Fix 5783857: Device Policy Manager doesn't allow Face Unlock

This makes it so that if face unlock is enabled and then a device policy
manager that requires something more secure than face unlock is installed,
the user will be forced to choose a new acceptable lock type.

This was previously fixed for the case where the device had been reset, or
the shell was restarted after setting face unlock, but not for the case where the
device remained on between setting face unlock and setting up a device policy
manager.

Also changed the function ordering of saveLockPattern() so that the overloaded
wrapper function is next to the main function.

Change-Id: Ibed8c4ab137ebbc07fb143faef6f047bc6dc4474

2 files changed, 48 insertions, 40 deletions

diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 89f9d4e..adb0ac9 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -427,14 +427,6 @@ public class LockPatternUtils {
     }
 
     /**
-     * Save a lock pattern.
-     * @param pattern The new pattern to save.
-     */
-    public void saveLockPattern(List<LockPatternView.Cell> pattern) {
-        this.saveLockPattern(pattern, false);
-    }
-
-    /**
      * Calls back SetupFaceLock to delete the temporary gallery file
      */
     public void deleteTempGallery() {
@@ -459,6 +451,14 @@ public class LockPatternUtils {
     /**
      * Save a lock pattern.
      * @param pattern The new pattern to save.
+     */
+    public void saveLockPattern(List<LockPatternView.Cell> pattern) {
+        this.saveLockPattern(pattern, false);
+    }
+
+    /**
+     * Save a lock pattern.
+     * @param pattern The new pattern to save.
      * @param isFallback Specifies if this is a fallback to biometric weak
      */
     public void saveLockPattern(List<LockPatternView.Cell> pattern, boolean isFallback) {
@@ -482,14 +482,16 @@ public class LockPatternUtils {
                 if (!isFallback) {
                     deleteGallery();
                     setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
+                    dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING,
+                            pattern.size(), 0, 0, 0, 0, 0, 0);
                 } else {
                     setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK);
                     setLong(PASSWORD_TYPE_ALTERNATE_KEY,
                             DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
                     finishBiometricWeak();
+                    dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK,
+                            0, 0, 0, 0, 0, 0, 0);
                 }
-                dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, pattern
-                        .size(), 0, 0, 0, 0, 0, 0);
             } else {
                 if (keyStore.isEmpty()) {
                     keyStore.reset();
@@ -600,40 +602,45 @@ public class LockPatternUtils {
                 if (!isFallback) {
                     deleteGallery();
                     setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality));
+                    if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
+                        int letters = 0;
+                        int uppercase = 0;
+                        int lowercase = 0;
+                        int numbers = 0;
+                        int symbols = 0;
+                        int nonletter = 0;
+                        for (int i = 0; i < password.length(); i++) {
+                            char c = password.charAt(i);
+                            if (c >= 'A' && c <= 'Z') {
+                                letters++;
+                                uppercase++;
+                            } else if (c >= 'a' && c <= 'z') {
+                                letters++;
+                                lowercase++;
+                            } else if (c >= '0' && c <= '9') {
+                                numbers++;
+                                nonletter++;
+                            } else {
+                                symbols++;
+                                nonletter++;
+                            }
+                        }
+                        dpm.setActivePasswordState(Math.max(quality, computedQuality),
+                                password.length(), letters, uppercase, lowercase,
+                                numbers, symbols, nonletter);
+                    } else {
+                        // The password is not anything.
+                        dpm.setActivePasswordState(
+                                DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED,
+                                0, 0, 0, 0, 0, 0, 0);
+                    }
                 } else {
+                    // Case where it's a fallback for biometric weak
                     setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK);
                     setLong(PASSWORD_TYPE_ALTERNATE_KEY, Math.max(quality, computedQuality));
                     finishBiometricWeak();
-                }
-                if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
-                    int letters = 0;
-                    int uppercase = 0;
-                    int lowercase = 0;
-                    int numbers = 0;
-                    int symbols = 0;
-                    int nonletter = 0;
-                    for (int i = 0; i < password.length(); i++) {
-                        char c = password.charAt(i);
-                        if (c >= 'A' && c <= 'Z') {
-                            letters++;
-                            uppercase++;
-                        } else if (c >= 'a' && c <= 'z') {
-                            letters++;
-                            lowercase++;
-                        } else if (c >= '0' && c <= '9') {
-                            numbers++;
-                            nonletter++;
-                        } else {
-                            symbols++;
-                            nonletter++;
-                        }
-                    }
-                    dpm.setActivePasswordState(Math.max(quality, computedQuality), password
-                            .length(), letters, uppercase, lowercase, numbers, symbols, nonletter);
-                } else {
-                    // The password is not anything.
-                    dpm.setActivePasswordState(
-                            DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0);
+                    dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK,
+                            0, 0, 0, 0, 0, 0, 0);
                 }
                 // Add the password to the password history. We assume all
                 // password
diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java
index 47644de..e8ca3ce 100644
--- a/services/java/com/android/server/DevicePolicyManagerService.java
+++ b/services/java/com/android/server/DevicePolicyManagerService.java
@@ -831,6 +831,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     static void validateQualityConstant(int quality) {
         switch (quality) {
             case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED:
+            case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK:
             case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
             case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
             case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: