Stop checking FDE password cache (6ab6ad82) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/ILockSettings.aidl

+0 −1

Original line number	Diff line number	Diff line
		@@ -53,7 +53,6 @@ interface ILockSettings {
		VerifyCredentialResponse verifyTiedProfileChallenge(in LockscreenCredential credential, int userId, int flags);
		VerifyCredentialResponse verifyGatekeeperPasswordHandle(long gatekeeperPasswordHandle, long challenge, int userId);
		void removeGatekeeperPasswordHandle(long gatekeeperPasswordHandle);
		boolean checkVoldPassword(int userId);
		int getCredentialType(int userId);
		byte[] getHashFactor(in LockscreenCredential currentCredential, int userId);
		void setSeparateProfileChallengeEnabled(int userId, boolean enabled, in LockscreenCredential managedUserPassword);

core/java/com/android/internal/widget/LockPatternUtils.java

+0 −14

Original line number	Diff line number	Diff line
		@@ -525,20 +525,6 @@ public class LockPatternUtils {
		}
		}

		/**
		* Check to see if vold already has the password.
		* Note that this also clears vold's copy of the password.
		* @return Whether the vold password matches or not.
		*/
		public boolean checkVoldPassword(int userId) {
		try {
		return getLockSettings().checkVoldPassword(userId);
		} catch (RemoteException re) {
		Log.e(TAG, "failed to check vold password", re);
		return false;
		}
		}

		/**
		* Returns the password history hash factor, needed to check new password against password
		* history with {@link #checkPasswordHistory(byte[], byte[], int)}

packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

+0 −8

Original line number	Diff line number	Diff line
		@@ -1706,14 +1706,6 @@ public class KeyguardViewMediator extends CoreStartable implements Dumpable,
		if (DEBUG) Log.d(TAG, "doKeyguard: not showing because lockscreen is off");
		return;
		}

		if (mLockPatternUtils.checkVoldPassword(KeyguardUpdateMonitor.getCurrentUser())) {
		if (DEBUG) Log.d(TAG, "Not showing lock screen since just decrypted");
		// Without this, settings is not enabled until the lock screen first appears
		setShowingLocked(false);
		hideLocked();
		return;
		}
		}

		if (DEBUG) Log.d(TAG, "doKeyguard: showing the lock screen");

services/core/java/com/android/server/locksettings/LockSettingsService.java

+0 −75

Original line number	Diff line number	Diff line
		@@ -252,8 +252,6 @@ public class LockSettingsService extends ILockSettings.Stub {

		private final RebootEscrowManager mRebootEscrowManager;

		private boolean mFirstCallToVold;

		// Current password metric for all users on the device. Updated when user unlocks
		// the device or changes password. Removed when user is stopped.
		@GuardedBy("this")
		@@ -597,8 +595,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		mStrongAuth = injector.getStrongAuth();
		mActivityManager = injector.getActivityManager();

		mFirstCallToVold = true;

		IntentFilter filter = new IntentFilter();
		filter.addAction(Intent.ACTION_USER_ADDED);
		filter.addAction(Intent.ACTION_USER_STARTING);
		@@ -2474,77 +2470,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		});
		}

		private LockscreenCredential createPattern(String patternString) {
		final byte[] patternBytes = patternString.getBytes();
		LockscreenCredential pattern = LockscreenCredential.createPattern(
		LockPatternUtils.byteArrayToPattern(patternBytes));
		Arrays.fill(patternBytes, (byte) 0);
		return pattern;
		}

		@Override
		public boolean checkVoldPassword(int userId) {
		if (!mFirstCallToVold) {
		return false;
		}
		mFirstCallToVold = false;

		checkPasswordReadPermission();

		// There's no guarantee that this will safely connect, but if it fails
		// we will simply show the lock screen when we shouldn't, so relatively
		// benign. There is an outside chance something nasty would happen if
		// this service restarted before vold stales out the password in this
		// case. The nastiness is limited to not showing the lock screen when
		// we should, within the first minute of decrypting the phone if this
		// service can't connect to vold, it restarts, and then the new instance
		// does successfully connect.
		final IStorageManager service = mInjector.getStorageManager();
		// TODO(b/120484642): Update vold to return a password as a byte array
		String password;
		final long identity = Binder.clearCallingIdentity();
		try {
		password = service.getPassword();
		service.clearPassword();
		} catch (RemoteException e) {
		Slog.w(TAG, "vold getPassword() failed", e);
		return false;
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		if (TextUtils.isEmpty(password)) {
		return false;
		}

		try {
		final LockscreenCredential credential;
		switch (getCredentialTypeInternal(userId)) {
		case CREDENTIAL_TYPE_PATTERN:
		credential = createPattern(password);
		break;
		case CREDENTIAL_TYPE_PIN:
		credential = LockscreenCredential.createPin(password);
		break;
		case CREDENTIAL_TYPE_PASSWORD:
		credential = LockscreenCredential.createPassword(password);
		break;
		default:
		credential = null;
		Slog.e(TAG, "Unknown credential type");
		}

		if (credential != null
		&& checkCredential(credential, userId, null /* progressCallback */)
		.getResponseCode() == GateKeeperResponse.RESPONSE_OK) {
		return true;
		}
		} catch (Exception e) {
		Slog.e(TAG, "checkVoldPassword failed: ", e);
		}

		return false;
		}

		private void removeUser(int userId, boolean unknownUser) {
		Slog.i(TAG, "RemoveUser: " + userId);
		removeBiometricsForUser(userId);