Loading core/java/com/android/internal/widget/LockPatternUtils.java +15 −2 Original line number Diff line number Diff line Loading @@ -1687,8 +1687,21 @@ public class LockPatternUtils { * * @return a unique 64-bit token handle which is needed to refer to this token later. */ public long addEscrowToken(byte[] token, int userId) { return getLockSettingsInternal().addEscrowToken(token, userId); public long addEscrowToken(byte[] token, int userId, @Nullable EscrowTokenStateChangeCallback callback) { return getLockSettingsInternal().addEscrowToken(token, userId, callback); } /** * Callback interface to notify when an added escrow token has been activated. */ public interface EscrowTokenStateChangeCallback { /** * The method to be called when the token is activated. * @param handle 64 bit handle corresponding to the escrow token * @param userid user for whom the escrow token has been added */ void onEscrowTokenActivated(long handle, int userid); } /** Loading core/java/com/android/internal/widget/LockSettingsInternal.java +6 −2 Original line number Diff line number Diff line Loading @@ -29,15 +29,18 @@ public abstract class LockSettingsInternal { * or change user password. * * After adding, if the user currently has lockscreen password, he will need to perform a * confirm credential operation in order to activate the token for future use. If the user * confirm credential operation in order to activate the token for future use. * Once the token is activated, the callback that is passed here is called. If the user * has no secure lockscreen, then the token is activated immediately. * * @return a unique 64-bit token handle which is needed to refer to this token later. */ public abstract long addEscrowToken(byte[] token, int userId); public abstract long addEscrowToken(byte[] token, int userId, LockPatternUtils.EscrowTokenStateChangeCallback callback); /** * Remove an escrow token. * * @return true if the given handle refers to a valid token previously returned from * {@link #addEscrowToken}, whether it's active or not. return false otherwise. */ Loading @@ -51,6 +54,7 @@ public abstract class LockSettingsInternal { /** * Set the lock credential. * * @return true if password is set. */ public abstract boolean setLockCredentialWithToken(byte[] credential, int type, Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +7 −4 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ import static android.Manifest.permission.READ_CONTACTS; import static android.content.Context.KEYGUARD_SERVICE; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.android.internal.widget.LockPatternUtils.EscrowTokenStateChangeCallback; import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY; import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT; Loading Loading @@ -2648,7 +2649,8 @@ public class LockSettingsService extends ILockSettings.Stub { } } private long addEscrowToken(byte[] token, int userId) throws RemoteException { private long addEscrowToken(byte[] token, int userId, EscrowTokenStateChangeCallback callback) throws RemoteException { if (DEBUG) Slog.d(TAG, "addEscrowToken: user=" + userId); synchronized (mSpManager) { enableSyntheticPasswordLocked(); Loading @@ -2672,7 +2674,7 @@ public class LockSettingsService extends ILockSettings.Stub { throw new SecurityException("Escrow token is disabled on the current user"); } } long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId); long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId, callback); if (auth != null) { mSpManager.activateTokenBasedSyntheticPassword(handle, auth, userId); } Loading Loading @@ -2943,9 +2945,10 @@ public class LockSettingsService extends ILockSettings.Stub { private final class LocalService extends LockSettingsInternal { @Override public long addEscrowToken(byte[] token, int userId) { public long addEscrowToken(byte[] token, int userId, EscrowTokenStateChangeCallback callback) { try { return LockSettingsService.this.addEscrowToken(token, userId); return LockSettingsService.this.addEscrowToken(token, userId, callback); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } Loading services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java +13 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.server.locksettings; import static com.android.internal.widget.LockPatternUtils.EscrowTokenStateChangeCallback; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.admin.DevicePolicyManager; Loading Loading @@ -281,6 +283,7 @@ public class SyntheticPasswordManager { byte[] secdiscardableOnDisk; byte[] weaverSecret; byte[] aggregatedSecret; EscrowTokenStateChangeCallback mCallback; } private final Context mContext; Loading Loading @@ -746,7 +749,12 @@ public class SyntheticPasswordManager { private ArrayMap<Integer, ArrayMap<Long, TokenData>> tokenMap = new ArrayMap<>(); public long createTokenBasedSyntheticPassword(byte[] token, int userId) { /** * Create a token based Synthetic password for the given user. * @return */ public long createTokenBasedSyntheticPassword(byte[] token, int userId, @Nullable EscrowTokenStateChangeCallback changeCallback) { long handle = generateHandle(); if (!tokenMap.containsKey(userId)) { tokenMap.put(userId, new ArrayMap<>()); Loading @@ -762,6 +770,7 @@ public class SyntheticPasswordManager { tokenData.weaverSecret = null; } tokenData.aggregatedSecret = transformUnderSecdiscardable(token, secdiscardable); tokenData.mCallback = changeCallback; tokenMap.get(userId).put(handle, tokenData); return handle; Loading Loading @@ -810,6 +819,9 @@ public class SyntheticPasswordManager { createSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_TOKEN_BASED, authToken, tokenData.aggregatedSecret, 0L, userId); tokenMap.get(userId).remove(handle); if (tokenData.mCallback != null) { tokenData.mCallback.onEscrowTokenActivated(handle, userId); } return true; } Loading services/core/java/com/android/server/trust/TrustAgentWrapper.java +15 −2 Original line number Diff line number Diff line Loading @@ -43,8 +43,6 @@ import android.service.trust.TrustAgentService; import android.util.Log; import android.util.Slog; import com.android.internal.policy.IKeyguardDismissCallback; import java.util.Collections; import java.util.List; Loading Loading @@ -495,6 +493,21 @@ public class TrustAgentWrapper { } } /** * @see android.service.trust.TrustAgentService#onTokenStateReceived() * */ public void onEscrowTokenActivated(long handle, int userId) { if (DEBUG) Slog.d(TAG, "onEscrowTokenActivated: " + handle + " user: " + userId); if (mTrustAgentService != null) { try { mTrustAgentService.onTokenStateReceived(handle, TrustAgentService.TOKEN_STATE_ACTIVE); } catch (RemoteException e) { onError(e); } } } private void setCallback(ITrustAgentServiceCallback callback) { try { if (mTrustAgentService != null) { Loading Loading
core/java/com/android/internal/widget/LockPatternUtils.java +15 −2 Original line number Diff line number Diff line Loading @@ -1687,8 +1687,21 @@ public class LockPatternUtils { * * @return a unique 64-bit token handle which is needed to refer to this token later. */ public long addEscrowToken(byte[] token, int userId) { return getLockSettingsInternal().addEscrowToken(token, userId); public long addEscrowToken(byte[] token, int userId, @Nullable EscrowTokenStateChangeCallback callback) { return getLockSettingsInternal().addEscrowToken(token, userId, callback); } /** * Callback interface to notify when an added escrow token has been activated. */ public interface EscrowTokenStateChangeCallback { /** * The method to be called when the token is activated. * @param handle 64 bit handle corresponding to the escrow token * @param userid user for whom the escrow token has been added */ void onEscrowTokenActivated(long handle, int userid); } /** Loading
core/java/com/android/internal/widget/LockSettingsInternal.java +6 −2 Original line number Diff line number Diff line Loading @@ -29,15 +29,18 @@ public abstract class LockSettingsInternal { * or change user password. * * After adding, if the user currently has lockscreen password, he will need to perform a * confirm credential operation in order to activate the token for future use. If the user * confirm credential operation in order to activate the token for future use. * Once the token is activated, the callback that is passed here is called. If the user * has no secure lockscreen, then the token is activated immediately. * * @return a unique 64-bit token handle which is needed to refer to this token later. */ public abstract long addEscrowToken(byte[] token, int userId); public abstract long addEscrowToken(byte[] token, int userId, LockPatternUtils.EscrowTokenStateChangeCallback callback); /** * Remove an escrow token. * * @return true if the given handle refers to a valid token previously returned from * {@link #addEscrowToken}, whether it's active or not. return false otherwise. */ Loading @@ -51,6 +54,7 @@ public abstract class LockSettingsInternal { /** * Set the lock credential. * * @return true if password is set. */ public abstract boolean setLockCredentialWithToken(byte[] credential, int type, Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +7 −4 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ import static android.Manifest.permission.READ_CONTACTS; import static android.content.Context.KEYGUARD_SERVICE; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.android.internal.widget.LockPatternUtils.EscrowTokenStateChangeCallback; import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY; import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT; Loading Loading @@ -2648,7 +2649,8 @@ public class LockSettingsService extends ILockSettings.Stub { } } private long addEscrowToken(byte[] token, int userId) throws RemoteException { private long addEscrowToken(byte[] token, int userId, EscrowTokenStateChangeCallback callback) throws RemoteException { if (DEBUG) Slog.d(TAG, "addEscrowToken: user=" + userId); synchronized (mSpManager) { enableSyntheticPasswordLocked(); Loading @@ -2672,7 +2674,7 @@ public class LockSettingsService extends ILockSettings.Stub { throw new SecurityException("Escrow token is disabled on the current user"); } } long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId); long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId, callback); if (auth != null) { mSpManager.activateTokenBasedSyntheticPassword(handle, auth, userId); } Loading Loading @@ -2943,9 +2945,10 @@ public class LockSettingsService extends ILockSettings.Stub { private final class LocalService extends LockSettingsInternal { @Override public long addEscrowToken(byte[] token, int userId) { public long addEscrowToken(byte[] token, int userId, EscrowTokenStateChangeCallback callback) { try { return LockSettingsService.this.addEscrowToken(token, userId); return LockSettingsService.this.addEscrowToken(token, userId, callback); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } Loading
services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java +13 −1 Original line number Diff line number Diff line Loading @@ -16,6 +16,8 @@ package com.android.server.locksettings; import static com.android.internal.widget.LockPatternUtils.EscrowTokenStateChangeCallback; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.admin.DevicePolicyManager; Loading Loading @@ -281,6 +283,7 @@ public class SyntheticPasswordManager { byte[] secdiscardableOnDisk; byte[] weaverSecret; byte[] aggregatedSecret; EscrowTokenStateChangeCallback mCallback; } private final Context mContext; Loading Loading @@ -746,7 +749,12 @@ public class SyntheticPasswordManager { private ArrayMap<Integer, ArrayMap<Long, TokenData>> tokenMap = new ArrayMap<>(); public long createTokenBasedSyntheticPassword(byte[] token, int userId) { /** * Create a token based Synthetic password for the given user. * @return */ public long createTokenBasedSyntheticPassword(byte[] token, int userId, @Nullable EscrowTokenStateChangeCallback changeCallback) { long handle = generateHandle(); if (!tokenMap.containsKey(userId)) { tokenMap.put(userId, new ArrayMap<>()); Loading @@ -762,6 +770,7 @@ public class SyntheticPasswordManager { tokenData.weaverSecret = null; } tokenData.aggregatedSecret = transformUnderSecdiscardable(token, secdiscardable); tokenData.mCallback = changeCallback; tokenMap.get(userId).put(handle, tokenData); return handle; Loading Loading @@ -810,6 +819,9 @@ public class SyntheticPasswordManager { createSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_TOKEN_BASED, authToken, tokenData.aggregatedSecret, 0L, userId); tokenMap.get(userId).remove(handle); if (tokenData.mCallback != null) { tokenData.mCallback.onEscrowTokenActivated(handle, userId); } return true; } Loading
services/core/java/com/android/server/trust/TrustAgentWrapper.java +15 −2 Original line number Diff line number Diff line Loading @@ -43,8 +43,6 @@ import android.service.trust.TrustAgentService; import android.util.Log; import android.util.Slog; import com.android.internal.policy.IKeyguardDismissCallback; import java.util.Collections; import java.util.List; Loading Loading @@ -495,6 +493,21 @@ public class TrustAgentWrapper { } } /** * @see android.service.trust.TrustAgentService#onTokenStateReceived() * */ public void onEscrowTokenActivated(long handle, int userId) { if (DEBUG) Slog.d(TAG, "onEscrowTokenActivated: " + handle + " user: " + userId); if (mTrustAgentService != null) { try { mTrustAgentService.onTokenStateReceived(handle, TrustAgentService.TOKEN_STATE_ACTIVE); } catch (RemoteException e) { onError(e); } } } private void setCallback(ITrustAgentServiceCallback callback) { try { if (mTrustAgentService != null) { Loading
