Loading core/java/com/android/internal/widget/LockPatternUtils.java +14 −7 Original line number Diff line number Diff line Loading @@ -1418,25 +1418,32 @@ public class LockPatternUtils { */ public static final int SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL = 0x10; public static final int DEFAULT = STRONG_AUTH_REQUIRED_AFTER_BOOT; private static final int ALLOWING_FINGERPRINT = STRONG_AUTH_NOT_REQUIRED | SOME_AUTH_REQUIRED_AFTER_USER_REQUEST | SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL; private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray(); private final H mHandler; private final int mDefaultStrongAuthFlags; public StrongAuthTracker() { this(Looper.myLooper()); public StrongAuthTracker(Context context) { this(context, Looper.myLooper()); } /** * @param looper the looper on whose thread calls to {@link #onStrongAuthRequiredChanged} * will be scheduled. * @param context the current {@link Context} */ public StrongAuthTracker(Looper looper) { public StrongAuthTracker(Context context, Looper looper) { mHandler = new H(looper); mDefaultStrongAuthFlags = getDefaultFlags(context); } public static @StrongAuthFlags int getDefaultFlags(Context context) { boolean strongAuthRequired = context.getResources().getBoolean( com.android.internal.R.bool.config_strongAuthRequiredOnBoot); return strongAuthRequired ? STRONG_AUTH_REQUIRED_AFTER_BOOT : STRONG_AUTH_NOT_REQUIRED; } /** Loading @@ -1447,7 +1454,7 @@ public class LockPatternUtils { * @param userId the user for whom the state is queried. */ public @StrongAuthFlags int getStrongAuthForUser(int userId) { return mStrongAuthRequiredForUser.get(userId, DEFAULT); return mStrongAuthRequiredForUser.get(userId, mDefaultStrongAuthFlags); } /** Loading Loading @@ -1477,7 +1484,7 @@ public class LockPatternUtils { int oldValue = getStrongAuthForUser(userId); if (strongAuthFlags != oldValue) { if (strongAuthFlags == DEFAULT) { if (strongAuthFlags == mDefaultStrongAuthFlags) { mStrongAuthRequiredForUser.delete(userId); } else { mStrongAuthRequiredForUser.put(userId, strongAuthFlags); Loading core/res/res/values/config.xml +7 −0 Original line number Diff line number Diff line Loading @@ -2462,4 +2462,11 @@ <!-- If true, all guest users created on the device will be ephemeral. --> <bool name="config_guestUserEphemeral">false</bool> <!-- Enforce strong auth on boot. Setting this to false represents a security risk and should not be ordinarily done. The only case in which this might be permissible is in a car head unit where there are hardware mechanisms to protect the device (physical keys) and not much in the way of user data. --> <bool name="config_strongAuthRequiredOnBoot">true</bool> </resources> core/res/res/values/symbols.xml +2 −0 Original line number Diff line number Diff line Loading @@ -2503,4 +2503,6 @@ <!-- New SMS notification while phone is locked. --> <java-symbol type="string" name="new_sms_notification_title" /> <java-symbol type="string" name="new_sms_notification_content" /> <java-symbol type="bool" name="config_strongAuthRequiredOnBoot" /> </resources> packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java +5 −1 Original line number Diff line number Diff line Loading @@ -188,7 +188,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { /** Tracks whether strong authentication hasn't been used since quite some time per user. */ private ArraySet<Integer> mStrongAuthNotTimedOut = new ArraySet<>(); private final StrongAuthTracker mStrongAuthTracker = new StrongAuthTracker(); private final StrongAuthTracker mStrongAuthTracker; private final ArrayList<WeakReference<KeyguardUpdateMonitorCallback>> mCallbacks = Lists.newArrayList(); Loading Loading @@ -871,6 +871,9 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { } public class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker { public StrongAuthTracker(Context context) { super(context); } public boolean isUnlockingWithFingerprintAllowed() { int userId = getCurrentUser(); Loading Loading @@ -981,6 +984,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { mSubscriptionManager = SubscriptionManager.from(context); mAlarmManager = context.getSystemService(AlarmManager.class); mDeviceProvisioned = isDeviceProvisionedInSettingsDb(); mStrongAuthTracker = new StrongAuthTracker(context); // Since device can't be un-provisioned, we only need to register a content observer // to update mDeviceProvisioned when we are... Loading services/core/java/com/android/server/LockSettingsService.java +2 −1 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ public class LockSettingsService extends ILockSettings.Stub { private final Context mContext; private final LockSettingsStorage mStorage; private final LockSettingsStrongAuth mStrongAuth = new LockSettingsStrongAuth(); private final LockSettingsStrongAuth mStrongAuth; private LockPatternUtils mLockPatternUtils; private boolean mFirstCallToVold; Loading @@ -93,6 +93,7 @@ public class LockSettingsService extends ILockSettings.Stub { public LockSettingsService(Context context) { mContext = context; mStrongAuth = new LockSettingsStrongAuth(context); // Open the database mLockPatternUtils = new LockPatternUtils(context); Loading Loading
core/java/com/android/internal/widget/LockPatternUtils.java +14 −7 Original line number Diff line number Diff line Loading @@ -1418,25 +1418,32 @@ public class LockPatternUtils { */ public static final int SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL = 0x10; public static final int DEFAULT = STRONG_AUTH_REQUIRED_AFTER_BOOT; private static final int ALLOWING_FINGERPRINT = STRONG_AUTH_NOT_REQUIRED | SOME_AUTH_REQUIRED_AFTER_USER_REQUEST | SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL; private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray(); private final H mHandler; private final int mDefaultStrongAuthFlags; public StrongAuthTracker() { this(Looper.myLooper()); public StrongAuthTracker(Context context) { this(context, Looper.myLooper()); } /** * @param looper the looper on whose thread calls to {@link #onStrongAuthRequiredChanged} * will be scheduled. * @param context the current {@link Context} */ public StrongAuthTracker(Looper looper) { public StrongAuthTracker(Context context, Looper looper) { mHandler = new H(looper); mDefaultStrongAuthFlags = getDefaultFlags(context); } public static @StrongAuthFlags int getDefaultFlags(Context context) { boolean strongAuthRequired = context.getResources().getBoolean( com.android.internal.R.bool.config_strongAuthRequiredOnBoot); return strongAuthRequired ? STRONG_AUTH_REQUIRED_AFTER_BOOT : STRONG_AUTH_NOT_REQUIRED; } /** Loading @@ -1447,7 +1454,7 @@ public class LockPatternUtils { * @param userId the user for whom the state is queried. */ public @StrongAuthFlags int getStrongAuthForUser(int userId) { return mStrongAuthRequiredForUser.get(userId, DEFAULT); return mStrongAuthRequiredForUser.get(userId, mDefaultStrongAuthFlags); } /** Loading Loading @@ -1477,7 +1484,7 @@ public class LockPatternUtils { int oldValue = getStrongAuthForUser(userId); if (strongAuthFlags != oldValue) { if (strongAuthFlags == DEFAULT) { if (strongAuthFlags == mDefaultStrongAuthFlags) { mStrongAuthRequiredForUser.delete(userId); } else { mStrongAuthRequiredForUser.put(userId, strongAuthFlags); Loading
core/res/res/values/config.xml +7 −0 Original line number Diff line number Diff line Loading @@ -2462,4 +2462,11 @@ <!-- If true, all guest users created on the device will be ephemeral. --> <bool name="config_guestUserEphemeral">false</bool> <!-- Enforce strong auth on boot. Setting this to false represents a security risk and should not be ordinarily done. The only case in which this might be permissible is in a car head unit where there are hardware mechanisms to protect the device (physical keys) and not much in the way of user data. --> <bool name="config_strongAuthRequiredOnBoot">true</bool> </resources>
core/res/res/values/symbols.xml +2 −0 Original line number Diff line number Diff line Loading @@ -2503,4 +2503,6 @@ <!-- New SMS notification while phone is locked. --> <java-symbol type="string" name="new_sms_notification_title" /> <java-symbol type="string" name="new_sms_notification_content" /> <java-symbol type="bool" name="config_strongAuthRequiredOnBoot" /> </resources>
packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java +5 −1 Original line number Diff line number Diff line Loading @@ -188,7 +188,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { /** Tracks whether strong authentication hasn't been used since quite some time per user. */ private ArraySet<Integer> mStrongAuthNotTimedOut = new ArraySet<>(); private final StrongAuthTracker mStrongAuthTracker = new StrongAuthTracker(); private final StrongAuthTracker mStrongAuthTracker; private final ArrayList<WeakReference<KeyguardUpdateMonitorCallback>> mCallbacks = Lists.newArrayList(); Loading Loading @@ -871,6 +871,9 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { } public class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker { public StrongAuthTracker(Context context) { super(context); } public boolean isUnlockingWithFingerprintAllowed() { int userId = getCurrentUser(); Loading Loading @@ -981,6 +984,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { mSubscriptionManager = SubscriptionManager.from(context); mAlarmManager = context.getSystemService(AlarmManager.class); mDeviceProvisioned = isDeviceProvisionedInSettingsDb(); mStrongAuthTracker = new StrongAuthTracker(context); // Since device can't be un-provisioned, we only need to register a content observer // to update mDeviceProvisioned when we are... Loading
services/core/java/com/android/server/LockSettingsService.java +2 −1 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ public class LockSettingsService extends ILockSettings.Stub { private final Context mContext; private final LockSettingsStorage mStorage; private final LockSettingsStrongAuth mStrongAuth = new LockSettingsStrongAuth(); private final LockSettingsStrongAuth mStrongAuth; private LockPatternUtils mLockPatternUtils; private boolean mFirstCallToVold; Loading @@ -93,6 +93,7 @@ public class LockSettingsService extends ILockSettings.Stub { public LockSettingsService(Context context) { mContext = context; mStrongAuth = new LockSettingsStrongAuth(context); // Open the database mLockPatternUtils = new LockPatternUtils(context); Loading
