Loading core/java/android/app/KeyguardManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -58,6 +58,7 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.policy.IDeviceLockedStateListener; import com.android.internal.policy.IKeyguardDismissCallback; import com.android.internal.policy.IKeyguardLockedStateListener; import com.android.internal.util.ArrayUtils; import com.android.internal.util.Preconditions; import com.android.internal.widget.IWeakEscrowTokenActivatedListener; import com.android.internal.widget.IWeakEscrowTokenRemovedListener; Loading Loading @@ -1076,7 +1077,7 @@ public class KeyguardManager { Log.e(TAG, "Save lock exception", e); success = false; } finally { LockPatternUtils.zeroize(password); ArrayUtils.zeroize(password); } return success; } Loading core/java/android/security/flags.aconfig +0 −10 Original line number Diff line number Diff line Loading @@ -41,16 +41,6 @@ flag { bug: "325129836" } flag { name: "secure_array_zeroization" namespace: "security" description: "Enable secure array zeroization" bug: "320392352" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "frp_enforcement" is_exported: true Loading core/java/com/android/internal/widget/LockPatternUtils.java +1 −52 Original line number Diff line number Diff line Loading @@ -74,7 +74,6 @@ import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; Loading Loading @@ -289,56 +288,6 @@ public class LockPatternUtils { } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static byte[] newNonMovableByteArray(int length) { if (!android.security.Flags.secureArrayZeroization()) { return new byte[length]; } return ArrayUtils.newNonMovableByteArray(length); } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static char[] newNonMovableCharArray(int length) { if (!android.security.Flags.secureArrayZeroization()) { return new char[length]; } return ArrayUtils.newNonMovableCharArray(length); } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static void zeroize(byte[] array) { if (!android.security.Flags.secureArrayZeroization()) { if (array != null) { Arrays.fill(array, (byte) 0); } return; } ArrayUtils.zeroize(array); } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static void zeroize(char[] array) { if (!android.security.Flags.secureArrayZeroization()) { if (array != null) { Arrays.fill(array, (char) 0); } return; } ArrayUtils.zeroize(array); } @UnsupportedAppUsage public DevicePolicyManager getDevicePolicyManager() { if (mDevicePolicyManager == null) { Loading Loading @@ -1039,7 +988,7 @@ public class LockPatternUtils { } final int patternSize = pattern.size(); byte[] res = newNonMovableByteArray(patternSize); byte[] res = ArrayUtils.newNonMovableByteArray(patternSize); for (int i = 0; i < patternSize; i++) { LockPatternView.Cell cell = pattern.get(i); res[i] = (byte) (cell.getRow() * 3 + cell.getColumn() + '1'); Loading core/java/com/android/internal/widget/LockscreenCredential.java +4 −4 Original line number Diff line number Diff line Loading @@ -246,7 +246,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { */ public void zeroize() { if (mCredential != null) { LockPatternUtils.zeroize(mCredential); ArrayUtils.zeroize(mCredential); mCredential = null; } } Loading @@ -255,7 +255,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { * Copies the given array into a new non-movable array. */ private static byte[] copyOfArrayNonMovable(byte[] array) { byte[] copy = LockPatternUtils.newNonMovableByteArray(array.length); byte[] copy = ArrayUtils.newNonMovableByteArray(array.length); System.arraycopy(array, 0, copy, 0, array.length); return copy; } Loading Loading @@ -355,7 +355,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { byte[] sha1 = MessageDigest.getInstance("SHA-1").digest(saltedPassword); byte[] md5 = MessageDigest.getInstance("MD5").digest(saltedPassword); LockPatternUtils.zeroize(saltedPassword); ArrayUtils.zeroize(saltedPassword); return HexEncoding.encodeToString(ArrayUtils.concat(sha1, md5)); } catch (NoSuchAlgorithmException e) { throw new AssertionError("Missing digest algorithm: ", e); Loading Loading @@ -449,7 +449,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { * @return A byte array representing the input */ private static byte[] charsToBytesTruncating(CharSequence chars) { byte[] bytes = LockPatternUtils.newNonMovableByteArray(chars.length()); byte[] bytes = ArrayUtils.newNonMovableByteArray(chars.length()); for (int i = 0; i < chars.length(); i++) { bytes[i] = (byte) chars.charAt(i); } Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +6 −6 Original line number Diff line number Diff line Loading @@ -430,9 +430,9 @@ public class LockSettingsService extends ILockSettings.Stub { } LockscreenCredential credential = LockscreenCredential.createUnifiedProfilePassword(newPassword); LockPatternUtils.zeroize(newPasswordChars); LockPatternUtils.zeroize(newPassword); LockPatternUtils.zeroize(randomLockSeed); ArrayUtils.zeroize(newPasswordChars); ArrayUtils.zeroize(newPassword); ArrayUtils.zeroize(randomLockSeed); return credential; } Loading Loading @@ -1513,7 +1513,7 @@ public class LockSettingsService extends ILockSettings.Stub { + userId); } } finally { LockPatternUtils.zeroize(password); ArrayUtils.zeroize(password); } } Loading Loading @@ -1546,7 +1546,7 @@ public class LockSettingsService extends ILockSettings.Stub { decryptionResult = cipher.doFinal(encryptedPassword); LockscreenCredential credential = LockscreenCredential.createUnifiedProfilePassword( decryptionResult); LockPatternUtils.zeroize(decryptionResult); ArrayUtils.zeroize(decryptionResult); try { long parentSid = getGateKeeperService().getSecureUserId( mUserManager.getProfileParent(userId).id); Loading Loading @@ -2228,7 +2228,7 @@ public class LockSettingsService extends ILockSettings.Stub { } catch (RemoteException e) { Slogf.wtf(TAG, e, "Failed to unlock CE storage for %s user %d", userType, userId); } finally { LockPatternUtils.zeroize(secret); ArrayUtils.zeroize(secret); } } Loading Loading
core/java/android/app/KeyguardManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -58,6 +58,7 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.internal.policy.IDeviceLockedStateListener; import com.android.internal.policy.IKeyguardDismissCallback; import com.android.internal.policy.IKeyguardLockedStateListener; import com.android.internal.util.ArrayUtils; import com.android.internal.util.Preconditions; import com.android.internal.widget.IWeakEscrowTokenActivatedListener; import com.android.internal.widget.IWeakEscrowTokenRemovedListener; Loading Loading @@ -1076,7 +1077,7 @@ public class KeyguardManager { Log.e(TAG, "Save lock exception", e); success = false; } finally { LockPatternUtils.zeroize(password); ArrayUtils.zeroize(password); } return success; } Loading
core/java/android/security/flags.aconfig +0 −10 Original line number Diff line number Diff line Loading @@ -41,16 +41,6 @@ flag { bug: "325129836" } flag { name: "secure_array_zeroization" namespace: "security" description: "Enable secure array zeroization" bug: "320392352" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "frp_enforcement" is_exported: true Loading
core/java/com/android/internal/widget/LockPatternUtils.java +1 −52 Original line number Diff line number Diff line Loading @@ -74,7 +74,6 @@ import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; Loading Loading @@ -289,56 +288,6 @@ public class LockPatternUtils { } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static byte[] newNonMovableByteArray(int length) { if (!android.security.Flags.secureArrayZeroization()) { return new byte[length]; } return ArrayUtils.newNonMovableByteArray(length); } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static char[] newNonMovableCharArray(int length) { if (!android.security.Flags.secureArrayZeroization()) { return new char[length]; } return ArrayUtils.newNonMovableCharArray(length); } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static void zeroize(byte[] array) { if (!android.security.Flags.secureArrayZeroization()) { if (array != null) { Arrays.fill(array, (byte) 0); } return; } ArrayUtils.zeroize(array); } /** * This exists temporarily due to trunk-stable policies. * Please use ArrayUtils directly if you can. */ public static void zeroize(char[] array) { if (!android.security.Flags.secureArrayZeroization()) { if (array != null) { Arrays.fill(array, (char) 0); } return; } ArrayUtils.zeroize(array); } @UnsupportedAppUsage public DevicePolicyManager getDevicePolicyManager() { if (mDevicePolicyManager == null) { Loading Loading @@ -1039,7 +988,7 @@ public class LockPatternUtils { } final int patternSize = pattern.size(); byte[] res = newNonMovableByteArray(patternSize); byte[] res = ArrayUtils.newNonMovableByteArray(patternSize); for (int i = 0; i < patternSize; i++) { LockPatternView.Cell cell = pattern.get(i); res[i] = (byte) (cell.getRow() * 3 + cell.getColumn() + '1'); Loading
core/java/com/android/internal/widget/LockscreenCredential.java +4 −4 Original line number Diff line number Diff line Loading @@ -246,7 +246,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { */ public void zeroize() { if (mCredential != null) { LockPatternUtils.zeroize(mCredential); ArrayUtils.zeroize(mCredential); mCredential = null; } } Loading @@ -255,7 +255,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { * Copies the given array into a new non-movable array. */ private static byte[] copyOfArrayNonMovable(byte[] array) { byte[] copy = LockPatternUtils.newNonMovableByteArray(array.length); byte[] copy = ArrayUtils.newNonMovableByteArray(array.length); System.arraycopy(array, 0, copy, 0, array.length); return copy; } Loading Loading @@ -355,7 +355,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { byte[] sha1 = MessageDigest.getInstance("SHA-1").digest(saltedPassword); byte[] md5 = MessageDigest.getInstance("MD5").digest(saltedPassword); LockPatternUtils.zeroize(saltedPassword); ArrayUtils.zeroize(saltedPassword); return HexEncoding.encodeToString(ArrayUtils.concat(sha1, md5)); } catch (NoSuchAlgorithmException e) { throw new AssertionError("Missing digest algorithm: ", e); Loading Loading @@ -449,7 +449,7 @@ public class LockscreenCredential implements Parcelable, AutoCloseable { * @return A byte array representing the input */ private static byte[] charsToBytesTruncating(CharSequence chars) { byte[] bytes = LockPatternUtils.newNonMovableByteArray(chars.length()); byte[] bytes = ArrayUtils.newNonMovableByteArray(chars.length()); for (int i = 0; i < chars.length(); i++) { bytes[i] = (byte) chars.charAt(i); } Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +6 −6 Original line number Diff line number Diff line Loading @@ -430,9 +430,9 @@ public class LockSettingsService extends ILockSettings.Stub { } LockscreenCredential credential = LockscreenCredential.createUnifiedProfilePassword(newPassword); LockPatternUtils.zeroize(newPasswordChars); LockPatternUtils.zeroize(newPassword); LockPatternUtils.zeroize(randomLockSeed); ArrayUtils.zeroize(newPasswordChars); ArrayUtils.zeroize(newPassword); ArrayUtils.zeroize(randomLockSeed); return credential; } Loading Loading @@ -1513,7 +1513,7 @@ public class LockSettingsService extends ILockSettings.Stub { + userId); } } finally { LockPatternUtils.zeroize(password); ArrayUtils.zeroize(password); } } Loading Loading @@ -1546,7 +1546,7 @@ public class LockSettingsService extends ILockSettings.Stub { decryptionResult = cipher.doFinal(encryptedPassword); LockscreenCredential credential = LockscreenCredential.createUnifiedProfilePassword( decryptionResult); LockPatternUtils.zeroize(decryptionResult); ArrayUtils.zeroize(decryptionResult); try { long parentSid = getGateKeeperService().getSecureUserId( mUserManager.getProfileParent(userId).id); Loading Loading @@ -2228,7 +2228,7 @@ public class LockSettingsService extends ILockSettings.Stub { } catch (RemoteException e) { Slogf.wtf(TAG, e, "Failed to unlock CE storage for %s user %d", userType, userId); } finally { LockPatternUtils.zeroize(secret); ArrayUtils.zeroize(secret); } } Loading
