Loading core/java/com/android/internal/widget/ILockSettings.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,8 @@ interface ILockSettings { boolean checkVoldPassword(int userId); boolean havePattern(int userId); boolean havePassword(int userId); void setSeparateProfileChallengeEnabled(int userId, boolean enabled, String managedUserPassword); boolean getSeparateProfileChallengeEnabled(int userId); void registerStrongAuthTracker(in IStrongAuthTracker tracker); void unregisterStrongAuthTracker(in IStrongAuthTracker tracker); void requireStrongAuth(int strongAuthReason, int userId); Loading core/java/com/android/internal/widget/LockPatternUtils.java +22 −5 Original line number Diff line number Diff line Loading @@ -137,8 +137,6 @@ public class LockPatternUtils { private static final String ENABLED_TRUST_AGENTS = "lockscreen.enabledtrustagents"; private static final String IS_TRUST_USUALLY_MANAGED = "lockscreen.istrustusuallymanaged"; private static final String SEPARATE_PROFILE_CHALLENGE_KEY = "lockscreen.profilechallenge"; // Maximum allowed number of repeated or ordered characters in a sequence before we'll // consider it a complex PIN/password. public static final int MAX_ALLOWED_SEQUENCE = 3; Loading Loading @@ -785,6 +783,7 @@ public class LockPatternUtils { } getLockSettings().setLockPassword(password, savedPassword, userHandle); getLockSettings().setSeparateProfileChallengeEnabled(userHandle, true, null); int computedQuality = computePasswordQuality(password); // Update the device encryption password. Loading Loading @@ -919,11 +918,23 @@ public class LockPatternUtils { /** * Enables/disables the Separate Profile Challenge for this {@param userHandle}. This is a no-op * for user handles that do not belong to a managed profile. * * @param userHandle Managed profile user id * @param enabled True if separate challenge is enabled * @param managedUserPassword Managed profile previous password. Null when {@param enabled} is * true */ public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled) { public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled, String managedUserPassword) { UserInfo info = getUserManager().getUserInfo(userHandle); if (info.isManagedProfile()) { setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userHandle); try { getLockSettings().setSeparateProfileChallengeEnabled(userHandle, enabled, managedUserPassword); onAfterChangingPassword(userHandle); } catch (RemoteException e) { Log.e(TAG, "Couldn't update work profile challenge enabled"); } } } Loading @@ -935,7 +946,13 @@ public class LockPatternUtils { if (info == null || !info.isManagedProfile()) { return false; } return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userHandle); try { return getLockSettings().getSeparateProfileChallengeEnabled(userHandle); } catch (RemoteException e) { Log.e(TAG, "Couldn't get separate profile challenge enabled"); // Default value is false return false; } } /** Loading services/core/java/com/android/server/LockSettingsService.java +332 −63 File changed.Preview size limit exceeded, changes collapsed. Show changes services/core/java/com/android/server/LockSettingsStorage.java +55 −40 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.server; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.widget.LockPatternUtils; import android.content.ContentValues; import android.content.Context; Loading @@ -30,6 +29,7 @@ import android.os.UserManager; import android.util.ArrayMap; import android.util.Log; import android.util.Slog; import android.util.SparseArray; import java.io.File; import java.io.IOException; Loading @@ -44,6 +44,7 @@ class LockSettingsStorage { private static final String TAG = "LockSettingsStorage"; private static final String TABLE = "locksettings"; private static final boolean DEBUG = false; private static final String COLUMN_KEY = "name"; private static final String COLUMN_USERID = "user"; Loading @@ -62,6 +63,7 @@ class LockSettingsStorage { private static final String LEGACY_LOCK_PATTERN_FILE = "gesture.key"; private static final String LOCK_PASSWORD_FILE = "gatekeeper.password.key"; private static final String LEGACY_LOCK_PASSWORD_FILE = "password.key"; private static final String CHILD_PROFILE_LOCK_FILE = "gatekeeper.profile.key"; private static final Object DEFAULT = new Object(); Loading @@ -70,8 +72,7 @@ class LockSettingsStorage { private final Cache mCache = new Cache(); private final Object mFileWriteLock = new Object(); private int mStoredCredentialType; private LockPatternUtils mLockPatternUtils; private SparseArray<Integer> mStoredCredentialType; class CredentialHash { static final int TYPE_NONE = -1; Loading Loading @@ -101,7 +102,7 @@ class LockSettingsStorage { public LockSettingsStorage(Context context, Callback callback) { mContext = context; mOpenHelper = new DatabaseHelper(context, callback); mLockPatternUtils = new LockPatternUtils(context); mStoredCredentialType = new SparseArray<Integer>(); } public void writeKeyValue(String key, String value, int userId) { Loading Loading @@ -182,32 +183,34 @@ class LockSettingsStorage { } public int getStoredCredentialType(int userId) { if (mStoredCredentialType != 0) { return mStoredCredentialType; final Integer cachedStoredCredentialType = mStoredCredentialType.get(userId); if (cachedStoredCredentialType != null) { return cachedStoredCredentialType.intValue(); } int storedCredentialType; CredentialHash pattern = readPatternHash(userId); if (pattern == null) { if (readPasswordHash(userId) != null) { mStoredCredentialType = CredentialHash.TYPE_PASSWORD; storedCredentialType = CredentialHash.TYPE_PASSWORD; } else { mStoredCredentialType = CredentialHash.TYPE_NONE; storedCredentialType = CredentialHash.TYPE_NONE; } } else { CredentialHash password = readPasswordHash(userId); if (password != null) { // Both will never be GateKeeper if (password.version == CredentialHash.VERSION_GATEKEEPER) { mStoredCredentialType = CredentialHash.TYPE_PASSWORD; storedCredentialType = CredentialHash.TYPE_PASSWORD; } else { mStoredCredentialType = CredentialHash.TYPE_PATTERN; storedCredentialType = CredentialHash.TYPE_PATTERN; } } else { mStoredCredentialType = CredentialHash.TYPE_PATTERN; storedCredentialType = CredentialHash.TYPE_PATTERN; } } return mStoredCredentialType; mStoredCredentialType.put(userId, storedCredentialType); return storedCredentialType; } Loading Loading @@ -244,6 +247,27 @@ class LockSettingsStorage { return null; } public void removeChildProfileLock(int userId) { if (DEBUG) Slog.e(TAG, "Remove child profile lock for user: " + userId); try { deleteFile(getChildProfileLockFile(userId)); } catch (Exception e) { e.printStackTrace(); } } public void writeChildProfileLock(int userId, byte[] lock) { writeFile(getChildProfileLockFile(userId), lock); } public byte[] readChildProfileLock(int userId) { return readFile(getChildProfileLockFile(userId)); } public boolean hasChildProfileLock(int userId) { return hasFile(getChildProfileLockFile(userId)); } public boolean hasPassword(int userId) { return hasFile(getLockPasswordFilename(userId)) || Loading Loading @@ -321,16 +345,19 @@ class LockSettingsStorage { } private void deleteFile(String name) { File f = new File(name); if (f != null) { f.delete(); if (DEBUG) Slog.e(TAG, "Delete file " + name); synchronized (mFileWriteLock) { File file = new File(name); if (file.exists()) { file.delete(); mCache.putFile(name, null); } } } public void writePatternHash(byte[] hash, int userId) { mStoredCredentialType = hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PATTERN; mStoredCredentialType.put(userId, hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PATTERN); writeFile(getLockPatternFilename(userId), hash); clearPasswordHash(userId); } Loading @@ -340,9 +367,8 @@ class LockSettingsStorage { } public void writePasswordHash(byte[] hash, int userId) { mStoredCredentialType = hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PASSWORD; mStoredCredentialType.put(userId, hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PASSWORD); writeFile(getLockPasswordFilename(userId), hash); clearPatternHash(userId); } Loading Loading @@ -375,8 +401,11 @@ class LockSettingsStorage { return getLockCredentialFilePathForUser(userId, BASE_ZERO_LOCK_PATTERN_FILE); } private String getChildProfileLockFile(int userId) { return getLockCredentialFilePathForUser(userId, CHILD_PROFILE_LOCK_FILE); } private String getLockCredentialFilePathForUser(int userId, String basename) { userId = getUserParentOrSelfId(userId); String dataSystemDirectory = android.os.Environment.getDataDirectory().getAbsolutePath() + SYSTEM_DIRECTORY; Loading @@ -388,23 +417,6 @@ class LockSettingsStorage { } } private int getUserParentOrSelfId(int userId) { // Device supports per user encryption, so lock is applied to the given user. if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { return userId; } // Device uses Block Based Encryption, and the parent user's lock is used for the whole // device. if (userId != 0) { final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE); final UserInfo pi = um.getProfileParent(userId); if (pi != null) { return pi.id; } } return userId; } public void removeUser(int userId) { SQLiteDatabase db = mOpenHelper.getWritableDatabase(); Loading @@ -427,6 +439,9 @@ class LockSettingsStorage { mCache.putFile(name, null); } } } else { // Manged profile removeChildProfileLock(userId); } try { Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +0 −3 Original line number Diff line number Diff line Loading @@ -3890,9 +3890,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // back in to the service. final long ident = mInjector.binderClearCallingIdentity(); try { if (isManagedProfile(userHandle)) { mLockPatternUtils.setSeparateProfileChallengeEnabled(userHandle, true); } if (!TextUtils.isEmpty(password)) { mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); } else { Loading Loading
core/java/com/android/internal/widget/ILockSettings.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -36,6 +36,8 @@ interface ILockSettings { boolean checkVoldPassword(int userId); boolean havePattern(int userId); boolean havePassword(int userId); void setSeparateProfileChallengeEnabled(int userId, boolean enabled, String managedUserPassword); boolean getSeparateProfileChallengeEnabled(int userId); void registerStrongAuthTracker(in IStrongAuthTracker tracker); void unregisterStrongAuthTracker(in IStrongAuthTracker tracker); void requireStrongAuth(int strongAuthReason, int userId); Loading
core/java/com/android/internal/widget/LockPatternUtils.java +22 −5 Original line number Diff line number Diff line Loading @@ -137,8 +137,6 @@ public class LockPatternUtils { private static final String ENABLED_TRUST_AGENTS = "lockscreen.enabledtrustagents"; private static final String IS_TRUST_USUALLY_MANAGED = "lockscreen.istrustusuallymanaged"; private static final String SEPARATE_PROFILE_CHALLENGE_KEY = "lockscreen.profilechallenge"; // Maximum allowed number of repeated or ordered characters in a sequence before we'll // consider it a complex PIN/password. public static final int MAX_ALLOWED_SEQUENCE = 3; Loading Loading @@ -785,6 +783,7 @@ public class LockPatternUtils { } getLockSettings().setLockPassword(password, savedPassword, userHandle); getLockSettings().setSeparateProfileChallengeEnabled(userHandle, true, null); int computedQuality = computePasswordQuality(password); // Update the device encryption password. Loading Loading @@ -919,11 +918,23 @@ public class LockPatternUtils { /** * Enables/disables the Separate Profile Challenge for this {@param userHandle}. This is a no-op * for user handles that do not belong to a managed profile. * * @param userHandle Managed profile user id * @param enabled True if separate challenge is enabled * @param managedUserPassword Managed profile previous password. Null when {@param enabled} is * true */ public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled) { public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled, String managedUserPassword) { UserInfo info = getUserManager().getUserInfo(userHandle); if (info.isManagedProfile()) { setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userHandle); try { getLockSettings().setSeparateProfileChallengeEnabled(userHandle, enabled, managedUserPassword); onAfterChangingPassword(userHandle); } catch (RemoteException e) { Log.e(TAG, "Couldn't update work profile challenge enabled"); } } } Loading @@ -935,7 +946,13 @@ public class LockPatternUtils { if (info == null || !info.isManagedProfile()) { return false; } return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userHandle); try { return getLockSettings().getSeparateProfileChallengeEnabled(userHandle); } catch (RemoteException e) { Log.e(TAG, "Couldn't get separate profile challenge enabled"); // Default value is false return false; } } /** Loading
services/core/java/com/android/server/LockSettingsService.java +332 −63 File changed.Preview size limit exceeded, changes collapsed. Show changes
services/core/java/com/android/server/LockSettingsStorage.java +55 −40 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ package com.android.server; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.widget.LockPatternUtils; import android.content.ContentValues; import android.content.Context; Loading @@ -30,6 +29,7 @@ import android.os.UserManager; import android.util.ArrayMap; import android.util.Log; import android.util.Slog; import android.util.SparseArray; import java.io.File; import java.io.IOException; Loading @@ -44,6 +44,7 @@ class LockSettingsStorage { private static final String TAG = "LockSettingsStorage"; private static final String TABLE = "locksettings"; private static final boolean DEBUG = false; private static final String COLUMN_KEY = "name"; private static final String COLUMN_USERID = "user"; Loading @@ -62,6 +63,7 @@ class LockSettingsStorage { private static final String LEGACY_LOCK_PATTERN_FILE = "gesture.key"; private static final String LOCK_PASSWORD_FILE = "gatekeeper.password.key"; private static final String LEGACY_LOCK_PASSWORD_FILE = "password.key"; private static final String CHILD_PROFILE_LOCK_FILE = "gatekeeper.profile.key"; private static final Object DEFAULT = new Object(); Loading @@ -70,8 +72,7 @@ class LockSettingsStorage { private final Cache mCache = new Cache(); private final Object mFileWriteLock = new Object(); private int mStoredCredentialType; private LockPatternUtils mLockPatternUtils; private SparseArray<Integer> mStoredCredentialType; class CredentialHash { static final int TYPE_NONE = -1; Loading Loading @@ -101,7 +102,7 @@ class LockSettingsStorage { public LockSettingsStorage(Context context, Callback callback) { mContext = context; mOpenHelper = new DatabaseHelper(context, callback); mLockPatternUtils = new LockPatternUtils(context); mStoredCredentialType = new SparseArray<Integer>(); } public void writeKeyValue(String key, String value, int userId) { Loading Loading @@ -182,32 +183,34 @@ class LockSettingsStorage { } public int getStoredCredentialType(int userId) { if (mStoredCredentialType != 0) { return mStoredCredentialType; final Integer cachedStoredCredentialType = mStoredCredentialType.get(userId); if (cachedStoredCredentialType != null) { return cachedStoredCredentialType.intValue(); } int storedCredentialType; CredentialHash pattern = readPatternHash(userId); if (pattern == null) { if (readPasswordHash(userId) != null) { mStoredCredentialType = CredentialHash.TYPE_PASSWORD; storedCredentialType = CredentialHash.TYPE_PASSWORD; } else { mStoredCredentialType = CredentialHash.TYPE_NONE; storedCredentialType = CredentialHash.TYPE_NONE; } } else { CredentialHash password = readPasswordHash(userId); if (password != null) { // Both will never be GateKeeper if (password.version == CredentialHash.VERSION_GATEKEEPER) { mStoredCredentialType = CredentialHash.TYPE_PASSWORD; storedCredentialType = CredentialHash.TYPE_PASSWORD; } else { mStoredCredentialType = CredentialHash.TYPE_PATTERN; storedCredentialType = CredentialHash.TYPE_PATTERN; } } else { mStoredCredentialType = CredentialHash.TYPE_PATTERN; storedCredentialType = CredentialHash.TYPE_PATTERN; } } return mStoredCredentialType; mStoredCredentialType.put(userId, storedCredentialType); return storedCredentialType; } Loading Loading @@ -244,6 +247,27 @@ class LockSettingsStorage { return null; } public void removeChildProfileLock(int userId) { if (DEBUG) Slog.e(TAG, "Remove child profile lock for user: " + userId); try { deleteFile(getChildProfileLockFile(userId)); } catch (Exception e) { e.printStackTrace(); } } public void writeChildProfileLock(int userId, byte[] lock) { writeFile(getChildProfileLockFile(userId), lock); } public byte[] readChildProfileLock(int userId) { return readFile(getChildProfileLockFile(userId)); } public boolean hasChildProfileLock(int userId) { return hasFile(getChildProfileLockFile(userId)); } public boolean hasPassword(int userId) { return hasFile(getLockPasswordFilename(userId)) || Loading Loading @@ -321,16 +345,19 @@ class LockSettingsStorage { } private void deleteFile(String name) { File f = new File(name); if (f != null) { f.delete(); if (DEBUG) Slog.e(TAG, "Delete file " + name); synchronized (mFileWriteLock) { File file = new File(name); if (file.exists()) { file.delete(); mCache.putFile(name, null); } } } public void writePatternHash(byte[] hash, int userId) { mStoredCredentialType = hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PATTERN; mStoredCredentialType.put(userId, hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PATTERN); writeFile(getLockPatternFilename(userId), hash); clearPasswordHash(userId); } Loading @@ -340,9 +367,8 @@ class LockSettingsStorage { } public void writePasswordHash(byte[] hash, int userId) { mStoredCredentialType = hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PASSWORD; mStoredCredentialType.put(userId, hash == null ? CredentialHash.TYPE_NONE : CredentialHash.TYPE_PASSWORD); writeFile(getLockPasswordFilename(userId), hash); clearPatternHash(userId); } Loading Loading @@ -375,8 +401,11 @@ class LockSettingsStorage { return getLockCredentialFilePathForUser(userId, BASE_ZERO_LOCK_PATTERN_FILE); } private String getChildProfileLockFile(int userId) { return getLockCredentialFilePathForUser(userId, CHILD_PROFILE_LOCK_FILE); } private String getLockCredentialFilePathForUser(int userId, String basename) { userId = getUserParentOrSelfId(userId); String dataSystemDirectory = android.os.Environment.getDataDirectory().getAbsolutePath() + SYSTEM_DIRECTORY; Loading @@ -388,23 +417,6 @@ class LockSettingsStorage { } } private int getUserParentOrSelfId(int userId) { // Device supports per user encryption, so lock is applied to the given user. if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { return userId; } // Device uses Block Based Encryption, and the parent user's lock is used for the whole // device. if (userId != 0) { final UserManager um = (UserManager) mContext.getSystemService(USER_SERVICE); final UserInfo pi = um.getProfileParent(userId); if (pi != null) { return pi.id; } } return userId; } public void removeUser(int userId) { SQLiteDatabase db = mOpenHelper.getWritableDatabase(); Loading @@ -427,6 +439,9 @@ class LockSettingsStorage { mCache.putFile(name, null); } } } else { // Manged profile removeChildProfileLock(userId); } try { Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +0 −3 Original line number Diff line number Diff line Loading @@ -3890,9 +3890,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // back in to the service. final long ident = mInjector.binderClearCallingIdentity(); try { if (isManagedProfile(userHandle)) { mLockPatternUtils.setSeparateProfileChallengeEnabled(userHandle, true); } if (!TextUtils.isEmpty(password)) { mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); } else { Loading
