Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +3 −44 Original line number Diff line number Diff line Loading @@ -1132,12 +1132,6 @@ public class LockSettingsService extends ILockSettings.Stub { fixateNewestUserKeyAuth(userId); synchronizeUnifiedWorkChallengeForProfiles(userId, null); notifyActivePasswordMetricsAvailable(null, userId); if (mStorage.getPersistentDataBlock() != null && LockPatternUtils.userOwnsFrpCredential(mUserManager.getUserInfo(userId))) { // If owner, write to persistent storage for FRP mStorage.writePersistentDataBlock(PersistentData.TYPE_NONE, userId, 0, null); } return; } if (credential == null) { Loading Loading @@ -1190,12 +1184,6 @@ public class LockSettingsService extends ILockSettings.Stub { // Refresh the auth token doVerifyCredential(credential, credentialType, true, 0, userId, null /* progressCallback */); synchronizeUnifiedWorkChallengeForProfiles(userId, null); if (mStorage.getPersistentDataBlock() != null && LockPatternUtils.userOwnsFrpCredential(mUserManager.getUserInfo(userId))) { // If owner, write to persistent storage for FRP mStorage.writePersistentDataBlock(PersistentData.TYPE_GATEKEEPER, userId, requestedQuality, willStore.toBytes()); } } else { throw new RemoteException("Failed to enroll " + (credentialType == LockPatternUtils.CREDENTIAL_TYPE_PASSWORD ? "password" Loading Loading @@ -1443,18 +1431,12 @@ public class LockSettingsService extends ILockSettings.Stub { return response; } final CredentialHash storedHash; if (userId == USER_FRP) { PersistentData data = mStorage.readPersistentDataBlock(); if (data.type != PersistentData.TYPE_GATEKEEPER) { Slog.wtf(TAG, "Expected PersistentData.TYPE_GATEKEEPER, but was: " + data.type); Slog.wtf(TAG, "Unexpected FRP credential type, should be SP based."); return VerifyCredentialResponse.ERROR; } return verifyFrpCredential(credential, credentialType, data, progressCallback); } else { storedHash = mStorage.readCredentialHash(userId); } final CredentialHash storedHash = mStorage.readCredentialHash(userId); if (storedHash.type != credentialType) { Slog.wtf(TAG, "doVerifyCredential type mismatch with stored credential??" + " stored: " + storedHash.type + " passed in: " + credentialType); Loading Loading @@ -1485,29 +1467,6 @@ public class LockSettingsService extends ILockSettings.Stub { return response; } private VerifyCredentialResponse verifyFrpCredential(String credential, int credentialType, PersistentData data, ICheckCredentialProgressCallback progressCallback) throws RemoteException { CredentialHash storedHash = CredentialHash.fromBytes(data.payload); if (storedHash.type != credentialType) { Slog.wtf(TAG, "doVerifyCredential type mismatch with stored credential??" + " stored: " + storedHash.type + " passed in: " + credentialType); return VerifyCredentialResponse.ERROR; } if (ArrayUtils.isEmpty(storedHash.hash) || TextUtils.isEmpty(credential)) { Slog.e(TAG, "Stored hash or credential is empty"); return VerifyCredentialResponse.ERROR; } VerifyCredentialResponse response = VerifyCredentialResponse.fromGateKeeperResponse( getGateKeeperService().verifyChallenge(data.userId, 0 /* challenge */, storedHash.hash, credential.getBytes())); if (progressCallback != null && response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { progressCallback.onCredentialVerified(); } return response; } @Override public VerifyCredentialResponse verifyTiedProfileChallenge(String credential, int type, long challenge, int userId) throws RemoteException { Loading services/core/java/com/android/server/locksettings/LockSettingsStorage.java +2 −3 Original line number Diff line number Diff line Loading @@ -635,9 +635,8 @@ class LockSettingsStorage { static final int VERSION_1_HEADER_SIZE = 1 + 1 + 4 + 4; public static final int TYPE_NONE = 0; public static final int TYPE_GATEKEEPER = 1; public static final int TYPE_SP = 2; public static final int TYPE_SP_WEAVER = 3; public static final int TYPE_SP = 1; public static final int TYPE_SP_WEAVER = 2; public static final PersistentData NONE = new PersistentData(TYPE_NONE, UserHandle.USER_NULL, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, null); Loading services/tests/servicestests/src/com/android/server/locksettings/LockSettingsStorageTests.java +5 −6 Original line number Diff line number Diff line Loading @@ -347,11 +347,11 @@ public class LockSettingsStorageTests extends AndroidTestCase { } public void testPersistentData_serializeUnserialize() { byte[] serialized = PersistentData.toBytes(PersistentData.TYPE_GATEKEEPER, SOME_USER_ID, byte[] serialized = PersistentData.toBytes(PersistentData.TYPE_SP, SOME_USER_ID, DevicePolicyManager.PASSWORD_QUALITY_COMPLEX, PAYLOAD); PersistentData deserialized = PersistentData.fromBytes(serialized); assertEquals(PersistentData.TYPE_GATEKEEPER, deserialized.type); assertEquals(PersistentData.TYPE_SP, deserialized.type); assertEquals(DevicePolicyManager.PASSWORD_QUALITY_COMPLEX, deserialized.qualityForUi); assertArrayEquals(PAYLOAD, deserialized.payload); } Loading @@ -371,7 +371,7 @@ public class LockSettingsStorageTests extends AndroidTestCase { // the wire format in the future. byte[] serializedVersion1 = new byte[] { 1, /* PersistentData.VERSION_1 */ 2, /* PersistentData.TYPE_SP */ 1, /* PersistentData.TYPE_SP */ 0x00, 0x00, 0x04, 0x0A, /* SOME_USER_ID */ 0x00, 0x03, 0x00, 0x00, /* PASSWORD_NUMERIC_COMPLEX */ 1, 2, -1, -2, 33, /* PAYLOAD */ Loading @@ -385,9 +385,8 @@ public class LockSettingsStorageTests extends AndroidTestCase { // Make sure the constants we use on the wire do not change. assertEquals(0, PersistentData.TYPE_NONE); assertEquals(1, PersistentData.TYPE_GATEKEEPER); assertEquals(2, PersistentData.TYPE_SP); assertEquals(3, PersistentData.TYPE_SP_WEAVER); assertEquals(1, PersistentData.TYPE_SP); assertEquals(2, PersistentData.TYPE_SP_WEAVER); } public void testCredentialHash_serializeUnserialize() { Loading Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +3 −44 Original line number Diff line number Diff line Loading @@ -1132,12 +1132,6 @@ public class LockSettingsService extends ILockSettings.Stub { fixateNewestUserKeyAuth(userId); synchronizeUnifiedWorkChallengeForProfiles(userId, null); notifyActivePasswordMetricsAvailable(null, userId); if (mStorage.getPersistentDataBlock() != null && LockPatternUtils.userOwnsFrpCredential(mUserManager.getUserInfo(userId))) { // If owner, write to persistent storage for FRP mStorage.writePersistentDataBlock(PersistentData.TYPE_NONE, userId, 0, null); } return; } if (credential == null) { Loading Loading @@ -1190,12 +1184,6 @@ public class LockSettingsService extends ILockSettings.Stub { // Refresh the auth token doVerifyCredential(credential, credentialType, true, 0, userId, null /* progressCallback */); synchronizeUnifiedWorkChallengeForProfiles(userId, null); if (mStorage.getPersistentDataBlock() != null && LockPatternUtils.userOwnsFrpCredential(mUserManager.getUserInfo(userId))) { // If owner, write to persistent storage for FRP mStorage.writePersistentDataBlock(PersistentData.TYPE_GATEKEEPER, userId, requestedQuality, willStore.toBytes()); } } else { throw new RemoteException("Failed to enroll " + (credentialType == LockPatternUtils.CREDENTIAL_TYPE_PASSWORD ? "password" Loading Loading @@ -1443,18 +1431,12 @@ public class LockSettingsService extends ILockSettings.Stub { return response; } final CredentialHash storedHash; if (userId == USER_FRP) { PersistentData data = mStorage.readPersistentDataBlock(); if (data.type != PersistentData.TYPE_GATEKEEPER) { Slog.wtf(TAG, "Expected PersistentData.TYPE_GATEKEEPER, but was: " + data.type); Slog.wtf(TAG, "Unexpected FRP credential type, should be SP based."); return VerifyCredentialResponse.ERROR; } return verifyFrpCredential(credential, credentialType, data, progressCallback); } else { storedHash = mStorage.readCredentialHash(userId); } final CredentialHash storedHash = mStorage.readCredentialHash(userId); if (storedHash.type != credentialType) { Slog.wtf(TAG, "doVerifyCredential type mismatch with stored credential??" + " stored: " + storedHash.type + " passed in: " + credentialType); Loading Loading @@ -1485,29 +1467,6 @@ public class LockSettingsService extends ILockSettings.Stub { return response; } private VerifyCredentialResponse verifyFrpCredential(String credential, int credentialType, PersistentData data, ICheckCredentialProgressCallback progressCallback) throws RemoteException { CredentialHash storedHash = CredentialHash.fromBytes(data.payload); if (storedHash.type != credentialType) { Slog.wtf(TAG, "doVerifyCredential type mismatch with stored credential??" + " stored: " + storedHash.type + " passed in: " + credentialType); return VerifyCredentialResponse.ERROR; } if (ArrayUtils.isEmpty(storedHash.hash) || TextUtils.isEmpty(credential)) { Slog.e(TAG, "Stored hash or credential is empty"); return VerifyCredentialResponse.ERROR; } VerifyCredentialResponse response = VerifyCredentialResponse.fromGateKeeperResponse( getGateKeeperService().verifyChallenge(data.userId, 0 /* challenge */, storedHash.hash, credential.getBytes())); if (progressCallback != null && response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { progressCallback.onCredentialVerified(); } return response; } @Override public VerifyCredentialResponse verifyTiedProfileChallenge(String credential, int type, long challenge, int userId) throws RemoteException { Loading
services/core/java/com/android/server/locksettings/LockSettingsStorage.java +2 −3 Original line number Diff line number Diff line Loading @@ -635,9 +635,8 @@ class LockSettingsStorage { static final int VERSION_1_HEADER_SIZE = 1 + 1 + 4 + 4; public static final int TYPE_NONE = 0; public static final int TYPE_GATEKEEPER = 1; public static final int TYPE_SP = 2; public static final int TYPE_SP_WEAVER = 3; public static final int TYPE_SP = 1; public static final int TYPE_SP_WEAVER = 2; public static final PersistentData NONE = new PersistentData(TYPE_NONE, UserHandle.USER_NULL, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, null); Loading
services/tests/servicestests/src/com/android/server/locksettings/LockSettingsStorageTests.java +5 −6 Original line number Diff line number Diff line Loading @@ -347,11 +347,11 @@ public class LockSettingsStorageTests extends AndroidTestCase { } public void testPersistentData_serializeUnserialize() { byte[] serialized = PersistentData.toBytes(PersistentData.TYPE_GATEKEEPER, SOME_USER_ID, byte[] serialized = PersistentData.toBytes(PersistentData.TYPE_SP, SOME_USER_ID, DevicePolicyManager.PASSWORD_QUALITY_COMPLEX, PAYLOAD); PersistentData deserialized = PersistentData.fromBytes(serialized); assertEquals(PersistentData.TYPE_GATEKEEPER, deserialized.type); assertEquals(PersistentData.TYPE_SP, deserialized.type); assertEquals(DevicePolicyManager.PASSWORD_QUALITY_COMPLEX, deserialized.qualityForUi); assertArrayEquals(PAYLOAD, deserialized.payload); } Loading @@ -371,7 +371,7 @@ public class LockSettingsStorageTests extends AndroidTestCase { // the wire format in the future. byte[] serializedVersion1 = new byte[] { 1, /* PersistentData.VERSION_1 */ 2, /* PersistentData.TYPE_SP */ 1, /* PersistentData.TYPE_SP */ 0x00, 0x00, 0x04, 0x0A, /* SOME_USER_ID */ 0x00, 0x03, 0x00, 0x00, /* PASSWORD_NUMERIC_COMPLEX */ 1, 2, -1, -2, 33, /* PAYLOAD */ Loading @@ -385,9 +385,8 @@ public class LockSettingsStorageTests extends AndroidTestCase { // Make sure the constants we use on the wire do not change. assertEquals(0, PersistentData.TYPE_NONE); assertEquals(1, PersistentData.TYPE_GATEKEEPER); assertEquals(2, PersistentData.TYPE_SP); assertEquals(3, PersistentData.TYPE_SP_WEAVER); assertEquals(1, PersistentData.TYPE_SP); assertEquals(2, PersistentData.TYPE_SP_WEAVER); } public void testCredentialHash_serializeUnserialize() { Loading
