c93cdef2fa5403ac46767f1853f4e803824d4d20 |
|
21-Apr-2017 |
Charles He <qiurui@google.com> |
Let unlocked profile verifyCredential under unified lock When unified work challenge is enabled and the primary user is unlocked, LockSettingsService should unlock the managed profile subsequently by calling verifyCredential() in most cases. Previously, verifyCredential() is not called on managed profiles when any one of the two conditions are met: 1. when the profile is not yet running 2. when the profile is already unlocked These were introduced to make sure the managed profile stays locked when it is in QUIET_MODE (i.e. work mode off). However, condition 2 is problematic. Specifically, it also prevents auth tokens, etc., from being refreshed (side effects of verifyCredential()), even when the profile is not in QUIET_MODE. We remove condition 2 in this change to make sure verifyCredential() is still called on the managed profile when it is RUNNING_UNLOCKED. Condition 1 alone should be able to handle the QUIET_MODE case. Unit test is also updated in case regression occurs. Bug: 36851574 Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests Test: CTS verifier > BYOD managed provisioning > Authentication-bound keys Test: (all of above are run on both sailfish and angler) Change-Id: Ice89c1eedacaf07e076252a2a571a1eb100ef791
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|
8e87af55337a19cf7242a1bf2f516bc26ae65f9e |
|
03-Mar-2017 |
Andrew Scull <ascull@google.com> |
Don't unlock the work profile if it is turned off. Test: Turn off work, lock and unlock device with PIN/password/pattern, turn on work and now you get a screen lock prompt. Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests Change-Id: I0c6946af4ffb1546ffbd4d80c11fa4b8ab5555bc
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|
3bf722a8d54ca7192dfe07ee7b73eac7d25ccac5 |
|
15-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add synthetic password to authentication flow The user password is used to unlock a per-user synthetic password which serves the purpose of what the user password previsouly achieves (protect keystore, vold disk encryption, auth token generation). Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests Test: manual 1. Start with fresh device, enable synthetic password with "adb shell cmd lock_settings sp 1" 1.1 add device lock, reboot and verify (positive & negative); change device lock, reboot and verify. 1.2 Inflate a work profile, reboot and verify device lock. check SID with "adb shell dumpsys lock_settings" 1.3 Un-unify and add work challenge, reboot and verify work challenge and SID. 1.4 Re-unify work challenge, reboot and verify. 1.5 Clear device lock, reboot and verify lock and SID. 2. Start with a fresh device, add a device lock and inflate a work profile. 2.1 Enable synthetic password, note current SID 2.2 Reboot and unlock device. Verify synthetic password is generated and SID remains. 2.3 Clear device lock, reboot and verify (SID should be cleared) 3. Start with a fresh device, inflate a work profile, add separate work challenge 3.1 Enable synthetic password, not current SID 3.2 Reboot and unlock device and profile. Verify synthetic password is generated. 3.3 Clear device lock only, reboot and verify (work profile SID should remain) All steps tested on marlin (FBE) and bullhead (FDE) Bug: 33126414 Change-Id: Idb9ebfc7bba2fe40670c5fee2189e873d9704540
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|
0cbc19e4a66f7db51596b57ca91afc6f5b27f3b4 |
|
09-Dec-2016 |
Rubin Xu <rubinxu@google.com> |
Add unit tests for LockSettingsService Add infrastructure and first sets of unit tests for LockSettingsService Bug: 33126408 Test: runtest frameworks-services -c com.android.server.LockSettingsServiceTests Change-Id: I4f3b7f6eaef7122f72b06bd11ce49134a093fe35
/frameworks/base/services/tests/servicestests/src/com/android/server/LockSettingsServiceTests.java
|