diff options
author | Adnan Begovic <adnan@cyngn.com> | 2015-10-27 14:43:27 -0700 |
---|---|---|
committer | Adnan Begovic <adnan@cyngn.com> | 2015-10-27 14:43:27 -0700 |
commit | f7beed9883d15d2160b0555c537111d792454418 (patch) | |
tree | 74e9cb80fabf9abeffc8db24778fc7360c80fd8a | |
parent | 2ec1a33b70d3c013daa956696b68167a5eeef70d (diff) | |
download | frameworks_base-f7beed9883d15d2160b0555c537111d792454418.zip frameworks_base-f7beed9883d15d2160b0555c537111d792454418.tar.gz frameworks_base-f7beed9883d15d2160b0555c537111d792454418.tar.bz2 |
admin: Restore requireSecureKeyguard interface.
Change-Id: I3c0533bafdae77df953d5bff457a4efdb94167e7
3 files changed, 53 insertions, 0 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index e3414d9..5b9d9d5 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -4461,4 +4461,24 @@ public class DevicePolicyManager { return PERMISSION_GRANT_STATE_DEFAULT; } } + + /** + * CM: check if secure keyguard is required + * @hide + */ + public boolean requireSecureKeyguard() { + return requireSecureKeyguard(UserHandle.myUserId()); + } + + /** @hide */ + public boolean requireSecureKeyguard(int userHandle) { + if (mService != null) { + try { + return mService.requireSecureKeyguard(userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed to get secure keyguard requirement"); + } + } + return true; + } } diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 376a3d8..a40507b 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -234,4 +234,6 @@ interface IDevicePolicyManager { boolean setPermissionGrantState(in ComponentName admin, String packageName, String permission, int grantState); int getPermissionGrantState(in ComponentName admin, String packageName, String permission); + + boolean requireSecureKeyguard(int userHandle); } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index cd2885b..c1a4243 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -93,6 +93,7 @@ import android.security.IKeyChainAliasCallback; import android.security.IKeyChainService; import android.security.KeyChain; import android.security.KeyChain.KeyChainConnection; +import android.security.KeyStore; import android.service.persistentdata.PersistentDataBlockManager; import android.text.TextUtils; import android.util.Log; @@ -4194,6 +4195,36 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + @Override + public boolean requireSecureKeyguard(int userHandle) { + if (!mHasFeature) { + return false; + } + + int passwordQuality = getPasswordQuality(null, userHandle); + if (passwordQuality > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { + return true; + } + + int encryptionStatus = getStorageEncryptionStatus(userHandle); + if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE + || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) { + return true; + } + + // Keystore.isEmpty() requires system UID + long token = Binder.clearCallingIdentity(); + try { + if (!KeyStore.getInstance().isEmpty()) { + return true; + } + } finally { + Binder.restoreCallingIdentity(token); + } + + return false; + } + // Returns the active device owner or null if there is no device owner. private ActiveAdmin getDeviceOwnerAdmin() { String deviceOwnerPackageName = getDeviceOwner(); |