Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +11 −0 Original line number Diff line number Diff line Loading @@ -194,6 +194,8 @@ public class LockSettingsService extends ILockSettings.Stub { protected IGateKeeperService mGateKeeperService; protected IAuthSecret mAuthSecretService; private static final String GSI_RUNNING_PROP = "ro.gsid.image_running"; /** * The UIDs that are used for system credential storage in keystore. */ Loading Loading @@ -408,6 +410,10 @@ public class LockSettingsService extends ILockSettings.Stub { public int binderGetCallingUid() { return Binder.getCallingUid(); } public boolean isGsiRunning() { return SystemProperties.getInt(GSI_RUNNING_PROP, 0) > 0; } } public LockSettingsService(Context context) { Loading Loading @@ -2217,6 +2223,11 @@ public class LockSettingsService extends ILockSettings.Stub { } tryRemoveUserFromSpCacheLater(userId); if (mInjector.isGsiRunning()) { Slog.w(TAG, "AuthSecret disabled in GSI"); return; } // Pass the primary user's auth secret to the HAL if (mAuthSecretService != null && mUserManager.getUserInfo(userId).isPrimary()) { try { Loading services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java +3 −1 Original line number Diff line number Diff line Loading @@ -87,6 +87,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { MockSyntheticPasswordManager mSpManager; IAuthSecret mAuthSecretService; WindowManagerInternal mMockWindowManager; FakeGsiService mGsiService; protected boolean mHasSecureLockScreen; @Override Loading @@ -101,6 +102,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { mDevicePolicyManager = mock(DevicePolicyManager.class); mDevicePolicyManagerInternal = mock(DevicePolicyManagerInternal.class); mMockWindowManager = mock(WindowManagerInternal.class); mGsiService = new FakeGsiService(); LocalServices.removeServiceForTest(LockSettingsInternal.class); LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class); Loading Loading @@ -137,7 +139,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { mAuthSecretService = mock(IAuthSecret.class); mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils, mStorage, mGateKeeperService, mKeyStore, setUpStorageManagerMock(), mActivityManager, mSpManager, mAuthSecretService); mSpManager, mAuthSecretService, mGsiService); when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO); mPrimaryUserProfiles.add(PRIMARY_USER_INFO); installChildProfile(MANAGED_PROFILE_USER_ID); Loading services/tests/servicestests/src/com/android/server/locksettings/FakeGsiService.java 0 → 100644 +29 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.locksettings; public class FakeGsiService { private boolean mIsGsiRunning; public boolean isGsiRunning() { return mIsGsiRunning; } public void setIsGsiRunning(boolean isGsiRunning) { mIsGsiRunning = isGsiRunning; } } services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java +11 −3 Original line number Diff line number Diff line Loading @@ -44,11 +44,12 @@ public class LockSettingsServiceTestable extends LockSettingsService { private IStorageManager mStorageManager; private SyntheticPasswordManager mSpManager; private IAuthSecret mAuthSecretService; private FakeGsiService mGsiService; public MockInjector(Context context, LockSettingsStorage storage, KeyStore keyStore, IActivityManager activityManager, LockPatternUtils lockPatternUtils, IStorageManager storageManager, SyntheticPasswordManager spManager, IAuthSecret authSecretService) { IAuthSecret authSecretService, FakeGsiService gsiService) { super(context); mLockSettingsStorage = storage; mKeyStore = keyStore; Loading @@ -56,6 +57,7 @@ public class LockSettingsServiceTestable extends LockSettingsService { mLockPatternUtils = lockPatternUtils; mStorageManager = storageManager; mSpManager = spManager; mGsiService = gsiService; } @Override Loading Loading @@ -107,14 +109,20 @@ public class LockSettingsServiceTestable extends LockSettingsService { public int binderGetCallingUid() { return Process.SYSTEM_UID; } @Override public boolean isGsiRunning() { return mGsiService.isGsiRunning(); } } protected LockSettingsServiceTestable(Context context, LockPatternUtils lockPatternUtils, LockSettingsStorage storage, FakeGateKeeperService gatekeeper, KeyStore keystore, IStorageManager storageManager, IActivityManager mActivityManager, SyntheticPasswordManager spManager, IAuthSecret authSecretService) { SyntheticPasswordManager spManager, IAuthSecret authSecretService, FakeGsiService gsiService) { super(new MockInjector(context, storage, keystore, mActivityManager, lockPatternUtils, storageManager, spManager, authSecretService)); storageManager, spManager, authSecretService, gsiService)); mGateKeeperService = gatekeeper; mAuthSecretService = authSecretService; } Loading services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java +12 −0 Original line number Diff line number Diff line Loading @@ -554,6 +554,18 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { assertArrayEquals(PAYLOAD2, deserialized.passwordHandle); } public void testGsiDisablesAuthSecret() throws RemoteException { mGsiService.setIsGsiRunning(true); final String password = "testGsiDisablesAuthSecret-password"; initializeCredentialUnderSP(password, PRIMARY_USER_ID); assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( password, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID) .getResponseCode()); verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class)); } // b/62213311 //TODO: add non-migration work profile case, and unify/un-unify transition. //TODO: test token after user resets password Loading Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +11 −0 Original line number Diff line number Diff line Loading @@ -194,6 +194,8 @@ public class LockSettingsService extends ILockSettings.Stub { protected IGateKeeperService mGateKeeperService; protected IAuthSecret mAuthSecretService; private static final String GSI_RUNNING_PROP = "ro.gsid.image_running"; /** * The UIDs that are used for system credential storage in keystore. */ Loading Loading @@ -408,6 +410,10 @@ public class LockSettingsService extends ILockSettings.Stub { public int binderGetCallingUid() { return Binder.getCallingUid(); } public boolean isGsiRunning() { return SystemProperties.getInt(GSI_RUNNING_PROP, 0) > 0; } } public LockSettingsService(Context context) { Loading Loading @@ -2217,6 +2223,11 @@ public class LockSettingsService extends ILockSettings.Stub { } tryRemoveUserFromSpCacheLater(userId); if (mInjector.isGsiRunning()) { Slog.w(TAG, "AuthSecret disabled in GSI"); return; } // Pass the primary user's auth secret to the HAL if (mAuthSecretService != null && mUserManager.getUserInfo(userId).isPrimary()) { try { Loading
services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java +3 −1 Original line number Diff line number Diff line Loading @@ -87,6 +87,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { MockSyntheticPasswordManager mSpManager; IAuthSecret mAuthSecretService; WindowManagerInternal mMockWindowManager; FakeGsiService mGsiService; protected boolean mHasSecureLockScreen; @Override Loading @@ -101,6 +102,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { mDevicePolicyManager = mock(DevicePolicyManager.class); mDevicePolicyManagerInternal = mock(DevicePolicyManagerInternal.class); mMockWindowManager = mock(WindowManagerInternal.class); mGsiService = new FakeGsiService(); LocalServices.removeServiceForTest(LockSettingsInternal.class); LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class); Loading Loading @@ -137,7 +139,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { mAuthSecretService = mock(IAuthSecret.class); mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils, mStorage, mGateKeeperService, mKeyStore, setUpStorageManagerMock(), mActivityManager, mSpManager, mAuthSecretService); mSpManager, mAuthSecretService, mGsiService); when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO); mPrimaryUserProfiles.add(PRIMARY_USER_INFO); installChildProfile(MANAGED_PROFILE_USER_ID); Loading
services/tests/servicestests/src/com/android/server/locksettings/FakeGsiService.java 0 → 100644 +29 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.locksettings; public class FakeGsiService { private boolean mIsGsiRunning; public boolean isGsiRunning() { return mIsGsiRunning; } public void setIsGsiRunning(boolean isGsiRunning) { mIsGsiRunning = isGsiRunning; } }
services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java +11 −3 Original line number Diff line number Diff line Loading @@ -44,11 +44,12 @@ public class LockSettingsServiceTestable extends LockSettingsService { private IStorageManager mStorageManager; private SyntheticPasswordManager mSpManager; private IAuthSecret mAuthSecretService; private FakeGsiService mGsiService; public MockInjector(Context context, LockSettingsStorage storage, KeyStore keyStore, IActivityManager activityManager, LockPatternUtils lockPatternUtils, IStorageManager storageManager, SyntheticPasswordManager spManager, IAuthSecret authSecretService) { IAuthSecret authSecretService, FakeGsiService gsiService) { super(context); mLockSettingsStorage = storage; mKeyStore = keyStore; Loading @@ -56,6 +57,7 @@ public class LockSettingsServiceTestable extends LockSettingsService { mLockPatternUtils = lockPatternUtils; mStorageManager = storageManager; mSpManager = spManager; mGsiService = gsiService; } @Override Loading Loading @@ -107,14 +109,20 @@ public class LockSettingsServiceTestable extends LockSettingsService { public int binderGetCallingUid() { return Process.SYSTEM_UID; } @Override public boolean isGsiRunning() { return mGsiService.isGsiRunning(); } } protected LockSettingsServiceTestable(Context context, LockPatternUtils lockPatternUtils, LockSettingsStorage storage, FakeGateKeeperService gatekeeper, KeyStore keystore, IStorageManager storageManager, IActivityManager mActivityManager, SyntheticPasswordManager spManager, IAuthSecret authSecretService) { SyntheticPasswordManager spManager, IAuthSecret authSecretService, FakeGsiService gsiService) { super(new MockInjector(context, storage, keystore, mActivityManager, lockPatternUtils, storageManager, spManager, authSecretService)); storageManager, spManager, authSecretService, gsiService)); mGateKeeperService = gatekeeper; mAuthSecretService = authSecretService; } Loading
services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java +12 −0 Original line number Diff line number Diff line Loading @@ -554,6 +554,18 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { assertArrayEquals(PAYLOAD2, deserialized.passwordHandle); } public void testGsiDisablesAuthSecret() throws RemoteException { mGsiService.setIsGsiRunning(true); final String password = "testGsiDisablesAuthSecret-password"; initializeCredentialUnderSP(password, PRIMARY_USER_ID); assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( password, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID) .getResponseCode()); verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class)); } // b/62213311 //TODO: add non-migration work profile case, and unify/un-unify transition. //TODO: test token after user resets password Loading
