Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Do not re-initialize synthetic password" into rvc-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2020-10-08 10:37:53 +00:00
committed by Android (Google) Code Review
parent f1c038465d 2d51788b08
commit 5ad4ec37a0
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
services/core/java/com/android/server/locksettings/LockSettingsService.java
View File

@@ -113,6 +113,7 @@ import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;
import com.android.internal.notification.SystemNotificationChannels;
import com.android.internal.util.DumpUtils;
import com.android.internal.util.IndentingPrintWriter;
import com.android.internal.util.Preconditions;
import com.android.internal.widget.ICheckCredentialProgressCallback;
import com.android.internal.widget.ILockSettings;
import com.android.internal.widget.LockPatternUtils;
@@ -2618,6 +2619,10 @@ public class LockSettingsService extends ILockSettings.Stub {
protected AuthenticationToken initializeSyntheticPasswordLocked(byte[] credentialHash,
LockscreenCredential credential, int userId) {
Slog.i(TAG, "Initialize SyntheticPassword for user: " + userId);
Preconditions.checkState(
getSyntheticPasswordHandleLocked(userId) == SyntheticPasswordManager.DEFAULT_HANDLE,
"Cannot reinitialize SP");
final AuthenticationToken auth = mSpManager.newSyntheticPasswordAndSid(
getGateKeeperService(), credentialHash, credential, userId);
onAuthTokenKnownForUser(userId, auth);
@@ -2678,7 +2683,7 @@ public class LockSettingsService extends ILockSettings.Stub {
@VisibleForTesting
protected boolean shouldMigrateToSyntheticPasswordLocked(int userId) {
return true;
return getSyntheticPasswordHandleLocked(userId) == SyntheticPasswordManager.DEFAULT_HANDLE;
}
private VerifyCredentialResponse spBasedDoVerifyCredential(LockscreenCredential userCredential,

18
services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
View File

@@ -519,10 +519,24 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
LockscreenCredential password = newPassword("password");
initializeCredentialUnderSP(password, PRIMARY_USER_ID);
assertTrue(mService.setLockCredential(password, password, PRIMARY_USER_ID));
assertNoOrphanedFilesLeft(PRIMARY_USER_ID);
}
@Test
public void testAddingEscrowToken_NoOrphanedFilesLeft() throws Exception {
final byte[] token = "some-high-entropy-secure-token".getBytes();
for (int i = 0; i < 16; i++) {
long handle = mLocalService.addEscrowToken(token, PRIMARY_USER_ID, null);
assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));
mLocalService.removeEscrowToken(handle, PRIMARY_USER_ID);
}
assertNoOrphanedFilesLeft(PRIMARY_USER_ID);
}
private void assertNoOrphanedFilesLeft(int userId) {
String handleString = String.format("%016x",
mService.getSyntheticPasswordHandleLocked(PRIMARY_USER_ID));
File directory = mStorage.getSyntheticPasswordDirectoryForUser(PRIMARY_USER_ID);
mService.getSyntheticPasswordHandleLocked(userId));
File directory = mStorage.getSyntheticPasswordDirectoryForUser(userId);
for (File file : directory.listFiles()) {
String[] parts = file.getName().split("\\.");
if (!parts[0].equals(handleString) && !parts[0].equals("0000000000000000")) {