Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 321e0254 authored by Eric Biggers's avatar Eric Biggers
Browse files

Remove LockSettingsInternal from LockPatternUtils 

LockPatternUtils is a utility class shared by system_server, Settings,
SystemUI, and other system processes.  Yet, some of its methods use
LockSettingsInternal.  These methods only work in system_server.
Callers of these methods should just use LockSettingsInternal directly.

Therefore, update all such callers to do just that.  Then remove the
LockPatternUtils versions of these methods.

No change in behavior intended, but a couple details worth calling
attention to:

- LockPatternUtils#setLockCredentialWithToken() had some extra code
  before it called into LockSettingsInternal.  I moved that into
  LockSettingsInternal, which already contained nearly the same code.

- UserManagerService now caches the LockSettingsInternal, like it does
  with the other local services.  LockPatternUtils did not cache it.

Bug: 408077877
Test: atest Frameworks{,Mocking}ServicesTests:com.android.server.{devicepolicy,locksettings,recoverysystem,trust}
Test: atest Frameworks{,Mocking}CoreTests:com.android.internal.widget
Flag: EXEMPT refactor
Change-Id: I72ddc018a0747f7914542bdebbec1d2a2f6bfcac
parent 4f2fdc03

core/java/com/android/internal/widget/LockPatternUtils.java

+2 −94
Original line number Diff line number Diff line
@@ -64,7 +64,6 @@ import android.view.InputDevice; 


import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.util.ArrayUtils;

import com.android.server.LocalServices;



import com.google.android.collect.Lists;
@@ -1530,30 +1529,6 @@ public class LockPatternUtils { 
        }

    }



    private LockSettingsInternal getLockSettingsInternal() {

        LockSettingsInternal service = LocalServices.getService(LockSettingsInternal.class);

        if (service == null) {

            throw new SecurityException("Only available to system server itself");

        }

        return service;

    }

    /**

     * Create an escrow token for the current user, which can later be used to unlock FBE

     * or change user password.

     *

     * After adding, if the user currently has lockscreen password, they will need to perform a

     * confirm credential operation in order to activate the token for future use. If the user

     * has no secure lockscreen, then the token is activated immediately.

     *

     * <p>This method is only available to code running in the system server process itself.

     *

     * @return a unique 64-bit token handle which is needed to refer to this token later.

     */

    public long addEscrowToken(byte[] token, int userId,

            @Nullable EscrowTokenStateChangeCallback callback) {

        return getLockSettingsInternal().addEscrowToken(token, userId, callback);

    }



    /**

     * Create a weak escrow token for the current user, which can later be used to unlock FBE

     * or change user password.
@@ -1589,18 +1564,6 @@ public class LockPatternUtils { 
        void onEscrowTokenActivated(long handle, int userId);

    }



    /**

     * Remove an escrow token.

     *

     * <p>This method is only available to code running in the system server process itself.

     *

     * @return true if the given handle refers to a valid token previously returned from

     * {@link #addEscrowToken}, whether it's active or not. return false otherwise.

     */

    public boolean removeEscrowToken(long handle, int userId) {

        return getLockSettingsInternal().removeEscrowToken(handle, userId);

    }



    /**

     * Remove a weak escrow token.

     *
@@ -1617,18 +1580,8 @@ public class LockPatternUtils { 
    }



    /**

     * Check if the given escrow token is active or not. Only active token can be used to call

     * {@link #setLockCredentialWithToken} and {@link #unlockUserWithToken}

     *

     * <p>This method is only available to code running in the system server process itself.

     */

    public boolean isEscrowTokenActive(long handle, int userId) {

        return getLockSettingsInternal().isEscrowTokenActive(handle, userId);

    }



    /**

     * Check if the given weak escrow token is active or not. Only active token can be used to call

     * {@link #setLockCredentialWithToken} and {@link #unlockUserWithToken}

     * Checks if the given weak escrow token is active or not. Only an active token can be used to

     * set the user's lock credential or unlock the user.

     */

    public boolean isWeakEscrowTokenActive(long handle, int userId) {

        try {
@@ -1649,43 +1602,6 @@ public class LockPatternUtils { 
        }

    }



    /**

     * Change a user's lock credential with a pre-configured escrow token.

     *

     * <p>This method is only available to code running in the system server process itself.

     *

     * @param credential The new credential to be set

     * @param tokenHandle Handle of the escrow token

     * @param token Escrow token

     * @param userHandle The user who's lock credential to be changed

     * @return {@code true} if the operation is successful.

     */

    public boolean setLockCredentialWithToken(@NonNull LockscreenCredential credential,

            long tokenHandle, byte[] token, int userHandle) {

        if (!hasSecureLockScreen() && credential.getType() != CREDENTIAL_TYPE_NONE) {

            throw new UnsupportedOperationException(

                    "This operation requires the lock screen feature.");

        }

        LockSettingsInternal localService = getLockSettingsInternal();



        return localService.setLockCredentialWithToken(credential, tokenHandle, token, userHandle);

    }



    /**

     * Unlock the specified user by an pre-activated escrow token. This should have the same effect

     * on device encryption as the user entering their lockscreen credentials for the first time after

     * boot, this includes unlocking the user's credential-encrypted storage as well as the keystore

     *

     * <p>This method is only available to code running in the system server process itself.

     *

     * @return {@code true} if the supplied token is valid and unlock succeeds,

     *         {@code false} otherwise.

     */

    public boolean unlockUserWithToken(long tokenHandle, byte[] token, int userId) {

        return getLockSettingsInternal().unlockUserWithToken(tokenHandle, token, userId);

    }





    /**

     * Callback to be notified about progress when checking credentials.

     */
@@ -2095,14 +2011,6 @@ public class LockPatternUtils { 
        }

    }



    public void createNewUser(@UserIdInt int userId, int userSerialNumber) {

        getLockSettingsInternal().createNewUser(userId, userSerialNumber);

    }



    public void removeUser(@UserIdInt int userId) {

        getLockSettingsInternal().removeUser(userId);

    }



   /**

     * Starts a session to verify lockscreen credentials provided by a remote device.

     */

core/java/com/android/internal/widget/LockSettingsInternal.java

+14 −2
Original line number Diff line number Diff line
@@ -108,13 +108,25 @@ public abstract class LockSettingsInternal { 
    public abstract boolean isEscrowTokenActive(long handle, int userId);



    /**

     * Set the lock credential.

     * Changes a user's lockscreen credential using a pre-activated escrow token.

     *

     * @return true if password is set.

     * @param credential The new credential to be set

     * @param tokenHandle Handle of the escrow token

     * @param token Escrow token

     * @param userId The ID of the user whose lockscreen credential to change

     * @return {@code true} if the operation is successful

     */

    public abstract boolean setLockCredentialWithToken(LockscreenCredential credential,

            long tokenHandle, byte[] token, int userId);



    /**

     * Unlocks the specified user using a pre-activated escrow token. This has the same effect on

     * device encryption as the user entering their lockscreen credential for the first time after

     * boot. This includes unlocking the user's credential-encrypted storage and keystore.

     *

     * @return {@code true} if the supplied token is valid and unlock succeeds,

     *         {@code false} otherwise.

     */

    public abstract boolean unlockUserWithToken(long tokenHandle, byte[] token, int userId);



    /**

services/core/java/com/android/server/locksettings/LockSettingsService.java

+2 −3
Original line number Diff line number Diff line
@@ -3715,10 +3715,9 @@ public class LockSettingsService extends ILockSettings.Stub { 
        @Override

        public boolean setLockCredentialWithToken(LockscreenCredential credential, long tokenHandle,

                byte[] token, int userId) {

        if (!mHasSecureLockScreen

                && credential != null && credential.getType() != CREDENTIAL_TYPE_NONE) {

            if (!mHasSecureLockScreen && credential.getType() != CREDENTIAL_TYPE_NONE) {

                throw new UnsupportedOperationException(

                        "This operation requires secure lock screen feature.");

                        "This operation requires the lock screen feature.");

            }

            if (!LockSettingsService.this.setLockCredentialWithToken(

                    credential, tokenHandle, token, userId)) {

services/core/java/com/android/server/pm/UserManagerService.java

+12 −2
Original line number Diff line number Diff line
@@ -168,6 +168,7 @@ import com.android.internal.util.FrameworkStatsLog; 
import com.android.internal.util.Preconditions;

import com.android.internal.util.XmlUtils;

import com.android.internal.widget.LockPatternUtils;

import com.android.internal.widget.LockSettingsInternal;

import com.android.modules.utils.TypedXmlPullParser;

import com.android.modules.utils.TypedXmlSerializer;

import com.android.server.BundleUtils;
@@ -388,6 +389,7 @@ public class UserManagerService extends IUserManager.Stub { 
    private PackageManagerInternal mPmInternal;

    private DevicePolicyManagerInternal mDevicePolicyManagerInternal;

    private ActivityManagerInternal mAmInternal;

    private LockSettingsInternal mLockSettingsInternal;



    /** Indicates that this is the 1st boot after the system user mode was changed by emulation. */

    private boolean mUpdatingSystemUserMode;
@@ -5973,7 +5975,7 @@ public class UserManagerService extends IUserManager.Stub { 
            t.traceEnd();



            t.traceBegin("LSS.createNewUser");

            mLockPatternUtils.createNewUser(userId, userInfo.serialNumber);

            getLockSettingsInternal().createNewUser(userId, userInfo.serialNumber);

            t.traceEnd();



            final Set<String> userTypeInstallablePackages =
@@ -6797,7 +6799,7 @@ public class UserManagerService extends IUserManager.Stub { 


        // Cleanup lock settings.  This requires that the user's DE storage still be accessible, so

        // this must happen before destroyUserStorageKeys().

        mLockPatternUtils.removeUser(userId);

        getLockSettingsInternal().removeUser(userId);



        // Evict and destroy the user's CE and DE encryption keys.  At this point, the user's CE and

        // DE storage is made inaccessible, except to delete its contents.
@@ -8588,6 +8590,14 @@ public class UserManagerService extends IUserManager.Stub { 
        return mAmInternal;

    }



    /** Returns the internal lock settings interface. */

    private LockSettingsInternal getLockSettingsInternal() {

        if (mLockSettingsInternal == null) {

            mLockSettingsInternal = LocalServices.getService(LockSettingsInternal.class);

        }

        return mLockSettingsInternal;

    }



    /**

     * Returns true, when user has {@link UserInfo#FLAG_MAIN} and system property

     * {@link com.android.internal.R.bool#config_isMainUserPermanentAdmin} is true.

services/core/java/com/android/server/trust/TrustManagerService.java

+4 −4
Original line number Diff line number Diff line
@@ -744,22 +744,22 @@ public class TrustManagerService extends SystemService { 
    }



    public long addEscrowToken(byte[] token, int userId) {

        return mLockPatternUtils.addEscrowToken(token, userId,

        return mLockSettings.addEscrowToken(token, userId,

                (long handle, int userid) -> {

                    dispatchEscrowTokenActivatedLocked(handle, userid);

                });

    }



    public boolean removeEscrowToken(long handle, int userId) {

        return mLockPatternUtils.removeEscrowToken(handle, userId);

        return mLockSettings.removeEscrowToken(handle, userId);

    }



    public boolean isEscrowTokenActive(long handle, int userId) {

        return mLockPatternUtils.isEscrowTokenActive(handle, userId);

        return mLockSettings.isEscrowTokenActive(handle, userId);

    }



    public void unlockUserWithToken(long handle, byte[] token, int userId) {

        mLockPatternUtils.unlockUserWithToken(handle, token, userId);

        mLockSettings.unlockUserWithToken(handle, token, userId);

    }



    /**