Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cc44bad2 authored by Pawit Pornkitprasan's avatar Pawit Pornkitprasan Committed by Danny Baumann
Browse files

Profile: respect DPM when overriding screen lock (1/2) 

Profile currently allows the user to override the keyguard set by
device policy, which is undesired.

Change-Id: Id8d80cfdad51ca0a64dc231a77e53b104ecb9825
parent 2b619e47

core/java/android/app/Profile.java

+13 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


package android.app;



import android.app.admin.DevicePolicyManager;

import android.content.Context;

import android.media.AudioManager;

import android.os.Parcel;
@@ -453,6 +454,18 @@ public final class Profile implements Parcelable, Comparable { 
        mDirty = true;

    }



    public int getScreenLockModeWithDPM(Context context) {

        // Check device policy

        DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);



        if (dpm.requireSecureKeyguard()) {

            // Always enforce lock screen

            return LockMode.DEFAULT;

        }



        return mScreenLockMode;

    }



    public int getScreenLockMode() {

        return mScreenLockMode;

    }

core/java/android/app/admin/DevicePolicyManager.java

+17 −0
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ import android.os.RemoteCallback; 
import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.UserHandle;

import android.security.KeyStore;

import android.util.Log;



import com.android.org.conscrypt.TrustedCertificateStore;
@@ -1681,4 +1682,20 @@ public class DevicePolicyManager { 
        }

        return null;

    }



    /*

     * CM: check if secure keyguard is required

     * @hide

     */

    public boolean requireSecureKeyguard() {

        int encryptionStatus = getStorageEncryptionStatus();

        if (getPasswordQuality(null) > PASSWORD_QUALITY_UNSPECIFIED ||

                !KeyStore.getInstance().isEmpty() ||

                encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE ||

                encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {

            // Require secure keyguard

            return true;

        }

        return false;

    }

}

core/java/com/android/internal/widget/LockPatternUtils.java

+8 −2
Original line number Diff line number Diff line
@@ -19,6 +19,8 @@ package com.android.internal.widget; 


import android.Manifest;

import android.app.ActivityManagerNative;

import android.app.Profile;

import android.app.ProfileManager;

import android.app.admin.DevicePolicyManager;

import android.appwidget.AppWidgetManager;

import android.content.ContentResolver;
@@ -158,6 +160,7 @@ public class LockPatternUtils { 
    private final ContentResolver mContentResolver;

    private DevicePolicyManager mDevicePolicyManager;

    private ILockSettings mLockSettingsService;

    private ProfileManager mProfileManager;



    private final boolean mMultiUserMode;
@@ -182,6 +185,7 @@ public class LockPatternUtils { 
    public LockPatternUtils(Context context) {

        mContext = context;

        mContentResolver = context.getContentResolver();

        mProfileManager = (ProfileManager) context.getSystemService(Context.PROFILE_SERVICE);



        // If this is being called by the system or by an application like keyguard that

        // has permision INTERACT_ACROSS_USERS, then LockPatternUtils will operate in multi-user
@@ -1245,8 +1249,10 @@ public class LockPatternUtils { 
                || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC

                || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC

                || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;

        final boolean secure = isPattern && isLockPatternEnabled() && savedPatternExists()

                || isPassword && savedPasswordExists();

        final boolean isProfileSecure = mProfileManager.getActiveProfile()

                .getScreenLockModeWithDPM(mContext) == Profile.LockMode.DEFAULT;

        final boolean secure = (isPattern && isLockPatternEnabled() && savedPatternExists()

                || isPassword && savedPasswordExists()) && isProfileSecure;

        return secure;

    }

packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java

+8 −1
Original line number Diff line number Diff line
@@ -15,6 +15,8 @@ 
 */

package com.android.keyguard;



import android.app.Profile;

import android.app.ProfileManager;

import android.app.admin.DevicePolicyManager;

import android.content.Context;

import android.telephony.TelephonyManager;
@@ -42,9 +44,13 @@ public class KeyguardSecurityModel { 
    private Context mContext;

    private LockPatternUtils mLockPatternUtils;



    // We can use the profile manager to override security

    private ProfileManager mProfileManager;



    KeyguardSecurityModel(Context context) {

        mContext = context;

        mLockPatternUtils = new LockPatternUtils(context);

        mProfileManager = (ProfileManager) context.getSystemService(Context.PROFILE_SERVICE);

    }



    void setLockPatternUtils(LockPatternUtils utils) {
@@ -76,13 +82,14 @@ public class KeyguardSecurityModel { 
    SecurityMode getSecurityMode() {

        KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(mContext);

        final IccCardConstants.State simState = updateMonitor.getSimState();

        final Profile profile = mProfileManager.getActiveProfile();

        SecurityMode mode = SecurityMode.None;

        if (simState == IccCardConstants.State.PIN_REQUIRED) {

            mode = SecurityMode.SimPin;

        } else if (simState == IccCardConstants.State.PUK_REQUIRED

                && mLockPatternUtils.isPukUnlockScreenEnable()) {

            mode = SecurityMode.SimPuk;

        } else {

        } else if (profile.getScreenLockModeWithDPM(mContext) != Profile.LockMode.INSECURE) {

            final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality();

            switch (security) {

                case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:

packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java

+15 −0
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ import android.app.Activity; 
import android.app.ActivityManagerNative;

import android.app.AlarmManager;

import android.app.PendingIntent;

import android.app.Profile;

import android.app.ProfileManager;

import android.app.SearchManager;

import android.app.StatusBarManager;

import android.content.BroadcastReceiver;
@@ -247,6 +249,8 @@ public class KeyguardViewMediator { 
    private int mUnlockSoundId;

    private int mLockSoundStreamId;



    private ProfileManager mProfileManager;



    /**

     * The volume applied to the lock/unlock sounds.

     */
@@ -492,6 +496,7 @@ public class KeyguardViewMediator { 
        mLockPatternUtils.setCurrentUser(UserHandle.USER_OWNER);



        WindowManager wm = (WindowManager)context.getSystemService(Context.WINDOW_SERVICE);

        mProfileManager = (ProfileManager) context.getSystemService(Context.PROFILE_SERVICE);



        mKeyguardViewManager = new KeyguardViewManager(context, wm, mViewMediatorCallback,

                mLockPatternUtils);
@@ -903,6 +908,16 @@ public class KeyguardViewMediator { 
            return;

        }



        // if the current profile has disabled us, don't show

        Profile profile = mProfileManager.getActiveProfile();

        if (profile != null) {

            if (!lockedOrMissing

                    && profile.getScreenLockMode() == Profile.LockMode.DISABLE) {

                if (DEBUG) Log.d(TAG, "doKeyguard: not showing because of profile override");

                return;

            }

        }



        if (DEBUG) Log.d(TAG, "doKeyguard: showing the lock screen");

        showLocked(options);

    }