Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 56878a93 authored by Clara Bayarri's avatar Clara Bayarri
Browse files

Create work challenge timeout 

The work challenge should be locked whenever the device goes to sleep + admin
timeout or when the power button is pressed if the lock setting is on.

This change creates the infrastructure to lock a specific user instead of the
device and uses it in these cases. Then, the current code that brings up the
work challenge can check to only show it if the user is locked.

Change-Id: I89b4342b1458d97734d7afa66be52bf04ec3a3d4
parent fc6e25ef

core/java/android/app/KeyguardManager.java

+12 −2
Original line number Diff line number Diff line
@@ -248,8 +248,9 @@ public class KeyguardManager { 
     * @hide

     */

    public boolean isDeviceLocked(int userId) {

        ITrustManager trustManager = getTrustManager();

        try {

            return mTrustManager.isDeviceLocked(userId);

            return trustManager.isDeviceLocked(userId);

        } catch (RemoteException e) {

            return false;

        }
@@ -273,13 +274,22 @@ public class KeyguardManager { 
     * @hide

     */

    public boolean isDeviceSecure(int userId) {

        ITrustManager trustManager = getTrustManager();

        try {

            return mTrustManager.isDeviceSecure(userId);

            return trustManager.isDeviceSecure(userId);

        } catch (RemoteException e) {

            return false;

        }

    }



    private synchronized ITrustManager getTrustManager() {

        if (mTrustManager == null) {

            mTrustManager = ITrustManager.Stub.asInterface(

                    ServiceManager.getService(Context.TRUST_SERVICE));

        }

        return mTrustManager;

    }



    /**

     * @deprecated Use {@link android.view.WindowManager.LayoutParams#FLAG_DISMISS_KEYGUARD}

     * and/or {@link android.view.WindowManager.LayoutParams#FLAG_SHOW_WHEN_LOCKED}

core/java/android/app/trust/ITrustManager.aidl

+1 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ interface ITrustManager { 
    void registerTrustListener(in ITrustListener trustListener);

    void unregisterTrustListener(in ITrustListener trustListener);

    void reportKeyguardShowingChanged();

    void setDeviceLockedForUser(int userId, boolean locked);

    boolean isDeviceLocked(int userId);

    boolean isDeviceSecure(int userId);

}

core/java/android/app/trust/TrustManager.java

+15 −0
Original line number Diff line number Diff line
@@ -50,6 +50,21 @@ public class TrustManager { 
        mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();

    }



    /**

     * Changes the lock status for the given user. This is only applicable to Managed Profiles,

     * other users should be handled by Keyguard.

     *

     * @param userId The id for the user to be locked/unlocked.

     * @param locked The value for that user's locked state.

     */

    public void setDeviceLockedForUser(int userId, boolean locked) {

        try {

            mService.setDeviceLockedForUser(userId, locked);

        } catch (RemoteException e) {

            onError(e);

        }

    }



    /**

     * Reports that user {@param userId} has tried to unlock the device.

     *

packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

+54 −13
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ import android.content.IntentFilter; 
import android.content.pm.UserInfo;

import android.media.AudioManager;

import android.media.SoundPool;

import android.os.Binder;

import android.os.Bundle;

import android.os.DeadObjectException;

import android.os.Handler;
@@ -43,6 +44,7 @@ import android.os.SystemClock; 
import android.os.SystemProperties;

import android.os.UserHandle;

import android.os.UserManager;

import android.os.storage.StorageManager;

import android.provider.Settings;

import android.telephony.SubscriptionManager;

import android.telephony.TelephonyManager;
@@ -135,6 +137,8 @@ public class KeyguardViewMediator extends SystemUI { 


    private static final String DELAYED_KEYGUARD_ACTION =

        "com.android.internal.policy.impl.PhoneWindowManager.DELAYED_KEYGUARD";

    private static final String DELAYED_LOCK_PROFILE_ACTION =

            "com.android.internal.policy.impl.PhoneWindowManager.DELAYED_LOCK";



    // used for handler messages

    private static final int SHOW = 2;
@@ -322,6 +326,8 @@ public class KeyguardViewMediator extends SystemUI { 
    private boolean mWakeAndUnlocking;

    private IKeyguardDrawnCallback mDrawnCallback;



    private boolean mIsPerUserLock;



    KeyguardUpdateMonitorCallback mUpdateCallback = new KeyguardUpdateMonitorCallback() {



        @Override
@@ -565,6 +571,8 @@ public class KeyguardViewMediator extends SystemUI { 
        mShowKeyguardWakeLock.setReferenceCounted(false);



        mContext.registerReceiver(mBroadcastReceiver, new IntentFilter(DELAYED_KEYGUARD_ACTION));

        mContext.registerReceiver(

                mBroadcastReceiver, new IntentFilter(DELAYED_LOCK_PROFILE_ACTION));



        mKeyguardDisplayManager = new KeyguardDisplayManager(mContext);
@@ -637,6 +645,7 @@ public class KeyguardViewMediator extends SystemUI { 
            doKeyguardLocked(null);

            mUpdateMonitor.registerCallback(mUpdateCallback);

        }

        mIsPerUserLock = StorageManager.isFileBasedEncryptionEnabled();

        // Most services aren't available until the system reaches the ready state, so we

        // send it here when the device first boots.

        maybeSendUserPresentBroadcast();
@@ -660,7 +669,7 @@ public class KeyguardViewMediator extends SystemUI { 
            final boolean lockImmediately =

                    mLockPatternUtils.getPowerButtonInstantlyLocks(currentUser)

                            || !mLockPatternUtils.isSecure(currentUser);

            long timeout = getLockTimeout();

            long timeout = getLockTimeout(KeyguardUpdateMonitor.getCurrentUser());



            if (mExitSecureCallback != null) {

                if (DEBUG) Log.d(TAG, "pending exit secure callback cancelled");
@@ -710,10 +719,11 @@ public class KeyguardViewMediator extends SystemUI { 
                mPendingLock = false;

            }

        }

        doKeyguardLaterLockedForChildProfiles();

        KeyguardUpdateMonitor.getInstance(mContext).dispatchFinishedGoingToSleep(why);

    }



    private long getLockTimeout() {

    private long getLockTimeout(int userId) {

        // if the screen turned off because of timeout or the user hit the power button

        // and we don't need to lock immediately, set an alarm

        // to enable it a little bit later (i.e, give the user a chance
@@ -721,10 +731,6 @@ public class KeyguardViewMediator extends SystemUI { 
        // having to unlock the screen)

        final ContentResolver cr = mContext.getContentResolver();



        // From DisplaySettings

        long displayTimeout = Settings.System.getInt(cr, SCREEN_OFF_TIMEOUT,

                KEYGUARD_DISPLAY_TIMEOUT_DELAY_DEFAULT);



        // From SecuritySettings

        final long lockAfterTimeout = Settings.Secure.getInt(cr,

                Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT,
@@ -732,21 +738,28 @@ public class KeyguardViewMediator extends SystemUI { 


        // From DevicePolicyAdmin

        final long policyTimeout = mLockPatternUtils.getDevicePolicyManager()

                .getMaximumTimeToLock(null, KeyguardUpdateMonitor.getCurrentUser());

                .getMaximumTimeToLock(null, userId);



        long timeout;

        if (policyTimeout > 0) {



        UserInfo user = UserManager.get(mContext).getUserInfo(userId);

        if ((!user.isManagedProfile() && StorageManager.isFileBasedEncryptionEnabled())

                || policyTimeout <= 0) {

            timeout = lockAfterTimeout;

        } else {

            // From DisplaySettings

            long displayTimeout = Settings.System.getInt(cr, SCREEN_OFF_TIMEOUT,

                    KEYGUARD_DISPLAY_TIMEOUT_DELAY_DEFAULT);



            // policy in effect. Make sure we don't go beyond policy limit.

            displayTimeout = Math.max(displayTimeout, 0); // ignore negative values

            timeout = Math.min(policyTimeout - displayTimeout, lockAfterTimeout);

        } else {

            timeout = lockAfterTimeout;

        }

        return timeout;

    }



    private void doKeyguardLaterLocked() {

        long timeout = getLockTimeout();

        long timeout = getLockTimeout(KeyguardUpdateMonitor.getCurrentUser());

        if (timeout == 0) {

            doKeyguardLocked(null);

        } else {
@@ -764,6 +777,25 @@ public class KeyguardViewMediator extends SystemUI { 
        mAlarmManager.set(AlarmManager.ELAPSED_REALTIME_WAKEUP, when, sender);

        if (DEBUG) Log.d(TAG, "setting alarm to turn off keyguard, seq = "

                         + mDelayedShowingSequence);

        doKeyguardLaterLockedForChildProfiles();

    }

    

    private void doKeyguardLaterLockedForChildProfiles() {

        UserManager um = UserManager.get(mContext);

        List<UserInfo> profiles = um.getEnabledProfiles(UserHandle.myUserId());

        if (StorageManager.isFileBasedEncryptionEnabled() && profiles.size() > 1) {

            for (UserInfo info : profiles) {

                if (info.id != UserHandle.myUserId() && info.isManagedProfile()) {

                    long userTimeout = getLockTimeout(info.id);

                    long userWhen = SystemClock.elapsedRealtime() + userTimeout;

                    Intent lockIntent = new Intent(DELAYED_LOCK_PROFILE_ACTION);

                    lockIntent.putExtra(Intent.EXTRA_USER_ID, info.id);

                    PendingIntent lockSender = PendingIntent.getBroadcast(

                            mContext, 0, lockIntent, PendingIntent.FLAG_CANCEL_CURRENT);

                    mAlarmManager.set(AlarmManager.ELAPSED_REALTIME_WAKEUP, userWhen, lockSender);

                }

            }

        }

    }



    private void cancelDoKeyguardLaterLocked() {
@@ -1099,6 +1131,10 @@ public class KeyguardViewMediator extends SystemUI { 
        showLocked(options);

    }



    private void lockProfile(int userId) {

        mTrustManager.setDeviceLockedForUser(userId, true);

    }



    private boolean shouldWaitForProvisioning() {

        return !mUpdateMonitor.isDeviceProvisioned() && !isSecure();

    }
@@ -1213,9 +1249,14 @@ public class KeyguardViewMediator extends SystemUI { 
                if (DEBUG) Log.d(TAG, "received DELAYED_KEYGUARD_ACTION with seq = "

                        + sequence + ", mDelayedShowingSequence = " + mDelayedShowingSequence);

                synchronized (KeyguardViewMediator.this) {

                    if (mDelayedShowingSequence == sequence) {

                    doKeyguardLocked(null);

                }

            } else if (DELAYED_LOCK_PROFILE_ACTION.equals(intent.getAction())) {

                int userId = intent.getIntExtra(Intent.EXTRA_USER_ID, 0);

                if (userId != 0) {

                    synchronized (KeyguardViewMediator.this) {

                        lockProfile(userId);

                    }

                }

            }

        }

services/core/java/com/android/server/LockSettingsService.java

+9 −0
Original line number Diff line number Diff line
@@ -21,6 +21,8 @@ import android.app.AppGlobals; 
import android.app.admin.DevicePolicyManager;

import android.app.backup.BackupManager;

import android.app.trust.IStrongAuthTracker;

import android.app.trust.ITrustManager;

import android.app.trust.TrustManager;

import android.content.BroadcastReceiver;

import android.content.ContentResolver;

import android.content.Context;
@@ -38,6 +40,7 @@ import android.os.Binder; 
import android.os.IBinder;

import android.os.RemoteException;

import android.os.storage.IMountService;

import android.os.storage.StorageManager;

import android.os.ServiceManager;

import android.os.SystemProperties;

import android.os.UserHandle;
@@ -675,6 +678,12 @@ public class LockSettingsService extends ILockSettings.Stub { 
            // credential has matched

            unlockKeystore(credential, userId);

            unlockUser(userId, null);

            UserInfo info = UserManager.get(mContext).getUserInfo(userId);

            if (StorageManager.isFileBasedEncryptionEnabled() && info.isManagedProfile()) {

                TrustManager trustManager =

                        (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);

                trustManager.setDeviceLockedForUser(userId, false);

            }

            if (shouldReEnroll) {

                credentialUtil.setCredential(credential, credential, userId);

            }