Merge "Avoid calling LockPatternUtils from LockSettingsService" (b6a24e67) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/ILockSettings.aidl

+1 −0

Original line number	Diff line number	Diff line
		@@ -88,4 +88,5 @@ interface ILockSettings {
		in byte[] recoveryKeyBlob,
		in List<WrappedApplicationKey> applicationKeys);
		void closeSession(in String sessionId);
		boolean hasSecureLockScreen();
		}

core/java/com/android/internal/widget/LockPatternUtils.java

+5 −4

Original line number	Diff line number	Diff line
		@@ -33,7 +33,6 @@ import android.app.trust.TrustManager;
		import android.content.ComponentName;
		import android.content.ContentResolver;
		import android.content.Context;
		import android.content.pm.PackageManager;
		import android.content.pm.UserInfo;
		import android.os.AsyncTask;
		import android.os.Handler;
		@@ -88,7 +87,6 @@ public class LockPatternUtils {
		*/
		public static final long FAILED_ATTEMPT_COUNTDOWN_INTERVAL_MS = 1000L;


		/**
		* This dictates when we start telling the user that continued failed attempts will wipe
		* their device.
		@@ -1735,8 +1733,11 @@ public class LockPatternUtils {
		*/
		public boolean hasSecureLockScreen() {
		if (mHasSecureLockScreen == null) {
		mHasSecureLockScreen = Boolean.valueOf(mContext.getPackageManager()
		.hasSystemFeature(PackageManager.FEATURE_SECURE_LOCK_SCREEN));
		try {
		mHasSecureLockScreen = Boolean.valueOf(getLockSettings().hasSecureLockScreen());
		} catch (RemoteException e) {
		e.rethrowFromSystemServer();
		}
		}
		return mHasSecureLockScreen.booleanValue();
		}

services/core/java/com/android/server/locksettings/LockSettingsService.java

+21 −26

Original line number	Diff line number	Diff line
		@@ -212,7 +212,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		private final LockSettingsStrongAuth mStrongAuth;
		private final SynchronizedStrongAuthTracker mStrongAuthTracker;

		private final LockPatternUtils mLockPatternUtils;
		private final NotificationManager mNotificationManager;
		private final UserManager mUserManager;
		private final IStorageManager mStorageManager;
		@@ -228,6 +227,8 @@ public class LockSettingsService extends ILockSettings.Stub {
		// the device or changes password. Removed when user is stopped.
		@GuardedBy("this")
		final SparseArray<PasswordMetrics> mUserPasswordMetrics = new SparseArray<>();
		@VisibleForTesting
		protected boolean mHasSecureLockScreen;

		protected IGateKeeperService mGateKeeperService;
		protected IAuthSecret mAuthSecretService;
		@@ -351,7 +352,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		return;
		}
		// Do not tie managed profile when work challenge is enabled
		if (mLockPatternUtils.isSeparateProfileChallengeEnabled(managedUserId)) {
		if (getSeparateProfileChallengeEnabledInternal(managedUserId)) {
		return;
		}
		// Do not tie managed profile to parent when it's done already
		@@ -434,10 +435,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		return ActivityManager.getService();
		}

		public LockPatternUtils getLockPatternUtils() {
		return new LockPatternUtils(mContext);
		}

		public NotificationManager getNotificationManager() {
		return (NotificationManager) mContext.getSystemService(Context.NOTIFICATION_SERVICE);
		}
		@@ -535,7 +532,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		mStrongAuth = injector.getStrongAuth();
		mActivityManager = injector.getActivityManager();

		mLockPatternUtils = injector.getLockPatternUtils();
		mFirstCallToVold = true;

		IntentFilter filter = new IntentFilter();
		@@ -780,6 +776,9 @@ public class LockSettingsService extends ILockSettings.Stub {
		EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet
		}
		checkWritePermission(UserHandle.USER_SYSTEM);

		mHasSecureLockScreen = mContext.getPackageManager()
		.hasSystemFeature(PackageManager.FEATURE_SECURE_LOCK_SCREEN);
		migrateOldData();
		getGateKeeperService();
		mSpManager.initWeaverService();
		@@ -1018,6 +1017,11 @@ public class LockSettingsService extends ILockSettings.Stub {
		}
		}

		@Override
		public boolean hasSecureLockScreen() {
		return mHasSecureLockScreen;
		}

		@Override
		public boolean getSeparateProfileChallengeEnabled(int userId) {
		checkReadPermission(SEPARATE_PROFILE_CHALLENGE_KEY, userId);
		@@ -1034,7 +1038,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		public void setSeparateProfileChallengeEnabled(int userId, boolean enabled,
		LockscreenCredential managedUserPassword) {
		checkWritePermission(userId);
		if (!mLockPatternUtils.hasSecureLockScreen()) {
		if (!mHasSecureLockScreen) {
		throw new UnsupportedOperationException(
		"This operation requires secure lock screen feature.");
		}
		@@ -1147,12 +1151,7 @@ public class LockSettingsService extends ILockSettings.Stub {

		private String getStringUnchecked(String key, String defaultValue, int userId) {
		if (Settings.Secure.LOCK_PATTERN_ENABLED.equals(key)) {
		long ident = Binder.clearCallingIdentity();
		try {
		return mLockPatternUtils.isLockPatternEnabled(userId) ? "1" : "0";
		} finally {
		Binder.restoreCallingIdentity(ident);
		}
		return getCredentialTypeInternal(userId) == CREDENTIAL_TYPE_PATTERN ? "1" : "0";
		}
		if (userId == USER_FRP) {
		return null;
		@@ -1402,7 +1401,7 @@ public class LockSettingsService extends ILockSettings.Stub {

		private boolean tiedManagedProfileReadyToUnlock(UserInfo userInfo) {
		return userInfo.isManagedProfile()
		&& !mLockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id)
		&& !getSeparateProfileChallengeEnabledInternal(userInfo.id)
		&& mStorage.hasChildProfileLock(userInfo.id)
		&& mUserManager.isUserRunning(userInfo.id);
		}
		@@ -1420,7 +1419,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		continue;
		}
		final int managedUserId = profile.id;
		if (mLockPatternUtils.isSeparateProfileChallengeEnabled(managedUserId)) {
		if (getSeparateProfileChallengeEnabledInternal(managedUserId)) {
		continue;
		}
		try {
		@@ -1460,7 +1459,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		final UserInfo profile = profiles.get(i);
		if (profile.isManagedProfile()) {
		final int managedUserId = profile.id;
		if (mLockPatternUtils.isSeparateProfileChallengeEnabled(managedUserId)) {
		if (getSeparateProfileChallengeEnabledInternal(managedUserId)) {
		continue;
		}
		if (isSecure) {
		@@ -1487,12 +1486,12 @@ public class LockSettingsService extends ILockSettings.Stub {

		private boolean isManagedProfileWithUnifiedLock(int userId) {
		return mUserManager.getUserInfo(userId).isManagedProfile()
		&& !mLockPatternUtils.isSeparateProfileChallengeEnabled(userId);
		&& !getSeparateProfileChallengeEnabledInternal(userId);
		}

		private boolean isManagedProfileWithSeparatedLock(int userId) {
		return mUserManager.getUserInfo(userId).isManagedProfile()
		&& mLockPatternUtils.isSeparateProfileChallengeEnabled(userId);
		&& getSeparateProfileChallengeEnabledInternal(userId);
		}

		/**
		@@ -1565,7 +1564,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		public boolean setLockCredential(LockscreenCredential credential,
		LockscreenCredential savedCredential, int userId) {

		if (!mLockPatternUtils.hasSecureLockScreen()) {
		if (!mHasSecureLockScreen) {
		throw new UnsupportedOperationException(
		"This operation requires secure lock screen feature");
		}
		@@ -1872,7 +1871,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		for (UserInfo pi : profiles) {
		// Unlock managed profile with unified lock
		if (pi.isManagedProfile()
		&& !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id)
		&& !getSeparateProfileChallengeEnabledInternal(pi.id)
		&& mStorage.hasChildProfileLock(pi.id)) {
		try {
		if (managedUserId == -1) {
		@@ -2867,7 +2866,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		VerifyCredentialResponse response = authResult.gkResponse;
		AuthenticationToken auth = authResult.authToken;


		if (auth == null) {
		if (response == null
		\|\| response.getResponseCode() == VerifyCredentialResponse.RESPONSE_ERROR) {
		@@ -3075,9 +3073,6 @@ public class LockSettingsService extends ILockSettings.Stub {
		IndentingPrintWriter pw = new IndentingPrintWriter(printWriter, " ");

		pw.println("Current lock settings service state:");

		pw.println(String.format("SP Enabled = %b",
		mLockPatternUtils.isSyntheticPasswordEnabled()));
		pw.println();

		pw.println("User State:");
		@@ -3263,7 +3258,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		@Override
		public boolean setLockCredentialWithToken(LockscreenCredential credential, long tokenHandle,
		byte[] token, int userId) {
		if (!mLockPatternUtils.hasSecureLockScreen()) {
		if (!mHasSecureLockScreen) {
		throw new UnsupportedOperationException(
		"This operation requires secure lock screen feature.");
		}

services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java

+2 −16

Original line number	Diff line number	Diff line
		@@ -53,7 +53,6 @@ import android.security.KeyStore;
		import androidx.test.InstrumentationRegistry;
		import androidx.test.runner.AndroidJUnit4;

		import com.android.internal.widget.ILockSettings;
		import com.android.internal.widget.LockPatternUtils;
		import com.android.internal.widget.LockSettingsInternal;
		import com.android.internal.widget.LockscreenCredential;
		@@ -91,7 +90,6 @@ public abstract class BaseLockSettingsServiceTests {
		MockLockSettingsContext mContext;
		LockSettingsStorageTestable mStorage;

		LockPatternUtils mLockPatternUtils;
		FakeGateKeeperService mGateKeeperService;
		NotificationManager mNotificationManager;
		UserManager mUserManager;
		@@ -111,7 +109,6 @@ public abstract class BaseLockSettingsServiceTests {
		FingerprintManager mFingerprintManager;
		FaceManager mFaceManager;
		PackageManager mPackageManager;
		protected boolean mHasSecureLockScreen;
		FakeSettings mSettings;

		@Before
		@@ -153,25 +150,14 @@ public abstract class BaseLockSettingsServiceTests {
		storageDir.mkdirs();
		}

		mHasSecureLockScreen = true;
		mLockPatternUtils = new LockPatternUtils(mContext) {
		@Override
		public ILockSettings getLockSettings() {
		return mService;
		}

		@Override
		public boolean hasSecureLockScreen() {
		return mHasSecureLockScreen;
		}
		};
		mSpManager = new MockSyntheticPasswordManager(mContext, mStorage, mGateKeeperService,
		mUserManager, mPasswordSlotManager);
		mAuthSecretService = mock(IAuthSecret.class);
		mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils, mStorage,
		mService = new LockSettingsServiceTestable(mContext, mStorage,
		mGateKeeperService, mKeyStore, setUpStorageManagerMock(), mActivityManager,
		mSpManager, mAuthSecretService, mGsiService, mRecoverableKeyStoreManager,
		mUserManagerInternal, mDeviceStateCache, mSettings);
		mService.mHasSecureLockScreen = true;
		when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO);
		mPrimaryUserProfiles.add(PRIMARY_USER_INFO);
		installChildProfile(MANAGED_PROFILE_USER_ID);

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java

+3 −10

Original line number	Diff line number	Diff line
		@@ -32,7 +32,6 @@ import android.os.storage.IStorageManager;
		import android.security.KeyStore;
		import android.security.keystore.KeyPermanentlyInvalidatedException;

		import com.android.internal.widget.LockPatternUtils;
		import com.android.internal.widget.LockscreenCredential;
		import com.android.server.ServiceThread;
		import com.android.server.locksettings.recoverablekeystore.RecoverableKeyStoreManager;
		@@ -46,7 +45,6 @@ public class LockSettingsServiceTestable extends LockSettingsService {
		private LockSettingsStorage mLockSettingsStorage;
		private KeyStore mKeyStore;
		private IActivityManager mActivityManager;
		private LockPatternUtils mLockPatternUtils;
		private IStorageManager mStorageManager;
		private SyntheticPasswordManager mSpManager;
		private FakeGsiService mGsiService;
		@@ -56,7 +54,7 @@ public class LockSettingsServiceTestable extends LockSettingsService {
		private FakeSettings mSettings;

		public MockInjector(Context context, LockSettingsStorage storage, KeyStore keyStore,
		IActivityManager activityManager, LockPatternUtils lockPatternUtils,
		IActivityManager activityManager,
		IStorageManager storageManager, SyntheticPasswordManager spManager,
		FakeGsiService gsiService, RecoverableKeyStoreManager recoverableKeyStoreManager,
		UserManagerInternal userManagerInternal, DeviceStateCache deviceStateCache,
		@@ -65,7 +63,6 @@ public class LockSettingsServiceTestable extends LockSettingsService {
		mLockSettingsStorage = storage;
		mKeyStore = keyStore;
		mActivityManager = activityManager;
		mLockPatternUtils = lockPatternUtils;
		mStorageManager = storageManager;
		mSpManager = spManager;
		mGsiService = gsiService;
		@@ -100,10 +97,6 @@ public class LockSettingsServiceTestable extends LockSettingsService {
		return mActivityManager;
		}

		@Override
		public LockPatternUtils getLockPatternUtils() {
		return mLockPatternUtils;
		}
		@Override
		public DeviceStateCache getDeviceStateCache() {
		return mDeviceStateCache;
		@@ -158,14 +151,14 @@ public class LockSettingsServiceTestable extends LockSettingsService {

		public MockInjector mInjector;

		protected LockSettingsServiceTestable(Context context, LockPatternUtils lockPatternUtils,
		protected LockSettingsServiceTestable(Context context,
		LockSettingsStorage storage, FakeGateKeeperService gatekeeper, KeyStore keystore,
		IStorageManager storageManager, IActivityManager mActivityManager,
		SyntheticPasswordManager spManager, IAuthSecret authSecretService,
		FakeGsiService gsiService, RecoverableKeyStoreManager recoverableKeyStoreManager,
		UserManagerInternal userManagerInternal, DeviceStateCache deviceStateCache,
		FakeSettings settings) {
		super(new MockInjector(context, storage, keystore, mActivityManager, lockPatternUtils,
		super(new MockInjector(context, storage, keystore, mActivityManager,
		storageManager, spManager, gsiService,
		recoverableKeyStoreManager, userManagerInternal, deviceStateCache, settings));
		mGateKeeperService = gatekeeper;