4/n: Remove challenge from choose/confirm, use new path
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
This commit is contained in:
Kevin Chyn
@@ -144,8 +144,7 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
|
||||
private LockPatternUtils mLockPatternUtils;
|
||||
private DevicePolicyManager mDpm;
|
||||
private boolean mHasChallenge = false;
|
||||
private long mChallenge;
|
||||
private boolean mRequestGatekeeperPassword = false;
|
||||
private boolean mPasswordConfirmed = false;
|
||||
private boolean mWaitingForConfirmation = false;
|
||||
private boolean mForChangeCredRequiredForBoot = false;
|
||||
@@ -211,10 +210,8 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
}
|
||||
|
||||
mHasChallenge = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
mChallenge = intent.getLongExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
|
||||
mRequestGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
mForFingerprint = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
|
||||
mForFace = intent.getBooleanExtra(
|
||||
@@ -386,9 +383,12 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
mForFingerprint);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE,
|
||||
mForFace);
|
||||
// If the caller requested Gatekeeper Password to be returned, we assume it came
|
||||
// from biometric enrollment. This should be cleaned up, since requesting
|
||||
// Gatekeeper Password should not imply it came from biometric setup/settings.
|
||||
startActivityForResult(
|
||||
intent,
|
||||
mIsSetNewPassword && mHasChallenge
|
||||
mIsSetNewPassword && mRequestGatekeeperPassword
|
||||
? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST
|
||||
: ENABLE_ENCRYPTION_REQUEST);
|
||||
} else {
|
||||
@@ -438,6 +438,10 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
&& resultCode == BiometricEnrollBase.RESULT_FINISHED) {
|
||||
Intent intent = getBiometricEnrollIntent(getActivity());
|
||||
if (data != null) {
|
||||
// ChooseLockGeneric should have requested that the Gatekeeper Password be
|
||||
// returned, so that biometric enrollment(s) can subsequently request Gatekeeper
|
||||
// to create HardwareAuthToken(s) wrapping biometric-specific challenges. Send
|
||||
// the extras (including the GK Password) to the enrollment activity.
|
||||
intent.putExtras(data.getExtras());
|
||||
}
|
||||
// Forward the target user id to fingerprint setup page.
|
||||
@@ -722,10 +726,8 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
.setRequestedMinComplexity(mRequestedMinComplexity)
|
||||
.setForFingerprint(mForFingerprint)
|
||||
.setForFace(mForFace)
|
||||
.setUserId(mUserId);
|
||||
if (mHasChallenge) {
|
||||
builder.setChallenge(mChallenge);
|
||||
}
|
||||
.setUserId(mUserId)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword);
|
||||
if (mUserPassword != null) {
|
||||
builder.setPassword(mUserPassword);
|
||||
}
|
||||
@@ -740,10 +742,8 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
new ChooseLockPattern.IntentBuilder(getContext())
|
||||
.setForFingerprint(mForFingerprint)
|
||||
.setForFace(mForFace)
|
||||
.setUserId(mUserId);
|
||||
if (mHasChallenge) {
|
||||
builder.setChallenge(mChallenge);
|
||||
}
|
||||
.setUserId(mUserId)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword);
|
||||
if (mUserPassword != null) {
|
||||
builder.setPattern(mUserPassword);
|
||||
}
|
||||
@@ -784,8 +784,13 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
intent.putExtra(EXTRA_SHOW_OPTIONS_BUTTON, chooseLockSkipped);
|
||||
}
|
||||
intent.putExtra(EXTRA_CHOOSE_LOCK_GENERIC_EXTRAS, getIntent().getExtras());
|
||||
// If the caller requested Gatekeeper Password to be returned, we assume it came
|
||||
// from biometric enrollment. onActivityResult will put the LockSettingsService
|
||||
// into the extras and launch biometric enrollment. This should be cleaned up,
|
||||
// since requesting Gatekeeper Password should not imply it came from biometric
|
||||
// setup/settings.
|
||||
startActivityForResult(intent,
|
||||
mIsSetNewPassword && mHasChallenge
|
||||
mIsSetNewPassword && mRequestGatekeeperPassword
|
||||
? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST
|
||||
: CHOOSE_LOCK_REQUEST);
|
||||
return;
|
||||
|
||||
@@ -118,7 +118,6 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
mIntent = new Intent(context, ChooseLockPassword.class);
|
||||
mIntent.putExtra(ChooseLockGeneric.CONFIRM_CREDENTIALS, false);
|
||||
mIntent.putExtra(EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, false);
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
}
|
||||
|
||||
public IntentBuilder setPasswordQuality(int quality) {
|
||||
@@ -131,9 +130,9 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
return this;
|
||||
}
|
||||
|
||||
public IntentBuilder setChallenge(long challenge) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
|
||||
public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW,
|
||||
requestGatekeeperPassword);
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -212,8 +211,7 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
|
||||
private LockscreenCredential mCurrentCredential;
|
||||
private LockscreenCredential mChosenPassword;
|
||||
private boolean mHasChallenge;
|
||||
private long mChallenge;
|
||||
private boolean mRequestGatekeeperPassword;
|
||||
private ImeAwareEditText mPasswordEntry;
|
||||
private TextViewInputDisabler mPasswordEntryInputDisabler;
|
||||
|
||||
@@ -408,7 +406,8 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
|
||||
w.setBlocking(true);
|
||||
w.setListener(this);
|
||||
w.start(utils, required, false, 0, currentCredential, currentCredential, mUserId);
|
||||
w.start(utils, required, false /* requestGatekeeperPassword */, currentCredential,
|
||||
currentCredential, mUserId);
|
||||
}
|
||||
mTextChangedHandler = new TextChangedHandler();
|
||||
}
|
||||
@@ -492,9 +491,8 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
ChooseLockGeneric.CONFIRM_CREDENTIALS, true);
|
||||
mCurrentCredential = intent.getParcelableExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
mHasChallenge = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
mChallenge = intent.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
|
||||
mRequestGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
if (savedInstanceState == null) {
|
||||
updateStage(Stage.Introduction);
|
||||
if (confirmCredentials) {
|
||||
@@ -503,6 +501,7 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
builder.setRequestCode(CONFIRM_EXISTING_REQUEST)
|
||||
.setTitle(getString(R.string.unlock_set_unlock_launch_picker_title))
|
||||
.setReturnCredentials(true)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword)
|
||||
.setUserId(mUserId)
|
||||
.show();
|
||||
}
|
||||
@@ -886,7 +885,7 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
profileCredential);
|
||||
}
|
||||
}
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, required, mHasChallenge, mChallenge,
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, required, mRequestGatekeeperPassword,
|
||||
mChosenPassword, mCurrentCredential, mUserId);
|
||||
}
|
||||
|
||||
@@ -946,10 +945,9 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
private LockscreenCredential mCurrentCredential;
|
||||
|
||||
public void start(LockPatternUtils utils, boolean required,
|
||||
boolean hasChallenge, long challenge,
|
||||
LockscreenCredential chosenPassword, LockscreenCredential currentCredential,
|
||||
int userId) {
|
||||
prepare(utils, required, hasChallenge, challenge, userId);
|
||||
boolean requestGatekeeperPassword, LockscreenCredential chosenPassword,
|
||||
LockscreenCredential currentCredential, int userId) {
|
||||
prepare(utils, required, requestGatekeeperPassword, userId);
|
||||
|
||||
mChosenPassword = chosenPassword;
|
||||
mCurrentCredential = currentCredential != null ? currentCredential
|
||||
@@ -967,17 +965,21 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
unifyProfileCredentialIfRequested();
|
||||
}
|
||||
Intent result = null;
|
||||
if (success && mHasChallenge) {
|
||||
if (success && mRequestGatekeeperPassword) {
|
||||
// If a Gatekeeper Password was requested, invoke the LockSettingsService code
|
||||
// path to return a Gatekeeper Password based on the credential that the user
|
||||
// chose. This should only be run if the credential was successfully set.
|
||||
final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPassword,
|
||||
mChallenge, mUserId, 0 /* flags */);
|
||||
if (!response.isMatched() || response.getGatekeeperHAT() == null) {
|
||||
Log.e(TAG, "critical: bad response or missing GK HAT for known good password: "
|
||||
mUserId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
|
||||
if (!response.isMatched() || response.getGatekeeperPw() == null) {
|
||||
Log.e(TAG, "critical: bad response or missing GK PW for known good password: "
|
||||
+ response.toString());
|
||||
}
|
||||
|
||||
result = new Intent();
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
|
||||
response.getGatekeeperHAT());
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
|
||||
response.getGatekeeperPw());
|
||||
}
|
||||
return Pair.create(success, result);
|
||||
}
|
||||
|
||||
@@ -42,7 +42,6 @@ import androidx.fragment.app.Fragment;
|
||||
import com.android.internal.annotations.VisibleForTesting;
|
||||
import com.android.internal.widget.LinearLayoutWithDefaultTouchRecepient;
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockPatternUtils.RequestThrottledException;
|
||||
import com.android.internal.widget.LockPatternView;
|
||||
import com.android.internal.widget.LockPatternView.Cell;
|
||||
import com.android.internal.widget.LockPatternView.DisplayMode;
|
||||
@@ -55,7 +54,6 @@ import com.android.settings.SetupWizardUtils;
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settings.core.InstrumentedFragment;
|
||||
import com.android.settings.notification.RedactionInterstitial;
|
||||
import com.android.settings.password.ChooseLockPassword.IntentBuilder;
|
||||
|
||||
import com.google.android.collect.Lists;
|
||||
import com.google.android.setupcompat.template.FooterBarMixin;
|
||||
@@ -107,7 +105,6 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
mIntent = new Intent(context, ChooseLockPattern.class);
|
||||
mIntent.putExtra(EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, false);
|
||||
mIntent.putExtra(ChooseLockGeneric.CONFIRM_CREDENTIALS, false);
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
}
|
||||
|
||||
public IntentBuilder setUserId(int userId) {
|
||||
@@ -115,9 +112,9 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
return this;
|
||||
}
|
||||
|
||||
public IntentBuilder setChallenge(long challenge) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
|
||||
public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
|
||||
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW,
|
||||
requestGatekeeperPassword);
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -207,8 +204,7 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
private static final String FRAGMENT_TAG_SAVE_AND_FINISH = "save_and_finish_worker";
|
||||
|
||||
private LockscreenCredential mCurrentCredential;
|
||||
private boolean mHasChallenge;
|
||||
private long mChallenge;
|
||||
private boolean mRequestGatekeeperPassword;
|
||||
protected TextView mTitleText;
|
||||
protected TextView mHeaderText;
|
||||
protected TextView mMessageText;
|
||||
@@ -484,7 +480,8 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
w.setBlocking(true);
|
||||
w.setListener(this);
|
||||
w.start(mLockPatternUtils, required, false, 0, current, current, mUserId);
|
||||
w.start(mLockPatternUtils, required, false /* requestGatekeeperPassword */, current,
|
||||
current, mUserId);
|
||||
}
|
||||
mForFingerprint = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
|
||||
@@ -564,9 +561,8 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
Intent intent = getActivity().getIntent();
|
||||
mCurrentCredential =
|
||||
intent.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
mHasChallenge = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
mChallenge = intent.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
|
||||
mRequestGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
|
||||
if (savedInstanceState == null) {
|
||||
if (confirmCredentials) {
|
||||
@@ -579,6 +575,7 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
final boolean launched = builder.setRequestCode(CONFIRM_EXISTING_REQUEST)
|
||||
.setTitle(getString(R.string.unlock_set_unlock_launch_picker_title))
|
||||
.setReturnCredentials(true)
|
||||
.setRequestGatekeeperPassword(mRequestGatekeeperPassword)
|
||||
.setUserId(mUserId)
|
||||
.show();
|
||||
|
||||
@@ -859,7 +856,7 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
}
|
||||
}
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, required,
|
||||
mHasChallenge, mChallenge, mChosenPattern, mCurrentCredential, mUserId);
|
||||
mRequestGatekeeperPassword, mChosenPattern, mCurrentCredential, mUserId);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -889,10 +886,10 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
private LockscreenCredential mCurrentCredential;
|
||||
private boolean mLockVirgin;
|
||||
|
||||
public void start(LockPatternUtils utils, boolean credentialRequired, boolean hasChallenge,
|
||||
long challenge, LockscreenCredential chosenPattern,
|
||||
public void start(LockPatternUtils utils, boolean credentialRequired,
|
||||
boolean requestGatekeeperPassword, LockscreenCredential chosenPattern,
|
||||
LockscreenCredential currentCredential, int userId) {
|
||||
prepare(utils, credentialRequired, hasChallenge, challenge, userId);
|
||||
prepare(utils, credentialRequired, requestGatekeeperPassword, userId);
|
||||
|
||||
mCurrentCredential = currentCredential != null ? currentCredential
|
||||
: LockscreenCredential.createNone();
|
||||
@@ -913,18 +910,21 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
unifyProfileCredentialIfRequested();
|
||||
}
|
||||
Intent result = null;
|
||||
if (success && mHasChallenge) {
|
||||
if (success && mRequestGatekeeperPassword) {
|
||||
// If a Gatekeeper Password was requested, invoke the LockSettingsService code
|
||||
// path to return a Gatekeeper Password based on the credential that the user
|
||||
// chose. This should only be run if the credential was successfully set.
|
||||
final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPattern,
|
||||
mChallenge, userId, 0 /* flags */);
|
||||
userId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
|
||||
if (!response.isMatched() || response.getGatekeeperHAT() == null) {
|
||||
if (!response.isMatched() || response.getGatekeeperPw() == null) {
|
||||
Log.e(TAG, "critical: bad response or missing GK HAT for known good pattern: "
|
||||
+ response.toString());
|
||||
}
|
||||
|
||||
result = new Intent();
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
|
||||
response.getGatekeeperHAT());
|
||||
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
|
||||
response.getGatekeeperPw());
|
||||
}
|
||||
return Pair.create(success, result);
|
||||
}
|
||||
|
||||
@@ -31,7 +31,9 @@ import android.util.Log;
|
||||
import androidx.annotation.VisibleForTesting;
|
||||
import androidx.fragment.app.Fragment;
|
||||
|
||||
import com.android.internal.widget.ICheckCredentialProgressCallback;
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.settings.SetupWizardUtils;
|
||||
import com.android.settings.Utils;
|
||||
import com.android.settings.core.SubSettingLauncher;
|
||||
@@ -45,8 +47,9 @@ public final class ChooseLockSettingsHelper {
|
||||
public static final String EXTRA_KEY_TYPE = "type";
|
||||
public static final String EXTRA_KEY_PASSWORD = "password";
|
||||
public static final String EXTRA_KEY_RETURN_CREDENTIALS = "return_credentials";
|
||||
public static final String EXTRA_KEY_HAS_CHALLENGE = "has_challenge";
|
||||
public static final String EXTRA_KEY_CHALLENGE = "challenge";
|
||||
// Force the verifyCredential path instead of checkCredential path. This will be removed
|
||||
// after b/161956762 is resolved.
|
||||
public static final String EXTRA_KEY_FORCE_VERIFY = "force_verify";
|
||||
// Gatekeeper HardwareAuthToken
|
||||
public static final String EXTRA_KEY_CHALLENGE_TOKEN = "hw_auth_token";
|
||||
public static final String EXTRA_KEY_FOR_FINGERPRINT = "for_fingerprint";
|
||||
@@ -122,8 +125,7 @@ public final class ChooseLockSettingsHelper {
|
||||
// ChooseLockSettingsHelper will determine the caller's userId if none provided.
|
||||
private int mUserId;
|
||||
private boolean mAllowAnyUserId;
|
||||
// The challenge can be 0, which is different than "no challenge"
|
||||
@Nullable Long mChallenge;
|
||||
private boolean mForceVerifyPath;
|
||||
boolean mRequestGatekeeperPassword;
|
||||
|
||||
public Builder(@NonNull Activity activity) {
|
||||
@@ -182,6 +184,10 @@ public final class ChooseLockSettingsHelper {
|
||||
* {@link #EXTRA_KEY_TYPE}, {@link #EXTRA_KEY_PASSWORD},
|
||||
* {@link #EXTRA_KEY_CHALLENGE_TOKEN}, {@link #EXTRA_KEY_GK_PW}
|
||||
* Note that if this is true, this can only be called internally.
|
||||
*
|
||||
* This should also generally be set if
|
||||
* {@link #setRequestGatekeeperPassword(boolean)} (boolean)} is
|
||||
* set.
|
||||
*/
|
||||
@NonNull public Builder setReturnCredentials(boolean returnCredentials) {
|
||||
mReturnCredentials = returnCredentials;
|
||||
@@ -226,14 +232,11 @@ public final class ChooseLockSettingsHelper {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param challenge an opaque payload that will be wrapped in the Gatekeeper's payload
|
||||
* if authentication is successful. Common use case is for the caller's
|
||||
* secure layer (e.g. Trusted Execution Environment) to 1) verify that
|
||||
* the Gatekeeper HAT's HMAC is valid, and 2) if so, perform an operation
|
||||
* based on the challenge.
|
||||
* @param forceVerifyPath Forces the VerifyCredential path instead of the CheckCredential
|
||||
* path. This will be removed after b/161956762 is resolved.
|
||||
*/
|
||||
@NonNull public Builder setChallenge(long challenge) {
|
||||
mChallenge = challenge;
|
||||
@NonNull public Builder setForceVerifyPath(boolean forceVerifyPath) {
|
||||
mForceVerifyPath = forceVerifyPath;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -246,9 +249,6 @@ public final class ChooseLockSettingsHelper {
|
||||
* Upon confirmation of the user's password, the Gatekeeper Password will be returned via
|
||||
* onActivityResult with the key being {@link #EXTRA_KEY_GK_PW}.
|
||||
* @param requestGatekeeperPassword
|
||||
*
|
||||
* Note that invoking {@link #setChallenge(long)} will be treated as a no-op if Gatekeeper
|
||||
* Password has been requested.
|
||||
*/
|
||||
@NonNull public Builder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
|
||||
mRequestGatekeeperPassword = requestGatekeeperPassword;
|
||||
@@ -266,10 +266,10 @@ public final class ChooseLockSettingsHelper {
|
||||
+ " onActivityResult");
|
||||
}
|
||||
|
||||
if (mChallenge != null && !mReturnCredentials) {
|
||||
if (mRequestGatekeeperPassword && !mReturnCredentials) {
|
||||
// HAT containing the signed challenge will not be available to the caller.
|
||||
Log.w(TAG, "Challenge set but not requesting ReturnCredentials. Are you sure this"
|
||||
+ " is what you want?");
|
||||
Log.w(TAG, "Requested gatekeeper password but not requesting ReturnCredentials. Are"
|
||||
+ " you sure this is what you want?");
|
||||
}
|
||||
|
||||
return new ChooseLockSettingsHelper(this, mActivity, mFragment);
|
||||
@@ -285,29 +285,28 @@ public final class ChooseLockSettingsHelper {
|
||||
* @return true if the confirmation activity is shown (e.g. user has a credential set up)
|
||||
*/
|
||||
public boolean launch() {
|
||||
final long challenge = mBuilder.mChallenge != null ? mBuilder.mChallenge : 0L;
|
||||
return launchConfirmationActivity(mBuilder.mRequestCode, mBuilder.mTitle, mBuilder.mHeader,
|
||||
mBuilder.mDescription, mBuilder.mReturnCredentials, mBuilder.mExternal,
|
||||
mBuilder.mChallenge != null, challenge, mBuilder.mUserId,
|
||||
mBuilder.mAlternateButton, mBuilder.mAllowAnyUserId, mBuilder.mForegroundOnly,
|
||||
mBuilder.mForceVerifyPath, mBuilder.mUserId, mBuilder.mAlternateButton,
|
||||
mBuilder.mAllowAnyUserId, mBuilder.mForegroundOnly,
|
||||
mBuilder.mRequestGatekeeperPassword);
|
||||
}
|
||||
|
||||
private boolean launchConfirmationActivity(int request, @Nullable CharSequence title,
|
||||
@Nullable CharSequence header, @Nullable CharSequence description,
|
||||
boolean returnCredentials, boolean external, boolean hasChallenge,
|
||||
long challenge, int userId, @Nullable CharSequence alternateButton,
|
||||
boolean allowAnyUser, boolean foregroundOnly, boolean requestGatekeeperPassword) {
|
||||
boolean returnCredentials, boolean external, boolean forceVerifyPath,
|
||||
int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser,
|
||||
boolean foregroundOnly, boolean requestGatekeeperPassword) {
|
||||
final int effectiveUserId = UserManager.get(mActivity).getCredentialOwnerProfile(userId);
|
||||
boolean launched = false;
|
||||
|
||||
switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(effectiveUserId)) {
|
||||
case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
|
||||
launched = launchConfirmationActivity(request, title, header, description,
|
||||
returnCredentials || hasChallenge
|
||||
returnCredentials
|
||||
? ConfirmLockPattern.InternalActivity.class
|
||||
: ConfirmLockPattern.class, returnCredentials, external,
|
||||
hasChallenge, challenge, userId, alternateButton, allowAnyUser,
|
||||
forceVerifyPath, userId, alternateButton, allowAnyUser,
|
||||
foregroundOnly, requestGatekeeperPassword);
|
||||
break;
|
||||
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
|
||||
@@ -317,10 +316,10 @@ public final class ChooseLockSettingsHelper {
|
||||
case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
|
||||
case DevicePolicyManager.PASSWORD_QUALITY_MANAGED:
|
||||
launched = launchConfirmationActivity(request, title, header, description,
|
||||
returnCredentials || hasChallenge
|
||||
returnCredentials
|
||||
? ConfirmLockPassword.InternalActivity.class
|
||||
: ConfirmLockPassword.class, returnCredentials, external,
|
||||
hasChallenge, challenge, userId, alternateButton, allowAnyUser,
|
||||
forceVerifyPath, userId, alternateButton, allowAnyUser,
|
||||
foregroundOnly, requestGatekeeperPassword);
|
||||
break;
|
||||
}
|
||||
@@ -329,8 +328,8 @@ public final class ChooseLockSettingsHelper {
|
||||
|
||||
private boolean launchConfirmationActivity(int request, CharSequence title, CharSequence header,
|
||||
CharSequence message, Class<?> activityClass, boolean returnCredentials,
|
||||
boolean external, boolean hasChallenge, long challenge,
|
||||
int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser,
|
||||
boolean external, boolean forceVerifyPath, int userId,
|
||||
@Nullable CharSequence alternateButton, boolean allowAnyUser,
|
||||
boolean foregroundOnly, boolean requestGatekeeperPassword) {
|
||||
final Intent intent = new Intent();
|
||||
intent.putExtra(ConfirmDeviceCredentialBaseFragment.TITLE_TEXT, title);
|
||||
@@ -342,8 +341,7 @@ public final class ChooseLockSettingsHelper {
|
||||
intent.putExtra(ConfirmDeviceCredentialBaseFragment.SHOW_WHEN_LOCKED, external);
|
||||
intent.putExtra(ConfirmDeviceCredentialBaseFragment.USE_FADE_ANIMATION, external);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, returnCredentials);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, hasChallenge);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FORCE_VERIFY, forceVerifyPath);
|
||||
intent.putExtra(Intent.EXTRA_USER_ID, userId);
|
||||
intent.putExtra(KeyguardManager.EXTRA_ALTERNATE_BUTTON_LABEL, alternateButton);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOREGROUND_ONLY, foregroundOnly);
|
||||
|
||||
@@ -74,7 +74,7 @@ public class ChooseLockTypeDialogFragment extends InstrumentedDialogFragment
|
||||
|
||||
// Copy the original extras into the new intent
|
||||
copyBooleanExtra(activityIntent, intent,
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
copyBooleanExtra(activityIntent, intent,
|
||||
ChooseLockGenericFragment.EXTRA_SHOW_OPTIONS_BUTTON, false);
|
||||
if (activityIntent.hasExtra(
|
||||
@@ -83,8 +83,6 @@ public class ChooseLockTypeDialogFragment extends InstrumentedDialogFragment
|
||||
ChooseLockGenericFragment.EXTRA_CHOOSE_LOCK_GENERIC_EXTRAS));
|
||||
}
|
||||
intent.putExtra(LockPatternUtils.PASSWORD_TYPE_KEY, selectedLockType.defaultQuality);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE,
|
||||
activityIntent.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0));
|
||||
WizardManagerHelper.copyWizardManagerExtras(activityIntent, intent);
|
||||
activity.startActivity(intent);
|
||||
activity.finish();
|
||||
|
||||
@@ -27,7 +27,6 @@ import android.content.Context;
|
||||
import android.content.Intent;
|
||||
import android.graphics.Color;
|
||||
import android.hardware.biometrics.BiometricConstants;
|
||||
import android.hardware.biometrics.BiometricManager;
|
||||
import android.hardware.biometrics.BiometricPrompt;
|
||||
import android.hardware.biometrics.BiometricPrompt.AuthenticationCallback;
|
||||
import android.hardware.biometrics.PromptInfo;
|
||||
@@ -81,18 +80,6 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
|
||||
return intent;
|
||||
}
|
||||
|
||||
public static Intent createIntent(CharSequence title, CharSequence details, long challenge) {
|
||||
Intent intent = new Intent();
|
||||
intent.setClassName(SETTINGS_PACKAGE_NAME,
|
||||
ConfirmDeviceCredentialActivity.class.getName());
|
||||
intent.putExtra(KeyguardManager.EXTRA_TITLE, title);
|
||||
intent.putExtra(KeyguardManager.EXTRA_DESCRIPTION, details);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
|
||||
return intent;
|
||||
}
|
||||
|
||||
private BiometricManager mBiometricManager;
|
||||
private BiometricFragment mBiometricFragment;
|
||||
private DevicePolicyManager mDevicePolicyManager;
|
||||
private LockPatternUtils mLockPatternUtils;
|
||||
@@ -181,7 +168,6 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
|
||||
getWindow().addFlags(WindowManager.LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS);
|
||||
getWindow().setStatusBarColor(Color.TRANSPARENT);
|
||||
|
||||
mBiometricManager = getSystemService(BiometricManager.class);
|
||||
mDevicePolicyManager = getSystemService(DevicePolicyManager.class);
|
||||
mUserManager = UserManager.get(this);
|
||||
mTrustManager = getSystemService(TrustManager.class);
|
||||
@@ -394,7 +380,7 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
|
||||
.setDescription(mDetails)
|
||||
.setExternal(true)
|
||||
.setUserId(mUserId)
|
||||
.setChallenge(0L)
|
||||
.setForceVerifyPath(true)
|
||||
.show();
|
||||
} else if (mCredentialMode == CREDENTIAL_NORMAL) {
|
||||
final ChooseLockSettingsHelper.Builder builder =
|
||||
|
||||
@@ -72,7 +72,7 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends InstrumentedFr
|
||||
|
||||
protected boolean mReturnCredentials = false;
|
||||
protected boolean mReturnGatekeeperPassword = false;
|
||||
protected boolean mVerifyChallenge = false;
|
||||
protected boolean mForceVerifyPath = false;
|
||||
protected Button mCancelButton;
|
||||
/** Button allowing managed profile password reset, null when is not shown. */
|
||||
@Nullable protected Button mForgotButton;
|
||||
@@ -103,8 +103,8 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends InstrumentedFr
|
||||
|
||||
mReturnGatekeeperPassword = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
|
||||
mVerifyChallenge = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
|
||||
mForceVerifyPath = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FORCE_VERIFY, false);
|
||||
|
||||
// Only take this argument into account if it belongs to the current profile.
|
||||
mUserId = Utils.getUserIdFromBundle(getActivity(), intent.getExtras(),
|
||||
|
||||
@@ -49,7 +49,6 @@ import com.android.internal.widget.LockPatternChecker;
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.internal.widget.TextViewInputDisabler;
|
||||
import com.android.internal.widget.VerifyCredentialResponse;
|
||||
import com.android.settings.R;
|
||||
import com.android.settingslib.animation.AppearAnimationUtils;
|
||||
import com.android.settingslib.animation.DisappearAnimationUtils;
|
||||
@@ -390,7 +389,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
|
||||
LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
return;
|
||||
}
|
||||
} else if (mVerifyChallenge) {
|
||||
} else if (mForceVerifyPath) {
|
||||
if (isInternalActivity()) {
|
||||
startVerifyPassword(credential, intent, 0 /* flags */);
|
||||
return;
|
||||
@@ -409,8 +408,6 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
|
||||
|
||||
private void startVerifyPassword(LockscreenCredential credential, final Intent intent,
|
||||
@LockPatternUtils.VerifyFlag int flags) {
|
||||
long challenge = getActivity().getIntent().getLongExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
|
||||
final int localEffectiveUserId = mEffectiveUserId;
|
||||
final int localUserId = mUserId;
|
||||
final LockPatternChecker.OnVerifyCallback onVerifyCallback = (response, timeoutMs) -> {
|
||||
@@ -430,12 +427,10 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
|
||||
localEffectiveUserId);
|
||||
};
|
||||
mPendingLockCheck = (localEffectiveUserId == localUserId)
|
||||
? LockPatternChecker.verifyCredential(
|
||||
mLockPatternUtils, credential, challenge, localUserId, flags,
|
||||
onVerifyCallback)
|
||||
: LockPatternChecker.verifyTiedProfileChallenge(
|
||||
mLockPatternUtils, credential, challenge, localUserId, flags,
|
||||
onVerifyCallback);
|
||||
? LockPatternChecker.verifyCredential(mLockPatternUtils, credential,
|
||||
localUserId, flags, onVerifyCallback)
|
||||
: LockPatternChecker.verifyTiedProfileChallenge(mLockPatternUtils, credential,
|
||||
localUserId, flags, onVerifyCallback);
|
||||
}
|
||||
|
||||
private void startCheckPassword(final LockscreenCredential credential,
|
||||
|
||||
@@ -40,7 +40,6 @@ import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockPatternView;
|
||||
import com.android.internal.widget.LockPatternView.Cell;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.internal.widget.VerifyCredentialResponse;
|
||||
import com.android.settings.R;
|
||||
import com.android.settingslib.animation.AppearAnimationCreator;
|
||||
import com.android.settingslib.animation.AppearAnimationUtils;
|
||||
@@ -432,7 +431,7 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
|
||||
LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
|
||||
return;
|
||||
}
|
||||
} else if (mVerifyChallenge) {
|
||||
} else if (mForceVerifyPath) {
|
||||
if (isInternalActivity()) {
|
||||
startVerifyPattern(credential, intent, 0 /* flags */);
|
||||
return;
|
||||
@@ -453,8 +452,6 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
|
||||
final Intent intent, @LockPatternUtils.VerifyFlag int flags) {
|
||||
final int localEffectiveUserId = mEffectiveUserId;
|
||||
final int localUserId = mUserId;
|
||||
long challenge = getActivity().getIntent().getLongExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
|
||||
final LockPatternChecker.OnVerifyCallback onVerifyCallback =
|
||||
(response, timeoutMs) -> {
|
||||
mPendingLockCheck = null;
|
||||
@@ -474,10 +471,10 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
|
||||
};
|
||||
mPendingLockCheck = (localEffectiveUserId == localUserId)
|
||||
? LockPatternChecker.verifyCredential(
|
||||
mLockPatternUtils, pattern, challenge, localUserId, flags,
|
||||
mLockPatternUtils, pattern, localUserId, flags,
|
||||
onVerifyCallback)
|
||||
: LockPatternChecker.verifyTiedProfileChallenge(
|
||||
mLockPatternUtils, pattern, challenge, localUserId, flags,
|
||||
mLockPatternUtils, pattern, localUserId, flags,
|
||||
onVerifyCallback);
|
||||
}
|
||||
|
||||
|
||||
@@ -42,8 +42,7 @@ abstract class SaveChosenLockWorkerBase extends Fragment {
|
||||
private Intent mResultData;
|
||||
|
||||
protected LockPatternUtils mUtils;
|
||||
protected boolean mHasChallenge;
|
||||
protected long mChallenge;
|
||||
protected boolean mRequestGatekeeperPassword;
|
||||
protected boolean mWasSecureBefore;
|
||||
protected int mUserId;
|
||||
protected int mUnificationProfileId = UserHandle.USER_NULL;
|
||||
@@ -69,12 +68,10 @@ abstract class SaveChosenLockWorkerBase extends Fragment {
|
||||
}
|
||||
|
||||
protected void prepare(LockPatternUtils utils, boolean credentialRequired,
|
||||
boolean hasChallenge, long challenge, int userId) {
|
||||
boolean requestGatekeeperPassword, int userId) {
|
||||
mUtils = utils;
|
||||
mUserId = userId;
|
||||
|
||||
mHasChallenge = hasChallenge;
|
||||
mChallenge = challenge;
|
||||
mRequestGatekeeperPassword = requestGatekeeperPassword;
|
||||
// This will be a no-op for non managed profiles.
|
||||
mWasSecureBefore = mUtils.isSecure(mUserId);
|
||||
|
||||
|
||||
@@ -135,26 +135,22 @@ final class SetNewPasswordController {
|
||||
|
||||
private Bundle getFingerprintChooseLockExtras() {
|
||||
Bundle chooseLockExtras = new Bundle();
|
||||
long challenge = mFingerprintManager.generateChallengeBlocking();
|
||||
chooseLockExtras.putInt(ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY,
|
||||
PASSWORD_QUALITY_SOMETHING);
|
||||
chooseLockExtras.putBoolean(
|
||||
ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
|
||||
chooseLockExtras.putLong(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, true);
|
||||
return chooseLockExtras;
|
||||
}
|
||||
|
||||
private Bundle getFaceChooseLockExtras() {
|
||||
Bundle chooseLockExtras = new Bundle();
|
||||
long challenge = mFaceManager.generateChallengeBlocking();
|
||||
chooseLockExtras.putInt(ChooseLockGeneric.ChooseLockGenericFragment.MINIMUM_QUALITY_KEY,
|
||||
PASSWORD_QUALITY_SOMETHING);
|
||||
chooseLockExtras.putBoolean(
|
||||
ChooseLockGeneric.ChooseLockGenericFragment.HIDE_DISABLED_PREFS, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
|
||||
chooseLockExtras.putLong(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, true);
|
||||
chooseLockExtras.putBoolean(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, true);
|
||||
return chooseLockExtras;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user