frameworks: base: Port password retention feature

Port password retention feature for HW FDE. This patch also include these changes: - Fix clearing of retained password - keyguard: Fix password doesnot sanitize after verification - LockSettings: fix the get password issue during boot up - frameworks/base: Fix pattern update issue CRs-Fixed: 2210986 Change-Id: I2def56b14c10229b72feccd1c97b281cad65f282
author: AnilKumar Chimata <anilc@codeaurora.org> 2017-05-18 12:35:20 -0700
committer: dianlujitao <dianlujitao@lineageos.org> 2019-11-01 04:13:31 +0100
commit: d725454570d05ab2491ebbf25de4539259ef2d53 (patch)
tree: d8a89ec6e78b1e81ce168f748cb38e7d247c401e
parent: 5ce00a98a5e4f051432e2095230caf73359da8b9 (diff)
download: android_frameworks_base-d725454570d05ab2491ebbf25de4539259ef2d53.tar.gz
android_frameworks_base-d725454570d05ab2491ebbf25de4539259ef2d53.tar.bz2
android_frameworks_base-d725454570d05ab2491ebbf25de4539259ef2d53.zip
6 files changed, 79 insertions, 2 deletions
diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl
index 6897f641287..8a4b0489ec7 100644
--- a/core/java/com/android/internal/widget/ILockSettings.aidl
+++ b/core/java/com/android/internal/widget/ILockSettings.aidl
@@ -91,4 +91,6 @@ interface ILockSettings {
             in byte[] recoveryKeyBlob,
             in List<WrappedApplicationKey> applicationKeys);
     void closeSession(in String sessionId);
+    void sanitizePassword();
+    String getPassword();
 }
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 550daf250d2..1f49cab9897 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -810,6 +810,17 @@ public class LockPatternUtils {
         return true;
     }
 
+    /**
+     * clears stored password.
+     */
+    public void sanitizePassword() {
+        try {
+            getLockSettings().sanitizePassword();
+        } catch (RemoteException re) {
+            Log.e(TAG, "Couldn't sanitize password" + re);
+        }
+    }
+
     private void updateCryptoUserInfo(int userId) {
         if (userId != UserHandle.USER_SYSTEM) {
             return;
diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java b/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java
index 2ff7266baec..9d75e43bd40 100644
--- a/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java
+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java
@@ -200,6 +200,7 @@ public abstract class KeyguardAbsKeyInputView extends LinearLayout
             boolean isValidPassword) {
         boolean dismissKeyguard = KeyguardUpdateMonitor.getCurrentUser() == userId;
         if (matched) {
+            mLockPatternUtils.sanitizePassword();
             mCallback.reportUnlockAttempt(userId, true, 0);
             if (dismissKeyguard) {
                 mDismissing = true;
diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java b/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java
index 83195301ff8..c4e617a4ac0 100644
--- a/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java
+++ b/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java
@@ -351,6 +351,7 @@ public class KeyguardPatternView extends LinearLayout implements KeyguardSecurit
                 boolean isValidPattern) {
             boolean dismissKeyguard = KeyguardUpdateMonitor.getCurrentUser() == userId;
             if (matched) {
+                mLockPatternUtils.sanitizePassword();
                 mCallback.reportUnlockAttempt(userId, true, 0);
                 if (dismissKeyguard) {
                     mLockPatternView.setDisplayMode(LockPatternView.DisplayMode.Correct);
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 72f40cc0351..40c97f4cbe6 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -138,6 +138,7 @@ import com.android.internal.util.FastXmlSerializer;
 import com.android.internal.util.HexDump;
 import com.android.internal.util.IndentingPrintWriter;
 import com.android.internal.util.Preconditions;
+import com.android.internal.widget.ILockSettings;
 import com.android.internal.widget.LockPatternUtils;
 import com.android.server.storage.AppFuseBridge;
 import com.android.server.wm.ActivityTaskManagerInternal;
@@ -2512,8 +2513,22 @@ class StorageManagerService extends IStorageManager.Stub
             Slog.i(TAG, "changing encryption password...");
         }
 
+        ILockSettings lockSettings = ILockSettings.Stub.asInterface(
+                        ServiceManager.getService("lock_settings"));
+        String currentPassword="default_password";
         try {
-            mVold.fdeChangePassword(type, password);
+            currentPassword = lockSettings.getPassword();
+        } catch (Exception e) {
+            Slog.wtf(TAG, "Couldn't get password" + e);
+        }
+
+        try {
+            mVold.fdeChangePassword(type, currentPassword, password);
+            try {
+                lockSettings.sanitizePassword();
+            } catch (Exception e) {
+                Slog.wtf(TAG, "Couldn't sanitize password" + e);
+            }
             return 0;
         } catch (Exception e) {
             Slog.wtf(TAG, e);
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index d87154bf14a..0d98994ec82 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -174,6 +174,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     // Order of holding lock: mSeparateChallengeLock -> mSpManager -> this
     // Do not call into ActivityManager while holding mSpManager lock.
     private final Object mSeparateChallengeLock = new Object();
+    private static final String DEFAULT_PASSWORD = "default_password";
 
     private final DeviceProvisionedObserver mDeviceProvisionedObserver =
             new DeviceProvisionedObserver();
@@ -195,6 +196,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     private final SyntheticPasswordManager mSpManager;
 
     private final KeyStore mKeyStore;
+    private static String mSavePassword = DEFAULT_PASSWORD;
 
     private final RecoverableKeyStoreManager mRecoverableKeyStoreManager;
 
@@ -1119,6 +1121,45 @@ public class LockSettingsService extends ILockSettings.Stub {
         return mStorage.hasCredential(userId);
     }
 
+    public void retainPassword(String password) {
+        if (LockPatternUtils.isDeviceEncryptionEnabled()) {
+            if (password != null)
+                mSavePassword = password;
+            else
+                mSavePassword = DEFAULT_PASSWORD;
+        }
+    }
+
+    public void sanitizePassword() {
+        if (LockPatternUtils.isDeviceEncryptionEnabled()) {
+            mSavePassword = DEFAULT_PASSWORD;
+        }
+    }
+
+    private boolean checkCryptKeeperPermissions() {
+        boolean permission_err = false;
+        try {
+            mContext.enforceCallingOrSelfPermission(
+                       android.Manifest.permission.CRYPT_KEEPER,
+                       "no permission to get the password");
+        } catch (SecurityException e) {
+            permission_err = true;
+        }
+        return permission_err;
+    }
+
+    public String getPassword() {
+       /** if calling process does't have crypt keeper or admin permissions,
+         * throw the exception.
+         */
+       if (checkCryptKeeperPermissions())
+            mContext.enforceCallingOrSelfPermission(
+                    android.Manifest.permission.MANAGE_DEVICE_ADMINS,
+                    "no crypt_keeper or admin permission to get the password");
+
+       return mSavePassword;
+    }
+
     private void setKeystorePassword(byte[] password, int userHandle) {
         final KeyStore ks = KeyStore.getInstance();
         // TODO(b/120484642): Update keystore to accept byte[] passwords
@@ -1749,7 +1790,13 @@ public class LockSettingsService extends ILockSettings.Stub {
     public VerifyCredentialResponse checkCredential(byte[] credential, int type, int userId,
             ICheckCredentialProgressCallback progressCallback) throws RemoteException {
         checkPasswordReadPermission(userId);
-        return doVerifyCredential(credential, type, false, 0, userId, progressCallback);
+        VerifyCredentialResponse response = doVerifyCredential(credential, type,
+                                        false, 0, userId, progressCallback);
+        if ((response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) &&
+                                           (userId == UserHandle.USER_OWNER)) {
+                retainPassword(credential);
+        }
+        return response;
     }
 
     @Override
author	AnilKumar Chimata <anilc@codeaurora.org>	2017-05-18 12:35:20 -0700
committer	dianlujitao <dianlujitao@lineageos.org>	2019-11-01 04:13:31 +0100
commit	d725454570d05ab2491ebbf25de4539259ef2d53 (patch)
tree	d8a89ec6e78b1e81ce168f748cb38e7d247c401e
parent	5ce00a98a5e4f051432e2095230caf73359da8b9 (diff)
download	android_frameworks_base-d725454570d05ab2491ebbf25de4539259ef2d53.tar.gz android_frameworks_base-d725454570d05ab2491ebbf25de4539259ef2d53.tar.bz2 android_frameworks_base-d725454570d05ab2491ebbf25de4539259ef2d53.zip