Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0566abd5 authored by Eric Biggers's avatar Eric Biggers
Browse files

Remove non-SP based setLockCredentialInternal() 

This code is no longer used, since the migration to synthetic passwords
is always enabled.

Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: Ieefffb2641f5c12dfcd7556f529830328e8ba292
(cherry picked from commit 2dd97def)
Merged-In: Ieefffb2641f5c12dfcd7556f529830328e8ba292
parent 401e447e

services/core/java/com/android/server/locksettings/LockSettingsService.java

+3 −78
Original line number Diff line number Diff line
@@ -1722,43 +1722,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
            }

        }

        synchronized (mSpManager) {

            if (shouldMigrateToSyntheticPasswordLocked(userId)) {

            initializeSyntheticPasswordLocked(currentHandle.hash, savedCredential, userId);

            return spBasedSetLockCredentialInternalLocked(credential, savedCredential, userId,

                    isLockTiedToParent);

        }

    }

        if (DEBUG) Slog.d(TAG, "setLockCredentialInternal: user=" + userId);

        byte[] enrolledHandle = enrollCredential(currentHandle.hash,

                savedCredential.getCredential(), credential.getCredential(), userId);

        if (enrolledHandle == null) {

            Slog.w(TAG, String.format("Failed to enroll %s: incorrect credential",

                    credential.isPattern() ? "pattern" : "password"));

            return false;

        }

        CredentialHash willStore = CredentialHash.create(enrolledHandle, credential.getType());

        mStorage.writeCredentialHash(willStore, userId);

        // Still update PASSWORD_TYPE_KEY if we are running in pre-synthetic password code path,

        // since it forms part of the state that determines the credential type

        // @see getCredentialTypeInternal

        setKeyguardStoredQuality(

                LockPatternUtils.credentialTypeToPasswordQuality(credential.getType()), userId);

        // push new secret and auth token to vold

        GateKeeperResponse gkResponse;

        try {

            gkResponse = getGateKeeperService().verifyChallenge(userId, 0, willStore.hash,

                    credential.getCredential());

        } catch (RemoteException e) {

            throw new IllegalStateException("Failed to verify current credential", e);

        }

        setUserKeyProtection(userId, credential, convertResponse(gkResponse));

        fixateNewestUserKeyAuth(userId);

        // Refresh the auth token

        doVerifyCredential(credential, userId, null /* progressCallback */, 0 /* flags */);

        synchronizeUnifiedWorkChallengeForProfiles(userId, null);

        sendCredentialsOnChangeIfRequired(credential, userId, isLockTiedToParent);

        return true;

    }



    private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) {

        if (userHandle == UserHandle.USER_SYSTEM && isDeviceEncryptionEnabled() &&
@@ -1923,54 +1891,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
        mStorage.writeChildProfileLock(userId, outputStream.toByteArray());

    }



    private byte[] enrollCredential(byte[] enrolledHandle,

            byte[] enrolledCredential, byte[] toEnroll, int userId) {

        checkWritePermission(userId);

        GateKeeperResponse response;

        try {

            response = getGateKeeperService().enroll(userId, enrolledHandle,

                    enrolledCredential, toEnroll);

        } catch (RemoteException e) {

            Slog.e(TAG, "Failed to enroll credential", e);

            return null;

        }



        if (response == null) {

            return null;

        }



        byte[] hash = response.getPayload();

        if (hash != null) {

            setKeystorePassword(toEnroll, userId);

        } else {

            // Should not happen

            Slog.e(TAG, "Throttled while enrolling a password");

        }

        return hash;

    }



    private void setAuthlessUserKeyProtection(int userId, byte[] key) {

        if (DEBUG) Slog.d(TAG, "setAuthlessUserKeyProtectiond: user=" + userId);

        addUserKeyAuth(userId, null, key);

    }



    private void setUserKeyProtection(int userId, LockscreenCredential credential,

            VerifyCredentialResponse vcr) {

        if (DEBUG) Slog.d(TAG, "setUserKeyProtection: user=" + userId);

        if (vcr == null) {

            throw new IllegalArgumentException("Null response verifying a credential we just set");

        }

        if (vcr.getResponseCode() != VerifyCredentialResponse.RESPONSE_OK) {

            throw new IllegalArgumentException("Non-OK response verifying a credential we just set "

                    + vcr.getResponseCode());

        }

        byte[] token = vcr.getGatekeeperHAT();

        if (token == null) {

            throw new IllegalArgumentException("Empty payload verifying a credential we just set");

        }

        addUserKeyAuth(userId, token, secretFromCredential(credential));

    }



    private void clearUserKeyProtection(int userId, byte[] secret) {

        if (DEBUG) Slog.d(TAG, "clearUserKeyProtection user=" + userId);

        final UserInfo userInfo = mUserManager.getUserInfo(userId);