Loading core/java/android/security/flags.aconfig +5 −2 Original line number Diff line number Diff line Loading @@ -97,10 +97,13 @@ flag { } flag { name: "clear_strong_auth_on_add_primary_credential" name: "clear_strong_auth_on_adding_primary_credential" namespace: "biometrics" description: "Clear StrongAuth on add credential" description: "Clear StrongAuth on adding credential" bug: "320817991" metadata { purpose: PURPOSE_BUGFIX } } flag { Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +2 −2 Original line number Diff line number Diff line Loading @@ -1917,7 +1917,7 @@ public class LockSettingsService extends ILockSettings.Stub { * Set a new LSKF for the given user/profile. Only succeeds if the synthetic password for the * user is protected by the given {@param savedCredential}. * <p> * When {@link android.security.Flags#clearStrongAuthOnAddPrimaryCredential()} is enabled and * When {@link android.security.Flags#clearStrongAuthOnAddingPrimaryCredential()} is enabled and * setting a new credential where there was none, updates the strong auth state for * {@param userId} to <tt>STRONG_AUTH_NOT_REQUIRED</tt>. * Loading Loading @@ -1969,7 +1969,7 @@ public class LockSettingsService extends ILockSettings.Stub { onSyntheticPasswordUnlocked(userId, sp); setLockCredentialWithSpLocked(credential, sp, userId); if (android.security.Flags.clearStrongAuthOnAddPrimaryCredential() if (android.security.Flags.clearStrongAuthOnAddingPrimaryCredential() && savedCredential.isNone() && !credential.isNone()) { // Clear the strong auth value, since the LSKF has just been entered and set, // but only when the previous credential was None. Loading services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +7 −7 Original line number Diff line number Diff line Loading @@ -17,7 +17,7 @@ package com.android.server.locksettings; import static android.Manifest.permission.CONFIGURE_FACTORY_RESET_PROTECTION; import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL; import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; Loading Loading @@ -264,7 +264,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_clearsStrongAuthWhenFlagIsOn() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); Loading @@ -273,7 +273,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_leavesStrongAuthWhenFlagIsOff() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); Loading Loading @@ -312,7 +312,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuthWhenFlagIsOn() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); Loading @@ -323,7 +323,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_leavesStrongAuthWhenFlagIsOff() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); Loading Loading @@ -377,7 +377,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBothWhenFlagIsOn() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); Loading @@ -393,7 +393,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_leavesStrongAuthForBothWhenFlagIsOff() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); Loading Loading
core/java/android/security/flags.aconfig +5 −2 Original line number Diff line number Diff line Loading @@ -97,10 +97,13 @@ flag { } flag { name: "clear_strong_auth_on_add_primary_credential" name: "clear_strong_auth_on_adding_primary_credential" namespace: "biometrics" description: "Clear StrongAuth on add credential" description: "Clear StrongAuth on adding credential" bug: "320817991" metadata { purpose: PURPOSE_BUGFIX } } flag { Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +2 −2 Original line number Diff line number Diff line Loading @@ -1917,7 +1917,7 @@ public class LockSettingsService extends ILockSettings.Stub { * Set a new LSKF for the given user/profile. Only succeeds if the synthetic password for the * user is protected by the given {@param savedCredential}. * <p> * When {@link android.security.Flags#clearStrongAuthOnAddPrimaryCredential()} is enabled and * When {@link android.security.Flags#clearStrongAuthOnAddingPrimaryCredential()} is enabled and * setting a new credential where there was none, updates the strong auth state for * {@param userId} to <tt>STRONG_AUTH_NOT_REQUIRED</tt>. * Loading Loading @@ -1969,7 +1969,7 @@ public class LockSettingsService extends ILockSettings.Stub { onSyntheticPasswordUnlocked(userId, sp); setLockCredentialWithSpLocked(credential, sp, userId); if (android.security.Flags.clearStrongAuthOnAddPrimaryCredential() if (android.security.Flags.clearStrongAuthOnAddingPrimaryCredential() && savedCredential.isNone() && !credential.isNone()) { // Clear the strong auth value, since the LSKF has just been entered and set, // but only when the previous credential was None. Loading
services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +7 −7 Original line number Diff line number Diff line Loading @@ -17,7 +17,7 @@ package com.android.server.locksettings; import static android.Manifest.permission.CONFIGURE_FACTORY_RESET_PROTECTION; import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL; import static android.security.Flags.FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_NONE; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; Loading Loading @@ -264,7 +264,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_clearsStrongAuthWhenFlagIsOn() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); Loading @@ -273,7 +273,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_forPrimaryUser_leavesStrongAuthWhenFlagIsOff() throws Exception { setCredential(PRIMARY_USER_ID, newPassword("password")); Loading Loading @@ -312,7 +312,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_clearsStrongAuthWhenFlagIsOn() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); Loading @@ -323,7 +323,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_profileWithNewSeparateChallenge_leavesStrongAuthWhenFlagIsOff() throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, true, null); Loading Loading @@ -377,7 +377,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsEnabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_clearsStrongAuthForBothWhenFlagIsOn() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); Loading @@ -393,7 +393,7 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADD_PRIMARY_CREDENTIAL) @RequiresFlagsDisabled(FLAG_CLEAR_STRONG_AUTH_ON_ADDING_PRIMARY_CREDENTIAL) public void setLockCredential_primaryWithUnifiedProfile_leavesStrongAuthForBothWhenFlagIsOff() throws Exception { final LockscreenCredential credential = newPassword("oldPassword"); Loading
