Make LockSettingsService enforce basic requirements for new credentials
Currently all LSKF requirements are enforced by
PasswordMetrics#validateCredential(). The standard minimum length of 4
is also checked again in LockPatternUtils#setLockCredential().
These are both at the caller's option, though. These requirements could
be circumvented by calling ILockSettings#setLockCredential() directly.
Therefore, to provide higher assurance that at least the standard
requirements are met, this CL moves the standard length check into
LockSettingsService and also adds the invalid chars check alongside it.
Bug: 219511761
Bug: 232900169
Bug: 243881358
Test: atest LockscreenCredentialTest
Test: atest com.android.server.locksettings
Change-Id: Icc48a0d6caac0884bf3e3a9181828e8dfffff7e4
Merged-In: Icc48a0d6caac0884bf3e3a9181828e8dfffff7e4
(cherry picked from commit fe59a023e86bed6daba4bfcb8c9a964c7636127f)
6 files changed