快速鏈接:
.
👉👉👉 個人博客筆記導讀目錄(全部) 👈👈👈


相關推薦:
Android Gatekeeper流程深度解剖
Android手機使用命令行增加/刪除/修改密碼(password/pin/pattern)
android密碼解鎖/指紋解鎖返回的authToken深度解剖


說明: 在無特別的說明下，本文講述得是android10.0 ！

本文旨在講解LockSettingsService的應用，先上一張系統(tǒng)框圖，看下LockSettingsService處于什么有樣子的位置

在android系統(tǒng)中的設置密碼、清除密碼、修改密碼，都是調(diào)用到LockSettingsService.java的setLockCredential函數(shù)進行的，而setLockCredential又調(diào)用了setLockCredentialInternal，接下來我們來分析這個函數(shù)的流程

setLockCredentialInternal完成的功能有：

• 1、如果是清除密碼，即credential.isNone()==true, 則走另外一套流程;
• 2、根據(jù)userId，讀取存儲的密碼(其實是個hash)： currentHandle = mStorage.readCredentialHash(userId)
• 3、調(diào)用底層的enroll，將密碼轉換成enrolledHandle，如果enrolledHandle則說明底層出錯了，則返回失敗;
• 4、將enrolledHandle轉換成hash，并保存起來
• 5、驗證verifyChallenge
• 6、setUserKeyProtection：添加一個userkey，vold使用d
• 7、fixateNewestUserKeyAuth，也是調(diào)用到vold,fscrypt_fixate_newest_user_key_auth
• 8、doVerifyCredential 做一次verify驗證
• 9、synchronizeUnifiedWorkChallengeForProfiles
• 10、sendCredentialsOnChangeIfRequired

private boolean setLockCredentialInternal(LockscreenCredential credential,LockscreenCredential savedCredential, int userId, boolean isLockTiedToParent) {Objects.requireNonNull(credential);Objects.requireNonNull(savedCredential);synchronized (mSpManager) { --------------------------------------------------//暫不介紹mSpManager機制if (isSyntheticPasswordBasedCredentialLocked(userId)) {return spBasedSetLockCredentialInternalLocked(credential, savedCredential, userId,isLockTiedToParent);}}if (credential.isNone()) { --------------------------------------------------//，其實就是密碼類型選擇了None，可以理解為，這是清除密碼的流程clearUserKeyProtection(userId, null);gateKeeperClearSecureUserId(userId);mStorage.writeCredentialHash(CredentialHash.createEmptyHash(), userId);// Still update PASSWORD_TYPE_KEY if we are running in pre-synthetic password code path,// since it forms part of the state that determines the credential type// @see getCredentialTypeInternalsetKeyguardStoredQuality(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userId);setKeystorePassword(null, userId);fixateNewestUserKeyAuth(userId);synchronizeUnifiedWorkChallengeForProfiles(userId, null);setUserPasswordMetrics(LockscreenCredential.createNone(), userId);sendCredentialsOnChangeIfRequired(credential, userId, isLockTiedToParent);return true;}CredentialHash currentHandle = mStorage.readCredentialHash(userId);--------------------// 讀取原來的密碼if (isManagedProfileWithUnifiedLock(userId)) {// get credential from keystore when managed profile has unified lockif (savedCredential.isNone()) {try {//TODO: remove as part of b/80170828savedCredential = getDecryptedPasswordForTiedProfile(userId);} catch (FileNotFoundException e) {Slog.i(TAG, "Child profile key not found");} catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException| NoSuchAlgorithmException | NoSuchPaddingException| InvalidAlgorithmParameterException | IllegalBlockSizeException| BadPaddingException | CertificateException | IOException e) {Slog.e(TAG, "Failed to decrypt child profile key", e);}}} else {if (currentHandle.hash == null) {if (!savedCredential.isNone()) {Slog.w(TAG, "Saved credential provided, but none stored");}savedCredential.close();savedCredential = LockscreenCredential.createNone();}}synchronized (mSpManager) {if (shouldMigrateToSyntheticPasswordLocked(userId)) {initializeSyntheticPasswordLocked(currentHandle.hash, savedCredential, userId);return spBasedSetLockCredentialInternalLocked(credential, savedCredential, userId,isLockTiedToParent);}}if (DEBUG) Slog.d(TAG, "setLockCredentialInternal: user=" + userId);byte[] enrolledHandle = enrollCredential(currentHandle.hash, --------------------------------// 調(diào)用底層，完成enrollsavedCredential.getCredential(), credential.getCredential(), userId);if (enrolledHandle == null) {Slog.w(TAG, String.format("Failed to enroll %s: incorrect credential",-------------------------------// 如果底層enroll錯誤了，則返回failedcredential.isPattern() ? "pattern" : "password"));return false;}CredentialHash willStore = CredentialHash.create(enrolledHandle, credential.getType());-----------------------------//創(chuàng)建hashmStorage.writeCredentialHash(willStore, userId); -----------------------------//保存hash// Still update PASSWORD_TYPE_KEY if we are running in pre-synthetic password code path,// since it forms part of the state that determines the credential type// @see getCredentialTypeInternalsetKeyguardStoredQuality(LockPatternUtils.credentialTypeToPasswordQuality(credential.getType()), userId);// push new secret and auth token to voldGateKeeperResponse gkResponse;try {gkResponse = getGateKeeperService().verifyChallenge(userId, 0, willStore.hash, -----------------------------//驗證challengecredential.getCredential());} catch (RemoteException e) {throw new IllegalStateException("Failed to verify current credential", e);}setUserKeyProtection(userId, credential, convertResponse(gkResponse));fixateNewestUserKeyAuth(userId);// Refresh the auth tokendoVerifyCredential(credential, CHALLENGE_FROM_CALLER, 0, userId, -----------------------------//再做一次verifynull /* progressCallback */);synchronizeUnifiedWorkChallengeForProfiles(userId, null);sendCredentialsOnChangeIfRequired(credential, userId, isLockTiedToParent);return true; }

流程圖

總結

以上是生活随笔為你收集整理的LockSettingsService的setLockCredentialInternal函数详解的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。