Permalink
Browse files

Wire up GateKeeper to LockSettingsService

Adds:
- Communication to GKService
- password upgrade flow
- enroll takes previous credential

Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a
  • Loading branch information...
Andres Morales
Andres Morales committed Mar 31, 2015
1 parent 8320179 commit 8fa5665f0e757cec0063fb4cf1354f1596f93a91
View
@@ -209,6 +209,7 @@ LOCAL_SRC_FILES += \
core/java/android/security/IKeystoreService.aidl \
core/java/android/service/carrier/ICarrierMessagingCallback.aidl \
core/java/android/service/carrier/ICarrierMessagingService.aidl \
core/java/android/service/gatekeeper/IGateKeeperService.aidl \
core/java/android/service/notification/INotificationListener.aidl \
core/java/android/service/notification/IStatusBarNotificationHolder.aidl \
core/java/android/service/notification/IConditionListener.aidl \
@@ -0,0 +1,51 @@
/*
* Copyright (C) 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.service.gatekeeper;
/**
* Interface for communication with GateKeeper, the
* secure password storage daemon.
*
* This must be kept manually in sync with system/core/gatekeeperd
* until AIDL can generate both C++ and Java bindings.
*
* @hide
*/
interface IGateKeeperService {
/**
* Enrolls a password, returning the handle to the enrollment to be stored locally.
* @param uid The Android user ID associated to this enrollment
* @param currentPasswordHandle The previously enrolled handle, or null if none
* @param currentPassword The previously enrolled plaintext password, or null if none.
* If provided, must verify against the currentPasswordHandle.
* @param desiredPassword The new desired password, for which a handle will be returned
* upon success.
* @return the handle corresponding to desiredPassword, or null
*/
byte[] enroll(int uid, in byte[] currentPasswordHandle, in byte[] currentPassword,
in byte[] desiredPassword);
/**
* Verifies an enrolled handle against a provided, plaintext blob.
* @param uid The Android user ID associated to this enrollment
* @param enrolledPasswordHandle The handle against which the provided password will be
* verified.
* @param The plaintext blob to verify against enrolledPassword.
* @return true if success, false if failure
*/
boolean verify(int uid, in byte[] enrolledPasswordHandle, in byte[] providedPassword);
}
@@ -24,9 +24,9 @@ interface ILockSettings {
boolean getBoolean(in String key, in boolean defaultValue, in int userId);
long getLong(in String key, in long defaultValue, in int userId);
String getString(in String key, in String defaultValue, in int userId);
void setLockPattern(in String pattern, int userId);
void setLockPattern(in String pattern, in String savedPattern, int userId);
boolean checkPattern(in String pattern, int userId);
void setLockPassword(in String password, int userId);
void setLockPassword(in String password, in String savedPassword, int userId);
boolean checkPassword(in String password, int userId);
boolean checkVoldPassword(int userId);
boolean havePattern(int userId);
@@ -425,8 +425,8 @@ public void clearLock(int userHandle) {
setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle);
try {
getLockSettings().setLockPassword(null, userHandle);
getLockSettings().setLockPattern(null, userHandle);
getLockSettings().setLockPassword(null, null, userHandle);
getLockSettings().setLockPattern(null, null, userHandle);
} catch (RemoteException e) {
// well, we tried...
}
@@ -477,24 +477,30 @@ public boolean isLockScreenDisabled() {
/**
* Save a lock pattern.
* @param pattern The new pattern to save.
* @param savedPattern The previously saved pattern, or null if none
*/
public void saveLockPattern(List<LockPatternView.Cell> pattern) {
this.saveLockPattern(pattern, getCurrentOrCallingUserId());
public void saveLockPattern(List<LockPatternView.Cell> pattern,
String savedPattern) {
this.saveLockPattern(pattern, savedPattern, getCurrentOrCallingUserId());
}
public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) {
this.saveLockPattern(pattern, null, userId);
}
/**
* Save a lock pattern.
* @param pattern The new pattern to save.
* @param savedPattern The previously saved pattern, converted to String format
* @param userId the user whose pattern is to be saved.
*/
public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) {
public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern, int userId) {
try {
if (pattern == null || pattern.size() < MIN_LOCK_PATTERN_SIZE) {
throw new IllegalArgumentException("pattern must not be null and at least "
+ MIN_LOCK_PATTERN_SIZE + " dots long.");
}
getLockSettings().setLockPattern(patternToString(pattern), userId);
getLockSettings().setLockPattern(patternToString(pattern), savedPattern, userId);
DevicePolicyManager dpm = getDevicePolicyManager();
// Update the device encryption password.
@@ -685,10 +691,11 @@ protected Void doInBackground(Void... dummy) {
* as the requested mode, but will adjust the mode to be as good as the
* pattern.
* @param password The password to save
* @param savedPassword The previously saved lock password, or null if none
* @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
*/
public void saveLockPassword(String password, int quality) {
saveLockPassword(password, quality, getCurrentOrCallingUserId());
public void saveLockPassword(String password, String savedPassword, int quality) {
saveLockPassword(password, savedPassword, quality, getCurrentOrCallingUserId());
}
/**
@@ -699,15 +706,16 @@ public void saveLockPassword(String password, int quality) {
* @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
* @param userHandle The userId of the user to change the password for
*/
public void saveLockPassword(String password, int quality, int userHandle) {
public void saveLockPassword(String password, String savedPassword, int quality,
int userHandle) {
try {
DevicePolicyManager dpm = getDevicePolicyManager();
if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) {
throw new IllegalArgumentException("password must not be null and at least "
+ "of length " + MIN_LOCK_PASSWORD_SIZE);
}
getLockSettings().setLockPassword(password, userHandle);
getLockSettings().setLockPassword(password, savedPassword, userHandle);
int computedQuality = computePasswordQuality(password);
// Update the device encryption password.
@@ -2066,7 +2066,7 @@ private void upgradeLockPatternLocation(SQLiteDatabase db) {
LockPatternUtils lpu = new LockPatternUtils(mContext);
List<LockPatternView.Cell> cellPattern =
LockPatternUtils.stringToPattern(lockPattern);
lpu.saveLockPattern(cellPattern);
lpu.saveLockPattern(cellPattern, null);
} catch (IllegalArgumentException e) {
// Don't want corrupted lock pattern to hang the reboot process
}
Oops, something went wrong.

0 comments on commit 8fa5665

Please sign in to comment.