Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88793a83 authored by Eric Biggers's avatar Eric Biggers Committed by Automerger Merge Worker
Browse files

LockSettingsService: remove redundant calls to verifyChallenge() am: 0ca26469 

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2775371



Change-Id: I77e666d50ec9340719919d700695f9d9f1e4cd75
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 2e783419 0ca26469

services/core/java/com/android/server/locksettings/LockSettingsService.java

+2 −15
Original line number Diff line number Diff line
@@ -2239,17 +2239,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
                // credential has matched

                mBiometricDeferredQueue.addPendingLockoutResetForUser(userId,

                        authResult.syntheticPassword.deriveGkPassword());



                // perform verifyChallenge with synthetic password which generates the real GK auth

                // token and response for the current user

                response = mSpManager.verifyChallenge(getGateKeeperService(),

                        authResult.syntheticPassword, 0L /* challenge */, userId);

                if (response.getResponseCode() != VerifyCredentialResponse.RESPONSE_OK) {

                    // This shouldn't really happen: the unwrapping of SP succeeds, but SP doesn't

                    // match the recorded GK password handle.

                    Slog.wtf(TAG, "verifyChallenge with SP failed.");

                    return VerifyCredentialResponse.ERROR;

                }

            }

        }

        if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) {
@@ -2883,7 +2872,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
     *

     * Also maintains the invariants described in {@link SyntheticPasswordManager} by

     * setting/clearing the protection (by the SP) on the user's auth-bound Keystore keys when the

     * LSKF is added/removed, respectively.  If the new LSKF is nonempty, then the Gatekeeper auth

     * LSKF is added/removed, respectively.  If an LSKF is being added, then the Gatekeeper auth

     * token is also refreshed.

     */

    @GuardedBy("mSpManager")
@@ -2900,9 +2889,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            // not needed by synchronizeUnifiedWorkChallengeForProfiles()

            profilePasswords = null;



            if (mSpManager.hasSidForUser(userId)) {

                mSpManager.verifyChallenge(getGateKeeperService(), sp, 0L, userId);

            } else {

            if (!mSpManager.hasSidForUser(userId)) {

                mSpManager.newSidForUser(getGateKeeperService(), sp, userId);

                mSpManager.verifyChallenge(getGateKeeperService(), sp, 0L, userId);

                setKeystorePassword(sp.deriveKeyStorePassword(), userId);