Add and use additional VerifyCredentialResponse helper methods (36470ad5) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/LockPatternChecker.java

+4 −5

Original line number	Original line	Diff line number	Diff line
	package com.android.internal.widget;		package com.android.internal.widget;

			import static com.android.internal.widget.flags.Flags.runCheckCredentialWithHigherPriority;

	import android.annotation.NonNull;		import android.annotation.NonNull;
	import android.os.AsyncTask;		import android.os.AsyncTask;
	import android.os.Process;		import android.os.Process;

	import android.util.Log;		import android.util.Log;

	import com.android.internal.widget.LockPatternUtils.RequestThrottledException;		import com.android.internal.widget.LockPatternUtils.RequestThrottledException;

	import static com.android.internal.widget.flags.Flags.runCheckCredentialWithHigherPriority;

	/**		/**
	* Helper class to check/verify PIN/Password/Pattern asynchronously.		* Helper class to check/verify PIN/Password/Pattern asynchronously.
	*/		*/
	@@ -52,8 +51,8 @@ public final class LockPatternChecker {
	* Invoked when a security verification is finished.		* Invoked when a security verification is finished.
	*		*
	* @param response The response, optionally containing Gatekeeper HAT or Gatekeeper Password		* @param response The response, optionally containing Gatekeeper HAT or Gatekeeper Password
	* @param throttleTimeoutMs The amount of time in ms to wait before reattempting		* @param throttleTimeoutMs The amount of time in ms to wait before reattempting the call.
	* the call. Only non-0 if the response is {@link VerifyCredentialResponse#RESPONSE_RETRY}.		* Only non-0 if {@link VerifyCredentialResponse#hasTimeout()}.
	*/		*/
	void onVerified(@NonNull VerifyCredentialResponse response, int throttleTimeoutMs);		void onVerified(@NonNull VerifyCredentialResponse response, int throttleTimeoutMs);
	}		}

core/java/com/android/internal/widget/LockPatternUtils.java

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -520,7 +520,7 @@ public class LockPatternUtils {
	return false;		return false;
	} else if (response.isMatched()) {		} else if (response.isMatched()) {
	return true;		return true;
	} else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) {		} else if (response.hasTimeout()) {
	throw new RequestThrottledException(response.getTimeout());		throw new RequestThrottledException(response.getTimeout());
	} else {		} else {
	return false;		return false;

core/java/com/android/internal/widget/VerifyCredentialResponse.java

+61 −1

Original line number	Original line	Diff line number	Diff line
	@@ -176,11 +176,26 @@ public final class VerifyCredentialResponse implements Parcelable {
	return fromError(RESPONSE_OTHER_ERROR);		return fromError(RESPONSE_OTHER_ERROR);
	}		}

			/** Builds a {@link VerifyCredentialResponse} with {@link #RESPONSE_CRED_TOO_SHORT}. */
			public static VerifyCredentialResponse credTooShort() {
			return fromError(RESPONSE_CRED_TOO_SHORT);
			}

			/** Builds a {@link VerifyCredentialResponse} with {@link #RESPONSE_CRED_ALREADY_TRIED}. */
			public static VerifyCredentialResponse credAlreadyTried() {
			return fromError(RESPONSE_CRED_ALREADY_TRIED);
			}

			/** Builds a {@link VerifyCredentialResponse} with {@link #RESPONSE_CRED_INCORRECT}. */
			public static VerifyCredentialResponse credIncorrect() {
			return fromError(RESPONSE_CRED_INCORRECT);
			}

	/**		/**
	* Builds a {@link VerifyCredentialResponse} for an error response that does not use any of the		* Builds a {@link VerifyCredentialResponse} for an error response that does not use any of the
	* additional fields.		* additional fields.
	*/		*/
	public static VerifyCredentialResponse fromError(@ResponseCode int responseCode) {		private static VerifyCredentialResponse fromError(@ResponseCode int responseCode) {
	Preconditions.checkArgument(		Preconditions.checkArgument(
	responseCode == RESPONSE_OTHER_ERROR		responseCode == RESPONSE_OTHER_ERROR
	\|\| responseCode == RESPONSE_CRED_TOO_SHORT		\|\| responseCode == RESPONSE_CRED_TOO_SHORT
	@@ -239,10 +254,55 @@ public final class VerifyCredentialResponse implements Parcelable {
	return mResponseCode;		return mResponseCode;
	}		}

			/** Returns true if credential verification succeeded. */
	public boolean isMatched() {		public boolean isMatched() {
	return mResponseCode == RESPONSE_OK;		return mResponseCode == RESPONSE_OK;
	}		}

			/**
			* Returns true if credential verification failed and there is a timeout before the next request
			* will be allowed.
			*/
			public boolean hasTimeout() {
			return mResponseCode == RESPONSE_RETRY;
			}

			/**
			* Returns true if credential verification failed because the credential was shorter than the
			* minimum length.
			*/
			public boolean isCredTooShort() {
			return mResponseCode == RESPONSE_CRED_TOO_SHORT;
			}

			/**
			* Returns true if credential verification failed because the credential was incorrect and was
			* already tried recently.
			*/
			public boolean isCredAlreadyTried() {
			return mResponseCode == RESPONSE_CRED_ALREADY_TRIED;
			}

			/**
			* Returns true if the credential is known for certain to be incorrect. Returns false in all
			* other cases: credential verification succeeded, or credential verification failed but it is
			* not known for certain that the credential is incorrect. (A credential that failed to verify
			* could still be correct if there is an active timeout or if there was a transient error.)
			*/
			public boolean isCredCertainlyIncorrect() {
			return mResponseCode == RESPONSE_CRED_TOO_SHORT
			\|\| mResponseCode == RESPONSE_CRED_ALREADY_TRIED
			\|\| mResponseCode == RESPONSE_CRED_INCORRECT;
			}

			/**
			* Returns true if credential verification failed for a reason that isn't covered by {@link
			* #hasTimeout()} or {@link #isCredCertainlyIncorrect()}.
			*/
			public boolean isOtherError() {
			return mResponseCode == RESPONSE_OTHER_ERROR;
			}

	@Override		@Override
	public String toString() {		public String toString() {
	return "Response: " + mResponseCode		return "Response: " + mResponseCode

services/core/java/com/android/server/locksettings/LockSettingsService.java

+7 −16

Original line number	Original line	Diff line number	Diff line
	@@ -1990,9 +1990,7 @@ public class LockSettingsService extends ILockSettings.Stub {
	SyntheticPassword sp = authResult.syntheticPassword;		SyntheticPassword sp = authResult.syntheticPassword;

	if (sp == null) {		if (sp == null) {
	if (response != null		if (response != null && response.hasTimeout()) {
	&& response.getResponseCode()
	== VerifyCredentialResponse.RESPONSE_RETRY) {
	Slog.w(TAG, "Failed to enroll: rate limit exceeded.");		Slog.w(TAG, "Failed to enroll: rate limit exceeded.");
	} else {		} else {
	Slog.w(TAG, "Failed to enroll: incorrect credential.");		Slog.w(TAG, "Failed to enroll: incorrect credential.");
	@@ -2479,14 +2477,11 @@ public class LockSettingsService extends ILockSettings.Stub {
	case SoftwareRateLimiterResult.RATE_LIMITED:		case SoftwareRateLimiterResult.RATE_LIMITED:
	return VerifyCredentialResponse.fromTimeout(res.remainingDelay);		return VerifyCredentialResponse.fromTimeout(res.remainingDelay);
	case SoftwareRateLimiterResult.CREDENTIAL_TOO_SHORT:		case SoftwareRateLimiterResult.CREDENTIAL_TOO_SHORT:
	return VerifyCredentialResponse.fromError(		return VerifyCredentialResponse.credTooShort();
	VerifyCredentialResponse.RESPONSE_CRED_TOO_SHORT);
	case SoftwareRateLimiterResult.DUPLICATE_WRONG_GUESS:		case SoftwareRateLimiterResult.DUPLICATE_WRONG_GUESS:
	return VerifyCredentialResponse.fromError(		return VerifyCredentialResponse.credAlreadyTried();
	VerifyCredentialResponse.RESPONSE_CRED_ALREADY_TRIED);
	default:		default:
	return VerifyCredentialResponse.fromError(		return VerifyCredentialResponse.fromError();
	VerifyCredentialResponse.RESPONSE_OTHER_ERROR);
	}		}
	}		}
	if (isSpecialUserId(userId)) {		if (isSpecialUserId(userId)) {
	@@ -2526,11 +2521,9 @@ public class LockSettingsService extends ILockSettings.Stub {
	.build();		.build();
	}		}
	sendCredentialsOnUnlockIfRequired(credential, userId);		sendCredentialsOnUnlockIfRequired(credential, userId);
	} else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) {		} else if (response.hasTimeout() && response.getTimeout() > 0) {
	if (response.getTimeout() > 0) {
	requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId);		requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, userId);
	}		}
	}
	notifyLockSettingsStateListeners(response.isMatched(), userId);		notifyLockSettingsStateListeners(response.isMatched(), userId);
	return response;		return response;
	}		}
	@@ -2548,9 +2541,7 @@ public class LockSettingsService extends ILockSettings.Stub {
	if (response.isMatched()) {		if (response.isMatched()) {
	mSoftwareRateLimiter.reportSuccess(lskfId);		mSoftwareRateLimiter.reportSuccess(lskfId);
	} else {		} else {
	boolean isCertainlyWrongGuess =		boolean isCertainlyWrongGuess = response.isCredCertainlyIncorrect();
	response.getResponseCode()
	== VerifyCredentialResponse.RESPONSE_CRED_INCORRECT;
	Duration swTimeout =		Duration swTimeout =
	mSoftwareRateLimiter.reportFailure(		mSoftwareRateLimiter.reportFailure(
	lskfId, credential, isCertainlyWrongGuess);		lskfId, credential, isCertainlyWrongGuess);

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+1 −2

Original line number	Original line	Diff line number	Diff line
	@@ -730,8 +730,7 @@ class SyntheticPasswordManager {
	Duration.ofMillis(weaverResponse.timeout));		Duration.ofMillis(weaverResponse.timeout));
	}		}
	if (android.security.Flags.softwareRatelimiter()) {		if (android.security.Flags.softwareRatelimiter()) {
	yield VerifyCredentialResponse.fromError(		yield VerifyCredentialResponse.credIncorrect();
	VerifyCredentialResponse.RESPONSE_CRED_INCORRECT);
	}		}
	yield VerifyCredentialResponse.OTHER_ERROR;		yield VerifyCredentialResponse.OTHER_ERROR;
	}		}