Add escrow token API in DevicePolicyManager.
Take advantage of the new authentication flow in LockSettingsService
and allow PO or DO to provision escrow tokens on the device. The
escrow token grants them the ability to change device lockscreen
(if used by DO) or work profile challenge (if used by PO). The
new password reset mechanism is even usable before user unlocks,
and it preserves authentication-bound keys in keystore.
Test: runtest frameworks-services -c com.android.server.SyntheticPasswordTests
Test: runtest frameworks-services -c com.android.server.devicepolicy.DevicePolicyManagerTest
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testResetPasswordWithToken
Bug: 33126620
Change-Id: Iaa684c51946f726cbd909e9ac70ad3e9ca3de1ac
diff --git a/api/current.txt b/api/current.txt
index 5a5f9bc..619a521 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -6200,6 +6200,7 @@
method public void clearDeviceOwnerApp(java.lang.String);
method public void clearPackagePersistentPreferredActivities(android.content.ComponentName, java.lang.String);
method public void clearProfileOwner(android.content.ComponentName);
+ method public boolean clearResetPasswordToken(android.content.ComponentName);
method public void clearUserRestriction(android.content.ComponentName, java.lang.String);
method public android.content.Intent createAdminSupportIntent(java.lang.String);
method public android.os.UserHandle createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int);
@@ -6276,6 +6277,7 @@
method public boolean isPackageSuspended(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;
method public boolean isProfileOwnerApp(java.lang.String);
method public boolean isProvisioningAllowed(java.lang.String);
+ method public boolean isResetPasswordTokenActive(android.content.ComponentName);
method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
method public void lockNow();
@@ -6287,6 +6289,7 @@
method public boolean removeUser(android.content.ComponentName, android.os.UserHandle);
method public boolean requestBugreport(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
+ method public boolean resetPasswordWithToken(android.content.ComponentName, java.lang.String, byte[], int);
method public java.util.List<android.app.admin.NetworkEvent> retrieveNetworkLogs(android.content.ComponentName, long);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);
@@ -6335,6 +6338,7 @@
method public void setProfileName(android.content.ComponentName, java.lang.String);
method public void setRecommendedGlobalProxy(android.content.ComponentName, android.net.ProxyInfo);
method public void setRequiredStrongAuthTimeout(android.content.ComponentName, long);
+ method public boolean setResetPasswordToken(android.content.ComponentName, byte[]);
method public void setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName);
method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);
method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);
diff --git a/api/system-current.txt b/api/system-current.txt
index acbd8b9..80d4634 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -6405,6 +6405,7 @@
method public void clearDeviceOwnerApp(java.lang.String);
method public void clearPackagePersistentPreferredActivities(android.content.ComponentName, java.lang.String);
method public void clearProfileOwner(android.content.ComponentName);
+ method public boolean clearResetPasswordToken(android.content.ComponentName);
method public void clearUserRestriction(android.content.ComponentName, java.lang.String);
method public android.content.Intent createAdminSupportIntent(java.lang.String);
method public android.os.UserHandle createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int);
@@ -6495,6 +6496,7 @@
method public boolean isPackageSuspended(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;
method public boolean isProfileOwnerApp(java.lang.String);
method public boolean isProvisioningAllowed(java.lang.String);
+ method public boolean isResetPasswordTokenActive(android.content.ComponentName);
method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
method public void lockNow();
@@ -6509,6 +6511,7 @@
method public boolean removeUser(android.content.ComponentName, android.os.UserHandle);
method public boolean requestBugreport(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
+ method public boolean resetPasswordWithToken(android.content.ComponentName, java.lang.String, byte[], int);
method public java.util.List<android.app.admin.NetworkEvent> retrieveNetworkLogs(android.content.ComponentName, long);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);
@@ -6559,6 +6562,7 @@
method public void setProfileName(android.content.ComponentName, java.lang.String);
method public void setRecommendedGlobalProxy(android.content.ComponentName, android.net.ProxyInfo);
method public void setRequiredStrongAuthTimeout(android.content.ComponentName, long);
+ method public boolean setResetPasswordToken(android.content.ComponentName, byte[]);
method public void setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName);
method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);
method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);
diff --git a/api/test-current.txt b/api/test-current.txt
index 4de1b1d..a2c612a 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -6217,6 +6217,7 @@
method public void clearDeviceOwnerApp(java.lang.String);
method public void clearPackagePersistentPreferredActivities(android.content.ComponentName, java.lang.String);
method public void clearProfileOwner(android.content.ComponentName);
+ method public boolean clearResetPasswordToken(android.content.ComponentName);
method public void clearUserRestriction(android.content.ComponentName, java.lang.String);
method public android.content.Intent createAdminSupportIntent(java.lang.String);
method public android.os.UserHandle createAndManageUser(android.content.ComponentName, java.lang.String, android.content.ComponentName, android.os.PersistableBundle, int);
@@ -6298,6 +6299,7 @@
method public boolean isPackageSuspended(android.content.ComponentName, java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException;
method public boolean isProfileOwnerApp(java.lang.String);
method public boolean isProvisioningAllowed(java.lang.String);
+ method public boolean isResetPasswordTokenActive(android.content.ComponentName);
method public boolean isSecurityLoggingEnabled(android.content.ComponentName);
method public boolean isUninstallBlocked(android.content.ComponentName, java.lang.String);
method public void lockNow();
@@ -6309,6 +6311,7 @@
method public boolean removeUser(android.content.ComponentName, android.os.UserHandle);
method public boolean requestBugreport(android.content.ComponentName);
method public boolean resetPassword(java.lang.String, int);
+ method public boolean resetPasswordWithToken(android.content.ComponentName, java.lang.String, byte[], int);
method public java.util.List<android.app.admin.NetworkEvent> retrieveNetworkLogs(android.content.ComponentName, long);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrievePreRebootSecurityLogs(android.content.ComponentName);
method public java.util.List<android.app.admin.SecurityLog.SecurityEvent> retrieveSecurityLogs(android.content.ComponentName);
@@ -6357,6 +6360,7 @@
method public void setProfileName(android.content.ComponentName, java.lang.String);
method public void setRecommendedGlobalProxy(android.content.ComponentName, android.net.ProxyInfo);
method public void setRequiredStrongAuthTimeout(android.content.ComponentName, long);
+ method public boolean setResetPasswordToken(android.content.ComponentName, byte[]);
method public void setRestrictionsProvider(android.content.ComponentName, android.content.ComponentName);
method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);
method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index f1ccabe..0eb47a3 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -28,6 +28,7 @@
import android.annotation.WorkerThread;
import android.app.Activity;
import android.app.IServiceConnection;
+import android.app.KeyguardManager;
import android.app.admin.SecurityLog.SecurityEvent;
import android.content.ComponentName;
import android.content.Context;
@@ -2694,6 +2695,11 @@
* Force a new device unlock password (the password needed to access the entire device, not for
* individual accounts) on the user. This takes effect immediately.
* <p>
+ * <em>For device owner and profile owners targeting SDK level
+ * {@link android.os.Build.VERSION_CODES#O} or above, this API is no longer available and will
+ * throw {@link SecurityException}. Please use the new API {@link #resetPasswordWithToken}
+ * instead. </em>
+ * <p>
* <em>Note: This API has been limited as of {@link android.os.Build.VERSION_CODES#N} for
* device admins that are not device owner and not profile owner.
* The password can now only be changed if there is currently no password set. Device owner
@@ -2740,6 +2746,127 @@
}
/**
+ * Called by a profile or device owner to provision a token which can later be used to reset the
+ * device lockscreen password (if called by device owner), or work challenge (if called by
+ * profile owner), via {@link #resetPasswordWithToken}.
+ * <p>
+ * If the user currently has a lockscreen password, the provisioned token will not be
+ * immediately usable; it only becomes active after the user performs a confirm credential
+ * operation, which can be triggered by {@link KeyguardManager#createConfirmDeviceCredentialIntent}.
+ * If the user has no lockscreen password, the token is activated immediately. In all cases,
+ * the active state of the current token can be checked by {@link #isResetPasswordTokenActive}.
+ * For security reasons, un-activated tokens are only stored in memory and will be lost once
+ * the device reboots. In this case a new token needs to be provisioned again.
+ * <p>
+ * Once provisioned and activated, the token will remain effective even if the user changes
+ * or clears the lockscreen password.
+ * <p>
+ * <em>This token is highly sensitive and should be treated at the same level as user
+ * credentials. In particular, NEVER store this token on device in plaintext, especially in
+ * Device-Encrypted storage if the token will be used to reset password on FBE devices before
+ * user unlocks.
+ * </em>
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+ * @param token a secure token a least 32-byte long, which must be generated by a
+ * cryptographically strong random number generator.
+ * @return true if the operation is successful, false otherwise.
+ * @throws IllegalArgumentException if the supplied token is invalid.
+ * @throws SecurityException
+ */
+ public boolean setResetPasswordToken(ComponentName admin, byte[] token) {
+ throwIfParentInstance("setResetPasswordToken");
+ if (mService != null) {
+ try {
+ return mService.setResetPasswordToken(admin, token);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Called by a profile or device owner to revoke the current password reset token.
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+ * @return true if the operation is successful, false otherwise.
+ */
+ public boolean clearResetPasswordToken(ComponentName admin) {
+ throwIfParentInstance("clearResetPasswordToken");
+ if (mService != null) {
+ try {
+ return mService.clearResetPasswordToken(admin);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Called by a profile or device owner to check if the current reset password token is active.
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+ * @return true if the token is active, false otherwise.
+ * @throws IllegalStateException if no token has been set.
+ */
+ public boolean isResetPasswordTokenActive(ComponentName admin) {
+ throwIfParentInstance("isResetPasswordTokenActive");
+ if (mService != null) {
+ try {
+ return mService.isResetPasswordTokenActive(admin);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Called by device or profile owner to force set a new device unlock password or a work profile
+ * challenge on current user. This takes effect immediately.
+ * <p>
+ * Unlike {@link #resetPassword}, this API can change the password even before the user or
+ * device is unlocked or decrypted. The supplied token must have been previously provisioned via
+ * {@link #setResetPasswordToken}, and in active state {@link #isResetPasswordTokenActive}.
+ * <p>
+ * The given password must be sufficient for the current password quality and length constraints
+ * as returned by {@link #getPasswordQuality(ComponentName)} and
+ * {@link #getPasswordMinimumLength(ComponentName)}; if it does not meet these constraints, then
+ * it will be rejected and false returned. Note that the password may be a stronger quality
+ * (containing alphanumeric characters when the requested quality is only numeric), in which
+ * case the currently active quality will be increased to match.
+ * <p>
+ * Calling with a null or empty password will clear any existing PIN, pattern or password if the
+ * current password constraints allow it.
+ *
+ * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
+ * @param password The new password for the user. Null or empty clears the password.
+ * @param token the password reset token previously provisioned by #setResetPasswordToken.
+ * @param flags May be 0 or combination of {@link #RESET_PASSWORD_REQUIRE_ENTRY} and
+ * {@link #RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT}.
+ * @return Returns true if the password was applied, or false if it is not acceptable for the
+ * current constraints.
+ * @throws SecurityException if the calling application does not own an active administrator
+ * that uses {@link DeviceAdminInfo#USES_POLICY_RESET_PASSWORD}
+ * @throws IllegalStateException if the provided token is not valid.
+ * @throws IllegalArgumentException if the password does not meet system requirements.
+ */
+ public boolean resetPasswordWithToken(@NonNull ComponentName admin, String password,
+ byte[] token, int flags) {
+ throwIfParentInstance("resetPassword");
+ if (mService != null) {
+ try {
+ return mService.resetPasswordWithToken(admin, password, token, flags);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+ return false;
+ }
+
+ /**
* Called by an application that is administering the device to set the maximum time for user
* activity until the device will lock. This limits the length that the user can set. It takes
* effect immediately.
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 79fe10e..c2f75c8 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -342,4 +342,9 @@
long getLastSecurityLogRetrievalTime();
long getLastBugReportRequestTime();
long getLastNetworkLogRetrievalTime();
+
+ boolean setResetPasswordToken(in ComponentName admin, in byte[] token);
+ boolean clearResetPasswordToken(in ComponentName admin);
+ boolean isResetPasswordTokenActive(in ComponentName admin);
+ boolean resetPasswordWithToken(in ComponentName admin, String password, in byte[] token, int flags);
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index c68a1ae..ed4ded4 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -244,6 +244,8 @@
private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle";
+ private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token";
+
private static final int REQUEST_EXPIRE_PASSWORD = 5571;
private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1);
@@ -506,6 +508,8 @@
boolean mAdminBroadcastPending = false;
PersistableBundle mInitBundle = null;
+ long mPasswordTokenHandle = 0;
+
public DevicePolicyData(int userHandle) {
mUserHandle = userHandle;
}
@@ -2557,6 +2561,13 @@
out.endTag(null, TAG_INITIALIZATION_BUNDLE);
}
+ if (policy.mPasswordTokenHandle != 0) {
+ out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE);
+ out.attribute(null, ATTR_VALUE,
+ Long.toString(policy.mPasswordTokenHandle));
+ out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE);
+ }
+
out.endTag(null, "policies");
out.endDocument();
@@ -2763,6 +2774,9 @@
m.symbols = Integer.parseInt(parser.getAttributeValue(null, "symbols"));
m.nonLetter = Integer.parseInt(parser.getAttributeValue(null, "nonletter"));
}
+ } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) {
+ policy.mPasswordTokenHandle = Long.parseLong(
+ parser.getAttributeValue(null, ATTR_VALUE));
} else {
Slog.w(LOG_TAG, "Unknown tag: " + tag);
XmlUtils.skipCurrentTag(parser);
@@ -4074,12 +4088,8 @@
mInjector.binderRestoreCallingIdentity(token);
}
}
-
@Override
public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException {
- if (!mHasFeature) {
- return false;
- }
final int callingUid = mInjector.binderGetCallingUid();
final int userHandle = mInjector.userHandleGetCallingUserId();
@@ -4090,15 +4100,18 @@
enforceNotManagedProfile(userHandle, "clear the active password");
}
- int quality;
synchronized (this) {
// If caller has PO (or DO) it can change the password, so see if that's the case first.
ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked(
null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid);
final boolean preN;
if (admin != null) {
- preN = getTargetSdk(admin.info.getPackageName(),
- userHandle) <= android.os.Build.VERSION_CODES.M;
+ final int targetSdk = getTargetSdk(admin.info.getPackageName(), userHandle);
+ if (targetSdk >= Build.VERSION_CODES.O) {
+ throw new SecurityException("resetPassword() is deprecated for DPC targeting O"
+ + " or later");
+ }
+ preN = targetSdk <= android.os.Build.VERSION_CODES.M;
} else {
// Otherwise, make sure the caller has any active admin with the right policy.
admin = getActiveAdminForCallerLocked(null,
@@ -4149,7 +4162,15 @@
return false;
}
}
+ }
+ return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle);
+ }
+
+ private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token,
+ int flags, int callingUid, int userHandle) {
+ int quality;
+ synchronized (this) {
quality = getPasswordQuality(null, userHandle, /* parent */ false);
if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) {
quality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
@@ -4239,11 +4260,20 @@
// Don't do this with the lock held, because it is going to call
// back in to the service.
final long ident = mInjector.binderClearCallingIdentity();
+ final boolean result;
try {
- if (!TextUtils.isEmpty(password)) {
- mLockPatternUtils.saveLockPassword(password, null, quality, userHandle);
+ if (token == null) {
+ if (!TextUtils.isEmpty(password)) {
+ mLockPatternUtils.saveLockPassword(password, null, quality, userHandle);
+ } else {
+ mLockPatternUtils.clearLock(null, userHandle);
+ }
+ result = true;
} else {
- mLockPatternUtils.clearLock(null, userHandle);
+ result = mLockPatternUtils.setLockCredentialWithToken(password,
+ TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE
+ : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD,
+ tokenHandle, token, userHandle);
}
boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0;
if (requireEntry) {
@@ -4260,8 +4290,7 @@
} finally {
mInjector.binderRestoreCallingIdentity(ident);
}
-
- return true;
+ return result;
}
private boolean isLockScreenSecureUnchecked(int userId) {
@@ -9090,13 +9119,16 @@
}
final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent()
.getPackageName();
- final String[] pkgs = mInjector.getPackageManager().getPackagesForUid(callerUid);
-
- for (String pkg : pkgs) {
- if (deviceOwnerPackageName.equals(pkg)) {
- return true;
+ try {
+ String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid);
+ for (String pkg : pkgs) {
+ if (deviceOwnerPackageName.equals(pkg)) {
+ return true;
+ }
+ }
+ } catch (RemoteException e) {
+ return false;
}
- }
}
return false;
@@ -10617,4 +10649,98 @@
enforceDeviceOwnerOrManageUsers();
return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime;
}
+
+ @Override
+ public boolean setResetPasswordToken(ComponentName admin, byte[] token) {
+ if (!mHasFeature) {
+ return false;
+ }
+ if (token == null || token.length < 32) {
+ throw new IllegalArgumentException("token must be at least 32-byte long");
+ }
+ synchronized (this) {
+ final int userHandle = mInjector.userHandleGetCallingUserId();
+ getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+
+ DevicePolicyData policy = getUserData(userHandle);
+ long ident = mInjector.binderClearCallingIdentity();
+ try {
+ if (policy.mPasswordTokenHandle != 0) {
+ mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle);
+ }
+
+ policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle);
+ saveSettingsLocked(userHandle);
+ return policy.mPasswordTokenHandle != 0;
+ } finally {
+ mInjector.binderRestoreCallingIdentity(ident);
+ }
+ }
+ }
+
+ @Override
+ public boolean clearResetPasswordToken(ComponentName admin) {
+ if (!mHasFeature) {
+ return false;
+ }
+ synchronized (this) {
+ final int userHandle = mInjector.userHandleGetCallingUserId();
+ getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+
+ DevicePolicyData policy = getUserData(userHandle);
+ if (policy.mPasswordTokenHandle != 0) {
+ long ident = mInjector.binderClearCallingIdentity();
+ try {
+ boolean result = mLockPatternUtils.removeEscrowToken(
+ policy.mPasswordTokenHandle, userHandle);
+ policy.mPasswordTokenHandle = 0;
+ saveSettingsLocked(userHandle);
+ return result;
+ } finally {
+ mInjector.binderRestoreCallingIdentity(ident);
+ }
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean isResetPasswordTokenActive(ComponentName admin) {
+ synchronized (this) {
+ final int userHandle = mInjector.userHandleGetCallingUserId();
+ getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+
+ DevicePolicyData policy = getUserData(userHandle);
+ if (policy.mPasswordTokenHandle != 0) {
+ long ident = mInjector.binderClearCallingIdentity();
+ try {
+ return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle,
+ userHandle);
+ } finally {
+ mInjector.binderRestoreCallingIdentity(ident);
+ }
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token,
+ int flags) {
+ Preconditions.checkNotNull(token);
+ synchronized (this) {
+ final int userHandle = mInjector.userHandleGetCallingUserId();
+ getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+
+ DevicePolicyData policy = getUserData(userHandle);
+ if (policy.mPasswordTokenHandle != 0) {
+ final String password = passwordOrNull != null ? passwordOrNull : "";
+ return resetPasswordInternal(password, policy.mPasswordTokenHandle, token,
+ flags, mInjector.binderGetCallingUid(), userHandle);
+ } else {
+ Slog.w(LOG_TAG, "No saved token handle");
+ }
+ }
+ return false;
+ }
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index a186b59..23a1bb4 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -56,6 +56,7 @@
import com.android.internal.R;
import com.android.internal.util.ParcelableString;
+import com.android.internal.widget.LockPatternUtils;
import com.android.server.LocalServices;
import com.android.server.SystemService;
import com.android.server.pm.UserRestrictionsUtils;
@@ -3735,6 +3736,41 @@
dpm.getPermissionGrantState(admin1, app2, permission));
}
+ public void testResetPasswordWithToken() throws Exception {
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+ setupDeviceOwner();
+ // test token validation
+ try {
+ dpm.setResetPasswordToken(admin1, new byte[31]);
+ fail("should not have accepted tokens too short");
+ } catch (IllegalArgumentException expected) {
+ }
+ // test adding a token
+ final byte[] token = new byte[32];
+ final long handle = 123456;
+ final String password = "password";
+ when(mContext.lockPatternUtils.addEscrowToken(eq(token), eq(UserHandle.USER_SYSTEM)))
+ .thenReturn(handle);
+ assertTrue(dpm.setResetPasswordToken(admin1, token));
+
+ // test password activation
+ when(mContext.lockPatternUtils.isEscrowTokenActive(eq(handle), eq(UserHandle.USER_SYSTEM)))
+ .thenReturn(true);
+ assertTrue(dpm.isResetPasswordTokenActive(admin1));
+
+ // test reset password with token
+ when(mContext.lockPatternUtils.setLockCredentialWithToken(eq(password),
+ eq(LockPatternUtils.CREDENTIAL_TYPE_PASSWORD), eq(handle), eq(token),
+ eq(UserHandle.USER_SYSTEM)))
+ .thenReturn(true);
+ assertTrue(dpm.resetPasswordWithToken(admin1, password, token, 0));
+
+ // test removing a token
+ when(mContext.lockPatternUtils.removeEscrowToken(eq(handle), eq(UserHandle.USER_SYSTEM)))
+ .thenReturn(true);
+ assertTrue(dpm.clearResetPasswordToken(admin1));
+ }
+
private void setUserSetupCompleteForUser(boolean isUserSetupComplete, int userhandle) {
when(mContext.settings.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0,
userhandle)).thenReturn(isUserSetupComplete ? 1 : 0);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmTestBase.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmTestBase.java
index ed6779c..43e2610 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmTestBase.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmTestBase.java
@@ -174,6 +174,8 @@
anyInt(),
eq(UserHandle.getUserId(packageUid)));
+ doReturn(new String[] {admin.getPackageName()}).when(mMockContext.ipackageManager)
+ .getPackagesForUid(eq(packageUid));
// Set up getPackageInfo().
markPackageAsInstalled(admin.getPackageName(), ai, UserHandle.getUserId(packageUid));
}