跟踪系统设置密码过程,查找到/packages/apps/Settings/src/com/android/settings/password/ChooseLockPassword.java
的代码:
@Override
protected Pair<Boolean, Intent> saveAndVerifyInBackground() {
boolean success;
try {
success = mUtils.setLockCredential(mChosenPassword, mCurrentCredential, mUserId);
} catch (RuntimeException e) {
Log.e(TAG, "Failed to set lockscreen credential", e);
success = false;
}
if (success) {
unifyProfileCredentialIfRequested();
}
..............................
}mUtils是LockPatternUtils new出来的对象,查找LockPatternUtils对应的方法:
/frameworks/base/core/java/com/android/internal/widget/LockPatternUtils.java
/**
* Save a new lockscreen credential.
*
* <p> This method will fail (returning {@code false}) if the previously saved credential
* provided is incorrect, or if the lockscreen verification is still being throttled.
*
* @param newCredential The new credential to save
* @param savedCredential The current credential
* @param userHandle the user whose lockscreen credential is to be changed
*
* @return whether this method saved the new password successfully or not. This flow will fail
* and return false if the given credential is wrong.
* @throws RuntimeException if password change encountered an unrecoverable error.
* @throws UnsupportedOperationException secure lockscreen is not supported on this device.
* @throws IllegalArgumentException if new credential is too short.
*/
public boolean setLockCredential(@NonNull LockscreenCredential newCredential,
@NonNull LockscreenCredential savedCredential, int userHandle) {
if (!hasSecureLockScreen() && newCredential.getType() != CREDENTIAL_TYPE_NONE) {
throw new UnsupportedOperationException(
"This operation requires the lock screen feature.");
}
newCredential.checkLength();
try {
if (!getLockSettings().setLockCredential(newCredential, savedCredential, userHandle)) {
return false;
}
} catch (RemoteException e) {
throw new RuntimeException("Unable to save lock password", e);
}
return true;
}注释说明:
LockscreenCredential newCredential 新的锁屏凭证
LockscreenCredential savedCredential 当前锁屏凭证
如果更改锁屏凭证,需要当前锁屏凭证验证,但要求是不知道当前锁屏凭证的情况下,设置新的锁屏凭证,继续跟踪代码
getLockSettings().setLockCredential(newCredential, savedCredential, userHandle)
getLockSettings()代码:
public ILockSettings getLockSettings() {
if (mLockSettingsService == null) {
ILockSettings service = ILockSettings.Stub.asInterface(
ServiceManager.getService("lock_settings"));
mLockSettingsService = service;
}
return mLockSettingsService;
}方法里面实际调用了LockSettingsService服务的setLockCredential方法,继续跟踪LockSettingsService。
/frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java
@Override
public boolean setLockCredential(LockscreenCredential credential,
LockscreenCredential savedCredential, int userId) {
...........................................
final long identity = Binder.clearCallingIdentity();
try {
..............................................
synchronized (mSeparateChallengeLock) {
if (!setLockCredentialInternal(credential, savedCredential,
userId, /* isLockTiedToParent= */ false)) {
scheduleGc();
return false;
}
setSeparateProfileChallengeEnabledLocked(userId, true, /* unused */ null);
notifyPasswordChanged(credential, userId);
}
if (isCredentialSharableWithParent(userId)) {
// Make sure the profile doesn't get locked straight after setting work challenge.
setDeviceUnlockedForUser(userId);
}
notifySeparateProfileChallengeChanged(userId);
onPostPasswordChanged(credential, userId);
scheduleGc();
return true;
} finally {
Binder.restoreCallingIdentity(identity);
}
}setLockCredential又调用了setLockCredentialInternal方法。
。。。。。
经过一层层跟踪,查找到/frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsStorage.java
锁屏凭证存在/data/system/locksettings.db,而且是经过加密,直接读取原始明文需要反向破解,直接清除locksettings.db又担心引起系统异常,还是得用别的办法,继续回到setLockCredential。