Loading core/java/com/android/internal/widget/ILockSettings.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -108,4 +108,5 @@ interface ILockSettings { boolean removeWeakEscrowToken(long handle, int userId); boolean isWeakEscrowTokenActive(long handle, int userId); boolean isWeakEscrowTokenValid(long handle, in byte[] token, int userId); void unlockUserKeyIfUnsecured(int userId); } core/java/com/android/internal/widget/LockPatternUtils.java +16 −1 Original line number Diff line number Diff line Loading @@ -1933,8 +1933,23 @@ public class LockPatternUtils { } } /** * Unlocks the credential-encrypted storage for the given user if the user is not secured, i.e. * doesn't have an LSKF. * <p> * Whether the storage has been unlocked can be determined by * {@link StorageManager#isUserKeyUnlocked()}. * * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. * * @param userId the ID of the user whose storage to unlock */ public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { getLockSettingsInternal().unlockUserKeyIfUnsecured(userId); try { getLockSettings().unlockUserKeyIfUnsecured(userId); } catch (RemoteException re) { re.rethrowFromSystemServer(); } } public void createNewUser(@UserIdInt int userId, int userSerialNumber) { Loading core/java/com/android/internal/widget/LockSettingsInternal.java +0 −11 Original line number Diff line number Diff line Loading @@ -59,17 +59,6 @@ public abstract class LockSettingsInternal { */ public abstract void onThirdPartyAppsStarted(); /** * Unlocks the credential-encrypted storage for the given user if the user is not secured, i.e. * doesn't have an LSKF. * <p> * This doesn't throw an exception on failure; whether the storage has been unlocked can be * determined by {@link StorageManager#isUserKeyUnlocked()}. * * @param userId the ID of the user whose storage to unlock */ public abstract void unlockUserKeyIfUnsecured(@UserIdInt int userId); /** * Creates the locksettings state for a new user. * <p> Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +3 −6 Original line number Diff line number Diff line Loading @@ -2047,7 +2047,9 @@ public class LockSettingsService extends ILockSettings.Stub { } } private void unlockUserKeyIfUnsecured(@UserIdInt int userId) { @Override public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { checkPasswordReadPermission(); synchronized (mSpManager) { if (isUserKeyUnlocked(userId)) { Slogf.d(TAG, "CE storage for user %d is already unlocked", userId); Loading Loading @@ -3455,11 +3457,6 @@ public class LockSettingsService extends ILockSettings.Stub { LockSettingsService.this.onThirdPartyAppsStarted(); } @Override public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { LockSettingsService.this.unlockUserKeyIfUnsecured(userId); } @Override public void createNewUser(@UserIdInt int userId, int userSerialNumber) { LockSettingsService.this.createNewUser(userId, userSerialNumber); Loading services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java +8 −8 Original line number Diff line number Diff line Loading @@ -255,7 +255,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { public void testUnlockUserKeyIfUnsecuredPassesPrimaryUserAuthSecret() throws RemoteException { initSpAndSetCredential(PRIMARY_USER_ID, newPassword(null)); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); mService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class)); } Loading @@ -267,7 +267,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { mService.setLockCredential(nonePassword(), password, PRIMARY_USER_ID); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); mService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class)); } Loading @@ -285,39 +285,39 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { @Test public void testHeadlessSystemUserDoesNotPassAuthSecret() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); mService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); verify(mAuthSecretService, never()).setPrimaryUserCredential(any(byte[].class)); } @Test public void testHeadlessSecondaryUserPassesAuthSecret() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); mService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class)); } @Test public void testHeadlessTertiaryUserPassesSameAuthSecret() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); mService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); var captor = ArgumentCaptor.forClass(byte[].class); verify(mAuthSecretService).setPrimaryUserCredential(captor.capture()); var value = captor.getValue(); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); mService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(eq(value)); } @Test public void testHeadlessTertiaryUserPassesSameAuthSecretAfterReset() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); mService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); var captor = ArgumentCaptor.forClass(byte[].class); verify(mAuthSecretService).setPrimaryUserCredential(captor.capture()); var value = captor.getValue(); mService.clearAuthSecret(); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); mService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(eq(value)); } Loading Loading
core/java/com/android/internal/widget/ILockSettings.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -108,4 +108,5 @@ interface ILockSettings { boolean removeWeakEscrowToken(long handle, int userId); boolean isWeakEscrowTokenActive(long handle, int userId); boolean isWeakEscrowTokenValid(long handle, in byte[] token, int userId); void unlockUserKeyIfUnsecured(int userId); }
core/java/com/android/internal/widget/LockPatternUtils.java +16 −1 Original line number Diff line number Diff line Loading @@ -1933,8 +1933,23 @@ public class LockPatternUtils { } } /** * Unlocks the credential-encrypted storage for the given user if the user is not secured, i.e. * doesn't have an LSKF. * <p> * Whether the storage has been unlocked can be determined by * {@link StorageManager#isUserKeyUnlocked()}. * * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. * * @param userId the ID of the user whose storage to unlock */ public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { getLockSettingsInternal().unlockUserKeyIfUnsecured(userId); try { getLockSettings().unlockUserKeyIfUnsecured(userId); } catch (RemoteException re) { re.rethrowFromSystemServer(); } } public void createNewUser(@UserIdInt int userId, int userSerialNumber) { Loading
core/java/com/android/internal/widget/LockSettingsInternal.java +0 −11 Original line number Diff line number Diff line Loading @@ -59,17 +59,6 @@ public abstract class LockSettingsInternal { */ public abstract void onThirdPartyAppsStarted(); /** * Unlocks the credential-encrypted storage for the given user if the user is not secured, i.e. * doesn't have an LSKF. * <p> * This doesn't throw an exception on failure; whether the storage has been unlocked can be * determined by {@link StorageManager#isUserKeyUnlocked()}. * * @param userId the ID of the user whose storage to unlock */ public abstract void unlockUserKeyIfUnsecured(@UserIdInt int userId); /** * Creates the locksettings state for a new user. * <p> Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +3 −6 Original line number Diff line number Diff line Loading @@ -2047,7 +2047,9 @@ public class LockSettingsService extends ILockSettings.Stub { } } private void unlockUserKeyIfUnsecured(@UserIdInt int userId) { @Override public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { checkPasswordReadPermission(); synchronized (mSpManager) { if (isUserKeyUnlocked(userId)) { Slogf.d(TAG, "CE storage for user %d is already unlocked", userId); Loading Loading @@ -3455,11 +3457,6 @@ public class LockSettingsService extends ILockSettings.Stub { LockSettingsService.this.onThirdPartyAppsStarted(); } @Override public void unlockUserKeyIfUnsecured(@UserIdInt int userId) { LockSettingsService.this.unlockUserKeyIfUnsecured(userId); } @Override public void createNewUser(@UserIdInt int userId, int userSerialNumber) { LockSettingsService.this.createNewUser(userId, userSerialNumber); Loading
services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java +8 −8 Original line number Diff line number Diff line Loading @@ -255,7 +255,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { public void testUnlockUserKeyIfUnsecuredPassesPrimaryUserAuthSecret() throws RemoteException { initSpAndSetCredential(PRIMARY_USER_ID, newPassword(null)); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); mService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class)); } Loading @@ -267,7 +267,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { mService.setLockCredential(nonePassword(), password, PRIMARY_USER_ID); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); mService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class)); } Loading @@ -285,39 +285,39 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { @Test public void testHeadlessSystemUserDoesNotPassAuthSecret() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); mService.unlockUserKeyIfUnsecured(PRIMARY_USER_ID); verify(mAuthSecretService, never()).setPrimaryUserCredential(any(byte[].class)); } @Test public void testHeadlessSecondaryUserPassesAuthSecret() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); mService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(any(byte[].class)); } @Test public void testHeadlessTertiaryUserPassesSameAuthSecret() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); mService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); var captor = ArgumentCaptor.forClass(byte[].class); verify(mAuthSecretService).setPrimaryUserCredential(captor.capture()); var value = captor.getValue(); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); mService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(eq(value)); } @Test public void testHeadlessTertiaryUserPassesSameAuthSecretAfterReset() throws RemoteException { setupHeadlessTest(); mLocalService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); mService.unlockUserKeyIfUnsecured(SECONDARY_USER_ID); var captor = ArgumentCaptor.forClass(byte[].class); verify(mAuthSecretService).setPrimaryUserCredential(captor.capture()); var value = captor.getValue(); mService.clearAuthSecret(); reset(mAuthSecretService); mLocalService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); mService.unlockUserKeyIfUnsecured(TERTIARY_USER_ID); verify(mAuthSecretService).setPrimaryUserCredential(eq(value)); } Loading
