Introduced DO_NOT_ASK_CREDENTIALS_ON_BOOT flag

A new flag for DPM.resetPassword() method that specifies that the device should be decrypted without asking for the password or pattern. Bug 19250601 Related CL in Settings App: https://googleplex-android-review.git.corp.google.com/#/c/670206 Change-Id: I9ca3472dc18e66e618ff772dee16ca4a450e9997
author: Andrei Kapishnikov <kapishnikov@google.com> 2015-04-02 15:21:20 -0400
committer: Andrei Kapishnikov <kapishnikov@google.com> 2015-04-21 11:07:09 -0400
commit: 4eb6a36922f5e98fe181c0326cc5721f0e7589ca (patch)
tree: 8f56b25a90c4512c096be5126b8890e90b101a66 /services/devicepolicy/java
parent: 225d06624a86bdfdd7ced5c9f04b2ac834878727 (diff)
download: frameworks_base-4eb6a36922f5e98fe181c0326cc5721f0e7589ca.zip
frameworks_base-4eb6a36922f5e98fe181c0326cc5721f0e7589ca.tar.gz
frameworks_base-4eb6a36922f5e98fe181c0326cc5721f0e7589ca.tar.bz2
1 files changed, 54 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index bc0910e..c2e8ccc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -160,6 +160,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
     private static final String ATTR_ENABLED = "enabled";
 
+    private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML =
+            "do-not-ask-credentials-on-boot";
+
     private static final int REQUEST_EXPIRE_PASSWORD = 5571;
 
     private static final long MS_PER_DAY = 86400 * 1000;
@@ -307,6 +310,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
         String mDelegatedCertInstallerPackage;
 
+        boolean doNotAskCredentialsOnBoot = false;
+
         public DevicePolicyData(int userHandle) {
             mUserHandle = userHandle;
         }
@@ -1456,6 +1461,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 out.endTag(null, TAG_STATUS_BAR);
             }
 
+            if (policy.doNotAskCredentialsOnBoot) {
+                out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
+                out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
+            }
+
             out.endTag(null, "policies");
 
             out.endDocument();
@@ -1581,6 +1591,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                     policy.mStatusBarEnabledState = Boolean.parseBoolean(
                             parser.getAttributeValue(null, ATTR_ENABLED));
                     XmlUtils.skipCurrentTag(parser);
+                } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) {
+                    policy.doNotAskCredentialsOnBoot = true;
                 } else {
                     Slog.w(LOG_TAG, "Unknown tag: " + tag);
                     XmlUtils.skipCurrentTag(parser);
@@ -2840,6 +2852,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return false;
         }
 
+        boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwnerOrInitializer(callingUid);
+        boolean doNotAskCredentialsOnBoot =
+                (flags & DevicePolicyManager.DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0;
+        if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) {
+            setDoNotAskCredentialsOnBoot();
+        }
+
         // Don't do this with the lock held, because it is going to call
         // back in to the service.
         long ident = Binder.clearCallingIdentity();
@@ -2868,6 +2887,25 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         return true;
     }
 
+    private void setDoNotAskCredentialsOnBoot() {
+        synchronized (this) {
+            DevicePolicyData policyData = getUserData(UserHandle.USER_OWNER);
+            if (!policyData.doNotAskCredentialsOnBoot) {
+                policyData.doNotAskCredentialsOnBoot = true;
+                saveSettingsLocked(UserHandle.USER_OWNER);
+            }
+        }
+    }
+
+    public boolean getDoNotAskCredentialsOnBoot() {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null);
+        synchronized (this) {
+            DevicePolicyData policyData = getUserData(UserHandle.USER_OWNER);
+            return policyData.doNotAskCredentialsOnBoot;
+        }
+    }
+
     public void setMaximumTimeToLock(ComponentName who, long timeMs) {
         if (!mHasFeature) {
             return;
@@ -6036,4 +6074,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return mDeviceOwner.getSystemUpdatePolicy();
         }
     }
+
+    /**
+     * Checks if the caller of the method is the device owner app or device initialization app.
+     *
+     * @param callerUid UID of the caller.
+     * @return true if the caller is the device owner app or device initializer.
+     */
+    private boolean isCallerDeviceOwnerOrInitializer(int callerUid) {
+        String[] pkgs = mContext.getPackageManager().getPackagesForUid(callerUid);
+        for (String pkg : pkgs) {
+            if (isDeviceOwner(pkg) || isDeviceInitializer(pkg)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
author	Andrei Kapishnikov <kapishnikov@google.com>	2015-04-02 15:21:20 -0400
committer	Andrei Kapishnikov <kapishnikov@google.com>	2015-04-21 11:07:09 -0400
commit	4eb6a36922f5e98fe181c0326cc5721f0e7589ca (patch)
tree	8f56b25a90c4512c096be5126b8890e90b101a66 /services/devicepolicy/java
parent	225d06624a86bdfdd7ced5c9f04b2ac834878727 (diff)
download	frameworks_base-4eb6a36922f5e98fe181c0326cc5721f0e7589ca.zip frameworks_base-4eb6a36922f5e98fe181c0326cc5721f0e7589ca.tar.gz frameworks_base-4eb6a36922f5e98fe181c0326cc5721f0e7589ca.tar.bz2