Make Keyguard trust aware

Bug: 13723878
Change-Id: If1f54de4112a120848df72192b82e35b341e8ed3

5 files changed, 39 insertions, 8 deletions

diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardActivityLauncher.java b/packages/Keyguard/src/com/android/keyguard/KeyguardActivityLauncher.java
index 368a97a..0d5e477 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardActivityLauncher.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardActivityLauncher.java
@@ -104,9 +104,10 @@ public abstract class KeyguardActivityLauncher {
 
         // Workaround to avoid camera release/acquisition race when resuming face unlock
         // after showing lockscreen camera (bug 11063890).
-        KeyguardUpdateMonitor.getInstance(getContext()).setAlternateUnlockEnabled(false);
+        KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(getContext());
+        updateMonitor.setAlternateUnlockEnabled(false);
 
-        if (lockPatternUtils.isSecure()) {
+        if (mustLaunchSecurely()) {
             // Launch the secure version of the camera
             if (wouldLaunchResolverActivity(SECURE_CAMERA_INTENT)) {
                 // TODO: Show disambiguation dialog instead.
@@ -123,6 +124,13 @@ public abstract class KeyguardActivityLauncher {
         }
     }
 
+    private boolean mustLaunchSecurely() {
+        LockPatternUtils lockPatternUtils = getLockPatternUtils();
+        KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(getContext());
+        int currentUser = lockPatternUtils.getCurrentUser();
+        return lockPatternUtils.isSecure() && !updateMonitor.getUserHasTrust(currentUser);
+    }
+
     public void launchWidgetPicker(int appWidgetId) {
         Intent pickIntent = new Intent(AppWidgetManager.ACTION_KEYGUARD_APPWIDGET_PICK);
 
@@ -177,9 +185,9 @@ public abstract class KeyguardActivityLauncher {
                 Intent.FLAG_ACTIVITY_NEW_TASK
                 | Intent.FLAG_ACTIVITY_SINGLE_TOP
                 | Intent.FLAG_ACTIVITY_CLEAR_TOP);
-        boolean isSecure = lockPatternUtils.isSecure();
-        if (!isSecure || showsWhileLocked) {
-            if (!isSecure) {
+        boolean mustLaunchSecurely = mustLaunchSecurely();
+        if (!mustLaunchSecurely || showsWhileLocked) {
+            if (!mustLaunchSecurely) {
                 dismissKeyguardOnNextActivity();
             }
             try {
@@ -253,7 +261,7 @@ public abstract class KeyguardActivityLauncher {
     }
 
     private Intent getCameraIntent() {
-        return getLockPatternUtils().isSecure() ? SECURE_CAMERA_INTENT : INSECURE_CAMERA_INTENT;
+        return mustLaunchSecurely() ? SECURE_CAMERA_INTENT : INSECURE_CAMERA_INTENT;
     }
 
     private boolean wouldLaunchResolverActivity(Intent intent) {
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java
index 9f5768a..da6482a 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java
@@ -23,6 +23,7 @@ import com.android.internal.telephony.IccCardConstants;
 import com.android.internal.widget.LockPatternUtils;
 
 public class KeyguardSecurityModel {
+
     /**
      * The different types of security available for {@link Mode#UnlockScreen}.
      * @see com.android.internal.policy.impl.LockPatternKeyguardView#getUnlockMode()
@@ -82,6 +83,8 @@ public class KeyguardSecurityModel {
         } else if (simState == IccCardConstants.State.PUK_REQUIRED
                 && mLockPatternUtils.isPukUnlockScreenEnable()) {
             mode = SecurityMode.SimPuk;
+        } else if (updateMonitor.getUserHasTrust(mLockPatternUtils.getCurrentUser())) {
+            mode = SecurityMode.None;
         } else {
             final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality();
             switch (security) {
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
index 3b712e9..88c78ab 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -20,6 +20,7 @@ import android.app.ActivityManagerNative;
 import android.app.IUserSwitchObserver;
 import android.app.PendingIntent;
 import android.app.admin.DevicePolicyManager;
+import android.app.trust.TrustManager;
 import android.content.BroadcastReceiver;
 import android.content.Context;
 import android.content.Intent;
@@ -51,6 +52,8 @@ import com.android.internal.telephony.TelephonyIntents;
 
 import android.telephony.TelephonyManager;
 import android.util.Log;
+import android.util.SparseBooleanArray;
+
 import com.google.android.collect.Lists;
 
 import java.lang.ref.WeakReference;
@@ -66,7 +69,7 @@ import java.util.ArrayList;
  * the device, and {@link #getFailedUnlockAttempts()}, {@link #reportFailedAttempt()}
  * and {@link #clearFailedUnlockAttempts()}.  Maybe we should rename this 'KeyguardContext'...
  */
-public class KeyguardUpdateMonitor {
+public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
 
     private static final String TAG = "KeyguardUpdateMonitor";
     private static final boolean DEBUG = false;
@@ -205,6 +208,17 @@ public class KeyguardUpdateMonitor {
 
     private AudioManager mAudioManager;
 
+    private SparseBooleanArray mUserHasTrust = new SparseBooleanArray();
+
+    @Override
+    public void onTrustChanged(boolean enabled, int userId) {
+        mUserHasTrust.put(userId, enabled);
+    }
+
+    public boolean getUserHasTrust(int userId) {
+        return mUserHasTrust.get(userId);
+    }
+
     static class DisplayClientState {
         public int clientGeneration;
         public boolean clearing;
@@ -581,6 +595,9 @@ public class KeyguardUpdateMonitor {
             // TODO Auto-generated catch block
             e.printStackTrace();
         }
+
+        TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
+        trustManager.registerTrustListener(this);
     }
 
     private boolean isDeviceProvisionedInSettingsDb() {
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitorCallback.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitorCallback.java
index 481d132..556711b 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitorCallback.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitorCallback.java
@@ -178,4 +178,5 @@ class KeyguardUpdateMonitorCallback {
      * Called when the NFC Service has found a tag that is registered for NFC unlock.
      */
     public void onNfcUnlock() { }
+
 }
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java b/packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java
index 31e806c..c3aa47f 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java
@@ -550,7 +550,9 @@ public class KeyguardViewMediator {
 
                 @Override
                 public int getSessionType() {
-                    return mLockPatternUtils.isSecure() ? Session.TYPE_KEYGUARD_SECURE
+                    return mLockPatternUtils.isSecure() && !mUpdateMonitor.getUserHasTrust(
+                            mLockPatternUtils.getCurrentUser())
+                            ? Session.TYPE_KEYGUARD_SECURE
                             : Session.TYPE_KEYGUARD_INSECURE;
                 }
             }, new File(mContext.getCacheDir(), "keyguard_analytics.bin"));