From f7beed9883d15d2160b0555c537111d792454418 Mon Sep 17 00:00:00 2001
From: Adnan Begovic <adnan@cyngn.com>
Date: Tue, 27 Oct 2015 14:43:27 -0700
Subject: admin: Restore requireSecureKeyguard interface.

Change-Id: I3c0533bafdae77df953d5bff457a4efdb94167e7
---
 .../devicepolicy/DevicePolicyManagerService.java   | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'services')

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index cd2885b..c1a4243 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -93,6 +93,7 @@ import android.security.IKeyChainAliasCallback;
 import android.security.IKeyChainService;
 import android.security.KeyChain;
 import android.security.KeyChain.KeyChainConnection;
+import android.security.KeyStore;
 import android.service.persistentdata.PersistentDataBlockManager;
 import android.text.TextUtils;
 import android.util.Log;
@@ -4194,6 +4195,36 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    @Override
+    public boolean requireSecureKeyguard(int userHandle) {
+        if (!mHasFeature) {
+            return false;
+        }
+
+        int passwordQuality = getPasswordQuality(null, userHandle);
+        if (passwordQuality > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
+            return true;
+        }
+
+        int encryptionStatus = getStorageEncryptionStatus(userHandle);
+        if (encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE
+                || encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {
+            return true;
+        }
+
+        // Keystore.isEmpty() requires system UID
+        long token = Binder.clearCallingIdentity();
+        try {
+            if (!KeyStore.getInstance().isEmpty()) {
+                return true;
+            }
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+
+        return false;
+    }
+
     // Returns the active device owner or null if there is no device owner.
     private ActiveAdmin getDeviceOwnerAdmin() {
         String deviceOwnerPackageName = getDeviceOwner();
-- 
cgit v1.1