4/n: Remove challenge from choose/confirm, use new path

Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.

Bug: 161765592

1) Request credential setup / confirmation to return a
   Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
   verify(GatekeeperPassword, challenge), and upon verification,
   the Gatekeeper HAT will be returned.

Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).

Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename

Test: RunSettingsRoboTests

Run the following on face/fingerprint devices
Test: Remove credential
      adb shell am start -a android.app.action.SET_NEW_PASSWORD
      Set up credential + fingerprint
Test: Remove credential,
      adb shell am start -a android.settings.FINGERPRINT_SETTINGS
      This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
      adb shell am start -a android.settings.FINGERPRINT_SETTINGS
      This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
      This tests the ChooseLock* returning SP path from
      BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
      fingerprint/face settings and enroll. This tests the
      ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
      fingerprint/face separately. Succeeds. This tests the
      ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
      the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
      This tests the ConfirmLock* path in SUW

Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
This commit is contained in:
Kevin Chyn
2020-07-23 19:36:26 -07:00
parent e67a0afc41
commit 7b0867c6d3
25 changed files with 269 additions and 235 deletions

View File

@@ -31,7 +31,9 @@ import android.util.Log;
import androidx.annotation.VisibleForTesting;
import androidx.fragment.app.Fragment;
import com.android.internal.widget.ICheckCredentialProgressCallback;
import com.android.internal.widget.LockPatternUtils;
import com.android.internal.widget.LockscreenCredential;
import com.android.settings.SetupWizardUtils;
import com.android.settings.Utils;
import com.android.settings.core.SubSettingLauncher;
@@ -45,8 +47,9 @@ public final class ChooseLockSettingsHelper {
public static final String EXTRA_KEY_TYPE = "type";
public static final String EXTRA_KEY_PASSWORD = "password";
public static final String EXTRA_KEY_RETURN_CREDENTIALS = "return_credentials";
public static final String EXTRA_KEY_HAS_CHALLENGE = "has_challenge";
public static final String EXTRA_KEY_CHALLENGE = "challenge";
// Force the verifyCredential path instead of checkCredential path. This will be removed
// after b/161956762 is resolved.
public static final String EXTRA_KEY_FORCE_VERIFY = "force_verify";
// Gatekeeper HardwareAuthToken
public static final String EXTRA_KEY_CHALLENGE_TOKEN = "hw_auth_token";
public static final String EXTRA_KEY_FOR_FINGERPRINT = "for_fingerprint";
@@ -122,8 +125,7 @@ public final class ChooseLockSettingsHelper {
// ChooseLockSettingsHelper will determine the caller's userId if none provided.
private int mUserId;
private boolean mAllowAnyUserId;
// The challenge can be 0, which is different than "no challenge"
@Nullable Long mChallenge;
private boolean mForceVerifyPath;
boolean mRequestGatekeeperPassword;
public Builder(@NonNull Activity activity) {
@@ -182,6 +184,10 @@ public final class ChooseLockSettingsHelper {
* {@link #EXTRA_KEY_TYPE}, {@link #EXTRA_KEY_PASSWORD},
* {@link #EXTRA_KEY_CHALLENGE_TOKEN}, {@link #EXTRA_KEY_GK_PW}
* Note that if this is true, this can only be called internally.
*
* This should also generally be set if
* {@link #setRequestGatekeeperPassword(boolean)} (boolean)} is
* set.
*/
@NonNull public Builder setReturnCredentials(boolean returnCredentials) {
mReturnCredentials = returnCredentials;
@@ -226,14 +232,11 @@ public final class ChooseLockSettingsHelper {
}
/**
* @param challenge an opaque payload that will be wrapped in the Gatekeeper's payload
* if authentication is successful. Common use case is for the caller's
* secure layer (e.g. Trusted Execution Environment) to 1) verify that
* the Gatekeeper HAT's HMAC is valid, and 2) if so, perform an operation
* based on the challenge.
* @param forceVerifyPath Forces the VerifyCredential path instead of the CheckCredential
* path. This will be removed after b/161956762 is resolved.
*/
@NonNull public Builder setChallenge(long challenge) {
mChallenge = challenge;
@NonNull public Builder setForceVerifyPath(boolean forceVerifyPath) {
mForceVerifyPath = forceVerifyPath;
return this;
}
@@ -246,9 +249,6 @@ public final class ChooseLockSettingsHelper {
* Upon confirmation of the user's password, the Gatekeeper Password will be returned via
* onActivityResult with the key being {@link #EXTRA_KEY_GK_PW}.
* @param requestGatekeeperPassword
*
* Note that invoking {@link #setChallenge(long)} will be treated as a no-op if Gatekeeper
* Password has been requested.
*/
@NonNull public Builder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
mRequestGatekeeperPassword = requestGatekeeperPassword;
@@ -266,10 +266,10 @@ public final class ChooseLockSettingsHelper {
+ " onActivityResult");
}
if (mChallenge != null && !mReturnCredentials) {
if (mRequestGatekeeperPassword && !mReturnCredentials) {
// HAT containing the signed challenge will not be available to the caller.
Log.w(TAG, "Challenge set but not requesting ReturnCredentials. Are you sure this"
+ " is what you want?");
Log.w(TAG, "Requested gatekeeper password but not requesting ReturnCredentials. Are"
+ " you sure this is what you want?");
}
return new ChooseLockSettingsHelper(this, mActivity, mFragment);
@@ -285,29 +285,28 @@ public final class ChooseLockSettingsHelper {
* @return true if the confirmation activity is shown (e.g. user has a credential set up)
*/
public boolean launch() {
final long challenge = mBuilder.mChallenge != null ? mBuilder.mChallenge : 0L;
return launchConfirmationActivity(mBuilder.mRequestCode, mBuilder.mTitle, mBuilder.mHeader,
mBuilder.mDescription, mBuilder.mReturnCredentials, mBuilder.mExternal,
mBuilder.mChallenge != null, challenge, mBuilder.mUserId,
mBuilder.mAlternateButton, mBuilder.mAllowAnyUserId, mBuilder.mForegroundOnly,
mBuilder.mForceVerifyPath, mBuilder.mUserId, mBuilder.mAlternateButton,
mBuilder.mAllowAnyUserId, mBuilder.mForegroundOnly,
mBuilder.mRequestGatekeeperPassword);
}
private boolean launchConfirmationActivity(int request, @Nullable CharSequence title,
@Nullable CharSequence header, @Nullable CharSequence description,
boolean returnCredentials, boolean external, boolean hasChallenge,
long challenge, int userId, @Nullable CharSequence alternateButton,
boolean allowAnyUser, boolean foregroundOnly, boolean requestGatekeeperPassword) {
boolean returnCredentials, boolean external, boolean forceVerifyPath,
int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser,
boolean foregroundOnly, boolean requestGatekeeperPassword) {
final int effectiveUserId = UserManager.get(mActivity).getCredentialOwnerProfile(userId);
boolean launched = false;
switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(effectiveUserId)) {
case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
launched = launchConfirmationActivity(request, title, header, description,
returnCredentials || hasChallenge
returnCredentials
? ConfirmLockPattern.InternalActivity.class
: ConfirmLockPattern.class, returnCredentials, external,
hasChallenge, challenge, userId, alternateButton, allowAnyUser,
forceVerifyPath, userId, alternateButton, allowAnyUser,
foregroundOnly, requestGatekeeperPassword);
break;
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
@@ -317,10 +316,10 @@ public final class ChooseLockSettingsHelper {
case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
case DevicePolicyManager.PASSWORD_QUALITY_MANAGED:
launched = launchConfirmationActivity(request, title, header, description,
returnCredentials || hasChallenge
returnCredentials
? ConfirmLockPassword.InternalActivity.class
: ConfirmLockPassword.class, returnCredentials, external,
hasChallenge, challenge, userId, alternateButton, allowAnyUser,
forceVerifyPath, userId, alternateButton, allowAnyUser,
foregroundOnly, requestGatekeeperPassword);
break;
}
@@ -329,8 +328,8 @@ public final class ChooseLockSettingsHelper {
private boolean launchConfirmationActivity(int request, CharSequence title, CharSequence header,
CharSequence message, Class<?> activityClass, boolean returnCredentials,
boolean external, boolean hasChallenge, long challenge,
int userId, @Nullable CharSequence alternateButton, boolean allowAnyUser,
boolean external, boolean forceVerifyPath, int userId,
@Nullable CharSequence alternateButton, boolean allowAnyUser,
boolean foregroundOnly, boolean requestGatekeeperPassword) {
final Intent intent = new Intent();
intent.putExtra(ConfirmDeviceCredentialBaseFragment.TITLE_TEXT, title);
@@ -342,8 +341,7 @@ public final class ChooseLockSettingsHelper {
intent.putExtra(ConfirmDeviceCredentialBaseFragment.SHOW_WHEN_LOCKED, external);
intent.putExtra(ConfirmDeviceCredentialBaseFragment.USE_FADE_ANIMATION, external);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, returnCredentials);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, hasChallenge);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FORCE_VERIFY, forceVerifyPath);
intent.putExtra(Intent.EXTRA_USER_ID, userId);
intent.putExtra(KeyguardManager.EXTRA_ALTERNATE_BUTTON_LABEL, alternateButton);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOREGROUND_ONLY, foregroundOnly);