From 6848dc8e3b54fb27047836d8026c4c9971754607 Mon Sep 17 00:00:00 2001 From: Jim Miller Date: Mon, 13 Oct 2014 18:51:53 -0700 Subject: Add a checkbox option to 'require password to decrypt' Fixes bug 17881324 Change-Id: Id94e593a172d686339c736473226fece1bb749ee --- .../android/internal/widget/LockPatternUtils.java | 53 +++++++++++++++++----- 1 file changed, 41 insertions(+), 12 deletions(-) (limited to 'core/java/com/android/internal/widget/LockPatternUtils.java') diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 2b7af4b..9a1c9fc 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -33,6 +33,7 @@ import android.os.IBinder; import android.os.RemoteException; import android.os.ServiceManager; import android.os.SystemClock; +import android.os.SystemProperties; import android.os.UserHandle; import android.os.UserManager; import android.os.storage.IMountService; @@ -556,11 +557,18 @@ public class LockPatternUtils { getLockSettings().setLockPattern(patternToString(pattern), userId); DevicePolicyManager dpm = getDevicePolicyManager(); if (pattern != null) { - - int userHandle = userId; - if (userHandle == UserHandle.USER_OWNER) { - String stringPattern = patternToString(pattern); - updateEncryptionPassword(StorageManager.CRYPT_TYPE_PATTERN, stringPattern); + // Update the device encryption password. + if (userId == UserHandle.USER_OWNER + && LockPatternUtils.isDeviceEncryptionEnabled()) { + final ContentResolver cr = mContext.getContentResolver(); + final boolean required = Settings.Global.getInt(cr, + Settings.Global.REQUIRE_PASSWORD_TO_DECRYPT, 1) == 1 ? true : false; + if (!required) { + clearEncryptionPassword(); + } else { + String stringPattern = patternToString(pattern); + updateEncryptionPassword(StorageManager.CRYPT_TYPE_PATTERN, stringPattern); + } } setBoolean(PATTERN_EVER_CHOSEN_KEY, true); @@ -785,13 +793,23 @@ public class LockPatternUtils { getLockSettings().setLockPassword(password, userHandle); int computedQuality = computePasswordQuality(password); - if (userHandle == UserHandle.USER_OWNER) { - // Update the encryption password. - int type = computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC - || computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX - ? StorageManager.CRYPT_TYPE_PIN - : StorageManager.CRYPT_TYPE_PASSWORD; - updateEncryptionPassword(type, password); + // Update the device encryption password. + if (userHandle == UserHandle.USER_OWNER + && LockPatternUtils.isDeviceEncryptionEnabled()) { + final ContentResolver cr = mContext.getContentResolver(); + final boolean required = Settings.Global.getInt(cr, + Settings.Global.REQUIRE_PASSWORD_TO_DECRYPT, 1) == 1 ? true : false; + if (!required) { + clearEncryptionPassword(); + } else { + boolean numeric = computedQuality + == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC; + boolean numericComplex = computedQuality + == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX; + int type = numeric || numericComplex ? StorageManager.CRYPT_TYPE_PIN + : StorageManager.CRYPT_TYPE_PASSWORD; + updateEncryptionPassword(type, password); + } } if (!isFallback) { @@ -895,6 +913,17 @@ public class LockPatternUtils { } /** + * Determine if the device supports encryption, even if it's set to default. This + * differs from isDeviceEncrypted() in that it returns true even if the device is + * encrypted with the default password. + * @return true if device encryption is enabled + */ + public static boolean isDeviceEncryptionEnabled() { + final String status = SystemProperties.get("ro.crypto.state", "unsupported"); + return "encrypted".equalsIgnoreCase(status); + } + + /** * Clears the encryption password. */ public void clearEncryptionPassword() { -- cgit v1.1