summaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorFyodor Kupolov <fkupolov@google.com>2015-05-08 23:10:29 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-05-08 23:10:31 +0000
commit4f434a04708e7a254afe2e0d362f715229dc15d1 (patch)
tree1bea7ded584e6793017449bcf60ed9a2fe96f794 /services
parent5823756335ec3ecbe024369e24a6b291471cea9a (diff)
parentef24909d84db9d5aefb825ee1556089fcdcc1678 (diff)
downloadframeworks_base-4f434a04708e7a254afe2e0d362f715229dc15d1.zip
frameworks_base-4f434a04708e7a254afe2e0d362f715229dc15d1.tar.gz
frameworks_base-4f434a04708e7a254afe2e0d362f715229dc15d1.tar.bz2
Merge "Remove restrictions PIN functionality" into mnc-dev
Diffstat (limited to 'services')
-rw-r--r--services/core/java/com/android/server/pm/UserManagerService.java189
1 files changed, 0 insertions, 189 deletions
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index e6f5e3d..51b26a8 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -68,9 +68,6 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
@@ -88,10 +85,6 @@ public class UserManagerService extends IUserManager.Stub {
private static final String ATTR_ID = "id";
private static final String ATTR_CREATION_TIME = "created";
private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn";
- private static final String ATTR_SALT = "salt";
- private static final String ATTR_PIN_HASH = "pinHash";
- private static final String ATTR_FAILED_ATTEMPTS = "failedAttempts";
- private static final String ATTR_LAST_RETRY_MS = "lastAttemptMs";
private static final String ATTR_SERIAL_NO = "serialNumber";
private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber";
private static final String ATTR_PARTIAL = "partial";
@@ -129,17 +122,10 @@ public class UserManagerService extends IUserManager.Stub {
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
- // Number of attempts before jumping to the next BACKOFF_TIMES slot
- private static final int BACKOFF_INC_INTERVAL = 5;
-
// Maximum number of managed profiles permitted is 1. This cannot be increased
// without first making sure that the rest of the framework is prepared for it.
private static final int MAX_MANAGED_PROFILES = 1;
- // Amount of time to force the user to wait before entering the PIN again, after failing
- // BACKOFF_INC_INTERVAL times.
- private static final int[] BACKOFF_TIMES = { 0, 30*1000, 60*1000, 5*60*1000, 30*60*1000 };
-
static final int WRITE_USER_MSG = 1;
static final int WRITE_USER_DELAY = 2*1000; // 2 seconds
@@ -158,16 +144,6 @@ public class UserManagerService extends IUserManager.Stub {
private final SparseArray<Bundle> mUserRestrictions = new SparseArray<Bundle>();
private final Bundle mGuestRestrictions = new Bundle();
- class RestrictionsPinState {
- long salt;
- String pinHash;
- int failedAttempts;
- long lastAttemptTime;
- }
-
- private final SparseArray<RestrictionsPinState> mRestrictionsPinStates =
- new SparseArray<RestrictionsPinState>();
-
/**
* Set of user IDs being actively removed. Removed IDs linger in this set
* for several seconds to work around a VFS caching issue.
@@ -810,21 +786,6 @@ public class UserManagerService extends IUserManager.Stub {
serializer.attribute(null, ATTR_CREATION_TIME, Long.toString(userInfo.creationTime));
serializer.attribute(null, ATTR_LAST_LOGGED_IN_TIME,
Long.toString(userInfo.lastLoggedInTime));
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userInfo.id);
- if (pinState != null) {
- if (pinState.salt != 0) {
- serializer.attribute(null, ATTR_SALT, Long.toString(pinState.salt));
- }
- if (pinState.pinHash != null) {
- serializer.attribute(null, ATTR_PIN_HASH, pinState.pinHash);
- }
- if (pinState.failedAttempts != 0) {
- serializer.attribute(null, ATTR_FAILED_ATTEMPTS,
- Integer.toString(pinState.failedAttempts));
- serializer.attribute(null, ATTR_LAST_RETRY_MS,
- Long.toString(pinState.lastAttemptTime));
- }
- }
if (userInfo.iconPath != null) {
serializer.attribute(null, ATTR_ICON_PATH, userInfo.iconPath);
}
@@ -944,11 +905,7 @@ public class UserManagerService extends IUserManager.Stub {
String iconPath = null;
long creationTime = 0L;
long lastLoggedInTime = 0L;
- long salt = 0L;
- String pinHash = null;
- int failedAttempts = 0;
int profileGroupId = UserInfo.NO_PROFILE_GROUP_ID;
- long lastAttemptTime = 0L;
boolean partial = false;
boolean guestToRemove = false;
Bundle restrictions = new Bundle();
@@ -982,10 +939,6 @@ public class UserManagerService extends IUserManager.Stub {
iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH);
creationTime = readLongAttribute(parser, ATTR_CREATION_TIME, 0);
lastLoggedInTime = readLongAttribute(parser, ATTR_LAST_LOGGED_IN_TIME, 0);
- salt = readLongAttribute(parser, ATTR_SALT, 0L);
- pinHash = parser.getAttributeValue(null, ATTR_PIN_HASH);
- failedAttempts = readIntAttribute(parser, ATTR_FAILED_ATTEMPTS, 0);
- lastAttemptTime = readLongAttribute(parser, ATTR_LAST_RETRY_MS, 0L);
profileGroupId = readIntAttribute(parser, ATTR_PROFILE_GROUP_ID,
UserInfo.NO_PROFILE_GROUP_ID);
String valueString = parser.getAttributeValue(null, ATTR_PARTIAL);
@@ -1023,17 +976,6 @@ public class UserManagerService extends IUserManager.Stub {
userInfo.guestToRemove = guestToRemove;
userInfo.profileGroupId = profileGroupId;
mUserRestrictions.append(id, restrictions);
- if (salt != 0L) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(id);
- if (pinState == null) {
- pinState = new RestrictionsPinState();
- mRestrictionsPinStates.put(id, pinState);
- }
- pinState.salt = salt;
- pinState.pinHash = pinHash;
- pinState.failedAttempts = failedAttempts;
- pinState.lastAttemptTime = lastAttemptTime;
- }
return userInfo;
} catch (IOException ioe) {
@@ -1435,8 +1377,6 @@ public class UserManagerService extends IUserManager.Stub {
// Remove this user from the list
mUsers.remove(userHandle);
-
- mRestrictionsPinStates.remove(userHandle);
// Remove user file
AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + XML_SUFFIX));
userFile.delete();
@@ -1508,92 +1448,6 @@ public class UserManagerService extends IUserManager.Stub {
}
@Override
- public boolean setRestrictionsChallenge(String newPin) {
- checkManageUsersPermission("Only system can modify the restrictions pin");
- int userId = UserHandle.getCallingUserId();
- synchronized (mPackagesLock) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
- if (pinState == null) {
- pinState = new RestrictionsPinState();
- }
- if (newPin == null) {
- pinState.salt = 0;
- pinState.pinHash = null;
- } else {
- try {
- pinState.salt = SecureRandom.getInstance("SHA1PRNG").nextLong();
- } catch (NoSuchAlgorithmException e) {
- pinState.salt = (long) (Math.random() * Long.MAX_VALUE);
- }
- pinState.pinHash = passwordToHash(newPin, pinState.salt);
- pinState.failedAttempts = 0;
- }
- mRestrictionsPinStates.put(userId, pinState);
- writeUserLocked(mUsers.get(userId));
- }
- return true;
- }
-
- @Override
- public int checkRestrictionsChallenge(String pin) {
- checkManageUsersPermission("Only system can verify the restrictions pin");
- int userId = UserHandle.getCallingUserId();
- synchronized (mPackagesLock) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
- // If there's no pin set, return error code
- if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) {
- return UserManager.PIN_VERIFICATION_FAILED_NOT_SET;
- } else if (pin == null) {
- // If just checking if user can be prompted, return remaining time
- int waitTime = getRemainingTimeForPinAttempt(pinState);
- Slog.d(LOG_TAG, "Remaining waittime peek=" + waitTime);
- return waitTime;
- } else {
- int waitTime = getRemainingTimeForPinAttempt(pinState);
- Slog.d(LOG_TAG, "Remaining waittime=" + waitTime);
- if (waitTime > 0) {
- return waitTime;
- }
- if (passwordToHash(pin, pinState.salt).equals(pinState.pinHash)) {
- pinState.failedAttempts = 0;
- scheduleWriteUserLocked(mUsers.get(userId));
- return UserManager.PIN_VERIFICATION_SUCCESS;
- } else {
- pinState.failedAttempts++;
- pinState.lastAttemptTime = System.currentTimeMillis();
- scheduleWriteUserLocked(mUsers.get(userId));
- return waitTime;
- }
- }
- }
- }
-
- private int getRemainingTimeForPinAttempt(RestrictionsPinState pinState) {
- int backoffIndex = Math.min(pinState.failedAttempts / BACKOFF_INC_INTERVAL,
- BACKOFF_TIMES.length - 1);
- int backoffTime = (pinState.failedAttempts % BACKOFF_INC_INTERVAL) == 0 ?
- BACKOFF_TIMES[backoffIndex] : 0;
- return (int) Math.max(backoffTime + pinState.lastAttemptTime - System.currentTimeMillis(),
- 0);
- }
-
- @Override
- public boolean hasRestrictionsChallenge() {
- int userId = UserHandle.getCallingUserId();
- synchronized (mPackagesLock) {
- return hasRestrictionsPinLocked(userId);
- }
- }
-
- private boolean hasRestrictionsPinLocked(int userId) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
- if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) {
- return false;
- }
- return true;
- }
-
- @Override
public void removeRestrictions() {
checkManageUsersPermission("Only system can remove restrictions");
final int userHandle = UserHandle.getCallingUserId();
@@ -1604,8 +1458,6 @@ public class UserManagerService extends IUserManager.Stub {
synchronized (mPackagesLock) {
// Remove all user restrictions
setUserRestrictions(new Bundle(), userHandle);
- // Remove restrictions pin
- setRestrictionsChallenge(null);
// Remove any app restrictions
cleanAppRestrictions(userHandle);
}
@@ -1637,42 +1489,6 @@ public class UserManagerService extends IUserManager.Stub {
}
});
}
-
- /*
- * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash.
- * Not the most secure, but it is at least a second level of protection. First level is that
- * the file is in a location only readable by the system process.
- * @param password the password.
- * @param salt the randomly generated salt
- * @return the hash of the pattern in a String.
- */
- private String passwordToHash(String password, long salt) {
- if (password == null) {
- return null;
- }
- String algo = null;
- String hashed = salt + password;
- try {
- byte[] saltedPassword = (password + salt).getBytes();
- byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
- byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
- hashed = toHex(sha1) + toHex(md5);
- } catch (NoSuchAlgorithmException e) {
- Log.w(LOG_TAG, "Failed to encode string because of missing algorithm: " + algo);
- }
- return hashed;
- }
-
- private static String toHex(byte[] ary) {
- final String hex = "0123456789ABCDEF";
- String ret = "";
- for (int i = 0; i < ary.length; i++) {
- ret += hex.charAt((ary[i] >> 4) & 0xf);
- ret += hex.charAt(ary[i] & 0xf);
- }
- return ret;
- }
-
private int getUidForPackage(String packageName) {
long ident = Binder.clearCallingIdentity();
try {
@@ -1958,11 +1774,6 @@ public class UserManagerService extends IUserManager.Stub {
return RESTRICTIONS_FILE_PREFIX + packageName + XML_SUFFIX;
}
- private String restrictionsFileNameToPackage(String fileName) {
- return fileName.substring(RESTRICTIONS_FILE_PREFIX.length(),
- (int) (fileName.length() - XML_SUFFIX.length()));
- }
-
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
generated by cgit v1.1 at 2025-01-07 05:23:18 +0000