Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3579b505 authored by Dmitry Dementyev's avatar Dmitry Dementyev
Browse files

Reset BadRemoteGuess counter after LSKF change. 

Bug: 319923018
Test: atest com.android.server.locksettings.recoverablekeystore
Change-Id: I53222aa7b6e0a7ce3b13611e9766ffa61f89983f
parent b9070b2f

services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java

+3 −0
Original line number Diff line number Diff line
@@ -168,6 +168,9 @@ public class KeySyncTask implements Runnable { 
    }



    private void syncKeys() throws RemoteException {

        if (mCredentialUpdated && mRecoverableKeyStoreDb.getBadRemoteGuessCounter(mUserId) != 0) {

            mRecoverableKeyStoreDb.setBadRemoteGuessCounter(mUserId, 0);

        }

        int generation = mPlatformKeyManager.getGenerationId(mUserId);

        if (mCredentialType == LockPatternUtils.CREDENTIAL_TYPE_NONE) {

            // Application keys for the user will not be available for sync.

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java

+43 −0
Original line number Diff line number Diff line
@@ -89,6 +89,7 @@ public class KeySyncTaskTest { 
    private static final String WRAPPING_KEY_ALIAS = "KeySyncTaskTest/WrappingKey";

    private static final String DATABASE_FILE_NAME = "recoverablekeystore.db";

    private static final int TEST_USER_ID = 1000;

    private static final int TEST_USER_ID_2 = 1002;

    private static final int TEST_RECOVERY_AGENT_UID = 10009;

    private static final int TEST_RECOVERY_AGENT_UID2 = 10010;

    private static final byte[] TEST_VAULT_HANDLE =
@@ -823,6 +824,48 @@ public class KeySyncTaskTest { 
        verify(mSnapshotListenersStorage).recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID2);

    }



    @Test

    public void run_unlock_keepsRemoteLskfVerificationCounter() throws Exception {

        mRecoverableKeyStoreDb.setBadRemoteGuessCounter(TEST_USER_ID, 5);

        mRecoverableKeyStoreDb.setBadRemoteGuessCounter(TEST_USER_ID_2, 4);

        mKeySyncTask = new KeySyncTask(

          mRecoverableKeyStoreDb,

          mRecoverySnapshotStorage,

          mSnapshotListenersStorage,

          TEST_USER_ID,

          CREDENTIAL_TYPE_PIN,

          "12345".getBytes(),

          /*credentialUpdated=*/ false,

          mPlatformKeyManager,

          mTestOnlyInsecureCertificateHelper,

          mMockScrypt);

        mKeySyncTask.run();



        assertThat(mRecoverableKeyStoreDb.getBadRemoteGuessCounter(TEST_USER_ID)).isEqualTo(5);

        assertThat(mRecoverableKeyStoreDb.getBadRemoteGuessCounter(TEST_USER_ID_2)).isEqualTo(4);

    }



    @Test

    public void run_secretChange_resetsRemoteLskfVerificationCounter() throws Exception {

        mRecoverableKeyStoreDb.setBadRemoteGuessCounter(TEST_USER_ID, 5);

        mRecoverableKeyStoreDb.setBadRemoteGuessCounter(TEST_USER_ID_2, 4);

        mKeySyncTask = new KeySyncTask(

          mRecoverableKeyStoreDb,

          mRecoverySnapshotStorage,

          mSnapshotListenersStorage,

          TEST_USER_ID,

          CREDENTIAL_TYPE_PIN,

          "12345".getBytes(),

          /*credentialUpdated=*/ true,

          mPlatformKeyManager,

          mTestOnlyInsecureCertificateHelper,

          mMockScrypt);

        mKeySyncTask.run();



        assertThat(mRecoverableKeyStoreDb.getBadRemoteGuessCounter(TEST_USER_ID)).isEqualTo(0);

        assertThat(mRecoverableKeyStoreDb.getBadRemoteGuessCounter(TEST_USER_ID_2)).isEqualTo(4);

    }



    @Test

    public void run_customLockScreen_RecoveryStatusFailure() throws Exception {

      mKeySyncTask = new KeySyncTask(