Profile: respect DPM when overriding screen lock (1/2)

Profile currently allows the user to override the keyguard set by
device policy, which is undesired.

Change-Id: Id8d80cfdad51ca0a64dc231a77e53b104ecb9825

5 files changed, 33 insertions, 3 deletions

diff --git a/core/java/android/app/Profile.java b/core/java/android/app/Profile.java
index 41250eb..8f60e53 100644
--- a/core/java/android/app/Profile.java
+++ b/core/java/android/app/Profile.java
@@ -16,6 +16,7 @@
 
 package android.app;
 
+import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.media.AudioManager;
 import android.os.Parcel;
@@ -290,6 +291,18 @@ public final class Profile implements Parcelable, Comparable {
         mDirty = true;
     }
 
+    public int getScreenLockModeWithDPM(Context context) {
+        // Check device policy
+        DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
+
+        if (dpm.requireSecureKeyguard()) {
+            // Always enforce lock screen
+            return LockMode.DEFAULT;
+        }
+
+        return mScreenLockMode;
+    }
+
     public int getScreenLockMode() {
         return mScreenLockMode;
     }
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 4c0eba0..719f050 100755
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -30,6 +30,7 @@ import android.os.RemoteCallback;
 import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.UserHandle;
+import android.security.KeyStore;
 import android.util.Log;
 
 import java.io.IOException;
@@ -1513,4 +1514,20 @@ public class DevicePolicyManager {
             }
         }
     }
+
+    /**
+     * CM: check if secure keyguard is required
+     * @hide
+     */
+    public boolean requireSecureKeyguard() {
+        int encryptionStatus = getStorageEncryptionStatus();
+        if (getPasswordQuality(null) > PASSWORD_QUALITY_UNSPECIFIED ||
+                !KeyStore.getInstance().isEmpty() ||
+                encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE ||
+                encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {
+            // Require secure keyguard
+            return true;
+        }
+        return false;
+    }
 }
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 08c3537..93a84e5 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -1279,7 +1279,7 @@ public class LockPatternUtils {
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
-        final boolean isProfileSecure = mProfileManager.getActiveProfile().getScreenLockMode() == Profile.LockMode.DEFAULT;
+        final boolean isProfileSecure = mProfileManager.getActiveProfile().getScreenLockModeWithDPM(mContext) == Profile.LockMode.DEFAULT;
         final boolean secure = (isPattern && isLockPatternEnabled() && savedPatternExists()
                 || isPassword && savedPasswordExists()) && isProfileSecure;
         return secure;
diff --git a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java
index 6ede504..7090965 100644
--- a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java
+++ b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java
@@ -88,7 +88,7 @@ public class KeyguardSecurityModel {
         } else if (simState == IccCardConstants.State.PUK_REQUIRED
                 && mLockPatternUtils.isPukUnlockScreenEnable()) {
             mode = SecurityMode.SimPuk;
-        } else if (mProfileManager.getActiveProfile().getScreenLockMode() != Profile.LockMode.INSECURE) {
+        } else if (mProfileManager.getActiveProfile().getScreenLockModeWithDPM(mContext) != Profile.LockMode.INSECURE) {
             final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality();
             switch (security) {
                 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
diff --git a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java
index a39b2f7..a505185 100644
--- a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java
+++ b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java
@@ -924,7 +924,7 @@ public class KeyguardViewMediator {
         Profile profile = mProfileManager.getActiveProfile();
         if (profile != null) {
             if (!lockedOrMissing
-                    && profile.getScreenLockMode() == Profile.LockMode.DISABLE) {
+                    && profile.getScreenLockModeWithDPM(mContext) == Profile.LockMode.DISABLE) {
                 if (DEBUG) Log.d(TAG, "doKeyguard: not showing because of profile override");
                 return;
             }