Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bd99a1dc authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Return copy of pending token list" into rvc-qpr-dev am: 9dce0642 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13806835

Change-Id: Ib65b57092048641fb3a25d125569512e12d59ddb
parents cb8e274f 9dce0642

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+2 −1
Original line number Original line Diff line number Diff line
@@ -35,6 +35,7 @@ import android.security.Scrypt; 
import android.service.gatekeeper.GateKeeperResponse;

import android.service.gatekeeper.GateKeeperResponse;

import android.service.gatekeeper.IGateKeeperService;

import android.service.gatekeeper.IGateKeeperService;

import android.util.ArrayMap;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.Slog;

import android.util.Slog;





import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.annotations.VisibleForTesting;
@@ -904,7 +905,7 @@ public class SyntheticPasswordManager { 
        if (!tokenMap.containsKey(userId)) {

        if (!tokenMap.containsKey(userId)) {

            return Collections.emptySet();

            return Collections.emptySet();

        }

        }

        return tokenMap.get(userId).keySet();

        return new ArraySet<>(tokenMap.get(userId).keySet());

    }

    }





    public boolean removePendingToken(long handle, int userId) {

    public boolean removePendingToken(long handle, int userId) {

services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

+38 −4
Original line number Original line Diff line number Diff line
@@ -246,7 +246,8 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        assertFalse(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertFalse(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertTrue(mService.hasPendingEscrowToken(PRIMARY_USER_ID));

        assertTrue(mService.hasPendingEscrowToken(PRIMARY_USER_ID));





        mService.verifyCredential(password, 0, PRIMARY_USER_ID).getResponseCode();

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                password, 0, PRIMARY_USER_ID).getResponseCode());

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertFalse(mService.hasPendingEscrowToken(PRIMARY_USER_ID));

        assertFalse(mService.hasPendingEscrowToken(PRIMARY_USER_ID));
@@ -275,7 +276,8 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);

        long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);

        assertFalse(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertFalse(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));





        mService.verifyCredential(password, 0, PRIMARY_USER_ID).getResponseCode();

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                password, 0, PRIMARY_USER_ID).getResponseCode());

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));





        mLocalService.setLockCredentialWithToken(nonePassword(), handle, token, PRIMARY_USER_ID);

        mLocalService.setLockCredentialWithToken(nonePassword(), handle, token, PRIMARY_USER_ID);
@@ -301,7 +303,8 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);

        long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);

        assertFalse(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertFalse(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));





        mService.verifyCredential(password, 0, PRIMARY_USER_ID).getResponseCode();

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                password, 0, PRIMARY_USER_ID).getResponseCode());

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));





        mService.setLockCredential(pattern, password, PRIMARY_USER_ID);

        mService.setLockCredential(pattern, password, PRIMARY_USER_ID);
@@ -376,6 +379,36 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        } catch (SecurityException expected) { }

        } catch (SecurityException expected) { }

    }

    }





    @Test

    public void testActivateMultipleEscrowTokens() throws Exception {

        byte[] token0 = "some-high-entropy-secure-token-0".getBytes();

        byte[] token1 = "some-high-entropy-secure-token-1".getBytes();

        byte[] token2 = "some-high-entropy-secure-token-2".getBytes();



        LockscreenCredential password = newPassword("password");

        LockscreenCredential pattern = newPattern("123654");

        initializeCredentialUnderSP(password, PRIMARY_USER_ID);



        long handle0 = mLocalService.addEscrowToken(token0, PRIMARY_USER_ID, null);

        long handle1 = mLocalService.addEscrowToken(token1, PRIMARY_USER_ID, null);

        long handle2 = mLocalService.addEscrowToken(token2, PRIMARY_USER_ID, null);



        // Activate token

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                password, 0, PRIMARY_USER_ID).getResponseCode());



        // Verify tokens work

        assertTrue(mLocalService.isEscrowTokenActive(handle0, PRIMARY_USER_ID));

        assertTrue(mLocalService.setLockCredentialWithToken(

                pattern, handle0, token0, PRIMARY_USER_ID));

        assertTrue(mLocalService.isEscrowTokenActive(handle1, PRIMARY_USER_ID));

        assertTrue(mLocalService.setLockCredentialWithToken(

                pattern, handle1, token1, PRIMARY_USER_ID));

        assertTrue(mLocalService.isEscrowTokenActive(handle2, PRIMARY_USER_ID));

        assertTrue(mLocalService.setLockCredentialWithToken(

                pattern, handle2, token2, PRIMARY_USER_ID));

    }



    @Test

    @Test

    public void testSetLockCredentialWithTokenFailsWithoutLockScreen() throws Exception {

    public void testSetLockCredentialWithTokenFailsWithoutLockScreen() throws Exception {

        LockscreenCredential password = newPassword("password");

        LockscreenCredential password = newPassword("password");
@@ -503,7 +536,8 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
        reset(mDevicePolicyManager);

        reset(mDevicePolicyManager);





        long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);

        long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);

        mService.verifyCredential(password, 0, PRIMARY_USER_ID).getResponseCode();

        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(

                password, 0, PRIMARY_USER_ID).getResponseCode());

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));

        assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));





        mService.onCleanupUser(PRIMARY_USER_ID);

        mService.onCleanupUser(PRIMARY_USER_ID);