Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25df198e authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Keep escrow data for test users 

For normal unmanaged users escrow data is destroyed when the user
authenticates successfully. This makes such a user unusable for password reset tests.

Bug: 397357492
Test: atest FrameworksServicesTests:com.android.server.locksettings
Flag: EXEMPT bugfix

Change-Id: I451a778a4208c6a50592bc5df88f65991fa727aa
parent 8cfa11a6

services/core/java/com/android/server/locksettings/LockSettingsService.java

+6 −0
Original line number Diff line number Diff line
@@ -3618,6 +3618,12 @@ public class LockSettingsService extends ILockSettings.Stub { 
            return;

        }



        UserInfo userInfo = mInjector.getUserManagerInternal().getUserInfo(userId);

        if (userInfo != null && userInfo.isForTesting()) {

            Slog.i(TAG, "Keeping escrow data for test-only user");

            return;

        }



        // Disable escrow token permanently on all other device/user types.

        Slogf.i(TAG, "Permanently disabling support for escrow tokens on user %d", userId);

        mSpManager.destroyEscrowData(userId);

services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

+42 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server.locksettings;



import static android.content.pm.UserInfo.FLAG_FOR_TESTING;

import static android.content.pm.UserInfo.FLAG_FULL;

import static android.content.pm.UserInfo.FLAG_MAIN;

import static android.content.pm.UserInfo.FLAG_PRIMARY;
@@ -44,6 +45,8 @@ import static org.mockito.Mockito.when; 


import android.app.PropertyInvalidatedCache;

import android.app.admin.PasswordMetrics;

import android.content.ComponentName;

import android.content.pm.UserInfo;

import android.os.RemoteException;

import android.platform.test.annotations.Presubmit;
@@ -356,6 +359,45 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        assertArrayEquals(storageKey, mStorageManager.getUserUnlockToken(PRIMARY_USER_ID));

    }



    @Test

    public void testEscrowDataRetainedWhenManagedUserVerifiesCredential() throws RemoteException {

        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(true);



        LockscreenCredential password = newPassword("password");

        initSpAndSetCredential(PRIMARY_USER_ID, password);



        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);



        assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID));

    }



    @Test

    public void testEscrowDataRetainedWhenUnmanagedTestUserVerifiesCredential()

            throws RemoteException {

        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false);

        UserInfo userInfo = mUserManagerInternal.getUserInfo(PRIMARY_USER_ID);

        userInfo.flags |= FLAG_FOR_TESTING;



        LockscreenCredential password = newPassword("password");

        initSpAndSetCredential(PRIMARY_USER_ID, password);



        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);



        assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID));

    }



    @Test

    public void testEscrowDataDeletedWhenUnmanagedUserVerifiesCredential() throws RemoteException {

        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false);



        LockscreenCredential password = newPassword("password");

        initSpAndSetCredential(PRIMARY_USER_ID, password);



        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);



        assertFalse("Escrow data wasn't destroyed", mSpManager.hasAnyEscrowData(PRIMARY_USER_ID));

    }



    @Test

    public void testTokenBasedClearPassword() throws RemoteException {

        LockscreenCredential password = newPassword("password");