From cca9cb7a8a64b21280045fe76c0902dbab75f386 Mon Sep 17 00:00:00 2001 From: Brahmaji K Date: Tue, 15 Mar 2016 16:37:16 +0530 Subject: keyguard: Fix password doesnot sanitize after verification Add sanitizePassword call after the verification is success so that the password/pin/pattern goes to default_password. This will avoid security vulnerability. Change-Id: I711b9e38e1812bad9fa7ab8d0ab9e35963138a69 --- packages/Keyguard/src/com/android/keyguard/KeyguardAbsKeyInputView.java | 1 + packages/Keyguard/src/com/android/keyguard/KeyguardPatternView.java | 1 + 2 files changed, 2 insertions(+) (limited to 'packages/Keyguard') diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardAbsKeyInputView.java b/packages/Keyguard/src/com/android/keyguard/KeyguardAbsKeyInputView.java index b03871a..7fbd658 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardAbsKeyInputView.java +++ b/packages/Keyguard/src/com/android/keyguard/KeyguardAbsKeyInputView.java @@ -147,6 +147,7 @@ public abstract class KeyguardAbsKeyInputView extends LinearLayout private void onPasswordChecked(boolean matched, int timeoutMs, boolean isValidPassword) { if (matched) { + mLockPatternUtils.sanitizePassword(); mDismissing = true; mCallback.reportUnlockAttempt(true, 0); mCallback.dismiss(true); diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardPatternView.java b/packages/Keyguard/src/com/android/keyguard/KeyguardPatternView.java index f40d4fe..446f6c1 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardPatternView.java +++ b/packages/Keyguard/src/com/android/keyguard/KeyguardPatternView.java @@ -262,6 +262,7 @@ public class KeyguardPatternView extends LinearLayout implements KeyguardSecurit private void onPatternChecked(boolean matched, int timeoutMs, boolean isValidPattern) { if (matched) { + mLockPatternUtils.sanitizePassword(); mCallback.reportUnlockAttempt(true, 0); mLockPatternView.setDisplayMode(LockPatternView.DisplayMode.Correct); mCallback.dismiss(true); -- cgit v1.1