diff options
| author | Rubin Xu <rubinxu@google.com> | 2019-10-14 10:22:23 +0100 |
|---|---|---|
| committer | Rubin Xu <rubinxu@google.com> | 2019-10-21 15:49:53 +0100 |
| commit | 5e891bcc04556a3595ab349381acc2a2e36a69d1 (patch) | |
| tree | f8f247ca52aa3b4f601b9ad4db4e619b2175141a /keystore/java/android/security/KeyChain.java | |
| parent | bb8832087450b786d5ab6535fc63db9eee855f94 (diff) | |
Introduce Lockscreen PIN credential as first-class citizen
* Add CREDENTIAL_TYPE_PIN as the fourth credential type.
* Rename existing CREDENTIAL_TYPE_PASSWORD
to CREDENTIAL_TYPE_PASSWORD_OR_PIN which is still referenced
by password data persisted on disk.
* No longer store quality for new credentials (PASSWORD_TYPE_KEY).
Credential type stored in synthetic password blob is now the single
source of truth on what credential (None/Pin/Pattern/Password) the
device currently has.
* Adapt lockscreen FRP to work on a similar fashion (no more quality
being passed around and stored)
* Adapt RecoverableKeystore to use the new PIN credential type.
* Fix existing unit tests
* Add new unit tests for lockscreen FRP.
Upgrade path:
* Existing credentials will have CREDENTIAL_TYPE_PASSWORD_OR_PIN, and when
LSS sees this, it will further consult PASSWORD_TYPE_KEY to distinguish
between PIN and Pattern. The credential will stay this way until the next
password change i.e. no automatic credential upgrade.
* Existing FRP credential will have CREDENTIAL_TYPE_PASSWORD_OR_PIN, and
when LSS sees this, it will further consult the saved quality
PersistentData.qualityForUi to make that distinction.
* Normal and FRP credential enrolled after this CL will store
CREDENTIAL_TYPE_PIN to indicate this is a numeric PIN.
Bug: 65239740
Test: atest com.android.server.locksettings
Test: atest com.android.internal.widget.LockscreenCredentialTest
Test: atest com.android.internal.util.LockPatternUtilsTest
Test: atest LockSettingsShellCommandTest
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Test: atest FrameworksCoreTests:PasswordMetricsTest
Test: atest FrameworksCoreTests:PasswordPolicyTest
Test: atest MixedManagedProfileOwnerTest#testResetPasswordWithToken
Test: atest com.android.cts.devicepolicy.PasswordComplexityTest
Test: atest com.android.cts.devicepolicy.ManagedProfilePasswordTest
Test: flash an old build, enroll password and flash to new build.
Verify everything still works.
Test: manually set an PIN/Pattern/Password; then change to
PIN/Pattern/Password; finally remove password
Test: manually create a work profile; try unify and ununify work
challenge.
Test: manually test lockscreen FRP flow (change password via Settings /
DPC)
Change-Id: I781cea4c32d567aac4af692697c4569161580102
Diffstat (limited to 'keystore/java/android/security/KeyChain.java')
0 files changed, 0 insertions, 0 deletions