Do not engage IAuthSecret when running a GSI.

author David Anderson <dvander@google.com>

Wed, 13 Feb 2019 00:25:56 +0000 (16:25 -0800)

committer David Anderson <dvander@google.com>

Thu, 21 Feb 2019 00:20:31 +0000 (16:20 -0800)
author David Anderson <dvander@google.com>
Wed, 13 Feb 2019 00:25:56 +0000 (16:25 -0800)
committer David Anderson <dvander@google.com>
Thu, 21 Feb 2019 00:20:31 +0000 (16:20 -0800)
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java

index a9ae74f..f67d445 100644 (file)
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -192,6 +192,8 @@ public class LockSettingsService extends ILockSettings.Stub {
      protected IGateKeeperService mGateKeeperService;
      protected IAuthSecret mAuthSecretService;
  
+    private static final String GSI_RUNNING_PROP = "ro.gsid.image_running";
+
      /**
       * The UIDs that are used for system credential storage in keystore.
       */
@@ -406,6 +408,10 @@ public class LockSettingsService extends ILockSettings.Stub {
          public int binderGetCallingUid() {
              return Binder.getCallingUid();
          }
+
+        public boolean isGsiRunning() {
+            return SystemProperties.getInt(GSI_RUNNING_PROP, 0) > 0;
+        }
      }
  
      public LockSettingsService(Context context) {
@@ -2216,6 +2222,11 @@ public class LockSettingsService extends ILockSettings.Stub {
          }
          tryRemoveUserFromSpCacheLater(userId);
  
+        if (mInjector.isGsiRunning()) {
+            Slog.w(TAG, "AuthSecret disabled in GSI");
+            return;
+        }
+
          // Pass the primary user's auth secret to the HAL
          if (mAuthSecretService != null && mUserManager.getUserInfo(userId).isPrimary()) {
              try {
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java

index cf89cb8..aadf924 100644 (file)
--- a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
@@ -87,6 +87,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase {
      MockSyntheticPasswordManager mSpManager;
      IAuthSecret mAuthSecretService;
      WindowManagerInternal mMockWindowManager;
+    FakeGsiService mGsiService;
      protected boolean mHasSecureLockScreen;
  
      @Override
@@ -101,6 +102,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase {
          mDevicePolicyManager = mock(DevicePolicyManager.class);
          mDevicePolicyManagerInternal = mock(DevicePolicyManagerInternal.class);
          mMockWindowManager = mock(WindowManagerInternal.class);
+        mGsiService = new FakeGsiService();
  
          LocalServices.removeServiceForTest(LockSettingsInternal.class);
          LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
@@ -137,7 +139,7 @@ public class BaseLockSettingsServiceTests extends AndroidTestCase {
          mAuthSecretService = mock(IAuthSecret.class);
          mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils, mStorage,
                  mGateKeeperService, mKeyStore, setUpStorageManagerMock(), mActivityManager,
-                mSpManager, mAuthSecretService);
+                mSpManager, mAuthSecretService, mGsiService);
          when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO);
          mPrimaryUserProfiles.add(PRIMARY_USER_INFO);
          installChildProfile(MANAGED_PROFILE_USER_ID);
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/FakeGsiService.java b/services/tests/servicestests/src/com/android/server/locksettings/FakeGsiService.java

new file mode 100644 (file)

index 0000000..1033163
--- /dev/null
+++ b/services/tests/servicestests/src/com/android/server/locksettings/FakeGsiService.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.locksettings;
+
+public class FakeGsiService {
+    private boolean mIsGsiRunning;
+
+    public boolean isGsiRunning() {
+        return mIsGsiRunning;
+    }
+
+    public void setIsGsiRunning(boolean isGsiRunning) {
+        mIsGsiRunning = isGsiRunning;
+    }
+}
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java

index fe683ab..74d4739 100644 (file)
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
@@ -44,11 +44,12 @@ public class LockSettingsServiceTestable extends LockSettingsService {
          private IStorageManager mStorageManager;
          private SyntheticPasswordManager mSpManager;
          private IAuthSecret mAuthSecretService;
+        private FakeGsiService mGsiService;
  
          public MockInjector(Context context, LockSettingsStorage storage, KeyStore keyStore,
                  IActivityManager activityManager, LockPatternUtils lockPatternUtils,
                  IStorageManager storageManager, SyntheticPasswordManager spManager,
-                IAuthSecret authSecretService) {
+                IAuthSecret authSecretService, FakeGsiService gsiService) {
              super(context);
              mLockSettingsStorage = storage;
              mKeyStore = keyStore;
@@ -56,6 +57,7 @@ public class LockSettingsServiceTestable extends LockSettingsService {
              mLockPatternUtils = lockPatternUtils;
              mStorageManager = storageManager;
              mSpManager = spManager;
+            mGsiService = gsiService;
          }
  
          @Override
@@ -107,14 +109,20 @@ public class LockSettingsServiceTestable extends LockSettingsService {
          public int binderGetCallingUid() {
              return Process.SYSTEM_UID;
          }
+
+        @Override
+        public boolean isGsiRunning() {
+            return mGsiService.isGsiRunning();
+        }
      }
  
      protected LockSettingsServiceTestable(Context context, LockPatternUtils lockPatternUtils,
              LockSettingsStorage storage, FakeGateKeeperService gatekeeper, KeyStore keystore,
              IStorageManager storageManager, IActivityManager mActivityManager,
-            SyntheticPasswordManager spManager, IAuthSecret authSecretService) {
+            SyntheticPasswordManager spManager, IAuthSecret authSecretService,
+            FakeGsiService gsiService) {
          super(new MockInjector(context, storage, keystore, mActivityManager, lockPatternUtils,
-                storageManager, spManager, authSecretService));
+                storageManager, spManager, authSecretService, gsiService));
          mGateKeeperService = gatekeeper;
          mAuthSecretService = authSecretService;
      }
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

index 0595a5b..89e155e 100644 (file)
--- a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
@@ -554,6 +554,18 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
          assertArrayEquals(PAYLOAD2, deserialized.passwordHandle);
      }
  
+    public void testGsiDisablesAuthSecret() throws RemoteException {
+        mGsiService.setIsGsiRunning(true);
+
+        final String password = "testGsiDisablesAuthSecret-password";
+
+        initializeCredentialUnderSP(password, PRIMARY_USER_ID);
+        assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(
+                password, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID)
+                        .getResponseCode());
+        verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
+    }
+
      // b/62213311
      //TODO: add non-migration work profile case, and unify/un-unify transition.
      //TODO: test token after user resets password
author	David Anderson <dvander@google.com>
	Wed, 13 Feb 2019 00:25:56 +0000 (16:25 -0800)
committer	David Anderson <dvander@google.com>
	Thu, 21 Feb 2019 00:20:31 +0000 (16:20 -0800)
services/core/java/com/android/server/locksettings/LockSettingsService.java		patch \| blob \| history
services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java		patch \| blob \| history
services/tests/servicestests/src/com/android/server/locksettings/FakeGsiService.java	[new file with mode: 0644]	patch \| blob
services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java		patch \| blob \| history
services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java		patch \| blob \| history