Skip to content
Commit 5e891bcc authored by Rubin Xu's avatar Rubin Xu
Browse files

Introduce Lockscreen PIN credential as first-class citizen 

* Add CREDENTIAL_TYPE_PIN as the fourth credential type.
* Rename existing CREDENTIAL_TYPE_PASSWORD
  to CREDENTIAL_TYPE_PASSWORD_OR_PIN which is still referenced
  by password data persisted on disk.
* No longer store quality for new credentials (PASSWORD_TYPE_KEY).
  Credential type stored in synthetic password blob is now the single
  source of truth on what credential (None/Pin/Pattern/Password) the
  device currently has.
* Adapt lockscreen FRP to work on a similar fashion (no more quality
  being passed around and stored)
* Adapt RecoverableKeystore to use the new PIN credential type.
* Fix existing unit tests
* Add new unit tests for lockscreen FRP.

Upgrade path:
* Existing credentials will have CREDENTIAL_TYPE_PASSWORD_OR_PIN, and when
  LSS sees this, it will further consult PASSWORD_TYPE_KEY to distinguish
  between PIN and Pattern. The credential will stay this way until the next
  password change i.e. no automatic credential upgrade.
* Existing FRP credential will have CREDENTIAL_TYPE_PASSWORD_OR_PIN, and
  when LSS sees this, it will further consult the saved quality
  PersistentData.qualityForUi to make that distinction.
* Normal and FRP credential enrolled after this CL will store
  CREDENTIAL_TYPE_PIN to indicate this is a numeric PIN.

Bug: 65239740
Test: atest com.android.server.locksettings
Test: atest com.android.internal.widget.LockscreenCredentialTest
Test: atest com.android.internal.util.LockPatternUtilsTest
Test: atest LockSettingsShellCommandTest
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Test: atest FrameworksCoreTests:PasswordMetricsTest
Test: atest FrameworksCoreTests:PasswordPolicyTest
Test: atest MixedManagedProfileOwnerTest#testResetPasswordWithToken
Test: atest com.android.cts.devicepolicy.PasswordComplexityTest
Test: atest com.android.cts.devicepolicy.ManagedProfilePasswordTest
Test: flash an old build, enroll password and flash to new build.
      Verify everything still works.
Test: manually set an PIN/Pattern/Password; then change to
      PIN/Pattern/Password; finally remove password
Test: manually create a work profile; try unify and ununify work
      challenge.
Test: manually test lockscreen FRP flow (change password via Settings /
      DPC)

Change-Id: I781cea4c32d567aac4af692697c4569161580102
parent bb883208
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment