Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4f28f0de authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Expand and expose Lockdown global action 

This action puts the phone into the state where it can only be unlocked
via the user's primary knowledge factor. In the future this can also
evict keys and otherwise secure the device beyond the norm in a sketchy
situation.

This is currently controlled Settings.Secure.LOCKDOWN_IN_POWER_MENU, it
can be enabled for testing via
`adb shell settings put secure lockdown_in_power_menu 1`

Bug: 37221346
Test: Manual
Change-Id: I6197fadf655e5298cab1ab95153c316b87f3b718
parent bd1a2d9a

core/java/android/provider/Settings.java

+6 −0
Original line number Diff line number Diff line
@@ -7119,6 +7119,11 @@ public final class Settings { 
         */

        public static final String QS_AUTO_ADDED_TILES = "qs_auto_tiles";



        /**

         * Whether the Lockdown button should be shown in the power menu.

         * @hide

         */

        public static final String LOCKDOWN_IN_POWER_MENU = "lockdown_in_power_menu";

        /**

         * This are the settings to be backed up.

         *
@@ -7221,6 +7226,7 @@ public final class Settings { 
            SCREENSAVER_COMPONENTS,

            SCREENSAVER_ACTIVATE_ON_DOCK,

            SCREENSAVER_ACTIVATE_ON_SLEEP,

            LOCKDOWN_IN_POWER_MENU,

        };



        /** @hide */

core/java/com/android/internal/widget/LockPatternUtils.java

+7 −1
Original line number Diff line number Diff line
@@ -1614,7 +1614,8 @@ public class LockPatternUtils { 
                        STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,

                        SOME_AUTH_REQUIRED_AFTER_USER_REQUEST,

                        STRONG_AUTH_REQUIRED_AFTER_LOCKOUT,

                        STRONG_AUTH_REQUIRED_AFTER_TIMEOUT})

                        STRONG_AUTH_REQUIRED_AFTER_TIMEOUT,

                        STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN})

        @Retention(RetentionPolicy.SOURCE)

        public @interface StrongAuthFlags {}
@@ -1650,6 +1651,11 @@ public class LockPatternUtils { 
         */

        public static final int STRONG_AUTH_REQUIRED_AFTER_TIMEOUT = 0x10;



        /**

         * Strong authentication is required because the user has triggered lockdown.

         */

        public static final int STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN = 0x20;



        /**

         * Strong auth flags that do not prevent fingerprint from being accepted as auth.

         *

core/res/res/values/config.xml

+2 −0
Original line number Diff line number Diff line
@@ -2359,12 +2359,14 @@ 
         "silent" = silent mode

         "users" = list of users

         "restart" = restart device

         "lockdown" = Lock down device until the user authenticates

         -->

    <string-array translatable="false" name="config_globalActionsList">

        <item>power</item>

        <item>restart</item>

        <item>bugreport</item>

        <item>users</item>

        <item>lockdown</item>

    </string-array>



    <!-- Number of milliseconds to hold a wake lock to ensure that drawing is fully

core/res/res/values/strings.xml

+2 −2
Original line number Diff line number Diff line
@@ -526,8 +526,8 @@ 
    <!-- label for item that launches voice assist in phone options dialog [CHAR LIMIT=15]-->

    <string name="global_action_voice_assist">Voice Assist</string>



    <!-- label for item that locks the phone and enforces that it can't be unlocked without entering a credential. [CHAR LIMIT=15] -->

    <string name="global_action_lockdown">Lock now</string>

    <!-- label for item that locks the phone and enforces that it can't be unlocked without strong authentication. [CHAR LIMIT=15] -->

    <string name="global_action_lockdown">Enter lockdown</string>



    <!-- Text to use when the number in a notification info is too large

         (greater than status_bar_notification_info_maxnum, defined in

packages/SystemUI/src/com/android/systemui/globalactions/GlobalActionsDialog.java

+9 −2
Original line number Diff line number Diff line
@@ -14,6 +14,8 @@ 


package com.android.systemui.globalactions;



import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN;



import com.android.internal.R;

import com.android.internal.colorextraction.ColorExtractor;

import com.android.internal.colorextraction.ColorExtractor.GradientColors;
@@ -310,7 +312,10 @@ class GlobalActionsDialog implements DialogInterface.OnDismissListener, DialogIn 
            } else if (GLOBAL_ACTION_KEY_SETTINGS.equals(actionKey)) {

                mItems.add(getSettingsAction());

            } else if (GLOBAL_ACTION_KEY_LOCKDOWN.equals(actionKey)) {

                if (Settings.Secure.getInt(mContext.getContentResolver(),

                            Settings.Secure.LOCKDOWN_IN_POWER_MENU, 0) != 0) {

                    mItems.add(getLockdownAction());

                }

            } else if (GLOBAL_ACTION_KEY_VOICEASSIST.equals(actionKey)) {

                mItems.add(getVoiceAssistAction());

            } else if (GLOBAL_ACTION_KEY_ASSIST.equals(actionKey)) {
@@ -575,7 +580,9 @@ class GlobalActionsDialog implements DialogInterface.OnDismissListener, DialogIn 


            @Override

            public void onPress() {

                new LockPatternUtils(mContext).requireCredentialEntry(UserHandle.USER_ALL);

                new LockPatternUtils(mContext)

                        .requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN,

                                UserHandle.USER_ALL);

                try {

                    WindowManagerGlobal.getWindowManagerService().lockNow(null);

                } catch (RemoteException e) {