Update settings together with frameworks/base
LockSettingsService returns a handle to the gatekeeper password
instead of the password itself now. As such, update areas of code
accordingly.
Bug: 161765592
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Ibc71ec88f8192620d041bfd125f400371708b296
This commit is contained in:
Kevin Chyn
@@ -104,13 +104,13 @@ public class BiometricEnrollActivity extends InstrumentedActivity {
|
||||
.getByteArrayExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN);
|
||||
final int userId = getIntent()
|
||||
.getIntExtra(Intent.EXTRA_USER_ID, UserHandle.USER_NULL);
|
||||
final byte[] gkPw = getIntent().getByteArrayExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_GK_PW);
|
||||
final long gkPwHandle = getIntent().getLongExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L);
|
||||
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, token);
|
||||
intent.putExtra(Intent.EXTRA_USER_ID, userId);
|
||||
if (gkPw != null) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW, gkPw);
|
||||
if (gkPwHandle != 0L) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, gkPwHandle);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -190,7 +190,7 @@ public abstract class BiometricEnrollBase extends InstrumentedActivity {
|
||||
final ChooseLockSettingsHelper.Builder builder = new ChooseLockSettingsHelper.Builder(this);
|
||||
builder.setRequestCode(CONFIRM_REQUEST)
|
||||
.setTitle(getString(titleResId))
|
||||
.setRequestGatekeeperPassword(true)
|
||||
.setRequestGatekeeperPasswordHandle(true)
|
||||
.setForegroundOnly(true)
|
||||
.setReturnCredentials(true);
|
||||
|
||||
|
||||
@@ -224,7 +224,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
|
||||
intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY,
|
||||
DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
|
||||
intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true);
|
||||
intent.putExtra(getExtraKeyForBiometric(), true);
|
||||
if (mUserId != UserHandle.USER_NULL) {
|
||||
intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
|
||||
@@ -278,6 +278,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
|
||||
getNextButton().setEnabled(false);
|
||||
getChallenge(((sensorId, challenge) -> {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, data, mUserId, challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(this, data);
|
||||
getNextButton().setEnabled(true);
|
||||
}));
|
||||
} else {
|
||||
@@ -291,6 +292,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase
|
||||
getNextButton().setEnabled(false);
|
||||
getChallenge(((sensorId, challenge) -> {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, data, mUserId, challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(this, data);
|
||||
getNextButton().setEnabled(true);
|
||||
}));
|
||||
} else {
|
||||
|
||||
@@ -16,7 +16,6 @@
|
||||
|
||||
package com.android.settings.biometrics;
|
||||
|
||||
import android.app.Activity;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
|
||||
@@ -39,20 +38,42 @@ public class BiometricUtils {
|
||||
*/
|
||||
public static byte[] requestGatekeeperHat(Context context, Intent result, int userId,
|
||||
long challenge) {
|
||||
final byte[] gkPassword = result.getByteArrayExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_GK_PW);
|
||||
if (gkPassword == null) {
|
||||
throw new IllegalStateException("Gatekeeper Password is null!!");
|
||||
final long gatekeeperPasswordHandle = result.getLongExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L);
|
||||
if (gatekeeperPasswordHandle == 0L) {
|
||||
throw new IllegalStateException("Gatekeeper Password is missing!!");
|
||||
}
|
||||
|
||||
final LockPatternUtils utils = new LockPatternUtils(context);
|
||||
return utils.verifyGatekeeperPassword(gkPassword, challenge, userId).getGatekeeperHAT();
|
||||
return utils.verifyGatekeeperPasswordHandle(gatekeeperPasswordHandle, challenge, userId)
|
||||
.getGatekeeperHAT();
|
||||
}
|
||||
|
||||
public static boolean containsGatekeeperPassword(Intent data) {
|
||||
if (data == null) {
|
||||
return false;
|
||||
}
|
||||
return data.getByteArrayExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW) != null;
|
||||
return data.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L) != 0L;
|
||||
}
|
||||
|
||||
/**
|
||||
* Requests {@link com.android.server.locksettings.LockSettingsService} to remove the
|
||||
* gatekeeper password associated with a previous
|
||||
* {@link ChooseLockSettingsHelper.Builder#setRequestGatekeeperPasswordHandle(boolean)}
|
||||
*
|
||||
* @param context Caller's context
|
||||
* @param data The onActivityResult intent from ChooseLock* or ConfirmLock*
|
||||
*/
|
||||
public static void removeGatekeeperPasswordHandle(Context context, Intent data) {
|
||||
if (data == null) {
|
||||
return;
|
||||
}
|
||||
final long gatekeeperPasswordsHandle = data.getLongExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L);
|
||||
if (gatekeeperPasswordsHandle == 0L) {
|
||||
return;
|
||||
}
|
||||
final LockPatternUtils utils = new LockPatternUtils(context);
|
||||
utils.removeGatekeeperPasswordHandle(gatekeeperPasswordsHandle);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -105,6 +105,7 @@ public class FaceEnrollIntroduction extends BiometricEnrollIntroduction {
|
||||
// the challenge is ready. Let's just do this for now.
|
||||
mFaceManager.generateChallenge((sensorId, challenge) -> {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());
|
||||
mFooterBarMixin.getPrimaryButton().setEnabled(true);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -207,7 +207,7 @@ public class FaceSettings extends DashboardFragment {
|
||||
new ChooseLockSettingsHelper.Builder(getActivity(), this);
|
||||
final boolean launched = builder.setRequestCode(CONFIRM_REQUEST)
|
||||
.setTitle(getString(R.string.security_settings_face_preference_title))
|
||||
.setRequestGatekeeperPassword(true)
|
||||
.setRequestGatekeeperPasswordHandle(true)
|
||||
.setUserId(mUserId)
|
||||
.setForegroundOnly(true)
|
||||
.setReturnCredentials(true)
|
||||
@@ -247,6 +247,7 @@ public class FaceSettings extends DashboardFragment {
|
||||
mFaceManager.generateChallenge((sensorId, challenge) -> {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(getPrefContext(), data, mUserId,
|
||||
challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(getPrefContext(), data);
|
||||
mAttentionController.setToken(mToken);
|
||||
mEnrollController.setToken(mToken);
|
||||
mConfirmingPassword = false;
|
||||
|
||||
@@ -67,6 +67,7 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase {
|
||||
final FingerprintManager fpm = getSystemService(FingerprintManager.class);
|
||||
fpm.generateChallenge((sensorId, challenge) -> {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent());
|
||||
|
||||
// Put this into the intent. This is really just to work around the fact that the
|
||||
// enrollment sidecar gets the HAT from the activity's intent, rather than having
|
||||
|
||||
@@ -574,6 +574,7 @@ public class FingerprintSettings extends SubSettings {
|
||||
mFingerprintManager.generateChallenge((sensorId, challenge) -> {
|
||||
mToken = BiometricUtils.requestGatekeeperHat(getActivity(), data,
|
||||
mUserId, challenge);
|
||||
BiometricUtils.removeGatekeeperPasswordHandle(getActivity(), data);
|
||||
updateAddPreference();
|
||||
});
|
||||
} else {
|
||||
@@ -643,7 +644,7 @@ public class FingerprintSettings extends SubSettings {
|
||||
new ChooseLockSettingsHelper.Builder(getActivity(), this);
|
||||
final boolean launched = builder.setRequestCode(CONFIRM_REQUEST)
|
||||
.setTitle(getString(R.string.security_settings_fingerprint_preference_title))
|
||||
.setRequestGatekeeperPassword(true)
|
||||
.setRequestGatekeeperPasswordHandle(true)
|
||||
.setUserId(mUserId)
|
||||
.setForegroundOnly(true)
|
||||
.setReturnCredentials(true)
|
||||
@@ -658,7 +659,7 @@ public class FingerprintSettings extends SubSettings {
|
||||
intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS,
|
||||
true);
|
||||
intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true);
|
||||
intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
|
||||
startActivityForResult(intent, CHOOSE_LOCK_GENERIC_REQUEST);
|
||||
}
|
||||
|
||||
@@ -144,7 +144,7 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
|
||||
private LockPatternUtils mLockPatternUtils;
|
||||
private DevicePolicyManager mDpm;
|
||||
private boolean mRequestGatekeeperPassword = false;
|
||||
private boolean mRequestGatekeeperPasswordHandle = false;
|
||||
private boolean mPasswordConfirmed = false;
|
||||
private boolean mWaitingForConfirmation = false;
|
||||
private boolean mForChangeCredRequiredForBoot = false;
|
||||
@@ -210,8 +210,8 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
}
|
||||
|
||||
mRequestGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
mRequestGatekeeperPasswordHandle = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
|
||||
mForFingerprint = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
|
||||
mForFace = intent.getBooleanExtra(
|
||||
@@ -388,7 +388,7 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
// Gatekeeper Password should not imply it came from biometric setup/settings.
|
||||
startActivityForResult(
|
||||
intent,
|
||||
mIsSetNewPassword && mRequestGatekeeperPassword
|
||||
mIsSetNewPassword && mRequestGatekeeperPasswordHandle
|
||||
? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST
|
||||
: ENABLE_ENCRYPTION_REQUEST);
|
||||
} else {
|
||||
@@ -438,10 +438,11 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
&& resultCode == BiometricEnrollBase.RESULT_FINISHED) {
|
||||
Intent intent = getBiometricEnrollIntent(getActivity());
|
||||
if (data != null) {
|
||||
// ChooseLockGeneric should have requested that the Gatekeeper Password be
|
||||
// returned, so that biometric enrollment(s) can subsequently request Gatekeeper
|
||||
// to create HardwareAuthToken(s) wrapping biometric-specific challenges. Send
|
||||
// the extras (including the GK Password) to the enrollment activity.
|
||||
// ChooseLockGeneric should have requested for a Gatekeeper Password Handle to
|
||||
// be returned, so that biometric enrollment(s) can subsequently request
|
||||
// Gatekeeper to create HardwareAuthToken(s) wrapping biometric-specific
|
||||
// challenges. Send the extras (including the GK Password) to the enrollment
|
||||
// activity.
|
||||
intent.putExtras(data.getExtras());
|
||||
}
|
||||
// Forward the target user id to fingerprint setup page.
|
||||
@@ -727,7 +728,7 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
.setForFingerprint(mForFingerprint)
|
||||
.setForFace(mForFace)
|
||||
.setUserId(mUserId)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword);
|
||||
.setRequestGatekeeperPasswordHandle(mRequestGatekeeperPasswordHandle);
|
||||
if (mUserPassword != null) {
|
||||
builder.setPassword(mUserPassword);
|
||||
}
|
||||
@@ -743,7 +744,7 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
.setForFingerprint(mForFingerprint)
|
||||
.setForFace(mForFace)
|
||||
.setUserId(mUserId)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword);
|
||||
.setRequestGatekeeperPasswordHandle(mRequestGatekeeperPasswordHandle);
|
||||
if (mUserPassword != null) {
|
||||
builder.setPattern(mUserPassword);
|
||||
}
|
||||
@@ -784,13 +785,13 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
intent.putExtra(EXTRA_SHOW_OPTIONS_BUTTON, chooseLockSkipped);
|
||||
}
|
||||
intent.putExtra(EXTRA_CHOOSE_LOCK_GENERIC_EXTRAS, getIntent().getExtras());
|
||||
// If the caller requested Gatekeeper Password to be returned, we assume it came
|
||||
// from biometric enrollment. onActivityResult will put the LockSettingsService
|
||||
// If the caller requested Gatekeeper Password Handle to be returned, we assume it
|
||||
// came from biometric enrollment. onActivityResult will put the LockSettingsService
|
||||
// into the extras and launch biometric enrollment. This should be cleaned up,
|
||||
// since requesting Gatekeeper Password should not imply it came from biometric
|
||||
// setup/settings.
|
||||
// since requesting a Gatekeeper Password Handle should not imply it came from
|
||||
// biometric setup/settings.
|
||||
startActivityForResult(intent,
|
||||
mIsSetNewPassword && mRequestGatekeeperPassword
|
||||
mIsSetNewPassword && mRequestGatekeeperPasswordHandle
|
||||
? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST
|
||||
: CHOOSE_LOCK_REQUEST);
|
||||
return;
|
||||
|
||||
@@ -73,7 +73,6 @@ import androidx.recyclerview.widget.RecyclerView;
|
||||
|
||||
import com.android.internal.annotations.VisibleForTesting;
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockPatternUtils.RequestThrottledException;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.internal.widget.PasswordValidationError;
|
||||
import com.android.internal.widget.TextViewInputDisabler;
|
||||
@@ -130,9 +129,10 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
return this;
|
||||
}
|
||||
|
||||
public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW,
|
||||
requestGatekeeperPassword);
|
||||
public IntentBuilder setRequestGatekeeperPasswordHandle(
|
||||
boolean requestGatekeeperPasswordHandle) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE,
|
||||
requestGatekeeperPasswordHandle);
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -492,7 +492,7 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
mCurrentCredential = intent.getParcelableExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
mRequestGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
|
||||
if (savedInstanceState == null) {
|
||||
updateStage(Stage.Introduction);
|
||||
if (confirmCredentials) {
|
||||
@@ -501,7 +501,7 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
builder.setRequestCode(CONFIRM_EXISTING_REQUEST)
|
||||
.setTitle(getString(R.string.unlock_set_unlock_launch_picker_title))
|
||||
.setReturnCredentials(true)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword)
|
||||
.setRequestGatekeeperPasswordHandle(mRequestGatekeeperPassword)
|
||||
.setUserId(mUserId)
|
||||
.show();
|
||||
}
|
||||
@@ -970,16 +970,16 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
// path to return a Gatekeeper Password based on the credential that the user
|
||||
// chose. This should only be run if the credential was successfully set.
|
||||
final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPassword,
|
||||
mUserId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
mUserId, LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE);
|
||||
|
||||
if (!response.isMatched() || response.getGatekeeperPw() == null) {
|
||||
Log.e(TAG, "critical: bad response or missing GK PW for known good password: "
|
||||
+ response.toString());
|
||||
if (!response.isMatched() || !response.containsGatekeeperPasswordHandle()) {
|
||||
Log.e(TAG, "critical: bad response or missing GK PW handle for known good"
|
||||
+ " password: " + response.toString());
|
||||
}
|
||||
|
||||
result = new Intent();
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
|
||||
response.getGatekeeperPw());
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE,
|
||||
response.getGatekeeperPasswordHandle());
|
||||
}
|
||||
return Pair.create(success, result);
|
||||
}
|
||||
|
||||
@@ -112,9 +112,10 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
return this;
|
||||
}
|
||||
|
||||
public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW,
|
||||
requestGatekeeperPassword);
|
||||
public IntentBuilder setRequestGatekeeperPasswordHandle(
|
||||
boolean requestGatekeeperPasswordHandle) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE,
|
||||
requestGatekeeperPasswordHandle);
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -562,7 +563,7 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
mCurrentCredential =
|
||||
intent.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
mRequestGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
|
||||
|
||||
if (savedInstanceState == null) {
|
||||
if (confirmCredentials) {
|
||||
@@ -575,7 +576,7 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
final boolean launched = builder.setRequestCode(CONFIRM_EXISTING_REQUEST)
|
||||
.setTitle(getString(R.string.unlock_set_unlock_launch_picker_title))
|
||||
.setReturnCredentials(true)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword)
|
||||
.setRequestGatekeeperPasswordHandle(mRequestGatekeeperPassword)
|
||||
.setUserId(mUserId)
|
||||
.show();
|
||||
|
||||
@@ -915,16 +916,16 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
// path to return a Gatekeeper Password based on the credential that the user
|
||||
// chose. This should only be run if the credential was successfully set.
|
||||
final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPattern,
|
||||
userId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
userId, LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE);
|
||||
|
||||
if (!response.isMatched() || response.getGatekeeperPw() == null) {
|
||||
Log.e(TAG, "critical: bad response or missing GK HAT for known good pattern: "
|
||||
+ response.toString());
|
||||
if (!response.isMatched() || !response.containsGatekeeperPasswordHandle()) {
|
||||
Log.e(TAG, "critical: bad response or missing GK PW handle for known good"
|
||||
+ " pattern: " + response.toString());
|
||||
}
|
||||
|
||||
result = new Intent();
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
|
||||
response.getGatekeeperPw());
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE,
|
||||
response.getGatekeeperPasswordHandle());
|
||||
}
|
||||
return Pair.create(success, result);
|
||||
}
|
||||
|
||||
@@ -31,9 +31,7 @@ import android.util.Log;
|
||||
import androidx.annotation.VisibleForTesting;
|
||||
import androidx.fragment.app.Fragment;
|
||||
|
||||
import com.android.internal.widget.ICheckCredentialProgressCallback;
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.settings.SetupWizardUtils;
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settings.core.SubSettingLauncher;
|
||||
@@ -56,10 +54,10 @@ public final class ChooseLockSettingsHelper {
|
||||
public static final String EXTRA_KEY_FOR_FACE = "for_face";
|
||||
public static final String EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT = "for_cred_req_boot";
|
||||
public static final String EXTRA_KEY_FOREGROUND_ONLY = "foreground_only";
|
||||
public static final String EXTRA_KEY_REQUEST_GK_PW = "request_gk_pw";
|
||||
// Gatekeeper password, which can subsequently be used to generate Gatekeeper
|
||||
// HardwareAuthToken(s) via LockSettingsService#verifyGatekeeperPassword
|
||||
public static final String EXTRA_KEY_GK_PW = "gk_pw";
|
||||
public static final String EXTRA_KEY_REQUEST_GK_PW_HANDLE = "request_gk_pw_handle";
|
||||
// Gatekeeper password handle, which can subsequently be used to generate Gatekeeper
|
||||
// HardwareAuthToken(s) via LockSettingsService#verifyGatekeeperPasswordHandle
|
||||
public static final String EXTRA_KEY_GK_PW_HANDLE = "gk_pw_handle";
|
||||
|
||||
/**
|
||||
* When EXTRA_KEY_UNIFICATION_PROFILE_CREDENTIAL and EXTRA_KEY_UNIFICATION_PROFILE_ID are
|
||||
@@ -126,7 +124,7 @@ public final class ChooseLockSettingsHelper {
|
||||
private int mUserId;
|
||||
private boolean mAllowAnyUserId;
|
||||
private boolean mForceVerifyPath;
|
||||
boolean mRequestGatekeeperPassword;
|
||||
boolean mRequestGatekeeperPasswordHandle;
|
||||
|
||||
public Builder(@NonNull Activity activity) {
|
||||
mActivity = activity;
|
||||
@@ -182,12 +180,12 @@ public final class ChooseLockSettingsHelper {
|
||||
* @param returnCredentials if true, puts the following credentials into intent for
|
||||
* onActivityResult with the following keys:
|
||||
* {@link #EXTRA_KEY_TYPE}, {@link #EXTRA_KEY_PASSWORD},
|
||||
* {@link #EXTRA_KEY_CHALLENGE_TOKEN}, {@link #EXTRA_KEY_GK_PW}
|
||||
* {@link #EXTRA_KEY_CHALLENGE_TOKEN},
|
||||
* {@link #EXTRA_KEY_GK_PW_HANDLE}
|
||||
* Note that if this is true, this can only be called internally.
|
||||
*
|
||||
* This should also generally be set if
|
||||
* {@link #setRequestGatekeeperPassword(boolean)} (boolean)} is
|
||||
* set.
|
||||
* {@link #setRequestGatekeeperPasswordHandle(boolean)} is set.
|
||||
*/
|
||||
@NonNull public Builder setReturnCredentials(boolean returnCredentials) {
|
||||
mReturnCredentials = returnCredentials;
|
||||
@@ -241,17 +239,18 @@ public final class ChooseLockSettingsHelper {
|
||||
}
|
||||
|
||||
/**
|
||||
* Requests that LockSettingsService return the Gatekeeper Password (instead of the
|
||||
* Gatekeeper HAT). This allows us to use a single entry of the user's credential
|
||||
* Requests that LockSettingsService return a handle to the Gatekeeper Password (instead of
|
||||
* the Gatekeeper HAT). This allows us to use a single entry of the user's credential
|
||||
* to create multiple Gatekeeper HATs containing distinct challenges via
|
||||
* {@link LockPatternUtils#verifyGatekeeperPassword(byte[], long, int)}.
|
||||
* {@link LockPatternUtils#verifyGatekeeperPasswordHandle(long, long, int)}.
|
||||
*
|
||||
* Upon confirmation of the user's password, the Gatekeeper Password will be returned via
|
||||
* onActivityResult with the key being {@link #EXTRA_KEY_GK_PW}.
|
||||
* @param requestGatekeeperPassword
|
||||
* Upon confirmation of the user's password, the Gatekeeper Password Handle will be returned
|
||||
* via onActivityResult with the key being {@link #EXTRA_KEY_GK_PW_HANDLE}.
|
||||
* @param requestGatekeeperPasswordHandle
|
||||
*/
|
||||
@NonNull public Builder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
|
||||
mRequestGatekeeperPassword = requestGatekeeperPassword;
|
||||
@NonNull public Builder setRequestGatekeeperPasswordHandle(
|
||||
boolean requestGatekeeperPasswordHandle) {
|
||||
mRequestGatekeeperPasswordHandle = requestGatekeeperPasswordHandle;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -266,10 +265,10 @@ public final class ChooseLockSettingsHelper {
|
||||
+ " onActivityResult");
|
||||
}
|
||||
|
||||
if (mRequestGatekeeperPassword && !mReturnCredentials) {
|
||||
if (mRequestGatekeeperPasswordHandle && !mReturnCredentials) {
|
||||
// HAT containing the signed challenge will not be available to the caller.
|
||||
Log.w(TAG, "Requested gatekeeper password but not requesting ReturnCredentials. Are"
|
||||
+ " you sure this is what you want?");
|
||||
Log.w(TAG, "Requested gatekeeper password handle but not requesting"
|
||||
+ " ReturnCredentials. Are you sure this is what you want?");
|
||||
}
|
||||
|
||||
return new ChooseLockSettingsHelper(this, mActivity, mFragment);
|
||||
@@ -289,14 +288,14 @@ public final class ChooseLockSettingsHelper {
|
||||
mBuilder.mDescription, mBuilder.mReturnCredentials, mBuilder.mExternal,
|
||||
mBuilder.mForceVerifyPath, mBuilder.mUserId, mBuilder.mAlternateButton,
|
||||
mBuilder.mAllowAnyUserId, mBuilder.mForegroundOnly,
|
||||
mBuilder.mRequestGatekeeperPassword);
|
||||
mBuilder.mRequestGatekeeperPasswordHandle);
|
||||
}
|
||||
|
||||
private boolean launchConfirmationActivity(int request, @Nullable CharSequence title,
|
||||
@Nullable CharSequence header, @Nullable CharSequence description,
|
||||
boolean returnCredentials, boolean external, boolean forceVerifyPath,
|
||||
int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser,
|
||||
boolean foregroundOnly, boolean requestGatekeeperPassword) {
|
||||
boolean foregroundOnly, boolean requestGatekeeperPasswordHandle) {
|
||||
final int effectiveUserId = UserManager.get(mActivity).getCredentialOwnerProfile(userId);
|
||||
boolean launched = false;
|
||||
|
||||
@@ -307,7 +306,7 @@ public final class ChooseLockSettingsHelper {
|
||||
? ConfirmLockPattern.InternalActivity.class
|
||||
: ConfirmLockPattern.class, returnCredentials, external,
|
||||
forceVerifyPath, userId, alternateButton, allowAnyUser,
|
||||
foregroundOnly, requestGatekeeperPassword);
|
||||
foregroundOnly, requestGatekeeperPasswordHandle);
|
||||
break;
|
||||
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
|
||||
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
|
||||
@@ -320,7 +319,7 @@ public final class ChooseLockSettingsHelper {
|
||||
? ConfirmLockPassword.InternalActivity.class
|
||||
: ConfirmLockPassword.class, returnCredentials, external,
|
||||
forceVerifyPath, userId, alternateButton, allowAnyUser,
|
||||
foregroundOnly, requestGatekeeperPassword);
|
||||
foregroundOnly, requestGatekeeperPasswordHandle);
|
||||
break;
|
||||
}
|
||||
return launched;
|
||||
@@ -330,7 +329,7 @@ public final class ChooseLockSettingsHelper {
|
||||
CharSequence message, Class<?> activityClass, boolean returnCredentials,
|
||||
boolean external, boolean forceVerifyPath, int userId,
|
||||
@Nullable CharSequence alternateButton, boolean allowAnyUser,
|
||||
boolean foregroundOnly, boolean requestGatekeeperPassword) {
|
||||
boolean foregroundOnly, boolean requestGatekeeperPasswordHandle) {
|
||||
final Intent intent = new Intent();
|
||||
intent.putExtra(ConfirmDeviceCredentialBaseFragment.TITLE_TEXT, title);
|
||||
intent.putExtra(ConfirmDeviceCredentialBaseFragment.HEADER_TEXT, header);
|
||||
@@ -346,8 +345,8 @@ public final class ChooseLockSettingsHelper {
|
||||
intent.putExtra(KeyguardManager.EXTRA_ALTERNATE_BUTTON_LABEL, alternateButton);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOREGROUND_ONLY, foregroundOnly);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_ALLOW_ANY_USER, allowAnyUser);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW,
|
||||
requestGatekeeperPassword);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE,
|
||||
requestGatekeeperPasswordHandle);
|
||||
|
||||
intent.setClassName(SETTINGS_PACKAGE_NAME, activityClass.getName());
|
||||
if (external) {
|
||||
|
||||
@@ -74,7 +74,7 @@ public class ChooseLockTypeDialogFragment extends InstrumentedDialogFragment
|
||||
|
||||
// Copy the original extras into the new intent
|
||||
copyBooleanExtra(activityIntent, intent,
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
|
||||
copyBooleanExtra(activityIntent, intent,
|
||||
ChooseLockGenericFragment.EXTRA_SHOW_OPTIONS_BUTTON, false);
|
||||
if (activityIntent.hasExtra(
|
||||
|
||||
@@ -102,7 +102,7 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends InstrumentedFr
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false);
|
||||
|
||||
mReturnGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false);
|
||||
mForceVerifyPath = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FORCE_VERIFY, false);
|
||||
|
||||
|
||||
@@ -386,7 +386,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
|
||||
if (mReturnGatekeeperPassword) {
|
||||
if (isInternalActivity()) {
|
||||
startVerifyPassword(credential, intent,
|
||||
LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE);
|
||||
return;
|
||||
}
|
||||
} else if (mForceVerifyPath) {
|
||||
@@ -414,9 +414,9 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
|
||||
mPendingLockCheck = null;
|
||||
final boolean matched = response.isMatched();
|
||||
if (matched && mReturnCredentials) {
|
||||
if ((flags & LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW) != 0) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
|
||||
response.getGatekeeperPw());
|
||||
if ((flags & LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE) != 0) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE,
|
||||
response.getGatekeeperPasswordHandle());
|
||||
} else {
|
||||
intent.putExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
|
||||
|
||||
@@ -428,7 +428,7 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
|
||||
if (mReturnGatekeeperPassword) {
|
||||
if (isInternalActivity()) {
|
||||
startVerifyPattern(credential, intent,
|
||||
LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE);
|
||||
return;
|
||||
}
|
||||
} else if (mForceVerifyPath) {
|
||||
@@ -457,9 +457,9 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
|
||||
mPendingLockCheck = null;
|
||||
final boolean matched = response.isMatched();
|
||||
if (matched && mReturnCredentials) {
|
||||
if ((flags & LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW) != 0) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
|
||||
response.getGatekeeperPw());
|
||||
if ((flags & LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE) != 0) {
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE,
|
||||
response.getGatekeeperPasswordHandle());
|
||||
} else {
|
||||
intent.putExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
|
||||
|
||||
@@ -139,7 +139,7 @@ final class SetNewPasswordController {
|
||||
PASSWORD_QUALITY_SOMETHING);
|
||||
chooseLockExtras.putBoolean(
|
||||
ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, true);
|
||||
return chooseLockExtras;
|
||||
}
|
||||
@@ -150,7 +150,7 @@ final class SetNewPasswordController {
|
||||
PASSWORD_QUALITY_SOMETHING);
|
||||
chooseLockExtras.putBoolean(
|
||||
ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, true);
|
||||
return chooseLockExtras;
|
||||
}
|
||||
|
||||
@@ -110,12 +110,13 @@ public class ChooseLockPasswordTest {
|
||||
@Test
|
||||
public void intentBuilder_setRequestGatekeeperPassword_shouldAddExtras() {
|
||||
Intent intent = new IntentBuilder(application)
|
||||
.setRequestGatekeeperPassword(true)
|
||||
.setRequestGatekeeperPasswordHandle(true)
|
||||
.setPasswordQuality(PASSWORD_QUALITY_ALPHANUMERIC)
|
||||
.setUserId(123)
|
||||
.build();
|
||||
|
||||
assertThat(intent.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false))
|
||||
assertThat(intent.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE,
|
||||
false))
|
||||
.named("EXTRA_KEY_REQUEST_GK_PW")
|
||||
.isTrue();
|
||||
assertThat(intent.getIntExtra(PASSWORD_TYPE_KEY, 0))
|
||||
|
||||
@@ -74,12 +74,12 @@ public class ChooseLockPatternTest {
|
||||
@Test
|
||||
public void intentBuilder_setRequestGatekeeperPassword_shouldAddExtras() {
|
||||
Intent intent = new IntentBuilder(application)
|
||||
.setRequestGatekeeperPassword(true)
|
||||
.setRequestGatekeeperPasswordHandle(true)
|
||||
.setUserId(123)
|
||||
.build();
|
||||
|
||||
assertThat(intent
|
||||
.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false))
|
||||
.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false))
|
||||
.named("EXTRA_KEY_REQUEST_GK_PW")
|
||||
.isTrue();
|
||||
assertThat(intent
|
||||
|
||||
@@ -23,7 +23,7 @@ import static com.android.settings.password.ChooseLockGeneric.ChooseLockGenericF
|
||||
import static com.android.settings.password.ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY;
|
||||
import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE;
|
||||
import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT;
|
||||
import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW;
|
||||
import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE;
|
||||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
|
||||
@@ -270,7 +270,7 @@ public final class SetNewPasswordControllerTest {
|
||||
actualBundle.getBoolean(HIDE_DISABLED_PREFS));
|
||||
assertTrue(
|
||||
"Fingerprint enroll must request Gatekeeper Password.",
|
||||
actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW));
|
||||
actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW_HANDLE));
|
||||
assertTrue(
|
||||
"The request must be a fingerprint set up request.",
|
||||
actualBundle.getBoolean(EXTRA_KEY_FOR_FINGERPRINT));
|
||||
@@ -290,7 +290,7 @@ public final class SetNewPasswordControllerTest {
|
||||
actualBundle.getBoolean(HIDE_DISABLED_PREFS));
|
||||
assertTrue(
|
||||
"Face enroll must request Gatekeeper Password",
|
||||
actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW));
|
||||
actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW_HANDLE));
|
||||
assertTrue(
|
||||
"The request must be a face set up request.",
|
||||
actualBundle.getBoolean(EXTRA_KEY_FOR_FACE));
|
||||
|
||||
Reference in New Issue
Block a user