Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7dfe818bb202c5d4c220413bde0f10904096857e^! / . / keystore2 / src / authorization.rs
commit7dfe818bb202c5d4c220413bde0f10904096857e[log] [tgz]
authorNathan Huckleberry <nhuck@google.com>Tue Apr 04 20:41:01 2023 +0000
committerNathan Huckleberry <nhuck@google.com>Wed May 31 19:51:26 2023 +0000
treec79c1041745a67360b14d03dde462ae3826bd502
parent1afc66095235d0c4987de0dceb790274d32cbaf5 [diff] [blame]
Simplify control flow for user unlocking.

Keystore2 super key handling is being refactored in preparation for
Unlocked-Only Storage.

Currently, super_key.rs exposes two functions to authorization.rs for
key unlocking:
- unlock_screen_lock_bound_key
- unlock_and_get_user_state

This change simplifies the key_unlocking logic to a single function,
unlock_user. This new function handles all of the unlocking logic and
functions more like a state machine than the previous code.

This change mainly improves readability. It tries not to change
functionality.

Bug: 280502317
Bug: 277798192
Test: Wiped device. Setup user with PIN. Ensured unlock works. Remove
    PIN. Ensured unlock works. Added pin and biometric. Ensured unlock
    works.  Rebooted device. Ensured unlock works.
Change-Id: Ib9a3e907cd40d34c5ecf2a869a65e403deda0254

diff --git a/keystore2/src/authorization.rs b/keystore2/src/authorization.rs
index 1953920..4f2c7bd 100644
--- a/keystore2/src/authorization.rs
+++ b/keystore2/src/authorization.rs

@@ -19,7 +19,6 @@
 use crate::error::anyhow_error_to_cstring;
 use crate::globals::{ENFORCEMENTS, SUPER_KEY, DB, LEGACY_IMPORTER};
 use crate::permission::KeystorePerm;
-use crate::super_key::UserState;
 use crate::utils::{check_keystore_permission, watchdog as wd};
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
     HardwareAuthToken::HardwareAuthToken,
@@ -158,31 +157,14 @@
                 let mut skm = SUPER_KEY.write().unwrap();
 
                 DB.with(|db| {
-                    skm.unlock_screen_lock_bound_key(
+                    skm.unlock_user(
                         &mut db.borrow_mut(),
+                        &LEGACY_IMPORTER,
                         user_id as u32,
                         &password,
                     )
                 })
-                .context(ks_err!("unlock_screen_lock_bound_key failed"))?;
-
-                // Unlock super key.
-                if let UserState::Uninitialized = DB
-                    .with(|db| {
-                        skm.unlock_and_get_user_state(
-                            &mut db.borrow_mut(),
-                            &LEGACY_IMPORTER,
-                            user_id as u32,
-                            &password,
-                        )
-                    })
-                    .context(ks_err!("Unlock with password."))?
-                {
-                    log::info!(
-                        "In on_lock_screen_event. Trying to unlock when LSKF is uninitialized."
-                    );
-                }
-
+                .context(ks_err!("Unlock with password."))?;
                 Ok(())
             }
             (LockScreenEvent::UNLOCK, None) => {