Merge "locksettings: fix some errorprone warnings"

public class BiometricDeferredQueue {

    private static final String TAG = "BiometricDeferredQueue";

    @NonNull private final Context mContext;

    @NonNull private final SyntheticPasswordManager mSpManager;

    @NonNull private final Handler mHandler;

    @Nullable private FingerprintManager mFingerprintManager;

        mFaceResetLockoutTask = null;

    };

    BiometricDeferredQueue(@NonNull Context context, @NonNull SyntheticPasswordManager spManager,

            @NonNull Handler handler) {

        mContext = context;

    BiometricDeferredQueue(@NonNull SyntheticPasswordManager spManager, @NonNull Handler handler) {

        mSpManager = spManager;

        mHandler = handler;

        mPendingResetLockoutsForFingerprint = new ArrayList<>();

import android.content.IntentFilter;

import android.content.pm.PackageManager;

import android.content.pm.UserInfo;

import android.content.res.Resources;

import android.database.ContentObserver;

import android.database.sqlite.SQLiteDatabase;

import android.hardware.authsecret.V1_0.IAuthSecret;

    @VisibleForTesting

    protected final SyntheticPasswordManager mSpManager;

    private final KeyStore mKeyStore;

    private final java.security.KeyStore mJavaKeyStore;

    private final RecoverableKeyStoreManager mRecoverableKeyStoreManager;

    private ManagedProfilePasswordCache mManagedProfilePasswordCache;

    protected LockSettingsService(Injector injector) {

        mInjector = injector;

        mContext = injector.getContext();

        mKeyStore = injector.getKeyStore();

        mJavaKeyStore = injector.getJavaKeyStore();

        mRecoverableKeyStoreManager = injector.getRecoverableKeyStoreManager();

        mHandler = injector.getHandler(injector.getServiceThread());

        mSpManager = injector.getSyntheticPasswordManager(mStorage);

        mManagedProfilePasswordCache = injector.getManagedProfilePasswordCache(mJavaKeyStore);

        mBiometricDeferredQueue = new BiometricDeferredQueue(mContext, mSpManager, mHandler);

        mBiometricDeferredQueue = new BiometricDeferredQueue(mSpManager, mHandler);

        mRebootEscrowManager = injector.getRebootEscrowManager(new RebootEscrowCallbacks(),

                mStorage);

    }

    private void showEncryptionNotificationForProfile(UserHandle user, String reason) {

        Resources r = mContext.getResources();

        CharSequence title = getEncryptionNotificationTitle();

        CharSequence message = getEncryptionNotificationMessage();

        CharSequence detail = getEncryptionNotificationDetail();

        PendingIntent intent = PendingIntent.getActivity(mContext, 0, unlockIntent,

                PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_MUTABLE_UNAUDITED);

        Slog.d(TAG, String.format("showing encryption notification, user: %d; reason: %s",

        Slog.d(TAG, TextUtils.formatSimple("showing encryption notification, user: %d; reason: %s",

                user.getIdentifier(), reason));

        showEncryptionNotification(user, title, message, detail, intent);

        if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {

            EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), "");  // SafetyNet

        }

        checkWritePermission(UserHandle.USER_SYSTEM);

        checkWritePermission();

        mHasSecureLockScreen = mContext.getPackageManager()

                .hasSystemFeature(PackageManager.FEATURE_SECURE_LOCK_SCREEN);

        }

    }

    private final void checkWritePermission(int userId) {

    private final void checkWritePermission() {

        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsWrite");

    }

        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead");

    }

    private final void checkPasswordHavePermission(int userId) {

    private final void checkPasswordHavePermission() {

        if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {

            EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), "");  // SafetyNet

        }

    @Override

    public void setSeparateProfileChallengeEnabled(int userId, boolean enabled,

            LockscreenCredential profileUserPassword) {

        checkWritePermission(userId);

        checkWritePermission();

        if (!mHasSecureLockScreen

                && profileUserPassword != null

                && profileUserPassword.getType() != CREDENTIAL_TYPE_NONE) {

    @Override

    public void setBoolean(String key, boolean value, int userId) {

        checkWritePermission(userId);

        checkWritePermission();

        mStorage.setBoolean(key, value, userId);

    }

    @Override

    public void setLong(String key, long value, int userId) {

        checkWritePermission(userId);

        checkWritePermission();

        mStorage.setLong(key, value, userId);

    }

    @Override

    public void setString(String key, String value, int userId) {

        checkWritePermission(userId);

        checkWritePermission();

        mStorage.setString(key, value, userId);

    }

     */

    @Override

    public int getCredentialType(int userId) {

        checkPasswordHavePermission(userId);

        checkPasswordHavePermission();

        return getCredentialTypeInternal(userId);

    }

    @Override

    public void resetKeyStore(int userId) {

        checkWritePermission(userId);

        checkWritePermission();

        if (DEBUG) Slog.v(TAG, "Reset keystore for user: " + userId);

        List<Integer> profileUserIds = new ArrayList<>();

        List<LockscreenCredential> profileUserDecryptedPasswords = new ArrayList<>();

    @Override

    public void requireStrongAuth(int strongAuthReason, int userId) {

        checkWritePermission(userId);

        checkWritePermission();

        mStrongAuth.requireStrongAuth(strongAuthReason, userId);

    }

    @Override

    public void userPresent(int userId) {

        checkWritePermission(userId);

        checkWritePermission();

        mStrongAuth.reportUnlock(userId);

    }

        final int origPid = Binder.getCallingPid();

        final int origUid = Binder.getCallingUid();

        Slog.e(TAG, "Caller pid " + origPid + " Caller uid " + origUid);

        // The original identity is an opaque integer.

        final long origId = Binder.clearCallingIdentity();

        Slog.e(TAG, "Caller pid " + origPid + " Caller uid " + origUid);

        try {

            final LockSettingsShellCommand command =

                    new LockSettingsShellCommand(new LockPatternUtils(mContext), mContext, origPid,

        synchronized (mSpManager) {

            disableEscrowTokenOnNonManagedDevicesIfNeeded(userId);

            for (long handle : mSpManager.getPendingTokensForUser(userId)) {

                Slog.i(TAG, String.format("activateEscrowTokens: %x %d ", handle, userId));

                Slog.i(TAG, TextUtils.formatSimple("activateEscrowTokens: %x %d ", handle, userId));

                mSpManager.createTokenBasedProtector(handle, sp, userId);

            }

        }

            pw.println("User " + userId);

            pw.increaseIndent();

            synchronized (mSpManager) {

                pw.println(String.format("LSKF-based SP protector ID: %x",

                pw.println(TextUtils.formatSimple("LSKF-based SP protector ID: %x",

                        getCurrentLskfBasedProtectorId(userId)));

                pw.println(String.format("LSKF last changed: %s (previous protector: %x)",

                pw.println(TextUtils.formatSimple("LSKF last changed: %s (previous protector: %x)",

                        timestampToString(getLong(LSKF_LAST_CHANGED_TIME_KEY, 0, userId)),

                        getLong(PREV_LSKF_BASED_PROTECTOR_ID_KEY, 0, userId)));

            }

            try {

                pw.println(String.format("SID: %x",

                pw.println(TextUtils.formatSimple("SID: %x",

                        getGateKeeperService().getSecureUserId(userId)));

            } catch (RemoteException e) {

                // ignore.

            pw.println("CredentialType: " + credentialTypeToString(

                    getCredentialTypeInternal(userId)));

            pw.println("SeparateChallenge: " + getSeparateProfileChallengeEnabledInternal(userId));

            pw.println(String.format("Metrics: %s",

            pw.println(TextUtils.formatSimple("Metrics: %s",

                    getUserPasswordMetrics(userId) != null ? "known" : "unknown"));

            pw.decreaseIndent();

        }

package com.android.server.locksettings;

import static android.content.Context.USER_SERVICE;

import static android.text.TextUtils.formatSimple;

import static com.android.internal.annotations.VisibleForTesting.Visibility.PACKAGE;

import static com.android.internal.widget.LockPatternUtils.USER_FRP;

    }

    private File getSyntheticPasswordStateFileForUser(int userId, long protectorId, String name) {

        String fileName = formatSimple("%016x.%s", protectorId, name);

        String fileName = TextUtils.formatSimple("%016x.%s", protectorId, name);

        return new File(getSyntheticPasswordDirectoryForUser(userId), fileName);

    }

        final UserManager um = UserManager.get(mContext);

        for (UserInfo user : um.getUsers()) {

            File userPath = getSyntheticPasswordDirectoryForUser(user.id);

            pw.println(String.format("User %d [%s]:", user.id, userPath));

            pw.println(TextUtils.formatSimple("User %d [%s]:", user.id, userPath));

            pw.increaseIndent();

            File[] files = userPath.listFiles();

            if (files != null) {

                Arrays.sort(files);

                for (File file : files) {

                    pw.println(String.format("%6d %s %s", file.length(),

                    pw.println(TextUtils.formatSimple("%6d %s %s", file.length(),

                            LockSettingsService.timestampToString(file.lastModified()),

                            file.getName()));

                }

    /**

     * Notify the manager of which slots are definitively in use by the current OS image.

     *

     * @throws RuntimeException

     */

    public void refreshActiveSlots(Set<Integer> activeSlots) throws RuntimeException {

        if (mSlotMap == null) {

    /**

     * Mark the given slot as in use by the current OS image.

     *

     * @throws RuntimeException

     */

    public void markSlotInUse(int slot) throws RuntimeException {

        ensureSlotMapLoaded();

    /**

     * Mark the given slot as no longer in use by the current OS image.

     *

     * @throws RuntimeException

     */

    public void markSlotDeleted(int slot) throws RuntimeException {

        ensureSlotMapLoaded();

    private SecretKey getKeyStoreEncryptionKeyLocked() {

        try {

            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);

            KeyStore.LoadStoreParameter loadStoreParameter = null;

            // Load from the specific namespace if keystore2 is enabled.

            loadStoreParameter = new AndroidKeyStoreLoadStoreParameter(KEY_STORE_NAMESPACE);

            KeyStore.LoadStoreParameter loadStoreParameter =

                new AndroidKeyStoreLoadStoreParameter(KEY_STORE_NAMESPACE);

            keyStore.load(loadStoreParameter);

            return (SecretKey) keyStore.getKey(REBOOT_ESCROW_KEY_STORE_ENCRYPTION_KEY_NAME,

                    null);

        synchronized (mKeyStoreLock) {

            try {

                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);

                KeyStore.LoadStoreParameter loadStoreParameter = null;

                // Load from the specific namespace if keystore2 is enabled.

                loadStoreParameter = new AndroidKeyStoreLoadStoreParameter(KEY_STORE_NAMESPACE);

                KeyStore.LoadStoreParameter loadStoreParameter =

                    new AndroidKeyStoreLoadStoreParameter(KEY_STORE_NAMESPACE);

                keyStore.load(loadStoreParameter);

                keyStore.deleteEntry(REBOOT_ESCROW_KEY_STORE_ENCRYPTION_KEY_NAME);

            } catch (IOException | GeneralSecurityException e) {