diff --git a/src/com/android/settings/biometrics/BiometricEnrollActivity.java b/src/com/android/settings/biometrics/BiometricEnrollActivity.java index 4f2f4e6c2a3..9e9d67c5a18 100644 --- a/src/com/android/settings/biometrics/BiometricEnrollActivity.java +++ b/src/com/android/settings/biometrics/BiometricEnrollActivity.java @@ -104,13 +104,13 @@ public class BiometricEnrollActivity extends InstrumentedActivity { .getByteArrayExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN); final int userId = getIntent() .getIntExtra(Intent.EXTRA_USER_ID, UserHandle.USER_NULL); - final byte[] gkPw = getIntent().getByteArrayExtra( - ChooseLockSettingsHelper.EXTRA_KEY_GK_PW); + final long gkPwHandle = getIntent().getLongExtra( + ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L); intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, token); intent.putExtra(Intent.EXTRA_USER_ID, userId); - if (gkPw != null) { - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW, gkPw); + if (gkPwHandle != 0L) { + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, gkPwHandle); } } diff --git a/src/com/android/settings/biometrics/BiometricEnrollBase.java b/src/com/android/settings/biometrics/BiometricEnrollBase.java index b905e3e3d21..ecb21925721 100644 --- a/src/com/android/settings/biometrics/BiometricEnrollBase.java +++ b/src/com/android/settings/biometrics/BiometricEnrollBase.java @@ -190,7 +190,7 @@ public abstract class BiometricEnrollBase extends InstrumentedActivity { final ChooseLockSettingsHelper.Builder builder = new ChooseLockSettingsHelper.Builder(this); builder.setRequestCode(CONFIRM_REQUEST) .setTitle(getString(titleResId)) - .setRequestGatekeeperPassword(true) + .setRequestGatekeeperPasswordHandle(true) .setForegroundOnly(true) .setReturnCredentials(true); diff --git a/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java b/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java index c62feddc208..8cd5a707044 100644 --- a/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java +++ b/src/com/android/settings/biometrics/BiometricEnrollIntroduction.java @@ -224,7 +224,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true); - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true); + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true); intent.putExtra(getExtraKeyForBiometric(), true); if (mUserId != UserHandle.USER_NULL) { intent.putExtra(Intent.EXTRA_USER_ID, mUserId); @@ -278,6 +278,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase getNextButton().setEnabled(false); getChallenge(((sensorId, challenge) -> { mToken = BiometricUtils.requestGatekeeperHat(this, data, mUserId, challenge); + BiometricUtils.removeGatekeeperPasswordHandle(this, data); getNextButton().setEnabled(true); })); } else { @@ -291,6 +292,7 @@ public abstract class BiometricEnrollIntroduction extends BiometricEnrollBase getNextButton().setEnabled(false); getChallenge(((sensorId, challenge) -> { mToken = BiometricUtils.requestGatekeeperHat(this, data, mUserId, challenge); + BiometricUtils.removeGatekeeperPasswordHandle(this, data); getNextButton().setEnabled(true); })); } else { diff --git a/src/com/android/settings/biometrics/BiometricUtils.java b/src/com/android/settings/biometrics/BiometricUtils.java index f33c3c2974b..e458f03b946 100644 --- a/src/com/android/settings/biometrics/BiometricUtils.java +++ b/src/com/android/settings/biometrics/BiometricUtils.java @@ -16,7 +16,6 @@ package com.android.settings.biometrics; -import android.app.Activity; import android.content.Context; import android.content.Intent; @@ -39,20 +38,42 @@ public class BiometricUtils { */ public static byte[] requestGatekeeperHat(Context context, Intent result, int userId, long challenge) { - final byte[] gkPassword = result.getByteArrayExtra( - ChooseLockSettingsHelper.EXTRA_KEY_GK_PW); - if (gkPassword == null) { - throw new IllegalStateException("Gatekeeper Password is null!!"); + final long gatekeeperPasswordHandle = result.getLongExtra( + ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L); + if (gatekeeperPasswordHandle == 0L) { + throw new IllegalStateException("Gatekeeper Password is missing!!"); } final LockPatternUtils utils = new LockPatternUtils(context); - return utils.verifyGatekeeperPassword(gkPassword, challenge, userId).getGatekeeperHAT(); + return utils.verifyGatekeeperPasswordHandle(gatekeeperPasswordHandle, challenge, userId) + .getGatekeeperHAT(); } public static boolean containsGatekeeperPassword(Intent data) { if (data == null) { return false; } - return data.getByteArrayExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW) != null; + return data.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L) != 0L; + } + + /** + * Requests {@link com.android.server.locksettings.LockSettingsService} to remove the + * gatekeeper password associated with a previous + * {@link ChooseLockSettingsHelper.Builder#setRequestGatekeeperPasswordHandle(boolean)} + * + * @param context Caller's context + * @param data The onActivityResult intent from ChooseLock* or ConfirmLock* + */ + public static void removeGatekeeperPasswordHandle(Context context, Intent data) { + if (data == null) { + return; + } + final long gatekeeperPasswordsHandle = data.getLongExtra( + ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, 0L); + if (gatekeeperPasswordsHandle == 0L) { + return; + } + final LockPatternUtils utils = new LockPatternUtils(context); + utils.removeGatekeeperPasswordHandle(gatekeeperPasswordsHandle); } } diff --git a/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java b/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java index 3c5f2194919..59d1a604e8d 100644 --- a/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java +++ b/src/com/android/settings/biometrics/face/FaceEnrollIntroduction.java @@ -105,6 +105,7 @@ public class FaceEnrollIntroduction extends BiometricEnrollIntroduction { // the challenge is ready. Let's just do this for now. mFaceManager.generateChallenge((sensorId, challenge) -> { mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge); + BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent()); mFooterBarMixin.getPrimaryButton().setEnabled(true); }); } diff --git a/src/com/android/settings/biometrics/face/FaceSettings.java b/src/com/android/settings/biometrics/face/FaceSettings.java index 051efc25786..725123048ee 100644 --- a/src/com/android/settings/biometrics/face/FaceSettings.java +++ b/src/com/android/settings/biometrics/face/FaceSettings.java @@ -207,7 +207,7 @@ public class FaceSettings extends DashboardFragment { new ChooseLockSettingsHelper.Builder(getActivity(), this); final boolean launched = builder.setRequestCode(CONFIRM_REQUEST) .setTitle(getString(R.string.security_settings_face_preference_title)) - .setRequestGatekeeperPassword(true) + .setRequestGatekeeperPasswordHandle(true) .setUserId(mUserId) .setForegroundOnly(true) .setReturnCredentials(true) @@ -247,6 +247,7 @@ public class FaceSettings extends DashboardFragment { mFaceManager.generateChallenge((sensorId, challenge) -> { mToken = BiometricUtils.requestGatekeeperHat(getPrefContext(), data, mUserId, challenge); + BiometricUtils.removeGatekeeperPasswordHandle(getPrefContext(), data); mAttentionController.setToken(mToken); mEnrollController.setToken(mToken); mConfirmingPassword = false; diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java b/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java index f1c3ab58a8a..8029c7dfccf 100644 --- a/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java +++ b/src/com/android/settings/biometrics/fingerprint/FingerprintEnrollFindSensor.java @@ -67,6 +67,7 @@ public class FingerprintEnrollFindSensor extends BiometricEnrollBase { final FingerprintManager fpm = getSystemService(FingerprintManager.class); fpm.generateChallenge((sensorId, challenge) -> { mToken = BiometricUtils.requestGatekeeperHat(this, getIntent(), mUserId, challenge); + BiometricUtils.removeGatekeeperPasswordHandle(this, getIntent()); // Put this into the intent. This is really just to work around the fact that the // enrollment sidecar gets the HAT from the activity's intent, rather than having diff --git a/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java b/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java index 351b5aaf0b5..a65316940c4 100644 --- a/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java +++ b/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java @@ -574,6 +574,7 @@ public class FingerprintSettings extends SubSettings { mFingerprintManager.generateChallenge((sensorId, challenge) -> { mToken = BiometricUtils.requestGatekeeperHat(getActivity(), data, mUserId, challenge); + BiometricUtils.removeGatekeeperPasswordHandle(getActivity(), data); updateAddPreference(); }); } else { @@ -643,7 +644,7 @@ public class FingerprintSettings extends SubSettings { new ChooseLockSettingsHelper.Builder(getActivity(), this); final boolean launched = builder.setRequestCode(CONFIRM_REQUEST) .setTitle(getString(R.string.security_settings_fingerprint_preference_title)) - .setRequestGatekeeperPassword(true) + .setRequestGatekeeperPasswordHandle(true) .setUserId(mUserId) .setForegroundOnly(true) .setReturnCredentials(true) @@ -658,7 +659,7 @@ public class FingerprintSettings extends SubSettings { intent.putExtra(ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true); intent.putExtra(Intent.EXTRA_USER_ID, mUserId); - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true); + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true); intent.putExtra(Intent.EXTRA_USER_ID, mUserId); startActivityForResult(intent, CHOOSE_LOCK_GENERIC_REQUEST); } diff --git a/src/com/android/settings/password/ChooseLockGeneric.java b/src/com/android/settings/password/ChooseLockGeneric.java index 297a3945539..5b3013da21b 100644 --- a/src/com/android/settings/password/ChooseLockGeneric.java +++ b/src/com/android/settings/password/ChooseLockGeneric.java @@ -144,7 +144,7 @@ public class ChooseLockGeneric extends SettingsActivity { private LockPatternUtils mLockPatternUtils; private DevicePolicyManager mDpm; - private boolean mRequestGatekeeperPassword = false; + private boolean mRequestGatekeeperPasswordHandle = false; private boolean mPasswordConfirmed = false; private boolean mWaitingForConfirmation = false; private boolean mForChangeCredRequiredForBoot = false; @@ -210,8 +210,8 @@ public class ChooseLockGeneric extends SettingsActivity { ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD); } - mRequestGatekeeperPassword = intent.getBooleanExtra( - ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false); + mRequestGatekeeperPasswordHandle = intent.getBooleanExtra( + ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false); mForFingerprint = intent.getBooleanExtra( ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false); mForFace = intent.getBooleanExtra( @@ -388,7 +388,7 @@ public class ChooseLockGeneric extends SettingsActivity { // Gatekeeper Password should not imply it came from biometric setup/settings. startActivityForResult( intent, - mIsSetNewPassword && mRequestGatekeeperPassword + mIsSetNewPassword && mRequestGatekeeperPasswordHandle ? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST : ENABLE_ENCRYPTION_REQUEST); } else { @@ -438,10 +438,11 @@ public class ChooseLockGeneric extends SettingsActivity { && resultCode == BiometricEnrollBase.RESULT_FINISHED) { Intent intent = getBiometricEnrollIntent(getActivity()); if (data != null) { - // ChooseLockGeneric should have requested that the Gatekeeper Password be - // returned, so that biometric enrollment(s) can subsequently request Gatekeeper - // to create HardwareAuthToken(s) wrapping biometric-specific challenges. Send - // the extras (including the GK Password) to the enrollment activity. + // ChooseLockGeneric should have requested for a Gatekeeper Password Handle to + // be returned, so that biometric enrollment(s) can subsequently request + // Gatekeeper to create HardwareAuthToken(s) wrapping biometric-specific + // challenges. Send the extras (including the GK Password) to the enrollment + // activity. intent.putExtras(data.getExtras()); } // Forward the target user id to fingerprint setup page. @@ -727,7 +728,7 @@ public class ChooseLockGeneric extends SettingsActivity { .setForFingerprint(mForFingerprint) .setForFace(mForFace) .setUserId(mUserId) - .setRequestGatekeeperPassword(mRequestGatekeeperPassword); + .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPasswordHandle); if (mUserPassword != null) { builder.setPassword(mUserPassword); } @@ -743,7 +744,7 @@ public class ChooseLockGeneric extends SettingsActivity { .setForFingerprint(mForFingerprint) .setForFace(mForFace) .setUserId(mUserId) - .setRequestGatekeeperPassword(mRequestGatekeeperPassword); + .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPasswordHandle); if (mUserPassword != null) { builder.setPattern(mUserPassword); } @@ -784,13 +785,13 @@ public class ChooseLockGeneric extends SettingsActivity { intent.putExtra(EXTRA_SHOW_OPTIONS_BUTTON, chooseLockSkipped); } intent.putExtra(EXTRA_CHOOSE_LOCK_GENERIC_EXTRAS, getIntent().getExtras()); - // If the caller requested Gatekeeper Password to be returned, we assume it came - // from biometric enrollment. onActivityResult will put the LockSettingsService + // If the caller requested Gatekeeper Password Handle to be returned, we assume it + // came from biometric enrollment. onActivityResult will put the LockSettingsService // into the extras and launch biometric enrollment. This should be cleaned up, - // since requesting Gatekeeper Password should not imply it came from biometric - // setup/settings. + // since requesting a Gatekeeper Password Handle should not imply it came from + // biometric setup/settings. startActivityForResult(intent, - mIsSetNewPassword && mRequestGatekeeperPassword + mIsSetNewPassword && mRequestGatekeeperPasswordHandle ? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST : CHOOSE_LOCK_REQUEST); return; diff --git a/src/com/android/settings/password/ChooseLockPassword.java b/src/com/android/settings/password/ChooseLockPassword.java index 9e4c5974f9c..6cfb1efb512 100644 --- a/src/com/android/settings/password/ChooseLockPassword.java +++ b/src/com/android/settings/password/ChooseLockPassword.java @@ -73,7 +73,6 @@ import androidx.recyclerview.widget.RecyclerView; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.widget.LockPatternUtils; -import com.android.internal.widget.LockPatternUtils.RequestThrottledException; import com.android.internal.widget.LockscreenCredential; import com.android.internal.widget.PasswordValidationError; import com.android.internal.widget.TextViewInputDisabler; @@ -130,9 +129,10 @@ public class ChooseLockPassword extends SettingsActivity { return this; } - public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) { - mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, - requestGatekeeperPassword); + public IntentBuilder setRequestGatekeeperPasswordHandle( + boolean requestGatekeeperPasswordHandle) { + mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, + requestGatekeeperPasswordHandle); return this; } @@ -492,7 +492,7 @@ public class ChooseLockPassword extends SettingsActivity { mCurrentCredential = intent.getParcelableExtra( ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD); mRequestGatekeeperPassword = intent.getBooleanExtra( - ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false); + ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false); if (savedInstanceState == null) { updateStage(Stage.Introduction); if (confirmCredentials) { @@ -501,7 +501,7 @@ public class ChooseLockPassword extends SettingsActivity { builder.setRequestCode(CONFIRM_EXISTING_REQUEST) .setTitle(getString(R.string.unlock_set_unlock_launch_picker_title)) .setReturnCredentials(true) - .setRequestGatekeeperPassword(mRequestGatekeeperPassword) + .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPassword) .setUserId(mUserId) .show(); } @@ -970,16 +970,16 @@ public class ChooseLockPassword extends SettingsActivity { // path to return a Gatekeeper Password based on the credential that the user // chose. This should only be run if the credential was successfully set. final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPassword, - mUserId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW); + mUserId, LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE); - if (!response.isMatched() || response.getGatekeeperPw() == null) { - Log.e(TAG, "critical: bad response or missing GK PW for known good password: " - + response.toString()); + if (!response.isMatched() || !response.containsGatekeeperPasswordHandle()) { + Log.e(TAG, "critical: bad response or missing GK PW handle for known good" + + " password: " + response.toString()); } result = new Intent(); - result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW, - response.getGatekeeperPw()); + result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, + response.getGatekeeperPasswordHandle()); } return Pair.create(success, result); } diff --git a/src/com/android/settings/password/ChooseLockPattern.java b/src/com/android/settings/password/ChooseLockPattern.java index bac7450870b..7ed9e6bcbea 100644 --- a/src/com/android/settings/password/ChooseLockPattern.java +++ b/src/com/android/settings/password/ChooseLockPattern.java @@ -112,9 +112,10 @@ public class ChooseLockPattern extends SettingsActivity { return this; } - public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) { - mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, - requestGatekeeperPassword); + public IntentBuilder setRequestGatekeeperPasswordHandle( + boolean requestGatekeeperPasswordHandle) { + mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, + requestGatekeeperPasswordHandle); return this; } @@ -562,7 +563,7 @@ public class ChooseLockPattern extends SettingsActivity { mCurrentCredential = intent.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD); mRequestGatekeeperPassword = intent.getBooleanExtra( - ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false); + ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false); if (savedInstanceState == null) { if (confirmCredentials) { @@ -575,7 +576,7 @@ public class ChooseLockPattern extends SettingsActivity { final boolean launched = builder.setRequestCode(CONFIRM_EXISTING_REQUEST) .setTitle(getString(R.string.unlock_set_unlock_launch_picker_title)) .setReturnCredentials(true) - .setRequestGatekeeperPassword(mRequestGatekeeperPassword) + .setRequestGatekeeperPasswordHandle(mRequestGatekeeperPassword) .setUserId(mUserId) .show(); @@ -915,16 +916,16 @@ public class ChooseLockPattern extends SettingsActivity { // path to return a Gatekeeper Password based on the credential that the user // chose. This should only be run if the credential was successfully set. final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPattern, - userId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW); + userId, LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE); - if (!response.isMatched() || response.getGatekeeperPw() == null) { - Log.e(TAG, "critical: bad response or missing GK HAT for known good pattern: " - + response.toString()); + if (!response.isMatched() || !response.containsGatekeeperPasswordHandle()) { + Log.e(TAG, "critical: bad response or missing GK PW handle for known good" + + " pattern: " + response.toString()); } result = new Intent(); - result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW, - response.getGatekeeperPw()); + result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, + response.getGatekeeperPasswordHandle()); } return Pair.create(success, result); } diff --git a/src/com/android/settings/password/ChooseLockSettingsHelper.java b/src/com/android/settings/password/ChooseLockSettingsHelper.java index cd705c4615b..1d10408e4f1 100644 --- a/src/com/android/settings/password/ChooseLockSettingsHelper.java +++ b/src/com/android/settings/password/ChooseLockSettingsHelper.java @@ -31,9 +31,7 @@ import android.util.Log; import androidx.annotation.VisibleForTesting; import androidx.fragment.app.Fragment; -import com.android.internal.widget.ICheckCredentialProgressCallback; import com.android.internal.widget.LockPatternUtils; -import com.android.internal.widget.LockscreenCredential; import com.android.settings.SetupWizardUtils; import com.android.settings.Utils; import com.android.settings.core.SubSettingLauncher; @@ -56,10 +54,10 @@ public final class ChooseLockSettingsHelper { public static final String EXTRA_KEY_FOR_FACE = "for_face"; public static final String EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT = "for_cred_req_boot"; public static final String EXTRA_KEY_FOREGROUND_ONLY = "foreground_only"; - public static final String EXTRA_KEY_REQUEST_GK_PW = "request_gk_pw"; - // Gatekeeper password, which can subsequently be used to generate Gatekeeper - // HardwareAuthToken(s) via LockSettingsService#verifyGatekeeperPassword - public static final String EXTRA_KEY_GK_PW = "gk_pw"; + public static final String EXTRA_KEY_REQUEST_GK_PW_HANDLE = "request_gk_pw_handle"; + // Gatekeeper password handle, which can subsequently be used to generate Gatekeeper + // HardwareAuthToken(s) via LockSettingsService#verifyGatekeeperPasswordHandle + public static final String EXTRA_KEY_GK_PW_HANDLE = "gk_pw_handle"; /** * When EXTRA_KEY_UNIFICATION_PROFILE_CREDENTIAL and EXTRA_KEY_UNIFICATION_PROFILE_ID are @@ -126,7 +124,7 @@ public final class ChooseLockSettingsHelper { private int mUserId; private boolean mAllowAnyUserId; private boolean mForceVerifyPath; - boolean mRequestGatekeeperPassword; + boolean mRequestGatekeeperPasswordHandle; public Builder(@NonNull Activity activity) { mActivity = activity; @@ -182,12 +180,12 @@ public final class ChooseLockSettingsHelper { * @param returnCredentials if true, puts the following credentials into intent for * onActivityResult with the following keys: * {@link #EXTRA_KEY_TYPE}, {@link #EXTRA_KEY_PASSWORD}, - * {@link #EXTRA_KEY_CHALLENGE_TOKEN}, {@link #EXTRA_KEY_GK_PW} + * {@link #EXTRA_KEY_CHALLENGE_TOKEN}, + * {@link #EXTRA_KEY_GK_PW_HANDLE} * Note that if this is true, this can only be called internally. * * This should also generally be set if - * {@link #setRequestGatekeeperPassword(boolean)} (boolean)} is - * set. + * {@link #setRequestGatekeeperPasswordHandle(boolean)} is set. */ @NonNull public Builder setReturnCredentials(boolean returnCredentials) { mReturnCredentials = returnCredentials; @@ -241,17 +239,18 @@ public final class ChooseLockSettingsHelper { } /** - * Requests that LockSettingsService return the Gatekeeper Password (instead of the - * Gatekeeper HAT). This allows us to use a single entry of the user's credential + * Requests that LockSettingsService return a handle to the Gatekeeper Password (instead of + * the Gatekeeper HAT). This allows us to use a single entry of the user's credential * to create multiple Gatekeeper HATs containing distinct challenges via - * {@link LockPatternUtils#verifyGatekeeperPassword(byte[], long, int)}. + * {@link LockPatternUtils#verifyGatekeeperPasswordHandle(long, long, int)}. * - * Upon confirmation of the user's password, the Gatekeeper Password will be returned via - * onActivityResult with the key being {@link #EXTRA_KEY_GK_PW}. - * @param requestGatekeeperPassword + * Upon confirmation of the user's password, the Gatekeeper Password Handle will be returned + * via onActivityResult with the key being {@link #EXTRA_KEY_GK_PW_HANDLE}. + * @param requestGatekeeperPasswordHandle */ - @NonNull public Builder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) { - mRequestGatekeeperPassword = requestGatekeeperPassword; + @NonNull public Builder setRequestGatekeeperPasswordHandle( + boolean requestGatekeeperPasswordHandle) { + mRequestGatekeeperPasswordHandle = requestGatekeeperPasswordHandle; return this; } @@ -266,10 +265,10 @@ public final class ChooseLockSettingsHelper { + " onActivityResult"); } - if (mRequestGatekeeperPassword && !mReturnCredentials) { + if (mRequestGatekeeperPasswordHandle && !mReturnCredentials) { // HAT containing the signed challenge will not be available to the caller. - Log.w(TAG, "Requested gatekeeper password but not requesting ReturnCredentials. Are" - + " you sure this is what you want?"); + Log.w(TAG, "Requested gatekeeper password handle but not requesting" + + " ReturnCredentials. Are you sure this is what you want?"); } return new ChooseLockSettingsHelper(this, mActivity, mFragment); @@ -289,14 +288,14 @@ public final class ChooseLockSettingsHelper { mBuilder.mDescription, mBuilder.mReturnCredentials, mBuilder.mExternal, mBuilder.mForceVerifyPath, mBuilder.mUserId, mBuilder.mAlternateButton, mBuilder.mAllowAnyUserId, mBuilder.mForegroundOnly, - mBuilder.mRequestGatekeeperPassword); + mBuilder.mRequestGatekeeperPasswordHandle); } private boolean launchConfirmationActivity(int request, @Nullable CharSequence title, @Nullable CharSequence header, @Nullable CharSequence description, boolean returnCredentials, boolean external, boolean forceVerifyPath, int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser, - boolean foregroundOnly, boolean requestGatekeeperPassword) { + boolean foregroundOnly, boolean requestGatekeeperPasswordHandle) { final int effectiveUserId = UserManager.get(mActivity).getCredentialOwnerProfile(userId); boolean launched = false; @@ -307,7 +306,7 @@ public final class ChooseLockSettingsHelper { ? ConfirmLockPattern.InternalActivity.class : ConfirmLockPattern.class, returnCredentials, external, forceVerifyPath, userId, alternateButton, allowAnyUser, - foregroundOnly, requestGatekeeperPassword); + foregroundOnly, requestGatekeeperPasswordHandle); break; case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: @@ -320,7 +319,7 @@ public final class ChooseLockSettingsHelper { ? ConfirmLockPassword.InternalActivity.class : ConfirmLockPassword.class, returnCredentials, external, forceVerifyPath, userId, alternateButton, allowAnyUser, - foregroundOnly, requestGatekeeperPassword); + foregroundOnly, requestGatekeeperPasswordHandle); break; } return launched; @@ -330,7 +329,7 @@ public final class ChooseLockSettingsHelper { CharSequence message, Class activityClass, boolean returnCredentials, boolean external, boolean forceVerifyPath, int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser, - boolean foregroundOnly, boolean requestGatekeeperPassword) { + boolean foregroundOnly, boolean requestGatekeeperPasswordHandle) { final Intent intent = new Intent(); intent.putExtra(ConfirmDeviceCredentialBaseFragment.TITLE_TEXT, title); intent.putExtra(ConfirmDeviceCredentialBaseFragment.HEADER_TEXT, header); @@ -346,8 +345,8 @@ public final class ChooseLockSettingsHelper { intent.putExtra(KeyguardManager.EXTRA_ALTERNATE_BUTTON_LABEL, alternateButton); intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOREGROUND_ONLY, foregroundOnly); intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_ALLOW_ANY_USER, allowAnyUser); - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, - requestGatekeeperPassword); + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, + requestGatekeeperPasswordHandle); intent.setClassName(SETTINGS_PACKAGE_NAME, activityClass.getName()); if (external) { diff --git a/src/com/android/settings/password/ChooseLockTypeDialogFragment.java b/src/com/android/settings/password/ChooseLockTypeDialogFragment.java index d31524bf4dc..8bc29763e2c 100644 --- a/src/com/android/settings/password/ChooseLockTypeDialogFragment.java +++ b/src/com/android/settings/password/ChooseLockTypeDialogFragment.java @@ -74,7 +74,7 @@ public class ChooseLockTypeDialogFragment extends InstrumentedDialogFragment // Copy the original extras into the new intent copyBooleanExtra(activityIntent, intent, - ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false); + ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false); copyBooleanExtra(activityIntent, intent, ChooseLockGenericFragment.EXTRA_SHOW_OPTIONS_BUTTON, false); if (activityIntent.hasExtra( diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java b/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java index ea4c992a5ac..a60fab97a3d 100644 --- a/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java +++ b/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java @@ -102,7 +102,7 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends InstrumentedFr ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false); mReturnGatekeeperPassword = intent.getBooleanExtra( - ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false); + ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false); mForceVerifyPath = intent.getBooleanExtra( ChooseLockSettingsHelper.EXTRA_KEY_FORCE_VERIFY, false); diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java index c90103210a9..6092d9ff3bd 100644 --- a/src/com/android/settings/password/ConfirmLockPassword.java +++ b/src/com/android/settings/password/ConfirmLockPassword.java @@ -386,7 +386,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity { if (mReturnGatekeeperPassword) { if (isInternalActivity()) { startVerifyPassword(credential, intent, - LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW); + LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE); return; } } else if (mForceVerifyPath) { @@ -414,9 +414,9 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity { mPendingLockCheck = null; final boolean matched = response.isMatched(); if (matched && mReturnCredentials) { - if ((flags & LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW) != 0) { - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW, - response.getGatekeeperPw()); + if ((flags & LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE) != 0) { + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, + response.getGatekeeperPasswordHandle()); } else { intent.putExtra( ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, diff --git a/src/com/android/settings/password/ConfirmLockPattern.java b/src/com/android/settings/password/ConfirmLockPattern.java index a8099526acd..598e09a1bb3 100644 --- a/src/com/android/settings/password/ConfirmLockPattern.java +++ b/src/com/android/settings/password/ConfirmLockPattern.java @@ -428,7 +428,7 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity { if (mReturnGatekeeperPassword) { if (isInternalActivity()) { startVerifyPattern(credential, intent, - LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW); + LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE); return; } } else if (mForceVerifyPath) { @@ -457,9 +457,9 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity { mPendingLockCheck = null; final boolean matched = response.isMatched(); if (matched && mReturnCredentials) { - if ((flags & LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW) != 0) { - intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW, - response.getGatekeeperPw()); + if ((flags & LockPatternUtils.VERIFY_FLAG_REQUEST_GK_PW_HANDLE) != 0) { + intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW_HANDLE, + response.getGatekeeperPasswordHandle()); } else { intent.putExtra( ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, diff --git a/src/com/android/settings/password/SetNewPasswordController.java b/src/com/android/settings/password/SetNewPasswordController.java index 02d86b2239e..393e8c76bc2 100644 --- a/src/com/android/settings/password/SetNewPasswordController.java +++ b/src/com/android/settings/password/SetNewPasswordController.java @@ -139,7 +139,7 @@ final class SetNewPasswordController { PASSWORD_QUALITY_SOMETHING); chooseLockExtras.putBoolean( ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true); - chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true); + chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true); chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, true); return chooseLockExtras; } @@ -150,7 +150,7 @@ final class SetNewPasswordController { PASSWORD_QUALITY_SOMETHING); chooseLockExtras.putBoolean( ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true); - chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true); + chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, true); chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, true); return chooseLockExtras; } diff --git a/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java b/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java index abeb667a964..a9bb8ce31ab 100644 --- a/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java +++ b/tests/robotests/src/com/android/settings/password/ChooseLockPasswordTest.java @@ -110,12 +110,13 @@ public class ChooseLockPasswordTest { @Test public void intentBuilder_setRequestGatekeeperPassword_shouldAddExtras() { Intent intent = new IntentBuilder(application) - .setRequestGatekeeperPassword(true) + .setRequestGatekeeperPasswordHandle(true) .setPasswordQuality(PASSWORD_QUALITY_ALPHANUMERIC) .setUserId(123) .build(); - assertThat(intent.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false)) + assertThat(intent.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, + false)) .named("EXTRA_KEY_REQUEST_GK_PW") .isTrue(); assertThat(intent.getIntExtra(PASSWORD_TYPE_KEY, 0)) diff --git a/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java b/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java index f5f0e37da26..f95fda413ec 100644 --- a/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java +++ b/tests/robotests/src/com/android/settings/password/ChooseLockPatternTest.java @@ -74,12 +74,12 @@ public class ChooseLockPatternTest { @Test public void intentBuilder_setRequestGatekeeperPassword_shouldAddExtras() { Intent intent = new IntentBuilder(application) - .setRequestGatekeeperPassword(true) + .setRequestGatekeeperPasswordHandle(true) .setUserId(123) .build(); assertThat(intent - .getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false)) + .getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE, false)) .named("EXTRA_KEY_REQUEST_GK_PW") .isTrue(); assertThat(intent diff --git a/tests/robotests/src/com/android/settings/password/SetNewPasswordControllerTest.java b/tests/robotests/src/com/android/settings/password/SetNewPasswordControllerTest.java index ce117b7ad72..3034807baa6 100644 --- a/tests/robotests/src/com/android/settings/password/SetNewPasswordControllerTest.java +++ b/tests/robotests/src/com/android/settings/password/SetNewPasswordControllerTest.java @@ -23,7 +23,7 @@ import static com.android.settings.password.ChooseLockGeneric.ChooseLockGenericF import static com.android.settings.password.ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY; import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE; import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT; -import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW; +import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW_HANDLE; import static com.google.common.truth.Truth.assertThat; @@ -270,7 +270,7 @@ public final class SetNewPasswordControllerTest { actualBundle.getBoolean(HIDE_DISABLED_PREFS)); assertTrue( "Fingerprint enroll must request Gatekeeper Password.", - actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW)); + actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW_HANDLE)); assertTrue( "The request must be a fingerprint set up request.", actualBundle.getBoolean(EXTRA_KEY_FOR_FINGERPRINT)); @@ -290,7 +290,7 @@ public final class SetNewPasswordControllerTest { actualBundle.getBoolean(HIDE_DISABLED_PREFS)); assertTrue( "Face enroll must request Gatekeeper Password", - actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW)); + actualBundle.getBoolean(EXTRA_KEY_REQUEST_GK_PW_HANDLE)); assertTrue( "The request must be a face set up request.", actualBundle.getBoolean(EXTRA_KEY_FOR_FACE));