Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a63e4f04 authored by Dinesh K Garg's avatar Dinesh K Garg Committed by Linux Build Service Account
Browse files

Fix clearing of retained password 

HW accelerated FDE requires both old and new password to be sent to
secure side to verify and update password. This requires storing of
old password until password is verified. Initial approach of clearing
old password after 60 seconds has a bug which resets old password to
default if user delays entering new password. This fix would gives
caller the responsibility to clear the password once password is
updated.

Change-Id: I0ea5cb92ec3908e31c081ce2af6a190c67aadc7b
parent 1a37b534

core/java/com/android/internal/widget/ILockSettings.aidl

+1 −0
Original line number Diff line number Diff line
@@ -35,4 +35,5 @@ interface ILockSettings { 
    boolean checkVoldPassword(int userId);

    boolean havePattern(int userId);

    boolean havePassword(int userId);

    void sanitizePassword();

}

core/java/com/android/internal/widget/LockPatternUtils.java

+11 −0
Original line number Diff line number Diff line
@@ -529,6 +529,17 @@ public class LockPatternUtils { 
        }

    }



    /**

     * clears stored password.

     */

    public void sanitizePassword() {

        try {

            getLockSettings().sanitizePassword();

        } catch (RemoteException re) {

            Log.e(TAG, "Couldn't sanitize password" + re);

        }

    }



    private void updateCryptoUserInfo(int userId) {

        if (userId != UserHandle.USER_OWNER) {

            return;

services/core/java/com/android/server/LockSettingsService.java

+15 −11
Original line number Diff line number Diff line
@@ -70,6 +70,8 @@ public class LockSettingsService extends ILockSettings.Stub { 


    private static final String TAG = "LockSettingsService";



    private static final String DEFAULT_PASSWORD = "default_password";



    private final Context mContext;



    private final LockSettingsStorage mStorage;
@@ -77,9 +79,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
    private LockPatternUtils mLockPatternUtils;

    private boolean mFirstCallToVold;

    private IGateKeeperService mGateKeeperService;

    private static String mSavePassword = "default_password";

    private static final long CLEAR_PASSWORD_INTERVAL = 60 * 1000; // 1m

    protected Timer mClearPasswordTimer;

    private static String mSavePassword = DEFAULT_PASSWORD;



    private interface CredentialUtil {

        void setCredential(String credential, String savedCredential, int userId)
@@ -367,14 +367,18 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    public void retainPassword(String password) {

        if (LockPatternUtils.isDeviceEncryptionEnabled()) {

            if (password != null)

                mSavePassword = password;

        mClearPasswordTimer = new Timer();

        mClearPasswordTimer.schedule(new TimerTask() {

            @Override

            public void run() {

                mSavePassword = "default_password";

            else

                mSavePassword = DEFAULT_PASSWORD;

        }

    }



    public void sanitizePassword() {

        if (LockPatternUtils.isDeviceEncryptionEnabled()) {

            mSavePassword = DEFAULT_PASSWORD;

        }

        }, CLEAR_PASSWORD_INTERVAL);

    }



    public String getPassword() {

services/core/java/com/android/server/MountService.java

+1 −0
Original line number Diff line number Diff line
@@ -2439,6 +2439,7 @@ class MountService extends IMountService.Stub 
        try {

            NativeDaemonEvent event = mCryptConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],

                        new SensitiveArg(currentPassword), new SensitiveArg(password));

            lockSettings.sanitizePassword();

            return Integer.parseInt(event.getMessage());

        } catch (NativeDaemonConnectorException e) {

            // Encryption failed