Make LockSettingsService enforce basic requirements for new credentials - platform/frameworks/base

diff options

author	Eric Biggers <ebiggers@google.com>	2023-06-21 05:28:11 +0000
committer	Eric Biggers <ebiggers@google.com>	2023-10-06 17:03:20 +0000
commit	f258e777bc64e5c7b19b841c3fa5063b68204031 (patch)
tree	11b40fa0cd517ec2fa0495856a63b99a0f29a243 /libs/androidfw/FileStream.cpp
parent	811f091fff976cc46561824a16915feb108beb6a (diff)

Make LockSettingsService enforce basic requirements for new credentials

Currently all LSKF requirements are enforced by PasswordMetrics#validateCredential(). The standard minimum length of 4 is also checked again in LockPatternUtils#setLockCredential(). These are both at the caller's option, though. These requirements could be circumvented by calling ILockSettings#setLockCredential() directly. Therefore, to provide higher assurance that at least the standard requirements are met, this CL moves the standard length check into LockSettingsService and also adds the invalid chars check alongside it. Bug: 219511761 Bug: 232900169 Bug: 243881358 Test: atest LockscreenCredentialTest Test: atest com.android.server.locksettings Change-Id: Icc48a0d6caac0884bf3e3a9181828e8dfffff7e4 Merged-In: Icc48a0d6caac0884bf3e3a9181828e8dfffff7e4 (cherry picked from commit fe59a023e86bed6daba4bfcb8c9a964c7636127f)

Diffstat (limited to 'libs/androidfw/FileStream.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: