Wipe the LockscreenCredential in DPMS#resetPasswordInternal
This CL adds try-with-resources around LockscreenCredential objects,
in order to call `close()` when the resource is done being used.
This also clears the LSKF `byte[]` representation in the LockscreenCredential.
This CL applies the above changes to the DevicePolicyManagerService.
Bug: 320392352
Test: build
Change-Id: Iad642dd4706ae052affc2f9ac6d6f0695870728d
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index dd49260..293f379 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5672,15 +5672,18 @@
private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token,
int flags, CallerIdentity caller) {
+ final boolean isPin = PasswordMetrics.isNumericOnly(password);
+ try (LockscreenCredential newCredential =
+ isPin ? LockscreenCredential.createPin(password) :
+ LockscreenCredential.createPasswordOrNone(password)) {
+ return resetPasswordInternal(newCredential, tokenHandle, token, flags, caller);
+ }
+ }
+
+ private boolean resetPasswordInternal(LockscreenCredential newCredential,
+ long tokenHandle, byte[] token, int flags, CallerIdentity caller) {
final int callingUid = caller.getUid();
final int userHandle = UserHandle.getUserId(callingUid);
- final boolean isPin = PasswordMetrics.isNumericOnly(password);
- final LockscreenCredential newCredential;
- if (isPin) {
- newCredential = LockscreenCredential.createPin(password);
- } else {
- newCredential = LockscreenCredential.createPasswordOrNone(password);
- }
synchronized (getLockObject()) {
final PasswordMetrics minMetrics = getPasswordMinimumMetricsUnchecked(userHandle);
final int complexity = getAggregatedPasswordComplexityLocked(userHandle);