From a91a8504191d91d288c55821caa5bf00c9be26a2 Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Thu, 7 May 2015 10:02:22 -0700
Subject: Cleanup keystore password changing and unlocking

Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
---
 .../com/android/server/LockSettingsService.java    | 39 ++++++++++------------
 1 file changed, 17 insertions(+), 22 deletions(-)

(limited to 'services/core')

diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 5df74c5..ed2de4a 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -356,28 +356,23 @@ public class LockSettingsService extends ILockSettings.Stub {
         return mStorage.hasPattern(userId);
     }
 
-    private void maybeUpdateKeystore(String password, int userHandle) {
+    private void setKeystorePassword(String password, int userHandle) {
         final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
         final KeyStore ks = KeyStore.getInstance();
 
         final List<UserInfo> profiles = um.getProfiles(userHandle);
-        boolean shouldReset = TextUtils.isEmpty(password);
-
-        // For historical reasons, don't wipe a non-empty keystore if we have a single user with a
-        // single profile.
-        if (userHandle == UserHandle.USER_OWNER && profiles.size() == 1) {
-            if (!ks.isEmpty()) {
-                shouldReset = false;
-            }
+        for (UserInfo pi : profiles) {
+            ks.onUserPasswordChanged(pi.id, password);
         }
+    }
+
+    private void unlockKeystore(String password, int userHandle) {
+        final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE);
+        final KeyStore ks = KeyStore.getInstance();
 
+        final List<UserInfo> profiles = um.getProfiles(userHandle);
         for (UserInfo pi : profiles) {
-            final int profileUid = UserHandle.getUid(pi.id, Process.SYSTEM_UID);
-            if (shouldReset) {
-                ks.resetUid(profileUid);
-            } else {
-                ks.passwordUid(password, profileUid);
-            }
+            ks.unlock(pi.id, password);
         }
     }
 
@@ -423,7 +418,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         if (pattern == null) {
             getGateKeeperService().clearSecureUserId(userId);
             mStorage.writePatternHash(null, userId);
-            maybeUpdateKeystore(null, userId);
+            setKeystorePassword(null, userId);
             return;
         }
 
@@ -451,7 +446,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         if (password == null) {
             getGateKeeperService().clearSecureUserId(userId);
             mStorage.writePasswordHash(null, userId);
-            maybeUpdateKeystore(null, userId);
+            setKeystorePassword(null, userId);
             return;
         }
 
@@ -484,7 +479,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                 toEnrollBytes);
 
         if (hash != null) {
-            maybeUpdateKeystore(toEnroll, userId);
+            setKeystorePassword(toEnroll, userId);
         }
 
         return hash;
@@ -530,7 +525,7 @@ public class LockSettingsService extends ILockSettings.Stub {
             byte[] hash = mLockPatternUtils.patternToHash(
                     mLockPatternUtils.stringToPattern(pattern));
             if (Arrays.equals(hash, storedHash.hash)) {
-                maybeUpdateKeystore(pattern, userId);
+                unlockKeystore(pattern, userId);
                 // migrate password to GateKeeper
                 setLockPattern(pattern, null, userId);
                 if (!hasChallenge) {
@@ -556,7 +551,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         }
 
         // pattern has matched
-        maybeUpdateKeystore(pattern, userId);
+        unlockKeystore(pattern, userId);
         return token;
 
     }
@@ -599,7 +594,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         if (storedHash.version == CredentialHash.VERSION_LEGACY) {
             byte[] hash = mLockPatternUtils.passwordToHash(password, userId);
             if (Arrays.equals(hash, storedHash.hash)) {
-                maybeUpdateKeystore(password, userId);
+                unlockKeystore(password, userId);
                 // migrate password to GateKeeper
                 setLockPassword(password, null, userId);
                 if (!hasChallenge) {
@@ -625,7 +620,7 @@ public class LockSettingsService extends ILockSettings.Stub {
         }
 
         // password has matched
-        maybeUpdateKeystore(password, userId);
+        unlockKeystore(password, userId);
         return token;
     }
 
-- 
cgit v1.1