summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java10
-rw-r--r--services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java8
2 files changed, 16 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
index cc205d4a53bd..cc58f38db65a 100644
--- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
+++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
@@ -1541,8 +1541,14 @@ class SyntheticPasswordManager {
*/
public @NonNull AuthenticationResult unlockTokenBasedProtector(
IGateKeeperService gatekeeper, long protectorId, byte[] token, int userId) {
- SyntheticPasswordBlob blob = SyntheticPasswordBlob.fromBytes(loadState(SP_BLOB_NAME,
- protectorId, userId));
+ byte[] data = loadState(SP_BLOB_NAME, protectorId, userId);
+ if (data == null) {
+ AuthenticationResult result = new AuthenticationResult();
+ result.gkResponse = VerifyCredentialResponse.ERROR;
+ Slogf.w(TAG, "spblob not found for protector %016x, user %d", protectorId, userId);
+ return result;
+ }
+ SyntheticPasswordBlob blob = SyntheticPasswordBlob.fromBytes(data);
return unlockTokenBasedProtectorInternal(gatekeeper, protectorId, blob.mProtectorType,
token, userId);
}
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
index eca19c8e8c4d..2da2f50447c7 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
@@ -506,6 +506,14 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
}
@Test
+ public void testUnlockUserWithTokenWithBadHandleReturnsFalse() {
+ final long badTokenHandle = 123456789;
+ final byte[] token = "some-high-entropy-secure-token".getBytes();
+ mService.initializeSyntheticPassword(PRIMARY_USER_ID);
+ assertFalse(mLocalService.unlockUserWithToken(badTokenHandle, token, PRIMARY_USER_ID));
+ }
+
+ @Test
public void testGetHashFactorPrimaryUser() throws RemoteException {
LockscreenCredential password = newPassword("password");
initSpAndSetCredential(PRIMARY_USER_ID, password);
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-09 04:15:01 +0000