diff options
10 files changed, 49 insertions, 26 deletions
diff --git a/core/java/android/app/KeyguardManager.java b/core/java/android/app/KeyguardManager.java index 76643d603304..54f74b15c501 100644 --- a/core/java/android/app/KeyguardManager.java +++ b/core/java/android/app/KeyguardManager.java @@ -174,7 +174,7 @@ public class KeyguardManager { */ public Intent createConfirmFactoryResetCredentialIntent( CharSequence title, CharSequence description, CharSequence alternateButtonLabel) { - if (!LockPatternUtils.frpCredentialEnabled()) { + if (!LockPatternUtils.frpCredentialEnabled(mContext)) { Log.w(TAG, "Factory reset credentials not supported."); return null; } diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index f85333eb9588..54399061a38f 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -303,7 +303,7 @@ public class LockPatternUtils { } public void reportFailedPasswordAttempt(int userId) { - if (userId == USER_FRP && frpCredentialEnabled()) { + if (userId == USER_FRP && frpCredentialEnabled(mContext)) { return; } getDevicePolicyManager().reportFailedPasswordAttempt(userId); @@ -311,7 +311,7 @@ public class LockPatternUtils { } public void reportSuccessfulPasswordAttempt(int userId) { - if (userId == USER_FRP && frpCredentialEnabled()) { + if (userId == USER_FRP && frpCredentialEnabled(mContext)) { return; } getDevicePolicyManager().reportSuccessfulPasswordAttempt(userId); @@ -319,21 +319,21 @@ public class LockPatternUtils { } public void reportPasswordLockout(int timeoutMs, int userId) { - if (userId == USER_FRP && frpCredentialEnabled()) { + if (userId == USER_FRP && frpCredentialEnabled(mContext)) { return; } getTrustManager().reportUnlockLockout(timeoutMs, userId); } public int getCurrentFailedPasswordAttempts(int userId) { - if (userId == USER_FRP && frpCredentialEnabled()) { + if (userId == USER_FRP && frpCredentialEnabled(mContext)) { return 0; } return getDevicePolicyManager().getCurrentFailedPasswordAttempts(userId); } public int getMaximumFailedPasswordsForWipe(int userId) { - if (userId == USER_FRP && frpCredentialEnabled()) { + if (userId == USER_FRP && frpCredentialEnabled(mContext)) { return 0; } return getDevicePolicyManager().getMaximumFailedPasswordsForWipe( @@ -1768,11 +1768,12 @@ public class LockPatternUtils { return getLong(SYNTHETIC_PASSWORD_ENABLED_KEY, 0, UserHandle.USER_SYSTEM) != 0; } - public static boolean userOwnsFrpCredential(UserInfo info) { - return info != null && info.isPrimary() && info.isAdmin() && frpCredentialEnabled(); + public static boolean userOwnsFrpCredential(Context context, UserInfo info) { + return info != null && info.isPrimary() && info.isAdmin() && frpCredentialEnabled(context); } - public static boolean frpCredentialEnabled() { - return FRP_CREDENTIAL_ENABLED; + public static boolean frpCredentialEnabled(Context context) { + return FRP_CREDENTIAL_ENABLED && context.getResources().getBoolean( + com.android.internal.R.bool.config_enableCredentialFactoryResetProtection); } } diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index c7878c63e3b7..9eed12f679c4 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -1116,6 +1116,11 @@ <!-- Is the lock-screen disabled for new users by default --> <bool name="config_disableLockscreenByDefault">false</bool> + <!-- If true, enables verification of the lockscreen credential in the factory reset protection + flow. This should be true if gatekeeper / weaver credentials can still be checked after a + factory reset. --> + <bool name="config_enableCredentialFactoryResetProtection">true</bool> + <!-- Control the behavior when the user long presses the home button. 0 - Nothing 1 - Launch all apps intent diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index 09d8c752a811..0548db69a05d 100644 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -3019,6 +3019,8 @@ <java-symbol type="string" name="foreground_service_tap_for_details" /> <java-symbol type="string" name="foreground_service_multiple_separator" /> + <java-symbol type="bool" name="config_enableCredentialFactoryResetProtection" /> + <!-- ETWS primary messages --> <java-symbol type="string" name="etws_primary_default_message_earthquake" /> <java-symbol type="string" name="etws_primary_default_message_tsunami" /> diff --git a/packages/SystemUI/src/com/android/systemui/doze/DozeScreenBrightness.java b/packages/SystemUI/src/com/android/systemui/doze/DozeScreenBrightness.java index 03407e2b86e7..4bb4e79c91f6 100644 --- a/packages/SystemUI/src/com/android/systemui/doze/DozeScreenBrightness.java +++ b/packages/SystemUI/src/com/android/systemui/doze/DozeScreenBrightness.java @@ -22,6 +22,7 @@ import android.hardware.SensorEvent; import android.hardware.SensorEventListener; import android.hardware.SensorManager; import android.os.Handler; +import android.os.Trace; import com.android.internal.annotations.VisibleForTesting; @@ -94,9 +95,14 @@ public class DozeScreenBrightness implements DozeMachine.Part, SensorEventListen @Override public void onSensorChanged(SensorEvent event) { - if (mRegistered) { - mLastSensorValue = (int) event.values[0]; - updateBrightnessAndReady(); + Trace.beginSection("DozeScreenBrightness.onSensorChanged" + event.values[0]); + try { + if (mRegistered) { + mLastSensorValue = (int) event.values[0]; + updateBrightnessAndReady(); + } + } finally { + Trace.endSection(); } } diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index 14d9afb14cf9..a1a010618ec0 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -376,7 +376,7 @@ public class LockSettingsService extends ILockSettings.Stub { } public SyntheticPasswordManager getSyntheticPasswordManager(LockSettingsStorage storage) { - return new SyntheticPasswordManager(storage, getUserManager()); + return new SyntheticPasswordManager(getContext(), storage, getUserManager()); } public int binderGetCallingUid() { @@ -763,7 +763,8 @@ public class LockSettingsService extends ILockSettings.Stub { private void migrateOldDataAfterSystemReady() { try { // Migrate the FRP credential to the persistent data block - if (LockPatternUtils.frpCredentialEnabled() && !getBoolean("migrated_frp", false, 0)) { + if (LockPatternUtils.frpCredentialEnabled(mContext) + && !getBoolean("migrated_frp", false, 0)) { migrateFrpCredential(); setBoolean("migrated_frp", true, 0); Slog.i(TAG, "Migrated migrated_frp."); @@ -784,7 +785,7 @@ public class LockSettingsService extends ILockSettings.Stub { return; } for (UserInfo userInfo : mUserManager.getUsers()) { - if (userOwnsFrpCredential(userInfo) && isUserSecure(userInfo.id)) { + if (userOwnsFrpCredential(mContext, userInfo) && isUserSecure(userInfo.id)) { synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userInfo.id)) { int actualQuality = (int) getLong(LockPatternUtils.PASSWORD_TYPE_KEY, @@ -2504,7 +2505,7 @@ public class LockSettingsService extends ILockSettings.Stub { } public void onSystemReady() { - if (frpCredentialEnabled()) { + if (frpCredentialEnabled(mContext)) { updateRegistration(); } else { // If we don't intend to use frpCredentials and we're not provisioned yet, send @@ -2533,7 +2534,7 @@ public class LockSettingsService extends ILockSettings.Stub { private void clearFrpCredentialIfOwnerNotSecure() { List<UserInfo> users = mUserManager.getUsers(); for (UserInfo user : users) { - if (userOwnsFrpCredential(user)) { + if (userOwnsFrpCredential(mContext, user)) { if (!isUserSecure(user.id)) { mStorage.writePersistentDataBlock(PersistentData.TYPE_NONE, user.id, 0, null); diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java index 33a9a995c08c..9440f17164aa 100644 --- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java +++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java @@ -19,6 +19,7 @@ package com.android.server.locksettings; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.admin.DevicePolicyManager; +import android.content.Context; import android.content.pm.UserInfo; import android.hardware.weaver.V1_0.IWeaver; import android.hardware.weaver.V1_0.WeaverConfig; @@ -255,13 +256,16 @@ public class SyntheticPasswordManager { byte[] aggregatedSecret; } + private final Context mContext; private LockSettingsStorage mStorage; private IWeaver mWeaver; private WeaverConfig mWeaverConfig; private final UserManager mUserManager; - public SyntheticPasswordManager(LockSettingsStorage storage, UserManager userManager) { + public SyntheticPasswordManager(Context context, LockSettingsStorage storage, + UserManager userManager) { + mContext = context; mStorage = storage; mUserManager = userManager; } @@ -645,7 +649,7 @@ public class SyntheticPasswordManager { public void migrateFrpPasswordLocked(long handle, UserInfo userInfo, int requestedQuality) { if (mStorage.getPersistentDataBlock() != null - && LockPatternUtils.userOwnsFrpCredential(userInfo)) { + && LockPatternUtils.userOwnsFrpCredential(mContext, userInfo)) { PasswordData pwd = PasswordData.fromBytes(loadState(PASSWORD_DATA_NAME, handle, userInfo.id)); if (pwd.passwordType != LockPatternUtils.CREDENTIAL_TYPE_NONE) { @@ -662,7 +666,8 @@ public class SyntheticPasswordManager { private void synchronizeFrpPassword(PasswordData pwd, int requestedQuality, int userId) { if (mStorage.getPersistentDataBlock() != null - && LockPatternUtils.userOwnsFrpCredential(mUserManager.getUserInfo(userId))) { + && LockPatternUtils.userOwnsFrpCredential(mContext, + mUserManager.getUserInfo(userId))) { if (pwd.passwordType != LockPatternUtils.CREDENTIAL_TYPE_NONE) { mStorage.writePersistentDataBlock(PersistentData.TYPE_SP, userId, requestedQuality, pwd.toBytes()); @@ -675,7 +680,8 @@ public class SyntheticPasswordManager { private void synchronizeWeaverFrpPassword(PasswordData pwd, int requestedQuality, int userId, int weaverSlot) { if (mStorage.getPersistentDataBlock() != null - && LockPatternUtils.userOwnsFrpCredential(mUserManager.getUserInfo(userId))) { + && LockPatternUtils.userOwnsFrpCredential(mContext, + mUserManager.getUserInfo(userId))) { if (pwd.passwordType != LockPatternUtils.CREDENTIAL_TYPE_NONE) { mStorage.writePersistentDataBlock(PersistentData.TYPE_SP_WEAVER, weaverSlot, requestedQuality, pwd.toBytes()); diff --git a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java index 13cf9df01a4e..7cba28050780 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java @@ -106,7 +106,8 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase { return mService; } }; - mSpManager = new MockSyntheticPasswordManager(mStorage, mGateKeeperService, mUserManager); + mSpManager = new MockSyntheticPasswordManager(mContext, mStorage, mGateKeeperService, + mUserManager); mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils, mStorage, mGateKeeperService, mKeyStore, setUpStorageManagerMock(), mActivityManager, mSpManager); diff --git a/services/tests/servicestests/src/com/android/server/locksettings/MockSyntheticPasswordManager.java b/services/tests/servicestests/src/com/android/server/locksettings/MockSyntheticPasswordManager.java index cf035932322d..6f681797b88a 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/MockSyntheticPasswordManager.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/MockSyntheticPasswordManager.java @@ -15,6 +15,7 @@ */ package com.android.server.locksettings; +import android.content.Context; import android.hardware.weaver.V1_0.IWeaver; import android.os.RemoteException; import android.os.UserManager; @@ -35,9 +36,9 @@ public class MockSyntheticPasswordManager extends SyntheticPasswordManager { private FakeGateKeeperService mGateKeeper; private IWeaver mWeaverService; - public MockSyntheticPasswordManager(LockSettingsStorage storage, + public MockSyntheticPasswordManager(Context context, LockSettingsStorage storage, FakeGateKeeperService gatekeeper, UserManager userManager) { - super(storage, userManager); + super(context, storage, userManager); mGateKeeper = gatekeeper; } diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java index 2c9aa9d6a245..2ad05801916a 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java @@ -58,7 +58,7 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { final int USER_ID = 10; final String PASSWORD = "user-password"; final String BADPASSWORD = "bad-password"; - MockSyntheticPasswordManager manager = new MockSyntheticPasswordManager(mStorage, + MockSyntheticPasswordManager manager = new MockSyntheticPasswordManager(mContext, mStorage, mGateKeeperService, mUserManager); AuthenticationToken authToken = manager.newSyntheticPasswordAndSid(mGateKeeperService, null, null, USER_ID); |