Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +2 −15 Original line number Diff line number Diff line Loading @@ -2143,17 +2143,6 @@ public class LockSettingsService extends ILockSettings.Stub { // credential has matched mBiometricDeferredQueue.addPendingLockoutResetForUser(userId, authResult.syntheticPassword.deriveGkPassword()); // perform verifyChallenge with synthetic password which generates the real GK auth // token and response for the current user response = mSpManager.verifyChallenge(getGateKeeperService(), authResult.syntheticPassword, 0L /* challenge */, userId); if (response.getResponseCode() != VerifyCredentialResponse.RESPONSE_OK) { // This shouldn't really happen: the unwrapping of SP succeeds, but SP doesn't // match the recorded GK password handle. Slog.wtf(TAG, "verifyChallenge with SP failed."); return VerifyCredentialResponse.ERROR; } } } if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { Loading Loading @@ -2760,7 +2749,7 @@ public class LockSettingsService extends ILockSettings.Stub { * * Also maintains the invariants described in {@link SyntheticPasswordManager} by * setting/clearing the protection (by the SP) on the user's auth-bound Keystore keys when the * LSKF is added/removed, respectively. If the new LSKF is nonempty, then the Gatekeeper auth * LSKF is added/removed, respectively. If an LSKF is being added, then the Gatekeeper auth * token is also refreshed. */ @GuardedBy("mSpManager") Loading @@ -2776,9 +2765,7 @@ public class LockSettingsService extends ILockSettings.Stub { // not needed by synchronizeUnifiedWorkChallengeForProfiles() profilePasswords = null; if (mSpManager.hasSidForUser(userId)) { mSpManager.verifyChallenge(getGateKeeperService(), sp, 0L, userId); } else { if (!mSpManager.hasSidForUser(userId)) { mSpManager.newSidForUser(getGateKeeperService(), sp, userId); mSpManager.verifyChallenge(getGateKeeperService(), sp, 0L, userId); setKeystorePassword(sp.deriveKeyStorePassword(), userId); Loading Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +2 −15 Original line number Diff line number Diff line Loading @@ -2143,17 +2143,6 @@ public class LockSettingsService extends ILockSettings.Stub { // credential has matched mBiometricDeferredQueue.addPendingLockoutResetForUser(userId, authResult.syntheticPassword.deriveGkPassword()); // perform verifyChallenge with synthetic password which generates the real GK auth // token and response for the current user response = mSpManager.verifyChallenge(getGateKeeperService(), authResult.syntheticPassword, 0L /* challenge */, userId); if (response.getResponseCode() != VerifyCredentialResponse.RESPONSE_OK) { // This shouldn't really happen: the unwrapping of SP succeeds, but SP doesn't // match the recorded GK password handle. Slog.wtf(TAG, "verifyChallenge with SP failed."); return VerifyCredentialResponse.ERROR; } } } if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { Loading Loading @@ -2760,7 +2749,7 @@ public class LockSettingsService extends ILockSettings.Stub { * * Also maintains the invariants described in {@link SyntheticPasswordManager} by * setting/clearing the protection (by the SP) on the user's auth-bound Keystore keys when the * LSKF is added/removed, respectively. If the new LSKF is nonempty, then the Gatekeeper auth * LSKF is added/removed, respectively. If an LSKF is being added, then the Gatekeeper auth * token is also refreshed. */ @GuardedBy("mSpManager") Loading @@ -2776,9 +2765,7 @@ public class LockSettingsService extends ILockSettings.Stub { // not needed by synchronizeUnifiedWorkChallengeForProfiles() profilePasswords = null; if (mSpManager.hasSidForUser(userId)) { mSpManager.verifyChallenge(getGateKeeperService(), sp, 0L, userId); } else { if (!mSpManager.hasSidForUser(userId)) { mSpManager.newSidForUser(getGateKeeperService(), sp, userId); mSpManager.verifyChallenge(getGateKeeperService(), sp, 0L, userId); setKeystorePassword(sp.deriveKeyStorePassword(), userId); Loading
