1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17 package com.android.server.locksettings; 18 19 import static org.mockito.Mockito.mock; 20 21 import android.app.IActivityManager; 22 import android.app.admin.DeviceStateCache; 23 import android.content.Context; 24 import android.content.Intent; 25 import android.content.pm.UserInfo; 26 import android.hardware.authsecret.IAuthSecret; 27 import android.os.Handler; 28 import android.os.Parcel; 29 import android.os.Process; 30 import android.os.RemoteException; 31 import android.os.UserHandle; 32 import android.os.storage.IStorageManager; 33 import android.security.keystore.KeyPermanentlyInvalidatedException; 34 import android.service.gatekeeper.IGateKeeperService; 35 36 import com.android.internal.widget.LockscreenCredential; 37 import com.android.server.ServiceThread; 38 import com.android.server.locksettings.SyntheticPasswordManager.SyntheticPassword; 39 import com.android.server.locksettings.recoverablekeystore.RecoverableKeyStoreManager; 40 import com.android.server.pm.UserManagerInternal; 41 42 import java.io.FileNotFoundException; 43 import java.security.KeyStore; 44 45 public class LockSettingsServiceTestable extends LockSettingsService { 46 private Intent mSavedFrpNotificationIntent = null; 47 private UserHandle mSavedFrpNotificationUserHandle = null; 48 private String mSavedFrpNotificationPermission = null; 49 50 public static class MockInjector extends LockSettingsService.Injector { 51 52 private LockSettingsStorage mLockSettingsStorage; 53 private final LockSettingsStrongAuth mStrongAuth; 54 private IActivityManager mActivityManager; 55 private IStorageManager mStorageManager; 56 private SyntheticPasswordManager mSpManager; 57 private FakeGsiService mGsiService; 58 private RecoverableKeyStoreManager mRecoverableKeyStoreManager; 59 private UserManagerInternal mUserManagerInternal; 60 private DeviceStateCache mDeviceStateCache; 61 62 public boolean mIsHeadlessSystemUserMode = false; 63 public boolean mIsMainUserPermanentAdmin = false; 64 MockInjector(Context context, LockSettingsStorage storage, LockSettingsStrongAuth strongAuth, IActivityManager activityManager, IStorageManager storageManager, SyntheticPasswordManager spManager, FakeGsiService gsiService, RecoverableKeyStoreManager recoverableKeyStoreManager, UserManagerInternal userManagerInternal, DeviceStateCache deviceStateCache)65 public MockInjector(Context context, LockSettingsStorage storage, 66 LockSettingsStrongAuth strongAuth, 67 IActivityManager activityManager, IStorageManager storageManager, 68 SyntheticPasswordManager spManager, FakeGsiService gsiService, 69 RecoverableKeyStoreManager recoverableKeyStoreManager, 70 UserManagerInternal userManagerInternal, DeviceStateCache deviceStateCache) { 71 super(context); 72 mLockSettingsStorage = storage; 73 mStrongAuth = strongAuth; 74 mActivityManager = activityManager; 75 mStorageManager = storageManager; 76 mSpManager = spManager; 77 mGsiService = gsiService; 78 mRecoverableKeyStoreManager = recoverableKeyStoreManager; 79 mUserManagerInternal = userManagerInternal; 80 mDeviceStateCache = deviceStateCache; 81 } 82 83 @Override getHandler(ServiceThread handlerThread)84 public Handler getHandler(ServiceThread handlerThread) { 85 return new Handler(handlerThread.getLooper()); 86 } 87 88 @Override getStorage()89 public LockSettingsStorage getStorage() { 90 return mLockSettingsStorage; 91 } 92 93 @Override getStrongAuth()94 public LockSettingsStrongAuth getStrongAuth() { 95 return mStrongAuth; 96 } 97 98 @Override getStrongAuthTracker()99 public SynchronizedStrongAuthTracker getStrongAuthTracker() { 100 return mock(SynchronizedStrongAuthTracker.class); 101 } 102 103 @Override getActivityManager()104 public IActivityManager getActivityManager() { 105 return mActivityManager; 106 } 107 108 @Override getDeviceStateCache()109 public DeviceStateCache getDeviceStateCache() { 110 return mDeviceStateCache; 111 } 112 113 @Override getStorageManager()114 public IStorageManager getStorageManager() { 115 return mStorageManager; 116 } 117 118 @Override getSyntheticPasswordManager(LockSettingsStorage storage)119 public SyntheticPasswordManager getSyntheticPasswordManager(LockSettingsStorage storage) { 120 return mSpManager; 121 } 122 123 @Override getUserManagerInternal()124 public UserManagerInternal getUserManagerInternal() { 125 return mUserManagerInternal; 126 } 127 128 @Override binderGetCallingUid()129 public int binderGetCallingUid() { 130 return Process.SYSTEM_UID; 131 } 132 133 @Override isGsiRunning()134 public boolean isGsiRunning() { 135 return mGsiService.isGsiRunning(); 136 } 137 138 @Override getRecoverableKeyStoreManager()139 public RecoverableKeyStoreManager getRecoverableKeyStoreManager() { 140 return mRecoverableKeyStoreManager; 141 } 142 143 @Override getUnifiedProfilePasswordCache(KeyStore ks)144 public UnifiedProfilePasswordCache getUnifiedProfilePasswordCache(KeyStore ks) { 145 return mock(UnifiedProfilePasswordCache.class); 146 } 147 148 @Override isHeadlessSystemUserMode()149 public boolean isHeadlessSystemUserMode() { 150 return mIsHeadlessSystemUserMode; 151 } 152 153 @Override isMainUserPermanentAdmin()154 public boolean isMainUserPermanentAdmin() { 155 return mIsMainUserPermanentAdmin; 156 } 157 } 158 LockSettingsServiceTestable( LockSettingsService.Injector injector, IGateKeeperService gatekeeper, IAuthSecret authSecretService)159 protected LockSettingsServiceTestable( 160 LockSettingsService.Injector injector, 161 IGateKeeperService gatekeeper, 162 IAuthSecret authSecretService) { 163 super(injector); 164 mGateKeeperService = gatekeeper; 165 mAuthSecretService = authSecretService; 166 } 167 168 @Override tieProfileLockToParent(int profileUserId, int parentUserId, LockscreenCredential password)169 protected void tieProfileLockToParent(int profileUserId, int parentUserId, 170 LockscreenCredential password) { 171 Parcel parcel = Parcel.obtain(); 172 parcel.writeParcelable(password, 0); 173 mStorage.writeChildProfileLock(profileUserId, parcel.marshall()); 174 parcel.recycle(); 175 } 176 177 @Override getDecryptedPasswordForTiedProfile(int userId)178 protected LockscreenCredential getDecryptedPasswordForTiedProfile(int userId) 179 throws FileNotFoundException, KeyPermanentlyInvalidatedException { 180 byte[] storedData = mStorage.readChildProfileLock(userId); 181 if (storedData == null) { 182 throw new FileNotFoundException("Child profile lock file not found"); 183 } 184 try { 185 if (mGateKeeperService.getSecureUserId(userId) == 0) { 186 throw new KeyPermanentlyInvalidatedException(); 187 } 188 } catch (RemoteException e) { 189 // shouldn't happen. 190 } 191 Parcel parcel = Parcel.obtain(); 192 try { 193 parcel.unmarshall(storedData, 0, storedData.length); 194 parcel.setDataPosition(0); 195 return (LockscreenCredential) parcel.readParcelable(null); 196 } finally { 197 parcel.recycle(); 198 } 199 } 200 201 @Override initKeystoreSuperKeys(int userId, SyntheticPassword sp, boolean allowExisting)202 void initKeystoreSuperKeys(int userId, SyntheticPassword sp, boolean allowExisting) { 203 } 204 205 @Override isCredentialShareableWithParent(int userId)206 protected boolean isCredentialShareableWithParent(int userId) { 207 UserInfo userInfo = mUserManager.getUserInfo(userId); 208 return userInfo.isCloneProfile() || userInfo.isManagedProfile(); 209 } 210 clearAuthSecret()211 void clearAuthSecret() { 212 synchronized (mHeadlessAuthSecretLock) { 213 mAuthSecret = null; 214 } 215 } 216 217 @Override sendBroadcast(Intent intent, UserHandle userHandle, String permission)218 void sendBroadcast(Intent intent, UserHandle userHandle, String permission) { 219 mSavedFrpNotificationIntent = intent; 220 mSavedFrpNotificationUserHandle = userHandle; 221 mSavedFrpNotificationPermission = permission; 222 } 223 getSavedFrpNotificationPermission()224 String getSavedFrpNotificationPermission() { 225 return mSavedFrpNotificationPermission; 226 } 227 getSavedFrpNotificationUserHandle()228 UserHandle getSavedFrpNotificationUserHandle() { 229 return mSavedFrpNotificationUserHandle; 230 } 231 getSavedFrpNotificationIntent()232 Intent getSavedFrpNotificationIntent() { 233 return mSavedFrpNotificationIntent; 234 } 235 clearRecordedFrpNotificationData()236 void clearRecordedFrpNotificationData() { 237 mSavedFrpNotificationIntent = null; 238 mSavedFrpNotificationPermission = null; 239 mSavedFrpNotificationUserHandle = null; 240 } 241 } 242