Loading core/java/android/app/Profile.java +0 −13 Original line number Diff line number Diff line Loading @@ -16,7 +16,6 @@ package android.app; import android.app.admin.DevicePolicyManager; import android.content.Context; import android.media.AudioManager; import android.os.Parcel; Loading Loading @@ -454,18 +453,6 @@ public final class Profile implements Parcelable, Comparable { mDirty = true; } public int getScreenLockModeWithDPM(Context context) { // Check device policy DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE); if (dpm.requireSecureKeyguard()) { // Always enforce lock screen return LockMode.DEFAULT; } return mScreenLockMode; } public int getScreenLockMode() { return mScreenLockMode; } Loading core/java/android/app/admin/DevicePolicyManager.java +12 −9 Original line number Diff line number Diff line Loading @@ -30,7 +30,6 @@ import android.os.RemoteCallback; import android.os.RemoteException; import android.os.ServiceManager; import android.os.UserHandle; import android.security.KeyStore; import android.util.Log; import com.android.org.conscrypt.TrustedCertificateStore; Loading Loading @@ -1688,14 +1687,18 @@ public class DevicePolicyManager { * @hide */ public boolean requireSecureKeyguard() { int encryptionStatus = getStorageEncryptionStatus(); if (getPasswordQuality(null) > PASSWORD_QUALITY_UNSPECIFIED || !KeyStore.getInstance().isEmpty() || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) { // Require secure keyguard return true; return requireSecureKeyguard(UserHandle.myUserId()); } return false; /** @hide */ public boolean requireSecureKeyguard(int userHandle) { if (mService != null) { try { return mService.requireSecureKeyguard(userHandle); } catch (RemoteException re) { Log.w(TAG, "Failed to get secure keyguard requirement"); } } return true; } } core/java/android/app/admin/IDevicePolicyManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -105,4 +105,6 @@ interface IDevicePolicyManager { boolean installCaCert(in byte[] certBuffer); void uninstallCaCert(in byte[] certBuffer); boolean requireSecureKeyguard(int userHandle); } core/java/com/android/internal/widget/LockPatternUtils.java +19 −5 Original line number Diff line number Diff line Loading @@ -1249,11 +1249,25 @@ public class LockPatternUtils { || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; final boolean isProfileSecure = mProfileManager.getActiveProfile() .getScreenLockModeWithDPM(mContext) == Profile.LockMode.DEFAULT; final boolean secure = (isPattern && isLockPatternEnabled() && savedPatternExists() || isPassword && savedPasswordExists()) && isProfileSecure; return secure; final boolean hasPattern = isPattern && isLockPatternEnabled() && savedPatternExists(); final boolean hasPassword = isPassword && savedPasswordExists(); return (hasPattern || hasPassword) && getActiveProfileLockMode() == Profile.LockMode.DEFAULT; } public int getActiveProfileLockMode() { // Check device policy DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); if (dpm.requireSecureKeyguard(getCurrentOrCallingUserId())) { // Always enforce lock screen return Profile.LockMode.DEFAULT; } final Profile profile = mProfileManager.getActiveProfile(); return profile.getScreenLockMode(); } /** Loading packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java +1 −7 Original line number Diff line number Diff line Loading @@ -16,7 +16,6 @@ package com.android.keyguard; import android.app.Profile; import android.app.ProfileManager; import android.app.admin.DevicePolicyManager; import android.content.Context; import android.telephony.TelephonyManager; Loading Loading @@ -44,13 +43,9 @@ public class KeyguardSecurityModel { private Context mContext; private LockPatternUtils mLockPatternUtils; // We can use the profile manager to override security private ProfileManager mProfileManager; KeyguardSecurityModel(Context context) { mContext = context; mLockPatternUtils = new LockPatternUtils(context); mProfileManager = (ProfileManager) context.getSystemService(Context.PROFILE_SERVICE); } void setLockPatternUtils(LockPatternUtils utils) { Loading Loading @@ -82,14 +77,13 @@ public class KeyguardSecurityModel { SecurityMode getSecurityMode() { KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(mContext); final IccCardConstants.State simState = updateMonitor.getSimState(); final Profile profile = mProfileManager.getActiveProfile(); SecurityMode mode = SecurityMode.None; if (simState == IccCardConstants.State.PIN_REQUIRED) { mode = SecurityMode.SimPin; } else if (simState == IccCardConstants.State.PUK_REQUIRED && mLockPatternUtils.isPukUnlockScreenEnable()) { mode = SecurityMode.SimPuk; } else if (profile.getScreenLockModeWithDPM(mContext) != Profile.LockMode.INSECURE) { } else if (mLockPatternUtils.getActiveProfileLockMode() != Profile.LockMode.INSECURE) { final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality(); switch (security) { case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: Loading Loading
core/java/android/app/Profile.java +0 −13 Original line number Diff line number Diff line Loading @@ -16,7 +16,6 @@ package android.app; import android.app.admin.DevicePolicyManager; import android.content.Context; import android.media.AudioManager; import android.os.Parcel; Loading Loading @@ -454,18 +453,6 @@ public final class Profile implements Parcelable, Comparable { mDirty = true; } public int getScreenLockModeWithDPM(Context context) { // Check device policy DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE); if (dpm.requireSecureKeyguard()) { // Always enforce lock screen return LockMode.DEFAULT; } return mScreenLockMode; } public int getScreenLockMode() { return mScreenLockMode; } Loading
core/java/android/app/admin/DevicePolicyManager.java +12 −9 Original line number Diff line number Diff line Loading @@ -30,7 +30,6 @@ import android.os.RemoteCallback; import android.os.RemoteException; import android.os.ServiceManager; import android.os.UserHandle; import android.security.KeyStore; import android.util.Log; import com.android.org.conscrypt.TrustedCertificateStore; Loading Loading @@ -1688,14 +1687,18 @@ public class DevicePolicyManager { * @hide */ public boolean requireSecureKeyguard() { int encryptionStatus = getStorageEncryptionStatus(); if (getPasswordQuality(null) > PASSWORD_QUALITY_UNSPECIFIED || !KeyStore.getInstance().isEmpty() || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) { // Require secure keyguard return true; return requireSecureKeyguard(UserHandle.myUserId()); } return false; /** @hide */ public boolean requireSecureKeyguard(int userHandle) { if (mService != null) { try { return mService.requireSecureKeyguard(userHandle); } catch (RemoteException re) { Log.w(TAG, "Failed to get secure keyguard requirement"); } } return true; } }
core/java/android/app/admin/IDevicePolicyManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -105,4 +105,6 @@ interface IDevicePolicyManager { boolean installCaCert(in byte[] certBuffer); void uninstallCaCert(in byte[] certBuffer); boolean requireSecureKeyguard(int userHandle); }
core/java/com/android/internal/widget/LockPatternUtils.java +19 −5 Original line number Diff line number Diff line Loading @@ -1249,11 +1249,25 @@ public class LockPatternUtils { || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; final boolean isProfileSecure = mProfileManager.getActiveProfile() .getScreenLockModeWithDPM(mContext) == Profile.LockMode.DEFAULT; final boolean secure = (isPattern && isLockPatternEnabled() && savedPatternExists() || isPassword && savedPasswordExists()) && isProfileSecure; return secure; final boolean hasPattern = isPattern && isLockPatternEnabled() && savedPatternExists(); final boolean hasPassword = isPassword && savedPasswordExists(); return (hasPattern || hasPassword) && getActiveProfileLockMode() == Profile.LockMode.DEFAULT; } public int getActiveProfileLockMode() { // Check device policy DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); if (dpm.requireSecureKeyguard(getCurrentOrCallingUserId())) { // Always enforce lock screen return Profile.LockMode.DEFAULT; } final Profile profile = mProfileManager.getActiveProfile(); return profile.getScreenLockMode(); } /** Loading
packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java +1 −7 Original line number Diff line number Diff line Loading @@ -16,7 +16,6 @@ package com.android.keyguard; import android.app.Profile; import android.app.ProfileManager; import android.app.admin.DevicePolicyManager; import android.content.Context; import android.telephony.TelephonyManager; Loading Loading @@ -44,13 +43,9 @@ public class KeyguardSecurityModel { private Context mContext; private LockPatternUtils mLockPatternUtils; // We can use the profile manager to override security private ProfileManager mProfileManager; KeyguardSecurityModel(Context context) { mContext = context; mLockPatternUtils = new LockPatternUtils(context); mProfileManager = (ProfileManager) context.getSystemService(Context.PROFILE_SERVICE); } void setLockPatternUtils(LockPatternUtils utils) { Loading Loading @@ -82,14 +77,13 @@ public class KeyguardSecurityModel { SecurityMode getSecurityMode() { KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(mContext); final IccCardConstants.State simState = updateMonitor.getSimState(); final Profile profile = mProfileManager.getActiveProfile(); SecurityMode mode = SecurityMode.None; if (simState == IccCardConstants.State.PIN_REQUIRED) { mode = SecurityMode.SimPin; } else if (simState == IccCardConstants.State.PUK_REQUIRED && mLockPatternUtils.isPukUnlockScreenEnable()) { mode = SecurityMode.SimPuk; } else if (profile.getScreenLockModeWithDPM(mContext) != Profile.LockMode.INSECURE) { } else if (mLockPatternUtils.getActiveProfileLockMode() != Profile.LockMode.INSECURE) { final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality(); switch (security) { case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: Loading
