diff options
| -rw-r--r-- | services/core/java/com/android/server/locksettings/LockSettingsService.java | 6 | ||||
| -rw-r--r-- | services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java | 42 |
2 files changed, 48 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index a0e543300ce7..42d0a5c4757a 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -3618,6 +3618,12 @@ public class LockSettingsService extends ILockSettings.Stub { return; } + UserInfo userInfo = mInjector.getUserManagerInternal().getUserInfo(userId); + if (userInfo != null && userInfo.isForTesting()) { + Slog.i(TAG, "Keeping escrow data for test-only user"); + return; + } + // Disable escrow token permanently on all other device/user types. Slogf.i(TAG, "Permanently disabling support for escrow tokens on user %d", userId); mSpManager.destroyEscrowData(userId); diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java index 2da2f50447c7..e836780b3f71 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java @@ -16,6 +16,7 @@ package com.android.server.locksettings; +import static android.content.pm.UserInfo.FLAG_FOR_TESTING; import static android.content.pm.UserInfo.FLAG_FULL; import static android.content.pm.UserInfo.FLAG_MAIN; import static android.content.pm.UserInfo.FLAG_PRIMARY; @@ -44,6 +45,8 @@ import static org.mockito.Mockito.when; import android.app.PropertyInvalidatedCache; import android.app.admin.PasswordMetrics; +import android.content.ComponentName; +import android.content.pm.UserInfo; import android.os.RemoteException; import android.platform.test.annotations.Presubmit; @@ -357,6 +360,45 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { } @Test + public void testEscrowDataRetainedWhenManagedUserVerifiesCredential() throws RemoteException { + when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(true); + + LockscreenCredential password = newPassword("password"); + initSpAndSetCredential(PRIMARY_USER_ID, password); + + mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */); + + assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID)); + } + + @Test + public void testEscrowDataRetainedWhenUnmanagedTestUserVerifiesCredential() + throws RemoteException { + when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false); + UserInfo userInfo = mUserManagerInternal.getUserInfo(PRIMARY_USER_ID); + userInfo.flags |= FLAG_FOR_TESTING; + + LockscreenCredential password = newPassword("password"); + initSpAndSetCredential(PRIMARY_USER_ID, password); + + mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */); + + assertTrue("Escrow data was destroyed", mSpManager.hasEscrowData(PRIMARY_USER_ID)); + } + + @Test + public void testEscrowDataDeletedWhenUnmanagedUserVerifiesCredential() throws RemoteException { + when(mDeviceStateCache.isUserOrganizationManaged(anyInt())).thenReturn(false); + + LockscreenCredential password = newPassword("password"); + initSpAndSetCredential(PRIMARY_USER_ID, password); + + mService.verifyCredential(password, PRIMARY_USER_ID, 0 /* flags */); + + assertFalse("Escrow data wasn't destroyed", mSpManager.hasAnyEscrowData(PRIMARY_USER_ID)); + } + + @Test public void testTokenBasedClearPassword() throws RemoteException { LockscreenCredential password = newPassword("password"); LockscreenCredential pattern = newPattern("123654"); |