their account, and then
switching to another account at a very precise time - after FUL has
recognized the user but before the device has unlocked.

This was caused by the FUL unlock() callback telling the device to
unlock even though the user had changed.  The fix is to only unlock
the device if the current user ID matches the user ID used to run
FUL.

Change-Id: I516b52d99ab7609b836939e4aae6e7df77a9e047
diff --git a/policy/src/com/android/internal/policy/impl/keyguard/FaceUnlock.java b/policy/src/com/android/internal/policy/impl/keyguard/FaceUnlock.java
@@ -31,6 +31,7 @@
 import android.os.Message;
 import android.os.PowerManager;
 import android.os.RemoteException;
+import android.os.UserHandle;
 import android.util.Log;
 import android.view.View;
 
@@ -214,7 +215,7 @@ public boolean handleMessage(Message msg) {
                 handleServiceDisconnected();
                 break;
             case MSG_UNLOCK:
-                handleUnlock();
+                handleUnlock(msg.arg1);
                 break;
             case MSG_CANCEL:
                 handleCancel();
@@ -297,11 +298,18 @@ void handleServiceDisconnected() {
     /**
      * Stops the Face Unlock service and tells the device to grant access to the user.
      */
-    void handleUnlock() {
+    void handleUnlock(int authenticatedUserId) {
         if (DEBUG) Log.d(TAG, "handleUnlock()");
         stop();
-        mKeyguardScreenCallback.reportSuccessfulUnlockAttempt();
-        mKeyguardScreenCallback.dismiss(true);
+        int currentUserId = mLockPatternUtils.getCurrentUser();
+        if (authenticatedUserId == currentUserId) {
+            if (DEBUG) Log.d(TAG, "Unlocking for user " + authenticatedUserId);
+            mKeyguardScreenCallback.reportSuccessfulUnlockAttempt();
+            mKeyguardScreenCallback.dismiss(true);
+        } else {
+            Log.d(TAG, "Ignoring unlock for authenticated user (" + authenticatedUserId +
+                    ") because the current user is " + currentUserId);
+        }
     }
 
     /**
@@ -420,7 +428,8 @@ private void stopUi() {
          */
         public void unlock() {
             if (DEBUG) Log.d(TAG, "unlock()");
-            mHandler.sendEmptyMessage(MSG_UNLOCK);
+            Message message = mHandler.obtainMessage(MSG_UNLOCK, UserHandle.getCallingUserId(), -1);
+            mHandler.sendMessage(message);
         }
 
         /**
