Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f7a58e29 authored by Ricky Wai's avatar Ricky Wai Committed by android-build-merger
Browse files

Merge "Merge "Add resetKeyStore() in LockSettingsService" into nyc-dev am:... 

Merge "Merge "Add resetKeyStore() in LockSettingsService" into nyc-dev am: 1cb6f9d8 am: 754ddca7" into nyc-mr1-dev-plus-aosp
am: 1db5fc98

* commit '1db5fc98':
  Add resetKeyStore() in LockSettingsService

Change-Id: Ia3a5c7156fd7774bffa8e4b5ad4d81b36e408923
parents 269c138b 1db5fc98

core/java/com/android/internal/widget/ILockSettings.aidl

+1 −0
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ interface ILockSettings { 
    long getLong(in String key, in long defaultValue, in int userId);

    String getString(in String key, in String defaultValue, in int userId);

    void setLockPattern(in String pattern, in String savedPattern, int userId);

    void resetKeyStore(int userId);

    VerifyCredentialResponse checkPattern(in String pattern, int userId);

    VerifyCredentialResponse verifyPattern(in String pattern, long challenge, int userId);

    void setLockPassword(in String password, in String savedPassword, int userId);

core/java/com/android/internal/widget/LockPatternUtils.java

+12 −0
Original line number Diff line number Diff line
@@ -534,6 +534,18 @@ public class LockPatternUtils { 
        return DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;

    }



    /**

     * Use it to reset keystore without wiping work profile

     */

    public void resetKeyStore(int userId) {

        try {

            getLockSettings().resetKeyStore(userId);

        } catch (RemoteException e) {

            // It should not happen

            Log.e(TAG, "Couldn't reset keystore " + e);

        }

    }



    /**

     * Clear any lock pattern or password.

     */

services/core/java/com/android/server/LockSettingsService.java

+53 −1
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ import android.os.Handler; 
import android.os.IBinder;

import android.os.IProgressListener;

import android.os.Parcel;

import android.os.Process;

import android.os.RemoteException;

import android.os.storage.IMountService;

import android.os.ServiceManager;
@@ -128,6 +129,14 @@ public class LockSettingsService extends ILockSettings.Stub { 
    private NotificationManager mNotificationManager;

    private UserManager mUserManager;



    private final KeyStore mKeyStore = KeyStore.getInstance();



    /**

     * The UIDs that are used for system credential storage in keystore.

     */

    private static final int[] SYSTEM_CREDENTIAL_UIDS = {Process.WIFI_UID, Process.VPN_UID,

        Process.ROOT_UID, Process.SYSTEM_UID};



    static {

        // Just launch the home screen, which happens anyway

        ACTION_NULL = new Intent(Intent.ACTION_MAIN);
@@ -715,7 +724,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,

            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException,

            CertificateException, IOException {

        if (DEBUG) Slog.v(TAG, "Unlock keystore for child profile");

        if (DEBUG) Slog.v(TAG, "Get child profile decrytped key");

        byte[] storedData = mStorage.readChildProfileLock(userId);

        if (storedData == null) {

            throw new FileNotFoundException("Child profile lock file not found");
@@ -1134,6 +1143,49 @@ public class LockSettingsService extends ILockSettings.Stub { 
        getMountService().fixateNewestUserKeyAuth(userId);

    }



    @Override

    public void resetKeyStore(int userId) throws RemoteException {

        if (DEBUG) Slog.v(TAG, "Reset keystore for user: " + userId);

        int managedUserId = -1;

        String managedUserDecryptedPassword = null;

        final List<UserInfo> profiles = mUserManager.getProfiles(userId);

        for (UserInfo pi : profiles) {

            // Unlock managed profile with unified lock

            if (pi.isManagedProfile()

                    && !mLockPatternUtils.isSeparateProfileChallengeEnabled(pi.id)

                    && mStorage.hasChildProfileLock(pi.id)) {

                try {

                    if (managedUserId == -1) {

                        managedUserDecryptedPassword = getDecryptedPasswordForTiedProfile(pi.id);

                        managedUserId = pi.id;

                    } else {

                        // Should not happen

                        Slog.e(TAG, "More than one managed profile, uid1:" + managedUserId

                                + ", uid2:" + pi.id);

                    }

                } catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException

                        | NoSuchAlgorithmException | NoSuchPaddingException

                        | InvalidAlgorithmParameterException | IllegalBlockSizeException

                        | BadPaddingException | CertificateException | IOException e) {

                    Slog.e(TAG, "Failed to decrypt child profile key", e);

                }

            }

        }

        try {

            // Clear all the users credentials could have been installed in for this user.

            for (int profileId : mUserManager.getProfileIdsWithDisabled(userId)) {

                for (int uid : SYSTEM_CREDENTIAL_UIDS) {

                    mKeyStore.clearUid(UserHandle.getUid(profileId, uid));

                }

            }

        } finally {

            if (managedUserId != -1 && managedUserDecryptedPassword != null) {

                if (DEBUG) Slog.v(TAG, "Restore tied profile lock");

                tieProfileLockToParent(managedUserId, managedUserDecryptedPassword);

            }

        }

    }



    @Override

    public VerifyCredentialResponse checkPattern(String pattern, int userId) throws RemoteException {

        return doVerifyPattern(pattern, false, 0, userId);