Loading Android.mk +1 −0 Original line number Diff line number Diff line Loading @@ -209,6 +209,7 @@ LOCAL_SRC_FILES += \ core/java/android/security/IKeystoreService.aidl \ core/java/android/service/carrier/ICarrierMessagingCallback.aidl \ core/java/android/service/carrier/ICarrierMessagingService.aidl \ core/java/android/service/gatekeeper/IGateKeeperService.aidl \ core/java/android/service/notification/INotificationListener.aidl \ core/java/android/service/notification/IStatusBarNotificationHolder.aidl \ core/java/android/service/notification/IConditionListener.aidl \ Loading core/java/android/service/gatekeeper/IGateKeeperService.aidl 0 → 100644 +65 −0 Original line number Diff line number Diff line /* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.service.gatekeeper; /** * Interface for communication with GateKeeper, the * secure password storage daemon. * * This must be kept manually in sync with system/core/gatekeeperd * until AIDL can generate both C++ and Java bindings. * * @hide */ interface IGateKeeperService { /** * Enrolls a password, returning the handle to the enrollment to be stored locally. * @param uid The Android user ID associated to this enrollment * @param currentPasswordHandle The previously enrolled handle, or null if none * @param currentPassword The previously enrolled plaintext password, or null if none. * If provided, must verify against the currentPasswordHandle. * @param desiredPassword The new desired password, for which a handle will be returned * upon success. * @return the handle corresponding to desiredPassword, or null */ byte[] enroll(int uid, in byte[] currentPasswordHandle, in byte[] currentPassword, in byte[] desiredPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param enrolledPasswordHandle The handle against which the provided password will be * verified. * @param The plaintext blob to verify against enrolledPassword. * @return True if the authentication was successful */ boolean verify(int uid, in byte[] enrolledPasswordHandle, in byte[] providedPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param challenge a challenge to authenticate agaisnt the device credential. If successful * authentication occurs, this value will be written to the returned * authentication attestation. * @param enrolledPasswordHandle The handle against which the provided password will be * verified. * @param The plaintext blob to verify against enrolledPassword. * @return an opaque attestation of authentication on success, or null. */ byte[] verifyChallenge(int uid, long challenge, in byte[] enrolledPasswordHandle, in byte[] providedPassword); } core/java/com/android/internal/widget/ILockSettings.aidl +4 −2 Original line number Diff line number Diff line Loading @@ -24,10 +24,12 @@ interface ILockSettings { boolean getBoolean(in String key, in boolean defaultValue, in int userId); long getLong(in String key, in long defaultValue, in int userId); String getString(in String key, in String defaultValue, in int userId); void setLockPattern(in String pattern, int userId); void setLockPattern(in String pattern, in String savedPattern, int userId); boolean checkPattern(in String pattern, int userId); void setLockPassword(in String password, int userId); byte[] verifyPattern(in String pattern, long challenge, int userId); void setLockPassword(in String password, in String savedPassword, int userId); boolean checkPassword(in String password, int userId); byte[] verifyPassword(in String password, long challenge, int userId); boolean checkVoldPassword(int userId); boolean havePattern(int userId); boolean havePassword(int userId); Loading core/java/com/android/internal/widget/LockPatternUtils.java +54 −10 Original line number Diff line number Diff line Loading @@ -279,6 +279,24 @@ public class LockPatternUtils { } } /** * Check to see if a pattern matches the saved pattern. * If pattern matches, return an opaque attestation that the challenge * was verified. * * @param pattern The pattern to check. * @param challenge The challenge to verify against the pattern * @return the attestation that the challenge was verified, or null. */ public byte[] verifyPattern(List<LockPatternView.Cell> pattern, long challenge) { final int userId = getCurrentOrCallingUserId(); try { return getLockSettings().verifyPattern(patternToString(pattern), challenge, userId); } catch (RemoteException re) { return null; } } /** * Check to see if a pattern matches the saved pattern. If no pattern exists, * always returns true. Loading @@ -294,6 +312,24 @@ public class LockPatternUtils { } } /** * Check to see if a password matches the saved password. * If password matches, return an opaque attestation that the challenge * was verified. * * @param password The password to check. * @param challenge The challenge to verify against the password * @return the attestation that the challenge was verified, or null. */ public byte[] verifyPassword(String password, long challenge) { final int userId = getCurrentOrCallingUserId(); try { return getLockSettings().verifyPassword(password, challenge, userId); } catch (RemoteException re) { return null; } } /** * Check to see if a password matches the saved password. If no password exists, * always returns true. Loading Loading @@ -425,8 +461,8 @@ public class LockPatternUtils { setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle); try { getLockSettings().setLockPassword(null, userHandle); getLockSettings().setLockPattern(null, userHandle); getLockSettings().setLockPassword(null, null, userHandle); getLockSettings().setLockPattern(null, null, userHandle); } catch (RemoteException e) { // well, we tried... } Loading Loading @@ -477,24 +513,30 @@ public class LockPatternUtils { /** * Save a lock pattern. * @param pattern The new pattern to save. * @param savedPattern The previously saved pattern, or null if none */ public void saveLockPattern(List<LockPatternView.Cell> pattern) { this.saveLockPattern(pattern, getCurrentOrCallingUserId()); public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern) { this.saveLockPattern(pattern, savedPattern, getCurrentOrCallingUserId()); } public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) { this.saveLockPattern(pattern, null, userId); } /** * Save a lock pattern. * @param pattern The new pattern to save. * @param savedPattern The previously saved pattern, converted to String format * @param userId the user whose pattern is to be saved. */ public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) { public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern, int userId) { try { if (pattern == null || pattern.size() < MIN_LOCK_PATTERN_SIZE) { throw new IllegalArgumentException("pattern must not be null and at least " + MIN_LOCK_PATTERN_SIZE + " dots long."); } getLockSettings().setLockPattern(patternToString(pattern), userId); getLockSettings().setLockPattern(patternToString(pattern), savedPattern, userId); DevicePolicyManager dpm = getDevicePolicyManager(); // Update the device encryption password. Loading Loading @@ -685,10 +727,11 @@ public class LockPatternUtils { * as the requested mode, but will adjust the mode to be as good as the * pattern. * @param password The password to save * @param savedPassword The previously saved lock password, or null if none * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} */ public void saveLockPassword(String password, int quality) { saveLockPassword(password, quality, getCurrentOrCallingUserId()); public void saveLockPassword(String password, String savedPassword, int quality) { saveLockPassword(password, savedPassword, quality, getCurrentOrCallingUserId()); } /** Loading @@ -699,7 +742,8 @@ public class LockPatternUtils { * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} * @param userHandle The userId of the user to change the password for */ public void saveLockPassword(String password, int quality, int userHandle) { public void saveLockPassword(String password, String savedPassword, int quality, int userHandle) { try { DevicePolicyManager dpm = getDevicePolicyManager(); if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) { Loading @@ -707,7 +751,7 @@ public class LockPatternUtils { + "of length " + MIN_LOCK_PASSWORD_SIZE); } getLockSettings().setLockPassword(password, userHandle); getLockSettings().setLockPassword(password, savedPassword, userHandle); int computedQuality = computePasswordQuality(password); // Update the device encryption password. Loading packages/SettingsProvider/src/com/android/providers/settings/DatabaseHelper.java +1 −1 Original line number Diff line number Diff line Loading @@ -2066,7 +2066,7 @@ class DatabaseHelper extends SQLiteOpenHelper { LockPatternUtils lpu = new LockPatternUtils(mContext); List<LockPatternView.Cell> cellPattern = LockPatternUtils.stringToPattern(lockPattern); lpu.saveLockPattern(cellPattern); lpu.saveLockPattern(cellPattern, null); } catch (IllegalArgumentException e) { // Don't want corrupted lock pattern to hang the reboot process } Loading Loading
Android.mk +1 −0 Original line number Diff line number Diff line Loading @@ -209,6 +209,7 @@ LOCAL_SRC_FILES += \ core/java/android/security/IKeystoreService.aidl \ core/java/android/service/carrier/ICarrierMessagingCallback.aidl \ core/java/android/service/carrier/ICarrierMessagingService.aidl \ core/java/android/service/gatekeeper/IGateKeeperService.aidl \ core/java/android/service/notification/INotificationListener.aidl \ core/java/android/service/notification/IStatusBarNotificationHolder.aidl \ core/java/android/service/notification/IConditionListener.aidl \ Loading
core/java/android/service/gatekeeper/IGateKeeperService.aidl 0 → 100644 +65 −0 Original line number Diff line number Diff line /* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.service.gatekeeper; /** * Interface for communication with GateKeeper, the * secure password storage daemon. * * This must be kept manually in sync with system/core/gatekeeperd * until AIDL can generate both C++ and Java bindings. * * @hide */ interface IGateKeeperService { /** * Enrolls a password, returning the handle to the enrollment to be stored locally. * @param uid The Android user ID associated to this enrollment * @param currentPasswordHandle The previously enrolled handle, or null if none * @param currentPassword The previously enrolled plaintext password, or null if none. * If provided, must verify against the currentPasswordHandle. * @param desiredPassword The new desired password, for which a handle will be returned * upon success. * @return the handle corresponding to desiredPassword, or null */ byte[] enroll(int uid, in byte[] currentPasswordHandle, in byte[] currentPassword, in byte[] desiredPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param enrolledPasswordHandle The handle against which the provided password will be * verified. * @param The plaintext blob to verify against enrolledPassword. * @return True if the authentication was successful */ boolean verify(int uid, in byte[] enrolledPasswordHandle, in byte[] providedPassword); /** * Verifies an enrolled handle against a provided, plaintext blob. * @param uid The Android user ID associated to this enrollment * @param challenge a challenge to authenticate agaisnt the device credential. If successful * authentication occurs, this value will be written to the returned * authentication attestation. * @param enrolledPasswordHandle The handle against which the provided password will be * verified. * @param The plaintext blob to verify against enrolledPassword. * @return an opaque attestation of authentication on success, or null. */ byte[] verifyChallenge(int uid, long challenge, in byte[] enrolledPasswordHandle, in byte[] providedPassword); }
core/java/com/android/internal/widget/ILockSettings.aidl +4 −2 Original line number Diff line number Diff line Loading @@ -24,10 +24,12 @@ interface ILockSettings { boolean getBoolean(in String key, in boolean defaultValue, in int userId); long getLong(in String key, in long defaultValue, in int userId); String getString(in String key, in String defaultValue, in int userId); void setLockPattern(in String pattern, int userId); void setLockPattern(in String pattern, in String savedPattern, int userId); boolean checkPattern(in String pattern, int userId); void setLockPassword(in String password, int userId); byte[] verifyPattern(in String pattern, long challenge, int userId); void setLockPassword(in String password, in String savedPassword, int userId); boolean checkPassword(in String password, int userId); byte[] verifyPassword(in String password, long challenge, int userId); boolean checkVoldPassword(int userId); boolean havePattern(int userId); boolean havePassword(int userId); Loading
core/java/com/android/internal/widget/LockPatternUtils.java +54 −10 Original line number Diff line number Diff line Loading @@ -279,6 +279,24 @@ public class LockPatternUtils { } } /** * Check to see if a pattern matches the saved pattern. * If pattern matches, return an opaque attestation that the challenge * was verified. * * @param pattern The pattern to check. * @param challenge The challenge to verify against the pattern * @return the attestation that the challenge was verified, or null. */ public byte[] verifyPattern(List<LockPatternView.Cell> pattern, long challenge) { final int userId = getCurrentOrCallingUserId(); try { return getLockSettings().verifyPattern(patternToString(pattern), challenge, userId); } catch (RemoteException re) { return null; } } /** * Check to see if a pattern matches the saved pattern. If no pattern exists, * always returns true. Loading @@ -294,6 +312,24 @@ public class LockPatternUtils { } } /** * Check to see if a password matches the saved password. * If password matches, return an opaque attestation that the challenge * was verified. * * @param password The password to check. * @param challenge The challenge to verify against the password * @return the attestation that the challenge was verified, or null. */ public byte[] verifyPassword(String password, long challenge) { final int userId = getCurrentOrCallingUserId(); try { return getLockSettings().verifyPassword(password, challenge, userId); } catch (RemoteException re) { return null; } } /** * Check to see if a password matches the saved password. If no password exists, * always returns true. Loading Loading @@ -425,8 +461,8 @@ public class LockPatternUtils { setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle); try { getLockSettings().setLockPassword(null, userHandle); getLockSettings().setLockPattern(null, userHandle); getLockSettings().setLockPassword(null, null, userHandle); getLockSettings().setLockPattern(null, null, userHandle); } catch (RemoteException e) { // well, we tried... } Loading Loading @@ -477,24 +513,30 @@ public class LockPatternUtils { /** * Save a lock pattern. * @param pattern The new pattern to save. * @param savedPattern The previously saved pattern, or null if none */ public void saveLockPattern(List<LockPatternView.Cell> pattern) { this.saveLockPattern(pattern, getCurrentOrCallingUserId()); public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern) { this.saveLockPattern(pattern, savedPattern, getCurrentOrCallingUserId()); } public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) { this.saveLockPattern(pattern, null, userId); } /** * Save a lock pattern. * @param pattern The new pattern to save. * @param savedPattern The previously saved pattern, converted to String format * @param userId the user whose pattern is to be saved. */ public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) { public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern, int userId) { try { if (pattern == null || pattern.size() < MIN_LOCK_PATTERN_SIZE) { throw new IllegalArgumentException("pattern must not be null and at least " + MIN_LOCK_PATTERN_SIZE + " dots long."); } getLockSettings().setLockPattern(patternToString(pattern), userId); getLockSettings().setLockPattern(patternToString(pattern), savedPattern, userId); DevicePolicyManager dpm = getDevicePolicyManager(); // Update the device encryption password. Loading Loading @@ -685,10 +727,11 @@ public class LockPatternUtils { * as the requested mode, but will adjust the mode to be as good as the * pattern. * @param password The password to save * @param savedPassword The previously saved lock password, or null if none * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} */ public void saveLockPassword(String password, int quality) { saveLockPassword(password, quality, getCurrentOrCallingUserId()); public void saveLockPassword(String password, String savedPassword, int quality) { saveLockPassword(password, savedPassword, quality, getCurrentOrCallingUserId()); } /** Loading @@ -699,7 +742,8 @@ public class LockPatternUtils { * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} * @param userHandle The userId of the user to change the password for */ public void saveLockPassword(String password, int quality, int userHandle) { public void saveLockPassword(String password, String savedPassword, int quality, int userHandle) { try { DevicePolicyManager dpm = getDevicePolicyManager(); if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) { Loading @@ -707,7 +751,7 @@ public class LockPatternUtils { + "of length " + MIN_LOCK_PASSWORD_SIZE); } getLockSettings().setLockPassword(password, userHandle); getLockSettings().setLockPassword(password, savedPassword, userHandle); int computedQuality = computePasswordQuality(password); // Update the device encryption password. Loading
packages/SettingsProvider/src/com/android/providers/settings/DatabaseHelper.java +1 −1 Original line number Diff line number Diff line Loading @@ -2066,7 +2066,7 @@ class DatabaseHelper extends SQLiteOpenHelper { LockPatternUtils lpu = new LockPatternUtils(mContext); List<LockPatternView.Cell> cellPattern = LockPatternUtils.stringToPattern(lockPattern); lpu.saveLockPattern(cellPattern); lpu.saveLockPattern(cellPattern, null); } catch (IllegalArgumentException e) { // Don't want corrupted lock pattern to hang the reboot process } Loading
