Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5f00f097 authored by Billy Huang's avatar Billy Huang
Browse files

Use bugfix workflow for clear strong auth change 

* Change the flag's name to reset the workflow
* Mark it as a bugfix

Bug: 320817991
Test: atest FrameworksServicesTests:LockSettingsServiceTests
Flag: android.security.clear_strong_auth_on_adding_primary_credential
Change-Id: If61f2ca2ed353474a1e2453e4e63e8c32d47fe7c
parent cfe6940d

core/java/android/security/flags.aconfig

+5 −2
Original line number Diff line number Diff line
@@ -97,10 +97,13 @@ flag { 
}



flag {

    name: "clear_strong_auth_on_add_primary_credential"

    name: "clear_strong_auth_on_adding_primary_credential"

    namespace: "biometrics"

    description: "Clear StrongAuth on add credential"

    description: "Clear StrongAuth on adding credential"

    bug: "320817991"

    metadata {

      purpose: PURPOSE_BUGFIX

    }

}



flag {

services/core/java/com/android/server/locksettings/LockSettingsService.java

+2 −2
Original line number Diff line number Diff line
@@ -1917,7 +1917,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
     * Set a new LSKF for the given user/profile. Only succeeds if the synthetic password for the

     * user is protected by the given {@param savedCredential}.

     * <p>

     * When {@link android.security.Flags#clearStrongAuthOnAddPrimaryCredential()} is enabled and

     * When {@link android.security.Flags#clearStrongAuthOnAddingPrimaryCredential()} is enabled and

     * setting a new credential where there was none, updates the strong auth state for

     * {@param userId} to <tt>STRONG_AUTH_NOT_REQUIRED</tt>.

     *
@@ -1969,7 +1969,7 @@ public class LockSettingsService extends ILockSettings.Stub { 


            onSyntheticPasswordUnlocked(userId, sp);

            setLockCredentialWithSpLocked(credential, sp, userId);

            if (android.security.Flags.clearStrongAuthOnAddPrimaryCredential()

            if (android.security.Flags.clearStrongAuthOnAddingPrimaryCredential()

                    && savedCredential.isNone() && !credential.isNone()) {

                // Clear the strong auth value, since the LSKF has just been entered and set,

                // but only when the previous credential was None.

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java

+7 −7
Original line number Diff line number Diff line
@@ -17,7 +17,7 @@ 
package com.android.server.locksettings;



import static android.Manifest.permission.CONFIGURE_FACTORY_RESET_PROTECTION;

import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL;

import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL;



import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE;

import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD;
@@ -264,7 +264,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL)

    @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL)

    public void setLockCredential_forPrimaryUser_clearsStrongAuthWhenFlagIsOn()

            throws Exception {

        setCredential(PRIMARY_USER_ID, newPassword("password"));
@@ -273,7 +273,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL)

    @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL)

    public void setLockCredential_forPrimaryUser_leavesStrongAuthWhenFlagIsOff()

            throws Exception {

        setCredential(PRIMARY_USER_ID, newPassword("password"));
@@ -312,7 +312,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL)

    @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL)

    public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuthWhenFlagIsOn()

            throws Exception {

        mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null);
@@ -323,7 +323,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL)

    @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL)

    public void setLockCredential_profileWithNewSeparateChallenge_leavesStrongAuthWhenFlagIsOff()

            throws Exception {

        mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null);
@@ -377,7 +377,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL)

    @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL)

    public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBothWhenFlagIsOn()

            throws Exception {

        final LockscreenCredential credential = newPassword("oldPassword");
@@ -393,7 +393,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL)

    @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL)

    public void setLockCredential_primaryWithUnifiedProfile_leavesStrongAuthForBothWhenFlagIsOff()

            throws Exception {

        final LockscreenCredential credential = newPassword("oldPassword");