Merge "Mitigate LSKF leaks through the LockscreenCredential in... (eb8583b3) · Commits · e / os / android_frameworks_base

core/java/android/app/KeyguardManager.java

+20 −21

Original line number	Diff line number	Diff line
		@@ -1032,9 +1032,7 @@ public class KeyguardManager {
		return false;
		}
		boolean success;
		try {
		LockscreenCredential credential = createLockscreenCredential(
		lockType, password);
		try (LockscreenCredential credential = createLockscreenCredential(lockType, password)) {
		success = mLockPatternUtils.setLockCredential(
		credential,
		/* savedPassword= */ LockscreenCredential.createNone(),
		@@ -1213,10 +1211,10 @@ public class KeyguardManager {
		public boolean setLock(@LockTypes int newLockType, @Nullable byte[] newPassword,
		@LockTypes int currentLockType, @Nullable byte[] currentPassword) {
		final int userId = mContext.getUserId();
		LockscreenCredential currentCredential = createLockscreenCredential(
		try (LockscreenCredential currentCredential = createLockscreenCredential(
		currentLockType, currentPassword);
		LockscreenCredential newCredential = createLockscreenCredential(
		newLockType, newPassword);
		newLockType, newPassword)) {
		PasswordMetrics adminMetrics =
		mLockPatternUtils.getRequestedPasswordMetrics(mContext.getUserId());
		List<PasswordValidationError> errors = PasswordMetrics.validateCredential(adminMetrics,
		@@ -1227,6 +1225,7 @@ public class KeyguardManager {
		}
		return mLockPatternUtils.setLockCredential(newCredential, currentCredential, userId);
		}
		}

		/**
		* Verifies the current lock credentials against {@code password}.
		@@ -1244,8 +1243,7 @@ public class KeyguardManager {
		Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE
		})
		public boolean checkLock(@LockTypes int lockType, @Nullable byte[] password) {
		final LockscreenCredential credential = createLockscreenCredential(
		lockType, password);
		try (LockscreenCredential credential = createLockscreenCredential(lockType, password)) {
		final VerifyCredentialResponse response = mLockPatternUtils.verifyCredential(
		credential, mContext.getUserId(), /* flags= */ 0);
		if (response == null) {
		@@ -1253,6 +1251,7 @@ public class KeyguardManager {
		}
		return response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK;
		}
		}

		/** Starts a session to verify lockscreen credentials provided by a remote device.
		*