diff options
| author | Amith Yamasani <yamasani@google.com> | 2013-06-12 14:19:10 -0700 |
|---|---|---|
| committer | Amith Yamasani <yamasani@google.com> | 2013-06-25 16:03:55 -0700 |
| commit | 655d0e2029e6ae77a47e922dce4c4989818b8dd1 (patch) | |
| tree | 67a9e2261c5e61f5a1b8f7f4f8cfcca5b433046c | |
| parent | bf991a8f426921c26e21e54e493781e1d5eb39ff (diff) | |
| download | frameworks_base-655d0e2029e6ae77a47e922dce4c4989818b8dd1.zip frameworks_base-655d0e2029e6ae77a47e922dce4c4989818b8dd1.tar.gz frameworks_base-655d0e2029e6ae77a47e922dce4c4989818b8dd1.tar.bz2 | |
Single-user restrictions
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
24 files changed, 902 insertions, 56 deletions
diff --git a/api/current.txt b/api/current.txt index a6f2cf5..3a3e9d0 100644 --- a/api/current.txt +++ b/api/current.txt @@ -6155,6 +6155,7 @@ package android.content { field public static final java.lang.String ACTION_PROVIDER_CHANGED = "android.intent.action.PROVIDER_CHANGED"; field public static final java.lang.String ACTION_QUICK_CLOCK = "android.intent.action.QUICK_CLOCK"; field public static final java.lang.String ACTION_REBOOT = "android.intent.action.REBOOT"; + field public static final java.lang.String ACTION_RESTRICTIONS_PIN_CHALLENGE = "android.intent.action.RESTRICTIONS_PIN_CHALLENGE"; field public static final java.lang.String ACTION_RUN = "android.intent.action.RUN"; field public static final java.lang.String ACTION_SCREEN_OFF = "android.intent.action.SCREEN_OFF"; field public static final java.lang.String ACTION_SCREEN_ON = "android.intent.action.SCREEN_ON"; @@ -17962,6 +17963,7 @@ package android.os { method public java.lang.String getUserName(); method public android.os.Bundle getUserRestrictions(); method public android.os.Bundle getUserRestrictions(android.os.UserHandle); + method public boolean hasRestrictionsPin(); method public boolean isUserAGoat(); method public boolean isUserRunning(android.os.UserHandle); method public boolean isUserRunningOrStopping(android.os.UserHandle); diff --git a/cmds/pm/src/com/android/commands/pm/Pm.java b/cmds/pm/src/com/android/commands/pm/Pm.java index 6f57ae0..d1ded10 100644 --- a/cmds/pm/src/com/android/commands/pm/Pm.java +++ b/cmds/pm/src/com/android/commands/pm/Pm.java @@ -147,6 +147,16 @@ public final class Pm { return; } + if ("block".equals(op)) { + runSetBlockedSetting(true); + return; + } + + if ("unblock".equals(op)) { + runSetBlockedSetting(false); + return; + } + if ("grant".equals(op)) { runGrantRevokePermission(true); return; @@ -1256,6 +1266,36 @@ public final class Pm { } } + private void runSetBlockedSetting(boolean state) { + int userId = 0; + String option = nextOption(); + if (option != null && option.equals("--user")) { + String optionData = nextOptionData(); + if (optionData == null || !isNumber(optionData)) { + System.err.println("Error: no USER_ID specified"); + showUsage(); + return; + } else { + userId = Integer.parseInt(optionData); + } + } + + String pkg = nextArg(); + if (pkg == null) { + System.err.println("Error: no package or component specified"); + showUsage(); + return; + } + try { + mPm.setApplicationBlockedSettingAsUser(pkg, state, userId); + System.err.println("Package " + pkg + " new blocked state: " + + mPm.getApplicationBlockedSettingAsUser(pkg, userId)); + } catch (RemoteException e) { + System.err.println(e.toString()); + System.err.println(PM_NOT_RUNNING_ERR); + } + } + private void runGrantRevokePermission(boolean grant) { String pkg = nextArg(); if (pkg == null) { @@ -1482,6 +1522,8 @@ public final class Pm { System.err.println(" pm disable [--user USER_ID] PACKAGE_OR_COMPONENT"); System.err.println(" pm disable-user [--user USER_ID] PACKAGE_OR_COMPONENT"); System.err.println(" pm disable-until-used [--user USER_ID] PACKAGE_OR_COMPONENT"); + System.err.println(" pm block [--user USER_ID] PACKAGE_OR_COMPONENT"); + System.err.println(" pm unblock [--user USER_ID] PACKAGE_OR_COMPONENT"); System.err.println(" pm grant PACKAGE PERMISSION"); System.err.println(" pm revoke PACKAGE PERMISSION"); System.err.println(" pm set-install-location [0/auto] [1/internal] [2/external]"); diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index 271494f..432e9b1 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -1296,6 +1296,28 @@ final class ApplicationPackageManager extends PackageManager { return PackageManager.COMPONENT_ENABLED_STATE_DEFAULT; } + @Override + public boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked, + UserHandle user) { + try { + return mPM.setApplicationBlockedSettingAsUser(packageName, blocked, + user.getIdentifier()); + } catch (RemoteException re) { + // Should never happen! + } + return false; + } + + @Override + public boolean getApplicationBlockedSettingAsUser(String packageName, UserHandle user) { + try { + return mPM.getApplicationBlockedSettingAsUser(packageName, user.getIdentifier()); + } catch (RemoteException re) { + // Should never happen! + } + return false; + } + /** * @hide */ diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java index 897e6fe..bda7112 100644 --- a/core/java/android/content/Intent.java +++ b/core/java/android/content/Intent.java @@ -2440,6 +2440,18 @@ public class Intent implements Parcelable, Cloneable { "android.intent.action.GET_RESTRICTION_ENTRIES"; /** + * Activity to challenge the user for a PIN that was configured when setting up + * restrictions. Launch the activity using + * {@link android.app.Activity#startActivityForResult(Intent, int)} and check if the + * result is {@link android.app.Activity#RESULT_OK} for a successful response to the + * challenge.<p/> + * Before launching this activity, make sure that there is a PIN in effect, by calling + * {@link android.os.UserManager#hasRestrictionsPin()}. + */ + public static final String ACTION_RESTRICTIONS_PIN_CHALLENGE = + "android.intent.action.RESTRICTIONS_PIN_CHALLENGE"; + + /** * Sent the first time a user is starting, to allow system apps to * perform one time initialization. (This will not be seen by third * party applications because a newly initialized user does not have any diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java index 870610b..9c46d96 100644 --- a/core/java/android/content/pm/ApplicationInfo.java +++ b/core/java/android/content/pm/ApplicationInfo.java @@ -346,6 +346,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { public static final int FLAG_CANT_SAVE_STATE = 1<<28; /** + * Value for {@link #flags}: true if the application is blocked via restrictions and for + * most purposes is considered as not installed. + * {@hide} + */ + public static final int FLAG_BLOCKED = 1<<27; + + /** * Flags associated with the application. Any combination of * {@link #FLAG_SYSTEM}, {@link #FLAG_DEBUGGABLE}, {@link #FLAG_HAS_CODE}, * {@link #FLAG_PERSISTENT}, {@link #FLAG_FACTORY_TEST}, and @@ -359,7 +366,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { * {@link #FLAG_INSTALLED}. */ public int flags = 0; - + /** * The required smallest screen width the application can run on. If 0, * nothing has been specified. Comes from diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl index a0e1555..eaff7b2 100644 --- a/core/java/android/content/pm/IPackageManager.aidl +++ b/core/java/android/content/pm/IPackageManager.aidl @@ -399,4 +399,7 @@ interface IPackageManager { /** Reflects current DeviceStorageMonitorService state */ boolean isStorageLow(); + + boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked, int userId); + boolean getApplicationBlockedSettingAsUser(String packageName, int userId); } diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java index 4266d85..8a8751e 100644 --- a/core/java/android/content/pm/PackageManager.java +++ b/core/java/android/content/pm/PackageManager.java @@ -3083,6 +3083,23 @@ public abstract class PackageManager { public abstract int getApplicationEnabledSetting(String packageName); /** + * Puts the package in a blocked state, which is almost like an uninstalled state, + * making the package unavailable, but it doesn't remove the data or the actual + * package file. + * @hide + */ + public abstract boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked, + UserHandle userHandle); + + /** + * Returns the blocked state of a package. + * @see #setApplicationBlockedSettingAsUser(String, boolean, UserHandle) + * @hide + */ + public abstract boolean getApplicationBlockedSettingAsUser(String packageName, + UserHandle userHandle); + + /** * Return whether the device has been booted into safe mode. */ public abstract boolean isSafeMode(); diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java index 883516e..8f0c62d 100644 --- a/core/java/android/content/pm/PackageParser.java +++ b/core/java/android/content/pm/PackageParser.java @@ -159,7 +159,8 @@ public class PackageParser { private static WeakReference<byte[]> mReadBuffer; private static boolean sCompatibilityModeEnabled = true; - private static final int PARSE_DEFAULT_INSTALL_LOCATION = PackageInfo.INSTALL_LOCATION_UNSPECIFIED; + private static final int PARSE_DEFAULT_INSTALL_LOCATION = + PackageInfo.INSTALL_LOCATION_UNSPECIFIED; static class ParsePackageItemArgs { final Package owner; @@ -274,15 +275,20 @@ public class PackageParser { grantedPermissions, state, UserHandle.getCallingUserId()); } - private static boolean checkUseInstalled(int flags, PackageUserState state) { - return state.installed || ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0); + /** + * Returns true if the package is installed and not blocked, or if the caller + * explicitly wanted all uninstalled and blocked packages as well. + */ + private static boolean checkUseInstalledOrBlocked(int flags, PackageUserState state) { + return (state.installed && !state.blocked) + || (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0; } public static PackageInfo generatePackageInfo(PackageParser.Package p, int gids[], int flags, long firstInstallTime, long lastUpdateTime, HashSet<String> grantedPermissions, PackageUserState state, int userId) { - if (!checkUseInstalled(flags, state)) { + if (!checkUseInstalledOrBlocked(flags, state)) { return null; } PackageInfo pi = new PackageInfo(); @@ -3724,7 +3730,7 @@ public class PackageParser { return true; } } - if (!state.installed) { + if (!state.installed || state.blocked) { return true; } if (state.stopped) { @@ -3757,6 +3763,11 @@ public class PackageParser { } else { ai.flags &= ~ApplicationInfo.FLAG_INSTALLED; } + if (state.blocked) { + ai.flags |= ApplicationInfo.FLAG_BLOCKED; + } else { + ai.flags &= ~ApplicationInfo.FLAG_BLOCKED; + } if (state.enabled == PackageManager.COMPONENT_ENABLED_STATE_ENABLED) { ai.enabled = true; } else if (state.enabled == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) { @@ -3771,7 +3782,7 @@ public class PackageParser { public static ApplicationInfo generateApplicationInfo(Package p, int flags, PackageUserState state, int userId) { if (p == null) return null; - if (!checkUseInstalled(flags, state)) { + if (!checkUseInstalledOrBlocked(flags, state)) { return null; } if (!copyNeeded(flags, p, state, null, userId) @@ -3855,7 +3866,7 @@ public class PackageParser { public static final ActivityInfo generateActivityInfo(Activity a, int flags, PackageUserState state, int userId) { if (a == null) return null; - if (!checkUseInstalled(flags, state)) { + if (!checkUseInstalledOrBlocked(flags, state)) { return null; } if (!copyNeeded(flags, a.owner, state, a.metaData, userId)) { @@ -3892,7 +3903,7 @@ public class PackageParser { public static final ServiceInfo generateServiceInfo(Service s, int flags, PackageUserState state, int userId) { if (s == null) return null; - if (!checkUseInstalled(flags, state)) { + if (!checkUseInstalledOrBlocked(flags, state)) { return null; } if (!copyNeeded(flags, s.owner, state, s.metaData, userId)) { @@ -3937,7 +3948,7 @@ public class PackageParser { public static final ProviderInfo generateProviderInfo(Provider p, int flags, PackageUserState state, int userId) { if (p == null) return null; - if (!checkUseInstalled(flags, state)) { + if (!checkUseInstalledOrBlocked(flags, state)) { return null; } if (!copyNeeded(flags, p.owner, state, p.metaData, userId) diff --git a/core/java/android/content/pm/PackageUserState.java b/core/java/android/content/pm/PackageUserState.java index dcd54fc..94e3f79 100644 --- a/core/java/android/content/pm/PackageUserState.java +++ b/core/java/android/content/pm/PackageUserState.java @@ -28,6 +28,7 @@ public class PackageUserState { public boolean stopped; public boolean notLaunched; public boolean installed; + public boolean blocked; // Is the app restricted by owner / admin public int enabled; public String lastDisableAppCaller; @@ -37,6 +38,7 @@ public class PackageUserState { public PackageUserState() { installed = true; + blocked = false; enabled = COMPONENT_ENABLED_STATE_DEFAULT; } @@ -45,6 +47,7 @@ public class PackageUserState { stopped = o.stopped; notLaunched = o.notLaunched; enabled = o.enabled; + blocked = o.blocked; lastDisableAppCaller = o.lastDisableAppCaller; disabledComponents = o.disabledComponents != null ? new HashSet<String>(o.disabledComponents) : null; diff --git a/core/java/android/os/IUserManager.aidl b/core/java/android/os/IUserManager.aidl index a11358a..7589a5a 100644 --- a/core/java/android/os/IUserManager.aidl +++ b/core/java/android/os/IUserManager.aidl @@ -46,4 +46,7 @@ interface IUserManager { int userHandle); Bundle getApplicationRestrictions(in String packageName); Bundle getApplicationRestrictionsForUser(in String packageName, int userHandle); + boolean changeRestrictionsPin(in String newPin); + int checkRestrictionsPin(in String pin); + boolean hasRestrictionsPin(); } diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java index cb5ed4f..c33a28a 100644 --- a/core/java/android/os/UserManager.java +++ b/core/java/android/os/UserManager.java @@ -140,6 +140,13 @@ public class UserManager { */ public static final String DISALLOW_REMOVE_USER = "no_remove_user"; + /** @hide */ + public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; + /** @hide */ + public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; + /** @hide */ + public static final int PIN_VERIFICATION_SUCCESS = -1; + private static UserManager sInstance = null; /** @hide */ @@ -620,4 +627,55 @@ public class UserManager { Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier()); } } + + /** + * @hide + * Sets a new restrictions PIN. This should only be called after verifying that there + * currently isn't a PIN set, or after the user successfully enters the current PIN. + * @param newPin + * @return Returns true if the PIN was changed successfully. + */ + public boolean changeRestrictionsPin(String newPin) { + try { + return mService.changeRestrictionsPin(newPin); + } catch (RemoteException re) { + Log.w(TAG, "Could not change restrictions pin"); + } + return false; + } + + /** + * @hide + * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before + * allowing the user to enter the PIN. + * @return Returns a positive number (including zero) for how many milliseconds before + * you can accept another PIN, when the input is null or the input doesn't match the saved PIN. + * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns + * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set. + */ + public int checkRestrictionsPin(String pin) { + try { + return mService.checkRestrictionsPin(pin); + } catch (RemoteException re) { + Log.w(TAG, "Could not check restrictions pin"); + } + return PIN_VERIFICATION_FAILED_INCORRECT; + } + + /** + * Checks whether the user has restrictions that are PIN-protected. An application that + * participates in restrictions can check if the owner has requested a PIN challenge for + * any restricted operations. If there is a PIN in effect, the application should launch + * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE}. + * @see android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE + * @return whether a restrictions PIN is in effect. + */ + public boolean hasRestrictionsPin() { + try { + return mService.hasRestrictionsPin(); + } catch (RemoteException re) { + Log.w(TAG, "Could not change restrictions pin"); + } + return false; + } } diff --git a/core/java/com/android/internal/app/AlertActivity.java b/core/java/com/android/internal/app/AlertActivity.java index 7251256..7456def 100644 --- a/core/java/com/android/internal/app/AlertActivity.java +++ b/core/java/com/android/internal/app/AlertActivity.java @@ -36,18 +36,18 @@ public abstract class AlertActivity extends Activity implements DialogInterface * @see #mAlertParams */ protected AlertController mAlert; - + /** * The parameters for the alert. */ protected AlertController.AlertParams mAlertParams; - + @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); - + mAlert = new AlertController(this, this, getWindow()); - mAlertParams = new AlertController.AlertParams(this); + mAlertParams = new AlertController.AlertParams(this); } public void cancel() { @@ -65,7 +65,7 @@ public abstract class AlertActivity extends Activity implements DialogInterface /** * Sets up the alert, including applying the parameters to the alert model, * and installing the alert's content. - * + * * @see #mAlert * @see #mAlertParams */ @@ -73,7 +73,7 @@ public abstract class AlertActivity extends Activity implements DialogInterface mAlertParams.apply(mAlert); mAlert.installContent(); } - + @Override public boolean onKeyDown(int keyCode, KeyEvent event) { if (mAlert.onKeyDown(keyCode, event)) return true; @@ -85,6 +85,4 @@ public abstract class AlertActivity extends Activity implements DialogInterface if (mAlert.onKeyUp(keyCode, event)) return true; return super.onKeyUp(keyCode, event); } - - } diff --git a/core/java/com/android/internal/app/RestrictionsPinActivity.java b/core/java/com/android/internal/app/RestrictionsPinActivity.java new file mode 100644 index 0000000..57436f7 --- /dev/null +++ b/core/java/com/android/internal/app/RestrictionsPinActivity.java @@ -0,0 +1,187 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.internal.app; + +import android.app.AlertDialog; +import android.content.Context; +import android.content.DialogInterface; +import android.os.Bundle; +import android.os.UserManager; +import android.text.Editable; +import android.text.TextWatcher; +import android.view.KeyEvent; +import android.view.LayoutInflater; +import android.view.View; +import android.widget.EditText; +import android.widget.TextView; +import android.widget.TextView.OnEditorActionListener; + +import com.android.internal.R; + +/** + * This activity is launched by Settings and other apps to either create a new PIN or + * challenge for an existing PIN. The PIN is maintained by UserManager. + */ +public class RestrictionsPinActivity extends AlertActivity + implements DialogInterface.OnClickListener, TextWatcher, OnEditorActionListener { + + private UserManager mUserManager; + + private EditText mPin1Text; + private EditText mPin2Text; + private TextView mPinErrorMessage; + private TextView mPinMessage; + + @Override + public void onCreate(Bundle icicle) { + super.onCreate(icicle); + + AlertController.AlertParams ap = mAlertParams; + ap.mTitle = getString(R.string.restr_pin_enter_pin); + ap.mPositiveButtonText = getString(R.string.ok); + ap.mNegativeButtonText = getString(R.string.cancel); + ap.mPositiveButtonListener = this; + ap.mNegativeButtonListener = this; + LayoutInflater inflater = + (LayoutInflater) getSystemService(Context.LAYOUT_INFLATER_SERVICE); + ap.mView = inflater.inflate(R.layout.pin_challenge, null); + + mPinMessage = (TextView) ap.mView.findViewById(R.id.pin_message); + mPin1Text = (EditText) ap.mView.findViewById(R.id.pin1_text); + mPin2Text = (EditText) ap.mView.findViewById(R.id.pin2_text); + mPinErrorMessage = (TextView) ap.mView.findViewById(R.id.pin_error_message); + mPin1Text.addTextChangedListener(this); + mPin2Text.addTextChangedListener(this); + + mUserManager = (UserManager) getSystemService(Context.USER_SERVICE); + + setupAlert(); + } + + protected boolean verifyingPin() { + return true; + } + + public void onResume() { + super.onResume(); + + setPositiveButtonState(false); + boolean hasPin = mUserManager.hasRestrictionsPin(); + if (verifyingPin()) { + if (hasPin) { + mPinMessage.setVisibility(View.GONE); + mPinErrorMessage.setVisibility(View.GONE); + mPin2Text.setVisibility(View.GONE); + mPin1Text.setOnEditorActionListener(this); + updatePinTimer(-1); + } else { + setResult(RESULT_OK); + finish(); + } + } else if (hasPin) { + // Shouldn't really be in this state, exit + setResult(RESULT_OK); + finish(); + } + } + + private void setPositiveButtonState(boolean enabled) { + mAlert.getButton(DialogInterface.BUTTON_POSITIVE).setEnabled(enabled); + } + + private void updatePinTimer(int pinTimerMs) { + if (pinTimerMs < 0) { + pinTimerMs = mUserManager.checkRestrictionsPin(null); + } + if (pinTimerMs >= 200) { + final int seconds = (pinTimerMs + 200) / 1000; + final String formatString = getResources().getQuantityString( + R.plurals.restr_pin_countdown, + seconds); + mPinErrorMessage.setText(String.format(formatString, seconds)); + mPinErrorMessage.setVisibility(View.VISIBLE); + mPin1Text.setEnabled(false); + mPin1Text.setText(""); + setPositiveButtonState(false); + mPin1Text.postDelayed(mCountdownRunnable, Math.min(1000, pinTimerMs)); + } else { + mPinErrorMessage.setVisibility(View.INVISIBLE); + mPin1Text.setEnabled(true); + mPin1Text.setText(""); + } + } + + public void onClick(DialogInterface dialog, int which) { + setResult(RESULT_CANCELED); + if (which == AlertDialog.BUTTON_POSITIVE) { + performPositiveButtonAction(); + } else if (which == AlertDialog.BUTTON_NEGATIVE) { + finish(); + } + } + + private void performPositiveButtonAction() { + if (verifyingPin()) { + int result = mUserManager.checkRestrictionsPin(mPin1Text.getText().toString()); + if (result == UserManager.PIN_VERIFICATION_SUCCESS) { + setResult(RESULT_OK); + finish(); + } else if (result >= 0) { + updatePinTimer(result); + } + } else { + if (mUserManager.changeRestrictionsPin(mPin1Text.getText().toString())) { + setResult(RESULT_OK); + finish(); + } + } + } + + @Override + public void beforeTextChanged(CharSequence s, int start, int count, int after) { + } + + @Override + public void onTextChanged(CharSequence s, int start, int before, int count) { + CharSequence pin1 = mPin1Text.getText(); + if (!verifyingPin()) { + CharSequence pin2 = mPin2Text.getText(); + boolean match = pin1 != null && pin2 != null && pin1.length() >= 4 + && pin1.toString().equals(pin2.toString()); + setPositiveButtonState(match); + mPinErrorMessage.setVisibility(match ? View.INVISIBLE : View.VISIBLE); + } else { + setPositiveButtonState(pin1 != null && pin1.length() >= 4); + } + } + + @Override + public void afterTextChanged(Editable s) { + } + + @Override + public boolean onEditorAction(TextView v, int actionId, KeyEvent event) { + performPositiveButtonAction(); + return true; + } + + private Runnable mCountdownRunnable = new Runnable() { + public void run() { + updatePinTimer(-1); + } + }; +} diff --git a/core/java/com/android/internal/app/RestrictionsPinSetupActivity.java b/core/java/com/android/internal/app/RestrictionsPinSetupActivity.java new file mode 100644 index 0000000..35f2967 --- /dev/null +++ b/core/java/com/android/internal/app/RestrictionsPinSetupActivity.java @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.internal.app; + +/** + * This activity is launched by Settings and other apps to either create a new PIN or + * challenge for an existing PIN. The PIN is maintained by UserManager. + */ +public class RestrictionsPinSetupActivity extends RestrictionsPinActivity { + + protected boolean verifyingPin() { + return false; + } +} diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index ca274e3..40d3428 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2432,6 +2432,29 @@ android:process=":ui"> </activity> + <activity android:name="com.android.internal.app.RestrictionsPinSetupActivity" + android:theme="@style/Theme.Holo.Dialog.Alert" + android:permission="android.permission.MANAGE_USERS" + android:excludeFromRecents="true" + android:windowSoftInputMode="adjustPan" + android:process=":ui"> + <intent-filter android:priority="100"> + <action android:name="android.intent.action.RESTRICTIONS_PIN_CREATE" /> + <category android:name="android.intent.category.DEFAULT" /> + </intent-filter> + </activity> + + <activity android:name="com.android.internal.app.RestrictionsPinActivity" + android:theme="@style/Theme.Holo.Dialog.Alert" + android:excludeFromRecents="true" + android:windowSoftInputMode="adjustPan" + android:process=":ui"> + <intent-filter android:priority="100"> + <action android:name="android.intent.action.RESTRICTIONS_PIN_CHALLENGE" /> + <category android:name="android.intent.category.DEFAULT" /> + </intent-filter> + </activity> + <receiver android:name="com.android.server.BootReceiver" android:primaryUserOnly="true"> <intent-filter> @@ -2470,9 +2493,9 @@ </receiver> <receiver android:name="com.android.server.MasterClearReceiver" - android:permission="android.permission.MASTER_CLEAR" - android:priority="100" > - <intent-filter> + android:permission="android.permission.MASTER_CLEAR"> + <intent-filter + android:priority="100" > <!-- For Checkin, Settings, etc.: action=MASTER_CLEAR --> <action android:name="android.intent.action.MASTER_CLEAR" /> diff --git a/core/res/res/layout/pin_challenge.xml b/core/res/res/layout/pin_challenge.xml new file mode 100644 index 0000000..2cb14b4 --- /dev/null +++ b/core/res/res/layout/pin_challenge.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2013 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- Layout used as the dialog's content View for EditTextPreference. --> +<ScrollView xmlns:android="http://schemas.android.com/apk/res/android" + android:layout_width="match_parent" + android:layout_height="match_parent" + android:layout_marginTop="48dp" + android:layout_marginBottom="48dp" + android:overScrollMode="ifContentScrolls"> + + <LinearLayout + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:padding="8dip" + android:orientation="vertical"> + + <TextView android:id="@+id/pin_message" + style="?android:attr/textAppearanceMedium" + android:layout_marginTop="16dp" + android:layout_marginBottom="16dp" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:text="@string/restr_pin_create_pin" + android:textColor="?android:attr/textColorSecondary" /> + + <!-- TextView android:id="@+id/pin1_label" + style="?android:attr/textAppearanceSmall" + android:layout_marginBottom="16dp" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:text="@string/restr_pin_enter_pin" + android:textColor="?android:attr/textColorSecondary" /--> + + <EditText android:id="@+id/pin1_text" + style="?android:attr/textAppearanceMedium" + android:layout_marginBottom="16dp" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:hint="@string/restr_pin_enter_pin" + android:inputType="textPassword" + android:textColor="?android:attr/textColorPrimary" /> + + <!-- TextView android:id="@+id/pin2_label" + style="?android:attr/textAppearanceSmall" + android:layout_marginBottom="16dp" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:text="@string/restr_pin_confirm_pin" + android:textColor="?android:attr/textColorSecondary" /--> + + <EditText android:id="@+id/pin2_text" + style="?android:attr/textAppearanceMedium" + android:layout_marginBottom="16dp" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:hint="@string/restr_pin_confirm_pin" + android:inputType="textPassword" + android:textColor="?android:attr/textColorPrimary" /> + + <TextView android:id="@+id/pin_error_message" + style="?android:attr/textAppearanceSmall" + android:layout_marginBottom="16dp" + android:layout_width="match_parent" + android:layout_height="wrap_content" + android:text="@string/restr_pin_error_doesnt_match" + android:textColor="#FFFF0000" /> + + </LinearLayout> + +</ScrollView> diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 1938b88..4b02a7d 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -4018,7 +4018,7 @@ <!-- Message shown when user enters wrong PIN --> <string name="kg_wrong_pin">Wrong PIN</string> <!-- Countdown message shown after too many failed unlock attempts --> - <string name="kg_too_many_failed_attempts_countdown">Try again in <xliff:g id="number">%d</xliff:g> seconds.</string> + <string name="kg_too_many_failed_attempts_countdown">Try again in <xliff:g id="number">%1$d</xliff:g> seconds.</string> <!-- Instructions for using the pattern unlock screen --> <string name="kg_pattern_instructions">Draw your pattern</string> <!-- Instructions for using the SIM PIN unlock screen --> @@ -4227,4 +4227,20 @@ <!-- North America Tabloid media size: 11" × 17" --> <string name="mediaSize_na_tabloid">Tabloid</string> + <!-- PIN creation dialog message [CHAR LIMIT=none] --> + <string name="restr_pin_create_pin">Create a PIN for modifying restrictions</string> + <!-- PIN entry dialog label for PIN [CHAR LIMIT=none] --> + <string name="restr_pin_enter_pin">Enter PIN</string> + <!-- PIN entry dialog label for PIN confirmation [CHAR LIMIT=none] --> + <string name="restr_pin_confirm_pin">Confirm PIN</string> + <!-- PIN entry dialog error when PINs are not the same [CHAR LIMIT=none] --> + <string name="restr_pin_error_doesnt_match">PINs don\'t match. Try again.</string> + <!-- PIN entry dialog error when PIN is too short [CHAR LIMIT=none] --> + <string name="restr_pin_error_too_short">PIN is too short. Must be at least 4 digits.</string> + <!-- PIN entry dialog countdown message for next chance to enter the PIN [CHAR LIMIT=none] --> + <!-- Phrase describing a time duration using seconds [CHAR LIMIT=16] --> + <plurals name="restr_pin_countdown"> + <item quantity="one">Incorrect PIN. Try again in 1 second.</item> + <item quantity="other">Incorrect PIN. Try again in <xliff:g id="count">%d</xliff:g> seconds.</item> + </plurals> </resources> diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index 7f39364..a1166fc 100755 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -213,6 +213,10 @@ <java-symbol type="id" name="sms_short_code_remember_undo_instruction" /> <java-symbol type="id" name="breadcrumb_section" /> <java-symbol type="id" name="action_bar_spinner" /> + <java-symbol type="id" name="pin_message" /> + <java-symbol type="id" name="pin1_text" /> + <java-symbol type="id" name="pin2_text" /> + <java-symbol type="id" name="pin_error_message" /> <java-symbol type="attr" name="actionModeShareDrawable" /> <java-symbol type="attr" name="alertDialogCenterButtons" /> @@ -898,6 +902,7 @@ <java-symbol type="string" name="mediaSize_na_junior_legal" /> <java-symbol type="string" name="mediaSize_na_ledger" /> <java-symbol type="string" name="mediaSize_na_tabloid" /> + <java-symbol type="string" name="restr_pin_enter_pin" /> <java-symbol type="plurals" name="abbrev_in_num_days" /> <java-symbol type="plurals" name="abbrev_in_num_hours" /> @@ -920,6 +925,7 @@ <java-symbol type="plurals" name="num_hours_ago" /> <java-symbol type="plurals" name="num_minutes_ago" /> <java-symbol type="plurals" name="num_seconds_ago" /> + <java-symbol type="plurals" name="restr_pin_countdown" /> <java-symbol type="array" name="carrier_properties" /> <java-symbol type="array" name="config_data_usage_network_types" /> @@ -1145,6 +1151,7 @@ <java-symbol type="layout" name="sms_short_code_confirmation_dialog" /> <java-symbol type="layout" name="action_bar_up_container" /> <java-symbol type="layout" name="app_not_authorized" /> + <java-symbol type="layout" name="pin_challenge" /> <java-symbol type="anim" name="slide_in_child_bottom" /> <java-symbol type="anim" name="slide_in_right" /> diff --git a/policy/src/com/android/internal/policy/impl/PhoneWindow.java b/policy/src/com/android/internal/policy/impl/PhoneWindow.java index a21b089..3ed8bd8 100644 --- a/policy/src/com/android/internal/policy/impl/PhoneWindow.java +++ b/policy/src/com/android/internal/policy/impl/PhoneWindow.java @@ -49,6 +49,7 @@ import android.graphics.drawable.Drawable; import android.media.AudioManager; import android.net.Uri; import android.os.Bundle; +import android.os.Debug; import android.os.Handler; import android.os.Parcel; import android.os.Parcelable; @@ -58,6 +59,7 @@ import android.util.AndroidRuntimeException; import android.util.DisplayMetrics; import android.util.EventLog; import android.util.Log; +import android.util.Slog; import android.util.SparseArray; import android.util.TypedValue; import android.view.ActionMode; diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index 9308feb..524403c 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -1933,8 +1933,6 @@ public class PackageManagerService extends IPackageManager.Stub { getDataPathForPackage(packageName, 0).getPath(); pkg.applicationInfo.nativeLibraryDir = ps.nativeLibraryPathString; } - // pkg.mSetEnabled = ps.getEnabled(userId); - // pkg.mSetStopped = ps.getStopped(userId); return generatePackageInfo(pkg, flags, userId); } return null; @@ -6149,6 +6147,120 @@ public class PackageManagerService extends IPackageManager.Stub { mHandler.sendMessage(msg); } + private void sendPackageAddedForUser(String packageName, PackageSetting pkgSetting, int userId) { + Bundle extras = new Bundle(1); + extras.putInt(Intent.EXTRA_UID, UserHandle.getUid(userId, pkgSetting.appId)); + + sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, + packageName, extras, null, null, new int[] {userId}); + try { + IActivityManager am = ActivityManagerNative.getDefault(); + final boolean isSystem = + isSystemApp(pkgSetting) || isUpdatedSystemApp(pkgSetting); + if (isSystem && am.isUserRunning(userId, false)) { + // The just-installed/enabled app is bundled on the system, so presumed + // to be able to run automatically without needing an explicit launch. + // Send it a BOOT_COMPLETED if it would ordinarily have gotten one. + Intent bcIntent = new Intent(Intent.ACTION_BOOT_COMPLETED) + .addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES) + .setPackage(packageName); + am.broadcastIntent(null, bcIntent, null, null, 0, null, null, null, + android.app.AppOpsManager.OP_NONE, false, false, userId); + } + } catch (RemoteException e) { + // shouldn't happen + Slog.w(TAG, "Unable to bootstrap installed package", e); + } + } + + @Override + public boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked, + int userId) { + mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); + PackageSetting pkgSetting; + final int uid = Binder.getCallingUid(); + if (UserHandle.getUserId(uid) != userId) { + mContext.enforceCallingPermission( + android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, + "setApplicationBlocked for user " + userId); + } + + if (blocked && isPackageDeviceAdmin(packageName, userId)) { + Slog.w(TAG, "Not blocking package " + packageName + ": has active device admin"); + return false; + } + + long callingId = Binder.clearCallingIdentity(); + try { + boolean sendAdded = false; + boolean sendRemoved = false; + // writer + synchronized (mPackages) { + pkgSetting = mSettings.mPackages.get(packageName); + if (pkgSetting == null) { + return false; + } + if (pkgSetting.getBlocked(userId) != blocked) { + pkgSetting.setBlocked(blocked, userId); + mSettings.writePackageRestrictionsLPr(userId); + if (blocked) { + sendRemoved = true; + } else { + sendAdded = true; + } + } + } + if (sendAdded) { + sendPackageAddedForUser(packageName, pkgSetting, userId); + return true; + } + if (sendRemoved) { + sendPackageBlockedForUser(packageName, pkgSetting, userId); + } + } finally { + Binder.restoreCallingIdentity(callingId); + } + return false; + } + + private void sendPackageBlockedForUser(String packageName, PackageSetting pkgSetting, + int userId) { + final PackageRemovedInfo info = new PackageRemovedInfo(); + info.removedPackage = packageName; + info.removedUsers = new int[] {userId}; + info.uid = UserHandle.getUid(userId, pkgSetting.appId); + info.sendBroadcast(false, false, false); + } + + /** + * Returns true if application is not found or there was an error. Otherwise it returns + * the blocked state of the package for the given user. + */ + @Override + public boolean getApplicationBlockedSettingAsUser(String packageName, int userId) { + mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); + PackageSetting pkgSetting; + final int uid = Binder.getCallingUid(); + if (UserHandle.getUserId(uid) != userId) { + mContext.enforceCallingPermission( + android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, + "getApplicationBlocked for user " + userId); + } + long callingId = Binder.clearCallingIdentity(); + try { + // writer + synchronized (mPackages) { + pkgSetting = mSettings.mPackages.get(packageName); + if (pkgSetting == null) { + return true; + } + return pkgSetting.getBlocked(userId); + } + } finally { + Binder.restoreCallingIdentity(callingId); + } + } + /** * @hide */ @@ -6180,33 +6292,14 @@ public class PackageManagerService extends IPackageManager.Stub { } if (!pkgSetting.getInstalled(userId)) { pkgSetting.setInstalled(true, userId); + pkgSetting.setBlocked(false, userId); mSettings.writePackageRestrictionsLPr(userId); - extras.putInt(Intent.EXTRA_UID, UserHandle.getUid(userId, pkgSetting.appId)); sendAdded = true; } } if (sendAdded) { - sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED, - packageName, extras, null, null, new int[] {userId}); - try { - IActivityManager am = ActivityManagerNative.getDefault(); - final boolean isSystem = - isSystemApp(pkgSetting) || isUpdatedSystemApp(pkgSetting); - if (isSystem && am.isUserRunning(userId, false)) { - // The just-installed/enabled app is bundled on the system, so presumed - // to be able to run automatically without needing an explicit launch. - // Send it a BOOT_COMPLETED if it would ordinarily have gotten one. - Intent bcIntent = new Intent(Intent.ACTION_BOOT_COMPLETED) - .addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES) - .setPackage(packageName); - am.broadcastIntent(null, bcIntent, null, null, 0, null, null, null, - android.app.AppOpsManager.OP_NONE, false, false, userId); - } - } catch (RemoteException e) { - // shouldn't happen - Slog.w(TAG, "Unable to bootstrap installed package", e); - } + sendPackageAddedForUser(packageName, pkgSetting, userId); } } finally { Binder.restoreCallingIdentity(callingId); @@ -8697,6 +8790,19 @@ public class PackageManagerService extends IPackageManager.Stub { }); } + private boolean isPackageDeviceAdmin(String packageName, int userId) { + IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface( + ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); + try { + if (dpm != null && (dpm.packageHasActiveAdmins(packageName, userId) + || dpm.isDeviceOwner(packageName))) { + return true; + } + } catch (RemoteException e) { + } + return false; + } + /** * This method is an internal method that could be get invoked either * to delete an installed package or to clean up a failed installation. @@ -8715,15 +8821,9 @@ public class PackageManagerService extends IPackageManager.Stub { final PackageRemovedInfo info = new PackageRemovedInfo(); final boolean res; - IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface( - ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); - try { - if (dpm != null && (dpm.packageHasActiveAdmins(packageName, userId) - || dpm.isDeviceOwner(packageName))) { - Slog.w(TAG, "Not removing package " + packageName + ": has active device admin"); - return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER; - } - } catch (RemoteException e) { + if (isPackageDeviceAdmin(packageName, userId)) { + Slog.w(TAG, "Not removing package " + packageName + ": has active device admin"); + return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER; } boolean removedForAllUsers = false; @@ -9039,6 +9139,7 @@ public class PackageManagerService extends IPackageManager.Stub { false, //installed true, //stopped true, //notLaunched + false, //blocked null, null, null); if (!isSystemApp(ps)) { if (ps.isAnyInstalled(sUserManager.getUserIds())) { diff --git a/services/java/com/android/server/pm/PackageSettingBase.java b/services/java/com/android/server/pm/PackageSettingBase.java index b3fd60c..7747c8f 100644 --- a/services/java/com/android/server/pm/PackageSettingBase.java +++ b/services/java/com/android/server/pm/PackageSettingBase.java @@ -260,14 +260,24 @@ class PackageSettingBase extends GrantedPermissions { modifyUserState(userId).notLaunched = stop; } + boolean getBlocked(int userId) { + return readUserState(userId).blocked; + } + + void setBlocked(boolean blocked, int userId) { + modifyUserState(userId).blocked = blocked; + } + void setUserState(int userId, int enabled, boolean installed, boolean stopped, - boolean notLaunched, String lastDisableAppCaller, HashSet<String> enabledComponents, + boolean notLaunched, boolean blocked, + String lastDisableAppCaller, HashSet<String> enabledComponents, HashSet<String> disabledComponents) { PackageUserState state = modifyUserState(userId); state.enabled = enabled; state.installed = installed; state.stopped = stopped; state.notLaunched = notLaunched; + state.blocked = blocked; state.lastDisableAppCaller = lastDisableAppCaller; state.enabledComponents = enabledComponents; state.disabledComponents = disabledComponents; diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java index 0cae5d6..2d7d8a0 100644 --- a/services/java/com/android/server/pm/Settings.java +++ b/services/java/com/android/server/pm/Settings.java @@ -109,6 +109,7 @@ final class Settings { private static final String ATTR_ENABLED = "enabled"; private static final String ATTR_ENABLED_CALLER = "enabledCaller"; private static final String ATTR_STOPPED = "stopped"; + private static final String ATTR_BLOCKED = "blocked"; private static final String ATTR_INSTALLED = "inst"; private final File mSettingsFilename; @@ -462,6 +463,7 @@ final class Settings { installed, true, // stopped, true, // notLaunched + false, // blocked null, null, null); writePackageRestrictionsLPr(user.id); } @@ -860,6 +862,7 @@ final class Settings { true, // installed false, // stopped false, // notLaunched + false, // blocked null, null, null); } return; @@ -913,6 +916,9 @@ final class Settings { final String stoppedStr = parser.getAttributeValue(null, ATTR_STOPPED); final boolean stopped = stoppedStr == null ? false : Boolean.parseBoolean(stoppedStr); + final String blockedStr = parser.getAttributeValue(null, ATTR_BLOCKED); + final boolean blocked = blockedStr == null + ? false : Boolean.parseBoolean(blockedStr); final String notLaunchedStr = parser.getAttributeValue(null, ATTR_NOT_LAUNCHED); final boolean notLaunched = stoppedStr == null ? false : Boolean.parseBoolean(notLaunchedStr); @@ -936,7 +942,7 @@ final class Settings { } } - ps.setUserState(userId, enabled, installed, stopped, notLaunched, + ps.setUserState(userId, enabled, installed, stopped, notLaunched, blocked, enabledCaller, enabledComponents, disabledComponents); } else if (tagName.equals("preferred-activities")) { readPreferredActivitiesLPw(parser, userId); @@ -1044,6 +1050,7 @@ final class Settings { PackageUserState ustate = pkg.readUserState(userId); if (ustate.stopped || ustate.notLaunched || !ustate.installed || ustate.enabled != COMPONENT_ENABLED_STATE_DEFAULT + || ustate.blocked || (ustate.enabledComponents != null && ustate.enabledComponents.size() > 0) || (ustate.disabledComponents != null @@ -1061,6 +1068,9 @@ final class Settings { if (ustate.notLaunched) { serializer.attribute(null, ATTR_NOT_LAUNCHED, "true"); } + if (ustate.blocked) { + serializer.attribute(null, ATTR_BLOCKED, "true"); + } if (ustate.enabled != COMPONENT_ENABLED_STATE_DEFAULT) { serializer.attribute(null, ATTR_ENABLED, Integer.toString(ustate.enabled)); @@ -2847,6 +2857,8 @@ final class Settings { pw.print(prefix); pw.print(" User "); pw.print(user.id); pw.print(": "); pw.print(" installed="); pw.print(ps.getInstalled(user.id)); + pw.print(" blocked="); + pw.print(ps.getBlocked(user.id)); pw.print(" stopped="); pw.print(ps.getStopped(user.id)); pw.print(" notLaunched="); diff --git a/services/java/com/android/server/pm/UserManagerService.java b/services/java/com/android/server/pm/UserManagerService.java index 1323c93..d86f2c7 100644 --- a/services/java/com/android/server/pm/UserManagerService.java +++ b/services/java/com/android/server/pm/UserManagerService.java @@ -39,12 +39,15 @@ import android.os.Handler; import android.os.IUserManager; import android.os.Process; import android.os.RemoteException; +import android.os.SystemClock; import android.os.UserHandle; import android.os.UserManager; import android.util.AtomicFile; +import android.util.Log; import android.util.Slog; import android.util.SparseArray; import android.util.SparseBooleanArray; +import android.util.SparseLongArray; import android.util.TimeUtils; import android.util.Xml; @@ -63,6 +66,9 @@ import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; @@ -78,6 +84,10 @@ public class UserManagerService extends IUserManager.Stub { private static final String ATTR_ID = "id"; private static final String ATTR_CREATION_TIME = "created"; private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn"; + private static final String ATTR_SALT = "salt"; + private static final String ATTR_PIN_HASH = "pinHash"; + private static final String ATTR_FAILED_ATTEMPTS = "failedAttempts"; + private static final String ATTR_LAST_RETRY_MS = "lastAttemptMs"; private static final String ATTR_SERIAL_NO = "serialNumber"; private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber"; private static final String ATTR_PARTIAL = "partial"; @@ -107,6 +117,13 @@ public class UserManagerService extends IUserManager.Stub { private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms + // Number of attempts before jumping to the next BACKOFF_TIMES slot + private static final int BACKOFF_INC_INTERVAL = 5; + + // Amount of time to force the user to wait before entering the PIN again, after failing + // BACKOFF_INC_INTERVAL times. + private static final int[] BACKOFF_TIMES = { 0, 30*1000, 60*1000, 5*60*1000, 30*60*1000 }; + private final Context mContext; private final PackageManagerService mPm; private final Object mInstallLock; @@ -121,6 +138,16 @@ public class UserManagerService extends IUserManager.Stub { private final SparseArray<UserInfo> mUsers = new SparseArray<UserInfo>(); private final SparseArray<Bundle> mUserRestrictions = new SparseArray<Bundle>(); + class RestrictionsPinState { + long salt; + String pinHash; + int failedAttempts; + long lastAttemptTime; + } + + private final SparseArray<RestrictionsPinState> mRestrictionsPinStates = + new SparseArray<RestrictionsPinState>(); + /** * Set of user IDs being actively removed. Removed IDs linger in this set * for several seconds to work around a VFS caching issue. @@ -604,6 +631,21 @@ public class UserManagerService extends IUserManager.Stub { serializer.attribute(null, ATTR_CREATION_TIME, Long.toString(userInfo.creationTime)); serializer.attribute(null, ATTR_LAST_LOGGED_IN_TIME, Long.toString(userInfo.lastLoggedInTime)); + RestrictionsPinState pinState = mRestrictionsPinStates.get(userInfo.id); + if (pinState != null) { + if (pinState.salt != 0) { + serializer.attribute(null, ATTR_SALT, Long.toString(pinState.salt)); + } + if (pinState.pinHash != null) { + serializer.attribute(null, ATTR_PIN_HASH, pinState.pinHash); + } + if (pinState.failedAttempts != 0) { + serializer.attribute(null, ATTR_FAILED_ATTEMPTS, + Integer.toString(pinState.failedAttempts)); + serializer.attribute(null, ATTR_LAST_RETRY_MS, + Long.toString(pinState.lastAttemptTime)); + } + } if (userInfo.iconPath != null) { serializer.attribute(null, ATTR_ICON_PATH, userInfo.iconPath); } @@ -690,6 +732,10 @@ public class UserManagerService extends IUserManager.Stub { String iconPath = null; long creationTime = 0L; long lastLoggedInTime = 0L; + long salt = 0L; + String pinHash = null; + int failedAttempts = 0; + long lastAttemptTime = 0L; boolean partial = false; Bundle restrictions = new Bundle(); @@ -722,6 +768,10 @@ public class UserManagerService extends IUserManager.Stub { iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH); creationTime = readLongAttribute(parser, ATTR_CREATION_TIME, 0); lastLoggedInTime = readLongAttribute(parser, ATTR_LAST_LOGGED_IN_TIME, 0); + salt = readLongAttribute(parser, ATTR_SALT, 0L); + pinHash = parser.getAttributeValue(null, ATTR_PIN_HASH); + failedAttempts = readIntAttribute(parser, ATTR_FAILED_ATTEMPTS, 0); + lastAttemptTime = readLongAttribute(parser, ATTR_LAST_RETRY_MS, 0L); String valueString = parser.getAttributeValue(null, ATTR_PARTIAL); if ("true".equals(valueString)) { partial = true; @@ -761,6 +811,17 @@ public class UserManagerService extends IUserManager.Stub { userInfo.lastLoggedInTime = lastLoggedInTime; userInfo.partial = partial; mUserRestrictions.append(id, restrictions); + if (salt != 0L) { + RestrictionsPinState pinState = mRestrictionsPinStates.get(id); + if (pinState == null) { + pinState = new RestrictionsPinState(); + mRestrictionsPinStates.put(id, pinState); + } + pinState.salt = salt; + pinState.pinHash = pinHash; + pinState.failedAttempts = failedAttempts; + pinState.lastAttemptTime = lastAttemptTime; + } return userInfo; } catch (IOException ioe) { @@ -949,6 +1010,7 @@ public class UserManagerService extends IUserManager.Stub { } }, MINUTE_IN_MILLIS); + mRestrictionsPinStates.remove(userHandle); // Remove user file AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + ".xml")); userFile.delete(); @@ -999,6 +1061,123 @@ public class UserManagerService extends IUserManager.Stub { } } + @Override + public boolean changeRestrictionsPin(String newPin) { + checkManageUsersPermission("Only system can modify the restrictions pin"); + int userId = UserHandle.getCallingUserId(); + synchronized (mPackagesLock) { + RestrictionsPinState pinState = mRestrictionsPinStates.get(userId); + if (pinState == null) { + pinState = new RestrictionsPinState(); + } + if (newPin == null) { + pinState.salt = 0; + pinState.pinHash = null; + } else { + try { + pinState.salt = SecureRandom.getInstance("SHA1PRNG").nextLong(); + } catch (NoSuchAlgorithmException e) { + pinState.salt = (long) (Math.random() * Long.MAX_VALUE); + } + pinState.pinHash = passwordToHash(newPin, pinState.salt); + pinState.failedAttempts = 0; + } + mRestrictionsPinStates.put(userId, pinState); + writeUserLocked(mUsers.get(userId)); + } + return true; + } + + @Override + public int checkRestrictionsPin(String pin) { + checkManageUsersPermission("Only system can verify the restrictions pin"); + int userId = UserHandle.getCallingUserId(); + synchronized (mPackagesLock) { + RestrictionsPinState pinState = mRestrictionsPinStates.get(userId); + // If there's no pin set, return error code + if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) { + return UserManager.PIN_VERIFICATION_FAILED_NOT_SET; + } else if (pin == null) { + // If just checking if user can be prompted, return remaining time + int waitTime = getRemainingTimeForPinAttempt(pinState); + Slog.d(LOG_TAG, "Remaining waittime peek=" + waitTime); + return waitTime; + } else { + int waitTime = getRemainingTimeForPinAttempt(pinState); + Slog.d(LOG_TAG, "Remaining waittime=" + waitTime); + if (waitTime > 0) { + return waitTime; + } + if (passwordToHash(pin, pinState.salt).equals(pinState.pinHash)) { + pinState.failedAttempts = 0; + writeUserLocked(mUsers.get(userId)); + return UserManager.PIN_VERIFICATION_SUCCESS; + } else { + pinState.failedAttempts++; + pinState.lastAttemptTime = System.currentTimeMillis(); + writeUserLocked(mUsers.get(userId)); + return waitTime; + } + } + } + } + + private int getRemainingTimeForPinAttempt(RestrictionsPinState pinState) { + int backoffIndex = Math.min(pinState.failedAttempts / BACKOFF_INC_INTERVAL, + BACKOFF_TIMES.length - 1); + int backoffTime = (pinState.failedAttempts % BACKOFF_INC_INTERVAL) == 0 ? + BACKOFF_TIMES[backoffIndex] : 0; + return (int) Math.max(backoffTime + pinState.lastAttemptTime - System.currentTimeMillis(), + 0); + } + + @Override + public boolean hasRestrictionsPin() { + int userId = UserHandle.getCallingUserId(); + synchronized (mPackagesLock) { + RestrictionsPinState pinState = mRestrictionsPinStates.get(userId); + if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) { + return false; + } + } + return true; + } + + /* + * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash. + * Not the most secure, but it is at least a second level of protection. First level is that + * the file is in a location only readable by the system process. + * @param password the password. + * @param salt the randomly generated salt + * @return the hash of the pattern in a String. + */ + private String passwordToHash(String password, long salt) { + if (password == null) { + return null; + } + String algo = null; + String hashed = salt + password; + try { + byte[] saltedPassword = (password + salt).getBytes(); + byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); + byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); + hashed = toHex(sha1) + toHex(md5); + } catch (NoSuchAlgorithmException e) { + Log.w(LOG_TAG, "Failed to encode string because of missing algorithm: " + algo); + } + return hashed; + } + + private static String toHex(byte[] ary) { + final String hex = "0123456789ABCDEF"; + String ret = ""; + for (int i = 0; i < ary.length; i++) { + ret += hex.charAt((ary[i] >> 4) & 0xf); + ret += hex.charAt(ary[i] & 0xf); + } + return ret; + } + private int getUidForPackage(String packageName) { long ident = Binder.clearCallingIdentity(); try { diff --git a/test-runner/src/android/test/mock/MockPackageManager.java b/test-runner/src/android/test/mock/MockPackageManager.java index 20a26ab..4683534 100644 --- a/test-runner/src/android/test/mock/MockPackageManager.java +++ b/test-runner/src/android/test/mock/MockPackageManager.java @@ -45,6 +45,8 @@ import android.content.res.Resources; import android.content.res.XmlResourceParser; import android.graphics.drawable.Drawable; import android.net.Uri; +import android.os.Binder; +import android.os.UserHandle; import java.util.List; @@ -585,6 +587,23 @@ public class MockPackageManager extends PackageManager { * @hide */ @Override + public boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked, + UserHandle user) { + return false; + } + + /** + * @hide + */ + @Override + public boolean getApplicationBlockedSettingAsUser(String packageName, UserHandle user) { + return false; + } + + /** + * @hide + */ + @Override public int installExistingPackage(String packageName) throws NameNotFoundException { throw new UnsupportedOperationException(); |