Android13重置锁屏（1）

跟踪系统设置密码过程，查找到/packages/apps/Settings/src/com/android/settings/password/ChooseLockPassword.java

的代码：

 @Overrideprotected Pair<Boolean, Intent> saveAndVerifyInBackground() {boolean success;try {success = mUtils.setLockCredential(mChosenPassword, mCurrentCredential, mUserId);} catch (RuntimeException e) {Log.e(TAG, "Failed to set lockscreen credential", e);success = false;}if (success) {unifyProfileCredentialIfRequested();}
..............................
}

mUtils是LockPatternUtils new出来的对象，查找LockPatternUtils对应的方法：

/frameworks/base/core/java/com/android/internal/widget/LockPatternUtils.java

    /*** Save a new lockscreen credential.** <p> This method will fail (returning {@code false}) if the previously saved credential* provided is incorrect, or if the lockscreen verification is still being throttled.** @param newCredential The new credential to save* @param savedCredential The current credential* @param userHandle the user whose lockscreen credential is to be changed** @return whether this method saved the new password successfully or not. This flow will fail* and return false if the given credential is wrong.* @throws RuntimeException if password change encountered an unrecoverable error.* @throws UnsupportedOperationException secure lockscreen is not supported on this device.* @throws IllegalArgumentException if new credential is too short.*/public boolean setLockCredential(@NonNull LockscreenCredential newCredential,@NonNull LockscreenCredential savedCredential, int userHandle) {if (!hasSecureLockScreen() && newCredential.getType() != CREDENTIAL_TYPE_NONE) {throw new UnsupportedOperationException("This operation requires the lock screen feature.");}newCredential.checkLength();try {if (!getLockSettings().setLockCredential(newCredential, savedCredential, userHandle)) {return false;}} catch (RemoteException e) {throw new RuntimeException("Unable to save lock password", e);}return true;}

注释说明：

LockscreenCredential newCredential 新的锁屏凭证

LockscreenCredential savedCredential 当前锁屏凭证

如果更改锁屏凭证，需要当前锁屏凭证验证，但要求是不知道当前锁屏凭证的情况下，设置新的锁屏凭证，继续跟踪代码

getLockSettings().setLockCredential(newCredential, savedCredential, userHandle)

getLockSettings()代码：

public ILockSettings getLockSettings() {if (mLockSettingsService == null) {ILockSettings service = ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings"));mLockSettingsService = service;}return mLockSettingsService;}

方法里面实际调用了LockSettingsService服务的setLockCredential方法，继续跟踪LockSettingsService。

/frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsService.java

   @Overridepublic boolean setLockCredential(LockscreenCredential credential,LockscreenCredential savedCredential, int userId) {...........................................final long identity = Binder.clearCallingIdentity();try {..............................................synchronized (mSeparateChallengeLock) {if (!setLockCredentialInternal(credential, savedCredential,userId, /* isLockTiedToParent= */ false)) {scheduleGc();return false;}setSeparateProfileChallengeEnabledLocked(userId, true, /* unused */ null);notifyPasswordChanged(credential, userId);}if (isCredentialSharableWithParent(userId)) {// Make sure the profile doesn't get locked straight after setting work challenge.setDeviceUnlockedForUser(userId);}notifySeparateProfileChallengeChanged(userId);onPostPasswordChanged(credential, userId);scheduleGc();         return true;} finally {Binder.restoreCallingIdentity(identity);}}

setLockCredential又调用了setLockCredentialInternal方法。

。。。。。

经过一层层跟踪，查找到/frameworks/base/services/core/java/com/android/server/locksettings/LockSettingsStorage.java

锁屏凭证存在/data/system/locksettings.db，而且是经过加密，直接读取原始明文需要反向破解，直接清除locksettings.db又担心引起系统异常，还是得用别的办法，继续回到setLockCredential。