Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 567c9788: am 44d4eeaa: Merge "Use default encryption password if an accessibility service is enabled." into lmp-dev

Browse Source 
* commit '567c97881b1d1719d32daaf647979e47e01be438':
  Use default encryption password if an accessibility service is enabled.
This commit is contained in:
Svetoslav
2014-10-01 15:15:03 +00:00
committed by Android Git Automerger
parent db963b1c5d 567c97881b
commit 344ffbc647
4 changed files with 102 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
core/java/android/view/AccessibilityManagerInternal.java Normal file
View File

@@ -0,0 +1,31 @@
/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.view;
/**
* Accessibility manager local system service interface.
*
* @hide Only for use within the system server.
*/
public abstract class AccessibilityManagerInternal {
/**
* Queries if the accessibility manager service permits setting
* a non-default encryption password.
*/
public abstract boolean isNonDefaultEncryptionPasswordAllowed();
}

24
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -877,6 +877,30 @@ public class LockPatternUtils {
}
}
/**
* Gets whether the device is encrypted.
*
* @return Whether the device is encrypted.
*/
public static boolean isDeviceEncrypted() {
IMountService mountService = IMountService.Stub.asInterface(
ServiceManager.getService("mount"));
try {
return mountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE
&& mountService.getPasswordType() != StorageManager.CRYPT_TYPE_DEFAULT;
} catch (RemoteException re) {
Log.e(TAG, "Error getting encryption state", re);
}
return true;
}
/**
* Clears the encryption password.
*/
public void clearEncryptionPassword() {
updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
}
/**
* Retrieves the quality mode we're in.
* {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}

32
services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
View File

@@ -67,6 +67,7 @@ import android.util.Pools.Pool;
import android.util.Pools.SimplePool;
import android.util.Slog;
import android.util.SparseArray;
import android.view.AccessibilityManagerInternal;
import android.view.Display;
import android.view.IWindow;
import android.view.InputDevice;
@@ -91,6 +92,7 @@ import android.view.accessibility.IAccessibilityManagerClient;
import com.android.internal.R;
import com.android.internal.content.PackageMonitor;
import com.android.internal.statusbar.IStatusBarService;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.LocalServices;
import org.xmlpull.v1.XmlPullParserException;
@@ -202,6 +204,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
private final UserManager mUserManager;
private final LockPatternUtils mLockPatternUtils;
private int mCurrentUserId = UserHandle.USER_OWNER;
//TODO: Remove this hack
@@ -225,9 +229,11 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
mSecurityPolicy = new SecurityPolicy();
mMainHandler = new MainHandler(mContext.getMainLooper());
mLockPatternUtils = new LockPatternUtils(context);
registerBroadcastReceivers();
new AccessibilityContentObserver(mMainHandler).register(
context.getContentResolver());
LocalServices.addService(AccessibilityManagerInternal.class, new LocalService());
}
private UserState getUserStateLocked(int userId) {
@@ -1294,6 +1300,7 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
updateTouchExplorationLocked(userState);
updateEnhancedWebAccessibilityLocked(userState);
updateDisplayColorAdjustmentSettingsLocked(userState);
updateEncryptionState(userState);
scheduleUpdateInputFilter(userState);
scheduleUpdateClientsIfNeededLocked(userState);
}
@@ -1570,6 +1577,21 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
}
private void updateEncryptionState(UserState userState) {
if (userState.mUserId != UserHandle.USER_OWNER) {
return;
}
if (hasRunningServicesLocked(userState) && LockPatternUtils.isDeviceEncrypted()) {
// If there are running accessibility services we do not have encryption as
// the user needs the accessibility layer to be running to authenticate.
mLockPatternUtils.clearEncryptionPassword();
}
}
private boolean hasRunningServicesLocked(UserState userState) {
return !userState.mBoundServices.isEmpty() || !userState.mBindingServices.isEmpty();
}
private MagnificationSpec getCompatibleMagnificationSpecLocked(int windowId) {
IBinder windowToken = mGlobalWindowTokens.get(windowId);
if (windowToken == null) {
@@ -3883,4 +3905,14 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
}
}
}
private final class LocalService extends AccessibilityManagerInternal {
@Override
public boolean isNonDefaultEncryptionPasswordAllowed() {
synchronized (mLock) {
UserState userState = getCurrentUserStateLocked();
return !hasRunningServicesLocked(userState);
}
}
}
}

17
services/core/java/com/android/server/MountService.java
View File

@@ -63,6 +63,7 @@ import android.util.AttributeSet;
import android.util.Slog;
import android.util.Xml;
import android.view.AccessibilityManagerInternal;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.app.IMediaContainerService;
@@ -557,6 +558,8 @@ class MountService extends IMountService.Stub
private final Handler mHandler;
private final AccessibilityManagerInternal mAccessibilityManagerInternal;
void waitForAsecScan() {
waitForLatch(mAsecsScanned);
}
@@ -1454,6 +1457,9 @@ class MountService extends IMountService.Stub
hthread.start();
mHandler = new MountServiceHandler(hthread.getLooper());
mAccessibilityManagerInternal = LocalServices.getService(
AccessibilityManagerInternal.class);
// Watch for user changes
final IntentFilter userFilter = new IntentFilter();
userFilter.addAction(Intent.ACTION_USER_ADDED);
@@ -2254,8 +2260,15 @@ class MountService extends IMountService.Stub
final NativeDaemonEvent event;
try {
// The accessibility layer may veto having a non-default encryption
// password because if there are enabled accessibility services the
// user cannot authenticate as the latter need access to the data.
if (!TextUtils.isEmpty(password)
&& !mAccessibilityManagerInternal.isNonDefaultEncryptionPasswordAllowed()) {
return getEncryptionState();
}
event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
new SensitiveArg(toHex(password)));
new SensitiveArg(toHex(password)));
return Integer.parseInt(event.getMessage());
} catch (NativeDaemonConnectorException e) {
// Encryption failed
@@ -2302,7 +2315,7 @@ class MountService extends IMountService.Stub
* @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager.
*/
@Override
public int getPasswordType() throws RemoteException {
public int getPasswordType() {
waitForReady();