Only disable trust agents after lockout (9d6fc924) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/LockPatternUtils.java

+6 −7

Original line number	Diff line number	Diff line
		@@ -288,7 +288,6 @@ public class LockPatternUtils {
		public void reportFailedPasswordAttempt(int userId) {
		getDevicePolicyManager().reportFailedPasswordAttempt(userId);
		getTrustManager().reportUnlockAttempt(false /* authenticated */, userId);
		requireStrongAuth(StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL, userId);
		}

		public void reportSuccessfulPasswordAttempt(int userId) {
		@@ -1544,7 +1543,8 @@ public class LockPatternUtils {
		value = { STRONG_AUTH_NOT_REQUIRED,
		STRONG_AUTH_REQUIRED_AFTER_BOOT,
		STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,
		SOME_AUTH_REQUIRED_AFTER_USER_REQUEST})
		SOME_AUTH_REQUIRED_AFTER_USER_REQUEST,
		STRONG_AUTH_REQUIRED_AFTER_LOCKOUT})
		@Retention(RetentionPolicy.SOURCE)
		public @interface StrongAuthFlags {}

		@@ -1575,13 +1575,12 @@ public class LockPatternUtils {
		public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8;

		/**
		* Some authentication is required because the user has entered a wrong credential.
		* Strong auth flags that do not prevent fingerprint from being accepted as auth.
		*
		* If any other flags are set, fingerprint is disabled.
		*/
		public static final int SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL = 0x10;

		private static final int ALLOWING_FINGERPRINT = STRONG_AUTH_NOT_REQUIRED
		\| SOME_AUTH_REQUIRED_AFTER_USER_REQUEST
		\| SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL;
		\| SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;

		private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray();
		private final H mHandler;

packages/Keyguard/src/com/android/keyguard/KeyguardSecurityView.java

+0 −5

Original line number	Diff line number	Diff line
		@@ -48,11 +48,6 @@ public interface KeyguardSecurityView {
		*/
		int PROMPT_REASON_AFTER_LOCKOUT = 5;

		/**
		* Some auth is required because a single wrong credential has been tried.
		*/
		int PROMPT_REASON_WRONG_CREDENTIAL = 6;

		/**
		* Interface back to keyguard to tell it when security
		* @param callback

packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

+0 −4

Original line number	Diff line number	Diff line
		@@ -86,7 +86,6 @@ import java.util.List;

		import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT;
		import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;
		import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL;
		import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;
		import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;

		@@ -614,10 +613,7 @@ public class KeyguardViewMediator extends SystemUI {
		return KeyguardSecurityView.PROMPT_REASON_USER_REQUEST;
		} else if (any && (strongAuth & STRONG_AUTH_REQUIRED_AFTER_LOCKOUT) != 0) {
		return KeyguardSecurityView.PROMPT_REASON_AFTER_LOCKOUT;
		} else if (trust && (strongAuth & SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL) != 0) {
		return KeyguardSecurityView.PROMPT_REASON_WRONG_CREDENTIAL;
		}

		return KeyguardSecurityView.PROMPT_REASON_NONE;
		}
		};

services/core/java/com/android/server/trust/TrustArchive.java

+16 −6

Original line number	Diff line number	Diff line
		@@ -37,6 +37,7 @@ public class TrustArchive {
		private static final int TYPE_AGENT_CONNECTED = 4;
		private static final int TYPE_AGENT_STOPPED = 5;
		private static final int TYPE_MANAGING_TRUST = 6;
		private static final int TYPE_POLICY_CHANGED = 7;

		private static final int HISTORY_LIMIT = 200;

		@@ -99,6 +100,10 @@ public class TrustArchive {
		addEvent(new Event(TYPE_MANAGING_TRUST, userId, agent, null, 0, 0, managing));
		}

		public void logDevicePolicyChanged() {
		addEvent(new Event(TYPE_POLICY_CHANGED, UserHandle.USER_ALL, null, null, 0, 0, false));
		}

		private void addEvent(Event e) {
		if (mEvents.size() >= HISTORY_LIMIT) {
		mEvents.removeFirst();
		@@ -112,7 +117,8 @@ public class TrustArchive {
		Iterator<Event> iter = mEvents.descendingIterator();
		while (iter.hasNext() && count < limit) {
		Event ev = iter.next();
		if (userId != UserHandle.USER_ALL && userId != ev.userId) {
		if (userId != UserHandle.USER_ALL && userId != ev.userId
		&& ev.userId != UserHandle.USER_ALL) {
		continue;
		}

		@@ -122,12 +128,14 @@ public class TrustArchive {
		if (userId == UserHandle.USER_ALL) {
		writer.print("user="); writer.print(ev.userId); writer.print(", ");
		}
		if (ev.agent != null) {
		writer.print("agent=");
		if (duplicateSimpleNames) {
		writer.print(ev.agent.flattenToShortString());
		} else {
		writer.print(getSimpleName(ev.agent));
		}
		}
		switch (ev.type) {
		case TYPE_GRANT_TRUST:
		writer.printf(", message=\"%s\", duration=%s, flags=%s",
		@@ -181,6 +189,8 @@ public class TrustArchive {
		return "AgentStopped";
		case TYPE_MANAGING_TRUST:
		return "ManagingTrust";
		case TYPE_POLICY_CHANGED:
		return "DevicePolicyChanged";
		default:
		return "Unknown(" + type + ")";
		}

services/core/java/com/android/server/trust/TrustManagerService.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -399,12 +399,17 @@ public class TrustManagerService extends SystemService {
		}

		void updateDevicePolicyFeatures() {
		boolean changed = false;
		for (int i = 0; i < mActiveAgents.size(); i++) {
		AgentInfo info = mActiveAgents.valueAt(i);
		if (info.agent.isConnected()) {
		info.agent.updateDevicePolicyFeatures();
		changed = true;
		}
		}
		if (changed) {
		mArchive.logDevicePolicyChanged();
		}
		}

		private void removeAgentsOfPackage(String packageName) {