Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1613c712 authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Fix keyguard checking when installing user certs. 

Currently the condition is inverted, so the user is asked to enroll
a password only when there is one already.

Also, use existing method instead of a duplicate one. LPU.isSecure doesn't
check the credential owner, but for unified lock with empty parent password
it will correctly return false, so should be correct.

Bug: 113646620
Test: manual, tried installing user certs with and without screen lock.
Change-Id: Iabb1614540e454873e48039be13e22cc89b0a7be
parent a59ce66b

src/com/android/settings/CredentialStorage.java

+10 −13
Original line number Diff line number Diff line
@@ -106,12 +106,19 @@ public final class CredentialStorage extends FragmentActivity { 
    private static final int CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST = 2;



    private final KeyStore mKeyStore = KeyStore.getInstance();

    private LockPatternUtils mUtils;



    /**

     * When non-null, the bundle containing credentials to install.

     */

    private Bundle mInstallBundle;



    @Override

    protected void onCreate(Bundle savedState) {

        super.onCreate(savedState);

        mUtils = new LockPatternUtils(this);

    }



    @Override

    protected void onResume() {

        super.onResume();
@@ -160,7 +167,7 @@ public final class CredentialStorage extends FragmentActivity { 
                return;

            }

            case UNLOCKED: {

                if (isActivePasswordQualityInsufficient()) {

                if (!mUtils.isSecure(UserHandle.myUserId())) {

                    final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog();

                    dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG);

                    return;
@@ -179,7 +186,7 @@ public final class CredentialStorage extends FragmentActivity { 
     * case after unlocking with an old-style password).

     */

    private void ensureKeyGuard() {

        if (isActivePasswordQualityInsufficient()) {

        if (!mUtils.isSecure(UserHandle.myUserId())) {

            // key guard not setup, doing so will initialize keystore

            final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog();

            dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG);
@@ -194,16 +201,6 @@ public final class CredentialStorage extends FragmentActivity { 
        finish();

    }



    /**

     * Returns true if the currently set key guard violates our minimum quality requirements.

     */

    private boolean isActivePasswordQualityInsufficient() {

        final int credentialOwner =

                UserManager.get(this).getCredentialOwnerProfile(UserHandle.myUserId());

        final int quality = new LockPatternUtils(this).getActivePasswordQuality(credentialOwner);

        return (quality >= MIN_PASSWORD_QUALITY);

    }



    private boolean isHardwareBackedKey(byte[] keyData) {

        try {

            final ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData));
@@ -350,7 +347,7 @@ public final class CredentialStorage extends FragmentActivity { 
        protected Boolean doInBackground(Void... unused) {



            // Clear all the users credentials could have been installed in for this user.

            new LockPatternUtils(CredentialStorage.this).resetKeyStore(UserHandle.myUserId());

            mUtils.resetKeyStore(UserHandle.myUserId());



            try {

                final KeyChainConnection keyChainConnection = KeyChain.bind(CredentialStorage.this);