Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 98e0a266 authored by Paul Crowley's avatar Paul Crowley
Browse files

Always get an auth token when we verify. 

We need the auth token for FBE. In a future commit I'll get rid of the
"verify" method altogether, but no need right now.

Bug: 22950892
Change-Id: Ied2b666f0613dd97e021d3416ec06e44b9397d11
parent 9640477e

services/core/java/com/android/server/LockSettingsService.java

+15 −30
Original line number Diff line number Diff line
@@ -762,16 +762,14 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }



        VerifyCredentialResponse response;

        boolean shouldReEnroll = false;;

        if (hasChallenge) {

            byte[] token = null;

        boolean shouldReEnroll = false;

        GateKeeperResponse gateKeeperResponse = getGateKeeperService()

                .verifyChallenge(userId, challenge, storedHash.hash, credential.getBytes());

        int responseCode = gateKeeperResponse.getResponseCode();

        if (responseCode == GateKeeperResponse.RESPONSE_RETRY) {

             response = new VerifyCredentialResponse(gateKeeperResponse.getTimeout());

        } else if (responseCode == GateKeeperResponse.RESPONSE_OK) {

                token = gateKeeperResponse.getPayload();

            byte[] token = gateKeeperResponse.getPayload();

            if (token == null) {

                // something's wrong if there's no payload with a challenge

                Slog.e(TAG, "verifyChallenge response had no associated payload");
@@ -783,19 +781,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
        } else {

            response = VerifyCredentialResponse.ERROR;

        }

        } else {

            GateKeeperResponse gateKeeperResponse = getGateKeeperService().verify(

                    userId, storedHash.hash, credential.getBytes());

            int responseCode = gateKeeperResponse.getResponseCode();

            if (responseCode == GateKeeperResponse.RESPONSE_RETRY) {

                response = new VerifyCredentialResponse(gateKeeperResponse.getTimeout());

            } else if (responseCode == GateKeeperResponse.RESPONSE_OK) {

                shouldReEnroll = gateKeeperResponse.getShouldReEnroll();

                response = VerifyCredentialResponse.OK;

            } else {

                response = VerifyCredentialResponse.ERROR;

            }

        }



        if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) {

            // credential has matched