protected IGateKeeperService mGateKeeperService;
protected IAuthSecret mAuthSecretService;
+ private static final String GSI_RUNNING_PROP = "ro.gsid.image_running";
+
/**
* The UIDs that are used for system credential storage in keystore.
*/
public int binderGetCallingUid() {
return Binder.getCallingUid();
}
+
+ public boolean isGsiRunning() {
+ return SystemProperties.getInt(GSI_RUNNING_PROP, 0) > 0;
+ }
}
public LockSettingsService(Context context) {
}
tryRemoveUserFromSpCacheLater(userId);
+ if (mInjector.isGsiRunning()) {
+ Slog.w(TAG, "AuthSecret disabled in GSI");
+ return;
+ }
+
// Pass the primary user's auth secret to the HAL
if (mAuthSecretService != null && mUserManager.getUserInfo(userId).isPrimary()) {
try {
MockSyntheticPasswordManager mSpManager;
IAuthSecret mAuthSecretService;
WindowManagerInternal mMockWindowManager;
+ FakeGsiService mGsiService;
protected boolean mHasSecureLockScreen;
@Override
mDevicePolicyManager = mock(DevicePolicyManager.class);
mDevicePolicyManagerInternal = mock(DevicePolicyManagerInternal.class);
mMockWindowManager = mock(WindowManagerInternal.class);
+ mGsiService = new FakeGsiService();
LocalServices.removeServiceForTest(LockSettingsInternal.class);
LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
mAuthSecretService = mock(IAuthSecret.class);
mService = new LockSettingsServiceTestable(mContext, mLockPatternUtils, mStorage,
mGateKeeperService, mKeyStore, setUpStorageManagerMock(), mActivityManager,
- mSpManager, mAuthSecretService);
+ mSpManager, mAuthSecretService, mGsiService);
when(mUserManager.getUserInfo(eq(PRIMARY_USER_ID))).thenReturn(PRIMARY_USER_INFO);
mPrimaryUserProfiles.add(PRIMARY_USER_INFO);
installChildProfile(MANAGED_PROFILE_USER_ID);
--- /dev/null
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.locksettings;
+
+public class FakeGsiService {
+ private boolean mIsGsiRunning;
+
+ public boolean isGsiRunning() {
+ return mIsGsiRunning;
+ }
+
+ public void setIsGsiRunning(boolean isGsiRunning) {
+ mIsGsiRunning = isGsiRunning;
+ }
+}
private IStorageManager mStorageManager;
private SyntheticPasswordManager mSpManager;
private IAuthSecret mAuthSecretService;
+ private FakeGsiService mGsiService;
public MockInjector(Context context, LockSettingsStorage storage, KeyStore keyStore,
IActivityManager activityManager, LockPatternUtils lockPatternUtils,
IStorageManager storageManager, SyntheticPasswordManager spManager,
- IAuthSecret authSecretService) {
+ IAuthSecret authSecretService, FakeGsiService gsiService) {
super(context);
mLockSettingsStorage = storage;
mKeyStore = keyStore;
mLockPatternUtils = lockPatternUtils;
mStorageManager = storageManager;
mSpManager = spManager;
+ mGsiService = gsiService;
}
@Override
public int binderGetCallingUid() {
return Process.SYSTEM_UID;
}
+
+ @Override
+ public boolean isGsiRunning() {
+ return mGsiService.isGsiRunning();
+ }
}
protected LockSettingsServiceTestable(Context context, LockPatternUtils lockPatternUtils,
LockSettingsStorage storage, FakeGateKeeperService gatekeeper, KeyStore keystore,
IStorageManager storageManager, IActivityManager mActivityManager,
- SyntheticPasswordManager spManager, IAuthSecret authSecretService) {
+ SyntheticPasswordManager spManager, IAuthSecret authSecretService,
+ FakeGsiService gsiService) {
super(new MockInjector(context, storage, keystore, mActivityManager, lockPatternUtils,
- storageManager, spManager, authSecretService));
+ storageManager, spManager, authSecretService, gsiService));
mGateKeeperService = gatekeeper;
mAuthSecretService = authSecretService;
}
assertArrayEquals(PAYLOAD2, deserialized.passwordHandle);
}
+ public void testGsiDisablesAuthSecret() throws RemoteException {
+ mGsiService.setIsGsiRunning(true);
+
+ final String password = "testGsiDisablesAuthSecret-password";
+
+ initializeCredentialUnderSP(password, PRIMARY_USER_ID);
+ assertEquals(VerifyCredentialResponse.RESPONSE_OK, mService.verifyCredential(
+ password, LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 0, PRIMARY_USER_ID)
+ .getResponseCode());
+ verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
+ }
+
// b/62213311
//TODO: add non-migration work profile case, and unify/un-unify transition.
//TODO: test token after user resets password