Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0da8983b authored by Rubin Xu's avatar Rubin Xu
Browse files

Require strong auth after user is stopped 

Stopping and restarting a user is equivalent to power cycling
the device, we should require strong auth in this case. This
is particularly important for FBE devices since the user's CE
storage can only be decrypted with strong auth after user restart.

Bug: 69724715
Test: Add guest user with fingerprint, switch to owner and back to
      guest. Verify keyguard requires strong auth.

Change-Id: I9b6b339187cbb82bc9036f0b391babc3c5226378
parent 3ff20e22

services/core/java/com/android/server/locksettings/LockSettingsService.java

+5 −0
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import static android.Manifest.permission.READ_CONTACTS; 
import static android.content.Context.KEYGUARD_SERVICE;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;



import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT;

import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;

import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;

import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY;
@@ -524,6 +525,10 @@ public class LockSettingsService extends ILockSettings.Stub { 


    public void onCleanupUser(int userId) {

        hideEncryptionNotification(new UserHandle(userId));

        // User is stopped with its CE key evicted. Require strong auth next time to be able to

        // unlock the user's storage. Use STRONG_AUTH_REQUIRED_AFTER_BOOT since stopping and

        // restarting a user later is equivalent to rebooting the device.

        requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_BOOT, userId);

    }



    public void onStartUser(final int userId) {