summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdnan Begovic <adnan@cyngn.com>2015-10-27 14:43:27 -0700
committerAdnan Begovic <adnan@cyngn.com>2015-10-27 14:43:27 -0700
commitf7beed9883d15d2160b0555c537111d792454418 (patch)
tree74e9cb80fabf9abeffc8db24778fc7360c80fd8a
parent2ec1a33b70d3c013daa956696b68167a5eeef70d (diff)
downloadframeworks_base-f7beed9883d15d2160b0555c537111d792454418.zip
frameworks_base-f7beed9883d15d2160b0555c537111d792454418.tar.gz
frameworks_base-f7beed9883d15d2160b0555c537111d792454418.tar.bz2
admin: Restore requireSecureKeyguard interface.
Change-Id: I3c0533bafdae77df953d5bff457a4efdb94167e7
-rw-r--r--core/java/android/app/admin/DevicePolicyManager.java20
-rw-r--r--core/java/android/app/admin/IDevicePolicyManager.aidl2
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java31
3 files changed, 53 insertions, 0 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index e3414d9..5b9d9d5 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -4461,4 +4461,24 @@ public class DevicePolicyManager {
return PERMISSION_GRANT_STATE_DEFAULT;
}
}
+
+ /**
+ * CM: check if secure keyguard is required
+ * @hide
+ */
+ public boolean requireSecureKeyguard() {
+ return requireSecureKeyguard(UserHandle.myUserId());
+ }
+
+ /** @hide */
+ public boolean requireSecureKeyguard(int userHandle) {
+ if (mService != null) {
+ try {
+ return mService.requireSecureKeyguard(userHandle);
+ } catch (RemoteException e) {
+ Log.w(TAG, "Failed to get secure keyguard requirement");
+ }
+ }
+ return true;
+ }
}
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 376a3d8..a40507b 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -234,4 +234,6 @@ interface IDevicePolicyManager {
boolean setPermissionGrantState(in ComponentName admin, String packageName,
String permission, int grantState);
int getPermissionGrantState(in ComponentName admin, String packageName, String permission);
+
+ boolean requireSecureKeyguard(int userHandle);
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index cd2885b..c1a4243 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -93,6 +93,7 @@ import android.security.IKeyChainAliasCallback;
import android.security.IKeyChainService;
import android.security.KeyChain;
import android.security.KeyChain.KeyChainConnection;
+import android.security.KeyStore;
import android.service.persistentdata.PersistentDataBlockManager;
import android.text.TextUtils;
import android.util.Log;
@@ -4194,6 +4195,36 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
}
+ @Override
+ public boolean requireSecureKeyguard(int userHandle) {
+ if (!mHasFeature) {
+ return false;
+ }
+
+ int passwordQuality = getPasswordQuality(null, userHandle);
+ if (passwordQuality > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
+ return true;
+ }
+
+ int encryptionStatus = getStorageEncryptionStatus(userHandle);
+ if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
+ || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {
+ return true;
+ }
+
+ // Keystore.isEmpty() requires system UID
+ long token = Binder.clearCallingIdentity();
+ try {
+ if (!KeyStore.getInstance().isEmpty()) {
+ return true;
+ }
+ } finally {
+ Binder.restoreCallingIdentity(token);
+ }
+
+ return false;
+ }
+
// Returns the active device owner or null if there is no device owner.
private ActiveAdmin getDeviceOwnerAdmin() {
String deviceOwnerPackageName = getDeviceOwner();