Single-user restrictions
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
diff --git a/api/current.txt b/api/current.txt
index a6f2cf5..3a3e9d0 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -6155,6 +6155,7 @@
field public static final java.lang.String ACTION_PROVIDER_CHANGED = "android.intent.action.PROVIDER_CHANGED";
field public static final java.lang.String ACTION_QUICK_CLOCK = "android.intent.action.QUICK_CLOCK";
field public static final java.lang.String ACTION_REBOOT = "android.intent.action.REBOOT";
+ field public static final java.lang.String ACTION_RESTRICTIONS_PIN_CHALLENGE = "android.intent.action.RESTRICTIONS_PIN_CHALLENGE";
field public static final java.lang.String ACTION_RUN = "android.intent.action.RUN";
field public static final java.lang.String ACTION_SCREEN_OFF = "android.intent.action.SCREEN_OFF";
field public static final java.lang.String ACTION_SCREEN_ON = "android.intent.action.SCREEN_ON";
@@ -17962,6 +17963,7 @@
method public java.lang.String getUserName();
method public android.os.Bundle getUserRestrictions();
method public android.os.Bundle getUserRestrictions(android.os.UserHandle);
+ method public boolean hasRestrictionsPin();
method public boolean isUserAGoat();
method public boolean isUserRunning(android.os.UserHandle);
method public boolean isUserRunningOrStopping(android.os.UserHandle);
diff --git a/cmds/pm/src/com/android/commands/pm/Pm.java b/cmds/pm/src/com/android/commands/pm/Pm.java
index 6f57ae0..d1ded10 100644
--- a/cmds/pm/src/com/android/commands/pm/Pm.java
+++ b/cmds/pm/src/com/android/commands/pm/Pm.java
@@ -147,6 +147,16 @@
return;
}
+ if ("block".equals(op)) {
+ runSetBlockedSetting(true);
+ return;
+ }
+
+ if ("unblock".equals(op)) {
+ runSetBlockedSetting(false);
+ return;
+ }
+
if ("grant".equals(op)) {
runGrantRevokePermission(true);
return;
@@ -1256,6 +1266,36 @@
}
}
+ private void runSetBlockedSetting(boolean state) {
+ int userId = 0;
+ String option = nextOption();
+ if (option != null && option.equals("--user")) {
+ String optionData = nextOptionData();
+ if (optionData == null || !isNumber(optionData)) {
+ System.err.println("Error: no USER_ID specified");
+ showUsage();
+ return;
+ } else {
+ userId = Integer.parseInt(optionData);
+ }
+ }
+
+ String pkg = nextArg();
+ if (pkg == null) {
+ System.err.println("Error: no package or component specified");
+ showUsage();
+ return;
+ }
+ try {
+ mPm.setApplicationBlockedSettingAsUser(pkg, state, userId);
+ System.err.println("Package " + pkg + " new blocked state: "
+ + mPm.getApplicationBlockedSettingAsUser(pkg, userId));
+ } catch (RemoteException e) {
+ System.err.println(e.toString());
+ System.err.println(PM_NOT_RUNNING_ERR);
+ }
+ }
+
private void runGrantRevokePermission(boolean grant) {
String pkg = nextArg();
if (pkg == null) {
@@ -1482,6 +1522,8 @@
System.err.println(" pm disable [--user USER_ID] PACKAGE_OR_COMPONENT");
System.err.println(" pm disable-user [--user USER_ID] PACKAGE_OR_COMPONENT");
System.err.println(" pm disable-until-used [--user USER_ID] PACKAGE_OR_COMPONENT");
+ System.err.println(" pm block [--user USER_ID] PACKAGE_OR_COMPONENT");
+ System.err.println(" pm unblock [--user USER_ID] PACKAGE_OR_COMPONENT");
System.err.println(" pm grant PACKAGE PERMISSION");
System.err.println(" pm revoke PACKAGE PERMISSION");
System.err.println(" pm set-install-location [0/auto] [1/internal] [2/external]");
diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java
index 271494f..432e9b1 100644
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -1296,6 +1296,28 @@
return PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;
}
+ @Override
+ public boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked,
+ UserHandle user) {
+ try {
+ return mPM.setApplicationBlockedSettingAsUser(packageName, blocked,
+ user.getIdentifier());
+ } catch (RemoteException re) {
+ // Should never happen!
+ }
+ return false;
+ }
+
+ @Override
+ public boolean getApplicationBlockedSettingAsUser(String packageName, UserHandle user) {
+ try {
+ return mPM.getApplicationBlockedSettingAsUser(packageName, user.getIdentifier());
+ } catch (RemoteException re) {
+ // Should never happen!
+ }
+ return false;
+ }
+
/**
* @hide
*/
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 897e6fe..bda7112 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -2440,6 +2440,18 @@
"android.intent.action.GET_RESTRICTION_ENTRIES";
/**
+ * Activity to challenge the user for a PIN that was configured when setting up
+ * restrictions. Launch the activity using
+ * {@link android.app.Activity#startActivityForResult(Intent, int)} and check if the
+ * result is {@link android.app.Activity#RESULT_OK} for a successful response to the
+ * challenge.<p/>
+ * Before launching this activity, make sure that there is a PIN in effect, by calling
+ * {@link android.os.UserManager#hasRestrictionsPin()}.
+ */
+ public static final String ACTION_RESTRICTIONS_PIN_CHALLENGE =
+ "android.intent.action.RESTRICTIONS_PIN_CHALLENGE";
+
+ /**
* Sent the first time a user is starting, to allow system apps to
* perform one time initialization. (This will not be seen by third
* party applications because a newly initialized user does not have any
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 870610b..9c46d96 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -346,6 +346,13 @@
public static final int FLAG_CANT_SAVE_STATE = 1<<28;
/**
+ * Value for {@link #flags}: true if the application is blocked via restrictions and for
+ * most purposes is considered as not installed.
+ * {@hide}
+ */
+ public static final int FLAG_BLOCKED = 1<<27;
+
+ /**
* Flags associated with the application. Any combination of
* {@link #FLAG_SYSTEM}, {@link #FLAG_DEBUGGABLE}, {@link #FLAG_HAS_CODE},
* {@link #FLAG_PERSISTENT}, {@link #FLAG_FACTORY_TEST}, and
@@ -359,7 +366,7 @@
* {@link #FLAG_INSTALLED}.
*/
public int flags = 0;
-
+
/**
* The required smallest screen width the application can run on. If 0,
* nothing has been specified. Comes from
diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl
index a0e1555..eaff7b2 100644
--- a/core/java/android/content/pm/IPackageManager.aidl
+++ b/core/java/android/content/pm/IPackageManager.aidl
@@ -399,4 +399,7 @@
/** Reflects current DeviceStorageMonitorService state */
boolean isStorageLow();
+
+ boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked, int userId);
+ boolean getApplicationBlockedSettingAsUser(String packageName, int userId);
}
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 4266d85..8a8751e 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -3083,6 +3083,23 @@
public abstract int getApplicationEnabledSetting(String packageName);
/**
+ * Puts the package in a blocked state, which is almost like an uninstalled state,
+ * making the package unavailable, but it doesn't remove the data or the actual
+ * package file.
+ * @hide
+ */
+ public abstract boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked,
+ UserHandle userHandle);
+
+ /**
+ * Returns the blocked state of a package.
+ * @see #setApplicationBlockedSettingAsUser(String, boolean, UserHandle)
+ * @hide
+ */
+ public abstract boolean getApplicationBlockedSettingAsUser(String packageName,
+ UserHandle userHandle);
+
+ /**
* Return whether the device has been booted into safe mode.
*/
public abstract boolean isSafeMode();
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 883516e..8f0c62d 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -159,7 +159,8 @@
private static WeakReference<byte[]> mReadBuffer;
private static boolean sCompatibilityModeEnabled = true;
- private static final int PARSE_DEFAULT_INSTALL_LOCATION = PackageInfo.INSTALL_LOCATION_UNSPECIFIED;
+ private static final int PARSE_DEFAULT_INSTALL_LOCATION =
+ PackageInfo.INSTALL_LOCATION_UNSPECIFIED;
static class ParsePackageItemArgs {
final Package owner;
@@ -274,15 +275,20 @@
grantedPermissions, state, UserHandle.getCallingUserId());
}
- private static boolean checkUseInstalled(int flags, PackageUserState state) {
- return state.installed || ((flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0);
+ /**
+ * Returns true if the package is installed and not blocked, or if the caller
+ * explicitly wanted all uninstalled and blocked packages as well.
+ */
+ private static boolean checkUseInstalledOrBlocked(int flags, PackageUserState state) {
+ return (state.installed && !state.blocked)
+ || (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0;
}
public static PackageInfo generatePackageInfo(PackageParser.Package p,
int gids[], int flags, long firstInstallTime, long lastUpdateTime,
HashSet<String> grantedPermissions, PackageUserState state, int userId) {
- if (!checkUseInstalled(flags, state)) {
+ if (!checkUseInstalledOrBlocked(flags, state)) {
return null;
}
PackageInfo pi = new PackageInfo();
@@ -3724,7 +3730,7 @@
return true;
}
}
- if (!state.installed) {
+ if (!state.installed || state.blocked) {
return true;
}
if (state.stopped) {
@@ -3757,6 +3763,11 @@
} else {
ai.flags &= ~ApplicationInfo.FLAG_INSTALLED;
}
+ if (state.blocked) {
+ ai.flags |= ApplicationInfo.FLAG_BLOCKED;
+ } else {
+ ai.flags &= ~ApplicationInfo.FLAG_BLOCKED;
+ }
if (state.enabled == PackageManager.COMPONENT_ENABLED_STATE_ENABLED) {
ai.enabled = true;
} else if (state.enabled == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) {
@@ -3771,7 +3782,7 @@
public static ApplicationInfo generateApplicationInfo(Package p, int flags,
PackageUserState state, int userId) {
if (p == null) return null;
- if (!checkUseInstalled(flags, state)) {
+ if (!checkUseInstalledOrBlocked(flags, state)) {
return null;
}
if (!copyNeeded(flags, p, state, null, userId)
@@ -3855,7 +3866,7 @@
public static final ActivityInfo generateActivityInfo(Activity a, int flags,
PackageUserState state, int userId) {
if (a == null) return null;
- if (!checkUseInstalled(flags, state)) {
+ if (!checkUseInstalledOrBlocked(flags, state)) {
return null;
}
if (!copyNeeded(flags, a.owner, state, a.metaData, userId)) {
@@ -3892,7 +3903,7 @@
public static final ServiceInfo generateServiceInfo(Service s, int flags,
PackageUserState state, int userId) {
if (s == null) return null;
- if (!checkUseInstalled(flags, state)) {
+ if (!checkUseInstalledOrBlocked(flags, state)) {
return null;
}
if (!copyNeeded(flags, s.owner, state, s.metaData, userId)) {
@@ -3937,7 +3948,7 @@
public static final ProviderInfo generateProviderInfo(Provider p, int flags,
PackageUserState state, int userId) {
if (p == null) return null;
- if (!checkUseInstalled(flags, state)) {
+ if (!checkUseInstalledOrBlocked(flags, state)) {
return null;
}
if (!copyNeeded(flags, p.owner, state, p.metaData, userId)
diff --git a/core/java/android/content/pm/PackageUserState.java b/core/java/android/content/pm/PackageUserState.java
index dcd54fc..94e3f79 100644
--- a/core/java/android/content/pm/PackageUserState.java
+++ b/core/java/android/content/pm/PackageUserState.java
@@ -28,6 +28,7 @@
public boolean stopped;
public boolean notLaunched;
public boolean installed;
+ public boolean blocked; // Is the app restricted by owner / admin
public int enabled;
public String lastDisableAppCaller;
@@ -37,6 +38,7 @@
public PackageUserState() {
installed = true;
+ blocked = false;
enabled = COMPONENT_ENABLED_STATE_DEFAULT;
}
@@ -45,6 +47,7 @@
stopped = o.stopped;
notLaunched = o.notLaunched;
enabled = o.enabled;
+ blocked = o.blocked;
lastDisableAppCaller = o.lastDisableAppCaller;
disabledComponents = o.disabledComponents != null
? new HashSet<String>(o.disabledComponents) : null;
diff --git a/core/java/android/os/IUserManager.aidl b/core/java/android/os/IUserManager.aidl
index a11358a..7589a5a 100644
--- a/core/java/android/os/IUserManager.aidl
+++ b/core/java/android/os/IUserManager.aidl
@@ -46,4 +46,7 @@
int userHandle);
Bundle getApplicationRestrictions(in String packageName);
Bundle getApplicationRestrictionsForUser(in String packageName, int userHandle);
+ boolean changeRestrictionsPin(in String newPin);
+ int checkRestrictionsPin(in String pin);
+ boolean hasRestrictionsPin();
}
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index cb5ed4f..c33a28a 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -140,6 +140,13 @@
*/
public static final String DISALLOW_REMOVE_USER = "no_remove_user";
+ /** @hide */
+ public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
+ /** @hide */
+ public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2;
+ /** @hide */
+ public static final int PIN_VERIFICATION_SUCCESS = -1;
+
private static UserManager sInstance = null;
/** @hide */
@@ -620,4 +627,55 @@
Log.w(TAG, "Could not set application restrictions for user " + user.getIdentifier());
}
}
+
+ /**
+ * @hide
+ * Sets a new restrictions PIN. This should only be called after verifying that there
+ * currently isn't a PIN set, or after the user successfully enters the current PIN.
+ * @param newPin
+ * @return Returns true if the PIN was changed successfully.
+ */
+ public boolean changeRestrictionsPin(String newPin) {
+ try {
+ return mService.changeRestrictionsPin(newPin);
+ } catch (RemoteException re) {
+ Log.w(TAG, "Could not change restrictions pin");
+ }
+ return false;
+ }
+
+ /**
+ * @hide
+ * @param pin The PIN to verify, or null to get the number of milliseconds to wait for before
+ * allowing the user to enter the PIN.
+ * @return Returns a positive number (including zero) for how many milliseconds before
+ * you can accept another PIN, when the input is null or the input doesn't match the saved PIN.
+ * Returns {@link #PIN_VERIFICATION_SUCCESS} if the input matches the saved PIN. Returns
+ * {@link #PIN_VERIFICATION_FAILED_NOT_SET} if there is no PIN set.
+ */
+ public int checkRestrictionsPin(String pin) {
+ try {
+ return mService.checkRestrictionsPin(pin);
+ } catch (RemoteException re) {
+ Log.w(TAG, "Could not check restrictions pin");
+ }
+ return PIN_VERIFICATION_FAILED_INCORRECT;
+ }
+
+ /**
+ * Checks whether the user has restrictions that are PIN-protected. An application that
+ * participates in restrictions can check if the owner has requested a PIN challenge for
+ * any restricted operations. If there is a PIN in effect, the application should launch
+ * the PIN challenge activity {@link android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE}.
+ * @see android.content.Intent#ACTION_RESTRICTIONS_PIN_CHALLENGE
+ * @return whether a restrictions PIN is in effect.
+ */
+ public boolean hasRestrictionsPin() {
+ try {
+ return mService.hasRestrictionsPin();
+ } catch (RemoteException re) {
+ Log.w(TAG, "Could not change restrictions pin");
+ }
+ return false;
+ }
}
diff --git a/core/java/com/android/internal/app/AlertActivity.java b/core/java/com/android/internal/app/AlertActivity.java
index 7251256..7456def 100644
--- a/core/java/com/android/internal/app/AlertActivity.java
+++ b/core/java/com/android/internal/app/AlertActivity.java
@@ -36,18 +36,18 @@
* @see #mAlertParams
*/
protected AlertController mAlert;
-
+
/**
* The parameters for the alert.
*/
protected AlertController.AlertParams mAlertParams;
-
+
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
-
+
mAlert = new AlertController(this, this, getWindow());
- mAlertParams = new AlertController.AlertParams(this);
+ mAlertParams = new AlertController.AlertParams(this);
}
public void cancel() {
@@ -65,7 +65,7 @@
/**
* Sets up the alert, including applying the parameters to the alert model,
* and installing the alert's content.
- *
+ *
* @see #mAlert
* @see #mAlertParams
*/
@@ -73,7 +73,7 @@
mAlertParams.apply(mAlert);
mAlert.installContent();
}
-
+
@Override
public boolean onKeyDown(int keyCode, KeyEvent event) {
if (mAlert.onKeyDown(keyCode, event)) return true;
@@ -85,6 +85,4 @@
if (mAlert.onKeyUp(keyCode, event)) return true;
return super.onKeyUp(keyCode, event);
}
-
-
}
diff --git a/core/java/com/android/internal/app/RestrictionsPinActivity.java b/core/java/com/android/internal/app/RestrictionsPinActivity.java
new file mode 100644
index 0000000..57436f7
--- /dev/null
+++ b/core/java/com/android/internal/app/RestrictionsPinActivity.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.internal.app;
+
+import android.app.AlertDialog;
+import android.content.Context;
+import android.content.DialogInterface;
+import android.os.Bundle;
+import android.os.UserManager;
+import android.text.Editable;
+import android.text.TextWatcher;
+import android.view.KeyEvent;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.widget.EditText;
+import android.widget.TextView;
+import android.widget.TextView.OnEditorActionListener;
+
+import com.android.internal.R;
+
+/**
+ * This activity is launched by Settings and other apps to either create a new PIN or
+ * challenge for an existing PIN. The PIN is maintained by UserManager.
+ */
+public class RestrictionsPinActivity extends AlertActivity
+ implements DialogInterface.OnClickListener, TextWatcher, OnEditorActionListener {
+
+ private UserManager mUserManager;
+
+ private EditText mPin1Text;
+ private EditText mPin2Text;
+ private TextView mPinErrorMessage;
+ private TextView mPinMessage;
+
+ @Override
+ public void onCreate(Bundle icicle) {
+ super.onCreate(icicle);
+
+ AlertController.AlertParams ap = mAlertParams;
+ ap.mTitle = getString(R.string.restr_pin_enter_pin);
+ ap.mPositiveButtonText = getString(R.string.ok);
+ ap.mNegativeButtonText = getString(R.string.cancel);
+ ap.mPositiveButtonListener = this;
+ ap.mNegativeButtonListener = this;
+ LayoutInflater inflater =
+ (LayoutInflater) getSystemService(Context.LAYOUT_INFLATER_SERVICE);
+ ap.mView = inflater.inflate(R.layout.pin_challenge, null);
+
+ mPinMessage = (TextView) ap.mView.findViewById(R.id.pin_message);
+ mPin1Text = (EditText) ap.mView.findViewById(R.id.pin1_text);
+ mPin2Text = (EditText) ap.mView.findViewById(R.id.pin2_text);
+ mPinErrorMessage = (TextView) ap.mView.findViewById(R.id.pin_error_message);
+ mPin1Text.addTextChangedListener(this);
+ mPin2Text.addTextChangedListener(this);
+
+ mUserManager = (UserManager) getSystemService(Context.USER_SERVICE);
+
+ setupAlert();
+ }
+
+ protected boolean verifyingPin() {
+ return true;
+ }
+
+ public void onResume() {
+ super.onResume();
+
+ setPositiveButtonState(false);
+ boolean hasPin = mUserManager.hasRestrictionsPin();
+ if (verifyingPin()) {
+ if (hasPin) {
+ mPinMessage.setVisibility(View.GONE);
+ mPinErrorMessage.setVisibility(View.GONE);
+ mPin2Text.setVisibility(View.GONE);
+ mPin1Text.setOnEditorActionListener(this);
+ updatePinTimer(-1);
+ } else {
+ setResult(RESULT_OK);
+ finish();
+ }
+ } else if (hasPin) {
+ // Shouldn't really be in this state, exit
+ setResult(RESULT_OK);
+ finish();
+ }
+ }
+
+ private void setPositiveButtonState(boolean enabled) {
+ mAlert.getButton(DialogInterface.BUTTON_POSITIVE).setEnabled(enabled);
+ }
+
+ private void updatePinTimer(int pinTimerMs) {
+ if (pinTimerMs < 0) {
+ pinTimerMs = mUserManager.checkRestrictionsPin(null);
+ }
+ if (pinTimerMs >= 200) {
+ final int seconds = (pinTimerMs + 200) / 1000;
+ final String formatString = getResources().getQuantityString(
+ R.plurals.restr_pin_countdown,
+ seconds);
+ mPinErrorMessage.setText(String.format(formatString, seconds));
+ mPinErrorMessage.setVisibility(View.VISIBLE);
+ mPin1Text.setEnabled(false);
+ mPin1Text.setText("");
+ setPositiveButtonState(false);
+ mPin1Text.postDelayed(mCountdownRunnable, Math.min(1000, pinTimerMs));
+ } else {
+ mPinErrorMessage.setVisibility(View.INVISIBLE);
+ mPin1Text.setEnabled(true);
+ mPin1Text.setText("");
+ }
+ }
+
+ public void onClick(DialogInterface dialog, int which) {
+ setResult(RESULT_CANCELED);
+ if (which == AlertDialog.BUTTON_POSITIVE) {
+ performPositiveButtonAction();
+ } else if (which == AlertDialog.BUTTON_NEGATIVE) {
+ finish();
+ }
+ }
+
+ private void performPositiveButtonAction() {
+ if (verifyingPin()) {
+ int result = mUserManager.checkRestrictionsPin(mPin1Text.getText().toString());
+ if (result == UserManager.PIN_VERIFICATION_SUCCESS) {
+ setResult(RESULT_OK);
+ finish();
+ } else if (result >= 0) {
+ updatePinTimer(result);
+ }
+ } else {
+ if (mUserManager.changeRestrictionsPin(mPin1Text.getText().toString())) {
+ setResult(RESULT_OK);
+ finish();
+ }
+ }
+ }
+
+ @Override
+ public void beforeTextChanged(CharSequence s, int start, int count, int after) {
+ }
+
+ @Override
+ public void onTextChanged(CharSequence s, int start, int before, int count) {
+ CharSequence pin1 = mPin1Text.getText();
+ if (!verifyingPin()) {
+ CharSequence pin2 = mPin2Text.getText();
+ boolean match = pin1 != null && pin2 != null && pin1.length() >= 4
+ && pin1.toString().equals(pin2.toString());
+ setPositiveButtonState(match);
+ mPinErrorMessage.setVisibility(match ? View.INVISIBLE : View.VISIBLE);
+ } else {
+ setPositiveButtonState(pin1 != null && pin1.length() >= 4);
+ }
+ }
+
+ @Override
+ public void afterTextChanged(Editable s) {
+ }
+
+ @Override
+ public boolean onEditorAction(TextView v, int actionId, KeyEvent event) {
+ performPositiveButtonAction();
+ return true;
+ }
+
+ private Runnable mCountdownRunnable = new Runnable() {
+ public void run() {
+ updatePinTimer(-1);
+ }
+ };
+}
diff --git a/core/java/com/android/internal/app/RestrictionsPinSetupActivity.java b/core/java/com/android/internal/app/RestrictionsPinSetupActivity.java
new file mode 100644
index 0000000..35f2967
--- /dev/null
+++ b/core/java/com/android/internal/app/RestrictionsPinSetupActivity.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.internal.app;
+
+/**
+ * This activity is launched by Settings and other apps to either create a new PIN or
+ * challenge for an existing PIN. The PIN is maintained by UserManager.
+ */
+public class RestrictionsPinSetupActivity extends RestrictionsPinActivity {
+
+ protected boolean verifyingPin() {
+ return false;
+ }
+}
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index ca274e3..40d3428 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2432,6 +2432,29 @@
android:process=":ui">
</activity>
+ <activity android:name="com.android.internal.app.RestrictionsPinSetupActivity"
+ android:theme="@style/Theme.Holo.Dialog.Alert"
+ android:permission="android.permission.MANAGE_USERS"
+ android:excludeFromRecents="true"
+ android:windowSoftInputMode="adjustPan"
+ android:process=":ui">
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.RESTRICTIONS_PIN_CREATE" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+
+ <activity android:name="com.android.internal.app.RestrictionsPinActivity"
+ android:theme="@style/Theme.Holo.Dialog.Alert"
+ android:excludeFromRecents="true"
+ android:windowSoftInputMode="adjustPan"
+ android:process=":ui">
+ <intent-filter android:priority="100">
+ <action android:name="android.intent.action.RESTRICTIONS_PIN_CHALLENGE" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+
<receiver android:name="com.android.server.BootReceiver"
android:primaryUserOnly="true">
<intent-filter>
@@ -2470,9 +2493,9 @@
</receiver>
<receiver android:name="com.android.server.MasterClearReceiver"
- android:permission="android.permission.MASTER_CLEAR"
- android:priority="100" >
- <intent-filter>
+ android:permission="android.permission.MASTER_CLEAR">
+ <intent-filter
+ android:priority="100" >
<!-- For Checkin, Settings, etc.: action=MASTER_CLEAR -->
<action android:name="android.intent.action.MASTER_CLEAR" />
diff --git a/core/res/res/layout/pin_challenge.xml b/core/res/res/layout/pin_challenge.xml
new file mode 100644
index 0000000..2cb14b4
--- /dev/null
+++ b/core/res/res/layout/pin_challenge.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2013 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- Layout used as the dialog's content View for EditTextPreference. -->
+<ScrollView xmlns:android="http://schemas.android.com/apk/res/android"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent"
+ android:layout_marginTop="48dp"
+ android:layout_marginBottom="48dp"
+ android:overScrollMode="ifContentScrolls">
+
+ <LinearLayout
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:padding="8dip"
+ android:orientation="vertical">
+
+ <TextView android:id="@+id/pin_message"
+ style="?android:attr/textAppearanceMedium"
+ android:layout_marginTop="16dp"
+ android:layout_marginBottom="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="@string/restr_pin_create_pin"
+ android:textColor="?android:attr/textColorSecondary" />
+
+ <!-- TextView android:id="@+id/pin1_label"
+ style="?android:attr/textAppearanceSmall"
+ android:layout_marginBottom="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="@string/restr_pin_enter_pin"
+ android:textColor="?android:attr/textColorSecondary" /-->
+
+ <EditText android:id="@+id/pin1_text"
+ style="?android:attr/textAppearanceMedium"
+ android:layout_marginBottom="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:hint="@string/restr_pin_enter_pin"
+ android:inputType="textPassword"
+ android:textColor="?android:attr/textColorPrimary" />
+
+ <!-- TextView android:id="@+id/pin2_label"
+ style="?android:attr/textAppearanceSmall"
+ android:layout_marginBottom="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="@string/restr_pin_confirm_pin"
+ android:textColor="?android:attr/textColorSecondary" /-->
+
+ <EditText android:id="@+id/pin2_text"
+ style="?android:attr/textAppearanceMedium"
+ android:layout_marginBottom="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:hint="@string/restr_pin_confirm_pin"
+ android:inputType="textPassword"
+ android:textColor="?android:attr/textColorPrimary" />
+
+ <TextView android:id="@+id/pin_error_message"
+ style="?android:attr/textAppearanceSmall"
+ android:layout_marginBottom="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="@string/restr_pin_error_doesnt_match"
+ android:textColor="#FFFF0000" />
+
+ </LinearLayout>
+
+</ScrollView>
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 1938b88..4b02a7d 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -4018,7 +4018,7 @@
<!-- Message shown when user enters wrong PIN -->
<string name="kg_wrong_pin">Wrong PIN</string>
<!-- Countdown message shown after too many failed unlock attempts -->
- <string name="kg_too_many_failed_attempts_countdown">Try again in <xliff:g id="number">%d</xliff:g> seconds.</string>
+ <string name="kg_too_many_failed_attempts_countdown">Try again in <xliff:g id="number">%1$d</xliff:g> seconds.</string>
<!-- Instructions for using the pattern unlock screen -->
<string name="kg_pattern_instructions">Draw your pattern</string>
<!-- Instructions for using the SIM PIN unlock screen -->
@@ -4227,4 +4227,20 @@
<!-- North America Tabloid media size: 11" × 17" -->
<string name="mediaSize_na_tabloid">Tabloid</string>
+ <!-- PIN creation dialog message [CHAR LIMIT=none] -->
+ <string name="restr_pin_create_pin">Create a PIN for modifying restrictions</string>
+ <!-- PIN entry dialog label for PIN [CHAR LIMIT=none] -->
+ <string name="restr_pin_enter_pin">Enter PIN</string>
+ <!-- PIN entry dialog label for PIN confirmation [CHAR LIMIT=none] -->
+ <string name="restr_pin_confirm_pin">Confirm PIN</string>
+ <!-- PIN entry dialog error when PINs are not the same [CHAR LIMIT=none] -->
+ <string name="restr_pin_error_doesnt_match">PINs don\'t match. Try again.</string>
+ <!-- PIN entry dialog error when PIN is too short [CHAR LIMIT=none] -->
+ <string name="restr_pin_error_too_short">PIN is too short. Must be at least 4 digits.</string>
+ <!-- PIN entry dialog countdown message for next chance to enter the PIN [CHAR LIMIT=none] -->
+ <!-- Phrase describing a time duration using seconds [CHAR LIMIT=16] -->
+ <plurals name="restr_pin_countdown">
+ <item quantity="one">Incorrect PIN. Try again in 1 second.</item>
+ <item quantity="other">Incorrect PIN. Try again in <xliff:g id="count">%d</xliff:g> seconds.</item>
+ </plurals>
</resources>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 7f39364..a1166fc 100755
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -213,6 +213,10 @@
<java-symbol type="id" name="sms_short_code_remember_undo_instruction" />
<java-symbol type="id" name="breadcrumb_section" />
<java-symbol type="id" name="action_bar_spinner" />
+ <java-symbol type="id" name="pin_message" />
+ <java-symbol type="id" name="pin1_text" />
+ <java-symbol type="id" name="pin2_text" />
+ <java-symbol type="id" name="pin_error_message" />
<java-symbol type="attr" name="actionModeShareDrawable" />
<java-symbol type="attr" name="alertDialogCenterButtons" />
@@ -898,6 +902,7 @@
<java-symbol type="string" name="mediaSize_na_junior_legal" />
<java-symbol type="string" name="mediaSize_na_ledger" />
<java-symbol type="string" name="mediaSize_na_tabloid" />
+ <java-symbol type="string" name="restr_pin_enter_pin" />
<java-symbol type="plurals" name="abbrev_in_num_days" />
<java-symbol type="plurals" name="abbrev_in_num_hours" />
@@ -920,6 +925,7 @@
<java-symbol type="plurals" name="num_hours_ago" />
<java-symbol type="plurals" name="num_minutes_ago" />
<java-symbol type="plurals" name="num_seconds_ago" />
+ <java-symbol type="plurals" name="restr_pin_countdown" />
<java-symbol type="array" name="carrier_properties" />
<java-symbol type="array" name="config_data_usage_network_types" />
@@ -1145,6 +1151,7 @@
<java-symbol type="layout" name="sms_short_code_confirmation_dialog" />
<java-symbol type="layout" name="action_bar_up_container" />
<java-symbol type="layout" name="app_not_authorized" />
+ <java-symbol type="layout" name="pin_challenge" />
<java-symbol type="anim" name="slide_in_child_bottom" />
<java-symbol type="anim" name="slide_in_right" />
diff --git a/policy/src/com/android/internal/policy/impl/PhoneWindow.java b/policy/src/com/android/internal/policy/impl/PhoneWindow.java
index a21b089..3ed8bd8 100644
--- a/policy/src/com/android/internal/policy/impl/PhoneWindow.java
+++ b/policy/src/com/android/internal/policy/impl/PhoneWindow.java
@@ -49,6 +49,7 @@
import android.media.AudioManager;
import android.net.Uri;
import android.os.Bundle;
+import android.os.Debug;
import android.os.Handler;
import android.os.Parcel;
import android.os.Parcelable;
@@ -58,6 +59,7 @@
import android.util.DisplayMetrics;
import android.util.EventLog;
import android.util.Log;
+import android.util.Slog;
import android.util.SparseArray;
import android.util.TypedValue;
import android.view.ActionMode;
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index 9308feb..524403c 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -1933,8 +1933,6 @@
getDataPathForPackage(packageName, 0).getPath();
pkg.applicationInfo.nativeLibraryDir = ps.nativeLibraryPathString;
}
- // pkg.mSetEnabled = ps.getEnabled(userId);
- // pkg.mSetStopped = ps.getStopped(userId);
return generatePackageInfo(pkg, flags, userId);
}
return null;
@@ -6149,6 +6147,120 @@
mHandler.sendMessage(msg);
}
+ private void sendPackageAddedForUser(String packageName, PackageSetting pkgSetting, int userId) {
+ Bundle extras = new Bundle(1);
+ extras.putInt(Intent.EXTRA_UID, UserHandle.getUid(userId, pkgSetting.appId));
+
+ sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED,
+ packageName, extras, null, null, new int[] {userId});
+ try {
+ IActivityManager am = ActivityManagerNative.getDefault();
+ final boolean isSystem =
+ isSystemApp(pkgSetting) || isUpdatedSystemApp(pkgSetting);
+ if (isSystem && am.isUserRunning(userId, false)) {
+ // The just-installed/enabled app is bundled on the system, so presumed
+ // to be able to run automatically without needing an explicit launch.
+ // Send it a BOOT_COMPLETED if it would ordinarily have gotten one.
+ Intent bcIntent = new Intent(Intent.ACTION_BOOT_COMPLETED)
+ .addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES)
+ .setPackage(packageName);
+ am.broadcastIntent(null, bcIntent, null, null, 0, null, null, null,
+ android.app.AppOpsManager.OP_NONE, false, false, userId);
+ }
+ } catch (RemoteException e) {
+ // shouldn't happen
+ Slog.w(TAG, "Unable to bootstrap installed package", e);
+ }
+ }
+
+ @Override
+ public boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked,
+ int userId) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
+ PackageSetting pkgSetting;
+ final int uid = Binder.getCallingUid();
+ if (UserHandle.getUserId(uid) != userId) {
+ mContext.enforceCallingPermission(
+ android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
+ "setApplicationBlocked for user " + userId);
+ }
+
+ if (blocked && isPackageDeviceAdmin(packageName, userId)) {
+ Slog.w(TAG, "Not blocking package " + packageName + ": has active device admin");
+ return false;
+ }
+
+ long callingId = Binder.clearCallingIdentity();
+ try {
+ boolean sendAdded = false;
+ boolean sendRemoved = false;
+ // writer
+ synchronized (mPackages) {
+ pkgSetting = mSettings.mPackages.get(packageName);
+ if (pkgSetting == null) {
+ return false;
+ }
+ if (pkgSetting.getBlocked(userId) != blocked) {
+ pkgSetting.setBlocked(blocked, userId);
+ mSettings.writePackageRestrictionsLPr(userId);
+ if (blocked) {
+ sendRemoved = true;
+ } else {
+ sendAdded = true;
+ }
+ }
+ }
+ if (sendAdded) {
+ sendPackageAddedForUser(packageName, pkgSetting, userId);
+ return true;
+ }
+ if (sendRemoved) {
+ sendPackageBlockedForUser(packageName, pkgSetting, userId);
+ }
+ } finally {
+ Binder.restoreCallingIdentity(callingId);
+ }
+ return false;
+ }
+
+ private void sendPackageBlockedForUser(String packageName, PackageSetting pkgSetting,
+ int userId) {
+ final PackageRemovedInfo info = new PackageRemovedInfo();
+ info.removedPackage = packageName;
+ info.removedUsers = new int[] {userId};
+ info.uid = UserHandle.getUid(userId, pkgSetting.appId);
+ info.sendBroadcast(false, false, false);
+ }
+
+ /**
+ * Returns true if application is not found or there was an error. Otherwise it returns
+ * the blocked state of the package for the given user.
+ */
+ @Override
+ public boolean getApplicationBlockedSettingAsUser(String packageName, int userId) {
+ mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null);
+ PackageSetting pkgSetting;
+ final int uid = Binder.getCallingUid();
+ if (UserHandle.getUserId(uid) != userId) {
+ mContext.enforceCallingPermission(
+ android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
+ "getApplicationBlocked for user " + userId);
+ }
+ long callingId = Binder.clearCallingIdentity();
+ try {
+ // writer
+ synchronized (mPackages) {
+ pkgSetting = mSettings.mPackages.get(packageName);
+ if (pkgSetting == null) {
+ return true;
+ }
+ return pkgSetting.getBlocked(userId);
+ }
+ } finally {
+ Binder.restoreCallingIdentity(callingId);
+ }
+ }
+
/**
* @hide
*/
@@ -6180,33 +6292,14 @@
}
if (!pkgSetting.getInstalled(userId)) {
pkgSetting.setInstalled(true, userId);
+ pkgSetting.setBlocked(false, userId);
mSettings.writePackageRestrictionsLPr(userId);
- extras.putInt(Intent.EXTRA_UID, UserHandle.getUid(userId, pkgSetting.appId));
sendAdded = true;
}
}
if (sendAdded) {
- sendPackageBroadcast(Intent.ACTION_PACKAGE_ADDED,
- packageName, extras, null, null, new int[] {userId});
- try {
- IActivityManager am = ActivityManagerNative.getDefault();
- final boolean isSystem =
- isSystemApp(pkgSetting) || isUpdatedSystemApp(pkgSetting);
- if (isSystem && am.isUserRunning(userId, false)) {
- // The just-installed/enabled app is bundled on the system, so presumed
- // to be able to run automatically without needing an explicit launch.
- // Send it a BOOT_COMPLETED if it would ordinarily have gotten one.
- Intent bcIntent = new Intent(Intent.ACTION_BOOT_COMPLETED)
- .addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES)
- .setPackage(packageName);
- am.broadcastIntent(null, bcIntent, null, null, 0, null, null, null,
- android.app.AppOpsManager.OP_NONE, false, false, userId);
- }
- } catch (RemoteException e) {
- // shouldn't happen
- Slog.w(TAG, "Unable to bootstrap installed package", e);
- }
+ sendPackageAddedForUser(packageName, pkgSetting, userId);
}
} finally {
Binder.restoreCallingIdentity(callingId);
@@ -8697,6 +8790,19 @@
});
}
+ private boolean isPackageDeviceAdmin(String packageName, int userId) {
+ IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface(
+ ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
+ try {
+ if (dpm != null && (dpm.packageHasActiveAdmins(packageName, userId)
+ || dpm.isDeviceOwner(packageName))) {
+ return true;
+ }
+ } catch (RemoteException e) {
+ }
+ return false;
+ }
+
/**
* This method is an internal method that could be get invoked either
* to delete an installed package or to clean up a failed installation.
@@ -8715,15 +8821,9 @@
final PackageRemovedInfo info = new PackageRemovedInfo();
final boolean res;
- IDevicePolicyManager dpm = IDevicePolicyManager.Stub.asInterface(
- ServiceManager.getService(Context.DEVICE_POLICY_SERVICE));
- try {
- if (dpm != null && (dpm.packageHasActiveAdmins(packageName, userId)
- || dpm.isDeviceOwner(packageName))) {
- Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
- return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
- }
- } catch (RemoteException e) {
+ if (isPackageDeviceAdmin(packageName, userId)) {
+ Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
+ return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
}
boolean removedForAllUsers = false;
@@ -9039,6 +9139,7 @@
false, //installed
true, //stopped
true, //notLaunched
+ false, //blocked
null, null, null);
if (!isSystemApp(ps)) {
if (ps.isAnyInstalled(sUserManager.getUserIds())) {
diff --git a/services/java/com/android/server/pm/PackageSettingBase.java b/services/java/com/android/server/pm/PackageSettingBase.java
index b3fd60c..7747c8f 100644
--- a/services/java/com/android/server/pm/PackageSettingBase.java
+++ b/services/java/com/android/server/pm/PackageSettingBase.java
@@ -260,14 +260,24 @@
modifyUserState(userId).notLaunched = stop;
}
+ boolean getBlocked(int userId) {
+ return readUserState(userId).blocked;
+ }
+
+ void setBlocked(boolean blocked, int userId) {
+ modifyUserState(userId).blocked = blocked;
+ }
+
void setUserState(int userId, int enabled, boolean installed, boolean stopped,
- boolean notLaunched, String lastDisableAppCaller, HashSet<String> enabledComponents,
+ boolean notLaunched, boolean blocked,
+ String lastDisableAppCaller, HashSet<String> enabledComponents,
HashSet<String> disabledComponents) {
PackageUserState state = modifyUserState(userId);
state.enabled = enabled;
state.installed = installed;
state.stopped = stopped;
state.notLaunched = notLaunched;
+ state.blocked = blocked;
state.lastDisableAppCaller = lastDisableAppCaller;
state.enabledComponents = enabledComponents;
state.disabledComponents = disabledComponents;
diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java
index 0cae5d65..2d7d8a0 100644
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -109,6 +109,7 @@
private static final String ATTR_ENABLED = "enabled";
private static final String ATTR_ENABLED_CALLER = "enabledCaller";
private static final String ATTR_STOPPED = "stopped";
+ private static final String ATTR_BLOCKED = "blocked";
private static final String ATTR_INSTALLED = "inst";
private final File mSettingsFilename;
@@ -462,6 +463,7 @@
installed,
true, // stopped,
true, // notLaunched
+ false, // blocked
null, null, null);
writePackageRestrictionsLPr(user.id);
}
@@ -860,6 +862,7 @@
true, // installed
false, // stopped
false, // notLaunched
+ false, // blocked
null, null, null);
}
return;
@@ -913,6 +916,9 @@
final String stoppedStr = parser.getAttributeValue(null, ATTR_STOPPED);
final boolean stopped = stoppedStr == null
? false : Boolean.parseBoolean(stoppedStr);
+ final String blockedStr = parser.getAttributeValue(null, ATTR_BLOCKED);
+ final boolean blocked = blockedStr == null
+ ? false : Boolean.parseBoolean(blockedStr);
final String notLaunchedStr = parser.getAttributeValue(null, ATTR_NOT_LAUNCHED);
final boolean notLaunched = stoppedStr == null
? false : Boolean.parseBoolean(notLaunchedStr);
@@ -936,7 +942,7 @@
}
}
- ps.setUserState(userId, enabled, installed, stopped, notLaunched,
+ ps.setUserState(userId, enabled, installed, stopped, notLaunched, blocked,
enabledCaller, enabledComponents, disabledComponents);
} else if (tagName.equals("preferred-activities")) {
readPreferredActivitiesLPw(parser, userId);
@@ -1044,6 +1050,7 @@
PackageUserState ustate = pkg.readUserState(userId);
if (ustate.stopped || ustate.notLaunched || !ustate.installed
|| ustate.enabled != COMPONENT_ENABLED_STATE_DEFAULT
+ || ustate.blocked
|| (ustate.enabledComponents != null
&& ustate.enabledComponents.size() > 0)
|| (ustate.disabledComponents != null
@@ -1061,6 +1068,9 @@
if (ustate.notLaunched) {
serializer.attribute(null, ATTR_NOT_LAUNCHED, "true");
}
+ if (ustate.blocked) {
+ serializer.attribute(null, ATTR_BLOCKED, "true");
+ }
if (ustate.enabled != COMPONENT_ENABLED_STATE_DEFAULT) {
serializer.attribute(null, ATTR_ENABLED,
Integer.toString(ustate.enabled));
@@ -2847,6 +2857,8 @@
pw.print(prefix); pw.print(" User "); pw.print(user.id); pw.print(": ");
pw.print(" installed=");
pw.print(ps.getInstalled(user.id));
+ pw.print(" blocked=");
+ pw.print(ps.getBlocked(user.id));
pw.print(" stopped=");
pw.print(ps.getStopped(user.id));
pw.print(" notLaunched=");
diff --git a/services/java/com/android/server/pm/UserManagerService.java b/services/java/com/android/server/pm/UserManagerService.java
index 1323c93..d86f2c7 100644
--- a/services/java/com/android/server/pm/UserManagerService.java
+++ b/services/java/com/android/server/pm/UserManagerService.java
@@ -39,12 +39,15 @@
import android.os.IUserManager;
import android.os.Process;
import android.os.RemoteException;
+import android.os.SystemClock;
import android.os.UserHandle;
import android.os.UserManager;
import android.util.AtomicFile;
+import android.util.Log;
import android.util.Slog;
import android.util.SparseArray;
import android.util.SparseBooleanArray;
+import android.util.SparseLongArray;
import android.util.TimeUtils;
import android.util.Xml;
@@ -63,6 +66,9 @@
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
@@ -78,6 +84,10 @@
private static final String ATTR_ID = "id";
private static final String ATTR_CREATION_TIME = "created";
private static final String ATTR_LAST_LOGGED_IN_TIME = "lastLoggedIn";
+ private static final String ATTR_SALT = "salt";
+ private static final String ATTR_PIN_HASH = "pinHash";
+ private static final String ATTR_FAILED_ATTEMPTS = "failedAttempts";
+ private static final String ATTR_LAST_RETRY_MS = "lastAttemptMs";
private static final String ATTR_SERIAL_NO = "serialNumber";
private static final String ATTR_NEXT_SERIAL_NO = "nextSerialNumber";
private static final String ATTR_PARTIAL = "partial";
@@ -107,6 +117,13 @@
private static final long EPOCH_PLUS_30_YEARS = 30L * 365 * 24 * 60 * 60 * 1000L; // ms
+ // Number of attempts before jumping to the next BACKOFF_TIMES slot
+ private static final int BACKOFF_INC_INTERVAL = 5;
+
+ // Amount of time to force the user to wait before entering the PIN again, after failing
+ // BACKOFF_INC_INTERVAL times.
+ private static final int[] BACKOFF_TIMES = { 0, 30*1000, 60*1000, 5*60*1000, 30*60*1000 };
+
private final Context mContext;
private final PackageManagerService mPm;
private final Object mInstallLock;
@@ -121,6 +138,16 @@
private final SparseArray<UserInfo> mUsers = new SparseArray<UserInfo>();
private final SparseArray<Bundle> mUserRestrictions = new SparseArray<Bundle>();
+ class RestrictionsPinState {
+ long salt;
+ String pinHash;
+ int failedAttempts;
+ long lastAttemptTime;
+ }
+
+ private final SparseArray<RestrictionsPinState> mRestrictionsPinStates =
+ new SparseArray<RestrictionsPinState>();
+
/**
* Set of user IDs being actively removed. Removed IDs linger in this set
* for several seconds to work around a VFS caching issue.
@@ -604,6 +631,21 @@
serializer.attribute(null, ATTR_CREATION_TIME, Long.toString(userInfo.creationTime));
serializer.attribute(null, ATTR_LAST_LOGGED_IN_TIME,
Long.toString(userInfo.lastLoggedInTime));
+ RestrictionsPinState pinState = mRestrictionsPinStates.get(userInfo.id);
+ if (pinState != null) {
+ if (pinState.salt != 0) {
+ serializer.attribute(null, ATTR_SALT, Long.toString(pinState.salt));
+ }
+ if (pinState.pinHash != null) {
+ serializer.attribute(null, ATTR_PIN_HASH, pinState.pinHash);
+ }
+ if (pinState.failedAttempts != 0) {
+ serializer.attribute(null, ATTR_FAILED_ATTEMPTS,
+ Integer.toString(pinState.failedAttempts));
+ serializer.attribute(null, ATTR_LAST_RETRY_MS,
+ Long.toString(pinState.lastAttemptTime));
+ }
+ }
if (userInfo.iconPath != null) {
serializer.attribute(null, ATTR_ICON_PATH, userInfo.iconPath);
}
@@ -690,6 +732,10 @@
String iconPath = null;
long creationTime = 0L;
long lastLoggedInTime = 0L;
+ long salt = 0L;
+ String pinHash = null;
+ int failedAttempts = 0;
+ long lastAttemptTime = 0L;
boolean partial = false;
Bundle restrictions = new Bundle();
@@ -722,6 +768,10 @@
iconPath = parser.getAttributeValue(null, ATTR_ICON_PATH);
creationTime = readLongAttribute(parser, ATTR_CREATION_TIME, 0);
lastLoggedInTime = readLongAttribute(parser, ATTR_LAST_LOGGED_IN_TIME, 0);
+ salt = readLongAttribute(parser, ATTR_SALT, 0L);
+ pinHash = parser.getAttributeValue(null, ATTR_PIN_HASH);
+ failedAttempts = readIntAttribute(parser, ATTR_FAILED_ATTEMPTS, 0);
+ lastAttemptTime = readLongAttribute(parser, ATTR_LAST_RETRY_MS, 0L);
String valueString = parser.getAttributeValue(null, ATTR_PARTIAL);
if ("true".equals(valueString)) {
partial = true;
@@ -761,6 +811,17 @@
userInfo.lastLoggedInTime = lastLoggedInTime;
userInfo.partial = partial;
mUserRestrictions.append(id, restrictions);
+ if (salt != 0L) {
+ RestrictionsPinState pinState = mRestrictionsPinStates.get(id);
+ if (pinState == null) {
+ pinState = new RestrictionsPinState();
+ mRestrictionsPinStates.put(id, pinState);
+ }
+ pinState.salt = salt;
+ pinState.pinHash = pinHash;
+ pinState.failedAttempts = failedAttempts;
+ pinState.lastAttemptTime = lastAttemptTime;
+ }
return userInfo;
} catch (IOException ioe) {
@@ -949,6 +1010,7 @@
}
}, MINUTE_IN_MILLIS);
+ mRestrictionsPinStates.remove(userHandle);
// Remove user file
AtomicFile userFile = new AtomicFile(new File(mUsersDir, userHandle + ".xml"));
userFile.delete();
@@ -999,6 +1061,123 @@
}
}
+ @Override
+ public boolean changeRestrictionsPin(String newPin) {
+ checkManageUsersPermission("Only system can modify the restrictions pin");
+ int userId = UserHandle.getCallingUserId();
+ synchronized (mPackagesLock) {
+ RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
+ if (pinState == null) {
+ pinState = new RestrictionsPinState();
+ }
+ if (newPin == null) {
+ pinState.salt = 0;
+ pinState.pinHash = null;
+ } else {
+ try {
+ pinState.salt = SecureRandom.getInstance("SHA1PRNG").nextLong();
+ } catch (NoSuchAlgorithmException e) {
+ pinState.salt = (long) (Math.random() * Long.MAX_VALUE);
+ }
+ pinState.pinHash = passwordToHash(newPin, pinState.salt);
+ pinState.failedAttempts = 0;
+ }
+ mRestrictionsPinStates.put(userId, pinState);
+ writeUserLocked(mUsers.get(userId));
+ }
+ return true;
+ }
+
+ @Override
+ public int checkRestrictionsPin(String pin) {
+ checkManageUsersPermission("Only system can verify the restrictions pin");
+ int userId = UserHandle.getCallingUserId();
+ synchronized (mPackagesLock) {
+ RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
+ // If there's no pin set, return error code
+ if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) {
+ return UserManager.PIN_VERIFICATION_FAILED_NOT_SET;
+ } else if (pin == null) {
+ // If just checking if user can be prompted, return remaining time
+ int waitTime = getRemainingTimeForPinAttempt(pinState);
+ Slog.d(LOG_TAG, "Remaining waittime peek=" + waitTime);
+ return waitTime;
+ } else {
+ int waitTime = getRemainingTimeForPinAttempt(pinState);
+ Slog.d(LOG_TAG, "Remaining waittime=" + waitTime);
+ if (waitTime > 0) {
+ return waitTime;
+ }
+ if (passwordToHash(pin, pinState.salt).equals(pinState.pinHash)) {
+ pinState.failedAttempts = 0;
+ writeUserLocked(mUsers.get(userId));
+ return UserManager.PIN_VERIFICATION_SUCCESS;
+ } else {
+ pinState.failedAttempts++;
+ pinState.lastAttemptTime = System.currentTimeMillis();
+ writeUserLocked(mUsers.get(userId));
+ return waitTime;
+ }
+ }
+ }
+ }
+
+ private int getRemainingTimeForPinAttempt(RestrictionsPinState pinState) {
+ int backoffIndex = Math.min(pinState.failedAttempts / BACKOFF_INC_INTERVAL,
+ BACKOFF_TIMES.length - 1);
+ int backoffTime = (pinState.failedAttempts % BACKOFF_INC_INTERVAL) == 0 ?
+ BACKOFF_TIMES[backoffIndex] : 0;
+ return (int) Math.max(backoffTime + pinState.lastAttemptTime - System.currentTimeMillis(),
+ 0);
+ }
+
+ @Override
+ public boolean hasRestrictionsPin() {
+ int userId = UserHandle.getCallingUserId();
+ synchronized (mPackagesLock) {
+ RestrictionsPinState pinState = mRestrictionsPinStates.get(userId);
+ if (pinState == null || pinState.salt == 0 || pinState.pinHash == null) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /*
+ * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash.
+ * Not the most secure, but it is at least a second level of protection. First level is that
+ * the file is in a location only readable by the system process.
+ * @param password the password.
+ * @param salt the randomly generated salt
+ * @return the hash of the pattern in a String.
+ */
+ private String passwordToHash(String password, long salt) {
+ if (password == null) {
+ return null;
+ }
+ String algo = null;
+ String hashed = salt + password;
+ try {
+ byte[] saltedPassword = (password + salt).getBytes();
+ byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
+ byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
+ hashed = toHex(sha1) + toHex(md5);
+ } catch (NoSuchAlgorithmException e) {
+ Log.w(LOG_TAG, "Failed to encode string because of missing algorithm: " + algo);
+ }
+ return hashed;
+ }
+
+ private static String toHex(byte[] ary) {
+ final String hex = "0123456789ABCDEF";
+ String ret = "";
+ for (int i = 0; i < ary.length; i++) {
+ ret += hex.charAt((ary[i] >> 4) & 0xf);
+ ret += hex.charAt(ary[i] & 0xf);
+ }
+ return ret;
+ }
+
private int getUidForPackage(String packageName) {
long ident = Binder.clearCallingIdentity();
try {
diff --git a/test-runner/src/android/test/mock/MockPackageManager.java b/test-runner/src/android/test/mock/MockPackageManager.java
index 20a26ab..4683534 100644
--- a/test-runner/src/android/test/mock/MockPackageManager.java
+++ b/test-runner/src/android/test/mock/MockPackageManager.java
@@ -45,6 +45,8 @@
import android.content.res.XmlResourceParser;
import android.graphics.drawable.Drawable;
import android.net.Uri;
+import android.os.Binder;
+import android.os.UserHandle;
import java.util.List;
@@ -585,6 +587,23 @@
* @hide
*/
@Override
+ public boolean setApplicationBlockedSettingAsUser(String packageName, boolean blocked,
+ UserHandle user) {
+ return false;
+ }
+
+ /**
+ * @hide
+ */
+ @Override
+ public boolean getApplicationBlockedSettingAsUser(String packageName, UserHandle user) {
+ return false;
+ }
+
+ /**
+ * @hide
+ */
+ @Override
public int installExistingPackage(String packageName)
throws NameNotFoundException {
throw new UnsupportedOperationException();