Fix clearing of retained password

HW accelerated FDE requires both old and new password to be sent to secure side to verify and update password. This requires storing of old password until password is verified. Initial approach of clearing old password after 60 seconds has a bug which resets old password to default if user delays entering new password. This fix would gives caller the responsibility to clear the password once password is updated. Change-Id: I0ea5cb92ec3908e31c081ce2af6a190c67aadc7b
author: Dinesh K Garg <dineshg@codeaurora.org> 2015-08-26 10:41:18 -0700
committer: Linux Build Service Account <lnxbuild@localhost> 2015-10-06 03:28:21 -0600
commit: a63e4f0488f1f82172d4f191958ff7867e6f4d47 (patch)
tree: 963f7bf37267b8c22103141601a8fed6a7770fed
parent: 1a37b5341a0b31994bdc6d30a71a904085922a6e (diff)
download: frameworks_base-a63e4f0488f1f82172d4f191958ff7867e6f4d47.zip
frameworks_base-a63e4f0488f1f82172d4f191958ff7867e6f4d47.tar.gz
frameworks_base-a63e4f0488f1f82172d4f191958ff7867e6f4d47.tar.bz2
4 files changed, 28 insertions, 11 deletions
diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl
index dfb7c50..3fb0afc 100644
--- a/core/java/com/android/internal/widget/ILockSettings.aidl
+++ b/core/java/com/android/internal/widget/ILockSettings.aidl
@@ -35,4 +35,5 @@ interface ILockSettings {
     boolean checkVoldPassword(int userId);
     boolean havePattern(int userId);
     boolean havePassword(int userId);
+    void sanitizePassword();
 }
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 86d11be..72e97d3 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -529,6 +529,17 @@ public class LockPatternUtils {
         }
     }
 
+    /**
+     * clears stored password.
+     */
+    public void sanitizePassword() {
+        try {
+            getLockSettings().sanitizePassword();
+        } catch (RemoteException re) {
+            Log.e(TAG, "Couldn't sanitize password" + re);
+        }
+    }
+
     private void updateCryptoUserInfo(int userId) {
         if (userId != UserHandle.USER_OWNER) {
             return;
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index c844c2c..11b7ebc 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -70,6 +70,8 @@ public class LockSettingsService extends ILockSettings.Stub {
 
     private static final String TAG = "LockSettingsService";
 
+    private static final String DEFAULT_PASSWORD = "default_password";
+
     private final Context mContext;
 
     private final LockSettingsStorage mStorage;
@@ -77,9 +79,7 @@ public class LockSettingsService extends ILockSettings.Stub {
     private LockPatternUtils mLockPatternUtils;
     private boolean mFirstCallToVold;
     private IGateKeeperService mGateKeeperService;
-    private static String mSavePassword = "default_password";
-    private static final long CLEAR_PASSWORD_INTERVAL = 60 * 1000; // 1m
-    protected Timer mClearPasswordTimer;
+    private static String mSavePassword = DEFAULT_PASSWORD;
 
     private interface CredentialUtil {
         void setCredential(String credential, String savedCredential, int userId)
@@ -367,14 +367,18 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     public void retainPassword(String password) {
-        mSavePassword = password;
-        mClearPasswordTimer = new Timer();
-        mClearPasswordTimer.schedule(new TimerTask() {
-            @Override
-            public void run() {
-                mSavePassword = "default_password";
-            }
-        }, CLEAR_PASSWORD_INTERVAL);
+        if (LockPatternUtils.isDeviceEncryptionEnabled()) {
+            if (password != null)
+                mSavePassword = password;
+            else
+                mSavePassword = DEFAULT_PASSWORD;
+        }
+    }
+
+    public void sanitizePassword() {
+        if (LockPatternUtils.isDeviceEncryptionEnabled()) {
+            mSavePassword = DEFAULT_PASSWORD;
+        }
     }
 
     public String getPassword() {
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index e2babe4..2b12054 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -2439,6 +2439,7 @@ class MountService extends IMountService.Stub
         try {
             NativeDaemonEvent event = mCryptConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
                         new SensitiveArg(currentPassword), new SensitiveArg(password));
+            lockSettings.sanitizePassword();
             return Integer.parseInt(event.getMessage());
         } catch (NativeDaemonConnectorException e) {
             // Encryption failed
author	Dinesh K Garg <dineshg@codeaurora.org>	2015-08-26 10:41:18 -0700
committer	Linux Build Service Account <lnxbuild@localhost>	2015-10-06 03:28:21 -0600
commit	a63e4f0488f1f82172d4f191958ff7867e6f4d47 (patch)
tree	963f7bf37267b8c22103141601a8fed6a7770fed
parent	1a37b5341a0b31994bdc6d30a71a904085922a6e (diff)
download	frameworks_base-a63e4f0488f1f82172d4f191958ff7867e6f4d47.zip frameworks_base-a63e4f0488f1f82172d4f191958ff7867e6f4d47.tar.gz frameworks_base-a63e4f0488f1f82172d4f191958ff7867e6f4d47.tar.bz2