From bb54d71a33a41a3621a952dee7455bfc04b48db1 Mon Sep 17 00:00:00 2001 From: Xiaozhen Lin Date: Thu, 27 Apr 2023 23:07:02 +0000 Subject: [PATCH] Password clearing in Settings App Pixel Imprint will call onDestroy() whenever its menu is invisible. (https://cs.android.com/android/platform/superproject/+/master:packages/apps/Settings/src/com/android/settings/biometrics/fingerprint/FingerprintSettings.java;l=639?q=packages%2Fapps%2FSettings%2Fsrc%2Fcom%2Fandroid%2Fsettings%2Fbiometrics%2Ffingerprint%2FFingerprintSettings.java&ss=android) However, Screen lock should have the same behavior as Pixel Imprint but it doesn't. onDestroy() for Screen lock should be called whenever we exit the menu or the menu becomes invisible. Otherwise, the password may be leaked to RAM unexpectedly in some situations. Bug: 233373529 Bug: 278488549 Bug: 278530059 Test: manual Change-Id: Ib11af7073aa1c49096a66c9f5a462e7caf18df5e --- .../settings/password/ChooseLockGeneric.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/com/android/settings/password/ChooseLockGeneric.java b/src/com/android/settings/password/ChooseLockGeneric.java index e35b0d82181..0bf13b15c0c 100644 --- a/src/com/android/settings/password/ChooseLockGeneric.java +++ b/src/com/android/settings/password/ChooseLockGeneric.java @@ -853,6 +853,19 @@ public class ChooseLockGeneric extends SettingsActivity { return intent; } + @Override + public void onStop() { + super.onStop(); + // hasCredential checks to see if user chooses a password for screen lock. If the + // screen lock is None or Swipe, we do not want to call getActivity().finish(). + // Otherwise, bugs would be caused. (e.g. b/278488549, b/278530059) + final boolean hasCredential = mLockPatternUtils.isSecure(mUserId); + if (!getActivity().isChangingConfigurations() + && !mWaitingForConfirmation && hasCredential) { + getActivity().finish(); + } + } + @Override public void onDestroy() { super.onDestroy();