Merge "LockSettingsService: remove unnecessary permission constants" into main

 */

public class LockSettingsService extends ILockSettings.Stub {

    private static final String TAG = "LockSettingsService";

    private static final String PERMISSION = ACCESS_KEYGUARD_SECURE_STORAGE;

    private static final String BIOMETRIC_PERMISSION = MANAGE_BIOMETRIC;

    private static final int PROFILE_KEY_IV_SIZE = 12;

    private static final String SEPARATE_PROFILE_CHALLENGE_KEY = "lockscreen.profilechallenge";

    }

    private final void checkWritePermission() {

        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsWrite");

        mContext.enforceCallingOrSelfPermission(ACCESS_KEYGUARD_SECURE_STORAGE,

                "LockSettingsWrite");

    }

    private final void checkPasswordReadPermission() {

        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead");

        mContext.enforceCallingOrSelfPermission(ACCESS_KEYGUARD_SECURE_STORAGE, "LockSettingsRead");

    }

    private final void checkPasswordHavePermission() {

        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsHave");

        mContext.enforceCallingOrSelfPermission(ACCESS_KEYGUARD_SECURE_STORAGE, "LockSettingsHave");

    }

    private final void checkDatabaseReadPermission(String requestedKey, int userId) {

        if (!hasPermission(PERMISSION)) {

        if (!hasPermission(ACCESS_KEYGUARD_SECURE_STORAGE)) {

            throw new SecurityException("uid=" + getCallingUid() + " needs permission "

                    + PERMISSION + " to read " + requestedKey + " for user " + userId);

                    + ACCESS_KEYGUARD_SECURE_STORAGE + " to read " + requestedKey

                    + " for user " + userId);

        }

    }

    private final void checkBiometricPermission() {

        mContext.enforceCallingOrSelfPermission(BIOMETRIC_PERMISSION, "LockSettingsBiometric");

        mContext.enforceCallingOrSelfPermission(MANAGE_BIOMETRIC, "LockSettingsBiometric");

    }

    private boolean hasPermission(String permission) {

            throw new UnsupportedOperationException(

                    "This operation requires secure lock screen feature");

        }

        if (!hasPermission(PERMISSION) && !hasPermission(SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS)) {

        if (!hasPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

                && !hasPermission(SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS)) {

            if (hasPermission(SET_INITIAL_LOCK) && savedCredential.isNone()) {

                // SET_INITIAL_LOCK can only be used if credential is not set.

            } else {

                throw new SecurityException(

                        "setLockCredential requires SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS or "

                                + PERMISSION);

                                + "ACCESS_KEYGUARD_SECURE_STORAGE");

            }

        }

        credential.validateBasicRequirements();

    @Nullable

    public VerifyCredentialResponse verifyCredential(LockscreenCredential credential,

            int userId, int flags) {

        if (!hasPermission(PERMISSION) && !hasPermission(SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS)) {

        if (!hasPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

                && !hasPermission(SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS)) {

            throw new SecurityException(

                    "verifyCredential requires SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS or "

                            + PERMISSION);

                            + "ACCESS_KEYGUARD_SECURE_STORAGE");

        }

        final long identity = Binder.clearCallingIdentity();

        try {