Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit da961b4a authored by Dinesh K Garg's avatar Dinesh K Garg Committed by Linux Build Service Account
Browse files

Port password retention feature 

Password retention feature for HW FDE is needed. Porting from L
release.
This patch also include these changes:
   - Fix clearing of retained password
   - keyguard: Fix password doesnot sanitize after verification
   - LockSettings: fix the get password issue during boot up

Change-Id: I2def56b14c10229b72feccd1c97b281cad65f282
parent 794b99d6

core/java/com/android/internal/widget/ILockSettings.aidl

+2 −0
Original line number Diff line number Diff line
@@ -46,4 +46,6 @@ interface ILockSettings { 
    void systemReady();

    void userPresent(int userId);

    int getStrongAuthForUser(int userId);

    void sanitizePassword();

    String getPassword();

}

core/java/com/android/internal/widget/LockPatternUtils.java

+11 −0
Original line number Diff line number Diff line
@@ -639,6 +639,17 @@ public class LockPatternUtils { 
        }

    }



    /**

     * clears stored password.

     */

    public void sanitizePassword() {

        try {

            getLockSettings().sanitizePassword();

        } catch (RemoteException re) {

            Log.e(TAG, "Couldn't sanitize password" + re);

        }

    }



    private void updateCryptoUserInfo(int userId) {

        if (userId != UserHandle.USER_SYSTEM) {

            return;

packages/Keyguard/src/com/android/keyguard/KeyguardAbsKeyInputView.java

+1 −0
Original line number Diff line number Diff line
@@ -151,6 +151,7 @@ public abstract class KeyguardAbsKeyInputView extends LinearLayout 
            boolean isValidPassword) {

        boolean dismissKeyguard = KeyguardUpdateMonitor.getCurrentUser() == userId;

        if (matched) {

	    mLockPatternUtils.sanitizePassword();

            mCallback.reportUnlockAttempt(userId, true, 0);

            if (dismissKeyguard) {

                mDismissing = true;

packages/Keyguard/src/com/android/keyguard/KeyguardPatternView.java

+1 −0
Original line number Diff line number Diff line
@@ -255,6 +255,7 @@ public class KeyguardPatternView extends LinearLayout implements KeyguardSecurit 
                boolean isValidPattern) {

            boolean dismissKeyguard = KeyguardUpdateMonitor.getCurrentUser() == userId;

            if (matched) {

		mLockPatternUtils.sanitizePassword();

                mCallback.reportUnlockAttempt(userId, true, 0);

                if (dismissKeyguard) {

                    mLockPatternView.setDisplayMode(LockPatternView.DisplayMode.Correct);

services/core/java/com/android/server/LockSettingsService.java

+47 −1
Original line number Diff line number Diff line
@@ -117,6 +117,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
    private static final int PROFILE_KEY_IV_SIZE = 12;

    private static final String SEPARATE_PROFILE_CHALLENGE_KEY = "lockscreen.profilechallenge";

    private final Object mSeparateChallengeLock = new Object();

    private static final String DEFAULT_PASSWORD = "default_password";



    private final Context mContext;

    private final Handler mHandler;
@@ -129,6 +130,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
    private IGateKeeperService mGateKeeperService;

    private NotificationManager mNotificationManager;

    private UserManager mUserManager;

    private static String mSavePassword = DEFAULT_PASSWORD;



    private final KeyStore mKeyStore = KeyStore.getInstance();
@@ -716,6 +718,45 @@ public class LockSettingsService extends ILockSettings.Stub { 
        return mStorage.hasPattern(userId);

    }



    public void retainPassword(String password) {

        if (LockPatternUtils.isDeviceEncryptionEnabled()) {

            if (password != null)

                mSavePassword = password;

            else

                mSavePassword = DEFAULT_PASSWORD;

        }

    }



    public void sanitizePassword() {

        if (LockPatternUtils.isDeviceEncryptionEnabled()) {

            mSavePassword = DEFAULT_PASSWORD;

        }

    }



    private boolean checkCryptKeeperPermissions() {

        boolean permission_err = false;

        try {

            mContext.enforceCallingOrSelfPermission(

                       android.Manifest.permission.CRYPT_KEEPER,

                       "no permission to get the password");

        } catch (SecurityException e) {

            permission_err = true;

        }

        return permission_err;

    }



    public String getPassword() {

       /** if calling process does't have crypt keeper or admin permissions,

         * throw the exception.

         */

       if (checkCryptKeeperPermissions())

            mContext.enforceCallingOrSelfPermission(

                    android.Manifest.permission.MANAGE_DEVICE_ADMINS,

                    "no crypt_keeper or admin permission to get the password");



       return mSavePassword;

    }



    private void setKeystorePassword(String password, int userHandle) {

        final KeyStore ks = KeyStore.getInstance();

        ks.onUserPasswordChanged(userHandle, password);
@@ -1256,6 +1297,8 @@ public class LockSettingsService extends ILockSettings.Stub { 
               && shouldReEnrollBaseZero) {

            setLockPatternInternal(pattern, patternToVerify, userId);

       }

       if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK)

           retainPassword(pattern);



       return response;

    }
@@ -1263,7 +1306,10 @@ public class LockSettingsService extends ILockSettings.Stub { 
    @Override

    public VerifyCredentialResponse checkPassword(String password, int userId)

            throws RemoteException {

        return doVerifyPassword(password, false, 0, userId);

        VerifyCredentialResponse response = doVerifyPassword(password, false, 0, userId);

        if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK)

            retainPassword(password);

        return response;

    }



    @Override