Merge "Wipe the LockscreenCredential in DPMS#resetPasswordInternal" into main

1 files changed, 10 insertions, 7 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index dd49260e160e..293f379199a6 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5672,15 +5672,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
     private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token,
             int flags, CallerIdentity caller) {
-        final int callingUid = caller.getUid();
-        final int userHandle = UserHandle.getUserId(callingUid);
         final boolean isPin = PasswordMetrics.isNumericOnly(password);
-        final LockscreenCredential newCredential;
-        if (isPin) {
-            newCredential = LockscreenCredential.createPin(password);
-        } else {
-            newCredential = LockscreenCredential.createPasswordOrNone(password);
+        try (LockscreenCredential newCredential =
+                isPin ? LockscreenCredential.createPin(password) :
+                       LockscreenCredential.createPasswordOrNone(password)) {
+            return resetPasswordInternal(newCredential, tokenHandle, token, flags, caller);
         }
+    }
+
+    private boolean resetPasswordInternal(LockscreenCredential newCredential,
+            long tokenHandle, byte[] token, int flags, CallerIdentity caller) {
+        final int callingUid = caller.getUid();
+        final int userHandle = UserHandle.getUserId(callingUid);
         synchronized (getLockObject()) {
             final PasswordMetrics minMetrics = getPasswordMinimumMetricsUnchecked(userHandle);
             final int complexity = getAggregatedPasswordComplexityLocked(userHandle);