From 2c0a308fe744777ef8a48a264b58163cfef69e95 Mon Sep 17 00:00:00 2001 From: Ellen Arteca Date: Mon, 18 Mar 2024 22:08:26 +0000 Subject: Ensure that LockscreenCredential#close() gets called Wrap LockscreenCredential objects in try-with-resources. This ensures the LockscreenCredential's `close()` method gets called, which clears the `byte[]` field that stores the LSKF. Bug: 320392352 Test: presubmit Change-Id: If180967bcfc1d812edd4202b2d049a4b69d6105f --- .../android/car/settings/security/CheckLockWorker.java | 5 +++-- .../security/ChooseLockPinPasswordFragment.java | 18 +++++++++++------- .../settings/security/ConfirmLockPatternFragment.java | 6 +++++- .../settings/security/VerifyLockChangeActivity.java | 2 +- 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/src/com/android/car/settings/security/CheckLockWorker.java b/src/com/android/car/settings/security/CheckLockWorker.java index cf11491b2..1e7d61609 100644 --- a/src/com/android/car/settings/security/CheckLockWorker.java +++ b/src/com/android/car/settings/security/CheckLockWorker.java @@ -90,8 +90,9 @@ public class CheckLockWorker extends Fragment implements LockPatternChecker.OnCh } mCheckInProgress = true; - LockPatternChecker.checkCredential(mLockPatternUtils, - LockscreenCredential.createPattern(pattern), userId, this); + try (LockscreenCredential toCheck = LockscreenCredential.createPattern(pattern)) { + LockPatternChecker.checkCredential(mLockPatternUtils, toCheck, userId, this); + } } /** diff --git a/src/com/android/car/settings/security/ChooseLockPinPasswordFragment.java b/src/com/android/car/settings/security/ChooseLockPinPasswordFragment.java index 1759db7bc..618002b1e 100644 --- a/src/com/android/car/settings/security/ChooseLockPinPasswordFragment.java +++ b/src/com/android/car/settings/security/ChooseLockPinPasswordFragment.java @@ -284,12 +284,12 @@ public class ChooseLockPinPasswordFragment extends BaseFragment { @Override public void onBackspaceClick() { - LockscreenCredential pin = getEnteredPassword(); - if (pin.size() > 0) { - mPasswordField.getText().delete(mPasswordField.getSelectionEnd() - 1, - mPasswordField.getSelectionEnd()); + try (LockscreenCredential pin = getEnteredPassword()) { + if (pin.size() > 0) { + mPasswordField.getText().delete(mPasswordField.getSelectionEnd() - 1, + mPasswordField.getSelectionEnd()); + } } - pin.zeroize(); } @Override @@ -302,8 +302,10 @@ public class ChooseLockPinPasswordFragment extends BaseFragment { } private boolean shouldEnableSubmit() { - return mPasswordHelper.validateCredential(getEnteredPassword(), mExistingCredential) + try (LockscreenCredential enteredCredential = getEnteredPassword()) { + return mPasswordHelper.validateCredential(enteredCredential, mExistingCredential) && (mSaveLockWorker == null || mSaveLockWorker.isFinished()); + } } private void updateSubmitButtonsState() { @@ -407,7 +409,9 @@ public class ChooseLockPinPasswordFragment extends BaseFragment { mPinPad.setEnterKeyIcon(mUiStage.enterKeyIcon); } - mPasswordHelper.validateCredential(getEnteredPassword(), mExistingCredential); + try (LockscreenCredential enteredCredential = getEnteredPassword()) { + mPasswordHelper.validateCredential(enteredCredential, mExistingCredential); + } mHintMessage.setText(mPasswordHelper.getCredentialValidationErrorMessages()); setHintIfNeeded(); diff --git a/src/com/android/car/settings/security/ConfirmLockPatternFragment.java b/src/com/android/car/settings/security/ConfirmLockPatternFragment.java index 9fbbc7d4f..3a3e90fc5 100644 --- a/src/com/android/car/settings/security/ConfirmLockPatternFragment.java +++ b/src/com/android/car/settings/security/ConfirmLockPatternFragment.java @@ -179,7 +179,11 @@ public class ConfirmLockPatternFragment extends BaseFragment { private void onCheckCompleted(boolean lockMatched, int timeoutMs) { if (lockMatched) { - mCheckLockListener.onLockVerified(LockscreenCredential.createPattern(mPattern)); + try (LockscreenCredential patternCred = LockscreenCredential.createPattern(mPattern)) { + // onLockVerified does not take ownership of the LockscreenCredential + // see CheckLockActivity#onLockVerified and VerifyLockChangeActivity#onLockVerified + mCheckLockListener.onLockVerified(patternCred); + } } else { if (timeoutMs > 0) { mConfirmLockLockoutHelper.onCheckCompletedWithTimeout(timeoutMs); diff --git a/src/com/android/car/settings/security/VerifyLockChangeActivity.java b/src/com/android/car/settings/security/VerifyLockChangeActivity.java index d5c263946..24da33ebf 100644 --- a/src/com/android/car/settings/security/VerifyLockChangeActivity.java +++ b/src/com/android/car/settings/security/VerifyLockChangeActivity.java @@ -60,7 +60,7 @@ public class VerifyLockChangeActivity extends BaseCarSettingsActivity implements @Override public void onLockVerified(LockscreenCredential lock) { Intent data = new Intent(); - data.putExtra(PasswordHelper.EXTRA_CURRENT_SCREEN_LOCK, lock); + data.putExtra(PasswordHelper.EXTRA_CURRENT_SCREEN_LOCK, lock.duplicate()); data.putExtra(PasswordHelper.EXTRA_CURRENT_PASSWORD_QUALITY, mPasswordQuality); setResult(RESULT_OK, data); finish(); -- cgit v1.2.3