diff options
author | Pawit Pornkitprasan <p.pawit@gmail.com> | 2013-04-03 20:55:27 +0700 |
---|---|---|
committer | Pawit Pornkitprasan <p.pawit@gmail.com> | 2013-04-03 20:55:31 +0700 |
commit | 9e331a9c7a5af08a8b25e35310ca576aff848181 (patch) | |
tree | 9f1a538aa74fc5ae36e48e0b4967502071ed3f6e | |
parent | ccab0c0b90d0b0a185557d727198df0b7c420087 (diff) | |
download | frameworks_base-9e331a9c7a5af08a8b25e35310ca576aff848181.zip frameworks_base-9e331a9c7a5af08a8b25e35310ca576aff848181.tar.gz frameworks_base-9e331a9c7a5af08a8b25e35310ca576aff848181.tar.bz2 |
Profile: respect DPM when overriding screen lock (1/2)
Profile currently allows the user to override the keyguard set by
device policy, which is undesired.
Change-Id: Id8d80cfdad51ca0a64dc231a77e53b104ecb9825
5 files changed, 33 insertions, 3 deletions
diff --git a/core/java/android/app/Profile.java b/core/java/android/app/Profile.java index 41250eb..8f60e53 100644 --- a/core/java/android/app/Profile.java +++ b/core/java/android/app/Profile.java @@ -16,6 +16,7 @@ package android.app; +import android.app.admin.DevicePolicyManager; import android.content.Context; import android.media.AudioManager; import android.os.Parcel; @@ -290,6 +291,18 @@ public final class Profile implements Parcelable, Comparable { mDirty = true; } + public int getScreenLockModeWithDPM(Context context) { + // Check device policy + DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE); + + if (dpm.requireSecureKeyguard()) { + // Always enforce lock screen + return LockMode.DEFAULT; + } + + return mScreenLockMode; + } + public int getScreenLockMode() { return mScreenLockMode; } diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 4c0eba0..719f050 100755 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -30,6 +30,7 @@ import android.os.RemoteCallback; import android.os.RemoteException; import android.os.ServiceManager; import android.os.UserHandle; +import android.security.KeyStore; import android.util.Log; import java.io.IOException; @@ -1513,4 +1514,20 @@ public class DevicePolicyManager { } } } + + /** + * CM: check if secure keyguard is required + * @hide + */ + public boolean requireSecureKeyguard() { + int encryptionStatus = getStorageEncryptionStatus(); + if (getPasswordQuality(null) > PASSWORD_QUALITY_UNSPECIFIED || + !KeyStore.getInstance().isEmpty() || + encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE || + encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) { + // Require secure keyguard + return true; + } + return false; + } } diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 08c3537..93a84e5 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -1279,7 +1279,7 @@ public class LockPatternUtils { || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; - final boolean isProfileSecure = mProfileManager.getActiveProfile().getScreenLockMode() == Profile.LockMode.DEFAULT; + final boolean isProfileSecure = mProfileManager.getActiveProfile().getScreenLockModeWithDPM(mContext) == Profile.LockMode.DEFAULT; final boolean secure = (isPattern && isLockPatternEnabled() && savedPatternExists() || isPassword && savedPasswordExists()) && isProfileSecure; return secure; diff --git a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java index 6ede504..7090965 100644 --- a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java +++ b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardSecurityModel.java @@ -88,7 +88,7 @@ public class KeyguardSecurityModel { } else if (simState == IccCardConstants.State.PUK_REQUIRED && mLockPatternUtils.isPukUnlockScreenEnable()) { mode = SecurityMode.SimPuk; - } else if (mProfileManager.getActiveProfile().getScreenLockMode() != Profile.LockMode.INSECURE) { + } else if (mProfileManager.getActiveProfile().getScreenLockModeWithDPM(mContext) != Profile.LockMode.INSECURE) { final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality(); switch (security) { case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: diff --git a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java index a39b2f7..a505185 100644 --- a/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java +++ b/policy/src/com/android/internal/policy/impl/keyguard/KeyguardViewMediator.java @@ -924,7 +924,7 @@ public class KeyguardViewMediator { Profile profile = mProfileManager.getActiveProfile(); if (profile != null) { if (!lockedOrMissing - && profile.getScreenLockMode() == Profile.LockMode.DISABLE) { + && profile.getScreenLockModeWithDPM(mContext) == Profile.LockMode.DISABLE) { if (DEBUG) Log.d(TAG, "doKeyguard: not showing because of profile override"); return; } |