diff options
author | Jim Miller <jaggies@google.com> | 2013-03-22 16:11:08 -0700 |
---|---|---|
committer | Jim Miller <jaggies@google.com> | 2013-04-26 14:34:21 -0700 |
commit | c0b676dcc23baedb12946c3470d9fa9b02cb39e0 (patch) | |
tree | a0050fe524ddbbdd56bd81ea7c67b3a7dd248c69 /packages/Keyguard | |
parent | 69fd7bd660a3a2d1b4c260eee9bbc6868b47d0c4 (diff) | |
download | frameworks_base-c0b676dcc23baedb12946c3470d9fa9b02cb39e0.zip frameworks_base-c0b676dcc23baedb12946c3470d9fa9b02cb39e0.tar.gz frameworks_base-c0b676dcc23baedb12946c3470d9fa9b02cb39e0.tar.bz2 |
Add keyguard background scrim and protection around keyguard APIs
With this change, the system process will put up a scrim in the
event keyguard crashes to protect underlying content.
It also adds permission checks to prevent unathorized access
through the binder APIs.
Cleaned up KeyguardTestActivity to build separately.
Removed unused resources.
Change-Id: I9e370c6bfb7dca68eae9eae304c815fb84a753d2
Diffstat (limited to 'packages/Keyguard')
13 files changed, 125 insertions, 21 deletions
diff --git a/packages/Keyguard/Android.mk b/packages/Keyguard/Android.mk index 2f8edad..bc86a44 100644 --- a/packages/Keyguard/Android.mk +++ b/packages/Keyguard/Android.mk @@ -16,7 +16,7 @@ LOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) -LOCAL_SRC_FILES := $(call all-subdir-java-files) $(call all-subdir-Iaidl-files) +LOCAL_SRC_FILES := $(call all-java-files-under, src) $(call all-subdir-Iaidl-files) LOCAL_JAVA_LIBRARIES := services @@ -28,4 +28,4 @@ LOCAL_PROGUARD_FLAG_FILES := proguard.flags include $(BUILD_PACKAGE) -include $(call all-makefiles-under,$(LOCAL_PATH)) +#include $(call all-makefiles-under,$(LOCAL_PATH)) diff --git a/packages/Keyguard/AndroidManifest.xml b/packages/Keyguard/AndroidManifest.xml index 38e764a..7a40a9e 100644 --- a/packages/Keyguard/AndroidManifest.xml +++ b/packages/Keyguard/AndroidManifest.xml @@ -38,7 +38,7 @@ <uses-permission android:name="android.permission.BIND_DEVICE_ADMIN" /> <uses-permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" /> - <application android:label="@string/app_name" android:icon="@drawable/app_icon" + <application android:label="@string/app_name" android:process="com.android.systemui.keyguard" android:persistent="true" > diff --git a/packages/Keyguard/res/drawable-nodpi/app_icon.png b/packages/Keyguard/res/drawable-nodpi/app_icon.png Binary files differdeleted file mode 100644 index ea31bd8..0000000 --- a/packages/Keyguard/res/drawable-nodpi/app_icon.png +++ /dev/null diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardService.java b/packages/Keyguard/src/com/android/keyguard/KeyguardService.java index 9fa4790..f89ad65 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardService.java +++ b/packages/Keyguard/src/com/android/keyguard/KeyguardService.java @@ -21,7 +21,11 @@ import java.io.PrintWriter; import android.app.Service; import android.content.Intent; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; + +import android.os.Binder; import android.os.Bundle; +import android.os.Debug; import android.os.IBinder; import android.util.Log; @@ -32,6 +36,7 @@ import com.android.internal.widget.LockPatternUtils; public class KeyguardService extends Service { static final String TAG = "KeyguardService"; + static final String PERMISSION = android.Manifest.permission.CONTROL_KEYGUARD; private KeyguardViewMediator mKeyguardViewMediator; @Override @@ -53,6 +58,14 @@ public class KeyguardService extends Service { // TODO } + void checkPermission() { + if (getBaseContext().checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) { + Log.w(TAG, "Caller needs permission '" + PERMISSION + "' to call " + Debug.getCaller()); + throw new SecurityException("Access denied to process: " + Binder.getCallingPid() + + ", must have permission " + PERMISSION); + } + } + private final IKeyguardService.Stub mBinder = new IKeyguardService.Stub() { public boolean isShowing() { return mKeyguardViewMediator.isShowing(); @@ -70,48 +83,61 @@ public class KeyguardService extends Service { mKeyguardViewMediator.verifyUnlock(callback); } public void keyguardDone(boolean authenticated, boolean wakeup) { + checkPermission(); mKeyguardViewMediator.keyguardDone(authenticated, wakeup); } public void setHidden(boolean isHidden) { + checkPermission(); mKeyguardViewMediator.setHidden(isHidden); } public void dismiss() { mKeyguardViewMediator.dismiss(); } public void onWakeKeyWhenKeyguardShowing(int keyCode) { + checkPermission(); mKeyguardViewMediator.onWakeKeyWhenKeyguardShowing(keyCode); } public void onWakeMotionWhenKeyguardShowing() { + checkPermission(); mKeyguardViewMediator.onWakeMotionWhenKeyguardShowing(); } public void onDreamingStarted() { + checkPermission(); mKeyguardViewMediator.onDreamingStarted(); } public void onDreamingStopped() { + checkPermission(); mKeyguardViewMediator.onDreamingStopped(); } public void onScreenTurnedOff(int reason) { + checkPermission(); mKeyguardViewMediator.onScreenTurnedOff(reason); } public void onScreenTurnedOn(IKeyguardShowCallback callback) { + checkPermission(); mKeyguardViewMediator.onScreenTurnedOn(callback); } public void setKeyguardEnabled(boolean enabled) { + checkPermission(); mKeyguardViewMediator.setKeyguardEnabled(enabled); } public boolean isDismissable() { return mKeyguardViewMediator.isDismissable(); } public void onSystemReady() { + checkPermission(); mKeyguardViewMediator.onSystemReady(); } public void doKeyguardTimeout(Bundle options) { + checkPermission(); mKeyguardViewMediator.doKeyguardTimeout(options); } public void setCurrentUser(int userId) { + checkPermission(); mKeyguardViewMediator.setCurrentUser(userId); } public void showAssistant() { + checkPermission(); mKeyguardViewMediator.showAssistant(); } }; diff --git a/packages/Keyguard/test/Android.mk b/packages/Keyguard/test/Android.mk new file mode 100644 index 0000000..d011df4 --- /dev/null +++ b/packages/Keyguard/test/Android.mk @@ -0,0 +1,28 @@ +# Copyright (C) 2013 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := $(call all-java-files-under, src) + +LOCAL_PACKAGE_NAME := KeyguardTest + +# Remove this to verify permission checks are working correctly +LOCAL_CERTIFICATE := platform + +# LOCAL_PROGUARD_FLAG_FILES := proguard.flags + +include $(BUILD_PACKAGE) diff --git a/packages/Keyguard/test/AndroidManifest.xml b/packages/Keyguard/test/AndroidManifest.xml new file mode 100644 index 0000000..b801e4b --- /dev/null +++ b/packages/Keyguard/test/AndroidManifest.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* +** Copyright 2013, The Android Open Source Project +** +** Licensed under the Apache License, Version 2.0 (the "License"); +** you may not use this file except in compliance with the License. +** You may obtain a copy of the License at +** +** http://www.apache.org/licenses/LICENSE-2.0 +** +** Unless required by applicable law or agreed to in writing, software +** distributed under the License is distributed on an "AS IS" BASIS, +** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +** See the License for the specific language governing permissions and +** limitations under the License. +*/ +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.keyguard.test"> + <uses-sdk android:minSdkVersion="10" android:targetSdkVersion="17"/> + <uses-permission android:name="android.permission.CONTROL_KEYGUARD" /> + <application android:label="@string/app_name" android:icon="@drawable/app_icon"> + <activity android:name=".KeyguardTestActivity" + android:label="@string/app_name" + android:theme="@android:style/Theme.Holo"> + <intent-filter> + <action android:name="android.intent.action.MAIN" /> + <category android:name="android.intent.category.LAUNCHER" /> + </intent-filter> + </activity> + </application> +</manifest> diff --git a/packages/Keyguard/test/res/drawable-hdpi/app_icon.png b/packages/Keyguard/test/res/drawable-hdpi/app_icon.png Binary files differnew file mode 100644 index 0000000..732133c --- /dev/null +++ b/packages/Keyguard/test/res/drawable-hdpi/app_icon.png diff --git a/packages/Keyguard/test/res/drawable-mdpi/app_icon.png b/packages/Keyguard/test/res/drawable-mdpi/app_icon.png Binary files differnew file mode 100644 index 0000000..30eb974 --- /dev/null +++ b/packages/Keyguard/test/res/drawable-mdpi/app_icon.png diff --git a/packages/Keyguard/test/res/drawable-xhdpi/app_icon.png b/packages/Keyguard/test/res/drawable-xhdpi/app_icon.png Binary files differnew file mode 100644 index 0000000..c44a330 --- /dev/null +++ b/packages/Keyguard/test/res/drawable-xhdpi/app_icon.png diff --git a/packages/Keyguard/res/layout/keyguard_test_activity.xml b/packages/Keyguard/test/res/layout/keyguard_test_activity.xml index a3b75b0..dab1088 100644 --- a/packages/Keyguard/res/layout/keyguard_test_activity.xml +++ b/packages/Keyguard/test/res/layout/keyguard_test_activity.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="utf-8"?> <!-- ** -** Copyright 2012, The Android Open Source Project +** Copyright 2013, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License") ** you may not use this file except in compliance with the License. diff --git a/packages/Keyguard/res/menu/optionmenu.xml b/packages/Keyguard/test/res/menu/optionmenu.xml index 22f300d..22f300d 100644 --- a/packages/Keyguard/res/menu/optionmenu.xml +++ b/packages/Keyguard/test/res/menu/optionmenu.xml diff --git a/packages/Keyguard/res/values/activitystrings.xml b/packages/Keyguard/test/res/values/strings.xml index 5af9dea..129204b 100644 --- a/packages/Keyguard/res/values/activitystrings.xml +++ b/packages/Keyguard/test/res/values/strings.xml @@ -2,7 +2,7 @@ <!-- /* //device/apps/common/assets/res/any/strings.xml ** -** Copyright 2006, The Android Open Source Project +** Copyright 2013, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardTestActivity.java b/packages/Keyguard/test/src/com/android/keyguard/test/KeyguardTestActivity.java index 0ff00e3..e89c10e 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardTestActivity.java +++ b/packages/Keyguard/test/src/com/android/keyguard/test/KeyguardTestActivity.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.keyguard; +package com.android.keyguard.test; import com.android.internal.policy.IKeyguardShowCallback; import com.android.internal.policy.IKeyguardExitCallback; @@ -28,6 +28,7 @@ import android.content.Context; import android.content.Intent; import android.content.ServiceConnection; import android.os.Bundle; +import android.os.Handler; import android.os.IBinder; import android.os.RemoteException; import android.os.SystemClock; @@ -56,6 +57,7 @@ public class KeyguardTestActivity extends Activity implements OnClickListener { private static final int MODE_SIM_PIN = 4; private static final int MODE_SIM_PUK = 5; private static final String SECURITY_MODE = "security_mode"; + Handler mHandler = new Handler(); IKeyguardService mService = null; @@ -76,13 +78,17 @@ public class KeyguardTestActivity extends Activity implements OnClickListener { class KeyguardExitCallback extends IKeyguardExitCallback.Stub { @Override - public void onKeyguardExitResult(boolean success) throws RemoteException { - new AlertDialog.Builder(KeyguardTestActivity.this) - .setMessage("Result: " + success) - .setPositiveButton("OK", null) - .show(); + public void onKeyguardExitResult(final boolean success) throws RemoteException { + mHandler.post(new Runnable() { + @Override + public void run() { + new AlertDialog.Builder(KeyguardTestActivity.this) + .setMessage("Result: " + success) + .setPositiveButton("OK", null) + .show(); + } + }); } - }; private class RemoteServiceConnection implements ServiceConnection { @@ -158,12 +164,13 @@ public class KeyguardTestActivity extends Activity implements OnClickListener { setMode(savedInstanceState.getInt(SECURITY_MODE)); } - @Override - public boolean onCreateOptionsMenu(Menu menu) { - MenuInflater inflater = getMenuInflater(); - inflater.inflate(R.menu.optionmenu, menu); - return true; - } +// TODO: Find a secure way to inject mock into keyguard... +// @Override +// public boolean onCreateOptionsMenu(Menu menu) { +// MenuInflater inflater = getMenuInflater(); +// inflater.inflate(R.menu.optionmenu, menu); +// return true; +// } private void setMode(int mode) { mTestSimPin = false; @@ -255,12 +262,22 @@ public class KeyguardTestActivity extends Activity implements OnClickListener { mService.doKeyguardTimeout(null); break; case R.id.verify_unlock: - mService.verifyUnlock(mKeyguardExitCallback); + mService.doKeyguardTimeout(null); + // Wait for keyguard to lock and then try this... + mHandler.postDelayed(new Runnable() { + @Override + public void run() { + try { + mService.verifyUnlock(mKeyguardExitCallback); + } catch (RemoteException e) { + Log.e(TAG, "Failed verifyUnlock()", e); + } + } + }, 5000); break; } } catch (RemoteException e) { - Log.e(TAG, "Remote service died"); - e.printStackTrace(); + Log.e(TAG, "onClick(): Failed due to remote exeption", e); } } |