Make LockscreenCredential remember whether it has invalid chars

http://ag/6283443 ("Refactor passwords/pins/patterns to byte[]" in
packages/apps/Settings), which went into Android 10, introduced a bug
where the chars of the lockscreen password are truncated to bytes before
the password is validated to contain only ASCII 32–127.  This causes
characters outside the intended range to be accepted.  Specifically, any
character U-XXXX where XXXX mod 256 is in 32–127 is accepted and is
treated as equivalent to some ASCII character.

This reduces the entropy of the password, but also it can make it
impossible for the user to unlock the device after rebooting.  This
happens if the chosen password uses a character that can only be entered
on a third-party keyboard (IME) that is not direct boot aware or was
uninstalled later.  (The potential dependence on a third-party keyboard
is one of the reasons that non-ASCII characters were never intended to
be allowed in lockscreen passwords in the first place.)

Unfortunately, it's likely that some users managed to set a password
containing non-ASCII character(s) and are happily using it.  To allow
fixing this bug without locking out such users, this CL updates
LockscreenCredential to keep track of whether it was instantiated using
any invalid characters or not, while still keeping the truncation bug in
place.  Later CLs will use this "invalid chars" flag to reject new
passwords that contain any invalid characters.

Bug: 219511761
Bug: 232900169
Bug: 243881358
Test: atest LockscreenCredentialTest
Test: atest com.android.server.locksettings
Change-Id: I5c3c55367c3a294578cd0f97ac0e315a11ed517e
Merged-In: I5c3c55367c3a294578cd0f97ac0e315a11ed517e
(cherry picked from commit d984e5fd6211e1b23c8847db4912ce89753e3e80)

0 files changed, 0 insertions, 0 deletions