Don't double prompt on booting encrypted device

vold will store password securely until KeyGuard requests it and hands it on to KeyStore. This is a revision of https://googleplex-android-review.git.corp.google.com/#/c/418123/ which was reverted. It had two bugs in LockSettingsService.checkVoldPassword. 1) We were not checking password for null, which caused an exception 2) checkPattern/checkPassword return true if there is no saved pattern or password. This leads to situations where we get true returned even when the password doesn't match. Call the correct one based on what is there, not what vold thinks ought to be there. Bug: 12990752 Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4
author: Paul Lawrence <paullawrence@google.com> 2014-03-27 16:37:28 +0000
committer: Paul Lawrence <paullawrence@google.com> 2014-03-28 10:35:44 -0700
commit: 945490c12e32b1c13b9097c00702558260b2011f (patch)
tree: d5ad838f520e98a1266d65a603b2869f69c1c853 /services/core/java/com/android/server/LockSettingsService.java
parent: 0e14f2d45557527242f27ce7de9027e6ccaa45d6 (diff)
download: frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.zip
frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.tar.gz
frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.tar.bz2
1 files changed, 59 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index fe814fc..0d2cee8 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -30,7 +30,11 @@ import android.database.sqlite.SQLiteOpenHelper;
 import android.database.sqlite.SQLiteStatement;
 import android.os.Binder;
 import android.os.Environment;
+import android.os.IBinder;
 import android.os.RemoteException;
+import android.os.storage.IMountService;
+import android.os.ServiceManager;
+import android.os.storage.StorageManager;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.os.UserManager;
@@ -79,6 +83,7 @@ public class LockSettingsService extends ILockSettings.Stub {
 
     private final Context mContext;
     private LockPatternUtils mLockPatternUtils;
+    private boolean mFirstCallToVold;
 
     public LockSettingsService(Context context) {
         mContext = context;
@@ -86,6 +91,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         mOpenHelper = new DatabaseHelper(mContext);
 
         mLockPatternUtils = new LockPatternUtils(context);
+        mFirstCallToVold = true;
     }
 
     public void systemReady() {
@@ -347,6 +353,51 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
+        public boolean checkVoldPassword(int userId) throws RemoteException {
+        if (!mFirstCallToVold) {
+            return false;
+        }
+        mFirstCallToVold = false;
+
+        checkPasswordReadPermission(userId);
+
+        // There's no guarantee that this will safely connect, but if it fails
+        // we will simply show the lock screen when we shouldn't, so relatively
+        // benign. There is an outside chance something nasty would happen if
+        // this service restarted before vold stales out the password in this
+        // case. The nastiness is limited to not showing the lock screen when
+        // we should, within the first minute of decrypting the phone if this
+        // service can't connect to vold, it restarts, and then the new instance
+        // does successfully connect.
+        final IMountService service = getMountService();
+        String password = service.getPassword();
+        service.clearPassword();
+        if (password == null) {
+            return false;
+        }
+
+        try {
+            if (mLockPatternUtils.isLockPatternEnabled()) {
+                if (checkPattern(password, userId)) {
+                    return true;
+                }
+            }
+        } catch (Exception e) {
+        }
+
+        try {
+            if (mLockPatternUtils.isLockPasswordEnabled()) {
+                if (checkPassword(password, userId)) {
+                    return true;
+                }
+            }
+        } catch (Exception e) {
+        }
+
+        return false;
+    }
+
+    @Override
     public void removeUser(int userId) {
         checkWritePermission(userId);
 
@@ -524,4 +575,12 @@ public class LockSettingsService extends ILockSettings.Stub {
         Secure.LOCK_SCREEN_OWNER_INFO_ENABLED,
         Secure.LOCK_SCREEN_OWNER_INFO
     };
+
+    private IMountService getMountService() {
+        final IBinder service = ServiceManager.getService("mount");
+        if (service != null) {
+            return IMountService.Stub.asInterface(service);
+        }
+        return null;
+    }
 }
author	Paul Lawrence <paullawrence@google.com>	2014-03-27 16:37:28 +0000
committer	Paul Lawrence <paullawrence@google.com>	2014-03-28 10:35:44 -0700
commit	945490c12e32b1c13b9097c00702558260b2011f (patch)
tree	d5ad838f520e98a1266d65a603b2869f69c1c853 /services/core/java/com/android/server/LockSettingsService.java
parent	0e14f2d45557527242f27ce7de9027e6ccaa45d6 (diff)
download	frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.zip frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.tar.gz frameworks_base-945490c12e32b1c13b9097c00702558260b2011f.tar.bz2