Properly validate credential in setLock(int, byte[], int, byte[]) - platform/frameworks/base

diff options

author	Eric Biggers <ebiggers@google.com>	2023-06-26 22:38:26 +0000
committer	Eric Biggers <ebiggers@google.com>	2023-10-06 17:03:21 +0000
commit	27a062bcc2d4f5b7a5981ff0be346072ef9812e1 (patch)
tree	85bbe5e114db1daae3a541afd6a1074cbfbecfa6 /libs/androidfw/FileStream.cpp
parent	f30bd8b693c675362edb513b3ecb4edeb026c0ca (diff)

Properly validate credential in setLock(int, byte[], int, byte[])

In KeyguardManager, one of the two overloads of setLock() properly validates the new credential using the logic in PasswordMetrics, while the other doesn't. This appears to be an oversight, and it was allowing a test to set a PIN containing invalid characters. Fix this by always calling PasswordMetrics#validateCredential() on the new credential. Bug: 219511761 Bug: 232900169 Bug: 243881358 Test: atest android.app.KeyguardManagerTest Test: atest android.app.cts.KeyguardManagerTest Test: atest CtsSensorPrivacyTestCases # since it calls setLock() Change-Id: I46d8bf920526a00d6e6d2145d06c8e39f8047ea8 Merged-In: I46d8bf920526a00d6e6d2145d06c8e39f8047ea8 (cherry picked from commit 0e4385e2148bdc6692fde303bc9bb8535e89151c)

Diffstat (limited to 'libs/androidfw/FileStream.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: