0698a21631
The code now observes whether accessibility is turned on when deciding the default state. Additionally, it fixes a bug where the user can back out of EncryptionInterstitial and leave the setting in a bad state. We now propagate the state until the place where it ultimately gets stored. Also fixes problem where Encryption was ignoring the state where the device was already encrypted. Fixes bug 17881324 Change-Id: Iec09e4464832a506bb2a78bb14a38b3531971fa0
826 lines
37 KiB
Java
826 lines
37 KiB
Java
/*
|
|
* Copyright (C) 2007 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package com.android.settings;
|
|
|
|
|
|
import android.app.Activity;
|
|
import android.app.AlertDialog;
|
|
import android.app.admin.DevicePolicyManager;
|
|
import android.content.ComponentName;
|
|
import android.content.Context;
|
|
import android.content.DialogInterface;
|
|
import android.content.Intent;
|
|
import android.content.pm.PackageManager;
|
|
import android.content.pm.ResolveInfo;
|
|
import android.content.pm.UserInfo;
|
|
import android.content.res.Resources;
|
|
import android.os.Bundle;
|
|
import android.os.UserHandle;
|
|
import android.os.UserManager;
|
|
import android.preference.SwitchPreference;
|
|
import android.preference.ListPreference;
|
|
import android.preference.Preference;
|
|
import android.preference.Preference.OnPreferenceChangeListener;
|
|
import android.preference.PreferenceGroup;
|
|
import android.preference.PreferenceScreen;
|
|
import android.provider.SearchIndexableResource;
|
|
import android.provider.Settings;
|
|
import android.provider.Settings.SettingNotFoundException;
|
|
import android.security.KeyStore;
|
|
import android.service.trust.TrustAgentService;
|
|
import android.telephony.TelephonyManager;
|
|
import android.text.TextUtils;
|
|
import android.util.Log;
|
|
|
|
import com.android.internal.widget.LockPatternUtils;
|
|
import com.android.settings.TrustAgentUtils.TrustAgentComponentInfo;
|
|
import com.android.settings.search.BaseSearchIndexProvider;
|
|
import com.android.settings.search.Index;
|
|
import com.android.settings.search.Indexable;
|
|
import com.android.settings.search.SearchIndexableRaw;
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
|
|
import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT;
|
|
|
|
/**
|
|
* Gesture lock pattern settings.
|
|
*/
|
|
public class SecuritySettings extends SettingsPreferenceFragment
|
|
implements OnPreferenceChangeListener, DialogInterface.OnClickListener, Indexable {
|
|
private static final String TRUST_AGENT_CLICK_INTENT = "trust_agent_click_intent";
|
|
static final String TAG = "SecuritySettings";
|
|
private static final Intent TRUST_AGENT_INTENT =
|
|
new Intent(TrustAgentService.SERVICE_INTERFACE);
|
|
|
|
// Lock Settings
|
|
private static final String KEY_UNLOCK_SET_OR_CHANGE = "unlock_set_or_change";
|
|
private static final String KEY_BIOMETRIC_WEAK_IMPROVE_MATCHING =
|
|
"biometric_weak_improve_matching";
|
|
private static final String KEY_BIOMETRIC_WEAK_LIVELINESS = "biometric_weak_liveliness";
|
|
private static final String KEY_LOCK_ENABLED = "lockenabled";
|
|
private static final String KEY_VISIBLE_PATTERN = "visiblepattern";
|
|
private static final String KEY_SECURITY_CATEGORY = "security_category";
|
|
private static final String KEY_DEVICE_ADMIN_CATEGORY = "device_admin_category";
|
|
private static final String KEY_LOCK_AFTER_TIMEOUT = "lock_after_timeout";
|
|
private static final String KEY_OWNER_INFO_SETTINGS = "owner_info_settings";
|
|
private static final String KEY_ADVANCED_SECURITY = "advanced_security";
|
|
private static final String KEY_MANAGE_TRUST_AGENTS = "manage_trust_agents";
|
|
|
|
private static final int SET_OR_CHANGE_LOCK_METHOD_REQUEST = 123;
|
|
private static final int CONFIRM_EXISTING_FOR_BIOMETRIC_WEAK_IMPROVE_REQUEST = 124;
|
|
private static final int CONFIRM_EXISTING_FOR_BIOMETRIC_WEAK_LIVELINESS_OFF = 125;
|
|
private static final int CHANGE_TRUST_AGENT_SETTINGS = 126;
|
|
|
|
// Misc Settings
|
|
private static final String KEY_SIM_LOCK = "sim_lock";
|
|
private static final String KEY_SHOW_PASSWORD = "show_password";
|
|
private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
|
|
private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
|
|
private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
|
|
private static final String KEY_TOGGLE_INSTALL_APPLICATIONS = "toggle_install_applications";
|
|
private static final String KEY_POWER_INSTANTLY_LOCKS = "power_button_instantly_locks";
|
|
private static final String KEY_CREDENTIALS_MANAGER = "credentials_management";
|
|
private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive";
|
|
private static final String KEY_TRUST_AGENT = "trust_agent";
|
|
private static final String KEY_SCREEN_PINNING = "screen_pinning_settings";
|
|
|
|
// These switch preferences need special handling since they're not all stored in Settings.
|
|
private static final String SWITCH_PREFERENCE_KEYS[] = { KEY_LOCK_AFTER_TIMEOUT,
|
|
KEY_LOCK_ENABLED, KEY_VISIBLE_PATTERN, KEY_BIOMETRIC_WEAK_LIVELINESS,
|
|
KEY_POWER_INSTANTLY_LOCKS, KEY_SHOW_PASSWORD, KEY_TOGGLE_INSTALL_APPLICATIONS };
|
|
|
|
// Only allow one trust agent on the platform.
|
|
private static final boolean ONLY_ONE_TRUST_AGENT = true;
|
|
|
|
private DevicePolicyManager mDPM;
|
|
|
|
private ChooseLockSettingsHelper mChooseLockSettingsHelper;
|
|
private LockPatternUtils mLockPatternUtils;
|
|
private ListPreference mLockAfter;
|
|
|
|
private SwitchPreference mBiometricWeakLiveliness;
|
|
private SwitchPreference mVisiblePattern;
|
|
|
|
private SwitchPreference mShowPassword;
|
|
|
|
private KeyStore mKeyStore;
|
|
private Preference mResetCredentials;
|
|
|
|
private SwitchPreference mToggleAppInstallation;
|
|
private DialogInterface mWarnInstallApps;
|
|
private SwitchPreference mPowerButtonInstantlyLocks;
|
|
|
|
private boolean mIsPrimary;
|
|
|
|
private Intent mTrustAgentClickIntent;
|
|
|
|
@Override
|
|
public void onCreate(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
|
|
mLockPatternUtils = new LockPatternUtils(getActivity());
|
|
|
|
mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
|
|
|
|
mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity());
|
|
|
|
if (savedInstanceState != null
|
|
&& savedInstanceState.containsKey(TRUST_AGENT_CLICK_INTENT)) {
|
|
mTrustAgentClickIntent = savedInstanceState.getParcelable(TRUST_AGENT_CLICK_INTENT);
|
|
}
|
|
}
|
|
|
|
private static int getResIdForLockUnlockScreen(Context context,
|
|
LockPatternUtils lockPatternUtils) {
|
|
int resid = 0;
|
|
if (!lockPatternUtils.isSecure()) {
|
|
// if there are multiple users, disable "None" setting
|
|
UserManager mUm = (UserManager) context. getSystemService(Context.USER_SERVICE);
|
|
List<UserInfo> users = mUm.getUsers(true);
|
|
final boolean singleUser = users.size() == 1;
|
|
|
|
if (singleUser && lockPatternUtils.isLockScreenDisabled()) {
|
|
resid = R.xml.security_settings_lockscreen;
|
|
} else {
|
|
resid = R.xml.security_settings_chooser;
|
|
}
|
|
} else if (lockPatternUtils.usingBiometricWeak() &&
|
|
lockPatternUtils.isBiometricWeakInstalled()) {
|
|
resid = R.xml.security_settings_biometric_weak;
|
|
} else {
|
|
switch (lockPatternUtils.getKeyguardStoredPasswordQuality()) {
|
|
case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
|
|
resid = R.xml.security_settings_pattern;
|
|
break;
|
|
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
|
|
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
|
|
resid = R.xml.security_settings_pin;
|
|
break;
|
|
case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
|
|
case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
|
|
case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
|
|
resid = R.xml.security_settings_password;
|
|
break;
|
|
}
|
|
}
|
|
return resid;
|
|
}
|
|
|
|
/**
|
|
* Important!
|
|
*
|
|
* Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the
|
|
* logic or adding/removing preferences here.
|
|
*/
|
|
private PreferenceScreen createPreferenceHierarchy() {
|
|
PreferenceScreen root = getPreferenceScreen();
|
|
if (root != null) {
|
|
root.removeAll();
|
|
}
|
|
addPreferencesFromResource(R.xml.security_settings);
|
|
root = getPreferenceScreen();
|
|
|
|
// Add options for lock/unlock screen
|
|
final int resid = getResIdForLockUnlockScreen(getActivity(), mLockPatternUtils);
|
|
addPreferencesFromResource(resid);
|
|
|
|
// Add options for device encryption
|
|
mIsPrimary = UserHandle.myUserId() == UserHandle.USER_OWNER;
|
|
|
|
if (!mIsPrimary) {
|
|
// Rename owner info settings
|
|
Preference ownerInfoPref = findPreference(KEY_OWNER_INFO_SETTINGS);
|
|
if (ownerInfoPref != null) {
|
|
if (UserManager.get(getActivity()).isLinkedUser()) {
|
|
ownerInfoPref.setTitle(R.string.profile_info_settings_title);
|
|
} else {
|
|
ownerInfoPref.setTitle(R.string.user_info_settings_title);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (mIsPrimary) {
|
|
if (LockPatternUtils.isDeviceEncryptionEnabled()) {
|
|
// The device is currently encrypted.
|
|
addPreferencesFromResource(R.xml.security_settings_encrypted);
|
|
} else {
|
|
// This device supports encryption but isn't encrypted.
|
|
addPreferencesFromResource(R.xml.security_settings_unencrypted);
|
|
}
|
|
}
|
|
|
|
// Trust Agent preferences
|
|
PreferenceGroup securityCategory = (PreferenceGroup)
|
|
root.findPreference(KEY_SECURITY_CATEGORY);
|
|
if (securityCategory != null) {
|
|
final boolean hasSecurity = mLockPatternUtils.isSecure();
|
|
ArrayList<TrustAgentComponentInfo> agents =
|
|
getActiveTrustAgents(getPackageManager(), mLockPatternUtils);
|
|
for (int i = 0; i < agents.size(); i++) {
|
|
final TrustAgentComponentInfo agent = agents.get(i);
|
|
Preference trustAgentPreference =
|
|
new Preference(securityCategory.getContext());
|
|
trustAgentPreference.setKey(KEY_TRUST_AGENT);
|
|
trustAgentPreference.setTitle(agent.title);
|
|
trustAgentPreference.setSummary(agent.summary);
|
|
// Create intent for this preference.
|
|
Intent intent = new Intent();
|
|
intent.setComponent(agent.componentName);
|
|
intent.setAction(Intent.ACTION_MAIN);
|
|
trustAgentPreference.setIntent(intent);
|
|
// Add preference to the settings menu.
|
|
securityCategory.addPreference(trustAgentPreference);
|
|
if (!hasSecurity) {
|
|
trustAgentPreference.setEnabled(false);
|
|
trustAgentPreference.setSummary(R.string.disabled_because_no_backup_security);
|
|
}
|
|
}
|
|
}
|
|
|
|
// lock after preference
|
|
mLockAfter = (ListPreference) root.findPreference(KEY_LOCK_AFTER_TIMEOUT);
|
|
if (mLockAfter != null) {
|
|
setupLockAfterPreference();
|
|
updateLockAfterPreferenceSummary();
|
|
}
|
|
|
|
// biometric weak liveliness
|
|
mBiometricWeakLiveliness =
|
|
(SwitchPreference) root.findPreference(KEY_BIOMETRIC_WEAK_LIVELINESS);
|
|
|
|
// visible pattern
|
|
mVisiblePattern = (SwitchPreference) root.findPreference(KEY_VISIBLE_PATTERN);
|
|
|
|
// lock instantly on power key press
|
|
mPowerButtonInstantlyLocks = (SwitchPreference) root.findPreference(
|
|
KEY_POWER_INSTANTLY_LOCKS);
|
|
Preference trustAgentPreference = root.findPreference(KEY_TRUST_AGENT);
|
|
if (mPowerButtonInstantlyLocks != null &&
|
|
trustAgentPreference != null &&
|
|
trustAgentPreference.getTitle().length() > 0) {
|
|
mPowerButtonInstantlyLocks.setSummary(getString(
|
|
R.string.lockpattern_settings_power_button_instantly_locks_summary,
|
|
trustAgentPreference.getTitle()));
|
|
}
|
|
|
|
// don't display visible pattern if biometric and backup is not pattern
|
|
if (resid == R.xml.security_settings_biometric_weak &&
|
|
mLockPatternUtils.getKeyguardStoredPasswordQuality() !=
|
|
DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) {
|
|
if (securityCategory != null && mVisiblePattern != null) {
|
|
securityCategory.removePreference(root.findPreference(KEY_VISIBLE_PATTERN));
|
|
}
|
|
}
|
|
|
|
// Append the rest of the settings
|
|
addPreferencesFromResource(R.xml.security_settings_misc);
|
|
|
|
// Do not display SIM lock for devices without an Icc card
|
|
TelephonyManager tm = TelephonyManager.getDefault();
|
|
if (!mIsPrimary || !tm.hasIccCard()) {
|
|
root.removePreference(root.findPreference(KEY_SIM_LOCK));
|
|
} else {
|
|
// Disable SIM lock if sim card is missing or unknown
|
|
if ((TelephonyManager.getDefault().getSimState() ==
|
|
TelephonyManager.SIM_STATE_ABSENT) ||
|
|
(TelephonyManager.getDefault().getSimState() ==
|
|
TelephonyManager.SIM_STATE_UNKNOWN)) {
|
|
root.findPreference(KEY_SIM_LOCK).setEnabled(false);
|
|
}
|
|
}
|
|
if (Settings.System.getInt(getContentResolver(),
|
|
Settings.System.LOCK_TO_APP_ENABLED, 0) != 0) {
|
|
root.findPreference(KEY_SCREEN_PINNING).setSummary(
|
|
getResources().getString(R.string.switch_on_text));
|
|
}
|
|
|
|
// Show password
|
|
mShowPassword = (SwitchPreference) root.findPreference(KEY_SHOW_PASSWORD);
|
|
mResetCredentials = root.findPreference(KEY_RESET_CREDENTIALS);
|
|
|
|
// Credential storage
|
|
final UserManager um = (UserManager) getActivity().getSystemService(Context.USER_SERVICE);
|
|
mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume()
|
|
if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
|
|
Preference credentialStorageType = root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE);
|
|
|
|
final int storageSummaryRes =
|
|
mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware
|
|
: R.string.credential_storage_type_software;
|
|
credentialStorageType.setSummary(storageSummaryRes);
|
|
} else {
|
|
PreferenceGroup credentialsManager = (PreferenceGroup)
|
|
root.findPreference(KEY_CREDENTIALS_MANAGER);
|
|
credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
|
|
credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
|
|
credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
|
|
}
|
|
|
|
// Application install
|
|
PreferenceGroup deviceAdminCategory = (PreferenceGroup)
|
|
root.findPreference(KEY_DEVICE_ADMIN_CATEGORY);
|
|
mToggleAppInstallation = (SwitchPreference) findPreference(
|
|
KEY_TOGGLE_INSTALL_APPLICATIONS);
|
|
mToggleAppInstallation.setChecked(isNonMarketAppsAllowed());
|
|
// Side loading of apps.
|
|
mToggleAppInstallation.setEnabled(mIsPrimary);
|
|
if (um.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)
|
|
|| um.hasUserRestriction(UserManager.DISALLOW_INSTALL_APPS)) {
|
|
mToggleAppInstallation.setEnabled(false);
|
|
}
|
|
|
|
// Advanced Security features
|
|
PreferenceGroup advancedCategory =
|
|
(PreferenceGroup)root.findPreference(KEY_ADVANCED_SECURITY);
|
|
if (advancedCategory != null) {
|
|
Preference manageAgents = advancedCategory.findPreference(KEY_MANAGE_TRUST_AGENTS);
|
|
if (manageAgents != null && !mLockPatternUtils.isSecure()) {
|
|
manageAgents.setEnabled(false);
|
|
manageAgents.setSummary(R.string.disabled_because_no_backup_security);
|
|
}
|
|
}
|
|
|
|
// The above preferences come and go based on security state, so we need to update
|
|
// the index. This call is expected to be fairly cheap, but we may want to do something
|
|
// smarter in the future.
|
|
Index.getInstance(getActivity())
|
|
.updateFromClassNameResource(SecuritySettings.class.getName(), true, true);
|
|
|
|
for (int i = 0; i < SWITCH_PREFERENCE_KEYS.length; i++) {
|
|
final Preference pref = findPreference(SWITCH_PREFERENCE_KEYS[i]);
|
|
if (pref != null) pref.setOnPreferenceChangeListener(this);
|
|
}
|
|
return root;
|
|
}
|
|
|
|
private static ArrayList<TrustAgentComponentInfo> getActiveTrustAgents(
|
|
PackageManager pm, LockPatternUtils utils) {
|
|
ArrayList<TrustAgentComponentInfo> result = new ArrayList<TrustAgentComponentInfo>();
|
|
List<ResolveInfo> resolveInfos = pm.queryIntentServices(TRUST_AGENT_INTENT,
|
|
PackageManager.GET_META_DATA);
|
|
List<ComponentName> enabledTrustAgents = utils.getEnabledTrustAgents();
|
|
if (enabledTrustAgents != null && !enabledTrustAgents.isEmpty()) {
|
|
for (int i = 0; i < resolveInfos.size(); i++) {
|
|
ResolveInfo resolveInfo = resolveInfos.get(i);
|
|
if (resolveInfo.serviceInfo == null) continue;
|
|
if (!TrustAgentUtils.checkProvidePermission(resolveInfo, pm)) continue;
|
|
TrustAgentComponentInfo trustAgentComponentInfo =
|
|
TrustAgentUtils.getSettingsComponent(pm, resolveInfo);
|
|
if (trustAgentComponentInfo.componentName == null ||
|
|
!enabledTrustAgents.contains(
|
|
TrustAgentUtils.getComponentName(resolveInfo)) ||
|
|
TextUtils.isEmpty(trustAgentComponentInfo.title)) continue;
|
|
result.add(trustAgentComponentInfo);
|
|
if (ONLY_ONE_TRUST_AGENT) break;
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
private boolean isNonMarketAppsAllowed() {
|
|
return Settings.Global.getInt(getContentResolver(),
|
|
Settings.Global.INSTALL_NON_MARKET_APPS, 0) > 0;
|
|
}
|
|
|
|
private void setNonMarketAppsAllowed(boolean enabled) {
|
|
final UserManager um = (UserManager) getActivity().getSystemService(Context.USER_SERVICE);
|
|
if (um.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)) {
|
|
return;
|
|
}
|
|
// Change the system setting
|
|
Settings.Global.putInt(getContentResolver(), Settings.Global.INSTALL_NON_MARKET_APPS,
|
|
enabled ? 1 : 0);
|
|
}
|
|
|
|
private void warnAppInstallation() {
|
|
// TODO: DialogFragment?
|
|
mWarnInstallApps = new AlertDialog.Builder(getActivity()).setTitle(
|
|
getResources().getString(R.string.error_title))
|
|
.setIcon(com.android.internal.R.drawable.ic_dialog_alert)
|
|
.setMessage(getResources().getString(R.string.install_all_warning))
|
|
.setPositiveButton(android.R.string.yes, this)
|
|
.setNegativeButton(android.R.string.no, this)
|
|
.show();
|
|
}
|
|
|
|
@Override
|
|
public void onClick(DialogInterface dialog, int which) {
|
|
if (dialog == mWarnInstallApps) {
|
|
boolean turnOn = which == DialogInterface.BUTTON_POSITIVE;
|
|
setNonMarketAppsAllowed(turnOn);
|
|
if (mToggleAppInstallation != null) {
|
|
mToggleAppInstallation.setChecked(turnOn);
|
|
}
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public void onDestroy() {
|
|
super.onDestroy();
|
|
if (mWarnInstallApps != null) {
|
|
mWarnInstallApps.dismiss();
|
|
}
|
|
}
|
|
|
|
private void setupLockAfterPreference() {
|
|
// Compatible with pre-Froyo
|
|
long currentTimeout = Settings.Secure.getLong(getContentResolver(),
|
|
Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000);
|
|
mLockAfter.setValue(String.valueOf(currentTimeout));
|
|
mLockAfter.setOnPreferenceChangeListener(this);
|
|
final long adminTimeout = (mDPM != null ? mDPM.getMaximumTimeToLock(null) : 0);
|
|
final long displayTimeout = Math.max(0,
|
|
Settings.System.getInt(getContentResolver(), SCREEN_OFF_TIMEOUT, 0));
|
|
if (adminTimeout > 0) {
|
|
// This setting is a slave to display timeout when a device policy is enforced.
|
|
// As such, maxLockTimeout = adminTimeout - displayTimeout.
|
|
// If there isn't enough time, shows "immediately" setting.
|
|
disableUnusableTimeouts(Math.max(0, adminTimeout - displayTimeout));
|
|
}
|
|
}
|
|
|
|
private void updateLockAfterPreferenceSummary() {
|
|
// Update summary message with current value
|
|
long currentTimeout = Settings.Secure.getLong(getContentResolver(),
|
|
Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000);
|
|
final CharSequence[] entries = mLockAfter.getEntries();
|
|
final CharSequence[] values = mLockAfter.getEntryValues();
|
|
int best = 0;
|
|
for (int i = 0; i < values.length; i++) {
|
|
long timeout = Long.valueOf(values[i].toString());
|
|
if (currentTimeout >= timeout) {
|
|
best = i;
|
|
}
|
|
}
|
|
|
|
Preference preference = getPreferenceScreen().findPreference(KEY_TRUST_AGENT);
|
|
if (preference != null && preference.getTitle().length() > 0) {
|
|
mLockAfter.setSummary(getString(R.string.lock_after_timeout_summary_with_exception,
|
|
entries[best], preference.getTitle()));
|
|
} else {
|
|
mLockAfter.setSummary(getString(R.string.lock_after_timeout_summary, entries[best]));
|
|
}
|
|
}
|
|
|
|
private void disableUnusableTimeouts(long maxTimeout) {
|
|
final CharSequence[] entries = mLockAfter.getEntries();
|
|
final CharSequence[] values = mLockAfter.getEntryValues();
|
|
ArrayList<CharSequence> revisedEntries = new ArrayList<CharSequence>();
|
|
ArrayList<CharSequence> revisedValues = new ArrayList<CharSequence>();
|
|
for (int i = 0; i < values.length; i++) {
|
|
long timeout = Long.valueOf(values[i].toString());
|
|
if (timeout <= maxTimeout) {
|
|
revisedEntries.add(entries[i]);
|
|
revisedValues.add(values[i]);
|
|
}
|
|
}
|
|
if (revisedEntries.size() != entries.length || revisedValues.size() != values.length) {
|
|
mLockAfter.setEntries(
|
|
revisedEntries.toArray(new CharSequence[revisedEntries.size()]));
|
|
mLockAfter.setEntryValues(
|
|
revisedValues.toArray(new CharSequence[revisedValues.size()]));
|
|
final int userPreference = Integer.valueOf(mLockAfter.getValue());
|
|
if (userPreference <= maxTimeout) {
|
|
mLockAfter.setValue(String.valueOf(userPreference));
|
|
} else {
|
|
// There will be no highlighted selection since nothing in the list matches
|
|
// maxTimeout. The user can still select anything less than maxTimeout.
|
|
// TODO: maybe append maxTimeout to the list and mark selected.
|
|
}
|
|
}
|
|
mLockAfter.setEnabled(revisedEntries.size() > 0);
|
|
}
|
|
|
|
@Override
|
|
public void onSaveInstanceState(Bundle outState) {
|
|
super.onSaveInstanceState(outState);
|
|
if (mTrustAgentClickIntent != null) {
|
|
outState.putParcelable(TRUST_AGENT_CLICK_INTENT, mTrustAgentClickIntent);
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public void onResume() {
|
|
super.onResume();
|
|
|
|
// Make sure we reload the preference hierarchy since some of these settings
|
|
// depend on others...
|
|
createPreferenceHierarchy();
|
|
|
|
final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils();
|
|
if (mBiometricWeakLiveliness != null) {
|
|
mBiometricWeakLiveliness.setChecked(
|
|
lockPatternUtils.isBiometricWeakLivelinessEnabled());
|
|
}
|
|
if (mVisiblePattern != null) {
|
|
mVisiblePattern.setChecked(lockPatternUtils.isVisiblePatternEnabled());
|
|
}
|
|
if (mPowerButtonInstantlyLocks != null) {
|
|
mPowerButtonInstantlyLocks.setChecked(lockPatternUtils.getPowerButtonInstantlyLocks());
|
|
}
|
|
|
|
if (mShowPassword != null) {
|
|
mShowPassword.setChecked(Settings.System.getInt(getContentResolver(),
|
|
Settings.System.TEXT_SHOW_PASSWORD, 1) != 0);
|
|
}
|
|
|
|
if (mResetCredentials != null) {
|
|
mResetCredentials.setEnabled(!mKeyStore.isEmpty());
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public boolean onPreferenceTreeClick(PreferenceScreen preferenceScreen, Preference preference) {
|
|
final String key = preference.getKey();
|
|
if (KEY_UNLOCK_SET_OR_CHANGE.equals(key)) {
|
|
startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment",
|
|
R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null);
|
|
} else if (KEY_BIOMETRIC_WEAK_IMPROVE_MATCHING.equals(key)) {
|
|
ChooseLockSettingsHelper helper =
|
|
new ChooseLockSettingsHelper(this.getActivity(), this);
|
|
if (!helper.launchConfirmationActivity(
|
|
CONFIRM_EXISTING_FOR_BIOMETRIC_WEAK_IMPROVE_REQUEST, null, null)) {
|
|
// If this returns false, it means no password confirmation is required, so
|
|
// go ahead and start improve.
|
|
// Note: currently a backup is required for biometric_weak so this code path
|
|
// can't be reached, but is here in case things change in the future
|
|
startBiometricWeakImprove();
|
|
}
|
|
} else if (KEY_TRUST_AGENT.equals(key)) {
|
|
ChooseLockSettingsHelper helper =
|
|
new ChooseLockSettingsHelper(this.getActivity(), this);
|
|
mTrustAgentClickIntent = preference.getIntent();
|
|
if (!helper.launchConfirmationActivity(CHANGE_TRUST_AGENT_SETTINGS, null, null) &&
|
|
mTrustAgentClickIntent != null) {
|
|
// If this returns false, it means no password confirmation is required.
|
|
startActivity(mTrustAgentClickIntent);
|
|
mTrustAgentClickIntent = null;
|
|
}
|
|
} else {
|
|
// If we didn't handle it, let preferences handle it.
|
|
return super.onPreferenceTreeClick(preferenceScreen, preference);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* see confirmPatternThenDisableAndClear
|
|
*/
|
|
@Override
|
|
public void onActivityResult(int requestCode, int resultCode, Intent data) {
|
|
super.onActivityResult(requestCode, resultCode, data);
|
|
if (requestCode == CONFIRM_EXISTING_FOR_BIOMETRIC_WEAK_IMPROVE_REQUEST &&
|
|
resultCode == Activity.RESULT_OK) {
|
|
startBiometricWeakImprove();
|
|
return;
|
|
} else if (requestCode == CONFIRM_EXISTING_FOR_BIOMETRIC_WEAK_LIVELINESS_OFF &&
|
|
resultCode == Activity.RESULT_OK) {
|
|
final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils();
|
|
lockPatternUtils.setBiometricWeakLivelinessEnabled(false);
|
|
// Setting the mBiometricWeakLiveliness checked value to false is handled when onResume
|
|
// is called by grabbing the value from lockPatternUtils. We can't set it here
|
|
// because mBiometricWeakLiveliness could be null
|
|
return;
|
|
} else if (requestCode == CHANGE_TRUST_AGENT_SETTINGS && resultCode == Activity.RESULT_OK) {
|
|
if (mTrustAgentClickIntent != null) {
|
|
startActivity(mTrustAgentClickIntent);
|
|
mTrustAgentClickIntent = null;
|
|
}
|
|
return;
|
|
}
|
|
createPreferenceHierarchy();
|
|
}
|
|
|
|
@Override
|
|
public boolean onPreferenceChange(Preference preference, Object value) {
|
|
boolean result = true;
|
|
final String key = preference.getKey();
|
|
final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils();
|
|
if (KEY_LOCK_AFTER_TIMEOUT.equals(key)) {
|
|
int timeout = Integer.parseInt((String) value);
|
|
try {
|
|
Settings.Secure.putInt(getContentResolver(),
|
|
Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, timeout);
|
|
} catch (NumberFormatException e) {
|
|
Log.e("SecuritySettings", "could not persist lockAfter timeout setting", e);
|
|
}
|
|
updateLockAfterPreferenceSummary();
|
|
} else if (KEY_LOCK_ENABLED.equals(key)) {
|
|
lockPatternUtils.setLockPatternEnabled((Boolean) value);
|
|
} else if (KEY_VISIBLE_PATTERN.equals(key)) {
|
|
lockPatternUtils.setVisiblePatternEnabled((Boolean) value);
|
|
} else if (KEY_BIOMETRIC_WEAK_LIVELINESS.equals(key)) {
|
|
if ((Boolean) value) {
|
|
lockPatternUtils.setBiometricWeakLivelinessEnabled(true);
|
|
} else {
|
|
// In this case the user has just unchecked the checkbox, but this action requires
|
|
// them to confirm their password. We need to re-check the checkbox until
|
|
// they've confirmed their password
|
|
mBiometricWeakLiveliness.setChecked(true);
|
|
ChooseLockSettingsHelper helper =
|
|
new ChooseLockSettingsHelper(this.getActivity(), this);
|
|
if (!helper.launchConfirmationActivity(
|
|
CONFIRM_EXISTING_FOR_BIOMETRIC_WEAK_LIVELINESS_OFF, null, null)) {
|
|
// If this returns false, it means no password confirmation is required, so
|
|
// go ahead and uncheck it here.
|
|
// Note: currently a backup is required for biometric_weak so this code path
|
|
// can't be reached, but is here in case things change in the future
|
|
lockPatternUtils.setBiometricWeakLivelinessEnabled(false);
|
|
mBiometricWeakLiveliness.setChecked(false);
|
|
}
|
|
}
|
|
} else if (KEY_POWER_INSTANTLY_LOCKS.equals(key)) {
|
|
mLockPatternUtils.setPowerButtonInstantlyLocks((Boolean) value);
|
|
} else if (KEY_SHOW_PASSWORD.equals(key)) {
|
|
Settings.System.putInt(getContentResolver(), Settings.System.TEXT_SHOW_PASSWORD,
|
|
((Boolean) value) ? 1 : 0);
|
|
} else if (KEY_TOGGLE_INSTALL_APPLICATIONS.equals(key)) {
|
|
if ((Boolean) value) {
|
|
mToggleAppInstallation.setChecked(false);
|
|
warnAppInstallation();
|
|
// Don't change Switch status until user makes choice in dialog, so return false.
|
|
result = false;
|
|
} else {
|
|
setNonMarketAppsAllowed(false);
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
@Override
|
|
protected int getHelpResource() {
|
|
return R.string.help_url_security;
|
|
}
|
|
|
|
public void startBiometricWeakImprove(){
|
|
Intent intent = new Intent();
|
|
intent.setClassName("com.android.facelock", "com.android.facelock.AddToSetup");
|
|
startActivity(intent);
|
|
}
|
|
|
|
/**
|
|
* For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
|
|
*/
|
|
public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
|
|
new SecuritySearchIndexProvider();
|
|
|
|
private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider {
|
|
|
|
boolean mIsPrimary;
|
|
|
|
public SecuritySearchIndexProvider() {
|
|
super();
|
|
|
|
mIsPrimary = UserHandle.myUserId() == UserHandle.USER_OWNER;
|
|
}
|
|
|
|
@Override
|
|
public List<SearchIndexableResource> getXmlResourcesToIndex(
|
|
Context context, boolean enabled) {
|
|
|
|
List<SearchIndexableResource> result = new ArrayList<SearchIndexableResource>();
|
|
|
|
LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
|
|
// Add options for lock/unlock screen
|
|
int resId = getResIdForLockUnlockScreen(context, lockPatternUtils);
|
|
|
|
SearchIndexableResource sir = new SearchIndexableResource(context);
|
|
sir.xmlResId = resId;
|
|
result.add(sir);
|
|
|
|
if (mIsPrimary) {
|
|
DevicePolicyManager dpm = (DevicePolicyManager)
|
|
context.getSystemService(Context.DEVICE_POLICY_SERVICE);
|
|
|
|
switch (dpm.getStorageEncryptionStatus()) {
|
|
case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
|
|
// The device is currently encrypted.
|
|
resId = R.xml.security_settings_encrypted;
|
|
break;
|
|
case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
|
|
// This device supports encryption but isn't encrypted.
|
|
resId = R.xml.security_settings_unencrypted;
|
|
break;
|
|
}
|
|
|
|
sir = new SearchIndexableResource(context);
|
|
sir.xmlResId = resId;
|
|
result.add(sir);
|
|
}
|
|
|
|
// Append the rest of the settings
|
|
sir = new SearchIndexableResource(context);
|
|
sir.xmlResId = R.xml.security_settings_misc;
|
|
result.add(sir);
|
|
|
|
return result;
|
|
}
|
|
|
|
@Override
|
|
public List<SearchIndexableRaw> getRawDataToIndex(Context context, boolean enabled) {
|
|
final List<SearchIndexableRaw> result = new ArrayList<SearchIndexableRaw>();
|
|
final Resources res = context.getResources();
|
|
|
|
final String screenTitle = res.getString(R.string.security_settings_title);
|
|
|
|
SearchIndexableRaw data = new SearchIndexableRaw(context);
|
|
data.title = screenTitle;
|
|
data.screenTitle = screenTitle;
|
|
result.add(data);
|
|
|
|
if (!mIsPrimary) {
|
|
int resId = (UserManager.get(context).isLinkedUser()) ?
|
|
R.string.profile_info_settings_title : R.string.user_info_settings_title;
|
|
|
|
data = new SearchIndexableRaw(context);
|
|
data.title = res.getString(resId);
|
|
data.screenTitle = screenTitle;
|
|
result.add(data);
|
|
}
|
|
|
|
// Credential storage
|
|
final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
|
|
|
if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
|
|
KeyStore keyStore = KeyStore.getInstance();
|
|
|
|
final int storageSummaryRes = keyStore.isHardwareBacked() ?
|
|
R.string.credential_storage_type_hardware :
|
|
R.string.credential_storage_type_software;
|
|
|
|
data = new SearchIndexableRaw(context);
|
|
data.title = res.getString(storageSummaryRes);
|
|
data.screenTitle = screenTitle;
|
|
result.add(data);
|
|
}
|
|
|
|
// Advanced
|
|
final LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
|
|
if (lockPatternUtils.isSecure()) {
|
|
ArrayList<TrustAgentComponentInfo> agents =
|
|
getActiveTrustAgents(context.getPackageManager(), lockPatternUtils);
|
|
for (int i = 0; i < agents.size(); i++) {
|
|
final TrustAgentComponentInfo agent = agents.get(i);
|
|
data = new SearchIndexableRaw(context);
|
|
data.title = agent.title;
|
|
data.screenTitle = screenTitle;
|
|
result.add(data);
|
|
}
|
|
}
|
|
return result;
|
|
}
|
|
|
|
@Override
|
|
public List<String> getNonIndexableKeys(Context context) {
|
|
final List<String> keys = new ArrayList<String>();
|
|
|
|
LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
|
|
// Add options for lock/unlock screen
|
|
int resId = getResIdForLockUnlockScreen(context, lockPatternUtils);
|
|
|
|
// don't display visible pattern if biometric and backup is not pattern
|
|
if (resId == R.xml.security_settings_biometric_weak &&
|
|
lockPatternUtils.getKeyguardStoredPasswordQuality() !=
|
|
DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) {
|
|
keys.add(KEY_VISIBLE_PATTERN);
|
|
}
|
|
|
|
// Do not display SIM lock for devices without an Icc card
|
|
TelephonyManager tm = TelephonyManager.getDefault();
|
|
if (!mIsPrimary || !tm.hasIccCard()) {
|
|
keys.add(KEY_SIM_LOCK);
|
|
}
|
|
|
|
final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
|
if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
|
|
keys.add(KEY_CREDENTIALS_MANAGER);
|
|
}
|
|
|
|
// TrustAgent settings disappear when the user has no primary security.
|
|
if (!lockPatternUtils.isSecure()) {
|
|
keys.add(KEY_TRUST_AGENT);
|
|
keys.add(KEY_MANAGE_TRUST_AGENTS);
|
|
}
|
|
|
|
return keys;
|
|
}
|
|
}
|
|
|
|
}
|