Loading core/java/android/security/flags.aconfig +0 −10 Original line number Diff line number Diff line Loading @@ -57,16 +57,6 @@ flag { bug: "323086607" } flag { name: "clear_strong_auth_on_adding_primary_credential" namespace: "biometrics" description: "Clear StrongAuth on adding credential" bug: "320817991" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "afl_api" namespace: "hardware_backed_security" Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +2 −4 Original line number Diff line number Diff line Loading @@ -1894,8 +1894,7 @@ public class LockSettingsService extends ILockSettings.Stub { * Set a new LSKF for the given user/profile. Only succeeds if the synthetic password for the * user is protected by the given {@param savedCredential}. * <p> * When {@link android.security.Flags#clearStrongAuthOnAddingPrimaryCredential()} is enabled and * setting a new credential where there was none, updates the strong auth state for * When setting a new credential where there was none, updates the strong auth state for * {@param userId} to <tt>STRONG_AUTH_NOT_REQUIRED</tt>. * * @param savedCredential if the user is a profile with unified challenge and savedCredential is Loading Loading @@ -1945,8 +1944,7 @@ public class LockSettingsService extends ILockSettings.Stub { onSyntheticPasswordUnlocked(userId, sp); setLockCredentialWithSpLocked(credential, sp, userId); if (android.security.Flags.clearStrongAuthOnAddingPrimaryCredential() && savedCredential.isNone() && !credential.isNone()) { if (savedCredential.isNone() && !credential.isNone()) { // Clear the strong auth value, since the LSKF has just been entered and set, // but only when the previous credential was None. mStrongAuth.reportUnlock(userId); Loading services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +3 −43 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.server.locksettings; import static android.Manifest.permission.CONFIGURE_FACTORY_RESET_PROTECTION; import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; Loading Loading @@ -263,23 +262,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_clearsStrongAuthWhenFlagIsOn() public void setLockCredential_forPrimaryUser_clearsStrongAuth() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); verify(mStrongAuth).reportUnlock(PRIMARY_USER_ID); } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_leavesStrongAuthWhenFlagIsOff() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); verify(mStrongAuth, never()).reportUnlock(anyInt()); } @Test public void setLockCredential_forPrimaryUserWithCredential_leavesStrongAuth() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); Loading Loading @@ -311,8 +300,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuthWhenFlagIsOn() public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuth() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); Loading @@ -321,17 +309,6 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { verify(mStrongAuth).reportUnlock(MANAGED_PROFILE_USER_ID); } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_leavesStrongAuthWhenFlagIsOff() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); setCredential(MANAGED_PROFILE_USER_ID, newPattern("12345")); verify(mStrongAuth, never()).reportUnlock(anyInt()); } @Test public void testSetLockCredential_forProfileWithUnifiedChallenge_doesNotSendRandomCredential() throws Exception { Loading Loading @@ -376,8 +353,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBothWhenFlagIsOn() public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBoth() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); setCredential(PRIMARY_USER_ID, credential); Loading @@ -391,22 +367,6 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { verify(mStrongAuth).reportUnlock(MANAGED_PROFILE_USER_ID); } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_leavesStrongAuthForBothWhenFlagIsOff() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); setCredential(PRIMARY_USER_ID, credential); mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); clearCredential(PRIMARY_USER_ID, credential); reset(mStrongAuth); setCredential(PRIMARY_USER_ID, credential); verify(mStrongAuth, never()).reportUnlock(anyInt()); } @Test public void setLockCredential_primaryWithUnifiedProfileWithCredential_leavesStrongAuthForBoth() throws Exception { Loading Loading
core/java/android/security/flags.aconfig +0 −10 Original line number Diff line number Diff line Loading @@ -57,16 +57,6 @@ flag { bug: "323086607" } flag { name: "clear_strong_auth_on_adding_primary_credential" namespace: "biometrics" description: "Clear StrongAuth on adding credential" bug: "320817991" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "afl_api" namespace: "hardware_backed_security" Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +2 −4 Original line number Diff line number Diff line Loading @@ -1894,8 +1894,7 @@ public class LockSettingsService extends ILockSettings.Stub { * Set a new LSKF for the given user/profile. Only succeeds if the synthetic password for the * user is protected by the given {@param savedCredential}. * <p> * When {@link android.security.Flags#clearStrongAuthOnAddingPrimaryCredential()} is enabled and * setting a new credential where there was none, updates the strong auth state for * When setting a new credential where there was none, updates the strong auth state for * {@param userId} to <tt>STRONG_AUTH_NOT_REQUIRED</tt>. * * @param savedCredential if the user is a profile with unified challenge and savedCredential is Loading Loading @@ -1945,8 +1944,7 @@ public class LockSettingsService extends ILockSettings.Stub { onSyntheticPasswordUnlocked(userId, sp); setLockCredentialWithSpLocked(credential, sp, userId); if (android.security.Flags.clearStrongAuthOnAddingPrimaryCredential() && savedCredential.isNone() && !credential.isNone()) { if (savedCredential.isNone() && !credential.isNone()) { // Clear the strong auth value, since the LSKF has just been entered and set, // but only when the previous credential was None. mStrongAuth.reportUnlock(userId); Loading
services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +3 −43 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.server.locksettings; import static android.Manifest.permission.CONFIGURE_FACTORY_RESET_PROTECTION; import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; Loading Loading @@ -263,23 +262,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_clearsStrongAuthWhenFlagIsOn() public void setLockCredential_forPrimaryUser_clearsStrongAuth() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); verify(mStrongAuth).reportUnlock(PRIMARY_USER_ID); } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_leavesStrongAuthWhenFlagIsOff() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); verify(mStrongAuth, never()).reportUnlock(anyInt()); } @Test public void setLockCredential_forPrimaryUserWithCredential_leavesStrongAuth() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); Loading Loading @@ -311,8 +300,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuthWhenFlagIsOn() public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuth() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); Loading @@ -321,17 +309,6 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { verify(mStrongAuth).reportUnlock(MANAGED_PROFILE_USER_ID); } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_leavesStrongAuthWhenFlagIsOff() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); setCredential(MANAGED_PROFILE_USER_ID, newPattern("12345")); verify(mStrongAuth, never()).reportUnlock(anyInt()); } @Test public void testSetLockCredential_forProfileWithUnifiedChallenge_doesNotSendRandomCredential() throws Exception { Loading Loading @@ -376,8 +353,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBothWhenFlagIsOn() public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBoth() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); setCredential(PRIMARY_USER_ID, credential); Loading @@ -391,22 +367,6 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { verify(mStrongAuth).reportUnlock(MANAGED_PROFILE_USER_ID); } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_leavesStrongAuthForBothWhenFlagIsOff() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); setCredential(PRIMARY_USER_ID, credential); mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); clearCredential(PRIMARY_USER_ID, credential); reset(mStrongAuth); setCredential(PRIMARY_USER_ID, credential); verify(mStrongAuth, never()).reportUnlock(anyInt()); } @Test public void setLockCredential_primaryWithUnifiedProfileWithCredential_leavesStrongAuthForBoth() throws Exception { Loading
