Fix CTS test failures (078904e0) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -540,7 +540,7 @@ public class AuthenticationPolicyService extends SystemService {
		try {
		boolean authenticationComplete =
		mSecureLockDeviceService.hasUserCompletedTwoFactorAuthentication(user);
		Slog.d("SecureLockDeviceService", "Disabling secure lock device: "
		Slog.d(TAG, "Disabling secure lock device: "
		+ "user " + user + ", authenticationComplete " + authenticationComplete);
		return mSecureLockDeviceService.disableSecureLockDevice(user, params,
		/* authenticationComplete = */ authenticationComplete);

services/core/java/com/android/server/security/authenticationpolicy/SecureLockDeviceService.java

+16 −3

Original line number	Diff line number	Diff line
		@@ -119,6 +119,10 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal {
		// to disable secure lock. Will be null if no user is currently authenticated.
		private UserHandle mUserAuthenticatedWithStrongBiometric = null;

		// Whether test mode is enabled, meaning components of the feature that interfere with testing
		// should be disabled (i.e. disabling USB connections, ADB, etc)
		private boolean mSkipSecurityFeaturesForTest;

		SecureLockDeviceService(@NonNull Context context,
		@NonNull SecureLockDeviceSettingsManager settingsManager,
		@Nullable BiometricManager biometricManager,
		@@ -511,9 +515,17 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal {
		return ERROR_NOT_AUTHORIZED;
		}

		// Clears strong auth flags
		if (mSkipSecurityFeaturesForTest) {
		// 1) Clears strong auth flags and 2) unlocks user. authenticationComplete must be true
		// for tests in order to prevent relocking CE storage, which interferes with tests
		mLockSettingsInternal.disableSecureLockDevice(secureLockDeviceClientId,
		/* authenticationComplete =*/ true);
		} else {
		// 1) Clears strong auth flags and 2) unlocks user if two-factor authentication is
		// complete, or locks user if two-factor authentication is incomplete
		mLockSettingsInternal.disableSecureLockDevice(secureLockDeviceClientId,
		authenticationComplete);
		}
		disableSecurityFeatures(secureLockDeviceClientId);

		mStore.storeSecureLockDeviceDisabled();
		@@ -708,6 +720,7 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal {
		if (DEBUG) {
		Slog.d(TAG, "setSecureLockDeviceTestStatus(isTestMode = " + isTestMode + ")");
		}
		mSkipSecurityFeaturesForTest = isTestMode;
		mSecureLockDeviceSettingsManager.setSkipSecurityFeaturesForTest(isTestMode);
		}

services/tests/servicestests/src/com/android/server/security/authenticationpolicy/SecureLockDeviceServiceTest.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -50,6 +50,7 @@ import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STR
		import static com.google.common.truth.Truth.assertThat;

		import static org.mockito.ArgumentMatchers.any;
		import static org.mockito.ArgumentMatchers.anyBoolean;
		import static org.mockito.ArgumentMatchers.anyInt;
		import static org.mockito.ArgumentMatchers.anyLong;
		import static org.mockito.ArgumentMatchers.anyString;
		@@ -494,7 +495,7 @@ public class SecureLockDeviceServiceTest {

		disableSecureLockDevice(mUser);

		verify(mLockSettingsInternal).disableSecureLockDevice(eq(TEST_USER_ID), eq(false));
		verify(mLockSettingsInternal).disableSecureLockDevice(eq(TEST_USER_ID), anyBoolean());
		}

		@Test