| /* |
| * Copyright (C) 2010 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.settings; |
| |
| import static android.app.admin.DevicePolicyManager.ACTION_SET_NEW_PARENT_PROFILE_PASSWORD; |
| import static android.app.admin.DevicePolicyManager.ACTION_SET_NEW_PASSWORD; |
| import static com.android.settings.ChooseLockPassword.ChooseLockPasswordFragment.RESULT_FINISHED; |
| import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; |
| |
| import android.accessibilityservice.AccessibilityServiceInfo; |
| import android.app.Activity; |
| import android.app.AlertDialog; |
| import android.app.Dialog; |
| import android.app.DialogFragment; |
| import android.app.Fragment; |
| import android.app.FragmentManager; |
| import android.app.admin.DevicePolicyManager; |
| import android.content.Context; |
| import android.content.DialogInterface; |
| import android.content.Intent; |
| import android.content.pm.UserInfo; |
| import android.hardware.fingerprint.Fingerprint; |
| import android.hardware.fingerprint.FingerprintManager; |
| import android.hardware.fingerprint.FingerprintManager.RemovalCallback; |
| import android.os.Bundle; |
| import android.os.UserHandle; |
| import android.os.UserManager; |
| import android.os.storage.StorageManager; |
| import android.security.KeyStore; |
| import android.support.v7.preference.Preference; |
| import android.support.v7.preference.PreferenceScreen; |
| import android.text.TextUtils; |
| import android.util.EventLog; |
| import android.util.Log; |
| import android.view.accessibility.AccessibilityManager; |
| import android.widget.TextView; |
| |
| import com.android.internal.logging.MetricsProto.MetricsEvent; |
| import com.android.internal.widget.LockPatternUtils; |
| import com.android.settings.fingerprint.FingerprintEnrollBase; |
| import com.android.settings.fingerprint.FingerprintEnrollFindSensor; |
| import com.android.settingslib.RestrictedLockUtils; |
| import com.android.settingslib.RestrictedPreference; |
| |
| import java.util.List; |
| |
| public class ChooseLockGeneric extends SettingsActivity { |
| public static final String CONFIRM_CREDENTIALS = "confirm_credentials"; |
| |
| @Override |
| public Intent getIntent() { |
| Intent modIntent = new Intent(super.getIntent()); |
| modIntent.putExtra(EXTRA_SHOW_FRAGMENT, getFragmentClass().getName()); |
| |
| String action = modIntent.getAction(); |
| if (ACTION_SET_NEW_PASSWORD.equals(action) |
| || ACTION_SET_NEW_PARENT_PROFILE_PASSWORD.equals(action)) { |
| modIntent.putExtra(EXTRA_HIDE_DRAWER, true); |
| } |
| return modIntent; |
| } |
| |
| @Override |
| protected boolean isValidFragment(String fragmentName) { |
| if (ChooseLockGenericFragment.class.getName().equals(fragmentName)) return true; |
| return false; |
| } |
| |
| /* package */ Class<? extends Fragment> getFragmentClass() { |
| return ChooseLockGenericFragment.class; |
| } |
| |
| public static class InternalActivity extends ChooseLockGeneric { |
| } |
| |
| public static class ChooseLockGenericFragment extends SettingsPreferenceFragment { |
| private static final String TAG = "ChooseLockGenericFragment"; |
| private static final int MIN_PASSWORD_LENGTH = 4; |
| private static final String KEY_UNLOCK_SET_OFF = "unlock_set_off"; |
| private static final String KEY_UNLOCK_SET_NONE = "unlock_set_none"; |
| private static final String KEY_UNLOCK_SET_PIN = "unlock_set_pin"; |
| private static final String KEY_UNLOCK_SET_PASSWORD = "unlock_set_password"; |
| private static final String KEY_UNLOCK_SET_PATTERN = "unlock_set_pattern"; |
| private static final String KEY_UNLOCK_SET_MANAGED = "unlock_set_managed"; |
| private static final String KEY_SKIP_FINGERPRINT = "unlock_skip_fingerprint"; |
| private static final String PASSWORD_CONFIRMED = "password_confirmed"; |
| private static final String WAITING_FOR_CONFIRMATION = "waiting_for_confirmation"; |
| public static final String MINIMUM_QUALITY_KEY = "minimum_quality"; |
| public static final String HIDE_DISABLED_PREFS = "hide_disabled_prefs"; |
| public static final String ENCRYPT_REQUESTED_QUALITY = "encrypt_requested_quality"; |
| public static final String ENCRYPT_REQUESTED_DISABLED = "encrypt_requested_disabled"; |
| public static final String TAG_FRP_WARNING_DIALOG = "frp_warning_dialog"; |
| |
| private static final int CONFIRM_EXISTING_REQUEST = 100; |
| private static final int ENABLE_ENCRYPTION_REQUEST = 101; |
| private static final int CHOOSE_LOCK_REQUEST = 102; |
| private static final int CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST = 103; |
| private static final int SKIP_FINGERPRINT_REQUEST = 104; |
| |
| private ChooseLockSettingsHelper mChooseLockSettingsHelper; |
| private DevicePolicyManager mDPM; |
| private KeyStore mKeyStore; |
| private boolean mHasChallenge = false; |
| private long mChallenge; |
| private boolean mPasswordConfirmed = false; |
| private boolean mWaitingForConfirmation = false; |
| private int mEncryptionRequestQuality; |
| private boolean mEncryptionRequestDisabled; |
| private boolean mRequirePassword; |
| private boolean mForChangeCredRequiredForBoot = false; |
| private String mUserPassword; |
| private LockPatternUtils mLockPatternUtils; |
| private FingerprintManager mFingerprintManager; |
| private int mUserId; |
| private boolean mHideDrawer = false; |
| private ManagedLockPasswordProvider mManagedPasswordProvider; |
| private boolean mIsSetNewPassword = false; |
| |
| protected boolean mForFingerprint = false; |
| |
| @Override |
| protected int getMetricsCategory() { |
| return MetricsEvent.CHOOSE_LOCK_GENERIC; |
| } |
| |
| @Override |
| public void onCreate(Bundle savedInstanceState) { |
| super.onCreate(savedInstanceState); |
| |
| String chooseLockAction = getActivity().getIntent().getAction(); |
| mFingerprintManager = |
| (FingerprintManager) getActivity().getSystemService(Context.FINGERPRINT_SERVICE); |
| mDPM = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE); |
| mKeyStore = KeyStore.getInstance(); |
| mChooseLockSettingsHelper = new ChooseLockSettingsHelper(this.getActivity()); |
| mLockPatternUtils = new LockPatternUtils(getActivity()); |
| mIsSetNewPassword = ACTION_SET_NEW_PARENT_PROFILE_PASSWORD.equals(chooseLockAction) |
| || ACTION_SET_NEW_PASSWORD.equals(chooseLockAction); |
| |
| // Defaults to needing to confirm credentials |
| final boolean confirmCredentials = getActivity().getIntent() |
| .getBooleanExtra(CONFIRM_CREDENTIALS, true); |
| if (getActivity() instanceof ChooseLockGeneric.InternalActivity) { |
| mPasswordConfirmed = !confirmCredentials; |
| } |
| mHideDrawer = getActivity().getIntent().getBooleanExtra(EXTRA_HIDE_DRAWER, false); |
| |
| mHasChallenge = getActivity().getIntent().getBooleanExtra( |
| ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false); |
| mChallenge = getActivity().getIntent().getLongExtra( |
| ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0); |
| mForFingerprint = getActivity().getIntent().getBooleanExtra( |
| ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false); |
| mForChangeCredRequiredForBoot = getArguments() != null && getArguments().getBoolean( |
| ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT); |
| if (mIsSetNewPassword) { |
| // In ACTION_SET_NEW_PARENT_PROFILE_PASSWORD or ACTION_SET_NEW_PASSWORD, the user |
| // will be asked to confirm the password if one has been set. |
| // On fingerprint supported device, fingerprint options are represented in the |
| // options. If the user chooses to skip fingerprint setup, ChooseLockGeneric is |
| // relaunched to only show options without fingerprint. In this case, we shouldn't |
| // ask the user to confirm the password again. |
| mPasswordConfirmed = getActivity().getIntent().getBooleanExtra( |
| PASSWORD_CONFIRMED, false); |
| } |
| |
| if (savedInstanceState != null) { |
| mPasswordConfirmed = savedInstanceState.getBoolean(PASSWORD_CONFIRMED); |
| mWaitingForConfirmation = savedInstanceState.getBoolean(WAITING_FOR_CONFIRMATION); |
| mEncryptionRequestQuality = savedInstanceState.getInt(ENCRYPT_REQUESTED_QUALITY); |
| mEncryptionRequestDisabled = savedInstanceState.getBoolean( |
| ENCRYPT_REQUESTED_DISABLED); |
| } |
| |
| int targetUser = Utils.getSecureTargetUser( |
| getActivity().getActivityToken(), |
| UserManager.get(getActivity()), |
| null, |
| getActivity().getIntent().getExtras()).getIdentifier(); |
| if (ACTION_SET_NEW_PARENT_PROFILE_PASSWORD.equals(chooseLockAction) |
| || !mLockPatternUtils.isSeparateProfileChallengeAllowed(targetUser)) { |
| // Always use parent if explicitely requested or if profile challenge is not |
| // supported |
| Bundle arguments = getArguments(); |
| mUserId = Utils.getUserIdFromBundle(getContext(), arguments != null ? arguments |
| : getActivity().getIntent().getExtras()); |
| } else { |
| mUserId = targetUser; |
| } |
| |
| if (ACTION_SET_NEW_PASSWORD.equals(chooseLockAction) |
| && Utils.isManagedProfile(UserManager.get(getActivity()), mUserId) |
| && mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId)) { |
| getActivity().setTitle(R.string.lock_settings_picker_title_profile); |
| } |
| |
| mManagedPasswordProvider = ManagedLockPasswordProvider.get(getActivity(), mUserId); |
| |
| if (mPasswordConfirmed) { |
| updatePreferencesOrFinish(); |
| if (mForChangeCredRequiredForBoot) { |
| maybeEnableEncryption(mLockPatternUtils.getKeyguardStoredPasswordQuality( |
| mUserId), false); |
| } |
| } else if (!mWaitingForConfirmation) { |
| ChooseLockSettingsHelper helper = |
| new ChooseLockSettingsHelper(this.getActivity(), this); |
| boolean managedProfileWithUnifiedLock = Utils |
| .isManagedProfile(UserManager.get(getActivity()), mUserId) |
| && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId); |
| if (managedProfileWithUnifiedLock |
| || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST, |
| getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) { |
| mPasswordConfirmed = true; // no password set, so no need to confirm |
| updatePreferencesOrFinish(); |
| } else { |
| mWaitingForConfirmation = true; |
| } |
| } |
| addHeaderView(); |
| } |
| |
| protected void addHeaderView() { |
| if (mForFingerprint) { |
| setHeaderView(R.layout.choose_lock_generic_fingerprint_header); |
| if (mIsSetNewPassword) { |
| ((TextView) getHeaderView().findViewById(R.id.fingerprint_header_description)) |
| .setText(R.string.fingerprint_unlock_title); |
| } |
| } |
| } |
| |
| @Override |
| public boolean onPreferenceTreeClick(Preference preference) { |
| final String key = preference.getKey(); |
| |
| if (!isUnlockMethodSecure(key) && mLockPatternUtils.isSecure(mUserId)) { |
| // Show the disabling FRP warning only when the user is switching from a secure |
| // unlock method to an insecure one |
| showFactoryResetProtectionWarningDialog(key); |
| return true; |
| } else if (KEY_SKIP_FINGERPRINT.equals(key)) { |
| Intent chooseLockGenericIntent = new Intent(getActivity(), ChooseLockGeneric.class); |
| chooseLockGenericIntent.setAction(getIntent().getAction()); |
| chooseLockGenericIntent.putExtra(PASSWORD_CONFIRMED, mPasswordConfirmed); |
| startActivityForResult(chooseLockGenericIntent, SKIP_FINGERPRINT_REQUEST); |
| return true; |
| } else { |
| return setUnlockMethod(key); |
| } |
| } |
| |
| /** |
| * If the device has encryption already enabled, then ask the user if they |
| * also want to encrypt the phone with this password. |
| * |
| * @param quality |
| * @param disabled |
| */ |
| // TODO: why does this take disabled, its always called with a quality higher than |
| // what makes sense with disabled == true |
| private void maybeEnableEncryption(int quality, boolean disabled) { |
| DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(DEVICE_POLICY_SERVICE); |
| if (UserManager.get(getActivity()).isAdminUser() |
| && mUserId == UserHandle.myUserId() |
| && LockPatternUtils.isDeviceEncryptionEnabled() |
| && !LockPatternUtils.isFileEncryptionEnabled() |
| && !dpm.getDoNotAskCredentialsOnBoot()) { |
| mEncryptionRequestQuality = quality; |
| mEncryptionRequestDisabled = disabled; |
| // Get the intent that the encryption interstitial should start for creating |
| // the new unlock method. |
| Intent unlockMethodIntent = getIntentForUnlockMethod(quality, disabled); |
| unlockMethodIntent.putExtra( |
| ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT, |
| mForChangeCredRequiredForBoot); |
| final Context context = getActivity(); |
| // If accessibility is enabled and the user hasn't seen this dialog before, set the |
| // default state to agree with that which is compatible with accessibility |
| // (password not required). |
| final boolean accEn = AccessibilityManager.getInstance(context).isEnabled(); |
| final boolean required = mLockPatternUtils.isCredentialRequiredToDecrypt(!accEn); |
| Intent intent = getEncryptionInterstitialIntent(context, quality, required, |
| unlockMethodIntent); |
| intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, |
| mForFingerprint); |
| intent.putExtra(EXTRA_HIDE_DRAWER, mHideDrawer); |
| startActivityForResult(intent, ENABLE_ENCRYPTION_REQUEST); |
| } else { |
| if (mForChangeCredRequiredForBoot) { |
| // Welp, couldn't change it. Oh well. |
| finish(); |
| return; |
| } |
| mRequirePassword = false; // device encryption not enabled or not device owner. |
| updateUnlockMethodAndFinish(quality, disabled); |
| } |
| } |
| |
| @Override |
| public void onActivityResult(int requestCode, int resultCode, Intent data) { |
| super.onActivityResult(requestCode, resultCode, data); |
| mWaitingForConfirmation = false; |
| if (requestCode == CONFIRM_EXISTING_REQUEST && resultCode == Activity.RESULT_OK) { |
| mPasswordConfirmed = true; |
| mUserPassword = data.getStringExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD); |
| updatePreferencesOrFinish(); |
| if (mForChangeCredRequiredForBoot) { |
| if (!TextUtils.isEmpty(mUserPassword)) { |
| maybeEnableEncryption( |
| mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId), false); |
| } else { |
| finish(); |
| } |
| } |
| } else if (requestCode == CHOOSE_LOCK_REQUEST |
| || requestCode == ENABLE_ENCRYPTION_REQUEST) { |
| if (resultCode != RESULT_CANCELED || mForChangeCredRequiredForBoot) { |
| getActivity().setResult(resultCode, data); |
| finish(); |
| } |
| } else if (requestCode == CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST |
| && resultCode == FingerprintEnrollBase.RESULT_FINISHED) { |
| Intent intent = new Intent(getActivity(), FingerprintEnrollFindSensor.class); |
| if (data != null) { |
| intent.putExtras(data.getExtras()); |
| } |
| startActivity(intent); |
| finish(); |
| } else if (requestCode == SKIP_FINGERPRINT_REQUEST) { |
| if (resultCode != RESULT_CANCELED) { |
| getActivity().setResult( |
| resultCode == RESULT_FINISHED ? RESULT_OK : resultCode, data); |
| finish(); |
| } |
| } else { |
| getActivity().setResult(Activity.RESULT_CANCELED); |
| finish(); |
| } |
| if (requestCode == Activity.RESULT_CANCELED && mForChangeCredRequiredForBoot) { |
| finish(); |
| } |
| } |
| |
| @Override |
| public void onSaveInstanceState(Bundle outState) { |
| super.onSaveInstanceState(outState); |
| // Saved so we don't force user to re-enter their password if configuration changes |
| outState.putBoolean(PASSWORD_CONFIRMED, mPasswordConfirmed); |
| outState.putBoolean(WAITING_FOR_CONFIRMATION, mWaitingForConfirmation); |
| outState.putInt(ENCRYPT_REQUESTED_QUALITY, mEncryptionRequestQuality); |
| outState.putBoolean(ENCRYPT_REQUESTED_DISABLED, mEncryptionRequestDisabled); |
| } |
| |
| private void updatePreferencesOrFinish() { |
| Intent intent = getActivity().getIntent(); |
| int quality = intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY, -1); |
| if (quality == -1) { |
| // If caller didn't specify password quality, show UI and allow the user to choose. |
| quality = intent.getIntExtra(MINIMUM_QUALITY_KEY, -1); |
| quality = upgradeQuality(quality); |
| final boolean hideDisabledPrefs = intent.getBooleanExtra( |
| HIDE_DISABLED_PREFS, false); |
| final PreferenceScreen prefScreen = getPreferenceScreen(); |
| if (prefScreen != null) { |
| prefScreen.removeAll(); |
| } |
| addPreferences(); |
| disableUnusablePreferences(quality, hideDisabledPrefs); |
| updatePreferenceText(); |
| updateCurrentPreference(); |
| updatePreferenceSummaryIfNeeded(); |
| } else { |
| updateUnlockMethodAndFinish(quality, false); |
| } |
| } |
| |
| protected void addPreferences() { |
| addPreferencesFromResource(R.xml.security_settings_picker); |
| |
| // Used for testing purposes |
| findPreference(KEY_UNLOCK_SET_NONE).setViewId(R.id.lock_none); |
| findPreference(KEY_UNLOCK_SET_PIN).setViewId(R.id.lock_pin); |
| findPreference(KEY_UNLOCK_SET_PASSWORD).setViewId(R.id.lock_password); |
| } |
| |
| private void updatePreferenceText() { |
| if (mForFingerprint) { |
| final String key[] = { KEY_UNLOCK_SET_PATTERN, |
| KEY_UNLOCK_SET_PIN, |
| KEY_UNLOCK_SET_PASSWORD }; |
| final int res[] = { R.string.fingerprint_unlock_set_unlock_pattern, |
| R.string.fingerprint_unlock_set_unlock_pin, |
| R.string.fingerprint_unlock_set_unlock_password }; |
| for (int i = 0; i < key.length; i++) { |
| Preference pref = findPreference(key[i]); |
| if (pref != null) { // can be removed by device admin |
| pref.setTitle(res[i]); |
| } |
| } |
| } |
| |
| if (mManagedPasswordProvider.isSettingManagedPasswordSupported()) { |
| Preference managed = findPreference(KEY_UNLOCK_SET_MANAGED); |
| managed.setTitle(mManagedPasswordProvider.getPickerOptionTitle(mForFingerprint)); |
| } else { |
| removePreference(KEY_UNLOCK_SET_MANAGED); |
| } |
| |
| if (!(mForFingerprint && mIsSetNewPassword)) { |
| removePreference(KEY_SKIP_FINGERPRINT); |
| } |
| } |
| |
| private void updateCurrentPreference() { |
| String currentKey = getKeyForCurrent(); |
| Preference preference = findPreference(currentKey); |
| if (preference != null) { |
| preference.setSummary(R.string.current_screen_lock); |
| } |
| } |
| |
| private String getKeyForCurrent() { |
| final int credentialOwner = UserManager.get(getContext()) |
| .getCredentialOwnerProfile(mUserId); |
| if (mLockPatternUtils.isLockScreenDisabled(credentialOwner)) { |
| return KEY_UNLOCK_SET_OFF; |
| } |
| switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(credentialOwner)) { |
| case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: |
| return KEY_UNLOCK_SET_PATTERN; |
| case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: |
| case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: |
| return KEY_UNLOCK_SET_PIN; |
| case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: |
| case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: |
| case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: |
| return KEY_UNLOCK_SET_PASSWORD; |
| case DevicePolicyManager.PASSWORD_QUALITY_MANAGED: |
| return KEY_UNLOCK_SET_MANAGED; |
| case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: |
| return KEY_UNLOCK_SET_NONE; |
| } |
| return null; |
| } |
| |
| /** increases the quality if necessary */ |
| private int upgradeQuality(int quality) { |
| quality = upgradeQualityForDPM(quality); |
| return quality; |
| } |
| |
| private int upgradeQualityForDPM(int quality) { |
| // Compare min allowed password quality |
| int minQuality = mDPM.getPasswordQuality(null, mUserId); |
| if (quality < minQuality) { |
| quality = minQuality; |
| } |
| return quality; |
| } |
| |
| /*** |
| * Disables preferences that are less secure than required quality. The actual |
| * implementation is in disableUnusablePreferenceImpl. |
| * |
| * @param quality the requested quality. |
| * @param hideDisabledPrefs if false preferences show why they were disabled; otherwise |
| * they're not shown at all. |
| */ |
| protected void disableUnusablePreferences(final int quality, boolean hideDisabledPrefs) { |
| disableUnusablePreferencesImpl(quality, hideDisabledPrefs); |
| } |
| |
| /*** |
| * Disables preferences that are less secure than required quality. |
| * |
| * @param quality the requested quality. |
| * @param hideDisabled whether to hide disable screen lock options. |
| */ |
| protected void disableUnusablePreferencesImpl(final int quality, |
| boolean hideDisabled) { |
| final PreferenceScreen entries = getPreferenceScreen(); |
| |
| int adminEnforcedQuality = mDPM.getPasswordQuality(null, mUserId); |
| EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfPasswordQualityIsSet( |
| getActivity(), mUserId); |
| for (int i = entries.getPreferenceCount() - 1; i >= 0; --i) { |
| Preference pref = entries.getPreference(i); |
| if (pref instanceof RestrictedPreference) { |
| final String key = pref.getKey(); |
| boolean enabled = true; |
| boolean visible = true; |
| boolean disabledByAdmin = false; |
| if (KEY_UNLOCK_SET_OFF.equals(key)) { |
| enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| if (getResources().getBoolean(R.bool.config_hide_none_security_option)) { |
| enabled = false; |
| visible = false; |
| } |
| disabledByAdmin = adminEnforcedQuality |
| > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| } else if (KEY_UNLOCK_SET_NONE.equals(key)) { |
| if (mUserId != UserHandle.myUserId()) { |
| // Swipe doesn't make sense for profiles. |
| visible = false; |
| } |
| enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| disabledByAdmin = adminEnforcedQuality |
| > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| } else if (KEY_UNLOCK_SET_PATTERN.equals(key)) { |
| enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; |
| disabledByAdmin = adminEnforcedQuality |
| > DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; |
| } else if (KEY_UNLOCK_SET_PIN.equals(key)) { |
| enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX; |
| disabledByAdmin = adminEnforcedQuality |
| > DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX; |
| } else if (KEY_UNLOCK_SET_PASSWORD.equals(key)) { |
| enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| disabledByAdmin = adminEnforcedQuality |
| > DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| } else if (KEY_UNLOCK_SET_MANAGED.equals(key)) { |
| enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_MANAGED |
| && mManagedPasswordProvider.isManagedPasswordChoosable(); |
| disabledByAdmin = adminEnforcedQuality |
| > DevicePolicyManager.PASSWORD_QUALITY_MANAGED; |
| } |
| if (hideDisabled) { |
| visible = enabled; |
| } |
| if (!visible) { |
| entries.removePreference(pref); |
| } else if (disabledByAdmin && enforcedAdmin != null) { |
| ((RestrictedPreference) pref).setDisabledByAdmin(enforcedAdmin); |
| } else if (!enabled) { |
| // we need to setDisabledByAdmin to null first to disable the padlock |
| // in case it was set earlier. |
| ((RestrictedPreference) pref).setDisabledByAdmin(null); |
| pref.setSummary(R.string.unlock_set_unlock_disabled_summary); |
| pref.setEnabled(false); |
| } else { |
| ((RestrictedPreference) pref).setDisabledByAdmin(null); |
| } |
| } |
| } |
| } |
| |
| private void updatePreferenceSummaryIfNeeded() { |
| // On a default block encrypted device with accessibility, add a warning |
| // that your data is not credential encrypted |
| if (!StorageManager.isBlockEncrypted()) { |
| return; |
| } |
| |
| if (StorageManager.isNonDefaultBlockEncrypted()) { |
| return; |
| } |
| |
| if (AccessibilityManager.getInstance(getActivity()).getEnabledAccessibilityServiceList( |
| AccessibilityServiceInfo.FEEDBACK_ALL_MASK).isEmpty()) { |
| return; |
| } |
| |
| CharSequence summary = getString(R.string.secure_lock_encryption_warning); |
| |
| PreferenceScreen screen = getPreferenceScreen(); |
| final int preferenceCount = screen.getPreferenceCount(); |
| for (int i = 0; i < preferenceCount; i++) { |
| Preference preference = screen.getPreference(i); |
| switch (preference.getKey()) { |
| case KEY_UNLOCK_SET_PATTERN: |
| case KEY_UNLOCK_SET_PIN: |
| case KEY_UNLOCK_SET_PASSWORD: |
| case KEY_UNLOCK_SET_MANAGED: { |
| preference.setSummary(summary); |
| } break; |
| } |
| } |
| } |
| |
| protected Intent getLockManagedPasswordIntent(boolean requirePassword, String password) { |
| return mManagedPasswordProvider.createIntent(requirePassword, password); |
| } |
| |
| protected Intent getLockPasswordIntent(Context context, int quality, |
| int minLength, final int maxLength, |
| boolean requirePasswordToDecrypt, boolean confirmCredentials, int userId) { |
| return ChooseLockPassword.createIntent(context, quality, minLength, |
| maxLength, requirePasswordToDecrypt, confirmCredentials, userId); |
| } |
| |
| protected Intent getLockPasswordIntent(Context context, int quality, |
| int minLength, final int maxLength, |
| boolean requirePasswordToDecrypt, long challenge, int userId) { |
| return ChooseLockPassword.createIntent(context, quality, minLength, |
| maxLength, requirePasswordToDecrypt, challenge, userId); |
| } |
| |
| protected Intent getLockPasswordIntent(Context context, int quality, int minLength, |
| int maxLength, boolean requirePasswordToDecrypt, String password, int userId) { |
| return ChooseLockPassword.createIntent(context, quality, minLength, maxLength, |
| requirePasswordToDecrypt, password, userId); |
| } |
| |
| protected Intent getLockPatternIntent(Context context, final boolean requirePassword, |
| final boolean confirmCredentials, int userId) { |
| return ChooseLockPattern.createIntent(context, requirePassword, |
| confirmCredentials, userId); |
| } |
| |
| protected Intent getLockPatternIntent(Context context, final boolean requirePassword, |
| long challenge, int userId) { |
| return ChooseLockPattern.createIntent(context, requirePassword, challenge, userId); |
| } |
| |
| protected Intent getLockPatternIntent(Context context, final boolean requirePassword, |
| final String pattern, int userId) { |
| return ChooseLockPattern.createIntent(context, requirePassword, pattern, userId); |
| } |
| |
| protected Intent getEncryptionInterstitialIntent(Context context, int quality, |
| boolean required, Intent unlockMethodIntent) { |
| return EncryptionInterstitial.createStartIntent(context, quality, required, |
| unlockMethodIntent); |
| } |
| |
| /** |
| * Invokes an activity to change the user's pattern, password or PIN based on given quality |
| * and minimum quality specified by DevicePolicyManager. If quality is |
| * {@link DevicePolicyManager#PASSWORD_QUALITY_UNSPECIFIED}, password is cleared. |
| * |
| * @param quality the desired quality. Ignored if DevicePolicyManager requires more security |
| * @param disabled whether or not to show LockScreen at all. Only meaningful when quality is |
| * {@link DevicePolicyManager#PASSWORD_QUALITY_UNSPECIFIED} |
| */ |
| void updateUnlockMethodAndFinish(int quality, boolean disabled) { |
| // Sanity check. We should never get here without confirming user's existing password. |
| if (!mPasswordConfirmed) { |
| throw new IllegalStateException("Tried to update password without confirming it"); |
| } |
| |
| quality = upgradeQuality(quality); |
| Intent intent = getIntentForUnlockMethod(quality, disabled); |
| if (intent != null) { |
| startActivityForResult(intent, |
| mIsSetNewPassword && mHasChallenge |
| ? CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST |
| : CHOOSE_LOCK_REQUEST); |
| return; |
| } |
| |
| if (quality == DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { |
| mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true, mUserPassword); |
| mChooseLockSettingsHelper.utils().clearLock(mUserId); |
| mChooseLockSettingsHelper.utils().setLockScreenDisabled(disabled, mUserId); |
| getActivity().setResult(Activity.RESULT_OK); |
| removeAllFingerprintForUserAndFinish(mUserId); |
| } else { |
| removeAllFingerprintForUserAndFinish(mUserId); |
| } |
| } |
| |
| private Intent getIntentForUnlockMethod(int quality, boolean disabled) { |
| Intent intent = null; |
| final Context context = getActivity(); |
| if (quality >= DevicePolicyManager.PASSWORD_QUALITY_MANAGED) { |
| intent = getLockManagedPasswordIntent(mRequirePassword, mUserPassword); |
| } else if (quality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC) { |
| int minLength = mDPM.getPasswordMinimumLength(null, mUserId); |
| if (minLength < MIN_PASSWORD_LENGTH) { |
| minLength = MIN_PASSWORD_LENGTH; |
| } |
| final int maxLength = mDPM.getPasswordMaximumLength(quality); |
| if (mHasChallenge) { |
| intent = getLockPasswordIntent(context, quality, minLength, |
| maxLength, mRequirePassword, mChallenge, mUserId); |
| } else { |
| intent = getLockPasswordIntent(context, quality, minLength, |
| maxLength, mRequirePassword, mUserPassword, mUserId); |
| } |
| } else if (quality == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) { |
| if (mHasChallenge) { |
| intent = getLockPatternIntent(context, mRequirePassword, |
| mChallenge, mUserId); |
| } else { |
| intent = getLockPatternIntent(context, mRequirePassword, |
| mUserPassword, mUserId); |
| } |
| } |
| if (intent != null) { |
| intent.putExtra(EXTRA_HIDE_DRAWER, mHideDrawer); |
| } |
| return intent; |
| } |
| |
| private void removeAllFingerprintForUserAndFinish(final int userId) { |
| if (mFingerprintManager != null && mFingerprintManager.isHardwareDetected()) { |
| if (mFingerprintManager.hasEnrolledFingerprints(userId)) { |
| mFingerprintManager.setActiveUser(userId); |
| // For the purposes of M and N, groupId is the same as userId. |
| final int groupId = userId; |
| Fingerprint finger = new Fingerprint(null, groupId, 0, 0); |
| mFingerprintManager.remove(finger, userId, |
| new RemovalCallback() { |
| @Override |
| public void onRemovalError(Fingerprint fp, int errMsgId, |
| CharSequence errString) { |
| Log.v(TAG, "Fingerprint removed: " + fp.getFingerId()); |
| if (fp.getFingerId() == 0) { |
| removeManagedProfileFingerprintsAndFinishIfNecessary(userId); |
| } |
| } |
| |
| @Override |
| public void onRemovalSucceeded(Fingerprint fingerprint) { |
| if (fingerprint.getFingerId() == 0) { |
| removeManagedProfileFingerprintsAndFinishIfNecessary(userId); |
| } |
| } |
| }); |
| } else { |
| // No fingerprints in this user, we may also want to delete managed profile |
| // fingerprints |
| removeManagedProfileFingerprintsAndFinishIfNecessary(userId); |
| } |
| } else { |
| // The removal callback will call finish, once all fingerprints are removed. |
| // We need to wait for that to occur, otherwise, the UI will still show that |
| // fingerprints exist even though they are (about to) be removed depending on |
| // the race condition. |
| finish(); |
| } |
| } |
| |
| private void removeManagedProfileFingerprintsAndFinishIfNecessary(final int parentUserId) { |
| mFingerprintManager.setActiveUser(UserHandle.myUserId()); |
| final UserManager um = UserManager.get(getActivity()); |
| boolean hasChildProfile = false; |
| if (!um.getUserInfo(parentUserId).isManagedProfile()) { |
| // Current user is primary profile, remove work profile fingerprints if necessary |
| final List<UserInfo> profiles = um.getProfiles(parentUserId); |
| final int profilesSize = profiles.size(); |
| for (int i = 0; i < profilesSize; i++) { |
| final UserInfo userInfo = profiles.get(i); |
| if (userInfo.isManagedProfile() && !mLockPatternUtils |
| .isSeparateProfileChallengeEnabled(userInfo.id)) { |
| removeAllFingerprintForUserAndFinish(userInfo.id); |
| hasChildProfile = true; |
| break; |
| } |
| } |
| } |
| if (!hasChildProfile) { |
| finish(); |
| } |
| } |
| |
| @Override |
| public void onDestroy() { |
| super.onDestroy(); |
| } |
| |
| @Override |
| protected int getHelpResource() { |
| return R.string.help_url_choose_lockscreen; |
| } |
| |
| private int getResIdForFactoryResetProtectionWarningTitle() { |
| boolean isProfile = Utils.isManagedProfile(UserManager.get(getActivity()), mUserId); |
| return isProfile ? R.string.unlock_disable_frp_warning_title_profile |
| : R.string.unlock_disable_frp_warning_title; |
| } |
| |
| private int getResIdForFactoryResetProtectionWarningMessage() { |
| boolean hasFingerprints = mFingerprintManager.hasEnrolledFingerprints(mUserId); |
| boolean isProfile = Utils.isManagedProfile(UserManager.get(getActivity()), mUserId); |
| switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId)) { |
| case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: |
| if (hasFingerprints && isProfile) { |
| return R.string |
| .unlock_disable_frp_warning_content_pattern_fingerprint_profile; |
| } else if (hasFingerprints && !isProfile) { |
| return R.string.unlock_disable_frp_warning_content_pattern_fingerprint; |
| } else if (isProfile) { |
| return R.string.unlock_disable_frp_warning_content_pattern_profile; |
| } else { |
| return R.string.unlock_disable_frp_warning_content_pattern; |
| } |
| case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: |
| case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: |
| if (hasFingerprints && isProfile) { |
| return R.string.unlock_disable_frp_warning_content_pin_fingerprint_profile; |
| } else if (hasFingerprints && !isProfile) { |
| return R.string.unlock_disable_frp_warning_content_pin_fingerprint; |
| } else if (isProfile) { |
| return R.string.unlock_disable_frp_warning_content_pin_profile; |
| } else { |
| return R.string.unlock_disable_frp_warning_content_pin; |
| } |
| case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: |
| case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: |
| case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: |
| case DevicePolicyManager.PASSWORD_QUALITY_MANAGED: |
| if (hasFingerprints && isProfile) { |
| return R.string |
| .unlock_disable_frp_warning_content_password_fingerprint_profile; |
| } else if (hasFingerprints && !isProfile) { |
| return R.string.unlock_disable_frp_warning_content_password_fingerprint; |
| } else if (isProfile) { |
| return R.string.unlock_disable_frp_warning_content_password_profile; |
| } else { |
| return R.string.unlock_disable_frp_warning_content_password; |
| } |
| default: |
| if (hasFingerprints && isProfile) { |
| return R.string |
| .unlock_disable_frp_warning_content_unknown_fingerprint_profile; |
| } else if (hasFingerprints && !isProfile) { |
| return R.string.unlock_disable_frp_warning_content_unknown_fingerprint; |
| } else if (isProfile) { |
| return R.string.unlock_disable_frp_warning_content_unknown_profile; |
| } else { |
| return R.string.unlock_disable_frp_warning_content_unknown; |
| } |
| } |
| } |
| |
| private boolean isUnlockMethodSecure(String unlockMethod) { |
| return !(KEY_UNLOCK_SET_OFF.equals(unlockMethod) || |
| KEY_UNLOCK_SET_NONE.equals(unlockMethod)); |
| } |
| |
| private boolean setUnlockMethod(String unlockMethod) { |
| EventLog.writeEvent(EventLogTags.LOCK_SCREEN_TYPE, unlockMethod); |
| |
| if (KEY_UNLOCK_SET_OFF.equals(unlockMethod)) { |
| updateUnlockMethodAndFinish( |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, true /* disabled */ ); |
| } else if (KEY_UNLOCK_SET_NONE.equals(unlockMethod)) { |
| updateUnlockMethodAndFinish( |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, false /* disabled */ ); |
| } else if (KEY_UNLOCK_SET_MANAGED.equals(unlockMethod)) { |
| maybeEnableEncryption(DevicePolicyManager.PASSWORD_QUALITY_MANAGED, false); |
| } else if (KEY_UNLOCK_SET_PATTERN.equals(unlockMethod)) { |
| maybeEnableEncryption( |
| DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, false); |
| } else if (KEY_UNLOCK_SET_PIN.equals(unlockMethod)) { |
| maybeEnableEncryption( |
| DevicePolicyManager.PASSWORD_QUALITY_NUMERIC, false); |
| } else if (KEY_UNLOCK_SET_PASSWORD.equals(unlockMethod)) { |
| maybeEnableEncryption( |
| DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC, false); |
| } else { |
| Log.e(TAG, "Encountered unknown unlock method to set: " + unlockMethod); |
| return false; |
| } |
| return true; |
| } |
| |
| private void showFactoryResetProtectionWarningDialog(String unlockMethodToSet) { |
| int title = getResIdForFactoryResetProtectionWarningTitle(); |
| int message = getResIdForFactoryResetProtectionWarningMessage(); |
| FactoryResetProtectionWarningDialog dialog = |
| FactoryResetProtectionWarningDialog.newInstance( |
| title, message, unlockMethodToSet); |
| dialog.show(getChildFragmentManager(), TAG_FRP_WARNING_DIALOG); |
| } |
| |
| public static class FactoryResetProtectionWarningDialog extends DialogFragment { |
| |
| private static final String ARG_TITLE_RES = "titleRes"; |
| private static final String ARG_MESSAGE_RES = "messageRes"; |
| private static final String ARG_UNLOCK_METHOD_TO_SET = "unlockMethodToSet"; |
| |
| public static FactoryResetProtectionWarningDialog newInstance( |
| int titleRes, int messageRes, String unlockMethodToSet) { |
| FactoryResetProtectionWarningDialog frag = |
| new FactoryResetProtectionWarningDialog(); |
| Bundle args = new Bundle(); |
| args.putInt(ARG_TITLE_RES, titleRes); |
| args.putInt(ARG_MESSAGE_RES, messageRes); |
| args.putString(ARG_UNLOCK_METHOD_TO_SET, unlockMethodToSet); |
| frag.setArguments(args); |
| return frag; |
| } |
| |
| @Override |
| public void show(FragmentManager manager, String tag) { |
| if (manager.findFragmentByTag(tag) == null) { |
| // Prevent opening multiple dialogs if tapped on button quickly |
| super.show(manager, tag); |
| } |
| } |
| |
| @Override |
| public Dialog onCreateDialog(Bundle savedInstanceState) { |
| final Bundle args = getArguments(); |
| |
| return new AlertDialog.Builder(getActivity()) |
| .setTitle(args.getInt(ARG_TITLE_RES)) |
| .setMessage(args.getInt(ARG_MESSAGE_RES)) |
| .setPositiveButton(R.string.unlock_disable_frp_warning_ok, |
| new DialogInterface.OnClickListener() { |
| @Override |
| public void onClick(DialogInterface dialog, int whichButton) { |
| ((ChooseLockGenericFragment) getParentFragment()) |
| .setUnlockMethod( |
| args.getString(ARG_UNLOCK_METHOD_TO_SET)); |
| } |
| } |
| ) |
| .setNegativeButton(R.string.cancel, |
| new DialogInterface.OnClickListener() { |
| @Override |
| public void onClick(DialogInterface dialog, int whichButton) { |
| dismiss(); |
| } |
| } |
| ) |
| .create(); |
| } |
| } |
| } |
| } |
