From 670a30e7664844ba4177a7183805127cdc32edd1 Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Thu, 11 Jun 2020 22:45:35 +0100
Subject: [PATCH] Remove password shards from memory

Force a garbage collection and zeroize some fields after Activity finishes

Test: Goes through password change flow, then grab a heap dump via
      adb shell 'am dumpheap $(pidof com.android.settings)
      /data/local/tmp/settings.hprof'
      And grep for password in the dump
Bug: 144537463
Change-Id: Idd0a04ada98900aeb2a6d20bb1270a4a4aec2cfd
---
 .../settings/password/ChooseLockGeneric.java        |  8 ++++++++
 .../settings/password/ChooseLockPassword.java       | 13 +++++++++++++
 .../settings/password/ChooseLockPattern.java        | 13 +++++++++++++
 .../ConfirmDeviceCredentialBaseActivity.java        | 10 ++++++++++
 .../settings/password/ConfirmLockPassword.java      | 11 +++++++++++
 5 files changed, 55 insertions(+)

diff --git a/src/com/android/settings/password/ChooseLockGeneric.java b/src/com/android/settings/password/ChooseLockGeneric.java
index 81d5036a740..04ee1b81ff9 100644
--- a/src/com/android/settings/password/ChooseLockGeneric.java
+++ b/src/com/android/settings/password/ChooseLockGeneric.java
@@ -821,6 +821,14 @@ public class ChooseLockGeneric extends SettingsActivity {
         @Override
         public void onDestroy() {
             super.onDestroy();
+            if (mUserPassword != null) {
+                mUserPassword.zeroize();
+            }
+            // Force a garbage collection immediately to remove remnant of user password shards
+            // from memory.
+            System.gc();
+            System.runFinalization();
+            System.gc();
         }
 
         @Override
diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java
index cdc03f95055..19cc9c8018a 100644
--- a/src/com/android/settings/password/ChooseLockPassword.java
+++ b/src/com/android/settings/password/ChooseLockPassword.java
@@ -530,6 +530,19 @@ public class ChooseLockPassword extends SettingsActivity {
             }
         }
 
+        @Override
+        public void onDestroy() {
+            super.onDestroy();
+            if (mCurrentCredential != null) {
+                mCurrentCredential.zeroize();
+            }
+            // Force a garbage collection immediately to remove remnant of user password shards
+            // from memory.
+            System.gc();
+            System.runFinalization();
+            System.gc();
+        }
+
         protected int getStageType() {
             return mForFingerprint ? Stage.TYPE_FINGERPRINT :
                     mForFace ? Stage.TYPE_FACE :
diff --git a/src/com/android/settings/password/ChooseLockPattern.java b/src/com/android/settings/password/ChooseLockPattern.java
index ece3da8f247..27fc9f022ea 100644
--- a/src/com/android/settings/password/ChooseLockPattern.java
+++ b/src/com/android/settings/password/ChooseLockPattern.java
@@ -617,6 +617,19 @@ public class ChooseLockPattern extends SettingsActivity {
             }
         }
 
+        @Override
+        public void onDestroy() {
+            super.onDestroy();
+            if (mCurrentCredential != null) {
+                mCurrentCredential.zeroize();
+            }
+            // Force a garbage collection immediately to remove remnant of user password shards
+            // from memory.
+            System.gc();
+            System.runFinalization();
+            System.gc();
+        }
+
         protected Intent getRedactionInterstitialIntent(Context context) {
             return RedactionInterstitial.createStartIntent(context, mUserId);
         }
diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialBaseActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialBaseActivity.java
index eaea2eac0e8..383ae4f1a06 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialBaseActivity.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialBaseActivity.java
@@ -157,6 +157,16 @@ public abstract class ConfirmDeviceCredentialBaseActivity extends SettingsActivi
         }
     }
 
+    @Override
+    public void onDestroy() {
+        super.onDestroy();
+        // Force a garbage collection immediately to remove remnant of user password shards
+        // from memory.
+        System.gc();
+        System.runFinalization();
+        System.gc();
+    }
+
     @Override
     public void finish() {
         super.finish();
diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java
index 6f8dbfdecdd..8aa44e9780f 100644
--- a/src/com/android/settings/password/ConfirmLockPassword.java
+++ b/src/com/android/settings/password/ConfirmLockPassword.java
@@ -217,6 +217,17 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
             }
         }
 
+        @Override
+        public void onDestroy() {
+            super.onDestroy();
+            mPasswordEntry.setText(null);
+            // Force a garbage collection immediately to remove remnant of user password shards
+            // from memory.
+            System.gc();
+            System.runFinalization();
+            System.gc();
+        }
+
         private int getDefaultHeader() {
             if (mFrp) {
                 return mIsAlpha ? R.string.lockpassword_confirm_your_password_header_frp