PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix keyguard checking when installing user certs."

Browse Source
This commit is contained in:
TreeHugger Robot
2018-09-04 20:28:26 +00:00
committed by Android (Google) Code Review
parent c4a378f473 1613c71248
commit d6d4c1681a
1 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/com/android/settings/CredentialStorage.java
View File

@@ -106,12 +106,19 @@ public final class CredentialStorage extends FragmentActivity {
private static final int CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST = 2; private static final int CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST = 2;
private final KeyStore mKeyStore = KeyStore.getInstance(); private final KeyStore mKeyStore = KeyStore.getInstance();
private LockPatternUtils mUtils;
/** /**
* When non-null, the bundle containing credentials to install. * When non-null, the bundle containing credentials to install.
*/ */
private Bundle mInstallBundle; private Bundle mInstallBundle;
@Override
protected void onCreate(Bundle savedState) {
super.onCreate(savedState);
mUtils = new LockPatternUtils(this);
}
@Override @Override
protected void onResume() { protected void onResume() {
super.onResume(); super.onResume();
@@ -160,7 +167,7 @@ public final class CredentialStorage extends FragmentActivity {
return; return;
} }
case UNLOCKED: { case UNLOCKED: {
if (isActivePasswordQualityInsufficient()) { if (!mUtils.isSecure(UserHandle.myUserId())) {
final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog(); final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog();
dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG); dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG);
return; return;
@@ -179,7 +186,7 @@ public final class CredentialStorage extends FragmentActivity {
* case after unlocking with an old-style password). * case after unlocking with an old-style password).
*/ */
private void ensureKeyGuard() { private void ensureKeyGuard() {
if (isActivePasswordQualityInsufficient()) { if (!mUtils.isSecure(UserHandle.myUserId())) {
// key guard not setup, doing so will initialize keystore // key guard not setup, doing so will initialize keystore
final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog(); final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog();
dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG); dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG);
@@ -194,16 +201,6 @@ public final class CredentialStorage extends FragmentActivity {
finish(); finish();
} }
/**
* Returns true if the currently set key guard violates our minimum quality requirements.
*/
private boolean isActivePasswordQualityInsufficient() {
final int credentialOwner =
UserManager.get(this).getCredentialOwnerProfile(UserHandle.myUserId());
final int quality = new LockPatternUtils(this).getActivePasswordQuality(credentialOwner);
return (quality >= MIN_PASSWORD_QUALITY);
}
private boolean isHardwareBackedKey(byte[] keyData) { private boolean isHardwareBackedKey(byte[] keyData) {
try { try {
final ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData)); final ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData));
@@ -350,7 +347,7 @@ public final class CredentialStorage extends FragmentActivity {
protected Boolean doInBackground(Void... unused) { protected Boolean doInBackground(Void... unused) {
// Clear all the users credentials could have been installed in for this user. // Clear all the users credentials could have been installed in for this user.
new LockPatternUtils(CredentialStorage.this).resetKeyStore(UserHandle.myUserId()); mUtils.resetKeyStore(UserHandle.myUserId());
try { try {
final KeyChainConnection keyChainConnection = KeyChain.bind(CredentialStorage.this); final KeyChainConnection keyChainConnection = KeyChain.bind(CredentialStorage.this);