Merge "Update KeyguardManager.isDeviceLocked API" into lmp-mr1-dev

api/current.txt

@@ -4414,7 +4414,7 @@ package android.app {
     method public android.content.Intent createConfirmDeviceCredentialIntent(java.lang.CharSequence, java.lang.CharSequence);
     method public deprecated void exitKeyguardSecurely(android.app.KeyguardManager.OnKeyguardExitResult);
     method public boolean inKeyguardRestrictedInputMode();
-    method public boolean isKeyguardInTrustedState();
+    method public boolean isDeviceLocked();
     method public boolean isKeyguardLocked();
     method public boolean isKeyguardSecure();
     method public deprecated android.app.KeyguardManager.KeyguardLock newKeyguardLock(java.lang.String);

core/java/android/app/KeyguardManager.java

@@ -225,28 +225,28 @@ public class KeyguardManager {
     }
 
     /**
-     * Return whether unlocking the device is currently not requiring a password
-     * because of a trust agent.
+     * Returns whether the device is currently locked and requires a PIN, pattern or
+     * password to unlock.
      *
-     * @return true if the keyguard can currently be unlocked without entering credentials
-     *         because the device is in a trusted environment.
+     * @return true if unlocking the device currently requires a PIN, pattern or
+     * password.
      */
-    public boolean isKeyguardInTrustedState() {
-        return isKeyguardInTrustedState(UserHandle.getCallingUserId());
+    public boolean isDeviceLocked() {
+        return isDeviceLocked(UserHandle.getCallingUserId());
     }
 
     /**
-     * Return whether unlocking the device is currently not requiring a password
-     * because of a trust agent.
+     * Returns whether the device is currently locked and requires a PIN, pattern or
+     * password to unlock.
      *
-     * @param userId the user for which the trusted state should be reported.
-     * @return true if the keyguard can currently be unlocked without entering credentials
-     *         because the device is in a trusted environment.
+     * @param userId the user for which the locked state should be reported.
+     * @return true if unlocking the device currently requires a PIN, pattern or
+     * password.
      * @hide
      */
-    public boolean isKeyguardInTrustedState(int userId) {
+    public boolean isDeviceLocked(int userId) {
         try {
-            return mTrustManager.isTrusted(userId);
+            return mTrustManager.isDeviceLocked(userId);
         } catch (RemoteException e) {
             return false;
         }

core/java/android/app/trust/ITrustManager.aidl

@@ -29,5 +29,5 @@ interface ITrustManager {
     void reportRequireCredentialEntry(int userId);
     void registerTrustListener(in ITrustListener trustListener);
     void unregisterTrustListener(in ITrustListener trustListener);
-    boolean isTrusted(int userId);
+    boolean isDeviceLocked(int userId);
 }

core/java/com/android/internal/widget/LockPatternUtils.java

@@ -384,8 +384,16 @@ public class LockPatternUtils {
      * @return Whether a saved pattern exists.
      */
     public boolean savedPatternExists() {
+        return savedPatternExists(getCurrentOrCallingUserId());
+    }
+
+    /**
+     * Check to see if the user has stored a lock pattern.
+     * @return Whether a saved pattern exists.
+     */
+    public boolean savedPatternExists(int userId) {
         try {
-            return getLockSettings().havePattern(getCurrentOrCallingUserId());
+            return getLockSettings().havePattern(userId);
         } catch (RemoteException re) {
             return false;
         }
@@ -396,8 +404,16 @@ public class LockPatternUtils {
      * @return Whether a saved pattern exists.
      */
     public boolean savedPasswordExists() {
+        return savedPasswordExists(getCurrentOrCallingUserId());
+    }
+
+     /**
+     * Check to see if the user has stored a lock pattern.
+     * @return Whether a saved pattern exists.
+     */
+    public boolean savedPasswordExists(int userId) {
         try {
-            return getLockSettings().havePassword(getCurrentOrCallingUserId());
+            return getLockSettings().havePassword(userId);
         } catch (RemoteException re) {
             return false;
         }
@@ -955,8 +971,15 @@ public class LockPatternUtils {
      * @return true if the lockscreen method is set to biometric weak
      */
     public boolean usingBiometricWeak() {
-        int quality =
-                (int) getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED);
+        return usingBiometricWeak(getCurrentOrCallingUserId());
+    }
+
+    /**
+     * @return true if the lockscreen method is set to biometric weak
+     */
+    public boolean usingBiometricWeak(int userId) {
+        int quality = (int) getLong(
+                PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userId);
         return quality == DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK;
     }
 
@@ -1096,15 +1119,22 @@ public class LockPatternUtils {
      * @return Whether the lock pattern is enabled, or if it is set as a backup for biometric weak
      */
     public boolean isLockPatternEnabled() {
+        return isLockPatternEnabled(getCurrentOrCallingUserId());
+    }
+
+    /**
+     * @return Whether the lock pattern is enabled, or if it is set as a backup for biometric weak
+     */
+    public boolean isLockPatternEnabled(int userId) {
         final boolean backupEnabled =
                 getLong(PASSWORD_TYPE_ALTERNATE_KEY,
-                        DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED)
+                        DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userId)
                                 == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING;
 
-        return getBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, false)
-                && (getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED)
-                        == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING ||
-                        (usingBiometricWeak() && backupEnabled));
+        return getBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, false, userId)
+                && (getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED,
+                        userId) == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING
+                        || (usingBiometricWeak(userId) && backupEnabled));
     }
 
     /**
@@ -1485,15 +1515,20 @@ public class LockPatternUtils {
     }
 
     public boolean isSecure() {
-        long mode = getKeyguardStoredPasswordQuality();
+        return isSecure(getCurrentOrCallingUserId());
+    }
+
+    public boolean isSecure(int userId) {
+        long mode = getKeyguardStoredPasswordQuality(userId);
         final boolean isPattern = mode == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING;
         final boolean isPassword = mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC
                 || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
-        final boolean secure = isPattern && isLockPatternEnabled() && savedPatternExists()
-                || isPassword && savedPasswordExists();
+        final boolean secure =
+                isPattern && isLockPatternEnabled(userId) && savedPatternExists(userId)
+                || isPassword && savedPasswordExists(userId);
         return secure;
     }
 

packages/Keyguard/test/SampleTrustAgent/res/layout/sample_trust_agent_settings.xml

@@ -48,11 +48,11 @@
     <LinearLayout
             android:layout_width="match_parent"
             android:layout_height="wrap_content">
-        <Button android:id="@+id/check_trusted"
+        <Button android:id="@+id/check_device_locked"
                 android:layout_width="wrap_content"
                 android:layout_height="wrap_content"
-                android:text="Keyguard in trusted state?" />
-        <TextView android:id="@+id/check_trusted_result"
+                android:text="Device locked?" />
+        <TextView android:id="@+id/check_device_locked_result"
                 android:layout_width="0dp"
                 android:layout_height="wrap_content"
                 android:layout_weight="1" />

packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgentSettings.java

@@ -32,7 +32,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
 
     private CheckBox mReportUnlockAttempts;
     private CheckBox mManagingTrust;
-    private TextView mCheckTrustedStateResult;
+    private TextView mCheckDeviceLockedResult;
 
     private KeyguardManager mKeyguardManager;
 
@@ -48,7 +48,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
         findViewById(R.id.enable_trust).setOnClickListener(this);
         findViewById(R.id.revoke_trust).setOnClickListener(this);
         findViewById(R.id.crash).setOnClickListener(this);
-        findViewById(R.id.check_trusted).setOnClickListener(this);
+        findViewById(R.id.check_device_locked).setOnClickListener(this);
 
         mReportUnlockAttempts = (CheckBox) findViewById(R.id.report_unlock_attempts);
         mReportUnlockAttempts.setOnCheckedChangeListener(this);
@@ -56,7 +56,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
         mManagingTrust = (CheckBox) findViewById(R.id.managing_trust);
         mManagingTrust.setOnCheckedChangeListener(this);
 
-        mCheckTrustedStateResult = (TextView) findViewById(R.id.check_trusted_result);
+        mCheckDeviceLockedResult = (TextView) findViewById(R.id.check_device_locked_result);
     }
 
     @Override
@@ -77,7 +77,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
             SampleTrustAgent.sendRevokeTrust(this);
         } else if (id == R.id.crash) {
             throw new RuntimeException("crash");
-        } else if (id == R.id.check_trusted) {
+        } else if (id == R.id.check_device_locked) {
             updateTrustedState();
         }
     }
@@ -92,7 +92,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
     }
 
     private void updateTrustedState() {
-        mCheckTrustedStateResult.setText(Boolean.toString(
-                mKeyguardManager.isKeyguardInTrustedState()));
+        mCheckDeviceLockedResult.setText(Boolean.toString(
+                mKeyguardManager.isDeviceLocked()));
     }
 }

services/core/java/com/android/server/trust/TrustManagerService.java

@@ -61,6 +61,8 @@ import android.util.Log;
 import android.util.Slog;
 import android.util.SparseBooleanArray;
 import android.util.Xml;
+import android.view.WindowManagerGlobal;
+import android.view.WindowManagerInternal;
 
 import java.io.FileDescriptor;
 import java.io.IOException;
@@ -590,13 +592,26 @@ public class TrustManagerService extends SystemService {
         }
 
         @Override
-        public boolean isTrusted(int userId) throws RemoteException {
+        public boolean isDeviceLocked(int userId) throws RemoteException {
             userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
-                    false /* allowAll */, true /* requireFull */, "isTrusted", null);
+                    false /* allowAll */, true /* requireFull */, "isDeviceLocked", null);
             userId = resolveProfileParent(userId);
+
+            boolean isSecure = mLockPatternUtils.isSecure(userId);
+
+            boolean isTrusted;
             synchronized (mUserIsTrusted) {
-                return mUserIsTrusted.get(userId);
+                isTrusted = mUserIsTrusted.get(userId);
             }
+
+            boolean isLocked;
+            if (ActivityManager.getCurrentUser() != userId) {
+                isLocked = true;
+            } else {
+                isLocked = WindowManagerGlobal.getWindowManagerService().isKeyguardLocked();
+            }
+
+            return isSecure && isLocked && !isTrusted;
         }
 
         private void enforceReportPermission() {