[1/2] base: support separate encryption/lockscreen passwords (9d37d587) · Commits · e / os / android_frameworks_base

core/java/android/provider/Settings.java

+8 −0

Original line number	Diff line number	Diff line
		@@ -5117,6 +5117,14 @@ public final class Settings {
		public static final String LOCK_SCREEN_ALLOW_PRIVATE_NOTIFICATIONS =
		"lock_screen_allow_private_notifications";


		/**
		* Separate password for encryption and the lockscreen.
		* @hide
		*/
		public static final String LOCK_SEPARATE_ENCRYPTION_PASSWORD =
		"lock_separate_encryption_password";

		/**
		* When set by a user, allows notification remote input atop a securely locked screen
		* without having to unlock

core/java/com/android/internal/widget/LockPatternUtils.java

+71 −3

Original line number	Diff line number	Diff line
		@@ -592,7 +592,7 @@ public class LockPatternUtils {
		// well, we tried...
		}

		if (userHandle == UserHandle.USER_SYSTEM) {
		if (userHandle == UserHandle.USER_SYSTEM && !isSeparateEncryptionPasswordEnabled()) {
		// Set the encryption password to default.
		updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
		setCredentialRequiredToDecrypt(false);
		@@ -652,7 +652,8 @@ public class LockPatternUtils {

		// Update the device encryption password.
		if (userId == UserHandle.USER_SYSTEM
		&& LockPatternUtils.isDeviceEncryptionEnabled()) {
		&& LockPatternUtils.isDeviceEncryptionEnabled()
		&& !isSeparateEncryptionPasswordEnabled()) {
		if (!shouldEncryptWithCredentials(true)) {
		clearEncryptionPassword();
		} else {
		@@ -885,7 +886,8 @@ public class LockPatternUtils {

		// Update the device encryption password.
		if (userHandle == UserHandle.USER_SYSTEM
		&& LockPatternUtils.isDeviceEncryptionEnabled()) {
		&& LockPatternUtils.isDeviceEncryptionEnabled()
		&& !isSeparateEncryptionPasswordEnabled()) {
		if (!shouldEncryptWithCredentials(true)) {
		clearEncryptionPassword();
		} else {
		@@ -1291,6 +1293,72 @@ public class LockPatternUtils {
		}
		}

		private void updateEncryptionPasswordFromPassword(String password) {
		if (!TextUtils.isEmpty(password)) {
		int computedQuality = computePasswordQuality(password);
		boolean numeric = computedQuality
		== DevicePolicyManager.PASSWORD_QUALITY_NUMERIC;
		boolean numericComplex = computedQuality
		== DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX;
		int type = numeric \|\| numericComplex ? StorageManager.CRYPT_TYPE_PIN
		: StorageManager.CRYPT_TYPE_PASSWORD;
		updateEncryptionPassword(type, password);
		} else {
		clearEncryptionPassword();
		}
		}

		/**
		* Set the encryption password separately from the lockscreen password.
		*
		* @param password The password to save
		*/
		public void setSeparateEncryptionPassword(String password) {
		updateEncryptionPasswordFromPassword(password);
		setSeparateEncryptionPasswordEnabled(true);
		}

		/**
		* Replace the separate encryption password by tying it to the lockscreen
		* password. No change will occur if the provided lockscreen password is
		* incorrect.
		*
		* @param password The current lockscreen password
		* @return Whether the lockscreen password was correct.
		*/
		public void replaceSeparateEncryptionPassword(String password) {
		updateEncryptionPasswordFromPassword(password);
		setSeparateEncryptionPasswordEnabled(false);
		}

		/**
		* Replace the separate encryption password by tying it to the lockscreen
		* pattern. No change will occur if the provided lockscreen password is
		* incorrect.
		*
		* @param pattern The current lockscreen pattern
		* @return Whether the lockscreen pattern was correct.
		*/
		public void replaceSeparateEncryptionPasswordWithPattern(List<LockPatternView.Cell> pattern,
		byte gridSize) {
		String stringPattern = patternToString(pattern, gridSize);
		updateEncryptionPassword(StorageManager.CRYPT_TYPE_PATTERN, stringPattern);
		setSeparateEncryptionPasswordEnabled(false);
		}

		/**
		* @return Whether the encryption password is separate from the lockscreen password.
		*/
		public boolean isSeparateEncryptionPasswordEnabled() {
		return getBoolean(Settings.Secure.LOCK_SEPARATE_ENCRYPTION_PASSWORD,
		false, UserHandle.USER_SYSTEM);
		}

		private void setSeparateEncryptionPasswordEnabled(boolean enabled) {
		setBoolean(Settings.Secure.LOCK_SEPARATE_ENCRYPTION_PASSWORD,
		enabled, UserHandle.USER_SYSTEM);
		}

		/**
		* @return Whether tactile feedback for the pattern is enabled.
		*/

services/core/java/com/android/server/LockSettingsService.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -1638,6 +1638,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		Secure.LOCK_BIOMETRIC_WEAK_FLAGS,
		Secure.LOCK_PATTERN_VISIBLE,
		Secure.LOCK_PATTERN_TACTILE_FEEDBACK_ENABLED,
		Secure.LOCK_SEPARATE_ENCRYPTION_PASSWORD,
		Secure.LOCK_PATTERN_SIZE,
		Secure.LOCK_DOTS_VISIBLE,
		Secure.LOCK_SHOW_ERROR_PATH,