Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dfda10f6 authored by Ellen Arteca's avatar Ellen Arteca Committed by Automerger Merge Worker
Browse files

Merge "Mitigate LSKF leaks through the LockscreenCredential in... 

Merge "Mitigate LSKF leaks through the LockscreenCredential in KeyguardManager" into main am: 6cd5d509 am: eb8583b3

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/3057482



Change-Id: I49dcfe7b6c1e35abaa68145782741a2e0f3c975d
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 1ccb096a eb8583b3

core/java/android/app/KeyguardManager.java

+20 −21
Original line number Diff line number Diff line
@@ -1032,9 +1032,7 @@ public class KeyguardManager { 
            return false;

        }

        boolean success;

        try {

            LockscreenCredential credential = createLockscreenCredential(

                    lockType, password);

        try (LockscreenCredential credential = createLockscreenCredential(lockType, password)) {

            success = mLockPatternUtils.setLockCredential(

                    credential,

                    /* savedPassword= */ LockscreenCredential.createNone(),
@@ -1213,10 +1211,10 @@ public class KeyguardManager { 
    public boolean setLock(@LockTypes int newLockType, @Nullable byte[] newPassword,

            @LockTypes int currentLockType, @Nullable byte[] currentPassword) {

        final int userId = mContext.getUserId();

        LockscreenCredential currentCredential = createLockscreenCredential(

        try (LockscreenCredential currentCredential = createLockscreenCredential(

                currentLockType, currentPassword);

                LockscreenCredential newCredential = createLockscreenCredential(

                newLockType, newPassword);

                        newLockType, newPassword)) {

            PasswordMetrics adminMetrics =

                    mLockPatternUtils.getRequestedPasswordMetrics(mContext.getUserId());

            List<PasswordValidationError> errors = PasswordMetrics.validateCredential(adminMetrics,
@@ -1227,6 +1225,7 @@ public class KeyguardManager { 
            }

            return mLockPatternUtils.setLockCredential(newCredential, currentCredential, userId);

        }

    }



    /**

     * Verifies the current lock credentials against {@code password}.
@@ -1244,8 +1243,7 @@ public class KeyguardManager { 
            Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE

    })

    public boolean checkLock(@LockTypes int lockType, @Nullable byte[] password) {

        final LockscreenCredential credential = createLockscreenCredential(

                lockType, password);

        try (LockscreenCredential credential = createLockscreenCredential(lockType, password)) {

            final VerifyCredentialResponse response = mLockPatternUtils.verifyCredential(

                    credential, mContext.getUserId(), /* flags= */ 0);

            if (response == null) {
@@ -1253,6 +1251,7 @@ public class KeyguardManager { 
            }

            return response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK;

        }

    }



    /** Starts a session to verify lockscreen credentials provided by a remote device.

     *