Merge changes Ic4587c5b,Ib7118228,I3411a0fb
* changes:
Include isHashedValue in rule structure
Support optional rule attributes in XML parser
Add rule component validations
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 5b7a814..770db58 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -10116,6 +10116,11 @@
pw.println("-------------------------------------------------------------------------------");
}
dumpProcessesLocked(fd, pw, args, opti, dumpAll, dumpPackage, dumpAppId);
+ pw.println();
+ if (dumpAll) {
+ pw.println("-------------------------------------------------------------------------------");
+ }
+ dumpUsersLocked(pw);
}
}
@@ -10404,6 +10409,10 @@
}
} else if ("locks".equals(cmd)) {
LockGuard.dump(fd, pw, args);
+ } else if ("users".equals(cmd)) {
+ synchronized (this) {
+ dumpUsersLocked(pw);
+ }
} else {
// Dumping a single activity?
if (!mAtmInternal.dumpActivity(fd, pw, cmd, args, opti, dumpAll,
@@ -10878,12 +10887,6 @@
needSep = mAppErrors.dumpLocked(fd, pw, needSep, dumpPackage);
- if (dumpPackage == null) {
- pw.println();
- needSep = false;
- mUserController.dump(pw, dumpAll);
- }
-
needSep = mAtmInternal.dumpForProcesses(fd, pw, dumpAll, dumpPackage, dumpAppId, needSep,
mTestPssMode, mWakefulness);
@@ -11093,6 +11096,12 @@
}
@GuardedBy("this")
+ private void dumpUsersLocked(PrintWriter pw) {
+ pw.println("ACTIVITY MANAGER USERS (dumpsys activity users)");
+ mUserController.dump(pw);
+ }
+
+ @GuardedBy("this")
void writeProcessesToProtoLocked(ProtoOutputStream proto, String dumpPackage) {
int numPers = 0;
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index 31ceb38..53ac4ec 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -2130,7 +2130,7 @@
}
}
- void dump(PrintWriter pw, boolean dumpAll) {
+ void dump(PrintWriter pw) {
synchronized (mLock) {
pw.println(" mStartedUsers:");
for (int i = 0; i < mStartedUsers.size(); i++) {
@@ -2164,7 +2164,11 @@
}
}
pw.println(" mCurrentUserId:" + mCurrentUserId);
+ pw.println(" mTargetUserId:" + mTargetUserId);
pw.println(" mLastActiveUsers:" + mLastActiveUsers);
+ pw.println(" mDelayUserDataLocking:" + mDelayUserDataLocking);
+ pw.println(" mMaxRunningUsers:" + mMaxRunningUsers);
+ pw.println(" mUserSwitchUiEnabled:" + mUserSwitchUiEnabled);
}
}
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
index f23ac34..e9a8085 100644
--- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
+++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
@@ -38,6 +38,7 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.ArrayUtils;
+import com.android.internal.util.Preconditions;
import com.android.internal.widget.ICheckCredentialProgressCallback;
import com.android.internal.widget.LockPatternUtils;
import com.android.internal.widget.LockscreenCredential;
@@ -139,17 +140,38 @@
public VerifyCredentialResponse gkResponse;
}
+ /**
+ * This class represents the master cryptographic secret for a given user (a.k.a synthietic
+ * password). This secret is derived from the user's lockscreen credential or password escrow
+ * token. All other cryptograhic keys related to the user, including disk encryption key,
+ * keystore encryption key, gatekeeper auth key, vendor auth secret and others are directly
+ * derived from this token.
+ * <p>
+ * The master secret associated with an authentication token is retrievable from
+ * {@link AuthenticationToken#getSyntheticPassword()} and the authentication token can be
+ * reconsturcted from the master secret later with
+ * {@link AuthenticationToken#recreateDirectly(byte[])}. The first time an authentication token
+ * is needed, it should be created with {@link AuthenticationToken#create()} so that the
+ * necessary escrow data ({@link #mEncryptedEscrowSplit0} and {@link #mEscrowSplit1}) is
+ * properly initialized. The caller can either persist the (non-secret) esscrow data if escrow
+ * is required, or discard it to cryptograhically disable escrow. To support escrow, the caller
+ * needs to securely store the secret returned from
+ * {@link AuthenticationToken#getEscrowSecret()}, and at the time of use, load the escrow data
+ * back with {@link AuthenticationToken#setEscrowData(byte[], byte[])} and then re-create the
+ * master secret from the escrow secret via
+ * {@link AuthenticationToken#recreateFromEscrow(byte[])}.
+ */
static class AuthenticationToken {
private final byte mVersion;
- /*
- * Here is the relationship between all three fields:
- * P0 and P1 are two randomly-generated blocks. P1 is stored on disk but P0 is not.
- * syntheticPassword = hash(P0 || P1)
- * E0 = P0 encrypted under syntheticPassword, stored on disk.
+ /**
+ * Here is the relationship between these fields:
+ * Generate two random block P0 and P1. P1 is recorded in mEscrowSplit1 but P0 is not.
+ * mSyntheticPassword = hash(P0 || P1)
+ * E0 = P0 encrypted under syntheticPassword, recoreded in mEncryptedEscrowSplit0.
*/
- private @Nullable byte[] E0;
- private @Nullable byte[] P1;
- private @NonNull String syntheticPassword;
+ private @NonNull byte[] mSyntheticPassword;
+ private @Nullable byte[] mEncryptedEscrowSplit0;
+ private @Nullable byte[] mEscrowSplit1;
AuthenticationToken(byte version) {
mVersion = version;
@@ -157,11 +179,11 @@
private byte[] derivePassword(byte[] personalization) {
if (mVersion == SYNTHETIC_PASSWORD_VERSION_V3) {
- return (new SP800Derive(syntheticPassword.getBytes()))
+ return (new SP800Derive(mSyntheticPassword))
.withContext(personalization, PERSONALISATION_CONTEXT);
} else {
return SyntheticPasswordCrypto.personalisedHash(personalization,
- syntheticPassword.getBytes());
+ mSyntheticPassword);
}
}
@@ -185,32 +207,77 @@
return derivePassword(PERSONALIZATION_PASSWORD_HASH);
}
- private void initialize(byte[] P0, byte[] P1) {
- this.P1 = P1;
- this.syntheticPassword = String.valueOf(HexEncoding.encode(
- SyntheticPasswordCrypto.personalisedHash(
- PERSONALIZATION_SP_SPLIT, P0, P1)));
- this.E0 = SyntheticPasswordCrypto.encrypt(this.syntheticPassword.getBytes(),
- PERSONALIZATION_E0, P0);
+ /**
+ * Assign escrow data to this auth token. This is a prerequisite to call
+ * {@link AuthenticationToken#recreateFromEscrow}.
+ */
+ public void setEscrowData(@Nullable byte[] encryptedEscrowSplit0,
+ @Nullable byte[] escrowSplit1) {
+ mEncryptedEscrowSplit0 = encryptedEscrowSplit0;
+ mEscrowSplit1 = escrowSplit1;
}
- public void recreate(byte[] secret) {
- initialize(secret, this.P1);
+ /**
+ * Re-creates authentication token from escrow secret (escrowSplit0, returned from
+ * {@link AuthenticationToken#getEscrowSecret}). Escrow data needs to be loaded
+ * by {@link #setEscrowData} before calling this.
+ */
+ public void recreateFromEscrow(byte[] escrowSplit0) {
+ Preconditions.checkNotNull(mEscrowSplit1);
+ Preconditions.checkNotNull(mEncryptedEscrowSplit0);
+ recreate(escrowSplit0, mEscrowSplit1);
}
- protected static AuthenticationToken create() {
+ /**
+ * Re-creates authentication token from synthetic password directly.
+ */
+ public void recreateDirectly(byte[] syntheticPassword) {
+ this.mSyntheticPassword = Arrays.copyOf(syntheticPassword, syntheticPassword.length);
+ }
+
+ /**
+ * Generates a new random synthetic password with escrow data.
+ */
+ static AuthenticationToken create() {
AuthenticationToken result = new AuthenticationToken(SYNTHETIC_PASSWORD_VERSION_V3);
- result.initialize(secureRandom(SYNTHETIC_PASSWORD_LENGTH),
- secureRandom(SYNTHETIC_PASSWORD_LENGTH));
+ byte[] escrowSplit0 = secureRandom(SYNTHETIC_PASSWORD_LENGTH);
+ byte[] escrowSplit1 = secureRandom(SYNTHETIC_PASSWORD_LENGTH);
+ result.recreate(escrowSplit0, escrowSplit1);
+ byte[] encrypteEscrowSplit0 = SyntheticPasswordCrypto.encrypt(result.mSyntheticPassword,
+ PERSONALIZATION_E0, escrowSplit0);
+ result.setEscrowData(encrypteEscrowSplit0, escrowSplit1);
return result;
}
- public byte[] computeP0() {
- if (E0 == null) {
+ /**
+ * Re-creates synthetic password from both escrow splits. See javadoc for
+ * AuthenticationToken.mSyntheticPassword for details on what each block means.
+ */
+ private void recreate(byte[] escrowSplit0, byte[] escrowSplit1) {
+ mSyntheticPassword = String.valueOf(HexEncoding.encode(
+ SyntheticPasswordCrypto.personalisedHash(
+ PERSONALIZATION_SP_SPLIT, escrowSplit0, escrowSplit1))).getBytes();
+ }
+
+ /**
+ * Returns the escrow secret that can be used later to reconstruct this authentication
+ * token from {@link #recreateFromEscrow(byte[])}. Only possible if escrow is not disabled
+ * (encryptedEscrowSplit0 known).
+ */
+ public byte[] getEscrowSecret() {
+ if (mEncryptedEscrowSplit0 == null) {
return null;
}
- return SyntheticPasswordCrypto.decrypt(syntheticPassword.getBytes(), PERSONALIZATION_E0,
- E0);
+ return SyntheticPasswordCrypto.decrypt(mSyntheticPassword, PERSONALIZATION_E0,
+ mEncryptedEscrowSplit0);
+ }
+
+ /**
+ * Returns the raw synthetic password that can be used later to reconstruct this
+ * authentication token from {@link #recreateDirectly(byte[])}
+ */
+ public byte[] getSyntheticPassword() {
+ return mSyntheticPassword;
}
}
@@ -537,14 +604,15 @@
}
private boolean loadEscrowData(AuthenticationToken authToken, int userId) {
- authToken.E0 = loadState(SP_E0_NAME, DEFAULT_HANDLE, userId);
- authToken.P1 = loadState(SP_P1_NAME, DEFAULT_HANDLE, userId);
- return authToken.E0 != null && authToken.P1 != null;
+ byte[] e0 = loadState(SP_E0_NAME, DEFAULT_HANDLE, userId);
+ byte[] p1 = loadState(SP_P1_NAME, DEFAULT_HANDLE, userId);
+ authToken.setEscrowData(e0, p1);
+ return e0 != null && p1 != null;
}
private void saveEscrowData(AuthenticationToken authToken, int userId) {
- saveState(SP_E0_NAME, authToken.E0, DEFAULT_HANDLE, userId);
- saveState(SP_P1_NAME, authToken.P1, DEFAULT_HANDLE, userId);
+ saveState(SP_E0_NAME, authToken.mEncryptedEscrowSplit0, DEFAULT_HANDLE, userId);
+ saveState(SP_P1_NAME, authToken.mEscrowSplit1, DEFAULT_HANDLE, userId);
}
public boolean hasEscrowData(int userId) {
@@ -862,9 +930,9 @@
byte[] applicationId, long sid, int userId) {
final byte[] secret;
if (type == SYNTHETIC_PASSWORD_TOKEN_BASED) {
- secret = authToken.computeP0();
+ secret = authToken.getEscrowSecret();
} else {
- secret = authToken.syntheticPassword.getBytes();
+ secret = authToken.getSyntheticPassword();
}
byte[] content = createSPBlob(getHandleName(handle), secret, applicationId, sid);
byte[] blob = new byte[content.length + 1 + 1];
@@ -1058,9 +1126,9 @@
Slog.e(TAG, "User is not escrowable: " + userId);
return null;
}
- result.recreate(secret);
+ result.recreateFromEscrow(secret);
} else {
- result.syntheticPassword = new String(secret);
+ result.recreateDirectly(secret);
}
if (version == SYNTHETIC_PASSWORD_VERSION_V1) {
Slog.i(TAG, "Upgrade v1 SP blob for user " + userId + ", type = " + type);
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index 69c7cf2..f67d3c0 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -1361,7 +1361,11 @@
if (tagName.equals(TAG_ITEM)) {
PreferredActivity pa = new PreferredActivity(parser);
if (pa.mPref.getParseError() == null) {
- editPreferredActivitiesLPw(userId).addFilter(pa);
+ final PreferredIntentResolver resolver = editPreferredActivitiesLPw(userId);
+ ArrayList<PreferredActivity> pal = resolver.findFilters(pa);
+ if (pal == null || pal.size() == 0) {
+ resolver.addFilter(pa);
+ }
} else {
PackageManagerService.reportSettingsProblem(Log.WARN,
"Error in package manager settings: <preferred-activity> "
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
index 9863057..ed70fa6 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/BaseLockSettingsServiceTests.java
@@ -16,10 +16,12 @@
package com.android.server.locksettings;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyBoolean;
-import static org.mockito.Matchers.anyInt;
-import static org.mockito.Matchers.eq;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -47,7 +49,9 @@
import android.os.storage.IStorageManager;
import android.os.storage.StorageManager;
import android.security.KeyStore;
-import android.test.AndroidTestCase;
+
+import androidx.test.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
import com.android.internal.widget.ILockSettings;
import com.android.internal.widget.LockPatternUtils;
@@ -57,6 +61,9 @@
import com.android.server.locksettings.recoverablekeystore.RecoverableKeyStoreManager;
import com.android.server.wm.WindowManagerInternal;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.runner.RunWith;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
@@ -64,8 +71,8 @@
import java.util.ArrayList;
import java.util.Arrays;
-
-public abstract class BaseLockSettingsServiceTests extends AndroidTestCase {
+@RunWith(AndroidJUnit4.class)
+public abstract class BaseLockSettingsServiceTests {
protected static final int PRIMARY_USER_ID = 0;
protected static final int MANAGED_PROFILE_USER_ID = 12;
protected static final int TURNED_OFF_PROFILE_USER_ID = 17;
@@ -107,10 +114,8 @@
protected boolean mHasSecureLockScreen;
FakeSettings mSettings;
- @Override
- protected void setUp() throws Exception {
- super.setUp();
-
+ @Before
+ public void setUp_baseServices() throws Exception {
mGateKeeperService = new FakeGateKeeperService();
mNotificationManager = mock(NotificationManager.class);
mUserManager = mock(UserManager.class);
@@ -135,11 +140,12 @@
LocalServices.addService(DevicePolicyManagerInternal.class, mDevicePolicyManagerInternal);
LocalServices.addService(WindowManagerInternal.class, mMockWindowManager);
- mContext = new MockLockSettingsContext(getContext(), mUserManager, mNotificationManager,
- mDevicePolicyManager, mock(StorageManager.class), mock(TrustManager.class),
- mock(KeyguardManager.class), mFingerprintManager, mFaceManager, mPackageManager);
+ mContext = new MockLockSettingsContext(InstrumentationRegistry.getContext(), mUserManager,
+ mNotificationManager, mDevicePolicyManager, mock(StorageManager.class),
+ mock(TrustManager.class), mock(KeyguardManager.class), mFingerprintManager,
+ mFaceManager, mPackageManager);
mStorage = new LockSettingsStorageTestable(mContext,
- new File(getContext().getFilesDir(), "locksettings"));
+ new File(InstrumentationRegistry.getContext().getFilesDir(), "locksettings"));
File storageDir = mStorage.mStorageDir;
if (storageDir.exists()) {
FileUtils.deleteContents(storageDir);
@@ -283,11 +289,10 @@
}).when(mFaceManager).remove(any(), eq(userId), any());
}
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
+ @After
+ public void tearDown_baseServices() throws Exception {
mStorage.closeDatabase();
- File db = getContext().getDatabasePath("locksettings.db");
+ File db = InstrumentationRegistry.getContext().getDatabasePath("locksettings.db");
assertTrue(!db.exists() || db.delete());
File storageDir = mStorage.mStorageDir;
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/CachedSyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/CachedSyntheticPasswordTests.java
index 5c54883..d1c2fd0 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/CachedSyntheticPasswordTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/CachedSyntheticPasswordTests.java
@@ -17,6 +17,7 @@
import static com.android.server.testutils.TestUtils.assertExpectException;
+import static org.junit.Assert.assertEquals;
import static org.mockito.Mockito.anyInt;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.verify;
@@ -26,10 +27,14 @@
import android.platform.test.annotations.Presubmit;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
import com.android.internal.widget.LockscreenCredential;
import com.android.internal.widget.VerifyCredentialResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import java.util.ArrayList;
@@ -42,11 +47,11 @@
*/
@SmallTest
@Presubmit
+@RunWith(AndroidJUnit4.class)
public class CachedSyntheticPasswordTests extends SyntheticPasswordTests {
- @Override
- protected void setUp() throws Exception {
- super.setUp();
+ @Before
+ public void enableSpCache() throws Exception {
enableSpCaching(true);
}
@@ -55,6 +60,7 @@
.canUserHaveUntrustedCredentialReset(anyInt())).thenReturn(enable);
}
+ @Test
public void testSyntheticPasswordClearCredentialUntrusted() throws RemoteException {
final LockscreenCredential password = newPassword("password");
final LockscreenCredential newPassword = newPassword("newpassword");
@@ -74,6 +80,7 @@
assertNotEquals(sid, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));
}
+ @Test
public void testSyntheticPasswordChangeCredentialUntrusted() throws RemoteException {
final LockscreenCredential password = newPassword("password");
final LockscreenCredential newPassword = newPassword("newpassword");
@@ -91,6 +98,7 @@
newPassword, 0, PRIMARY_USER_ID).getResponseCode());
}
+ @Test
public void testUntrustedCredentialChangeMaintainsAuthSecret() throws RemoteException {
final LockscreenCredential password = newPassword("password");
final LockscreenCredential newPassword = newPassword("newpassword");
@@ -111,6 +119,7 @@
assertEquals(1, secret.getAllValues().stream().distinct().count());
}
+ @Test
public void testUntrustedCredentialChangeBlockedIfSpNotCached() throws RemoteException {
final LockscreenCredential password = newPassword("password");
final LockscreenCredential newPassword = newPassword("newpassword");
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
index 86ef31a..8c8edfa 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
@@ -21,6 +21,12 @@
import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN;
import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PIN;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.eq;
@@ -33,6 +39,7 @@
import android.service.gatekeeper.GateKeeperResponse;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
import com.android.internal.widget.LockPatternUtils;
import com.android.internal.widget.LockscreenCredential;
@@ -40,47 +47,47 @@
import com.android.server.locksettings.FakeGateKeeperService.VerifyHandle;
import com.android.server.locksettings.LockSettingsStorage.CredentialHash;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
/**
- * runtest frameworks-services -c com.android.server.locksettings.LockSettingsServiceTests
+ * atest FrameworksServicesTests:LockSettingsServiceTests
*/
@SmallTest
@Presubmit
+@RunWith(AndroidJUnit4.class)
public class LockSettingsServiceTests extends BaseLockSettingsServiceTests {
-
- @Override
- protected void setUp() throws Exception {
- super.setUp();
- }
-
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
+ @Test
public void testCreatePasswordPrimaryUser() throws RemoteException {
testCreateCredential(PRIMARY_USER_ID, newPassword("password"));
}
+ @Test
public void testCreatePasswordFailsWithoutLockScreen() throws RemoteException {
testCreateCredentialFailsWithoutLockScreen(PRIMARY_USER_ID, newPassword("password"));
}
+ @Test
public void testCreatePatternPrimaryUser() throws RemoteException {
testCreateCredential(PRIMARY_USER_ID, newPattern("123456789"));
}
+ @Test
public void testCreatePatternFailsWithoutLockScreen() throws RemoteException {
testCreateCredentialFailsWithoutLockScreen(PRIMARY_USER_ID, newPattern("123456789"));
}
+ @Test
public void testChangePasswordPrimaryUser() throws RemoteException {
testChangeCredentials(PRIMARY_USER_ID, newPattern("78963214"), newPassword("asdfghjk"));
}
+ @Test
public void testChangePatternPrimaryUser() throws RemoteException {
testChangeCredentials(PRIMARY_USER_ID, newPassword("!£$%^&*(())"), newPattern("1596321"));
}
+ @Test
public void testChangePasswordFailPrimaryUser() throws RemoteException {
final long sid = 1234;
initializeStorageWithCredential(PRIMARY_USER_ID, newPassword("password"), sid);
@@ -90,6 +97,7 @@
assertVerifyCredentials(PRIMARY_USER_ID, newPassword("password"), sid);
}
+ @Test
public void testClearPasswordPrimaryUser() throws RemoteException {
initializeStorageWithCredential(PRIMARY_USER_ID, newPassword("password"), 1234);
assertTrue(mService.setLockCredential(nonePassword(), newPassword("password"),
@@ -98,6 +106,7 @@
assertEquals(0, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));
}
+ @Test
public void testManagedProfileUnifiedChallenge() throws RemoteException {
final LockscreenCredential firstUnifiedPassword = newPassword("pwd-1");
final LockscreenCredential secondUnifiedPassword = newPassword("pwd-2");
@@ -151,6 +160,7 @@
assertEquals(0, mGateKeeperService.getSecureUserId(TURNED_OFF_PROFILE_USER_ID));
}
+ @Test
public void testManagedProfileSeparateChallenge() throws RemoteException {
final LockscreenCredential primaryPassword = newPassword("primary");
final LockscreenCredential profilePassword = newPassword("profile");
@@ -199,6 +209,7 @@
assertEquals(profileSid, mGateKeeperService.getSecureUserId(MANAGED_PROFILE_USER_ID));
}
+ @Test
public void testSetLockCredential_forPrimaryUser_sendsCredentials() throws Exception {
assertTrue(mService.setLockCredential(
newPassword("password"),
@@ -211,6 +222,7 @@
PRIMARY_USER_ID);
}
+ @Test
public void testSetLockCredential_forProfileWithSeparateChallenge_sendsCredentials()
throws Exception {
assertTrue(mService.setLockCredential(
@@ -224,6 +236,7 @@
MANAGED_PROFILE_USER_ID);
}
+ @Test
public void testSetLockCredential_forProfileWithSeparateChallenge_updatesCredentials()
throws Exception {
initializeStorageWithCredential(
@@ -242,6 +255,7 @@
MANAGED_PROFILE_USER_ID);
}
+ @Test
public void testSetLockCredential_forProfileWithUnifiedChallenge_doesNotSendRandomCredential()
throws Exception {
mService.setSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID, false, null);
@@ -257,6 +271,7 @@
eq(CREDENTIAL_TYPE_PASSWORD), any(), eq(MANAGED_PROFILE_USER_ID));
}
+ @Test
public void
testSetLockCredential_forPrimaryUserWithUnifiedChallengeProfile_updatesBothCredentials()
throws Exception {
@@ -280,6 +295,7 @@
MANAGED_PROFILE_USER_ID);
}
+ @Test
public void
testSetLockCredential_forPrimaryUserWithUnifiedChallengeProfile_removesBothCredentials()
throws Exception {
@@ -298,6 +314,7 @@
.lockScreenSecretChanged(CREDENTIAL_TYPE_NONE, null, MANAGED_PROFILE_USER_ID);
}
+ @Test
public void testSetLockCredential_nullCredential_removeBiometrics() throws RemoteException {
initializeStorageWithCredential(
PRIMARY_USER_ID,
@@ -315,6 +332,7 @@
verify(mFaceManager).remove(any(), eq(MANAGED_PROFILE_USER_ID), any());
}
+ @Test
public void testSetLockCredential_forUnifiedToSeparateChallengeProfile_sendsNewCredentials()
throws Exception {
final LockscreenCredential parentPassword = newPassword("parentPassword");
@@ -333,6 +351,7 @@
MANAGED_PROFILE_USER_ID);
}
+ @Test
public void
testSetLockCredential_forSeparateToUnifiedChallengeProfile_doesNotSendRandomCredential()
throws Exception {
@@ -351,6 +370,7 @@
.lockScreenSecretChanged(anyInt(), any(), eq(MANAGED_PROFILE_USER_ID));
}
+ @Test
public void testVerifyCredential_forPrimaryUser_sendsCredentials() throws Exception {
final LockscreenCredential password = newPassword("password");
initializeStorageWithCredential(PRIMARY_USER_ID, password, 1234);
@@ -363,6 +383,7 @@
CREDENTIAL_TYPE_PASSWORD, password.getCredential(), PRIMARY_USER_ID);
}
+ @Test
public void testVerifyCredential_forProfileWithSeparateChallenge_sendsCredentials()
throws Exception {
final LockscreenCredential pattern = newPattern("12345");
@@ -380,8 +401,8 @@
CREDENTIAL_TYPE_PATTERN, pattern.getCredential(), MANAGED_PROFILE_USER_ID);
}
- public void
- testVerifyCredential_forPrimaryUserWithUnifiedChallengeProfile_sendsCredentialsForBoth()
+ @Test
+ public void verifyCredential_forPrimaryUserWithUnifiedChallengeProfile_sendsCredentialsForBoth()
throws Exception {
final LockscreenCredential pattern = newPattern("12345");
initializeStorageWithCredential(PRIMARY_USER_ID, pattern, 1234);
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsShellCommandTest.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsShellCommandTest.java
index 8c2d172..2205694 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsShellCommandTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsShellCommandTest.java
@@ -24,7 +24,7 @@
import static junit.framework.Assert.assertEquals;
-import static org.mockito.Matchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsStorageTests.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsStorageTests.java
index 7a18431..5f38a35 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsStorageTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsStorageTests.java
@@ -16,7 +16,13 @@
package com.android.server.locksettings;
-import static org.mockito.Matchers.eq;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -34,18 +40,24 @@
import android.os.UserManager;
import android.os.storage.StorageManager;
import android.platform.test.annotations.Presubmit;
-import android.test.AndroidTestCase;
import android.util.Log;
import android.util.Log.TerribleFailure;
import android.util.Log.TerribleFailureHandler;
+import androidx.test.InstrumentationRegistry;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.PersistentDataBlockManagerInternal;
import com.android.server.locksettings.LockSettingsStorage.CredentialHash;
import com.android.server.locksettings.LockSettingsStorage.PersistentData;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
@@ -53,11 +65,12 @@
import java.util.concurrent.CountDownLatch;
/**
- * runtest frameworks-services -c com.android.server.locksettings.LockSettingsStorageTests
+ * atest FrameworksServicesTests:LockSettingsStorageTests
*/
@SmallTest
@Presubmit
-public class LockSettingsStorageTests extends AndroidTestCase {
+@RunWith(AndroidJUnit4.class)
+public class LockSettingsStorageTests {
private static final int SOME_USER_ID = 1034;
private final byte[] PASSWORD_0 = "thepassword0".getBytes();
private final byte[] PASSWORD_1 = "password1".getBytes();
@@ -71,11 +84,10 @@
private File mDb;
- @Override
- protected void setUp() throws Exception {
- super.setUp();
- mStorageDir = new File(getContext().getFilesDir(), "locksettings");
- mDb = getContext().getDatabasePath("locksettings.db");
+ @Before
+ public void setUp() throws Exception {
+ mStorageDir = new File(InstrumentationRegistry.getContext().getFilesDir(), "locksettings");
+ mDb = InstrumentationRegistry.getContext().getDatabasePath("locksettings.db");
assertTrue(mStorageDir.exists() || mStorageDir.mkdirs());
assertTrue(FileUtils.deleteContents(mStorageDir));
@@ -87,13 +99,14 @@
// User 3 is a profile of user 0.
when(mockUserManager.getProfileParent(eq(3))).thenReturn(new UserInfo(0, "name", 0));
- MockLockSettingsContext context = new MockLockSettingsContext(getContext(), mockUserManager,
+ MockLockSettingsContext context = new MockLockSettingsContext(
+ InstrumentationRegistry.getContext(), mockUserManager,
mock(NotificationManager.class), mock(DevicePolicyManager.class),
mock(StorageManager.class), mock(TrustManager.class), mock(KeyguardManager.class),
mock(FingerprintManager.class), mock(FaceManager.class),
mock(PackageManager.class));
mStorage = new LockSettingsStorageTestable(context,
- new File(getContext().getFilesDir(), "locksettings"));
+ new File(InstrumentationRegistry.getContext().getFilesDir(), "locksettings"));
mStorage.setDatabaseOnCreateCallback(new LockSettingsStorage.Callback() {
@Override
public void initialize(SQLiteDatabase db) {
@@ -102,18 +115,19 @@
});
}
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
+ @After
+ public void tearDown() throws Exception {
mStorage.closeDatabase();
}
+ @Test
public void testKeyValue_InitializeWorked() {
assertEquals("initialValue", mStorage.readKeyValue("initializedKey", "default", 0));
mStorage.clearCache();
assertEquals("initialValue", mStorage.readKeyValue("initializedKey", "default", 0));
}
+ @Test
public void testKeyValue_WriteThenRead() {
mStorage.writeKeyValue("key", "value", 0);
assertEquals("value", mStorage.readKeyValue("key", "default", 0));
@@ -121,11 +135,13 @@
assertEquals("value", mStorage.readKeyValue("key", "default", 0));
}
+ @Test
public void testKeyValue_DefaultValue() {
assertEquals("default", mStorage.readKeyValue("unititialized key", "default", 0));
assertEquals("default2", mStorage.readKeyValue("unititialized key", "default2", 0));
}
+ @Test
public void testKeyValue_Concurrency() {
final CountDownLatch latch = new CountDownLatch(1);
List<Thread> threads = new ArrayList<>();
@@ -161,6 +177,7 @@
assertEquals('5', mStorage.readKeyValue("key", "default", 0).charAt(0));
}
+ @Test
public void testKeyValue_CacheStarvedWriter() {
final CountDownLatch latch = new CountDownLatch(1);
List<Thread> threads = new ArrayList<>();
@@ -196,6 +213,7 @@
assertEquals("Cached value didn't match stored value", storage, cached);
}
+ @Test
public void testRemoveUser() {
mStorage.writeKeyValue("key", "value", 0);
writePasswordBytes(PASSWORD_0, 0);
@@ -213,10 +231,12 @@
assertPatternBytes(PATTERN_1, 1);
}
+ @Test
public void testCredential_Default() {
assertEquals(mStorage.readCredentialHash(0).type, LockPatternUtils.CREDENTIAL_TYPE_NONE);
}
+ @Test
public void testPassword_Write() {
writePasswordBytes(PASSWORD_0, 0);
@@ -225,6 +245,7 @@
assertPasswordBytes(PASSWORD_0, 0);
}
+ @Test
public void testPassword_WriteProfileWritesParent() {
writePasswordBytes(PASSWORD_0, 1);
writePasswordBytes(PASSWORD_1, 2);
@@ -236,6 +257,7 @@
assertPasswordBytes(PASSWORD_1, 2);
}
+ @Test
public void testLockType_WriteProfileWritesParent() {
writePasswordBytes(PASSWORD_0, 10);
writePatternBytes(PATTERN_0, 20);
@@ -251,6 +273,7 @@
mStorage.readCredentialHash(20).type);
}
+ @Test
public void testPassword_WriteParentWritesProfile() {
writePasswordBytes(PASSWORD_0, 2);
writePasswordBytes(PASSWORD_1, 1);
@@ -262,6 +285,7 @@
assertPasswordBytes(PASSWORD_0, 2);
}
+ @Test
public void testProfileLock_ReadWriteChildProfileLock() {
assertFalse(mStorage.hasChildProfileLock(20));
mStorage.writeChildProfileLock(20, PASSWORD_0);
@@ -272,6 +296,7 @@
assertTrue(mStorage.hasChildProfileLock(20));
}
+ @Test
public void testPattern_Write() {
writePatternBytes(PATTERN_0, 0);
@@ -280,6 +305,7 @@
assertPatternBytes(PATTERN_0, 0);
}
+ @Test
public void testPattern_WriteProfileWritesParent() {
writePatternBytes(PATTERN_0, 1);
writePatternBytes(PATTERN_1, 2);
@@ -291,6 +317,7 @@
assertPatternBytes(PATTERN_1, 2);
}
+ @Test
public void testPattern_WriteParentWritesProfile() {
writePatternBytes(PATTERN_1, 2);
writePatternBytes(PATTERN_0, 1);
@@ -302,6 +329,7 @@
assertPatternBytes(PATTERN_1, 2);
}
+ @Test
public void testPrefetch() {
mStorage.writeKeyValue("key", "toBeFetched", 0);
writePatternBytes(PATTERN_0, 0);
@@ -313,34 +341,39 @@
assertPatternBytes(PATTERN_0, 0);
}
+ @Test
public void testFileLocation_Owner() {
- LockSettingsStorage storage = new LockSettingsStorage(getContext());
+ LockSettingsStorage storage = new LockSettingsStorage(InstrumentationRegistry.getContext());
assertEquals("/data/system/gatekeeper.pattern.key", storage.getLockPatternFilename(0));
assertEquals("/data/system/gatekeeper.password.key", storage.getLockPasswordFilename(0));
}
+ @Test
public void testFileLocation_SecondaryUser() {
- LockSettingsStorage storage = new LockSettingsStorage(getContext());
+ LockSettingsStorage storage = new LockSettingsStorage(InstrumentationRegistry.getContext());
assertEquals("/data/system/users/1/gatekeeper.pattern.key", storage.getLockPatternFilename(1));
assertEquals("/data/system/users/1/gatekeeper.password.key", storage.getLockPasswordFilename(1));
}
+ @Test
public void testFileLocation_ProfileToSecondary() {
- LockSettingsStorage storage = new LockSettingsStorage(getContext());
+ LockSettingsStorage storage = new LockSettingsStorage(InstrumentationRegistry.getContext());
assertEquals("/data/system/users/2/gatekeeper.pattern.key", storage.getLockPatternFilename(2));
assertEquals("/data/system/users/2/gatekeeper.password.key", storage.getLockPasswordFilename(2));
}
+ @Test
public void testFileLocation_ProfileToOwner() {
- LockSettingsStorage storage = new LockSettingsStorage(getContext());
+ LockSettingsStorage storage = new LockSettingsStorage(InstrumentationRegistry.getContext());
assertEquals("/data/system/users/3/gatekeeper.pattern.key", storage.getLockPatternFilename(3));
assertEquals("/data/system/users/3/gatekeeper.password.key", storage.getLockPasswordFilename(3));
}
+ @Test
public void testSyntheticPasswordState() {
final byte[] data = {1,2,3,4};
mStorage.writeSyntheticPasswordState(10, 1234L, "state", data);
@@ -351,18 +384,21 @@
assertEquals(null, mStorage.readSyntheticPasswordState(10, 1234L, "state"));
}
+ @Test
public void testPersistentDataBlock_unavailable() {
mStorage.mPersistentDataBlockManager = null;
assertSame(PersistentData.NONE, mStorage.readPersistentDataBlock());
}
+ @Test
public void testPersistentDataBlock_empty() {
mStorage.mPersistentDataBlockManager = mock(PersistentDataBlockManagerInternal.class);
assertSame(PersistentData.NONE, mStorage.readPersistentDataBlock());
}
+ @Test
public void testPersistentDataBlock_withData() {
mStorage.mPersistentDataBlockManager = mock(PersistentDataBlockManagerInternal.class);
when(mStorage.mPersistentDataBlockManager.getFrpCredentialHandle())
@@ -377,6 +413,7 @@
assertArrayEquals(PAYLOAD, data.payload);
}
+ @Test
public void testPersistentDataBlock_exception() {
mStorage.mPersistentDataBlockManager = mock(PersistentDataBlockManagerInternal.class);
when(mStorage.mPersistentDataBlockManager.getFrpCredentialHandle())
@@ -384,6 +421,7 @@
assertSame(PersistentData.NONE, mStorage.readPersistentDataBlock());
}
+ @Test
public void testPersistentData_serializeUnserialize() {
byte[] serialized = PersistentData.toBytes(PersistentData.TYPE_SP, SOME_USER_ID,
DevicePolicyManager.PASSWORD_QUALITY_COMPLEX, PAYLOAD);
@@ -394,16 +432,19 @@
assertArrayEquals(PAYLOAD, deserialized.payload);
}
+ @Test
public void testPersistentData_unserializeNull() {
PersistentData deserialized = PersistentData.fromBytes(null);
assertSame(PersistentData.NONE, deserialized);
}
+ @Test
public void testPersistentData_unserializeEmptyArray() {
PersistentData deserialized = PersistentData.fromBytes(new byte[0]);
assertSame(PersistentData.NONE, deserialized);
}
+ @Test
public void testPersistentData_unserializeInvalid() {
assertNotNull(suppressAndReturnWtf(() -> {
PersistentData deserialized = PersistentData.fromBytes(new byte[]{5});
@@ -411,6 +452,7 @@
}));
}
+ @Test
public void testPersistentData_unserialize_version1() {
// This test ensures that we can read serialized VERSION_1 PersistentData even if we change
// the wire format in the future.
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockscreenFrpTest.java b/services/tests/servicestests/src/com/android/server/locksettings/LockscreenFrpTest.java
index df719b6d..27af9e2 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockscreenFrpTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockscreenFrpTest.java
@@ -22,22 +22,31 @@
import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PIN;
import static com.android.internal.widget.LockPatternUtils.USER_FRP;
+import static org.junit.Assert.assertEquals;
+
import android.app.admin.DevicePolicyManager;
+import androidx.test.runner.AndroidJUnit4;
+
import com.android.internal.widget.VerifyCredentialResponse;
import com.android.server.locksettings.LockSettingsStorage.PersistentData;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
/** Test setting a lockscreen credential and then verify it under USER_FRP */
+@RunWith(AndroidJUnit4.class)
public class LockscreenFrpTest extends BaseLockSettingsServiceTests {
- @Override
- public void setUp() throws Exception {
- super.setUp();
+ @Before
+ public void setDeviceNotProvisioned() throws Exception {
// FRP credential can only be verified prior to provisioning
mSettings.setDeviceProvisioned(false);
}
+ @Test
public void testFrpCredential_setPin() {
mService.setLockCredential(newPin("1234"), nonePassword(), PRIMARY_USER_ID, false);
@@ -46,6 +55,7 @@
mService.verifyCredential(newPin("1234"), 0, USER_FRP).getResponseCode());
}
+ @Test
public void testFrpCredential_setPattern() {
mService.setLockCredential(newPattern("4321"), nonePassword(), PRIMARY_USER_ID, false);
@@ -54,6 +64,7 @@
mService.verifyCredential(newPattern("4321"), 0, USER_FRP).getResponseCode());
}
+ @Test
public void testFrpCredential_setPassword() {
mService.setLockCredential(newPassword("4321"), nonePassword(), PRIMARY_USER_ID, false);
@@ -62,6 +73,7 @@
mService.verifyCredential(newPassword("4321"), 0, USER_FRP).getResponseCode());
}
+ @Test
public void testFrpCredential_changeCredential() {
mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID, false);
mService.setLockCredential(newPattern("5678"), newPassword("1234"), PRIMARY_USER_ID, false);
@@ -71,6 +83,7 @@
mService.verifyCredential(newPattern("5678"), 0, USER_FRP).getResponseCode());
}
+ @Test
public void testFrpCredential_removeCredential() {
mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID, false);
assertEquals(CREDENTIAL_TYPE_PASSWORD, mService.getCredentialType(USER_FRP));
@@ -79,6 +92,7 @@
assertEquals(CREDENTIAL_TYPE_NONE, mService.getCredentialType(USER_FRP));
}
+ @Test
public void testFrpCredential_cannotVerifyAfterProvsioning() {
mService.setLockCredential(newPin("1234"), nonePassword(), PRIMARY_USER_ID, false);
@@ -87,6 +101,7 @@
mService.verifyCredential(newPin("1234"), 0, USER_FRP).getResponseCode());
}
+ @Test
public void testFrpCredential_legacyPinTypePersistentData() {
mService.setLockCredential(newPin("1234"), nonePassword(), PRIMARY_USER_ID, false);
PersistentData data = mStorage.readPersistentDataBlock();
@@ -102,6 +117,7 @@
}
+ @Test
public void testFrpCredential_legacyPasswordTypePersistentData() {
mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID, false);
PersistentData data = mStorage.readPersistentDataBlock();
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/PasswordSlotManagerTests.java b/services/tests/servicestests/src/com/android/server/locksettings/PasswordSlotManagerTests.java
index 31526b5..0f24fb2 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/PasswordSlotManagerTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/PasswordSlotManagerTests.java
@@ -20,6 +20,12 @@
import android.test.AndroidTestCase;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -30,24 +36,22 @@
@SmallTest
@Presubmit
+@RunWith(AndroidJUnit4.class)
public class PasswordSlotManagerTests extends AndroidTestCase {
PasswordSlotManagerTestable mManager;
- @Override
- protected void setUp() throws Exception {
- super.setUp();
-
+ @Before
+ public void setUp() throws Exception {
mManager = new PasswordSlotManagerTestable();
}
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
-
+ @After
+ public void tearDown() throws Exception {
mManager.cleanup();
}
+ @Test
public void testBasicSlotUse() throws Exception {
mManager.markSlotInUse(0);
mManager.markSlotInUse(1);
@@ -64,6 +68,7 @@
assertEquals(expected, mManager.getUsedSlots());
}
+ @Test
public void testMergeSlots() throws Exception {
// Add some slots from a different OS image.
mManager.setGsiImageNumber(1);
@@ -90,6 +95,7 @@
assertEquals(expected, mManager.getUsedSlots());
}
+ @Test
public void testSerialization() throws Exception {
mManager.markSlotInUse(0);
mManager.markSlotInUse(1);
@@ -109,6 +115,7 @@
assertEquals(expected, map);
}
+ @Test
public void testSaving() throws Exception {
mManager.markSlotInUse(0);
mManager.markSlotInUse(1);
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SP800DeriveTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SP800DeriveTests.java
index 29d0fc1..89b7ec8 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/SP800DeriveTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/SP800DeriveTests.java
@@ -16,16 +16,23 @@
package com.android.server.locksettings;
+import static org.junit.Assert.assertEquals;
+
import android.platform.test.annotations.Presubmit;
-import android.test.AndroidTestCase;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
import com.android.internal.util.HexDump;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
@SmallTest
@Presubmit
-public class SP800DeriveTests extends AndroidTestCase {
+@RunWith(AndroidJUnit4.class)
+public class SP800DeriveTests {
+ @Test
public void testFixedInput() throws Exception {
// CAVP: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/key-derivation
byte[] keyBytes = HexDump.hexStringToByteArray(
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
index 89a279c..4985848 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java
@@ -22,6 +22,12 @@
import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;
import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.never;
@@ -35,6 +41,7 @@
import android.platform.test.annotations.Presubmit;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
import com.android.internal.widget.LockscreenCredential;
import com.android.internal.widget.VerifyCredentialResponse;
@@ -42,31 +49,25 @@
import com.android.server.locksettings.SyntheticPasswordManager.AuthenticationToken;
import com.android.server.locksettings.SyntheticPasswordManager.PasswordData;
+import org.junit.Test;
+import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import java.util.ArrayList;
/**
- * runtest frameworks-services -c com.android.server.locksettings.SyntheticPasswordTests
+ * atest FrameworksServicesTests:SyntheticPasswordTests
*/
@SmallTest
@Presubmit
+@RunWith(AndroidJUnit4.class)
public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
public static final byte[] PAYLOAD = new byte[] {1, 2, -1, -2, 55};
public static final byte[] PAYLOAD2 = new byte[] {2, 3, -2, -3, 44, 1};
- @Override
- protected void setUp() throws Exception {
- super.setUp();
- }
-
- @Override
- protected void tearDown() throws Exception {
- super.tearDown();
- }
-
+ @Test
public void testPasswordBasedSyntheticPassword() throws RemoteException {
final int USER_ID = 10;
final LockscreenCredential password = newPassword("user-password");
@@ -100,6 +101,7 @@
return mService.getLong(SYNTHETIC_PASSWORD_HANDLE_KEY, 0, userId) != 0;
}
+ @Test
public void testPasswordMigration() throws RemoteException {
final LockscreenCredential password = newPassword("testPasswordMigration-password");
@@ -131,6 +133,7 @@
assertTrue(mService.isSyntheticPasswordBasedCredential(userId));
}
+ @Test
public void testSyntheticPasswordChangeCredential() throws RemoteException {
final LockscreenCredential password = newPassword("password");
final LockscreenCredential newPassword = newPassword("newpassword");
@@ -144,6 +147,7 @@
assertEquals(sid, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));
}
+ @Test
public void testSyntheticPasswordVerifyCredential() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential badPassword = newPassword("badpassword");
@@ -158,6 +162,7 @@
.getResponseCode());
}
+ @Test
public void testSyntheticPasswordClearCredential() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential badPassword = newPassword("newpassword");
@@ -177,6 +182,7 @@
assertNotEquals(sid, mGateKeeperService.getSecureUserId(PRIMARY_USER_ID));
}
+ @Test
public void testSyntheticPasswordChangeCredentialKeepsAuthSecret() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential badPassword = newPassword("new");
@@ -193,6 +199,7 @@
assertEquals(1, secret.getAllValues().stream().distinct().count());
}
+ @Test
public void testSyntheticPasswordVerifyPassesPrimaryUserAuthSecret() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential newPassword = newPassword("new");
@@ -205,6 +212,7 @@
verify(mAuthSecretService).primaryUserCredential(any(ArrayList.class));
}
+ @Test
public void testSecondaryUserDoesNotPassAuthSecret() throws RemoteException {
LockscreenCredential password = newPassword("password");
@@ -215,12 +223,14 @@
verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
}
+ @Test
public void testNoSyntheticPasswordOrCredentialDoesNotPassAuthSecret() throws RemoteException {
mService.onUnlockUser(PRIMARY_USER_ID);
flushHandlerTasks();
verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
}
+ @Test
public void testSyntheticPasswordAndCredentialDoesNotPassAuthSecret() throws RemoteException {
LockscreenCredential password = newPassword("passwordForASyntheticPassword");
initializeCredentialUnderSP(password, PRIMARY_USER_ID);
@@ -231,6 +241,7 @@
verify(mAuthSecretService, never()).primaryUserCredential(any(ArrayList.class));
}
+ @Test
public void testSyntheticPasswordButNoCredentialPassesAuthSecret() throws RemoteException {
LockscreenCredential password = newPassword("getASyntheticPassword");
initializeCredentialUnderSP(password, PRIMARY_USER_ID);
@@ -242,6 +253,7 @@
verify(mAuthSecretService).primaryUserCredential(any(ArrayList.class));
}
+ @Test
public void testManagedProfileUnifiedChallengeMigration() throws RemoteException {
LockscreenCredential UnifiedPassword = newPassword("unified-pwd");
disableSyntheticPassword();
@@ -275,6 +287,7 @@
assertTrue(hasSyntheticPassword(MANAGED_PROFILE_USER_ID));
}
+ @Test
public void testManagedProfileSeparateChallengeMigration() throws RemoteException {
LockscreenCredential primaryPassword = newPassword("primary");
LockscreenCredential profilePassword = newPassword("profile");
@@ -316,6 +329,7 @@
assertTrue(hasSyntheticPassword(MANAGED_PROFILE_USER_ID));
}
+ @Test
public void testTokenBasedResetPassword() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential pattern = newPattern("123654");
@@ -350,6 +364,7 @@
assertArrayEquals(storageKey, mStorageManager.getUserUnlockToken(PRIMARY_USER_ID));
}
+ @Test
public void testTokenBasedClearPassword() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential pattern = newPattern("123654");
@@ -374,6 +389,7 @@
assertArrayEquals(storageKey, mStorageManager.getUserUnlockToken(PRIMARY_USER_ID));
}
+ @Test
public void testTokenBasedResetPasswordAfterCredentialChanges() throws RemoteException {
LockscreenCredential password = newPassword("password");
LockscreenCredential pattern = newPattern("123654");
@@ -398,6 +414,7 @@
assertArrayEquals(storageKey, mStorageManager.getUserUnlockToken(PRIMARY_USER_ID));
}
+ @Test
public void testEscrowTokenActivatedImmediatelyIfNoUserPasswordNeedsMigration()
throws RemoteException {
final byte[] token = "some-high-entropy-secure-token".getBytes();
@@ -408,6 +425,7 @@
assertTrue(hasSyntheticPassword(PRIMARY_USER_ID));
}
+ @Test
public void testEscrowTokenActivatedImmediatelyIfNoUserPasswordNoMigration()
throws RemoteException {
final byte[] token = "some-high-entropy-secure-token".getBytes();
@@ -424,6 +442,7 @@
assertTrue(hasSyntheticPassword(PRIMARY_USER_ID));
}
+ @Test
public void testEscrowTokenActivatedLaterWithUserPasswordNeedsMigration()
throws RemoteException {
byte[] token = "some-high-entropy-secure-token".getBytes();
@@ -444,6 +463,7 @@
assertTrue(mLocalService.isEscrowTokenActive(handle, PRIMARY_USER_ID));
}
+ @Test
public void testEscrowTokenCannotBeActivatedOnUnmanagedUser() {
byte[] token = "some-high-entropy-secure-token".getBytes();
when(mUserManagerInternal.isDeviceManaged()).thenReturn(false);
@@ -456,6 +476,7 @@
} catch (SecurityException expected) { }
}
+ @Test
public void testSetLockCredentialWithTokenFailsWithoutLockScreen() throws Exception {
LockscreenCredential password = newPassword("password");
LockscreenCredential pattern = newPattern("123654");
@@ -483,6 +504,7 @@
assertEquals(CREDENTIAL_TYPE_NONE, mService.getCredentialType(PRIMARY_USER_ID));
}
+ @Test
public void testGetHashFactorPrimaryUser() throws RemoteException {
LockscreenCredential password = newPassword("password");
mService.setLockCredential(password, nonePassword(), PRIMARY_USER_ID, false);
@@ -496,6 +518,7 @@
assertArrayEquals(hashFactor, newHashFactor);
}
+ @Test
public void testGetHashFactorManagedProfileUnifiedChallenge() throws RemoteException {
LockscreenCredential pattern = newPattern("1236");
mService.setLockCredential(pattern, nonePassword(), PRIMARY_USER_ID, false);
@@ -503,6 +526,7 @@
assertNotNull(mService.getHashFactor(null, MANAGED_PROFILE_USER_ID));
}
+ @Test
public void testGetHashFactorManagedProfileSeparateChallenge() throws RemoteException {
LockscreenCredential primaryPassword = newPassword("primary");
LockscreenCredential profilePassword = newPassword("profile");
@@ -513,6 +537,7 @@
mService.getHashFactor(profilePassword, MANAGED_PROFILE_USER_ID));
}
+ @Test
public void testPasswordData_serializeDeserialize() {
PasswordData data = new PasswordData();
data.scryptN = 11;
@@ -532,6 +557,7 @@
assertArrayEquals(PAYLOAD2, deserialized.passwordHandle);
}
+ @Test
public void testPasswordData_deserialize() {
// Test that we can deserialize existing PasswordData and don't inadvertently change the
// wire format.
@@ -555,6 +581,7 @@
assertArrayEquals(PAYLOAD2, deserialized.passwordHandle);
}
+ @Test
public void testGsiDisablesAuthSecret() throws RemoteException {
mGsiService.setIsGsiRunning(true);
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/WeaverBasedSyntheticPasswordTests.java b/services/tests/servicestests/src/com/android/server/locksettings/WeaverBasedSyntheticPasswordTests.java
index abbf016..a3ac515 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/WeaverBasedSyntheticPasswordTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/WeaverBasedSyntheticPasswordTests.java
@@ -3,15 +3,18 @@
import android.platform.test.annotations.Presubmit;
import androidx.test.filters.SmallTest;
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Before;
+import org.junit.runner.RunWith;
@SmallTest
@Presubmit
+@RunWith(AndroidJUnit4.class)
public class WeaverBasedSyntheticPasswordTests extends SyntheticPasswordTests {
- @Override
- protected void setUp() throws Exception {
- super.setUp();
+ @Before
+ public void enableWeaver() throws Exception {
mSpManager.enableWeaver();
}
-
}
diff --git a/tests/FlickerTests/src/com/android/server/wm/flicker/ChangeAppRotationTest.java b/tests/FlickerTests/src/com/android/server/wm/flicker/ChangeAppRotationTest.java
index aa591d9..42cafd4 100644
--- a/tests/FlickerTests/src/com/android/server/wm/flicker/ChangeAppRotationTest.java
+++ b/tests/FlickerTests/src/com/android/server/wm/flicker/ChangeAppRotationTest.java
@@ -82,7 +82,8 @@
@Before
public void runTransition() {
super.runTransition(
- changeAppRotation(mTestApp, mUiDevice, mBeginRotation, mEndRotation).build());
+ changeAppRotation(mTestApp, mUiDevice, mBeginRotation, mEndRotation)
+ .includeJankyRuns().build());
}
@FlakyTest(bugId = 140855415)