Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b45adf13 authored by Eric Biggers's avatar Eric Biggers Committed by Automerger Merge Worker
Browse files

locksettings: clean up logging of escrow token operations am: cf5a081d 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/21724587



Change-Id: I8c9a3f2433f24fba8da73e0c2ed8d2dc25a8fab5
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents eb4abbf5 cf5a081d

services/core/java/com/android/server/locksettings/LockSettingsService.java

+16 −5
Original line number Diff line number Diff line
@@ -2932,7 +2932,7 @@ public class LockSettingsService extends ILockSettings.Stub { 


    private long addEscrowToken(@NonNull byte[] token, @TokenType int type, int userId,

            @NonNull EscrowTokenStateChangeCallback callback) {

        if (DEBUG) Slog.d(TAG, "addEscrowToken: user=" + userId + ", type=" + type);

        Slogf.i(TAG, "Adding escrow token for user %d", userId);

        synchronized (mSpManager) {

            // If the user has no LSKF, then the token can be activated immediately.  Otherwise, the

            // token can't be activated until the SP is unlocked by another protector (normally the
@@ -2950,18 +2950,20 @@ public class LockSettingsService extends ILockSettings.Stub { 
            long handle = mSpManager.addPendingToken(token, type, userId, callback);

            if (sp != null) {

                // Activate the token immediately

                Slogf.i(TAG, "Immediately activating escrow token %016x", handle);

                mSpManager.createTokenBasedProtector(handle, sp, userId);

            } else {

                Slogf.i(TAG, "Escrow token %016x will be activated when user is unlocked", handle);

            }

            return handle;

        }

    }



    private void activateEscrowTokens(SyntheticPassword sp, int userId) {

        if (DEBUG) Slog.d(TAG, "activateEscrowTokens: user=" + userId);

        synchronized (mSpManager) {

            disableEscrowTokenOnNonManagedDevicesIfNeeded(userId);

            for (long handle : mSpManager.getPendingTokensForUser(userId)) {

                Slogf.i(TAG, "activateEscrowTokens: %016x %d", handle, userId);

                Slogf.i(TAG, "Activating escrow token %016x for user %d", handle, userId);

                mSpManager.createTokenBasedProtector(handle, sp, userId);

            }

        }
@@ -3032,6 +3034,8 @@ public class LockSettingsService extends ILockSettings.Stub { 
    @GuardedBy("mSpManager")

    private boolean setLockCredentialWithTokenInternalLocked(LockscreenCredential credential,

            long tokenHandle, byte[] token, int userId) {

        Slogf.i(TAG, "Resetting lockscreen credential of user %d using escrow token %016x",

                userId, tokenHandle);

        final AuthenticationResult result;

        result = mSpManager.unlockTokenBasedProtector(getGateKeeperService(), tokenHandle, token,

                    userId);
@@ -3054,8 +3058,9 @@ public class LockSettingsService extends ILockSettings.Stub { 
    private boolean unlockUserWithToken(long tokenHandle, byte[] token, int userId) {

        AuthenticationResult authResult;

        synchronized (mSpManager) {

            Slogf.i(TAG, "Unlocking user %d using escrow token %016x", userId, tokenHandle);

            if (!mSpManager.hasEscrowData(userId)) {

                Slog.w(TAG, "Escrow token is disabled on the current user");

                Slogf.w(TAG, "Escrow token support is disabled on user %d", userId);

                return false;

            }

            authResult = mSpManager.unlockTokenBasedProtector(getGateKeeperService(), tokenHandle,
@@ -3066,6 +3071,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            }

        }



        Slogf.i(TAG, "Unlocked synthetic password for user %d using escrow token", userId);

        onCredentialVerified(authResult.syntheticPassword,

                loadPasswordMetrics(authResult.syntheticPassword, userId), userId);

        return true;
@@ -3183,6 +3189,11 @@ public class LockSettingsService extends ILockSettings.Stub { 
     * if we are running an automotive build.

     */

    private void disableEscrowTokenOnNonManagedDevicesIfNeeded(int userId) {



        if (!mSpManager.hasAnyEscrowData(userId)) {

            return;

        }



        // TODO(b/258213147): Remove

        final long identity = Binder.clearCallingIdentity();

        try {
@@ -3227,7 +3238,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }



        // Disable escrow token permanently on all other device/user types.

        Slog.i(TAG, "Disabling escrow token on user " + userId);

        Slogf.i(TAG, "Permanently disabling support for escrow tokens on user %d", userId);

        mSpManager.destroyEscrowData(userId);

    }

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+5 −0
Original line number Diff line number Diff line
@@ -744,6 +744,11 @@ class SyntheticPasswordManager { 
                && hasState(SP_P1_NAME, NULL_PROTECTOR_ID, userId);

    }



    public boolean hasAnyEscrowData(int userId) {

        return hasState(SP_E0_NAME, NULL_PROTECTOR_ID, userId)

                || hasState(SP_P1_NAME, NULL_PROTECTOR_ID, userId);

    }



    public void destroyEscrowData(int userId) {

        destroyState(SP_E0_NAME, NULL_PROTECTOR_ID, userId);

        destroyState(SP_P1_NAME, NULL_PROTECTOR_ID, userId);