Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +20 −45 Original line number Diff line number Diff line Loading @@ -883,7 +883,6 @@ public class LockSettingsService extends ILockSettings.Stub { * Migrate the credential for the FRP credential owner user if the following are satisfied: * - the user has a secure credential * - the FRP credential is not set up * - the credential is based on a synthetic password. */ private void migrateFrpCredential() { if (mStorage.readPersistentDataBlock() != PersistentData.NONE) { Loading @@ -892,7 +891,6 @@ public class LockSettingsService extends ILockSettings.Stub { for (UserInfo userInfo : mUserManager.getUsers()) { if (userOwnsFrpCredential(mContext, userInfo) && isUserSecure(userInfo.id)) { synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userInfo.id)) { int actualQuality = (int) getLong(LockPatternUtils.PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userInfo.id); Loading @@ -901,7 +899,6 @@ public class LockSettingsService extends ILockSettings.Stub { userInfo, redactActualQualityToMostLenientEquivalentQuality(actualQuality)); } } return; } } Loading Loading @@ -941,14 +938,10 @@ public class LockSettingsService extends ILockSettings.Stub { int serialNumber = mEarlyCreatedUsers.valueAt(i); removeStateForReusedUserIdIfNecessary(userId, serialNumber); synchronized (mSpManager) { if (!isSyntheticPasswordBasedCredentialLocked(userId)) { Slogf.i(TAG, "Creating locksettings state for user %d now that boot " + "is complete", userId); Slogf.i(TAG, "Creating locksettings state for user %d now that boot is complete", userId); initializeSyntheticPassword(userId); } } } mEarlyCreatedUsers = null; // no longer needed // Also do a one-time migration of all users to SP-based credentials with the CE key Loading Loading @@ -1234,8 +1227,11 @@ public class LockSettingsService extends ILockSettings.Stub { return getFrpCredentialType(); } synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userId)) { final long protectorId = getCurrentLskfBasedProtectorId(userId); if (protectorId == SyntheticPasswordManager.NULL_PROTECTOR_ID) { // Only possible for new users during early boot (before onThirdPartyAppsStarted()) return CREDENTIAL_TYPE_NONE; } int rawType = mSpManager.getCredentialType(protectorId, userId); if (rawType != CREDENTIAL_TYPE_PASSWORD_OR_PIN) { return rawType; Loading @@ -1243,8 +1239,6 @@ public class LockSettingsService extends ILockSettings.Stub { return pinOrPasswordQualityToCredentialType(getKeyguardStoredQuality(userId)); } } return CREDENTIAL_TYPE_NONE; } private int getFrpCredentialType() { PersistentData data = mStorage.readPersistentDataBlock(); Loading Loading @@ -2167,10 +2161,6 @@ public class LockSettingsService extends ILockSettings.Stub { VerifyCredentialResponse response; synchronized (mSpManager) { if (!isSyntheticPasswordBasedCredentialLocked(userId)) { Slog.wtf(TAG, "Unexpected credential type, should be SP based."); return VerifyCredentialResponse.ERROR; } if (userId == USER_FRP) { return mSpManager.verifyFrpCredential(getGateKeeperService(), credential, progressCallback); Loading Loading @@ -2676,15 +2666,6 @@ public class LockSettingsService extends ILockSettings.Stub { setLong(LSKF_LAST_CHANGED_TIME_KEY, System.currentTimeMillis(), userId); } private boolean isSyntheticPasswordBasedCredentialLocked(int userId) { if (userId == USER_FRP) { final int type = mStorage.readPersistentDataBlock().type; return type == PersistentData.TYPE_SP || type == PersistentData.TYPE_SP_WEAVER; } long protectorId = getCurrentLskfBasedProtectorId(userId); return protectorId != SyntheticPasswordManager.NULL_PROTECTOR_ID; } /** * Stores the gatekeeper password temporarily. * @param gatekeeperPassword unlocked upon successful Synthetic Password Loading Loading @@ -2892,10 +2873,6 @@ public class LockSettingsService extends ILockSettings.Stub { } } synchronized (mSpManager) { if (!isSyntheticPasswordBasedCredentialLocked(userId)) { Slog.w(TAG, "Synthetic password not enabled"); return null; } long protectorId = getCurrentLskfBasedProtectorId(userId); AuthenticationResult auth = mSpManager.unlockLskfBasedProtector( getGateKeeperService(), protectorId, currentCredential, userId, null); Loading Loading @@ -3222,10 +3199,8 @@ public class LockSettingsService extends ILockSettings.Stub { // Disable escrow token permanently on all other device/user types. Slog.i(TAG, "Disabling escrow token on user " + userId); if (isSyntheticPasswordBasedCredentialLocked(userId)) { mSpManager.destroyEscrowData(userId); } } /** * Schedules garbage collection to sanitize lockscreen credential remnants in memory. Loading Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +20 −45 Original line number Diff line number Diff line Loading @@ -883,7 +883,6 @@ public class LockSettingsService extends ILockSettings.Stub { * Migrate the credential for the FRP credential owner user if the following are satisfied: * - the user has a secure credential * - the FRP credential is not set up * - the credential is based on a synthetic password. */ private void migrateFrpCredential() { if (mStorage.readPersistentDataBlock() != PersistentData.NONE) { Loading @@ -892,7 +891,6 @@ public class LockSettingsService extends ILockSettings.Stub { for (UserInfo userInfo : mUserManager.getUsers()) { if (userOwnsFrpCredential(mContext, userInfo) && isUserSecure(userInfo.id)) { synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userInfo.id)) { int actualQuality = (int) getLong(LockPatternUtils.PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userInfo.id); Loading @@ -901,7 +899,6 @@ public class LockSettingsService extends ILockSettings.Stub { userInfo, redactActualQualityToMostLenientEquivalentQuality(actualQuality)); } } return; } } Loading Loading @@ -941,14 +938,10 @@ public class LockSettingsService extends ILockSettings.Stub { int serialNumber = mEarlyCreatedUsers.valueAt(i); removeStateForReusedUserIdIfNecessary(userId, serialNumber); synchronized (mSpManager) { if (!isSyntheticPasswordBasedCredentialLocked(userId)) { Slogf.i(TAG, "Creating locksettings state for user %d now that boot " + "is complete", userId); Slogf.i(TAG, "Creating locksettings state for user %d now that boot is complete", userId); initializeSyntheticPassword(userId); } } } mEarlyCreatedUsers = null; // no longer needed // Also do a one-time migration of all users to SP-based credentials with the CE key Loading Loading @@ -1234,8 +1227,11 @@ public class LockSettingsService extends ILockSettings.Stub { return getFrpCredentialType(); } synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userId)) { final long protectorId = getCurrentLskfBasedProtectorId(userId); if (protectorId == SyntheticPasswordManager.NULL_PROTECTOR_ID) { // Only possible for new users during early boot (before onThirdPartyAppsStarted()) return CREDENTIAL_TYPE_NONE; } int rawType = mSpManager.getCredentialType(protectorId, userId); if (rawType != CREDENTIAL_TYPE_PASSWORD_OR_PIN) { return rawType; Loading @@ -1243,8 +1239,6 @@ public class LockSettingsService extends ILockSettings.Stub { return pinOrPasswordQualityToCredentialType(getKeyguardStoredQuality(userId)); } } return CREDENTIAL_TYPE_NONE; } private int getFrpCredentialType() { PersistentData data = mStorage.readPersistentDataBlock(); Loading Loading @@ -2167,10 +2161,6 @@ public class LockSettingsService extends ILockSettings.Stub { VerifyCredentialResponse response; synchronized (mSpManager) { if (!isSyntheticPasswordBasedCredentialLocked(userId)) { Slog.wtf(TAG, "Unexpected credential type, should be SP based."); return VerifyCredentialResponse.ERROR; } if (userId == USER_FRP) { return mSpManager.verifyFrpCredential(getGateKeeperService(), credential, progressCallback); Loading Loading @@ -2676,15 +2666,6 @@ public class LockSettingsService extends ILockSettings.Stub { setLong(LSKF_LAST_CHANGED_TIME_KEY, System.currentTimeMillis(), userId); } private boolean isSyntheticPasswordBasedCredentialLocked(int userId) { if (userId == USER_FRP) { final int type = mStorage.readPersistentDataBlock().type; return type == PersistentData.TYPE_SP || type == PersistentData.TYPE_SP_WEAVER; } long protectorId = getCurrentLskfBasedProtectorId(userId); return protectorId != SyntheticPasswordManager.NULL_PROTECTOR_ID; } /** * Stores the gatekeeper password temporarily. * @param gatekeeperPassword unlocked upon successful Synthetic Password Loading Loading @@ -2892,10 +2873,6 @@ public class LockSettingsService extends ILockSettings.Stub { } } synchronized (mSpManager) { if (!isSyntheticPasswordBasedCredentialLocked(userId)) { Slog.w(TAG, "Synthetic password not enabled"); return null; } long protectorId = getCurrentLskfBasedProtectorId(userId); AuthenticationResult auth = mSpManager.unlockLskfBasedProtector( getGateKeeperService(), protectorId, currentCredential, userId, null); Loading Loading @@ -3222,10 +3199,8 @@ public class LockSettingsService extends ILockSettings.Stub { // Disable escrow token permanently on all other device/user types. Slog.i(TAG, "Disabling escrow token on user " + userId); if (isSyntheticPasswordBasedCredentialLocked(userId)) { mSpManager.destroyEscrowData(userId); } } /** * Schedules garbage collection to sanitize lockscreen credential remnants in memory. Loading
