Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 991ce960 authored by Eric Biggers's avatar Eric Biggers
Browse files

Rename ERROR to OTHER_ERROR in VerifyCredentialResponse 

In preparation for introducing additional error response codes, rename
the existing ERROR response code to OTHER_ERROR.  The new name more
clearly reflects that it's a catch-all for errors that aren't covered by
another response code, whether RETRY or one of the upcoming new ones.

Keep the fromError() method for now, since it is still used.

Test: atest FrameworksServicesTests:com.android.server.locksettings
Bug: 395976735
Flag: EXEMPT refactor
Change-Id: I696ce747d6ca8130a4360e02affc850a6d17d97e
parent 2ae403a0

core/java/com/android/internal/widget/LockPatternUtils.java

+6 −6
Original line number Diff line number Diff line
@@ -459,13 +459,13 @@ public class LockPatternUtils { 
            final VerifyCredentialResponse response = getLockSettings().verifyCredential(

                    credential, userId, flags);

            if (response == null) {

                return VerifyCredentialResponse.ERROR;

                return VerifyCredentialResponse.OTHER_ERROR;

            } else {

                return response;

            }

        } catch (RemoteException re) {

            Log.e(TAG, "failed to verify credential", re);

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

    }
@@ -481,12 +481,12 @@ public class LockPatternUtils { 
            final VerifyCredentialResponse response = getLockSettings()

                    .verifyGatekeeperPasswordHandle(gatekeeperPasswordHandle, challenge, userId);

            if (response == null) {

                return VerifyCredentialResponse.ERROR;

                return VerifyCredentialResponse.OTHER_ERROR;

            }

            return response;

        } catch (RemoteException e) {

            Log.e(TAG, "failed to verify gatekeeper password", e);

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

    }
@@ -551,13 +551,13 @@ public class LockPatternUtils { 
            final VerifyCredentialResponse response = getLockSettings()

                    .verifyTiedProfileChallenge(credential, userId, flags);

            if (response == null) {

                return VerifyCredentialResponse.ERROR;

                return VerifyCredentialResponse.OTHER_ERROR;

            } else {

                return response;

            }

        } catch (RemoteException re) {

            Log.e(TAG, "failed to verify tied profile credential", re);

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

    }

core/java/com/android/internal/widget/VerifyCredentialResponse.java

+5 −6
Original line number Diff line number Diff line
@@ -33,18 +33,17 @@ import java.time.Duration; 
 */

public final class VerifyCredentialResponse implements Parcelable {



    public static final int RESPONSE_ERROR = -1;

    public static final int RESPONSE_OTHER_ERROR = -1;

    public static final int RESPONSE_OK = 0;

    public static final int RESPONSE_RETRY = 1;

    @IntDef({RESPONSE_ERROR,

            RESPONSE_OK,

            RESPONSE_RETRY})



    @IntDef({RESPONSE_OTHER_ERROR, RESPONSE_OK, RESPONSE_RETRY})

    @Retention(RetentionPolicy.SOURCE)

    @interface ResponseCode {}



    public static final VerifyCredentialResponse OK = new VerifyCredentialResponse.Builder()

            .build();

    public static final VerifyCredentialResponse ERROR = fromError();

    public static final VerifyCredentialResponse OTHER_ERROR = fromError();

    private static final String TAG = "VerifyCredentialResponse";



    private final @ResponseCode int mResponseCode;
@@ -124,7 +123,7 @@ public final class VerifyCredentialResponse implements Parcelable { 
     * being populated, provide a default method to return a VerifyCredentialResponse.

     */

    public static VerifyCredentialResponse fromError() {

        return new VerifyCredentialResponse(RESPONSE_ERROR,

        return new VerifyCredentialResponse(RESPONSE_OTHER_ERROR,

                0 /* timeout */,

                null /* gatekeeperHAT */,

                0L /* gatekeeperPasswordHandle */);

services/core/java/com/android/server/locksettings/LockSettingsService.java

+4 −4
Original line number Diff line number Diff line
@@ -2395,7 +2395,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        synchronized (mSpManager) {

            if (gatekeeperPassword == null) {

                Slog.d(TAG, "No gatekeeper password for handle");

                response = VerifyCredentialResponse.ERROR;

                response = VerifyCredentialResponse.OTHER_ERROR;

            } else {

                response = mSpManager.verifyChallengeInternal(getGateKeeperService(),

                        gatekeeperPassword, challenge, userId);
@@ -2429,11 +2429,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
        if (userId == USER_FRP && Settings.Global.getInt(mContext.getContentResolver(),

                Settings.Global.DEVICE_PROVISIONED, 0) != 0) {

            Slog.e(TAG, "FRP credential can only be verified prior to provisioning.");

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

        if (userId == USER_REPAIR_MODE && !LockPatternUtils.isRepairModeActive(mContext)) {

            Slog.e(TAG, "Repair mode is not active on the device.");

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

        Slogf.i(TAG, "Verifying lockscreen credential for user %d", userId);
@@ -2476,7 +2476,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
                if ((flags & VERIFY_FLAG_WRITE_REPAIR_MODE_PW) != 0) {

                    if (!mSpManager.writeRepairModeCredentialLocked(protectorId, userId)) {

                        Slog.e(TAG, "Failed to write repair mode credential");

                        return VerifyCredentialResponse.ERROR;

                        return VerifyCredentialResponse.OTHER_ERROR;

                    }

                }

                // credential has matched

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+18 −18
Original line number Diff line number Diff line
@@ -723,7 +723,7 @@ class SyntheticPasswordManager { 
                }

                break;

        }

        return VerifyCredentialResponse.ERROR;

        return VerifyCredentialResponse.OTHER_ERROR;

    }



    /**
@@ -1129,14 +1129,14 @@ class SyntheticPasswordManager { 
                        stretchedLskfToGkPassword(stretchedLskf));

            } catch (RemoteException e) {

                Slog.e(TAG, "Persistent data credential verifyChallenge failed", e);

                return VerifyCredentialResponse.ERROR;

                return VerifyCredentialResponse.OTHER_ERROR;

            }

            return VerifyCredentialResponse.fromGateKeeperResponse(response);

        } else if (persistentData.type == PersistentData.TYPE_SP_WEAVER) {

            final IWeaver weaver = getWeaverService();

            if (weaver == null) {

                Slog.e(TAG, "No weaver service to verify SP-based persistent data credential");

                return VerifyCredentialResponse.ERROR;

                return VerifyCredentialResponse.OTHER_ERROR;

            }

            PasswordData pwd = PasswordData.fromBytes(persistentData.payload);

            byte[] stretchedLskf = stretchLskf(userCredential, pwd);
@@ -1148,7 +1148,7 @@ class SyntheticPasswordManager { 
        } else {

            Slog.e(TAG, "persistentData.type must be TYPE_SP_GATEKEEPER or TYPE_SP_WEAVER, but is "

                    + persistentData.type);

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

    }
@@ -1403,7 +1403,7 @@ class SyntheticPasswordManager { 
        if (protectorId == SyntheticPasswordManager.NULL_PROTECTOR_ID) {

            // This should never happen, due to the migration done in LSS.onThirdPartyAppsStarted().

            Slogf.wtf(TAG, "Synthetic password not found for user %d", userId);

            result.response = VerifyCredentialResponse.ERROR;

            result.response = VerifyCredentialResponse.OTHER_ERROR;

            return result;

        }
@@ -1422,7 +1422,7 @@ class SyntheticPasswordManager { 
            Slogf.e(TAG, "Credential type mismatch: stored type is %s but provided type is %s",

                    LockPatternUtils.credentialTypeToString(storedType),

                    LockPatternUtils.credentialTypeToString(credential.getType()));

            result.response = VerifyCredentialResponse.ERROR;

            result.response = VerifyCredentialResponse.OTHER_ERROR;

            return result;

        }
@@ -1441,7 +1441,7 @@ class SyntheticPasswordManager { 
                final IWeaver weaver = getWeaverService();

                if (weaver == null) {

                    Slog.e(TAG, "Protector uses Weaver, but Weaver is unavailable");

                    result.response = VerifyCredentialResponse.ERROR;

                    result.response = VerifyCredentialResponse.OTHER_ERROR;

                    return result;

                }

                weaverKey = stretchedLskfToWeaverKey(stretchedLskf);
@@ -1459,7 +1459,7 @@ class SyntheticPasswordManager { 
                if (pwd == null || pwd.passwordHandle == null) {

                    if (!credential.isNone()) {

                        Slog.e(TAG, "Missing Gatekeeper password handle for nonempty LSKF");

                        result.response = VerifyCredentialResponse.ERROR;

                        result.response = VerifyCredentialResponse.OTHER_ERROR;

                        return result;

                    }

                } else {
@@ -1470,7 +1470,7 @@ class SyntheticPasswordManager { 
                                pwd.passwordHandle, gkPassword);

                    } catch (RemoteException e) {

                        Slog.e(TAG, "gatekeeper verify failed", e);

                        result.response = VerifyCredentialResponse.ERROR;

                        result.response = VerifyCredentialResponse.OTHER_ERROR;

                        return result;

                    }

                    int responseCode = response.getResponseCode();
@@ -1505,7 +1505,7 @@ class SyntheticPasswordManager { 
                                VerifyCredentialResponse.fromTimeout(response.getTimeout());

                        return result;

                    } else  {

                        result.response = VerifyCredentialResponse.ERROR;

                        result.response = VerifyCredentialResponse.OTHER_ERROR;

                        return result;

                    }

                    sid = sidFromPasswordHandle(pwd.passwordHandle);
@@ -1513,7 +1513,7 @@ class SyntheticPasswordManager { 
                byte[] secdiscardable = loadSecdiscardable(protectorId, userId);

                if (secdiscardable == null) {

                    Slog.e(TAG, "secdiscardable file not found");

                    result.response = VerifyCredentialResponse.ERROR;

                    result.response = VerifyCredentialResponse.OTHER_ERROR;

                    return result;

                }

                protectorSecret = transformUnderSecdiscardable(stretchedLskf, secdiscardable);
@@ -1586,7 +1586,7 @@ class SyntheticPasswordManager { 
        byte[] data = loadState(SP_BLOB_NAME, protectorId, userId);

        if (data == null) {

            AuthenticationResult result = new AuthenticationResult();

            result.response = VerifyCredentialResponse.ERROR;

            result.response = VerifyCredentialResponse.OTHER_ERROR;

            Slogf.w(TAG, "spblob not found for protector %016x, user %d", protectorId, userId);

            return result;

        }
@@ -1622,7 +1622,7 @@ class SyntheticPasswordManager { 
        byte[] secdiscardable = loadSecdiscardable(protectorId, userId);

        if (secdiscardable == null) {

            Slog.e(TAG, "secdiscardable file not found");

            result.response = VerifyCredentialResponse.ERROR;

            result.response = VerifyCredentialResponse.OTHER_ERROR;

            return result;

        }

        int slotId = loadWeaverSlot(protectorId, userId);
@@ -1630,7 +1630,7 @@ class SyntheticPasswordManager { 
            final IWeaver weaver = getWeaverService();

            if (weaver == null) {

                Slog.e(TAG, "Protector uses Weaver, but Weaver is unavailable");

                result.response = VerifyCredentialResponse.ERROR;

                result.response = VerifyCredentialResponse.OTHER_ERROR;

                return result;

            }

            WeaverReadResponse weaverResponse = weaverVerify(weaver, slotId, null);
@@ -1639,7 +1639,7 @@ class SyntheticPasswordManager { 
                    || secdiscardableEncryptionKey == null) {

                Slog.e(TAG,

                        "Failed to retrieve Weaver secret when unlocking token-based protector");

                result.response = VerifyCredentialResponse.ERROR;

                result.response = VerifyCredentialResponse.OTHER_ERROR;

                return result;

            }

            secdiscardable =
@@ -1659,7 +1659,7 @@ class SyntheticPasswordManager { 
                result.response = VerifyCredentialResponse.OK;

            }

        } else {

            result.response = VerifyCredentialResponse.ERROR;

            result.response = VerifyCredentialResponse.OTHER_ERROR;

        }

        return result;

    }
@@ -1739,7 +1739,7 @@ class SyntheticPasswordManager { 
                    spHandle, gatekeeperPassword);

        } catch (RemoteException e) {

            Slog.e(TAG, "Fail to verify with gatekeeper " + userId, e);

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

        int responseCode = response.getResponseCode();

        if (responseCode == GateKeeperResponse.RESPONSE_OK) {
@@ -1770,7 +1770,7 @@ class SyntheticPasswordManager { 
            return VerifyCredentialResponse.fromTimeout(response.getTimeout());

        } else {

            Slog.e(TAG, "Gatekeeper verification of synthetic password failed with RESPONSE_ERROR");

            return VerifyCredentialResponse.ERROR;

            return VerifyCredentialResponse.OTHER_ERROR;

        }

    }

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java

+5 −3
Original line number Diff line number Diff line
@@ -534,7 +534,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        final LockSettingsStateListener listener = mock(LockSettingsStateListener.class);

        mLocalService.registerLockSettingsStateListener(listener);



        assertEquals(VerifyCredentialResponse.RESPONSE_ERROR,

        assertEquals(

                VerifyCredentialResponse.RESPONSE_OTHER_ERROR,

                mService.verifyCredential(badPassword, PRIMARY_USER_ID, 0 /* flags */)

                        .getResponseCode());
@@ -555,7 +556,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        verify(listener).onAuthenticationSucceeded(PRIMARY_USER_ID);



        mLocalService.unregisterLockSettingsStateListener(listener);

        assertEquals(VerifyCredentialResponse.RESPONSE_ERROR,

        assertEquals(

                VerifyCredentialResponse.RESPONSE_OTHER_ERROR,

                mService.verifyCredential(badPassword, PRIMARY_USER_ID, 0 /* flags */)

                        .getResponseCode());

        verify(listener, never()).onAuthenticationFailed(PRIMARY_USER_ID);
@@ -760,7 +762,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
            badCredential = LockscreenCredential.createPin("0");

        }

        assertEquals(

                VerifyCredentialResponse.RESPONSE_ERROR,

                VerifyCredentialResponse.RESPONSE_OTHER_ERROR,

                mService.verifyCredential(badCredential, userId, 0 /* flags */).getResponseCode());

    }