Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 971b08f8 authored by Pavel Grafov's avatar Pavel Grafov Committed by Gerrit Code Review
Browse files

Merge "Keep escrow data for test users" into main

parents ebf94528 25df198e

services/core/java/com/android/server/locksettings/LockSettingsService.java

+6 −0
Original line number Diff line number Diff line
@@ -3618,6 +3618,12 @@ public class LockSettingsService extends ILockSettings.Stub { 
            return;

        }



        UserInfo userInfo = mInjector.getUserManagerInternal().getUserInfo(userId);

        if (userInfo != null && userInfo.isForTesting()) {

            Slog.i(TAG, "Keeping escrow data for test-only user");

            return;

        }



        // Disable escrow token permanently on all other device/user types.

        Slogf.i(TAG, "Permanently disabling support for escrow tokens on user %d", userId);

        mSpManager.destroyEscrowData(userId);

services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

+42 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package com.android.server.locksettings;



import static android.content.pm.UserInfo.FLAG_FOR_TESTING;

import static android.content.pm.UserInfo.FLAG_FULL;

import static android.content.pm.UserInfo.FLAG_MAIN;

import static android.content.pm.UserInfo.FLAG_PRIMARY;
@@ -44,6 +45,8 @@ import static org.mockito.Mockito.when; 


import android.app.PropertyInvalidatedCache;

import android.app.admin.PasswordMetrics;

import android.content.ComponentName;

import android.content.pm.UserInfo;

import android.os.RemoteException;

import android.platform.test.annotations.Presubmit;
@@ -356,6 +359,45 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        assertArrayEquals(storageKey, mStorageManager.getUserUnlockToken(PRIMARY_USER_ID));

    }



    @Test

    public void testEscrowDataRetainedWhenManagedUserVerifiesCredential() throws RemoteException {

        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(true);



        LockscreenCredential password = newPassword("password");

        initSpAndSetCredential(PRIMARY_USER_ID, password);



        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);



        assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID));

    }



    @Test

    public void testEscrowDataRetainedWhenUnmanagedTestUserVerifiesCredential()

            throws RemoteException {

        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false);

        UserInfo userInfo = mUserManagerInternal.getUserInfo(PRIMARY_USER_ID);

        userInfo.flags |= FLAG_FOR_TESTING;



        LockscreenCredential password = newPassword("password");

        initSpAndSetCredential(PRIMARY_USER_ID, password);



        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);



        assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID));

    }



    @Test

    public void testEscrowDataDeletedWhenUnmanagedUserVerifiesCredential() throws RemoteException {

        when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false);



        LockscreenCredential password = newPassword("password");

        initSpAndSetCredential(PRIMARY_USER_ID, password);



        mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */);



        assertFalse("Escrow data wasn't destroyed", mSpManager.hasAnyEscrowData(PRIMARY_USER_ID));

    }



    @Test

    public void testTokenBasedClearPassword() throws RemoteException {

        LockscreenCredential password = newPassword("password");