Make Keyguard trust aware

Bug: 13723878 Change-Id: If1f54de4112a120848df72192b82e35b341e8ed3
2014-03-27 14:58:03 +01:00
parent 53ab5174d5
commit 46842d946d
6 changed files with 40 additions and 8 deletions
--- a/packages/Keyguard/AndroidManifest.xml
+++ b/packages/Keyguard/AndroidManifest.xml
@@ -39,6 +39,7 @@
    <uses-permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />
    <uses-permission android:name="android.permission.MEDIA_CONTENT_CONTROL" />
    <uses-permission android:name="android.permission.ACCESS_KEYGUARD_SECURE_STORAGE" />
+    <uses-permission android:name="android.permission.TRUST_LISTENER" />

    <application android:label="@string/app_name"
        android:process="com.android.systemui"
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardActivityLauncher.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardActivityLauncher.java
@@ -104,9 +104,10 @@ public abstract class KeyguardActivityLauncher {

        // Workaround to avoid camera release/acquisition race when resuming face unlock
        // after showing lockscreen camera (bug 11063890).
-        KeyguardUpdateMonitor.getInstance(getContext()).setAlternateUnlockEnabled(false);
+        KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(getContext());
+        updateMonitor.setAlternateUnlockEnabled(false);

-        if (lockPatternUtils.isSecure()) {
+        if (mustLaunchSecurely()) {
            // Launch the secure version of the camera
            if (wouldLaunchResolverActivity(SECURE_CAMERA_INTENT)) {
                // TODO: Show disambiguation dialog instead.
@@ -123,6 +124,13 @@ public abstract class KeyguardActivityLauncher {
        }
    }

+    private boolean mustLaunchSecurely() {
+        LockPatternUtils lockPatternUtils = getLockPatternUtils();
+        KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(getContext());
+        int currentUser = lockPatternUtils.getCurrentUser();
+        return lockPatternUtils.isSecure() && !updateMonitor.getUserHasTrust(currentUser);
+    }
+
    public void launchWidgetPicker(int appWidgetId) {
        Intent pickIntent = new Intent(AppWidgetManager.ACTION_KEYGUARD_APPWIDGET_PICK);

@@ -177,9 +185,9 @@ public abstract class KeyguardActivityLauncher {
                Intent.FLAG_ACTIVITY_NEW_TASK
                | Intent.FLAG_ACTIVITY_SINGLE_TOP
                | Intent.FLAG_ACTIVITY_CLEAR_TOP);
-        boolean isSecure = lockPatternUtils.isSecure();
-        if (!isSecure || showsWhileLocked) {
-            if (!isSecure) {
+        boolean mustLaunchSecurely = mustLaunchSecurely();
+        if (!mustLaunchSecurely || showsWhileLocked) {
+            if (!mustLaunchSecurely) {
                dismissKeyguardOnNextActivity();
            }
            try {
@@ -253,7 +261,7 @@ public abstract class KeyguardActivityLauncher {
    }

    private Intent getCameraIntent() {
-        return getLockPatternUtils().isSecure() ? SECURE_CAMERA_INTENT : INSECURE_CAMERA_INTENT;
+        return mustLaunchSecurely() ? SECURE_CAMERA_INTENT : INSECURE_CAMERA_INTENT;
    }

    private boolean wouldLaunchResolverActivity(Intent intent) {
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityModel.java
@@ -23,6 +23,7 @@ import com.android.internal.telephony.IccCardConstants;
 import com.android.internal.widget.LockPatternUtils;

 public class KeyguardSecurityModel {
+
    /**
     * The different types of security available for {@link Mode#UnlockScreen}.
     * @see com.android.internal.policy.impl.LockPatternKeyguardView#getUnlockMode()
@@ -82,6 +83,8 @@ public class KeyguardSecurityModel {
        } else if (simState == IccCardConstants.State.PUK_REQUIRED
                && mLockPatternUtils.isPukUnlockScreenEnable()) {
            mode = SecurityMode.SimPuk;
+        } else if (updateMonitor.getUserHasTrust(mLockPatternUtils.getCurrentUser())) {
+            mode = SecurityMode.None;
        } else {
            final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality();
            switch (security) {
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -20,6 +20,7 @@ import android.app.ActivityManagerNative;
 import android.app.IUserSwitchObserver;
 import android.app.PendingIntent;
 import android.app.admin.DevicePolicyManager;
+import android.app.trust.TrustManager;
 import android.content.BroadcastReceiver;
 import android.content.Context;
 import android.content.Intent;
@@ -51,6 +52,8 @@ import com.android.internal.telephony.TelephonyIntents;

 import android.telephony.TelephonyManager;
 import android.util.Log;
+import android.util.SparseBooleanArray;
+
 import com.google.android.collect.Lists;

 import java.lang.ref.WeakReference;
@@ -66,7 +69,7 @@ import java.util.ArrayList;
 * the device, and {@link #getFailedUnlockAttempts()}, {@link #reportFailedAttempt()}
 * and {@link #clearFailedUnlockAttempts()}.  Maybe we should rename this 'KeyguardContext'...
 */
-public class KeyguardUpdateMonitor {
+public class KeyguardUpdateMonitor implements TrustManager.TrustListener {

    private static final String TAG = "KeyguardUpdateMonitor";
    private static final boolean DEBUG = false;
@@ -205,6 +208,17 @@ public class KeyguardUpdateMonitor {

    private AudioManager mAudioManager;

+    private SparseBooleanArray mUserHasTrust = new SparseBooleanArray();
+
+    @Override
+    public void onTrustChanged(boolean enabled, int userId) {
+        mUserHasTrust.put(userId, enabled);
+    }
+
+    public boolean getUserHasTrust(int userId) {
+        return mUserHasTrust.get(userId);
+    }
+
    static class DisplayClientState {
        public int clientGeneration;
        public boolean clearing;
@@ -581,6 +595,9 @@ public class KeyguardUpdateMonitor {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
+
+        TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
+        trustManager.registerTrustListener(this);
    }

    private boolean isDeviceProvisionedInSettingsDb() {
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitorCallback.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitorCallback.java
@@ -178,4 +178,5 @@ class KeyguardUpdateMonitorCallback {
     * Called when the NFC Service has found a tag that is registered for NFC unlock.
     */
    public void onNfcUnlock() { }
+
 }
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardViewMediator.java
@@ -550,7 +550,9 @@ public class KeyguardViewMediator {

                @Override
                public int getSessionType() {
-                    return mLockPatternUtils.isSecure() ? Session.TYPE_KEYGUARD_SECURE
+                    return mLockPatternUtils.isSecure() && !mUpdateMonitor.getUserHasTrust(
+                            mLockPatternUtils.getCurrentUser())
+                            ? Session.TYPE_KEYGUARD_SECURE
                            : Session.TYPE_KEYGUARD_INSECURE;
                }
            }, new File(mContext.getCacheDir(), "keyguard_analytics.bin"));