Skip creating password metrics file for unsecured users
As another optimization, skip creating the password metrics file in the
LSKF-based protector when the LSKF is empty. In this case, the password
metrics file is unnecessary and contains no information.
This saves creating one file, which can be somewhat expensive due to the
use of synchronous writes and an fsync of the parent directory. It also
saves one key derivation operation and one encryption operation.
Note: previously, it seems to have been possible for a PasswordMetrics
object to end up in the LSS.mUserPasswordMetrics map for an unsecured
user, specifically via LSS.unlockUserWithToken(). After this change,
that can no longer happen. This is fine because the isUserSecure()
check in LSS.getUserPasswordMetrics() meant that any PasswordMetrics
that may have been cached for an unsecured users were never used anyway.
Bug: 232452368
Bug: 251131631
Bug: 251147505
Test: atest com.android.server.locksettings
Change-Id: I93780a20c69b3a1b0ba21d7c38e98923771fc114
3 files changed
