Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only disable trust agents after lockout

Browse Source 
am: 9d6fc9246b

Change-Id: I1fd7860a5a2c452e4b3c2e3e8d1073c423c9f054
This commit is contained in:
Adrian Roos
2016-08-11 02:38:45 +00:00
committed by android-build-merger
parent c9c0edfa14 9d6fc9246b
commit 73b2f5981e
5 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -288,7 +288,6 @@ public class LockPatternUtils {
public void reportFailedPasswordAttempt(int userId) {
getDevicePolicyManager().reportFailedPasswordAttempt(userId);
getTrustManager().reportUnlockAttempt(false /* authenticated */, userId);
requireStrongAuth(StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL, userId);
}
public void reportSuccessfulPasswordAttempt(int userId) {
@@ -1544,7 +1543,8 @@ public class LockPatternUtils {
value = { STRONG_AUTH_NOT_REQUIRED,
STRONG_AUTH_REQUIRED_AFTER_BOOT,
STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,
SOME_AUTH_REQUIRED_AFTER_USER_REQUEST})
SOME_AUTH_REQUIRED_AFTER_USER_REQUEST,
STRONG_AUTH_REQUIRED_AFTER_LOCKOUT})
@Retention(RetentionPolicy.SOURCE)
public @interface StrongAuthFlags {}
@@ -1575,13 +1575,12 @@ public class LockPatternUtils {
public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8;
/**
* Some authentication is required because the user has entered a wrong credential.
* Strong auth flags that do not prevent fingerprint from being accepted as auth.
*
* If any other flags are set, fingerprint is disabled.
*/
public static final int SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL = 0x10;
private static final int ALLOWING_FINGERPRINT = STRONG_AUTH_NOT_REQUIRED
| SOME_AUTH_REQUIRED_AFTER_USER_REQUEST
| SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL;
| SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;
private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray();
private final H mHandler;

5
packages/Keyguard/src/com/android/keyguard/KeyguardSecurityView.java
View File

@@ -48,11 +48,6 @@ public interface KeyguardSecurityView {
*/
int PROMPT_REASON_AFTER_LOCKOUT = 5;
/**
* Some auth is required because a single wrong credential has been tried.
*/
int PROMPT_REASON_WRONG_CREDENTIAL = 6;
/**
* Interface back to keyguard to tell it when security
* @param callback

4
packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
View File

@@ -86,7 +86,6 @@ import java.util.List;
import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_USER_REQUEST;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
@@ -614,10 +613,7 @@ public class KeyguardViewMediator extends SystemUI {
return KeyguardSecurityView.PROMPT_REASON_USER_REQUEST;
} else if (any && (strongAuth & STRONG_AUTH_REQUIRED_AFTER_LOCKOUT) != 0) {
return KeyguardSecurityView.PROMPT_REASON_AFTER_LOCKOUT;
} else if (trust && (strongAuth & SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL) != 0) {
return KeyguardSecurityView.PROMPT_REASON_WRONG_CREDENTIAL;
}
return KeyguardSecurityView.PROMPT_REASON_NONE;
}
};

22
services/core/java/com/android/server/trust/TrustArchive.java
View File

@@ -37,6 +37,7 @@ public class TrustArchive {
private static final int TYPE_AGENT_CONNECTED = 4;
private static final int TYPE_AGENT_STOPPED = 5;
private static final int TYPE_MANAGING_TRUST = 6;
private static final int TYPE_POLICY_CHANGED = 7;
private static final int HISTORY_LIMIT = 200;
@@ -99,6 +100,10 @@ public class TrustArchive {
addEvent(new Event(TYPE_MANAGING_TRUST, userId, agent, null, 0, 0, managing));
}
public void logDevicePolicyChanged() {
addEvent(new Event(TYPE_POLICY_CHANGED, UserHandle.USER_ALL, null, null, 0, 0, false));
}
private void addEvent(Event e) {
if (mEvents.size() >= HISTORY_LIMIT) {
mEvents.removeFirst();
@@ -112,7 +117,8 @@ public class TrustArchive {
Iterator<Event> iter = mEvents.descendingIterator();
while (iter.hasNext() && count < limit) {
Event ev = iter.next();
if (userId != UserHandle.USER_ALL && userId != ev.userId) {
if (userId != UserHandle.USER_ALL && userId != ev.userId
&& ev.userId != UserHandle.USER_ALL) {
continue;
}
@@ -122,11 +128,13 @@ public class TrustArchive {
if (userId == UserHandle.USER_ALL) {
writer.print("user="); writer.print(ev.userId); writer.print(", ");
}
writer.print("agent=");
if (duplicateSimpleNames) {
writer.print(ev.agent.flattenToShortString());
} else {
writer.print(getSimpleName(ev.agent));
if (ev.agent != null) {
writer.print("agent=");
if (duplicateSimpleNames) {
writer.print(ev.agent.flattenToShortString());
} else {
writer.print(getSimpleName(ev.agent));
}
}
switch (ev.type) {
case TYPE_GRANT_TRUST:
@@ -181,6 +189,8 @@ public class TrustArchive {
return "AgentStopped";
case TYPE_MANAGING_TRUST:
return "ManagingTrust";
case TYPE_POLICY_CHANGED:
return "DevicePolicyChanged";
default:
return "Unknown(" + type + ")";
}

5
services/core/java/com/android/server/trust/TrustManagerService.java
View File

@@ -399,12 +399,17 @@ public class TrustManagerService extends SystemService {
}
void updateDevicePolicyFeatures() {
boolean changed = false;
for (int i = 0; i < mActiveAgents.size(); i++) {
AgentInfo info = mActiveAgents.valueAt(i);
if (info.agent.isConnected()) {
info.agent.updateDevicePolicyFeatures();
changed = true;
}
}
if (changed) {
mArchive.logDevicePolicyChanged();
}
}
private void removeAgentsOfPackage(String packageName) {