From b8c2ef98d5ba2f4b05a06000537570e543baa539 Mon Sep 17 00:00:00 2001 From: Adrian Roos Date: Thu, 6 Dec 2018 17:50:41 +0100 Subject: [PATCH] FRP: save password quality in DPM.resetPassword When setting a password from DPM.resetPassword(), the actual quality of the password was not passed to LockSettingsService (instead, the minimum required quality was passed which is often UNSPECIFIED). As a result, during FRP we would see inconsistent state and skip it. Bug: 110172241 Test: Set credential via DPM.resetPassword(), factory reset device to trigger FRP, verify FRP shows. Change-Id: I54376f60ac53451ace22965d331b47cd8c2e614e Merged-In: I54376f60ac53451ace22965d331b47cd8c2e614e (cherry picked from commit ef116def7c91fd4492a8df03355e1dbdbde02a85) --- .../android/server/devicepolicy/DevicePolicyManagerService.java | 8 +++++--- .../com/android/server/devicepolicy/DevicePolicyManagerTest.java | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 38d7d25dc343..893013ca22e3 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -4346,14 +4346,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token, int flags, int callingUid, int userHandle) { int quality; + final int realQuality; synchronized (this) { quality = getPasswordQuality(null, userHandle, /* parent */ false); if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) { quality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; } final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password); + realQuality = metrics.quality; if (quality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { - final int realQuality = metrics.quality; + if (realQuality < quality && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { Slog.w(LOG_TAG, "resetPassword: password quality 0x" @@ -4440,7 +4442,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { try { if (token == null) { if (!TextUtils.isEmpty(password)) { - mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); + mLockPatternUtils.saveLockPassword(password, null, realQuality, userHandle); } else { mLockPatternUtils.clearLock(null, userHandle); } @@ -4449,7 +4451,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { result = mLockPatternUtils.setLockCredentialWithToken(password, TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, - quality, tokenHandle, token, userHandle); + realQuality, tokenHandle, token, userHandle); } boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0; if (requireEntry) { diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java index 96d9605d3a3d..3eb659ad2a13 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java @@ -3654,7 +3654,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { // test reset password with token when(getServices().lockPatternUtils.setLockCredentialWithToken(eq(password), eq(LockPatternUtils.CREDENTIAL_TYPE_PASSWORD), - eq(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED), eq(handle), eq(token), + eq(DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC), eq(handle), eq(token), eq(UserHandle.USER_SYSTEM))) .thenReturn(true); assertTrue(dpm.resetPasswordWithToken(admin1, password, token, 0)); -- 2.11.0