Use default encryption password if an accessibility service is enabled. (16e4a1aa) · Commits · e / os / android_frameworks_base

core/java/android/view/AccessibilityManagerInternal.java

0 → 100644

+31 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2014 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package android.view;

		/**
		* Accessibility manager local system service interface.
		*
		* @hide Only for use within the system server.
		*/
		public abstract class AccessibilityManagerInternal {

		/**
		* Queries if the accessibility manager service permits setting
		* a non-default encryption password.
		*/
		public abstract boolean isNonDefaultEncryptionPasswordAllowed();
		}

core/java/com/android/internal/widget/LockPatternUtils.java

+24 −0

Original line number	Diff line number	Diff line
		@@ -877,6 +877,30 @@ public class LockPatternUtils {
		}
		}

		/**
		* Gets whether the device is encrypted.
		*
		* @return Whether the device is encrypted.
		*/
		public static boolean isDeviceEncrypted() {
		IMountService mountService = IMountService.Stub.asInterface(
		ServiceManager.getService("mount"));
		try {
		return mountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE
		&& mountService.getPasswordType() != StorageManager.CRYPT_TYPE_DEFAULT;
		} catch (RemoteException re) {
		Log.e(TAG, "Error getting encryption state", re);
		}
		return true;
		}

		/**
		* Clears the encryption password.
		*/
		public void clearEncryptionPassword() {
		updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
		}

		/**
		* Retrieves the quality mode we're in.
		* {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}

services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java

+32 −0

Original line number	Diff line number	Diff line
		@@ -67,6 +67,7 @@ import android.util.Pools.Pool;
		import android.util.Pools.SimplePool;
		import android.util.Slog;
		import android.util.SparseArray;
		import android.view.AccessibilityManagerInternal;
		import android.view.Display;
		import android.view.IWindow;
		import android.view.InputDevice;
		@@ -91,6 +92,7 @@ import android.view.accessibility.IAccessibilityManagerClient;
		import com.android.internal.R;
		import com.android.internal.content.PackageMonitor;
		import com.android.internal.statusbar.IStatusBarService;
		import com.android.internal.widget.LockPatternUtils;
		import com.android.server.LocalServices;

		import org.xmlpull.v1.XmlPullParserException;
		@@ -202,6 +204,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {

		private final UserManager mUserManager;

		private final LockPatternUtils mLockPatternUtils;

		private int mCurrentUserId = UserHandle.USER_OWNER;

		//TODO: Remove this hack
		@@ -225,9 +229,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
		mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
		mSecurityPolicy = new SecurityPolicy();
		mMainHandler = new MainHandler(mContext.getMainLooper());
		mLockPatternUtils = new LockPatternUtils(context);
		registerBroadcastReceivers();
		new AccessibilityContentObserver(mMainHandler).register(
		context.getContentResolver());
		LocalServices.addService(AccessibilityManagerInternal.class, new LocalService());
		}

		private UserState getUserStateLocked(int userId) {
		@@ -1294,6 +1300,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
		updateTouchExplorationLocked(userState);
		updateEnhancedWebAccessibilityLocked(userState);
		updateDisplayColorAdjustmentSettingsLocked(userState);
		updateEncryptionState(userState);
		scheduleUpdateInputFilter(userState);
		scheduleUpdateClientsIfNeededLocked(userState);
		}
		@@ -1570,6 +1577,21 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
		DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
		}

		private void updateEncryptionState(UserState userState) {
		if (userState.mUserId != UserHandle.USER_OWNER) {
		return;
		}
		if (hasRunningServicesLocked(userState) && LockPatternUtils.isDeviceEncrypted()) {
		// If there are running accessibility services we do not have encryption as
		// the user needs the accessibility layer to be running to authenticate.
		mLockPatternUtils.clearEncryptionPassword();
		}
		}

		private boolean hasRunningServicesLocked(UserState userState) {
		return !userState.mBoundServices.isEmpty() \|\| !userState.mBindingServices.isEmpty();
		}

		private MagnificationSpec getCompatibleMagnificationSpecLocked(int windowId) {
		IBinder windowToken = mGlobalWindowTokens.get(windowId);
		if (windowToken == null) {
		@@ -3883,4 +3905,14 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
		}
		}
		}

		private final class LocalService extends AccessibilityManagerInternal {
		@Override
		public boolean isNonDefaultEncryptionPasswordAllowed() {
		synchronized (mLock) {
		UserState userState = getCurrentUserStateLocked();
		return !hasRunningServicesLocked(userState);
		}
		}
		}
		}

services/core/java/com/android/server/MountService.java

+15 −2

Original line number	Diff line number	Diff line
		@@ -63,6 +63,7 @@ import android.util.AttributeSet;
		import android.util.Slog;
		import android.util.Xml;

		import android.view.AccessibilityManagerInternal;
		import com.android.internal.annotations.GuardedBy;
		import com.android.internal.annotations.VisibleForTesting;
		import com.android.internal.app.IMediaContainerService;
		@@ -557,6 +558,8 @@ class MountService extends IMountService.Stub

		private final Handler mHandler;

		private final AccessibilityManagerInternal mAccessibilityManagerInternal;

		void waitForAsecScan() {
		waitForLatch(mAsecsScanned);
		}
		@@ -1454,6 +1457,9 @@ class MountService extends IMountService.Stub
		hthread.start();
		mHandler = new MountServiceHandler(hthread.getLooper());

		mAccessibilityManagerInternal = LocalServices.getService(
		AccessibilityManagerInternal.class);

		// Watch for user changes
		final IntentFilter userFilter = new IntentFilter();
		userFilter.addAction(Intent.ACTION_USER_ADDED);
		@@ -2254,6 +2260,13 @@ class MountService extends IMountService.Stub

		final NativeDaemonEvent event;
		try {
		// The accessibility layer may veto having a non-default encryption
		// password because if there are enabled accessibility services the
		// user cannot authenticate as the latter need access to the data.
		if (!TextUtils.isEmpty(password)
		&& !mAccessibilityManagerInternal.isNonDefaultEncryptionPasswordAllowed()) {
		return getEncryptionState();
		}
		event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
		new SensitiveArg(toHex(password)));
		return Integer.parseInt(event.getMessage());
		@@ -2302,7 +2315,7 @@ class MountService extends IMountService.Stub
		* @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager.
		*/
		@Override
		public int getPasswordType() throws RemoteException {
		public int getPasswordType() {

		waitForReady();