diff options
4 files changed, 140 insertions, 99 deletions
diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl index b36c3fa79251..b626fc6e0608 100644 --- a/core/java/com/android/internal/widget/ILockSettings.aidl +++ b/core/java/com/android/internal/widget/ILockSettings.aidl @@ -42,7 +42,7 @@ interface ILockSettings { long getLong(in String key, in long defaultValue, in int userId); @UnsupportedAppUsage String getString(in String key, in String defaultValue, in int userId); - void setLockCredential(in byte[] credential, int type, in byte[] savedCredential, int requestedQuality, int userId, boolean allowUntrustedChange); + boolean setLockCredential(in byte[] credential, int type, in byte[] savedCredential, int requestedQuality, int userId, boolean allowUntrustedChange); void resetKeyStore(int userId); VerifyCredentialResponse checkCredential(in byte[] credential, int type, int userId, in ICheckCredentialProgressCallback progressCallback); diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 32867a8949e6..070121cd1feb 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -680,6 +680,15 @@ public class LockPatternUtils { /** * Clear any lock pattern or password. + + * <p> This method will fail (returning {@code false}) if the previously + * saved password provided is incorrect, or if the lockscreen verification + * is still being throttled. + * + * @param savedCredential The previously saved credential + * @param userHandle the user whose pattern is to be saved. + * @return whether this was successful or not. + * @throws RuntimeException if password change encountered an unrecoverable error. */ public boolean clearLock(byte[] savedCredential, int userHandle) { return clearLock(savedCredential, userHandle, false); @@ -687,19 +696,27 @@ public class LockPatternUtils { /** * Clear any lock pattern or password, with the option to ignore incorrect existing credential. + * <p> This method will fail (returning {@code false}) if the previously + * saved password provided is incorrect, or if the lockscreen verification + * is still being throttled. + * + * @param savedCredential The previously saved credential + * @param userHandle the user whose pattern is to be saved. + * @return whether this was successful or not. + * @throws RuntimeException if password change encountered an unrecoverable error. */ public boolean clearLock(byte[] savedCredential, int userHandle, boolean allowUntrustedChange) { final int currentQuality = getKeyguardStoredPasswordQuality(userHandle); setKeyguardStoredPasswordQuality(PASSWORD_QUALITY_UNSPECIFIED, userHandle); - try{ - getLockSettings().setLockCredential(null, CREDENTIAL_TYPE_NONE, - savedCredential, PASSWORD_QUALITY_UNSPECIFIED, userHandle, - allowUntrustedChange); - } catch (Exception e) { - Log.e(TAG, "Failed to clear lock", e); + try { + if (!getLockSettings().setLockCredential(null, CREDENTIAL_TYPE_NONE, savedCredential, + PASSWORD_QUALITY_UNSPECIFIED, userHandle, allowUntrustedChange)) { + return false; + } + } catch (RemoteException | RuntimeException e) { setKeyguardStoredPasswordQuality(currentQuality, userHandle); - return false; + throw new RuntimeException("Failed to clear lock", e); } if (userHandle == UserHandle.USER_SYSTEM) { @@ -747,11 +764,15 @@ public class LockPatternUtils { /** * Save a lock pattern. + * + * <p> This method will fail (returning {@code false}) if the previously saved pattern provided + * is incorrect, or if the lockscreen verification is still being throttled. + * * @param pattern The new pattern to save. * @param savedPattern The previously saved pattern, converted to byte[] format * @param userId the user whose pattern is to be saved. - * * @return whether this was successful or not. + * @throws RuntimeException if password change encountered an unrecoverable error. */ public boolean saveLockPattern(List<LockPatternView.Cell> pattern, byte[] savedPattern, int userId) { @@ -760,13 +781,17 @@ public class LockPatternUtils { /** * Save a lock pattern. + * + * <p> This method will fail (returning {@code false}) if the previously saved pattern provided + * is incorrect, or if the lockscreen verification is still being throttled. + * * @param pattern The new pattern to save. * @param savedPattern The previously saved pattern, converted to byte[] format * @param userId the user whose pattern is to be saved. * @param allowUntrustedChange whether we want to allow saving a new password if the existing * password being provided is incorrect. - * * @return whether this was successful or not. + * @throws RuntimeException if password change encountered an unrecoverable error. */ public boolean saveLockPattern(List<LockPatternView.Cell> pattern, byte[] savedPattern, int userId, boolean allowUntrustedChange) { @@ -783,12 +808,13 @@ public class LockPatternUtils { final int currentQuality = getKeyguardStoredPasswordQuality(userId); setKeyguardStoredPasswordQuality(PASSWORD_QUALITY_SOMETHING, userId); try { - getLockSettings().setLockCredential(bytePattern, CREDENTIAL_TYPE_PATTERN, savedPattern, - PASSWORD_QUALITY_SOMETHING, userId, allowUntrustedChange); - } catch (Exception e) { - Log.e(TAG, "Couldn't save lock pattern", e); + if (!getLockSettings().setLockCredential(bytePattern, CREDENTIAL_TYPE_PATTERN, + savedPattern, PASSWORD_QUALITY_SOMETHING, userId, allowUntrustedChange)) { + return false; + } + } catch (RemoteException | RuntimeException e) { setKeyguardStoredPasswordQuality(currentQuality, userId); - return false; + throw new RuntimeException("Couldn't save lock pattern", e); } // Update the device encryption password. if (userId == UserHandle.USER_SYSTEM @@ -906,14 +932,18 @@ public class LockPatternUtils { * Save a lock password. Does not ensure that the password is as good * as the requested mode, but will adjust the mode to be as good as the * password. + * + * <p> This method will fail (returning {@code false}) if the previously + * saved password provided is incorrect, or if the lockscreen verification + * is still being throttled. + * * @param password The password to save * @param savedPassword The previously saved lock password, or null if none * @param requestedQuality {@see DevicePolicyManager#getPasswordQuality( * android.content.ComponentName)} * @param userHandle The userId of the user to change the password for - * * @return whether this was successful or not. - * + * @throws RuntimeException if password change encountered an unrecoverable error. * @deprecated Pass password as a byte array */ @Deprecated @@ -928,13 +958,18 @@ public class LockPatternUtils { * Save a lock password. Does not ensure that the password is as good * as the requested mode, but will adjust the mode to be as good as the * password. + * + * <p> This method will fail (returning {@code false}) if the previously + * saved password provided is incorrect, or if the lockscreen verification + * is still being throttled. + * * @param password The password to save * @param savedPassword The previously saved lock password, or null if none * @param requestedQuality {@see DevicePolicyManager#getPasswordQuality( * android.content.ComponentName)} * @param userHandle The userId of the user to change the password for - * * @return whether this was successful or not. + * @throws RuntimeException if password change encountered an unrecoverable error. */ public boolean saveLockPassword(byte[] password, byte[] savedPassword, int requestedQuality, int userHandle) { @@ -946,6 +981,11 @@ public class LockPatternUtils { * Save a lock password. Does not ensure that the password is as good * as the requested mode, but will adjust the mode to be as good as the * password. + * + * <p> This method will fail (returning {@code false}) if the previously + * saved password provided is incorrect, or if the lockscreen verification + * is still being throttled. + * * @param password The password to save * @param savedPassword The previously saved lock password, or null if none * @param requestedQuality {@see DevicePolicyManager#getPasswordQuality( @@ -953,9 +993,9 @@ public class LockPatternUtils { * @param userHandle The userId of the user to change the password for * @param allowUntrustedChange whether we want to allow saving a new password if the existing * password being provided is incorrect. - * * @return whether this method saved the new password successfully or not. This flow will fail * and return false if the given credential is wrong and allowUntrustedChange is false. + * @throws RuntimeException if password change encountered an unrecoverable error. */ public boolean saveLockPassword(byte[] password, byte[] savedPassword, int requestedQuality, int userHandle, boolean allowUntrustedChange) { @@ -981,10 +1021,9 @@ public class LockPatternUtils { try { getLockSettings().setLockCredential(password, CREDENTIAL_TYPE_PASSWORD, savedPassword, requestedQuality, userHandle, allowUntrustedChange); - } catch (Exception e) { - Log.e(TAG, "Unable to save lock password", e); + } catch (RemoteException | RuntimeException e) { setKeyguardStoredPasswordQuality(currentQuality, userHandle); - return false; + throw new RuntimeException("Unable to save lock password", e); } updateEncryptionPasswordIfNeeded(password, passwordQuality, userHandle); diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index ccc0d4b8334c..b7eca29ac04c 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -1461,7 +1461,7 @@ public class LockSettingsService extends ILockSettings.Stub { // This method should be called by LockPatternUtil only, all internal methods in this class // should call setLockCredentialInternal. @Override - public void setLockCredential(byte[] credential, int type, + public boolean setLockCredential(byte[] credential, int type, byte[] savedCredential, int requestedQuality, int userId, boolean allowUntrustedChange) { @@ -1471,8 +1471,10 @@ public class LockSettingsService extends ILockSettings.Stub { } checkWritePermission(userId); synchronized (mSeparateChallengeLock) { - setLockCredentialInternal(credential, type, savedCredential, requestedQuality, userId, - allowUntrustedChange, /* isLockTiedToParent= */ false); + if (!setLockCredentialInternal(credential, type, savedCredential, requestedQuality, + userId, allowUntrustedChange, /* isLockTiedToParent= */ false)) { + return false; + } setSeparateProfileChallengeEnabledLocked(userId, true, null); notifyPasswordChanged(userId); } @@ -1481,13 +1483,14 @@ public class LockSettingsService extends ILockSettings.Stub { setDeviceUnlockedForUser(userId); } notifySeparateProfileChallengeChanged(userId); + return true; } /** * @param isLockTiedToParent is {@code true} if {@code userId} is a profile and its new * credentials are being tied to its parent's credentials. */ - private void setLockCredentialInternal(byte[] credential, @CredentialType int credentialType, + private boolean setLockCredentialInternal(byte[] credential, @CredentialType int credentialType, byte[] savedCredential, int requestedQuality, int userId, boolean allowUntrustedChange, boolean isLockTiedToParent) { // Normalize savedCredential and credential such that empty string is always represented @@ -1500,9 +1503,9 @@ public class LockSettingsService extends ILockSettings.Stub { } synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userId)) { - spBasedSetLockCredentialInternalLocked(credential, credentialType, savedCredential, - requestedQuality, userId, allowUntrustedChange, isLockTiedToParent); - return; + return spBasedSetLockCredentialInternalLocked(credential, credentialType, + savedCredential, requestedQuality, userId, allowUntrustedChange, + isLockTiedToParent); } } @@ -1519,7 +1522,7 @@ public class LockSettingsService extends ILockSettings.Stub { setUserPasswordMetrics(CREDENTIAL_TYPE_NONE, null, userId); sendCredentialsOnChangeIfRequired( credentialType, credential, userId, isLockTiedToParent); - return; + return true; } if (credential == null) { throw new IllegalArgumentException("Null credential with mismatched credential type"); @@ -1552,37 +1555,38 @@ public class LockSettingsService extends ILockSettings.Stub { if (shouldMigrateToSyntheticPasswordLocked(userId)) { initializeSyntheticPasswordLocked(currentHandle.hash, savedCredential, currentHandle.type, requestedQuality, userId); - spBasedSetLockCredentialInternalLocked(credential, credentialType, savedCredential, - requestedQuality, userId, allowUntrustedChange, isLockTiedToParent); - return; + return spBasedSetLockCredentialInternalLocked(credential, credentialType, + savedCredential, requestedQuality, userId, allowUntrustedChange, + isLockTiedToParent); } } if (DEBUG) Slog.d(TAG, "setLockCredentialInternal: user=" + userId); byte[] enrolledHandle = enrollCredential(currentHandle.hash, savedCredential, credential, userId); - if (enrolledHandle != null) { - CredentialHash willStore = CredentialHash.create(enrolledHandle, credentialType); - mStorage.writeCredentialHash(willStore, userId); - // push new secret and auth token to vold - GateKeeperResponse gkResponse; - try { - gkResponse = getGateKeeperService().verifyChallenge(userId, 0, willStore.hash, - credential); - } catch (RemoteException e) { - throw new IllegalStateException("Failed to verify current credential", e); - } - setUserKeyProtection(userId, credential, convertResponse(gkResponse)); - fixateNewestUserKeyAuth(userId); - // Refresh the auth token - doVerifyCredential(credential, credentialType, CHALLENGE_FROM_CALLER, 0, userId, - null /* progressCallback */); - synchronizeUnifiedWorkChallengeForProfiles(userId, null); - sendCredentialsOnChangeIfRequired( - credentialType, credential, userId, isLockTiedToParent); - } else { - throw new IllegalStateException(String.format("Failed to enroll %s", + if (enrolledHandle == null) { + Slog.w(TAG, String.format("Failed to enroll %s: incorrect credential", credentialType == CREDENTIAL_TYPE_PASSWORD ? "password" : "pattern")); + return false; + } + CredentialHash willStore = CredentialHash.create(enrolledHandle, credentialType); + mStorage.writeCredentialHash(willStore, userId); + // push new secret and auth token to vold + GateKeeperResponse gkResponse; + try { + gkResponse = getGateKeeperService().verifyChallenge(userId, 0, willStore.hash, + credential); + } catch (RemoteException e) { + throw new IllegalStateException("Failed to verify current credential", e); } + setUserKeyProtection(userId, credential, convertResponse(gkResponse)); + fixateNewestUserKeyAuth(userId); + // Refresh the auth token + doVerifyCredential(credential, credentialType, CHALLENGE_FROM_CALLER, 0, userId, + null /* progressCallback */); + synchronizeUnifiedWorkChallengeForProfiles(userId, null); + sendCredentialsOnChangeIfRequired( + credentialType, credential, userId, isLockTiedToParent); + return true; } private VerifyCredentialResponse convertResponse(GateKeeperResponse gateKeeperResponse) { @@ -2711,7 +2715,7 @@ public class LockSettingsService extends ILockSettings.Stub { } @GuardedBy("mSpManager") - private void spBasedSetLockCredentialInternalLocked(byte[] credential, int credentialType, + private boolean spBasedSetLockCredentialInternalLocked(byte[] credential, int credentialType, byte[] savedCredential, int requestedQuality, int userId, boolean allowUntrustedChange, boolean isLockTiedToParent) { if (DEBUG) Slog.d(TAG, "spBasedSetLockCredentialInternalLocked: user=" + userId); @@ -2736,8 +2740,9 @@ public class LockSettingsService extends ILockSettings.Stub { // If existing credential is provided, the existing credential must match. if (savedCredential != null && auth == null) { - throw new IllegalStateException(String.format("Failed to enroll %s", + Slog.w(TAG, String.format("Failed to enroll %s: incorrect credential", credentialType == CREDENTIAL_TYPE_PASSWORD ? "password" : "pattern")); + return false; } boolean untrustedReset = false; if (auth != null) { @@ -2757,7 +2762,8 @@ public class LockSettingsService extends ILockSettings.Stub { } untrustedReset = true; } else /* responseCode == VerifyCredentialResponse.RESPONSE_RETRY */ { - throw new IllegalStateException("Rate limit exceeded, so password was not changed."); + Slog.w(TAG, "Rate limit exceeded, so password was not changed."); + return false; } if (auth != null) { @@ -2779,6 +2785,7 @@ public class LockSettingsService extends ILockSettings.Stub { // synthetic password. That would invalidate existing escrow tokens though. } sendCredentialsOnChangeIfRequired(credentialType, credential, userId, isLockTiedToParent); + return true; } /** diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java index 67d6eda1b3ee..7354ad4b9ac3 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java @@ -92,24 +92,18 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { public void testChangePasswordFailPrimaryUser() throws RemoteException { final long sid = 1234; - final String FAILED_MESSAGE = "Failed to enroll password"; initializeStorageWithCredential(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD, sid); - try { - mService.setLockCredential("newpwd".getBytes(), CREDENTIAL_TYPE_PASSWORD, - "badpwd".getBytes(), PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, false); - fail("Did not fail when enrolling using incorrect credential"); - } catch (IllegalStateException expected) { - assertTrue(expected.getMessage().equals(FAILED_MESSAGE)); - } + assertFalse(mService.setLockCredential("newpwd".getBytes(), CREDENTIAL_TYPE_PASSWORD, + "badpwd".getBytes(), PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, false)); assertVerifyCredentials(PRIMARY_USER_ID, "password", CREDENTIAL_TYPE_PASSWORD, sid); } public void testClearPasswordPrimaryUser() throws RemoteException { final String PASSWORD = "password"; initializeStorageWithCredential(PRIMARY_USER_ID, PASSWORD, CREDENTIAL_TYPE_PASSWORD, 1234); - mService.setLockCredential(null, CREDENTIAL_TYPE_NONE, PASSWORD.getBytes(), - PASSWORD_QUALITY_UNSPECIFIED, PRIMARY_USER_ID, false); + assertTrue(mService.setLockCredential(null, CREDENTIAL_TYPE_NONE, PASSWORD.getBytes(), + PASSWORD_QUALITY_UNSPECIFIED, PRIMARY_USER_ID, false)); assertFalse(mService.havePassword(PRIMARY_USER_ID)); assertFalse(mService.havePattern(PRIMARY_USER_ID)); assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID)); @@ -118,9 +112,9 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { public void testManagedProfileUnifiedChallenge() throws RemoteException { final String firstUnifiedPassword = "testManagedProfileUnifiedChallenge-pwd-1"; final String secondUnifiedPassword = "testManagedProfileUnifiedChallenge-pwd-2"; - mService.setLockCredential(firstUnifiedPassword.getBytes(), + assertTrue(mService.setLockCredential(firstUnifiedPassword.getBytes(), LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, - null, PASSWORD_QUALITY_COMPLEX, PRIMARY_USER_ID, false); + null, PASSWORD_QUALITY_COMPLEX, PRIMARY_USER_ID, false)); mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); final long primarySid = mGateKeeperService.getSecureUserId(PRIMARY_USER_ID); final long profileSid = mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID); @@ -154,17 +148,17 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { */ mStorageManager.setIgnoreBadUnlock(true); // Change primary password and verify that profile SID remains - mService.setLockCredential(secondUnifiedPassword.getBytes(), + assertTrue(mService.setLockCredential(secondUnifiedPassword.getBytes(), LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, firstUnifiedPassword.getBytes(), - PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, false); + PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, false)); mStorageManager.setIgnoreBadUnlock(false); assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID)); assertNull(mGateKeeperService.getAuthToken(TURNED_OFF_PROFILE_USER_ID)); // Clear unified challenge - mService.setLockCredential(null, LockPatternUtils.CREDENTIAL_TYPE_NONE, + assertTrue(mService.setLockCredential(null, LockPatternUtils.CREDENTIAL_TYPE_NONE, secondUnifiedPassword.getBytes(), PASSWORD_QUALITY_UNSPECIFIED, PRIMARY_USER_ID, - false); + false)); assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID)); assertEquals(0, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID)); assertEquals(0, mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID)); @@ -173,17 +167,17 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { public void testManagedProfileSeparateChallenge() throws RemoteException { final String primaryPassword = "testManagedProfileSeparateChallenge-primary"; final String profilePassword = "testManagedProfileSeparateChallenge-profile"; - mService.setLockCredential(primaryPassword.getBytes(), + assertTrue(mService.setLockCredential(primaryPassword.getBytes(), LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, null, - PASSWORD_QUALITY_COMPLEX, PRIMARY_USER_ID, false); + PASSWORD_QUALITY_COMPLEX, PRIMARY_USER_ID, false)); /* Currently in LockSettingsService.setLockCredential, unlockUser() is called with the new * credential as part of verifyCredential() before the new credential is committed in * StorageManager. So we relax the check in our mock StorageManager to allow that. */ mStorageManager.setIgnoreBadUnlock(true); - mService.setLockCredential(profilePassword.getBytes(), + assertTrue(mService.setLockCredential(profilePassword.getBytes(), LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, null, - PASSWORD_QUALITY_COMPLEX, MANAGED_PROFILE_USER_ID, false); + PASSWORD_QUALITY_COMPLEX, MANAGED_PROFILE_USER_ID, false)); mStorageManager.setIgnoreBadUnlock(false); final long primarySid = mGateKeeperService.getSecureUserId(PRIMARY_USER_ID); @@ -209,8 +203,9 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { // Change primary credential and make sure we don't affect profile mStorageManager.setIgnoreBadUnlock(true); - mService.setLockCredential("pwd".getBytes(), LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, - primaryPassword.getBytes(), PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, false); + assertTrue(mService.setLockCredential("pwd".getBytes(), + LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, + primaryPassword.getBytes(), PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, false)); mStorageManager.setIgnoreBadUnlock(false); assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential( profilePassword.getBytes(), LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, @@ -221,13 +216,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { public void testSetLockCredential_forPrimaryUser_sendsCredentials() throws Exception { final byte[] password = "password".getBytes(); - mService.setLockCredential( + assertTrue(mService.setLockCredential( password, CREDENTIAL_TYPE_PASSWORD, null, PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager) .lockScreenSecretChanged(CREDENTIAL_TYPE_PASSWORD, password, PRIMARY_USER_ID); @@ -237,13 +232,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { throws Exception { final byte[] pattern = "12345".getBytes(); - mService.setLockCredential( + assertTrue(mService.setLockCredential( pattern, CREDENTIAL_TYPE_PATTERN, null, PASSWORD_QUALITY_SOMETHING, MANAGED_PROFILE_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager) .lockScreenSecretChanged(CREDENTIAL_TYPE_PATTERN, pattern, MANAGED_PROFILE_USER_ID); @@ -259,13 +254,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { CREDENTIAL_TYPE_PATTERN, PASSWORD_QUALITY_SOMETHING); - mService.setLockCredential( + assertTrue(mService.setLockCredential( newCredential, CREDENTIAL_TYPE_PASSWORD, oldCredential.getBytes(), PASSWORD_QUALITY_ALPHABETIC, MANAGED_PROFILE_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager) .lockScreenSecretChanged( @@ -276,13 +271,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { throws Exception { mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); - mService.setLockCredential( + assertTrue(mService.setLockCredential( "12345".getBytes(), CREDENTIAL_TYPE_PATTERN, null, PASSWORD_QUALITY_SOMETHING, PRIMARY_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager, never()) .lockScreenSecretChanged( @@ -298,13 +293,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { PRIMARY_USER_ID, oldCredential, CREDENTIAL_TYPE_PASSWORD, 1234); mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); - mService.setLockCredential( + assertTrue(mService.setLockCredential( newCredential, CREDENTIAL_TYPE_PASSWORD, oldCredential.getBytes(), PASSWORD_QUALITY_ALPHABETIC, PRIMARY_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager) .lockScreenSecretChanged(CREDENTIAL_TYPE_PASSWORD, newCredential, PRIMARY_USER_ID); @@ -321,13 +316,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { PRIMARY_USER_ID, oldCredential, CREDENTIAL_TYPE_PASSWORD, 1234); mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); - mService.setLockCredential( + assertTrue(mService.setLockCredential( null, CREDENTIAL_TYPE_NONE, oldCredential.getBytes(), PASSWORD_QUALITY_UNSPECIFIED, PRIMARY_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager) .lockScreenSecretChanged(CREDENTIAL_TYPE_NONE, null, PRIMARY_USER_ID); @@ -343,13 +338,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { PRIMARY_USER_ID, parentPassword, CREDENTIAL_TYPE_PASSWORD, 1234); mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null); - mService.setLockCredential( + assertTrue(mService.setLockCredential( profilePassword, CREDENTIAL_TYPE_PASSWORD, null, PASSWORD_QUALITY_ALPHABETIC, MANAGED_PROFILE_USER_ID, - false); + false)); verify(mRecoverableKeyStoreManager) .lockScreenSecretChanged( @@ -395,13 +390,13 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { public void testVerifyCredential_forProfileWithSeparateChallenge_sendsCredentials() throws Exception { final byte[] pattern = "12345".getBytes(); - mService.setLockCredential( + assertTrue(mService.setLockCredential( pattern, CREDENTIAL_TYPE_PATTERN, null, PASSWORD_QUALITY_SOMETHING, MANAGED_PROFILE_USER_ID, - false); + false)); reset(mRecoverableKeyStoreManager); mService.verifyCredential(pattern, CREDENTIAL_TYPE_PATTERN, 1, MANAGED_PROFILE_USER_ID); @@ -436,8 +431,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { private void testCreateCredential(int userId, String credential, int type, int quality) throws RemoteException { - mService.setLockCredential(credential.getBytes(), type, null, quality, - userId, false); + assertTrue(mService.setLockCredential(credential.getBytes(), type, null, quality, + userId, false)); assertVerifyCredentials(userId, credential, type, -1); } @@ -461,8 +456,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { String oldCredential, int oldType, int quality) throws RemoteException { final long sid = 1234; initializeStorageWithCredential(userId, oldCredential, oldType, sid); - mService.setLockCredential(newCredential.getBytes(), newType, oldCredential.getBytes(), - quality, userId, false); + assertTrue(mService.setLockCredential(newCredential.getBytes(), newType, + oldCredential.getBytes(), quality, userId, false)); assertVerifyCredentials(userId, newCredential, newType, sid); } |