LockSettingsService: support authsecret aidl service (6c8ab9b7) · Commits · e / os / android_frameworks_base

services/core/Android.bp

+1 −0

Original line number	Diff line number	Diff line
		@@ -144,6 +144,7 @@ java_library_static {

		static_libs: [
		"android.hardware.authsecret-V1.0-java",
		"android.hardware.authsecret-V1-java",
		"android.hardware.boot-V1.0-java",
		"android.hardware.boot-V1.1-java",
		"android.hardware.boot-V1.2-java",

services/core/java/com/android/server/locksettings/LockSettingsService.java

+33 −17

Original line number	Diff line number	Diff line
		@@ -69,7 +69,7 @@ import android.content.pm.PackageManager;
		import android.content.pm.UserInfo;
		import android.database.ContentObserver;
		import android.database.sqlite.SQLiteDatabase;
		import android.hardware.authsecret.V1_0.IAuthSecret;
		import android.hardware.authsecret.IAuthSecret;
		import android.hardware.biometrics.BiometricManager;
		import android.hardware.face.Face;
		import android.hardware.face.FaceManager;
		@@ -265,7 +265,8 @@ public class LockSettingsService extends ILockSettings.Stub {
		protected boolean mHasSecureLockScreen;

		protected IGateKeeperService mGateKeeperService;
		protected IAuthSecret mAuthSecretService;
		protected IAuthSecret mAuthSecretServiceAidl;
		protected android.hardware.authsecret.V1_0.IAuthSecret mAuthSecretServiceHidl;

		private static final String GSI_RUNNING_PROP = "ro.gsid.image_running";

		@@ -833,12 +834,19 @@ public class LockSettingsService extends ILockSettings.Stub {
		}

		private void getAuthSecretHal() {
		mAuthSecretServiceAidl = IAuthSecret.Stub.asInterface(ServiceManager.
		waitForDeclaredService(IAuthSecret.DESCRIPTOR + "/default"));
		if (mAuthSecretServiceAidl == null) {
		Slog.i(TAG, "Device doesn't implement AuthSecret HAL(aidl), try to get hidl version");

		try {
		mAuthSecretService = IAuthSecret.getService(/* retry */ true);
		mAuthSecretServiceHidl =
		android.hardware.authsecret.V1_0.IAuthSecret.getService(/* retry */ true);
		} catch (NoSuchElementException e) {
		Slog.i(TAG, "Device doesn't implement AuthSecret HAL");
		Slog.i(TAG, "Device doesn't implement AuthSecret HAL(hidl)");
		} catch (RemoteException e) {
		Slog.w(TAG, "Failed to get AuthSecret HAL", e);
		Slog.w(TAG, "Failed to get AuthSecret HAL(hidl)", e);
		}
		}
		}

		@@ -2601,17 +2609,25 @@ public class LockSettingsService extends ILockSettings.Stub {
		// If the given user is the primary user, pass the auth secret to the HAL. Only the system
		// user can be primary. Check for the system user ID before calling getUserInfo(), as other
		// users may still be under construction.
		if (mAuthSecretService != null && userId == UserHandle.USER_SYSTEM &&
		if (userId == UserHandle.USER_SYSTEM &&
		mUserManager.getUserInfo(userId).isPrimary()) {
		try {
		final byte[] rawSecret = sp.deriveVendorAuthSecret();
		if (mAuthSecretServiceAidl != null) {
		try {
		mAuthSecretServiceAidl.setPrimaryUserCredential(rawSecret);
		} catch (RemoteException e) {
		Slog.w(TAG, "Failed to pass primary user secret to AuthSecret HAL(aidl)", e);
		}
		} else if (mAuthSecretServiceHidl != null) {
		try {
		final ArrayList<Byte> secret = new ArrayList<>(rawSecret.length);
		for (int i = 0; i < rawSecret.length; ++i) {
		secret.add(rawSecret[i]);
		}
		mAuthSecretService.primaryUserCredential(secret);
		mAuthSecretServiceHidl.primaryUserCredential(secret);
		} catch (RemoteException e) {
		Slog.w(TAG, "Failed to pass primary user secret to AuthSecret HAL", e);
		Slog.w(TAG, "Failed to pass primary user secret to AuthSecret HAL(hidl)", e);
		}
		}
		}
		}

services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -36,7 +36,7 @@ import android.content.ComponentName;
		import android.content.Context;
		import android.content.pm.PackageManager;
		import android.content.pm.UserInfo;
		import android.hardware.authsecret.V1_0.IAuthSecret;
		import android.hardware.authsecret.IAuthSecret;
		import android.hardware.face.FaceManager;
		import android.hardware.fingerprint.FingerprintManager;
		import android.os.FileUtils;

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java

+3 −3

Original line number	Diff line number	Diff line
		@@ -22,7 +22,7 @@ import android.app.IActivityManager;
		import android.app.admin.DeviceStateCache;
		import android.content.Context;
		import android.content.pm.UserInfo;
		import android.hardware.authsecret.V1_0.IAuthSecret;
		import android.hardware.authsecret.IAuthSecret;
		import android.os.Handler;
		import android.os.Parcel;
		import android.os.Process;
		@@ -154,7 +154,7 @@ public class LockSettingsServiceTestable extends LockSettingsService {
		storageManager, spManager, gsiService, recoverableKeyStoreManager,
		userManagerInternal, deviceStateCache));
		mGateKeeperService = gatekeeper;
		mAuthSecretService = authSecretService;
		mAuthSecretServiceAidl = authSecretService;
		}

		@Override

services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

+10 −7

Original line number	Diff line number	Diff line
		@@ -59,6 +59,7 @@ import org.mockito.ArgumentCaptor;

		import java.io.File;
		import java.util.ArrayList;
		import java.util.Arrays;


		/**
		@@ -229,9 +230,11 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		badPassword, PRIMARY_USER_ID, 0 /* flags */).getResponseCode());

		// Check the same secret was passed each time
		ArgumentCaptor<ArrayList<Byte>> secret = ArgumentCaptor.forClass(ArrayList.class);
		verify(mAuthSecretService, atLeastOnce()).primaryUserCredential(secret.capture());
		assertEquals(1, secret.getAllValues().stream().distinct().count());
		ArgumentCaptor<byte[]> secret = ArgumentCaptor.forClass(byte[].class);
		verify(mAuthSecretService, atLeastOnce()).setPrimaryUserCredential(secret.capture());
		for (byte[] val : secret.getAllValues()) {
		assertArrayEquals(val, secret.getAllValues().get(0));
		}
		}

		@Test
		@@ -242,7 +245,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		reset(mAuthSecretService);
		assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(
		password, PRIMARY_USER_ID, 0 /* flags */).getResponseCode());
		verify(mAuthSecretService).primaryUserCredential(any(ArrayList.class));
		verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class));
		}

		@Test
		@@ -252,7 +255,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		initializeCredential(password, SECONDARY_USER_ID);
		assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(
		password, SECONDARY_USER_ID, 0 /* flags */).getResponseCode());
		verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
		verify(mAuthSecretService, never()).setPrimaryUserCredential(any(byte[].class));
		}

		@Test
		@@ -263,7 +266,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {

		reset(mAuthSecretService);
		mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID);
		verify(mAuthSecretService).primaryUserCredential(any(ArrayList.class));
		verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class));
		}

		@Test
		@@ -591,7 +594,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		initializeCredential(password, PRIMARY_USER_ID);
		assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(
		password, PRIMARY_USER_ID, 0 /* flags */).getResponseCode());
		verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
		verify(mAuthSecretService, never()).setPrimaryUserCredential(any(byte[].class));
		}

		@Test