device/fido/mac: add more specific check for TouchID availability

Prior to macOS 10.13.2, the only way to check for TouchID was to check
for the ability to evaluate the LAPolicyDeviceOwnerAuthenticationWithBiometrics
policy. 10.13.2 introduced a more granular check for LABiometryTypeTouchID.

This PR ensures on systems after macOS 10.13.2 that we check for this specific
biometry, and fall back to to the old check if we do not have access to this new enum.

R=martinkr@google.com

Bug: N/A
Change-Id: I3a3d2d332547b09cf3c6e062709ed06b6e1a052d
Reviewed-on: https://chromium-review.googlesource.com/c/1487811Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#636651}

AUTHORS

@@ -809,6 +809,7 @@ Shanmuga Pandi M <shanmuga.m@samsung.com>
 Shaobo Yan <shaobo.yan@intel.com>
 Shashi Kumar <sk.kumar@samsung.com>
 Shawn Anastasio <shawnanastasio@gmail.com>
+Shelley Vohr <shelley.vohr@gmail.com>
 Shen Yu <shenyu.tcv@gmail.com>
 Sherry Mou <wenjinm@amazon.com>
 Shez Baig <sbaig1@bloomberg.net>

base/mac/sdk_forward_declarations.h

@@ -16,6 +16,7 @@
 #import <CoreWLAN/CoreWLAN.h>
 #import <IOBluetooth/IOBluetooth.h>
 #import <ImageCaptureCore/ImageCaptureCore.h>
+#import <LocalAuthentication/LocalAuthentication.h>
 #import <QuartzCore/QuartzCore.h>
 #include <stdint.h>
 
@@ -69,6 +70,22 @@ typedef NSUInteger NSSpringLoadingHighlight;
 
 #endif  // MAC_OS_X_VERSION_10_12
 
+#if !defined(MAC_OS_X_VERSION_10_13_2) || \
+    MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_13_2
+
+enum {
+  LABiometryTypeNone = 0,
+  LABiometryTypeFaceID = 1,
+  LABiometryTypeTouchID = 2
+};
+typedef NSInteger LABiometryType;
+
+@interface LAContext (HighSierraPointTwoSDK)
+@property(nonatomic, readonly) LABiometryType biometryType;
+@end
+
+#endif  // MAC_OS_X_VERSION_10_13_2
+
 // ----------------------------------------------------------------------------
 // Define NSStrings only available in newer versions of the OSX SDK to force
 // them to be statically linked.

device/fido/mac/touch_id_context.mm

@@ -9,6 +9,7 @@
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/mac/foundation_util.h"
+#include "base/mac/sdk_forward_declarations.h"
 #include "base/memory/ptr_util.h"
 #include "base/sequenced_task_runner.h"
 #include "base/strings/sys_string_conversions.h"
@@ -49,9 +50,12 @@ std::unique_ptr<TouchIdContext> TouchIdContext::Create() {
 // static
 bool TouchIdContext::TouchIdAvailableImpl() {
   base::scoped_nsobject<LAContext> context([[LAContext alloc] init]);
-  return
+  bool available =
       [context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics
                            error:nil];
+  if (@available(macOS 10.13.2, *))
+    return available && [context biometryType] == LABiometryTypeTouchID;
+  return available;
 }
 
 // static