Skip to content
Commit 3bf722a8 authored by Rubin Xu's avatar Rubin Xu
Browse files

Add synthetic password to authentication flow

The user password is used to unlock a per-user synthetic password which
serves the purpose of what the user password previsouly achieves (protect
keystore, vold disk encryption, auth token generation).

Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests
Test: manual
    1. Start with fresh device, enable synthetic password with "adb shell cmd lock_settings sp 1"
        1.1 add device lock, reboot and verify (positive & negative); change device lock, reboot and verify.
        1.2 Inflate a work profile, reboot and verify device lock. check SID with "adb shell dumpsys lock_settings"
        1.3 Un-unify and add work challenge, reboot and verify work challenge and SID.
        1.4 Re-unify work challenge, reboot and verify.
        1.5 Clear device lock, reboot and verify lock and SID.

    2. Start with a fresh device, add a device lock and inflate a work profile.
        2.1 Enable synthetic password, note current SID
        2.2 Reboot and unlock device. Verify synthetic password is generated and SID remains.
        2.3 Clear device lock, reboot and verify (SID should be cleared)

    3. Start with a fresh device, inflate a work profile, add separate work challenge
        3.1 Enable synthetic password, not current SID
        3.2 Reboot and unlock device and profile. Verify synthetic password is generated.
        3.3 Clear device lock only, reboot and verify (work profile SID should remain)

    All steps tested on marlin (FBE) and bullhead (FDE)

Bug: 33126414
Change-Id: Idb9ebfc7bba2fe40670c5fee2189e873d9704540
parent 1ea19d34
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment