Cross Reference: /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java

History log of /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
4ed98986ff33d8b0831951dd1f42cac2aae556ad	23-May-2018	Rubin Xu <rubinxu@google.com>	Handle managed profile with unified challenge in getHashFactor() Settings passes null into getHashFactor() when a profile user has unified challenge. In this case getHashFactor() needs to derive the real profile password before it can calculate the hash factor. Bug: 80077655 Test: runtest frameworks-services -c com.android.server.locksettings.SyntheticPasswordTests Change-Id: Ifa1d88818b58f914fd3560bb6ef44012facde87b /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
f01e90789eb27bc538df13374b6e67991c0ea829	30-Mar-2018	Rubin Xu <rubinxu@google.com>	Make password history hashing more secure Instead of hashing the password directly which makes it possible to bruteforce the password offline, hash the password together with the synthetic password. This means without knowledge of the synthetic password, the hash itself is useless. As a consequence of this change, saving and checking historical password would now also require the current device password to be provided. Checking password history also takes more time due to the need to unwrap synthetic password, at around 100-200ms. Bug: 32826058 Test: manual Change-Id: Icb65171b8c8b703d8f0aa3a8cb2bf7ad96c1332d /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
d7cea28bbc43e80dd7da44b275ffe53f127af0bf	17-Apr-2018	Andrew Scull <ascull@google.com>	Merge "LSS: pass secret to AuthSecret HAL when no credential" into pi-dev
f49794b512745ca3b3a26221d36291440bc417e5	13-Apr-2018	Andrew Scull <ascull@google.com>	LSS: pass secret to AuthSecret HAL when no credential If there was once a credential, a secret will have been enrolled. When the credential is removed, that secret is still enrolled but still needs to be derived. This adds that derivation in the case that the secret is enrolled by the user doesn't have a credential. Bug: 77942316 Test: runtest frameworks-services -c com.android.server.locksettings.SyntheticPasswordTests Change-Id: I099a9537ab0739830a234b5f4f3721f4e8476571 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
745d2c98f9467f1befb7ec3a6c485333d4f1b437	13-Apr-2018	Dmitry Dementyev <dementyev@google.com>	Remove implementation of deprecated RecoveryController methods. Bug: 78021839 Test: manual Change-Id: I8a8a23f1cc14e7b9ffe1e758b6f35906d1a5cf2f /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
86f5bb1a8cfe2d169767fb723d315955dda3a0e6	28-Mar-2018	Dmitry Dementyev <dementyev@google.com>	Remove deprecated generateAndStoreKey method implementation Bug: 77156834 Test: GTS, apct. Change-Id: I23791fced21308467afc60cc16efc4aee7074134 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
0da8983bc5e58714675b8cd01dcae82b0b9baa16	26-Mar-2018	Rubin Xu <rubinxu@google.com>	Require strong auth after user is stopped Stopping and restarting a user is equivalent to power cycling the device, we should require strong auth in this case. This is particularly important for FBE devices since the user's CE storage can only be decrypted with strong auth after user restart. Bug: 69724715 Test: Add guest user with fingerprint, switch to owner and back to guest. Verify keyguard requires strong auth. Change-Id: I9b6b339187cbb82bc9036f0b391babc3c5226378 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
4da14e00fc5919a7e36fe6d7d7e63512eb23bb4a	23-Mar-2018	Dmitry Dementyev <dementyev@google.com>	Remove unimplemented RecoverableKeystoreManager APIs. Add some Nullable annotations. Bug: 75952916,74859770 Test: apct Change-Id: I25710263a1ba806d49ec11638dab00f3513631a8 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
933dfc1cd6041d1e77d169be91818d5b31e36edc	23-Mar-2018	Aseem Kumar <aseemk@google.com>	Delete unimplemented APIs from RecoveryController. Bug: 74859770 Test: make update-api builds Change-Id: Ic547e0ee2ef13995389a71369ffa736a7d83b78a /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
889e78cb28a59c678ce1310c94e25ba887e18571	21-Mar-2018	Robert Berry <robertberry@google.com>	Merge "Add RecoverySession importKeyChainSnapshot method" into pi-dev
4a5c87def075c805d4fcae7ff01dd2e78ec27b1a	19-Mar-2018	Robert Berry <robertberry@google.com>	Add RecoverySession importKeyChainSnapshot method This imports the keys directly into the keystore of LockSettingsService, allowing them to be accessed via the RecoveryController getKey method. This is better as it does not expose raw key material to any app. Bug: 74345822 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I4991b0cff1d2fa2e5bd0b53a71c096499e93e98b /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
b31ab6740d66b21a74ffa77b753ea3364288254e	21-Mar-2018	Bo Zhu <bozhu@google.com>	Use the new root cert file under the core/ folder This CL also adds an alias param to the RecoverySession#start method. Bug: 76033708 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I870f4f89bd6e319e1687a981aa04af0d23f3c922 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
fcd49f993ede363d0b17900565dfe37066362480	24-Aug-2017	Rubin Xu <rubinxu@google.com>	Move escrow APIs into LockSettingsInternal Remove the IPC interfaces so these APIs are only available to other services running inside system server process only. Bug: 62264551 Test: runtest frameworks-services -p com.android.server.locksettings Change-Id: Ic7ac5df5fb977bc68a2c4daafaa3cdaf3ba66fcd /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
a3e5582fac1cc259022c06d027e73c767dc1c117	05-Oct-2017	Kevin Chyn <kchyn@google.com>	Don't store lockout deadline in lockSettings The deadline is enforced in gatekeeper, which persists after reboot. Users should not see the lockout timer after rebooting the device if it was previously in lockout, until an unlock attempt occurs. Fixes: 66443036 Test: 1) fail pattern five times 2) reboot device 3) go to bouncer, lockout timer should not show 4) upon entering pattern, timeout should show (if done fast enough) Change-Id: Ie07945b40c2f482fd1df7102ba96283ae9d98d75 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
7f414d94fc4f6bd34325f3865b51e8d11acb52ad	28-Feb-2018	Bo Zhu <bozhu@google.com>	Check the public-key signature of the whole certificate file before accepting the certificates This change requires an additional param to the initRecoveryService() API to take in the public-key signature. Bug: 73904566 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2aeead1fda51b6cd8df71ed3b5066342ebc8d5ea /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
2c8e5383c836d2dfa39b0be6bfa281285667a880	27-Feb-2018	Bo Zhu <bozhu@google.com>	Add a new API to import a key provided by the caller, such that this key can also be synced to the remote service This API may be useful for backward-compatibility work, e.g., recovering a key that's backed up in Android Q+ to Android P without updating the Android P Frameworks code. This API may also be useful for other use cases. Bug: 73785182 Change-Id: I1022dffb6a12bdf3df2022db5739169fcc9347d2 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
a3b994798d870244f11b56ae0bdfb870924402a8	23-Feb-2018	Robert Berry <robertberry@google.com>	Remove account param from generateKey method Bug: 73811828 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: If2f4174beea9cfb8c852139a7594815c377dbe7a /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
f34ad9509df18aff1f36123b839c62003216245c	25-Feb-2018	Robert Berry <robertberry@google.com>	Merge "Remove packageName from getRecoveryStatus"
7c1972ff71080568b7288197e96e163d5a469e5f	23-Feb-2018	Bo Zhu <bozhu@google.com>	Add CertPath to KeyChainSnapshot and startRecoverySession CertPath will include a cert of the trusted hardware and necessary intermediate certificates. Bug: 73784851 Change-Id: Ic70616b8f119891a82402b91035456e404c5f6de Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
56f06b4d111f99f72d4232b43037fea2f6246e7d	23-Feb-2018	Robert Berry <robertberry@google.com>	Remove packageName from getRecoveryStatus This parameter is unused. Bug: 73757432 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I153a84d71b0ebaed8ce3a1f0f33c70036dd960b2 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
bbe02ae8a3dd07989d61bbb739bfd863123c5489	20-Feb-2018	Robert Berry <robertberry@google.com>	Remove package name parameter from setRecoveryStatus Package name is implicit. Recovery agent can only act for the same uid. Bug: 73757432 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I45abf4b956fa4e97d981614d9e61295e85d5669e /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
9a6d39a5d79687bbdc80c554bc524d7dfc2c5f20	07-Feb-2018	Rubin Xu <rubinxu@google.com>	Simplify untrusted reset logic Instead re-initializing the synthetic password, just call setLockCredentialWithAuthTokenLocked similar to normal flow since we have the cached auth token. The existing synthetic password initializtaion flow actually has a bug when an untrusted reset to clear password is invoked: it wrongly assumes that it's in case 2 and creates a new SID for the user, instead of clearing it. This leads to the CTS failure. Test: On a FBE device, execute cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTestApi25 and verify device unlocks successfully after the reboot. Bug: 72875989 Change-Id: I5939335a27b10528b772d193f1e1034fd79abb9b /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
9fad6d289a65232db252d5ce40cc718c18a793d6	02-Feb-2018	Andrew Scull <ascull@google.com>	Merge "LSS: check whether to cache SP in handler"
29b9de5b8a9b38290c2855890ae1f7a93c0b8421	01-Feb-2018	Dmitry Dementyev <dementyev@google.com>	Update RecoveryController to use KeyStore grant API. Missing parts: 1) Whitelist locksettingsservice to use grant API. 2) Probably have similar update for recovered keys - they will live in system service and RecoveryAgent will use getKey() method to access them. 3) ApplicationKeyStorageTest Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I584b89e3f777bed679b2eb5173750f3f1dee3635 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
ede482d4af5155a79f2f1eceecc333aa94d8c11b	30-Jan-2018	Andrew Scull <ascull@google.com>	LSS: check whether to cache SP in handler LockSettingsService should not call DevicePolicyManagerService while holding a lock this will likely lead to a deadlock. That was the case here so post to a handler to drop the LSS locks. Fix: 72538198 Test: runtest frameworks-services -p com.android.server.locksettings Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases \ -t com.android.cts.devicepolicy.ManagedProfileTest#testResetPasswordTokenUsableAfterClearingLock Change-Id: I74bdb2a556ff97f6ae76881ca0e13d9a6e0c706f /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
0f06d061256f465a5c789dc173c752787d04faf0	27-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Merge "Rename RecoveryController.getRecoveryData() to getKeyChainSnapshot."
b4fb98777006bc3c2bb038d50473663fbc92932c	26-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Rename RecoveryController.getRecoveryData() to getKeyChainSnapshot. Bug: 72299798 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I1a530414d255867786142fa2e01e50469379e295 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
6e16724fb66e4bd14274768174379aa88c34464f	26-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Remove platform key when user disables lock screen protection Correctly sync keys on LSKF update. Bug: 72443379 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2569310388a6f852c86d560663024d8c8dadb761 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
33f89debe3b43aa20620a08cdaed73fd8cb2cfca	24-Jan-2018	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Only run KeySyncTask after a successful screen unlock"
0916e7ca44aba5e6c89d75007da805697fdace9e	23-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Prepare KeyStore RecoveryController API for review. - set/get recovery status simplification - adding account to WrappedKey - moving recovery methods to the Session class. There are small cosmetical changes to .aidl which don't affect implementation logic. Bug: 72299798 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I9efaa4cde42cf778bb97ed13f62750a65d8c6cb5 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
d51fdf01052ef0b4bed81fb086872fe26f7cf337	23-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Merge "Move APIs to final location in preparation for API review"
81ee34bf957dffe020442e3f0c6c06817397ebf0	23-Jan-2018	Robert Berry <robertberry@google.com>	Move APIs to final location in preparation for API review Leave old APIs in current location for backwards compatibility reasons. Bug: 72298565 Test: Tried flow with current versions of GMSCore to ensure they work still Change-Id: Iafc2b8ad8a574460dbb2482a67935debe71f1113 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
da464f35fb5a710f4043e12b98d77bda44f5cd51	23-Jan-2018	Andrew Scull <ascull@google.com>	Merge "Make us of the authsecret HAL."
40386dfddcf607332c949c1f5bc4466eaba58422	22-Jan-2018	Robert Berry <robertberry@google.com>	Only run KeySyncTask after a successful screen unlock Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I7248587f555ad921c54097f13b128df40f9b3855 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
e6527c1285cf38057d95c33f5fac4f4ea124e003	05-Jan-2018	Andrew Scull <ascull@google.com>	Make us of the authsecret HAL. Derive a secret from the primary user's synthetic password and pass it to the HAL. Bug: 71527305 Test: runtest frameworks-services -p com.android.server.locksettings Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy Change-Id: If3ed5d56375e9fd81fcbb16b172e908804fd568a /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
2bcdad95330c75e3122d0736f1a40acd521dc243	18-Jan-2018	Robert Berry <robertberry@google.com>	Use RecoverySession object to hide session IDs (redux) Session IDs are an implementation detail that the framework can (and should) abstract away. This was previously reverted due to breaking master. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I4427c818348c054ada39d799b6da3b739f27eba9 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
588a06f5a25adad63337ac481f9e1b55dcc169a1	18-Jan-2018	Robert Berry <robertberry@google.com>	Merge "Revert "Use RecoverySession object to hide session IDs""
9fa87627eda1028723b0df5dc6f1a359ac4b99df	18-Jan-2018	Robert Berry <robertberry@google.com>	Revert "Use RecoverySession object to hide session IDs" This reverts commit 988c55ce67459553bad517426a924d06a89b059f. Reason for revert: broke some tests Change-Id: Ib43099aebc8ff025e052337475bab13445da74eb /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
c4e99794e9d9b160889ebf1defa1c603a3b94d22	18-Jan-2018	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Use RecoverySession object to hide session IDs"
988c55ce67459553bad517426a924d06a89b059f	17-Jan-2018	Robert Berry <robertberry@google.com>	Use RecoverySession object to hide session IDs Session IDs are an implementation detail that the framework can (and should) abstract away. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ieba641a9b54ac9bba197a6e9749b621a07e40c67 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
9e1bd362df96daeda3cce5f536e57479f7ea6105	18-Jan-2018	Robert Berry <robertberry@google.com>	Rename KeychainProtectionParameter to KeychainProtectionParams Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iab6d85d0be38e1a09ce78bb96b8f68493de65be9 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
b1a00d5e16fd1b5ebb39e0d462c5216bc453e701	17-Jan-2018	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Use better names for associated classes of RecoveryManager"
5f138701fe5c652199aae4845caf83797ead4c82	17-Jan-2018	Robert Berry <robertberry@google.com>	Use better names for associated classes of RecoveryManager I will also rename RecoveryManager to RecoveryController -- in a separate CL, as this one is already becoming too large. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2fb4e1f55fb50d95f15c230783c3d289dd71f7f3 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
1416bd022f344b4fdeadcbdbf2f87e19f0fac7e7	05-Jan-2018	Andrew Scull <ascull@google.com>	Ensure a user's SP does't change. Changes of the SP are caused by untrusted credential reset which can be triggered by certain admin modes. When such an admin is active, the SP needs to be cached. Untrusted reset will be removed in a future release at which point this caching can also be removed. Bug: 71527305 Test: runtest frameworks-services -p com.android.server.locksettings Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy Change-Id: I54f3b299b79ce019ba679b5550d37fd090b679fb /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
7d8c78a2c88a4898a63b918ab8b974aecd7b165b	13-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Refactor KeyStore Recovery Manager. 1) Parameters -> Params 2) Use byte[] for serivice parameters. 2) Move Exception into separate class. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I1b9a8748830f7deb9eeb57693f5a818a49a7aabe /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
ed89ea04e48f0c629c6511a2e41a9979da575881	11-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Big RecoverableKeyStoreLoader refactoring. The change is based on API review. 1) package and class names update 2) Builders for Parcelables. 3) Use Constant for RECOVER_KEYSTORE permission defined in android.Manifest. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I49f80acbb6dc0eb6d049e18e8cb0d1aa326dadb2 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
260b9308afa51e4cad2eb33055964f5926db8c19	10-Jan-2018	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Correct synthetic password test assertions."
7f4ff4c17f3668080dcefa1f8acbbff5df184f0b	05-Jan-2018	Andrew Scull <ascull@google.com>	Correct synthetic password test assertions. assertNotSame() compares object references not integer values which are auto-boxed and so are never the same object. Test: runtest frameworks-services -p com.android.server.locksettings Change-Id: I70b54474004e7be843a5a0d352fe555f9d81cf75 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
77183effbf21cbaa9dd81b31ba5c0e1a580619a3	06-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Update recovery snapshot version. There is exactly one snapshot per userId - recovery agent uid pair. Version is incremented when 1) User credential is updated 2) User unlockes phone and list of application keys was changes since last snapshot creation. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6ab98fcbbb05e33958e6def644b40441cb52de6a /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
5daccec818ffc26fafb795b17d5b1f76fbce3a60	06-Jan-2018	Robert Berry <robertberry@google.com>	Add API to remove recoverable keys Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ib69e730467974d34ffe4a700bd6aaf4543a524ae /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
1429831ac86ad48b3ea7cb39f7c1234d9272dc0b	05-Jan-2018	Dmitry Dementyev <dementyev@google.com>	Remove unused userId parameter from RecoverableKeyStoreManager. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ibf09724839cbdbf7172462ce0368278c7e65155f /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
57e77f7c1370a563d130586c978c4870e6a78193	03-Jan-2018	Bo Zhu <bozhu@google.com>	Fix some nits while reading the code Test: None Change-Id: Id231a497ad1c27de257f9e9f02f8373c5c67a68d /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
f899bff7a0fa2f8a5969d063d731b623a71f249f	28-Dec-2017	Robert Berry <robertberry@google.com>	Add missing calls to key sync task in LockSettingsService On my device at least this was never getting called. Not sure if both of these are needed. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I693cf2f12a6d113b68dd4a8515aee97f4efb7b18 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
14cddc465bcda7ba1ae2f97ada23c82a507abdf4	22-Dec-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Implement generateAndStoreKey"
cfc990a49ddc00f3ca972b463c6475d7d5ac7b41	22-Dec-2017	Robert Berry <robertberry@google.com>	Implement generateAndStoreKey For now just returns raw key material. In the future we will need to change this to use the KeyStore move api. (Once that has been implemented.) Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I8aee4da81f0f853503f570dae8d74e1d29f124cc /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
bd4c43c686d2d2bb36e25f07b19aa5adfac21301	22-Dec-2017	Robert Berry <robertberry@google.com>	Update recoverKeys to return raw material This is a temporary solution, while the KeyStore team works on adding a move API to KeyStore. (At which point this will be updated to instead return 'move tokens', allowing the user to move the key from the system's keystore to their own, without ever seeing the raw material.) Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2241a6da15d50c26a7b384d4e5b6f78366fb9300 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
af5bac3d2350dc60f645ef6ece93d6a5417c50a9	21-Dec-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Profile lock timeout."
6a509e4a84c57d1a18eeabac9a78d6843ad0f91b	19-Dec-2017	Dmitry Dementyev <dementyev@google.com>	Notify RecoverableKeyStoreLoader about successful unlock. Use simple pattern matching to distinguish between between pin and passwords. Test: none Bug: 66499222 Change-Id: I5cf7c37b22b2c90a9d6a61bd40de45d69cb1364d /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
b8b030bdbb1aa20d74bedce3ca6f302be5421a86	19-Dec-2017	Dmitry Dementyev <dementyev@google.com>	Add more methods to RecoverableKeyStoreLoader. 1) Methods to get key status. 2) Register pending intent to get notification about new recovery snapshots. Test: none Bug: 66499222 Change-Id: I4d5f8c1a6581b5e08f4589e19961d93c499689e1 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
1aa96132bdcbaf89f7a69d6c3664790f08f87cc9	11-Dec-2017	Dmitry Dementyev <dementyev@google.com>	Add RecoverableKeyStoreLoader implementation in LockSettingsService. 1) Updates to ILockSettings.aidl Since we can't pass arbitrary exception using IPC, Serrvice converts them to ServiceSpecificException with an error code. 2) Added RecoverableKeyStoreManager class which is used as interface between RecoverableKeyStoreLoader implementation and LockSettingsService. Test: none Bug: 66499222 Change-Id: I03b695bc0ced1a91ea7ca5de179e121053dfe416 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
28939988f0da2f37bac87a6929a1584ad18fdeba	03-Oct-2017	Pavel Grafov <pgrafov@google.com>	Profile lock timeout. When a managed profile has separate lock (a.k.a work challenge) and maximum screen off timeout set by admin, this timeout will only cause the profile to get locked, not the whole device. PowerManagerService now tracks some per-profile state for profiles that have lock timeout set by admin and have separate lock: 1. timeout set by admin. 2. wake lock summary 3. last activity time 4. whether the profile is considered active 5. whether the profile got locked last time it went inactive. Wake lock summaries and last activity times are updated at the same time as global wake lock summary/user activity is updated. Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services Bug: 63908311 Change-Id: Ief7be4e0bf12bdbedef94a129a13d07a9f98e75c /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
cf326f1882476d76a63f5b700a397088c312e050	15-Nov-2017	Rubin Xu <rubinxu@google.com>	Let keyguard UI procced as soon as user password is validated Notify the callback as soon as first stage password verification passes, leaving the decryption of synthetic password in the background. This should reduce the perceived latency of device unlock UI wise. Bug: 68380673 Test: Measured time manually, unlock on marlin now takes 70ms, and taimen takes 90ms. Change-Id: Ibb787251f8fea776c6745d45ee2d8ab60515a5f4 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
fe354477c186090165d79357d07b7047ef86cba4	21-Nov-2017	Rubin Xu <rubinxu@google.com>	Remove unnecessary RemoteException declaration Bug: 62264551 Test: compiles Change-Id: I0b5149b233b4f68b06088cb8edac488b6d1d17dd /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
2adc263ce97ae6c8291653490868879841d31a63	05-Sep-2017	Adrian Roos <roosa@google.com>	FRP: Add config flag for disabling credential FRP Bug: 65258606 Test: Verify FRP still works when not disabled Change-Id: I78e308b6eaba73c794615b1eebdbfacb334ae72f /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
24570e49f3f56ee9439493cbdc039894eb9af850	19-Sep-2017	Rubin Xu <rubinxu@google.com>	Fail gracefully if password reset token is invalidated This can happen if the user went through an untrusted credential reset, which causes it's synthetic password to change. In this case fail gracefully. Bug: 65912645 Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testResetPasswordWithToken Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testResetPasswordTokenUsableAfterClearingLock Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testResetPasswordWithTokenBeforeUnlock Change-Id: I2f2fc4fbaa97cde6f4c1997e27aa5087b0a42b19 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
4f988c98bf3ea4069d33c538ec3467a86b6d5f6c	12-Sep-2017	Rubin Xu <rubinxu@google.com>	Fix typo in LockSettingsService.getDecryptedPasswordsForAllTiedProfiles This would have led to existing work profile password not being computed, causing an untrusted credential reset of the work profile when clearing device lock. Bug: 65579699 Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testResetPasswordTokenUsableAfterClearingLock Change-Id: I19e47c511bde693537b40fb652cbdf98a66fb8c1 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
7cf4509c31f3dc1c32f89c26867a50c4ed0d5618	28-Aug-2017	Rubin Xu <rubinxu@google.com>	Fix resetPasswordWithToken before user unlock 1. Fix system server crash when resetPasswordWithToken is called before use unlock, due to DPMS enforces user is unlocked when calculating password sufficiency. 2. Propogate new password metric from LockSettingsService to DPMS after a password reset with token, and fix a bug where stale quality was used. Bug: 64923343 Bug: 64928518 Bug: 65286643 Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.ManagedProfileTest#testResetPasswordWithTokenBeforeUnlock Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testResetPasswordWithToken Test: runtest frameworks-services -p com.android.server.locksettings Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24#testRunDeviceOwnerPasswordTest Test: runtest frameworks-core -c android.app.admin.PasswordMetricsTest Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest Change-Id: Ibb3736547b3b36da4a8a67af711e08a38427aa56 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
0acc4bf545b0bea215407f72a2c855f5bd15711c	23-Aug-2017	Pavel Grafov <pgrafov@google.com>	Unlock managed profile keystore when user is unlocked. With file based encryption when the user unlock the phone, managed profile is already running (in a locked state). But on full disk encryption devices, LSS attempts to unlock child profile straight after unlocking user 0, which fails because the profile is not yet running. With this change once the profile gets unlocked (happens after ActivityManagerService processes START_PROFILES_MSG message) LSS will attempt to unlock its keystore. Bug: 64722589 Test: manual, tried FDE and FBE devices with unified challenge. Change-Id: Ic614cc3c6732a3db6aaf56fef1822e358d742510 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
713a92390eb6ee50935be9030ef52160497b9242	18-Aug-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "LockSettings: Enforce permission check on havePattern/havePassword/systemReady" into oc-mr1-dev
b953e188d005a8bce937577d8b7fe16eec9d7a99	17-Aug-2017	Adrian Roos <roosa@google.com>	LockSettings: Enforce permission check on havePattern/havePassword/systemReady Also adds SafetyNet logging for attempted unauthorized access. Change-Id: I7c5226ead332d015045dd1af6afe0e59257f0d89 Fixes: 28251513 Test: Verify everything still works; "adb shell service call locksettings 13" (and 14,20) must return a security exception. /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
4996a358434e62204a009f3f3c9d6fa261f741b4	14-Aug-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "FRP: Add migration for upgrading from a version without FRP credential" into oc-mr1-dev
60409a925574c2e1e6572f92d1c24a37e86443f7	11-Aug-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Reset fingerprint lockout upon successful unlock" into oc-mr1-dev
60dcbbf9232dc4b19c39c0a131b9819ea86dbda2	08-Aug-2017	Adrian Roos <roosa@google.com>	FRP: Add migration for upgrading from a version without FRP credential Adds logic to migrate the device owners credential to the persistent data block if the device has been upgraded from a version without FRP credential to one with. Change-Id: I239aaf64506969d60eba8098bfceb24f846ccc94 Fixes: 63039966 Test: Migrate phone from OC-DR1 build. Factory reset. Verify FRP credential works. /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
3d558d8dd8e26bd4e0516129cea9f49f40e4ef94	11-Aug-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "FRP: clear FRP when setup complete if not set up" into oc-mr1-dev
4dc098aed14cf42a343932d2074025e8caf16feb	09-Aug-2017	Kevin Chyn <kchyn@google.com>	Reset fingerprint lockout upon successful unlock FingerprintSettings should not start listening for fingerprints until after Pin/Pattern/Pass is entered Fixes: 63437524 Fixes: 63739006 Test: open FP settings, touch an invalid finger 5 times close FP settings, re-enter FP settings, enter Pin/Pattern/Pass touch FP with valid finger, should not be in lockout mode Change-Id: I9b322248b30f3c4f49414e5bc0693f03a8f2dbe4 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
e053c1e5fb69fa87c534f2ba489f10bdcac3120c	08-Aug-2017	Pavel Grafov <pgrafov@google.com>	Mark profile password key as critical. Currently it is erased when keystore for user 0 is cleared, e.g. when the user clears data for Settings app. Bug: 64467610 Bug: 35929605 Test: Manually cleared Settings data. Test: Manually cleared credentials from Settings. Change-Id: I7e8753a1bf53f5d68d4738a4eb84faa890f026cc /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
454f53f7fd7084d6d9cda4376cb8ff7c4dca7983	08-Aug-2017	Adrian Roos <roosa@google.com>	FRP: clear FRP when setup complete if not set up When setup completes and the user has not set up a new secure credential, clear the FRP credential. Otherwise, if the user factory resets again, we will ask for a stale credential that they never set up. Change-Id: I824eb6a9308d9783220f670df19869137a9f3a5f Fixes: 63016537 Test: Set up FRP credential, factory reset, go through setup without setting up a pin/pattern/password, factory reset again, verify not being asked for frp credential /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
971f2948fbee3766ec01907f5a6e23f4c9bb4872	12-Jul-2017	Andrew Scull <ascull@google.com>	Credential FRP: remove GateKeeper From O-DR, all new credentials will be synthetic password based. A GateKeeper credential could be enrolled but that would require `adb shell cmd lock_settings sp 0`. Credential FRP won't be released before O-DR so there is no need to handle GateKeeper credentials. The protocol constants have been updated because they are not yet in use. Bug: 36814845 Test: runtest frameworks-services -p com.android.server.locksettings Change-Id: Id0def06bb56fef47f3151f4f5cd0db738b35979f /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
16c823ebf398138add71ad8ff82053e3676f85c3	27-Jun-2017	Rubin Xu <rubinxu@google.com>	Fix LSS unit tests and make behaviour consistent under synthetic password 1. Fix LSS unit tests: new credential initialization steps when synthetic password is used. 2. Fix LSS behaviour under SP: If credential matches but type doesn't, treat this as failure. 3. Fix LSS behaviour under SP: when changing credential, if old credential is provided but is incorrect, fail instead of performing an untrusted enroll. Bug: 63064202 Test: runtest frameworks-services -p com.android.server.locksettings Change-Id: I762d3f4cc8fa5e4270b851721e0208c7a0f0152a /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
e94a7703cc927c4bf4c4791ea342a57c9217101f	20-Jun-2017	Rubin Xu <rubinxu@google.com>	Do not call into ActivityManager when holding mSpManager lock Otherwise deadlock will arise since keyguard related execution flow calls into LockSettingsService.havePassword() when holding ActivityManager lock. Bug: 62533880 Test: 1. Set device with Pattern/PIN/Password 2. From Quick Settings > Select Add user 3. From Secondary user welcome screen Click "Cancel" and then choose "Keep user" 4. Swipe to go to Security lock screen > Tap on Emergency link > Select Emergency Information > Tap on Edit icon 5. Now unlock the device using PIN/Password/Pattern 6. No deadlock should be observed Change-Id: I41ec9d44a10c8ea6d2aff270a947fd3b8209fbcf /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
ff4c2659184d55ad1f7285d883ff94e87891cf33	01-Jun-2017	Paul Crowley <paulcrowley@google.com>	Merge "Revert "Revert "Make synthetic password enabled by default"""
7a0cc0a7fbfaae2843dd333ab8e62731bc04e2b2	01-Jun-2017	Paul Crowley <paulcrowley@google.com>	Revert "Revert "Make synthetic password enabled by default"" This reverts commit 4519c0b1ef6ee00430f4c223aba1803fa862c031. Change-Id: Ie39f1f5af085598fd9b919f25fd6548b0786524c /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
7374d3a4bca6bfbf7da1ef5dbf0db9f35f0c8315	31-Mar-2017	Adrian Roos <roosa@google.com>	Credential FRP: Add implementation - Adds a facility to store a credential handle that survives factory reset - Adds a method to KeyguardManager for verifying the stored credential for SetupWizard - Dark launches persisting the primary user's credential as the FRP credential (behind a default-off flag) Future work: - Use a separate GK handle / synthetic password for the FRP credential - Enroll the FRP credential in verifyCredential for the upgrade case Bug: 36814845 Test: runtest -x core/tests/coretests/src/com/android/internal/widget/LockPatternUtilsTest.java && runtest -x services/tests/servicestests/src/com/android/server/LockSettingsStorageTests.java && runtest -x services/tests/servicestests/src/com/android/server/SyntheticPasswordTests.java Change-Id: Ia739408c5ecb169e5f09670cd9ceaa7febc2b1cc /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
3b3388ca64a818f2c036cf0dbf02a9e011ccc8de	26-May-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Revert "Make synthetic password enabled by default""
4519c0b1ef6ee00430f4c223aba1803fa862c031	26-May-2017	Paul Crowley <paulcrowley@google.com>	Revert "Make synthetic password enabled by default" This reverts commit 4d36be3f1d157dccbdd373d76e9af30cc84ce781. Change-Id: Ic4615a30f4460541049de7175ad84db1d1fc8a86 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
766ee6a88177aec8330f3e6bb9993e184d92b997	26-May-2017	Paul Crowley <paulcrowley@google.com>	Merge "Make synthetic password enabled by default"
e483b56ea8454886a892a6840d3f71ce9fd5becf	15-May-2017	Bryan Mawhinney <bryanmawhinney@google.com>	Backup / restore additional lock screen settings Bug: 22630260 Test: manual :-( Change-Id: I5c7f3c3a73398cdb14568fb3fcff9410afcef660 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
62719b1a860ebe8c0af3b87c3f81116dcbbd3209	22-May-2017	Rubin Xu <rubinxu@google.com>	Merge "Restore resetKeyStore() logic of clearing SYSTEM uid"
8fc2ec832f765a51c8fcd04cc89428a3ced4b605	19-May-2017	Andrew Scull <ascull@google.com>	Resolve error-prone warnings. Objects used for synchronisation should be final and inner classes should be static, if possible. Change-Id: I2be5bae504835660fad752048b2ab9c7076fafc0 Fix: 38442000 Test: Build /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
24b89b1a4295f9c2c33fa00a4a9ea7f94d26a938	26-Apr-2017	Rubin Xu <rubinxu@google.com>	Restore resetKeyStore() logic of clearing SYSTEM uid Keystore no longer clears keys critical to device encryption flow so no need to skip clearing SYSTEM's keystore entries here. Bug: 34600579 Test: Add device lock under synthtic password, goto Settings/security/encryption, tap clear credentials and verify device lock is still intact. Change-Id: I191a545181771693fd2d75f1c23d14a6b74278af /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
4d36be3f1d157dccbdd373d76e9af30cc84ce781	25-Apr-2017	Rubin Xu <rubinxu@google.com>	Make synthetic password enabled by default Also provide a shell command to disable it, for testing purpose. Bug: 37464893 Test: manual Change-Id: Ibe1276a0e52abff840d3094a822519dd3fc46672 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
a0a0d350f54129abd8d829ba289c10893f51420a	15-May-2017	Rubin Xu <rubinxu@google.com>	Merge "Fix a deadlock in LockSettingsService" into oc-dev am: 00496c40f6 am: 94143edff6 Change-Id: I95bb0cbed6b2c2821c183c2b2448371828bfcab3
507d11c9353666a75fee014565f900825a907691	03-May-2017	Andrew Scull <ascull@google.com>	Move LockSettingsService into locksettings package. This service now has a large number of support classes so move them into their own package to keep things tidy and easier to refactor. Bug: 37090873 Test: runtest frameworks-services -c com.android.server.locksettings.LockSettingsServiceTests Test: runtest frameworks-services -c com.android.server.locksettings.LockSettingsShellCommandTest Test: runtest frameworks-services -c com.android.server.locksettings.SyntheticPasswordTests Change-Id: Ic3cd00e6565749defd74498a3491c3d9b914ad90 /frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java