diff options
7 files changed, 89 insertions, 39 deletions
diff --git a/api/current.txt b/api/current.txt index c480a1b..8b33c03 100644 --- a/api/current.txt +++ b/api/current.txt @@ -4412,7 +4412,7 @@ package android.app { method public android.content.Intent createConfirmDeviceCredentialIntent(java.lang.CharSequence, java.lang.CharSequence); method public deprecated void exitKeyguardSecurely(android.app.KeyguardManager.OnKeyguardExitResult); method public boolean inKeyguardRestrictedInputMode(); - method public boolean isKeyguardInTrustedState(); + method public boolean isDeviceLocked(); method public boolean isKeyguardLocked(); method public boolean isKeyguardSecure(); method public deprecated android.app.KeyguardManager.KeyguardLock newKeyguardLock(java.lang.String); diff --git a/core/java/android/app/KeyguardManager.java b/core/java/android/app/KeyguardManager.java index 5038df9..ddd21e6 100644 --- a/core/java/android/app/KeyguardManager.java +++ b/core/java/android/app/KeyguardManager.java @@ -225,28 +225,28 @@ public class KeyguardManager { } /** - * Return whether unlocking the device is currently not requiring a password - * because of a trust agent. + * Returns whether the device is currently locked and requires a PIN, pattern or + * password to unlock. * - * @return true if the keyguard can currently be unlocked without entering credentials - * because the device is in a trusted environment. + * @return true if unlocking the device currently requires a PIN, pattern or + * password. */ - public boolean isKeyguardInTrustedState() { - return isKeyguardInTrustedState(UserHandle.getCallingUserId()); + public boolean isDeviceLocked() { + return isDeviceLocked(UserHandle.getCallingUserId()); } /** - * Return whether unlocking the device is currently not requiring a password - * because of a trust agent. + * Returns whether the device is currently locked and requires a PIN, pattern or + * password to unlock. * - * @param userId the user for which the trusted state should be reported. - * @return true if the keyguard can currently be unlocked without entering credentials - * because the device is in a trusted environment. + * @param userId the user for which the locked state should be reported. + * @return true if unlocking the device currently requires a PIN, pattern or + * password. * @hide */ - public boolean isKeyguardInTrustedState(int userId) { + public boolean isDeviceLocked(int userId) { try { - return mTrustManager.isTrusted(userId); + return mTrustManager.isDeviceLocked(userId); } catch (RemoteException e) { return false; } diff --git a/core/java/android/app/trust/ITrustManager.aidl b/core/java/android/app/trust/ITrustManager.aidl index 0193711..89156da 100644 --- a/core/java/android/app/trust/ITrustManager.aidl +++ b/core/java/android/app/trust/ITrustManager.aidl @@ -29,5 +29,5 @@ interface ITrustManager { void reportRequireCredentialEntry(int userId); void registerTrustListener(in ITrustListener trustListener); void unregisterTrustListener(in ITrustListener trustListener); - boolean isTrusted(int userId); + boolean isDeviceLocked(int userId); } diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 3ccced5..8d3db5b 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -384,8 +384,16 @@ public class LockPatternUtils { * @return Whether a saved pattern exists. */ public boolean savedPatternExists() { + return savedPatternExists(getCurrentOrCallingUserId()); + } + + /** + * Check to see if the user has stored a lock pattern. + * @return Whether a saved pattern exists. + */ + public boolean savedPatternExists(int userId) { try { - return getLockSettings().havePattern(getCurrentOrCallingUserId()); + return getLockSettings().havePattern(userId); } catch (RemoteException re) { return false; } @@ -396,8 +404,16 @@ public class LockPatternUtils { * @return Whether a saved pattern exists. */ public boolean savedPasswordExists() { + return savedPasswordExists(getCurrentOrCallingUserId()); + } + + /** + * Check to see if the user has stored a lock pattern. + * @return Whether a saved pattern exists. + */ + public boolean savedPasswordExists(int userId) { try { - return getLockSettings().havePassword(getCurrentOrCallingUserId()); + return getLockSettings().havePassword(userId); } catch (RemoteException re) { return false; } @@ -955,8 +971,15 @@ public class LockPatternUtils { * @return true if the lockscreen method is set to biometric weak */ public boolean usingBiometricWeak() { - int quality = - (int) getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED); + return usingBiometricWeak(getCurrentOrCallingUserId()); + } + + /** + * @return true if the lockscreen method is set to biometric weak + */ + public boolean usingBiometricWeak(int userId) { + int quality = (int) getLong( + PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userId); return quality == DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK; } @@ -1096,15 +1119,22 @@ public class LockPatternUtils { * @return Whether the lock pattern is enabled, or if it is set as a backup for biometric weak */ public boolean isLockPatternEnabled() { + return isLockPatternEnabled(getCurrentOrCallingUserId()); + } + + /** + * @return Whether the lock pattern is enabled, or if it is set as a backup for biometric weak + */ + public boolean isLockPatternEnabled(int userId) { final boolean backupEnabled = getLong(PASSWORD_TYPE_ALTERNATE_KEY, - DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) + DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userId) == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; - return getBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, false) - && (getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) - == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING || - (usingBiometricWeak() && backupEnabled)); + return getBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, false, userId) + && (getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, + userId) == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING + || (usingBiometricWeak(userId) && backupEnabled)); } /** @@ -1485,15 +1515,20 @@ public class LockPatternUtils { } public boolean isSecure() { - long mode = getKeyguardStoredPasswordQuality(); + return isSecure(getCurrentOrCallingUserId()); + } + + public boolean isSecure(int userId) { + long mode = getKeyguardStoredPasswordQuality(userId); final boolean isPattern = mode == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; final boolean isPassword = mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC || mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; - final boolean secure = isPattern && isLockPatternEnabled() && savedPatternExists() - || isPassword && savedPasswordExists(); + final boolean secure = + isPattern && isLockPatternEnabled(userId) && savedPatternExists(userId) + || isPassword && savedPasswordExists(userId); return secure; } diff --git a/packages/Keyguard/test/SampleTrustAgent/res/layout/sample_trust_agent_settings.xml b/packages/Keyguard/test/SampleTrustAgent/res/layout/sample_trust_agent_settings.xml index 63694a8..bb72c12 100644 --- a/packages/Keyguard/test/SampleTrustAgent/res/layout/sample_trust_agent_settings.xml +++ b/packages/Keyguard/test/SampleTrustAgent/res/layout/sample_trust_agent_settings.xml @@ -48,11 +48,11 @@ <LinearLayout android:layout_width="match_parent" android:layout_height="wrap_content"> - <Button android:id="@+id/check_trusted" + <Button android:id="@+id/check_device_locked" android:layout_width="wrap_content" android:layout_height="wrap_content" - android:text="Keyguard in trusted state?" /> - <TextView android:id="@+id/check_trusted_result" + android:text="Device locked?" /> + <TextView android:id="@+id/check_device_locked_result" android:layout_width="0dp" android:layout_height="wrap_content" android:layout_weight="1" /> diff --git a/packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgentSettings.java b/packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgentSettings.java index 39a599e..7edf2bb 100644 --- a/packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgentSettings.java +++ b/packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgentSettings.java @@ -32,7 +32,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi private CheckBox mReportUnlockAttempts; private CheckBox mManagingTrust; - private TextView mCheckTrustedStateResult; + private TextView mCheckDeviceLockedResult; private KeyguardManager mKeyguardManager; @@ -48,7 +48,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi findViewById(R.id.enable_trust).setOnClickListener(this); findViewById(R.id.revoke_trust).setOnClickListener(this); findViewById(R.id.crash).setOnClickListener(this); - findViewById(R.id.check_trusted).setOnClickListener(this); + findViewById(R.id.check_device_locked).setOnClickListener(this); mReportUnlockAttempts = (CheckBox) findViewById(R.id.report_unlock_attempts); mReportUnlockAttempts.setOnCheckedChangeListener(this); @@ -56,7 +56,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi mManagingTrust = (CheckBox) findViewById(R.id.managing_trust); mManagingTrust.setOnCheckedChangeListener(this); - mCheckTrustedStateResult = (TextView) findViewById(R.id.check_trusted_result); + mCheckDeviceLockedResult = (TextView) findViewById(R.id.check_device_locked_result); } @Override @@ -77,7 +77,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi SampleTrustAgent.sendRevokeTrust(this); } else if (id == R.id.crash) { throw new RuntimeException("crash"); - } else if (id == R.id.check_trusted) { + } else if (id == R.id.check_device_locked) { updateTrustedState(); } } @@ -92,7 +92,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi } private void updateTrustedState() { - mCheckTrustedStateResult.setText(Boolean.toString( - mKeyguardManager.isKeyguardInTrustedState())); + mCheckDeviceLockedResult.setText(Boolean.toString( + mKeyguardManager.isDeviceLocked())); } } diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 2388c85..361f0e6 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -61,6 +61,8 @@ import android.util.Log; import android.util.Slog; import android.util.SparseBooleanArray; import android.util.Xml; +import android.view.WindowManagerGlobal; +import android.view.WindowManagerInternal; import java.io.FileDescriptor; import java.io.IOException; @@ -590,13 +592,26 @@ public class TrustManagerService extends SystemService { } @Override - public boolean isTrusted(int userId) throws RemoteException { + public boolean isDeviceLocked(int userId) throws RemoteException { userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, - false /* allowAll */, true /* requireFull */, "isTrusted", null); + false /* allowAll */, true /* requireFull */, "isDeviceLocked", null); userId = resolveProfileParent(userId); + + boolean isSecure = mLockPatternUtils.isSecure(userId); + + boolean isTrusted; synchronized (mUserIsTrusted) { - return mUserIsTrusted.get(userId); + isTrusted = mUserIsTrusted.get(userId); + } + + boolean isLocked; + if (ActivityManager.getCurrentUser() != userId) { + isLocked = true; + } else { + isLocked = WindowManagerGlobal.getWindowManagerService().isKeyguardLocked(); } + + return isSecure && isLocked && !isTrusted; } private void enforceReportPermission() { |