diff options
| author | Paul Lawrence <paullawrence@google.com> | 2014-03-27 16:37:28 +0000 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2014-03-28 10:35:44 -0700 |
| commit | 945490c12e32b1c13b9097c00702558260b2011f (patch) | |
| tree | d5ad838f520e98a1266d65a603b2869f69c1c853 /core | |
| parent | 0e14f2d45557527242f27ce7de9027e6ccaa45d6 (diff) | |
| download | frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.zip frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.tar.gz frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.tar.bz2 | |
Don't double prompt on booting encrypted device
vold will store password securely until KeyGuard requests it
and hands it on to KeyStore.
This is a revision of
https://googleplex-android-review.git.corp.google.com/#/c/418123/
which was reverted. It had two bugs in LockSettingsService.checkVoldPassword.
1) We were not checking password for null, which caused an exception
2) checkPattern/checkPassword return true if there is no saved pattern or password.
This leads to situations where we get true returned even when the password
doesn't match. Call the correct one based on what is there, not what vold
thinks ought to be there.
Bug: 12990752
Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4
Diffstat (limited to 'core')
| -rw-r--r-- | core/java/android/os/storage/IMountService.java | 60 | ||||
| -rw-r--r-- | core/java/com/android/internal/widget/ILockSettings.aidl | 1 | ||||
| -rw-r--r-- | core/java/com/android/internal/widget/LockPatternUtils.java | 14 |
3 files changed, 74 insertions, 1 deletions
diff --git a/core/java/android/os/storage/IMountService.java b/core/java/android/os/storage/IMountService.java index b97734e..4180860 100644 --- a/core/java/android/os/storage/IMountService.java +++ b/core/java/android/os/storage/IMountService.java @@ -694,6 +694,36 @@ public interface IMountService extends IInterface { return _result; } + public String getPassword() throws RemoteException { + Parcel _data = Parcel.obtain(); + Parcel _reply = Parcel.obtain(); + String _result; + try { + _data.writeInterfaceToken(DESCRIPTOR); + mRemote.transact(Stub.TRANSACTION_getPassword, _data, _reply, 0); + _reply.readException(); + _result = _reply.readString(); + } finally { + _reply.recycle(); + _data.recycle(); + } + return _result; + } + + public void clearPassword() throws RemoteException { + Parcel _data = Parcel.obtain(); + Parcel _reply = Parcel.obtain(); + String _result; + try { + _data.writeInterfaceToken(DESCRIPTOR); + mRemote.transact(Stub.TRANSACTION_clearPassword, _data, _reply, 0); + _reply.readException(); + } finally { + _reply.recycle(); + _data.recycle(); + } + } + public StorageVolume[] getVolumeList() throws RemoteException { Parcel _data = Parcel.obtain(); Parcel _reply = Parcel.obtain(); @@ -846,7 +876,11 @@ public interface IMountService extends IInterface { static final int TRANSACTION_mkdirs = IBinder.FIRST_CALL_TRANSACTION + 34; - static final int TRANSACTION_getPasswordType = IBinder.FIRST_CALL_TRANSACTION + 36; + static final int TRANSACTION_getPasswordType = IBinder.FIRST_CALL_TRANSACTION + 35; + + static final int TRANSACTION_getPassword = IBinder.FIRST_CALL_TRANSACTION + 36; + + static final int TRANSACTION_clearPassword = IBinder.FIRST_CALL_TRANSACTION + 37; /** * Cast an IBinder object into an IMountService interface, generating a @@ -1208,6 +1242,19 @@ public interface IMountService extends IInterface { reply.writeInt(result); return true; } + case TRANSACTION_getPassword: { + data.enforceInterface(DESCRIPTOR); + String result = getPassword(); + reply.writeNoException(); + reply.writeString(result); + return true; + } + case TRANSACTION_clearPassword: { + data.enforceInterface(DESCRIPTOR); + clearPassword(); + reply.writeNoException(); + return true; + } } return super.onTransact(code, data, reply, flags); } @@ -1446,4 +1493,15 @@ public interface IMountService extends IInterface { * @return PasswordType */ public int getPasswordType() throws RemoteException; + + /** + * Get password from vold + * @return password or empty string + */ + public String getPassword() throws RemoteException; + + /** + * Securely clear password from vold + */ + public void clearPassword() throws RemoteException; } diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl index 91056f1..9501f92 100644 --- a/core/java/com/android/internal/widget/ILockSettings.aidl +++ b/core/java/com/android/internal/widget/ILockSettings.aidl @@ -28,6 +28,7 @@ interface ILockSettings { boolean checkPattern(in String pattern, int userId); void setLockPassword(in String password, int userId); boolean checkPassword(in String password, int userId); + boolean checkVoldPassword(int userId); boolean havePattern(int userId); boolean havePassword(int userId); void removeUser(int userId); diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 2d79491..e5aaf7e 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -313,6 +313,20 @@ public class LockPatternUtils { } /** + * Check to see if vold already has the password. + * Note that this also clears vold's copy of the password. + * @return Whether the vold password matches or not. + */ + public boolean checkVoldPassword() { + final int userId = getCurrentOrCallingUserId(); + try { + return getLockSettings().checkVoldPassword(userId); + } catch (RemoteException re) { + return false; + } + } + + /** * Check to see if a password matches any of the passwords stored in the * password history. * |