Expand and expose Lockdown global action
This action puts the phone into the state where it can only be unlocked
via the user's primary knowledge factor. In the future this can also
evict keys and otherwise secure the device beyond the norm in a sketchy
situation.
This is currently controlled Settings.Secure.LOCKDOWN_IN_POWER_MENU, it
can be enabled for testing via
`adb shell settings put secure lockdown_in_power_menu 1`
Bug: 37221346
Test: Manual
Change-Id: I6197fadf655e5298cab1ab95153c316b87f3b718
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index c44b0bc..3921435 100755
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -7120,6 +7120,11 @@
public static final String QS_AUTO_ADDED_TILES = "qs_auto_tiles";
/**
+ * Whether the Lockdown button should be shown in the power menu.
+ * @hide
+ */
+ public static final String LOCKDOWN_IN_POWER_MENU = "lockdown_in_power_menu";
+ /**
* This are the settings to be backed up.
*
* NOTE: Settings are backed up and restored in the order they appear
@@ -7221,6 +7226,7 @@
SCREENSAVER_COMPONENTS,
SCREENSAVER_ACTIVATE_ON_DOCK,
SCREENSAVER_ACTIVATE_ON_SLEEP,
+ LOCKDOWN_IN_POWER_MENU,
};
/** @hide */
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index f85333eb..b8ef82b 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -1614,7 +1614,8 @@
STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,
SOME_AUTH_REQUIRED_AFTER_USER_REQUEST,
STRONG_AUTH_REQUIRED_AFTER_LOCKOUT,
- STRONG_AUTH_REQUIRED_AFTER_TIMEOUT})
+ STRONG_AUTH_REQUIRED_AFTER_TIMEOUT,
+ STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN})
@Retention(RetentionPolicy.SOURCE)
public @interface StrongAuthFlags {}
@@ -1651,6 +1652,11 @@
public static final int STRONG_AUTH_REQUIRED_AFTER_TIMEOUT = 0x10;
/**
+ * Strong authentication is required because the user has triggered lockdown.
+ */
+ public static final int STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN = 0x20;
+
+ /**
* Strong auth flags that do not prevent fingerprint from being accepted as auth.
*
* If any other flags are set, fingerprint is disabled.
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index ddceb8b..d8ed2ce 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -2359,12 +2359,14 @@
"silent" = silent mode
"users" = list of users
"restart" = restart device
+ "lockdown" = Lock down device until the user authenticates
-->
<string-array translatable="false" name="config_globalActionsList">
<item>power</item>
<item>restart</item>
<item>bugreport</item>
<item>users</item>
+ <item>lockdown</item>
</string-array>
<!-- Number of milliseconds to hold a wake lock to ensure that drawing is fully
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 9bd779e..bd5b711 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -526,8 +526,8 @@
<!-- label for item that launches voice assist in phone options dialog [CHAR LIMIT=15]-->
<string name="global_action_voice_assist">Voice Assist</string>
- <!-- label for item that locks the phone and enforces that it can't be unlocked without entering a credential. [CHAR LIMIT=15] -->
- <string name="global_action_lockdown">Lock now</string>
+ <!-- label for item that locks the phone and enforces that it can't be unlocked without strong authentication. [CHAR LIMIT=15] -->
+ <string name="global_action_lockdown">Enter lockdown</string>
<!-- Text to use when the number in a notification info is too large
(greater than status_bar_notification_info_maxnum, defined in
diff --git a/packages/SystemUI/src/com/android/systemui/globalactions/GlobalActionsDialog.java b/packages/SystemUI/src/com/android/systemui/globalactions/GlobalActionsDialog.java
index 33d5617..4cbbbd6 100644
--- a/packages/SystemUI/src/com/android/systemui/globalactions/GlobalActionsDialog.java
+++ b/packages/SystemUI/src/com/android/systemui/globalactions/GlobalActionsDialog.java
@@ -14,6 +14,8 @@
package com.android.systemui.globalactions;
+import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN;
+
import com.android.internal.R;
import com.android.internal.colorextraction.ColorExtractor;
import com.android.internal.colorextraction.ColorExtractor.GradientColors;
@@ -310,7 +312,10 @@
} else if (GLOBAL_ACTION_KEY_SETTINGS.equals(actionKey)) {
mItems.add(getSettingsAction());
} else if (GLOBAL_ACTION_KEY_LOCKDOWN.equals(actionKey)) {
- mItems.add(getLockdownAction());
+ if (Settings.Secure.getInt(mContext.getContentResolver(),
+ Settings.Secure.LOCKDOWN_IN_POWER_MENU, 0) != 0) {
+ mItems.add(getLockdownAction());
+ }
} else if (GLOBAL_ACTION_KEY_VOICEASSIST.equals(actionKey)) {
mItems.add(getVoiceAssistAction());
} else if (GLOBAL_ACTION_KEY_ASSIST.equals(actionKey)) {
@@ -575,7 +580,9 @@
@Override
public void onPress() {
- new LockPatternUtils(mContext).requireCredentialEntry(UserHandle.USER_ALL);
+ new LockPatternUtils(mContext)
+ .requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN,
+ UserHandle.USER_ALL);
try {
WindowManagerGlobal.getWindowManagerService().lockNow(null);
} catch (RemoteException e) {