Small fixes for reset password token

1. Fail early when token handle is invalid
2. Dump out token handle in DPMS

Bug: 203411634
Test: dumpsys device_policy
Change-Id: I4d87b07113f746ea7e7457fada865f39a22a629e

2 files changed, 5 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 135af2d73904..30c41a5403e2 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -3316,6 +3316,10 @@ public class LockSettingsService extends ILockSettings.Stub {
             if (!mSpManager.hasEscrowData(userId)) {
                 throw new SecurityException("Escrow token is disabled on the current user");
             }
+            if (!isEscrowTokenActive(tokenHandle, userId)) {
+                Slog.e(TAG, "Unknown or unactivated token: " + Long.toHexString(tokenHandle));
+                return false;
+            }
             result = setLockCredentialWithTokenInternalLocked(
                     credential, tokenHandle, token, userId);
         }
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java
index e18e0020407f..9a0b5c7ef5ae 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java
@@ -661,6 +661,7 @@ class DevicePolicyData {
         pw.println();
         pw.increaseIndent();
         pw.print("mPasswordOwner="); pw.println(mPasswordOwner);
+        pw.print("mPasswordTokenHandle="); pw.println(Long.toHexString(mPasswordTokenHandle));
         pw.print("mUserControlDisabledPackages=");
         pw.println(mUserControlDisabledPackages);
         pw.print("mAppsSuspended="); pw.println(mAppsSuspended);