Loading services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java +1 −1 Original line number Diff line number Diff line Loading @@ -540,7 +540,7 @@ public class AuthenticationPolicyService extends SystemService { try { boolean authenticationComplete = mSecureLockDeviceService.hasUserCompletedTwoFactorAuthentication(user); Slog.d("SecureLockDeviceService", "Disabling secure lock device: " Slog.d(TAG, "Disabling secure lock device: " + "user " + user + ", authenticationComplete " + authenticationComplete); return mSecureLockDeviceService.disableSecureLockDevice(user, params, /* authenticationComplete = */ authenticationComplete); Loading services/core/java/com/android/server/security/authenticationpolicy/SecureLockDeviceService.java +16 −3 Original line number Diff line number Diff line Loading @@ -119,6 +119,10 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal { // to disable secure lock. Will be null if no user is currently authenticated. private UserHandle mUserAuthenticatedWithStrongBiometric = null; // Whether test mode is enabled, meaning components of the feature that interfere with testing // should be disabled (i.e. disabling USB connections, ADB, etc) private boolean mSkipSecurityFeaturesForTest; SecureLockDeviceService(@NonNull Context context, @NonNull SecureLockDeviceSettingsManager settingsManager, @Nullable BiometricManager biometricManager, Loading Loading @@ -511,9 +515,17 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal { return ERROR_NOT_AUTHORIZED; } // Clears strong auth flags if (mSkipSecurityFeaturesForTest) { // 1) Clears strong auth flags and 2) unlocks user. authenticationComplete must be true // for tests in order to prevent relocking CE storage, which interferes with tests mLockSettingsInternal.disableSecureLockDevice(secureLockDeviceClientId, /* authenticationComplete =*/ true); } else { // 1) Clears strong auth flags and 2) unlocks user if two-factor authentication is // complete, or locks user if two-factor authentication is incomplete mLockSettingsInternal.disableSecureLockDevice(secureLockDeviceClientId, authenticationComplete); } disableSecurityFeatures(secureLockDeviceClientId); mStore.storeSecureLockDeviceDisabled(); Loading Loading @@ -708,6 +720,7 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal { if (DEBUG) { Slog.d(TAG, "setSecureLockDeviceTestStatus(isTestMode = " + isTestMode + ")"); } mSkipSecurityFeaturesForTest = isTestMode; mSecureLockDeviceSettingsManager.setSkipSecurityFeaturesForTest(isTestMode); } Loading services/tests/servicestests/src/com/android/server/security/authenticationpolicy/SecureLockDeviceServiceTest.java +2 −1 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STR import static com.google.common.truth.Truth.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.ArgumentMatchers.anyString; Loading Loading @@ -494,7 +495,7 @@ public class SecureLockDeviceServiceTest { disableSecureLockDevice(mUser); verify(mLockSettingsInternal).disableSecureLockDevice(eq(TEST_USER_ID), eq(false)); verify(mLockSettingsInternal).disableSecureLockDevice(eq(TEST_USER_ID), anyBoolean()); } @Test Loading Loading
services/core/java/com/android/server/security/authenticationpolicy/AuthenticationPolicyService.java +1 −1 Original line number Diff line number Diff line Loading @@ -540,7 +540,7 @@ public class AuthenticationPolicyService extends SystemService { try { boolean authenticationComplete = mSecureLockDeviceService.hasUserCompletedTwoFactorAuthentication(user); Slog.d("SecureLockDeviceService", "Disabling secure lock device: " Slog.d(TAG, "Disabling secure lock device: " + "user " + user + ", authenticationComplete " + authenticationComplete); return mSecureLockDeviceService.disableSecureLockDevice(user, params, /* authenticationComplete = */ authenticationComplete); Loading
services/core/java/com/android/server/security/authenticationpolicy/SecureLockDeviceService.java +16 −3 Original line number Diff line number Diff line Loading @@ -119,6 +119,10 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal { // to disable secure lock. Will be null if no user is currently authenticated. private UserHandle mUserAuthenticatedWithStrongBiometric = null; // Whether test mode is enabled, meaning components of the feature that interfere with testing // should be disabled (i.e. disabling USB connections, ADB, etc) private boolean mSkipSecurityFeaturesForTest; SecureLockDeviceService(@NonNull Context context, @NonNull SecureLockDeviceSettingsManager settingsManager, @Nullable BiometricManager biometricManager, Loading Loading @@ -511,9 +515,17 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal { return ERROR_NOT_AUTHORIZED; } // Clears strong auth flags if (mSkipSecurityFeaturesForTest) { // 1) Clears strong auth flags and 2) unlocks user. authenticationComplete must be true // for tests in order to prevent relocking CE storage, which interferes with tests mLockSettingsInternal.disableSecureLockDevice(secureLockDeviceClientId, /* authenticationComplete =*/ true); } else { // 1) Clears strong auth flags and 2) unlocks user if two-factor authentication is // complete, or locks user if two-factor authentication is incomplete mLockSettingsInternal.disableSecureLockDevice(secureLockDeviceClientId, authenticationComplete); } disableSecurityFeatures(secureLockDeviceClientId); mStore.storeSecureLockDeviceDisabled(); Loading Loading @@ -708,6 +720,7 @@ public class SecureLockDeviceService extends SecureLockDeviceServiceInternal { if (DEBUG) { Slog.d(TAG, "setSecureLockDeviceTestStatus(isTestMode = " + isTestMode + ")"); } mSkipSecurityFeaturesForTest = isTestMode; mSecureLockDeviceSettingsManager.setSkipSecurityFeaturesForTest(isTestMode); } Loading
services/tests/servicestests/src/com/android/server/security/authenticationpolicy/SecureLockDeviceServiceTest.java +2 −1 Original line number Diff line number Diff line Loading @@ -50,6 +50,7 @@ import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STR import static com.google.common.truth.Truth.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.ArgumentMatchers.anyString; Loading Loading @@ -494,7 +495,7 @@ public class SecureLockDeviceServiceTest { disableSecureLockDevice(mUser); verify(mLockSettingsInternal).disableSecureLockDevice(eq(TEST_USER_ID), eq(false)); verify(mLockSettingsInternal).disableSecureLockDevice(eq(TEST_USER_ID), anyBoolean()); } @Test Loading
