summaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorFyodor Kupolov <fkupolov@google.com>2015-05-06 13:18:46 -0700
committerFyodor Kupolov <fkupolov@google.com>2015-05-06 13:36:03 -0700
commitef24909d84db9d5aefb825ee1556089fcdcc1678 (patch)
treef0cd8934ba94f56783628e16279dfea9d3fb1532 /services
parenta1d3c508e160b35f4f8ef56c2fb2fd6f65d5cbbd (diff)
downloadframeworks_base-ef24909d84db9d5aefb825ee1556089fcdcc1678.zip
frameworks_base-ef24909d84db9d5aefb825ee1556089fcdcc1678.tar.gz
frameworks_base-ef24909d84db9d5aefb825ee1556089fcdcc1678.tar.bz2
Remove restrictions PIN functionality
Bug: 20852231 Change-Id: I5666ee28ff1341ead9b258bc0852d8ba6d313c5e
Diffstat (limited to 'services')
-rw-r--r--services/core/java/com/android/server/pm/UserManagerService.java189
1 files changed, 0 insertions, 189 deletions
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index e79a206..e4495f6 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -68,9 +68,6 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
@@ -88,10 +85,6 @@ public class UserManagerService extends IUserManager.Stub {
private static final String ATTR_ID = "id";
private static final String ATTR_CREATION_TIME = "created";
private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn";
- private static final String ATTR_SALT = "salt";
- private static final String ATTR_PIN_HASH = "pinHash";
- private static final String ATTR_FAILED_ATTEMPTS = "failedAttempts";
- private static final String ATTR_LAST_RETRY_MS = "lastAttemptMs";
private static final String ATTR_SERIAL_NO = "serialNumber";
private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber";
private static final String ATTR_PARTIAL = "partial";
@@ -129,17 +122,10 @@ public class UserManagerService extends IUserManager.Stub {
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
- // Number of attempts before jumping to the next BACKOFF_TIMES slot
- private static final int BACKOFF_INC_INTERVAL = 5;
-
// Maximum number of managed profiles permitted is 1. This cannot be increased
// without first making sure that the rest of the framework is prepared for it.
private static final int MAX_MANAGED_PROFILES = 1;
- // Amount of time to force the user to wait before entering the PIN again, after failing
- // BACKOFF_INC_INTERVAL times.
- private static final int[] BACKOFF_TIMES = { 0, 30*1000, 60*1000, 5*60*1000, 30*60*1000 };
-
static final int WRITE_USER_MSG = 1;
static final int WRITE_USER_DELAY = 2*1000; // 2 seconds
@@ -158,16 +144,6 @@ public class UserManagerService extends IUserManager.Stub {
private final SparseArray<Bundle> mUserRestrictions = new SparseArray<Bundle>();
private final Bundle mGuestRestrictions = new Bundle();
- class RestrictionsPinState {
- long salt;
- String pinHash;
- int failedAttempts;
- long lastAttemptTime;
- }
-
- private final SparseArray<RestrictionsPinState> mRestrictionsPinStates =
- new SparseArray<RestrictionsPinState>();
-
/**
* Set of user IDs being actively removed. Removed IDs linger in this set
* for several seconds to work around a VFS caching issue.
@@ -806,21 +782,6 @@ public class UserManagerService extends IUserManager.Stub {
serializer.attribute(null, ATTR_CREATION_TIME, Long.toString(userInfo.creationTime));
serializer.attribute(null, ATTR_LAST_LOGGED_IN_TIME,
Long.toString(userInfo.lastLoggedInTime));
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userInfo.id);
- if (pinState != null) {
- if (pinState.salt != 0) {
- serializer.attribute(null, ATTR_SALT, Long.toString(pinState.salt));
- }
- if (pinState.pinHash != null) {
- serializer.attribute(null, ATTR_PIN_HASH, pinState.pinHash);
- }
- if (pinState.failedAttempts != 0) {
- serializer.attribute(null, ATTR_FAILED_ATTEMPTS,
- Integer.toString(pinState.failedAttempts));
- serializer.attribute(null, ATTR_LAST_RETRY_MS,
- Long.toString(pinState.lastAttemptTime));
- }
- }
if (userInfo.iconPath != null) {
serializer.attribute(null, ATTR_ICON_PATH, userInfo.iconPath);
}
@@ -940,11 +901,7 @@ public class UserManagerService extends IUserManager.Stub {
String iconPath = null;
long creationTime = 0L;
long lastLoggedInTime = 0L;
- long salt = 0L;
- String pinHash = null;
- int failedAttempts = 0;
int profileGroupId = UserInfo.NO_PROFILE_GROUP_ID;
- long lastAttemptTime = 0L;
boolean partial = false;
boolean guestToRemove = false;
Bundle restrictions = new Bundle();
@@ -978,10 +935,6 @@ public class UserManagerService extends IUserManager.Stub {
iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH);
creationTime = readLongAttribute(parser, ATTR_CREATION_TIME, 0);
lastLoggedInTime = readLongAttribute(parser, ATTR_LAST_LOGGED_IN_TIME, 0);
- salt = readLongAttribute(parser, ATTR_SALT, 0L);
- pinHash = parser.getAttributeValue(null, ATTR_PIN_HASH);
- failedAttempts = readIntAttribute(parser, ATTR_FAILED_ATTEMPTS, 0);
- lastAttemptTime = readLongAttribute(parser, ATTR_LAST_RETRY_MS, 0L);
profileGroupId = readIntAttribute(parser, ATTR_PROFILE_GROUP_ID,
UserInfo.NO_PROFILE_GROUP_ID);
String valueString = parser.getAttributeValue(null, ATTR_PARTIAL);
@@ -1019,17 +972,6 @@ public class UserManagerService extends IUserManager.Stub {
userInfo.guestToRemove = guestToRemove;
userInfo.profileGroupId = profileGroupId;
mUserRestrictions.append(id, restrictions);
- if (salt != 0L) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(id);
- if (pinState == null) {
- pinState = new RestrictionsPinState();
- mRestrictionsPinStates.put(id, pinState);
- }
- pinState.salt = salt;
- pinState.pinHash = pinHash;
- pinState.failedAttempts = failedAttempts;
- pinState.lastAttemptTime = lastAttemptTime;
- }
return userInfo;
} catch (IOException ioe) {
@@ -1431,8 +1373,6 @@ public class UserManagerService extends IUserManager.Stub {
// Remove this user from the list
mUsers.remove(userHandle);
-
- mRestrictionsPinStates.remove(userHandle);
// Remove user file
AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + XML_SUFFIX));
userFile.delete();
@@ -1504,92 +1444,6 @@ public class UserManagerService extends IUserManager.Stub {
}
@Override
- public boolean setRestrictionsChallenge(String newPin) {
- checkManageUsersPermission("Only system can modify the restrictions pin");
- int userId = UserHandle.getCallingUserId();
- synchronized (mPackagesLock) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
- if (pinState == null) {
- pinState = new RestrictionsPinState();
- }
- if (newPin == null) {
- pinState.salt = 0;
- pinState.pinHash = null;
- } else {
- try {
- pinState.salt = SecureRandom.getInstance("SHA1PRNG").nextLong();
- } catch (NoSuchAlgorithmException e) {
- pinState.salt = (long) (Math.random() * Long.MAX_VALUE);
- }
- pinState.pinHash = passwordToHash(newPin, pinState.salt);
- pinState.failedAttempts = 0;
- }
- mRestrictionsPinStates.put(userId, pinState);
- writeUserLocked(mUsers.get(userId));
- }
- return true;
- }
-
- @Override
- public int checkRestrictionsChallenge(String pin) {
- checkManageUsersPermission("Only system can verify the restrictions pin");
- int userId = UserHandle.getCallingUserId();
- synchronized (mPackagesLock) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
- // If there's no pin set, return error code
- if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) {
- return UserManager.PIN_VERIFICATION_FAILED_NOT_SET;
- } else if (pin == null) {
- // If just checking if user can be prompted, return remaining time
- int waitTime = getRemainingTimeForPinAttempt(pinState);
- Slog.d(LOG_TAG, "Remaining waittime peek=" + waitTime);
- return waitTime;
- } else {
- int waitTime = getRemainingTimeForPinAttempt(pinState);
- Slog.d(LOG_TAG, "Remaining waittime=" + waitTime);
- if (waitTime > 0) {
- return waitTime;
- }
- if (passwordToHash(pin, pinState.salt).equals(pinState.pinHash)) {
- pinState.failedAttempts = 0;
- scheduleWriteUserLocked(mUsers.get(userId));
- return UserManager.PIN_VERIFICATION_SUCCESS;
- } else {
- pinState.failedAttempts++;
- pinState.lastAttemptTime = System.currentTimeMillis();
- scheduleWriteUserLocked(mUsers.get(userId));
- return waitTime;
- }
- }
- }
- }
-
- private int getRemainingTimeForPinAttempt(RestrictionsPinState pinState) {
- int backoffIndex = Math.min(pinState.failedAttempts / BACKOFF_INC_INTERVAL,
- BACKOFF_TIMES.length - 1);
- int backoffTime = (pinState.failedAttempts % BACKOFF_INC_INTERVAL) == 0 ?
- BACKOFF_TIMES[backoffIndex] : 0;
- return (int) Math.max(backoffTime + pinState.lastAttemptTime - System.currentTimeMillis(),
- 0);
- }
-
- @Override
- public boolean hasRestrictionsChallenge() {
- int userId = UserHandle.getCallingUserId();
- synchronized (mPackagesLock) {
- return hasRestrictionsPinLocked(userId);
- }
- }
-
- private boolean hasRestrictionsPinLocked(int userId) {
- RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
- if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) {
- return false;
- }
- return true;
- }
-
- @Override
public void removeRestrictions() {
checkManageUsersPermission("Only system can remove restrictions");
final int userHandle = UserHandle.getCallingUserId();
@@ -1600,8 +1454,6 @@ public class UserManagerService extends IUserManager.Stub {
synchronized (mPackagesLock) {
// Remove all user restrictions
setUserRestrictions(new Bundle(), userHandle);
- // Remove restrictions pin
- setRestrictionsChallenge(null);
// Remove any app restrictions
cleanAppRestrictions(userHandle);
}
@@ -1633,42 +1485,6 @@ public class UserManagerService extends IUserManager.Stub {
}
});
}
-
- /*
- * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash.
- * Not the most secure, but it is at least a second level of protection. First level is that
- * the file is in a location only readable by the system process.
- * @param password the password.
- * @param salt the randomly generated salt
- * @return the hash of the pattern in a String.
- */
- private String passwordToHash(String password, long salt) {
- if (password == null) {
- return null;
- }
- String algo = null;
- String hashed = salt + password;
- try {
- byte[] saltedPassword = (password + salt).getBytes();
- byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
- byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
- hashed = toHex(sha1) + toHex(md5);
- } catch (NoSuchAlgorithmException e) {
- Log.w(LOG_TAG, "Failed to encode string because of missing algorithm: " + algo);
- }
- return hashed;
- }
-
- private static String toHex(byte[] ary) {
- final String hex = "0123456789ABCDEF";
- String ret = "";
- for (int i = 0; i < ary.length; i++) {
- ret += hex.charAt((ary[i] >> 4) & 0xf);
- ret += hex.charAt(ary[i] & 0xf);
- }
- return ret;
- }
-
private int getUidForPackage(String packageName) {
long ident = Binder.clearCallingIdentity();
try {
@@ -1954,11 +1770,6 @@ public class UserManagerService extends IUserManager.Stub {
return RESTRICTIONS_FILE_PREFIX + packageName + XML_SUFFIX;
}
- private String restrictionsFileNameToPackage(String fileName) {
- return fileName.substring(RESTRICTIONS_FILE_PREFIX.length(),
- (int) (fileName.length() - XML_SUFFIX.length()));
- }
-
@Override
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
generated by cgit v1.1 at 2025-01-07 05:25:03 +0000