Fix parameter for Gatekeeper re-enroll in SyntheticPasswordManager
Gatekeeper's re-enroll feature requires the enroll() API to be
called with currentPasswordHandle, currentPassword, and newPassword.
Currently, the currentPassword parameter in
SyntheticPasswordManager is incorrectly set to spHandle instead of
gatekeeperPassword. This causes the re-enroll feature to fail, as
Gatekeeper receives a password handle instead of the expected
password, leading to a mismatch during the re-enrollment process.
Change-Id: Iad84a23e72940ad04aa9d663e871bf2cef0ce1cf
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
index cc58f38..3a429b0 100644
--- a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
+++ b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
@@ -1701,7 +1701,7 @@
.setGatekeeperHAT(response.getPayload()).build();
if (response.getShouldReEnroll()) {
try {
- response = gatekeeper.enroll(userId, spHandle, spHandle,
+ response = gatekeeper.enroll(userId, spHandle, gatekeeperPassword,
gatekeeperPassword);
} catch (RemoteException e) {
Slog.e(TAG, "Failed to invoke gatekeeper.enroll", e);