Wire up GateKeeper to LockSettingsService

Adds:
- Communication to GKService
- password upgrade flow
- enroll takes previous credential

Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a

Android.mk

@@ -209,6 +209,7 @@ LOCAL_SRC_FILES += \
 	core/java/android/security/IKeystoreService.aidl \
 	core/java/android/service/carrier/ICarrierMessagingCallback.aidl \
 	core/java/android/service/carrier/ICarrierMessagingService.aidl \
+	core/java/android/service/gatekeeper/IGateKeeperService.aidl \
 	core/java/android/service/notification/INotificationListener.aidl \
 	core/java/android/service/notification/IStatusBarNotificationHolder.aidl \
 	core/java/android/service/notification/IConditionListener.aidl \

core/java/android/service/gatekeeper/IGateKeeperService.aidl

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.service.gatekeeper;
+
+/**
+ * Interface for communication with GateKeeper, the
+ * secure password storage daemon.
+ *
+ * This must be kept manually in sync with system/core/gatekeeperd
+ * until AIDL can generate both C++ and Java bindings.
+ *
+ * @hide
+ */
+interface IGateKeeperService {
+    /**
+     * Enrolls a password, returning the handle to the enrollment to be stored locally.
+     * @param uid The Android user ID associated to this enrollment
+     * @param currentPasswordHandle The previously enrolled handle, or null if none
+     * @param currentPassword The previously enrolled plaintext password, or null if none.
+     *                        If provided, must verify against the currentPasswordHandle.
+     * @param desiredPassword The new desired password, for which a handle will be returned
+     *                        upon success.
+     * @return the handle corresponding to desiredPassword, or null
+     */
+    byte[] enroll(int uid, in byte[] currentPasswordHandle, in byte[] currentPassword,
+            in byte[] desiredPassword);
+
+    /**
+     * Verifies an enrolled handle against a provided, plaintext blob.
+     * @param uid The Android user ID associated to this enrollment
+     * @param enrolledPasswordHandle The handle against which the provided password will be
+     *                               verified.
+     * @param The plaintext blob to verify against enrolledPassword.
+     * @return true if success, false if failure
+     */
+    boolean verify(int uid, in byte[] enrolledPasswordHandle, in byte[] providedPassword);
+}

core/java/com/android/internal/widget/ILockSettings.aidl

@@ -24,9 +24,9 @@ interface ILockSettings {
     boolean getBoolean(in String key, in boolean defaultValue, in int userId);
     long getLong(in String key, in long defaultValue, in int userId);
     String getString(in String key, in String defaultValue, in int userId);
-    void setLockPattern(in String pattern, int userId);
+    void setLockPattern(in String pattern, in String savedPattern, int userId);
     boolean checkPattern(in String pattern, int userId);
-    void setLockPassword(in String password, int userId);
+    void setLockPassword(in String password, in String savedPassword, int userId);
     boolean checkPassword(in String password, int userId);
     boolean checkVoldPassword(int userId);
     boolean havePattern(int userId);

core/java/com/android/internal/widget/LockPatternUtils.java

@@ -425,8 +425,8 @@ public void clearLock(int userHandle) {
         setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle);
 
         try {
-            getLockSettings().setLockPassword(null, userHandle);
-            getLockSettings().setLockPattern(null, userHandle);
+            getLockSettings().setLockPassword(null, null, userHandle);
+            getLockSettings().setLockPattern(null, null, userHandle);
         } catch (RemoteException e) {
             // well, we tried...
         }
@@ -477,24 +477,30 @@ public boolean isLockScreenDisabled() {
     /**
      * Save a lock pattern.
      * @param pattern The new pattern to save.
+     * @param savedPattern The previously saved pattern, or null if none
      */
-    public void saveLockPattern(List<LockPatternView.Cell> pattern) {
-        this.saveLockPattern(pattern, getCurrentOrCallingUserId());
+    public void saveLockPattern(List<LockPatternView.Cell> pattern,
+            String savedPattern) {
+        this.saveLockPattern(pattern, savedPattern, getCurrentOrCallingUserId());
     }
 
+    public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) {
+        this.saveLockPattern(pattern, null, userId);
+    }
     /**
      * Save a lock pattern.
      * @param pattern The new pattern to save.
+     * @param savedPattern The previously saved pattern, converted to String format
      * @param userId the user whose pattern is to be saved.
      */
-    public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) {
+    public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern, int userId) {
         try {
             if (pattern == null || pattern.size() < MIN_LOCK_PATTERN_SIZE) {
                 throw new IllegalArgumentException("pattern must not be null and at least "
                         + MIN_LOCK_PATTERN_SIZE + " dots long.");
             }
 
-            getLockSettings().setLockPattern(patternToString(pattern), userId);
+            getLockSettings().setLockPattern(patternToString(pattern), savedPattern, userId);
             DevicePolicyManager dpm = getDevicePolicyManager();
 
             // Update the device encryption password.
@@ -685,10 +691,11 @@ protected Void doInBackground(Void... dummy) {
      * as the requested mode, but will adjust the mode to be as good as the
      * pattern.
      * @param password The password to save
+     * @param savedPassword The previously saved lock password, or null if none
      * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
      */
-    public void saveLockPassword(String password, int quality) {
-        saveLockPassword(password, quality, getCurrentOrCallingUserId());
+    public void saveLockPassword(String password, String savedPassword, int quality) {
+        saveLockPassword(password, savedPassword, quality, getCurrentOrCallingUserId());
     }
 
     /**
@@ -699,15 +706,16 @@ public void saveLockPassword(String password, int quality) {
      * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
      * @param userHandle The userId of the user to change the password for
      */
-    public void saveLockPassword(String password, int quality, int userHandle) {
+    public void saveLockPassword(String password, String savedPassword, int quality,
+            int userHandle) {
         try {
             DevicePolicyManager dpm = getDevicePolicyManager();
             if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) {
                 throw new IllegalArgumentException("password must not be null and at least "
                         + "of length " + MIN_LOCK_PASSWORD_SIZE);
             }
 
-            getLockSettings().setLockPassword(password, userHandle);
+            getLockSettings().setLockPassword(password, savedPassword, userHandle);
             int computedQuality = computePasswordQuality(password);
 
             // Update the device encryption password.

packages/SettingsProvider/src/com/android/providers/settings/DatabaseHelper.java

@@ -2066,7 +2066,7 @@ private void upgradeLockPatternLocation(SQLiteDatabase db) {
                     LockPatternUtils lpu = new LockPatternUtils(mContext);
                     List<LockPatternView.Cell> cellPattern =
                             LockPatternUtils.stringToPattern(lockPattern);
-                    lpu.saveLockPattern(cellPattern);
+                    lpu.saveLockPattern(cellPattern, null);
                 } catch (IllegalArgumentException e) {
                     // Don't want corrupted lock pattern to hang the reboot process
                 }