From 1613c712482e35ecb790d386e25fe0ec99bcf135 Mon Sep 17 00:00:00 2001 From: Pavel Grafov Date: Fri, 31 Aug 2018 17:55:18 +0100 Subject: [PATCH] Fix keyguard checking when installing user certs. Currently the condition is inverted, so the user is asked to enroll a password only when there is one already. Also, use existing method instead of a duplicate one. LPU.isSecure doesn't check the credential owner, but for unified lock with empty parent password it will correctly return false, so should be correct. Bug: 113646620 Test: manual, tried installing user certs with and without screen lock. Change-Id: Iabb1614540e454873e48039be13e22cc89b0a7be --- src/com/android/settings/CredentialStorage.java | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/src/com/android/settings/CredentialStorage.java b/src/com/android/settings/CredentialStorage.java index c553e34a5b..319d599018 100644 --- a/src/com/android/settings/CredentialStorage.java +++ b/src/com/android/settings/CredentialStorage.java @@ -106,6 +106,7 @@ public final class CredentialStorage extends FragmentActivity { private static final int CONFIRM_CLEAR_SYSTEM_CREDENTIAL_REQUEST = 2; private final KeyStore mKeyStore = KeyStore.getInstance(); + private LockPatternUtils mUtils; /** * When non-null, the bundle containing credentials to install. @@ -113,6 +114,12 @@ public final class CredentialStorage extends FragmentActivity { private Bundle mInstallBundle; @Override + protected void onCreate(Bundle savedState) { + super.onCreate(savedState); + mUtils = new LockPatternUtils(this); + } + + @Override protected void onResume() { super.onResume(); @@ -160,7 +167,7 @@ public final class CredentialStorage extends FragmentActivity { return; } case UNLOCKED: { - if (isActivePasswordQualityInsufficient()) { + if (!mUtils.isSecure(UserHandle.myUserId())) { final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog(); dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG); return; @@ -179,7 +186,7 @@ public final class CredentialStorage extends FragmentActivity { * case after unlocking with an old-style password). */ private void ensureKeyGuard() { - if (isActivePasswordQualityInsufficient()) { + if (!mUtils.isSecure(UserHandle.myUserId())) { // key guard not setup, doing so will initialize keystore final ConfigureKeyGuardDialog dialog = new ConfigureKeyGuardDialog(); dialog.show(getSupportFragmentManager(), ConfigureKeyGuardDialog.TAG); @@ -194,16 +201,6 @@ public final class CredentialStorage extends FragmentActivity { finish(); } - /** - * Returns true if the currently set key guard violates our minimum quality requirements. - */ - private boolean isActivePasswordQualityInsufficient() { - final int credentialOwner = - UserManager.get(this).getCredentialOwnerProfile(UserHandle.myUserId()); - final int quality = new LockPatternUtils(this).getActivePasswordQuality(credentialOwner); - return (quality >= MIN_PASSWORD_QUALITY); - } - private boolean isHardwareBackedKey(byte[] keyData) { try { final ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(keyData)); @@ -350,7 +347,7 @@ public final class CredentialStorage extends FragmentActivity { protected Boolean doInBackground(Void... unused) { // Clear all the users credentials could have been installed in for this user. - new LockPatternUtils(CredentialStorage.this).resetKeyStore(UserHandle.myUserId()); + mUtils.resetKeyStore(UserHandle.myUserId()); try { final KeyChainConnection keyChainConnection = KeyChain.bind(CredentialStorage.this); -- 2.11.0