| c93cdef2fa5403ac46767f1853f4e803824d4d20 |
|
21-Apr-2017 |
Charles He <qiurui@google.com> |
Let unlocked profile verifyCredential under unified lock
When unified work challenge is enabled and the primary user is unlocked,
LockSettingsService should unlock the managed profile subsequently by
calling verifyCredential() in most cases. Previously,
verifyCredential() is not called on managed profiles when any one of the
two conditions are met:
1. when the profile is not yet running
2. when the profile is already unlocked
These were introduced to make sure the managed profile stays locked when
it is in QUIET_MODE (i.e. work mode off).
However, condition 2 is problematic. Specifically, it also prevents auth
tokens, etc., from being refreshed (side effects of verifyCredential()),
even when the profile is not in QUIET_MODE.
We remove condition 2 in this change to make sure verifyCredential() is
still called on the managed profile when it is RUNNING_UNLOCKED.
Condition 1 alone should be able to handle the QUIET_MODE case. Unit
test is also updated in case regression occurs.
Bug: 36851574
Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests
Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests
Test: CTS verifier > BYOD managed provisioning > Authentication-bound keys
Test: (all of above are run on both sailfish and angler)
Change-Id: Ice89c1eedacaf07e076252a2a571a1eb100ef791
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|
| 8e87af55337a19cf7242a1bf2f516bc26ae65f9e |
|
03-Mar-2017 |
Andrew Scull <ascull@google.com> |
Don't unlock the work profile if it is turned off.
Test: Turn off work, lock and unlock device with PIN/password/pattern,
turn on work and now you get a screen lock prompt.
Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests
Change-Id: I0c6946af4ffb1546ffbd4d80c11fa4b8ab5555bc
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|
| 3bf722a8d54ca7192dfe07ee7b73eac7d25ccac5 |
|
15-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add synthetic password to authentication flow
The user password is used to unlock a per-user synthetic password which
serves the purpose of what the user password previsouly achieves (protect
keystore, vold disk encryption, auth token generation).
Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests
Test: manual
1. Start with fresh device, enable synthetic password with "adb shell cmd lock_settings sp 1"
1.1 add device lock, reboot and verify (positive & negative); change device lock, reboot and verify.
1.2 Inflate a work profile, reboot and verify device lock. check SID with "adb shell dumpsys lock_settings"
1.3 Un-unify and add work challenge, reboot and verify work challenge and SID.
1.4 Re-unify work challenge, reboot and verify.
1.5 Clear device lock, reboot and verify lock and SID.
2. Start with a fresh device, add a device lock and inflate a work profile.
2.1 Enable synthetic password, note current SID
2.2 Reboot and unlock device. Verify synthetic password is generated and SID remains.
2.3 Clear device lock, reboot and verify (SID should be cleared)
3. Start with a fresh device, inflate a work profile, add separate work challenge
3.1 Enable synthetic password, not current SID
3.2 Reboot and unlock device and profile. Verify synthetic password is generated.
3.3 Clear device lock only, reboot and verify (work profile SID should remain)
All steps tested on marlin (FBE) and bullhead (FDE)
Bug: 33126414
Change-Id: Idb9ebfc7bba2fe40670c5fee2189e873d9704540
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|
| 0cbc19e4a66f7db51596b57ca91afc6f5b27f3b4 |
|
09-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add unit tests for LockSettingsService
Add infrastructure and first sets of unit tests for LockSettingsService
Bug: 33126408
Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests
Change-Id: I4f3b7f6eaef7122f72b06bd11ce49134a093fe35
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|