Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b7424b0 authored by Rubin Xu's avatar Rubin Xu
Browse files

Integrate weaver into authentication flow 

Use the weaver applet running inside secure element to enforce
password verification back-off and provide secure deletion.

Bug: 30328567
Test: runtest frameworks-services -c com.android.server.WeaverBasedSyntheticPasswordTests
Test: manually on marlin/secure element with applet/secure element without applet
Change-Id: I376dd9707c90d005e56c85ee79a26fdc428779bf
parent a00c4194

services/core/Android.mk

+1 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ LOCAL_STATIC_JAVA_LIBRARIES := \ 
    tzdata_shared2 \

    tzdata_update2 \

    android.hidl.base-V1.0-java-static \

    android.hardware.weaver-V1.0-java-static \

    android.hardware.biometrics.fingerprint-V2.1-java-static \

    android.hardware.vibrator-V1.0-java-constants \

services/core/java/com/android/server/LockSettingsService.java

+2 −0
Original line number Diff line number Diff line
@@ -541,6 +541,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        migrateOldData();

        try {

            getGateKeeperService();

            mSpManager.initWeaverService();

        } catch (RemoteException e) {

            Slog.e(TAG, "Failure retrieving IGateKeeperService", e);

        }
@@ -1662,6 +1663,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    private void removeUser(int userId, boolean unknownUser) {

        mSpManager.removeUser(userId);

        mStorage.removeUser(userId);

        mStrongAuth.removeUser(userId);

services/core/java/com/android/server/LockSettingsStorage.java

+32 −0
Original line number Diff line number Diff line
@@ -37,6 +37,9 @@ import com.android.internal.widget.LockPatternUtils; 
import java.io.File;

import java.io.IOException;

import java.io.RandomAccessFile;

import java.util.ArrayList;

import java.util.List;

import java.util.Map;



/**

 * Storage for the lock settings service.
@@ -442,6 +445,35 @@ class LockSettingsStorage { 
        }

    }



    public Map<Integer, List<Long>> listSyntheticPasswordHandlesForAllUsers(String stateName) {

        Map<Integer, List<Long>> result = new ArrayMap<>();

        final UserManager um = UserManager.get(mContext);

        for (UserInfo user : um.getUsers(false)) {

            result.put(user.id, listSyntheticPasswordHandlesForUser(stateName, user.id));

        }

        return result;

    }



    public List<Long> listSyntheticPasswordHandlesForUser(String stateName, int userId) {

        File baseDir = getSyntheticPasswordDirectoryForUser(userId);

        List<Long> result = new ArrayList<>();

        File[] files = baseDir.listFiles();

        if (files == null) {

            return result;

        }

        for (File file : files) {

            String[] parts = file.getName().split("\\.");

            if (parts.length == 2 && parts[1].equals(stateName)) {

                try {

                    result.add(Long.parseUnsignedLong(parts[0], 16));

                } catch (NumberFormatException e) {

                    Slog.e(TAG, "Failed to parse handle " + parts[0]);

                }

            }

        }

        return result;

    }



    @VisibleForTesting

    protected File getSyntheticPasswordDirectoryForUser(int userId) {

        return new File(Environment.getDataSystemDeDirectory(userId) ,SYNTHETIC_PASSWORD_DIRECTORY);

services/core/java/com/android/server/SyntheticPasswordManager.java

+397 −53

File changed.

Preview size limit exceeded, changes collapsed.

services/tests/servicestests/src/com/android/server/BaseLockSettingsServiceTests.java

+7 −1
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
package com.android.server;



import static org.mockito.Matchers.any;

import static org.mockito.Matchers.anyBoolean;

import static org.mockito.Matchers.anyInt;

import static org.mockito.Matchers.eq;

import static org.mockito.Mockito.mock;
@@ -82,6 +83,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { 
    IActivityManager mActivityManager;

    DevicePolicyManager mDevicePolicyManager;

    KeyStore mKeyStore;

    MockSyntheticPasswordManager mSpManager;



    @Override

    protected void setUp() throws Exception {
@@ -94,6 +96,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { 
        mStorageManager = new MockStorageManager();

        mActivityManager = mock(IActivityManager.class);

        mDevicePolicyManager = mock(DevicePolicyManager.class);



        mContext = new MockLockSettingsContext(getContext(), mUserManager, mNotificationManager,

                mDevicePolicyManager);

        mStorage = new LockSettingsStorageTestable(mContext,
@@ -105,12 +108,15 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { 
            storageDir.mkdirs();

        }



        mSpManager = new MockSyntheticPasswordManager(mStorage, mGateKeeperService);

        mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils,

                mStorage, mGateKeeperService, mKeyStore, mStorageManager, mActivityManager);

                mStorage, mGateKeeperService, mKeyStore, mStorageManager, mActivityManager,

                mSpManager);

        when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO);

        mPrimaryUserProfiles.add(PRIMARY_USER_INFO);

        installChildProfile(MANAGED_PROFILE_USER_ID);

        installQuietModeChildProfile(TURNED_OFF_PROFILE_USER_ID);

        when(mUserManager.getUsers(anyBoolean())).thenReturn(mPrimaryUserProfiles);

        when(mUserManager.getProfiles(eq(PRIMARY_USER_ID))).thenReturn(mPrimaryUserProfiles);

        when(mUserManager.getUserInfo(eq(SECONDARY_USER_ID))).thenReturn(SECONDARY_USER_INFO);

        when(mUserManager.isUserRunning(eq(MANAGED_PROFILE_USER_ID))).thenReturn(true);