summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/locksettings/LockSettingsService.java81
1 files changed, 3 insertions, 78 deletions
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 82d06246eb98..30c76164802b 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1718,42 +1718,10 @@ public class LockSettingsService extends ILockSettings.Stub {
}
}
synchronized (mSpManager) {
- if (shouldMigrateToSyntheticPasswordLocked(userId)) {
- initializeSyntheticPasswordLocked(currentHandle.hash, savedCredential, userId);
- return spBasedSetLockCredentialInternalLocked(credential, savedCredential, userId,
- isLockTiedToParent);
- }
- }
- if (DEBUG) Slog.d(TAG, "setLockCredentialInternal: user=" + userId);
- byte[] enrolledHandle = enrollCredential(currentHandle.hash,
- savedCredential.getCredential(), credential.getCredential(), userId);
- if (enrolledHandle == null) {
- Slog.w(TAG, String.format("Failed to enroll %s: incorrect credential",
- credential.isPattern() ? "pattern" : "password"));
- return false;
- }
- CredentialHash willStore = CredentialHash.create(enrolledHandle, credential.getType());
- mStorage.writeCredentialHash(willStore, userId);
- // Still update PASSWORD_TYPE_KEY if we are running in pre-synthetic password code path,
- // since it forms part of the state that determines the credential type
- // @see getCredentialTypeInternal
- setKeyguardStoredQuality(
- LockPatternUtils.credentialTypeToPasswordQuality(credential.getType()), userId);
- // push new secret and auth token to vold
- GateKeeperResponse gkResponse;
- try {
- gkResponse = getGateKeeperService().verifyChallenge(userId, 0, willStore.hash,
- credential.getCredential());
- } catch (RemoteException e) {
- throw new IllegalStateException("Failed to verify current credential", e);
+ initializeSyntheticPasswordLocked(currentHandle.hash, savedCredential, userId);
+ return spBasedSetLockCredentialInternalLocked(credential, savedCredential, userId,
+ isLockTiedToParent);
}
- setUserKeyProtection(userId, credential, convertResponse(gkResponse));
- fixateNewestUserKeyAuth(userId);
- // Refresh the auth token
- doVerifyCredential(credential, userId, null /* progressCallback */, 0 /* flags */);
- synchronizeUnifiedWorkChallengeForProfiles(userId, null);
- sendCredentialsOnChangeIfRequired(credential, userId, isLockTiedToParent);
- return true;
}
private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) {
@@ -1919,54 +1887,11 @@ public class LockSettingsService extends ILockSettings.Stub {
mStorage.writeChildProfileLock(userId, outputStream.toByteArray());
}
- private byte[] enrollCredential(byte[] enrolledHandle,
- byte[] enrolledCredential, byte[] toEnroll, int userId) {
- checkWritePermission(userId);
- GateKeeperResponse response;
- try {
- response = getGateKeeperService().enroll(userId, enrolledHandle,
- enrolledCredential, toEnroll);
- } catch (RemoteException e) {
- Slog.e(TAG, "Failed to enroll credential", e);
- return null;
- }
-
- if (response == null) {
- return null;
- }
-
- byte[] hash = response.getPayload();
- if (hash != null) {
- setKeystorePassword(toEnroll, userId);
- } else {
- // Should not happen
- Slog.e(TAG, "Throttled while enrolling a password");
- }
- return hash;
- }
-
private void setAuthlessUserKeyProtection(int userId, byte[] key) {
if (DEBUG) Slog.d(TAG, "setAuthlessUserKeyProtectiond: user=" + userId);
addUserKeyAuth(userId, null, key);
}
- private void setUserKeyProtection(int userId, LockscreenCredential credential,
- VerifyCredentialResponse vcr) {
- if (DEBUG) Slog.d(TAG, "setUserKeyProtection: user=" + userId);
- if (vcr == null) {
- throw new IllegalArgumentException("Null response verifying a credential we just set");
- }
- if (vcr.getResponseCode() != VerifyCredentialResponse.RESPONSE_OK) {
- throw new IllegalArgumentException("Non-OK response verifying a credential we just set "
- + vcr.getResponseCode());
- }
- byte[] token = vcr.getGatekeeperHAT();
- if (token == null) {
- throw new IllegalArgumentException("Empty payload verifying a credential we just set");
- }
- addUserKeyAuth(userId, token, secretFromCredential(credential));
- }
-
private void clearUserKeyProtection(int userId, byte[] secret) {
if (DEBUG) Slog.d(TAG, "clearUserKeyProtection user=" + userId);
final UserInfo userInfo = mUserManager.getUserInfo(userId);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-09 09:16:16 +0000