| /* |
| * Copyright (C) 2007 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.internal.widget; |
| |
| import android.Manifest; |
| import android.app.ActivityManagerNative; |
| import android.app.AlarmManager; |
| import android.app.admin.DevicePolicyManager; |
| import android.app.trust.TrustManager; |
| import android.appwidget.AppWidgetManager; |
| import android.content.ComponentName; |
| import android.content.ContentResolver; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.pm.PackageManager; |
| import android.content.pm.UserInfo; |
| import android.os.AsyncTask; |
| import android.os.IBinder; |
| import android.os.RemoteException; |
| import android.os.ServiceManager; |
| import android.os.SystemClock; |
| import android.os.UserHandle; |
| import android.os.UserManager; |
| import android.os.storage.IMountService; |
| import android.os.storage.StorageManager; |
| import android.provider.Settings; |
| import android.telecom.TelecomManager; |
| import android.text.TextUtils; |
| import android.util.Log; |
| import android.view.IWindowManager; |
| import android.view.View; |
| import android.widget.Button; |
| |
| import com.android.internal.R; |
| import com.google.android.collect.Lists; |
| |
| import java.security.MessageDigest; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.SecureRandom; |
| import java.util.ArrayList; |
| import java.util.Collection; |
| import java.util.List; |
| |
| /** |
| * Utilities for the lock pattern and its settings. |
| */ |
| public class LockPatternUtils { |
| |
| private static final String TAG = "LockPatternUtils"; |
| private static final boolean DEBUG = false; |
| |
| /** |
| * The maximum number of incorrect attempts before the user is prevented |
| * from trying again for {@link #FAILED_ATTEMPT_TIMEOUT_MS}. |
| */ |
| public static final int FAILED_ATTEMPTS_BEFORE_TIMEOUT = 5; |
| |
| /** |
| * The number of incorrect attempts before which we fall back on an alternative |
| * method of verifying the user, and resetting their lock pattern. |
| */ |
| public static final int FAILED_ATTEMPTS_BEFORE_RESET = 20; |
| |
| /** |
| * How long the user is prevented from trying again after entering the |
| * wrong pattern too many times. |
| */ |
| public static final long FAILED_ATTEMPT_TIMEOUT_MS = 30000L; |
| |
| /** |
| * The interval of the countdown for showing progress of the lockout. |
| */ |
| public static final long FAILED_ATTEMPT_COUNTDOWN_INTERVAL_MS = 1000L; |
| |
| |
| /** |
| * This dictates when we start telling the user that continued failed attempts will wipe |
| * their device. |
| */ |
| public static final int FAILED_ATTEMPTS_BEFORE_WIPE_GRACE = 5; |
| |
| /** |
| * The minimum number of dots in a valid pattern. |
| */ |
| public static final int MIN_LOCK_PATTERN_SIZE = 4; |
| |
| /** |
| * The minimum number of dots the user must include in a wrong pattern |
| * attempt for it to be counted against the counts that affect |
| * {@link #FAILED_ATTEMPTS_BEFORE_TIMEOUT} and {@link #FAILED_ATTEMPTS_BEFORE_RESET} |
| */ |
| public static final int MIN_PATTERN_REGISTER_FAIL = MIN_LOCK_PATTERN_SIZE; |
| |
| /** |
| * Tells the keyguard to show the user switcher when the keyguard is created. |
| */ |
| public static final String KEYGUARD_SHOW_USER_SWITCHER = "showuserswitcher"; |
| |
| /** |
| * Tells the keyguard to show the security challenge when the keyguard is created. |
| */ |
| public static final String KEYGUARD_SHOW_SECURITY_CHALLENGE = "showsecuritychallenge"; |
| |
| /** |
| * Tells the keyguard to show the widget with the specified id when the keyguard is created. |
| */ |
| public static final String KEYGUARD_SHOW_APPWIDGET = "showappwidget"; |
| |
| /** |
| * The bit in LOCK_BIOMETRIC_WEAK_FLAGS to be used to indicate whether liveliness should |
| * be used |
| */ |
| public static final int FLAG_BIOMETRIC_WEAK_LIVELINESS = 0x1; |
| |
| /** |
| * Pseudo-appwidget id we use to represent the default clock status widget |
| */ |
| public static final int ID_DEFAULT_STATUS_WIDGET = -2; |
| |
| public final static String LOCKOUT_PERMANENT_KEY = "lockscreen.lockedoutpermanently"; |
| public final static String LOCKOUT_ATTEMPT_DEADLINE = "lockscreen.lockoutattemptdeadline"; |
| public final static String PATTERN_EVER_CHOSEN_KEY = "lockscreen.patterneverchosen"; |
| public final static String PASSWORD_TYPE_KEY = "lockscreen.password_type"; |
| public static final String PASSWORD_TYPE_ALTERNATE_KEY = "lockscreen.password_type_alternate"; |
| public final static String LOCK_PASSWORD_SALT_KEY = "lockscreen.password_salt"; |
| public final static String DISABLE_LOCKSCREEN_KEY = "lockscreen.disabled"; |
| public final static String LOCKSCREEN_OPTIONS = "lockscreen.options"; |
| public final static String LOCKSCREEN_BIOMETRIC_WEAK_FALLBACK |
| = "lockscreen.biometric_weak_fallback"; |
| public final static String BIOMETRIC_WEAK_EVER_CHOSEN_KEY |
| = "lockscreen.biometricweakeverchosen"; |
| public final static String LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS |
| = "lockscreen.power_button_instantly_locks"; |
| public final static String LOCKSCREEN_WIDGETS_ENABLED = "lockscreen.widgets_enabled"; |
| |
| public final static String PASSWORD_HISTORY_KEY = "lockscreen.passwordhistory"; |
| |
| private static final String LOCK_SCREEN_OWNER_INFO = Settings.Secure.LOCK_SCREEN_OWNER_INFO; |
| private static final String LOCK_SCREEN_OWNER_INFO_ENABLED = |
| Settings.Secure.LOCK_SCREEN_OWNER_INFO_ENABLED; |
| |
| private static final String ENABLED_TRUST_AGENTS = "lockscreen.enabledtrustagents"; |
| |
| // Maximum allowed number of repeated or ordered characters in a sequence before we'll |
| // consider it a complex PIN/password. |
| public static final int MAX_ALLOWED_SEQUENCE = 3; |
| |
| private final Context mContext; |
| private final ContentResolver mContentResolver; |
| private DevicePolicyManager mDevicePolicyManager; |
| private ILockSettings mLockSettingsService; |
| |
| private final boolean mMultiUserMode; |
| |
| // The current user is set by KeyguardViewMediator and shared by all LockPatternUtils. |
| private static volatile int sCurrentUserId = UserHandle.USER_NULL; |
| |
| public DevicePolicyManager getDevicePolicyManager() { |
| if (mDevicePolicyManager == null) { |
| mDevicePolicyManager = |
| (DevicePolicyManager)mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); |
| if (mDevicePolicyManager == null) { |
| Log.e(TAG, "Can't get DevicePolicyManagerService: is it running?", |
| new IllegalStateException("Stack trace:")); |
| } |
| } |
| return mDevicePolicyManager; |
| } |
| |
| private TrustManager getTrustManager() { |
| TrustManager trust = (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE); |
| if (trust == null) { |
| Log.e(TAG, "Can't get TrustManagerService: is it running?", |
| new IllegalStateException("Stack trace:")); |
| } |
| return trust; |
| } |
| |
| /** |
| * @param contentResolver Used to look up and save settings. |
| */ |
| public LockPatternUtils(Context context) { |
| mContext = context; |
| mContentResolver = context.getContentResolver(); |
| |
| // If this is being called by the system or by an application like keyguard that |
| // has permision INTERACT_ACROSS_USERS, then LockPatternUtils will operate in multi-user |
| // mode where calls are for the current user rather than the user of the calling process. |
| mMultiUserMode = context.checkCallingOrSelfPermission( |
| Manifest.permission.INTERACT_ACROSS_USERS_FULL) == PackageManager.PERMISSION_GRANTED; |
| } |
| |
| private ILockSettings getLockSettings() { |
| if (mLockSettingsService == null) { |
| mLockSettingsService = LockPatternUtilsCache.getInstance( |
| ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings"))); |
| } |
| return mLockSettingsService; |
| } |
| |
| public int getRequestedMinimumPasswordLength() { |
| return getDevicePolicyManager().getPasswordMinimumLength(null, getCurrentOrCallingUserId()); |
| } |
| |
| /** |
| * Gets the device policy password mode. If the mode is non-specific, returns |
| * MODE_PATTERN which allows the user to choose anything. |
| */ |
| public int getRequestedPasswordQuality() { |
| return getDevicePolicyManager().getPasswordQuality(null, getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordHistoryLength() { |
| return getDevicePolicyManager().getPasswordHistoryLength(null, getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordMinimumLetters() { |
| return getDevicePolicyManager().getPasswordMinimumLetters(null, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordMinimumUpperCase() { |
| return getDevicePolicyManager().getPasswordMinimumUpperCase(null, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordMinimumLowerCase() { |
| return getDevicePolicyManager().getPasswordMinimumLowerCase(null, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordMinimumNumeric() { |
| return getDevicePolicyManager().getPasswordMinimumNumeric(null, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordMinimumSymbols() { |
| return getDevicePolicyManager().getPasswordMinimumSymbols(null, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public int getRequestedPasswordMinimumNonLetter() { |
| return getDevicePolicyManager().getPasswordMinimumNonLetter(null, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public void reportFailedPasswordAttempt() { |
| int userId = getCurrentOrCallingUserId(); |
| getDevicePolicyManager().reportFailedPasswordAttempt(userId); |
| getTrustManager().reportUnlockAttempt(false /* authenticated */, userId); |
| getTrustManager().reportRequireCredentialEntry(userId); |
| } |
| |
| public void reportSuccessfulPasswordAttempt() { |
| getDevicePolicyManager().reportSuccessfulPasswordAttempt(getCurrentOrCallingUserId()); |
| getTrustManager().reportUnlockAttempt(true /* authenticated */, |
| getCurrentOrCallingUserId()); |
| } |
| |
| public void setCurrentUser(int userId) { |
| sCurrentUserId = userId; |
| } |
| |
| public int getCurrentUser() { |
| if (sCurrentUserId != UserHandle.USER_NULL) { |
| // Someone is regularly updating using setCurrentUser() use that value. |
| return sCurrentUserId; |
| } |
| try { |
| return ActivityManagerNative.getDefault().getCurrentUser().id; |
| } catch (RemoteException re) { |
| return UserHandle.USER_OWNER; |
| } |
| } |
| |
| public void removeUser(int userId) { |
| try { |
| getLockSettings().removeUser(userId); |
| } catch (RemoteException re) { |
| Log.e(TAG, "Couldn't remove lock settings for user " + userId); |
| } |
| } |
| |
| private int getCurrentOrCallingUserId() { |
| if (mMultiUserMode) { |
| // TODO: This is a little inefficient. See if all users of this are able to |
| // handle USER_CURRENT and pass that instead. |
| return getCurrentUser(); |
| } else { |
| return UserHandle.getCallingUserId(); |
| } |
| } |
| |
| /** |
| * Check to see if a pattern matches the saved pattern. If no pattern exists, |
| * always returns true. |
| * @param pattern The pattern to check. |
| * @return Whether the pattern matches the stored one. |
| */ |
| public boolean checkPattern(List<LockPatternView.Cell> pattern) { |
| final int userId = getCurrentOrCallingUserId(); |
| try { |
| return getLockSettings().checkPattern(patternToString(pattern), userId); |
| } catch (RemoteException re) { |
| return true; |
| } |
| } |
| |
| /** |
| * Check to see if a password matches the saved password. If no password exists, |
| * always returns true. |
| * @param password The password to check. |
| * @return Whether the password matches the stored one. |
| */ |
| public boolean checkPassword(String password) { |
| final int userId = getCurrentOrCallingUserId(); |
| try { |
| return getLockSettings().checkPassword(password, userId); |
| } catch (RemoteException re) { |
| return true; |
| } |
| } |
| |
| /** |
| * Check to see if vold already has the password. |
| * Note that this also clears vold's copy of the password. |
| * @return Whether the vold password matches or not. |
| */ |
| public boolean checkVoldPassword() { |
| final int userId = getCurrentOrCallingUserId(); |
| try { |
| return getLockSettings().checkVoldPassword(userId); |
| } catch (RemoteException re) { |
| return false; |
| } |
| } |
| |
| /** |
| * Check to see if a password matches any of the passwords stored in the |
| * password history. |
| * |
| * @param password The password to check. |
| * @return Whether the password matches any in the history. |
| */ |
| public boolean checkPasswordHistory(String password) { |
| String passwordHashString = new String( |
| passwordToHash(password, getCurrentOrCallingUserId())); |
| String passwordHistory = getString(PASSWORD_HISTORY_KEY); |
| if (passwordHistory == null) { |
| return false; |
| } |
| // Password History may be too long... |
| int passwordHashLength = passwordHashString.length(); |
| int passwordHistoryLength = getRequestedPasswordHistoryLength(); |
| if(passwordHistoryLength == 0) { |
| return false; |
| } |
| int neededPasswordHistoryLength = passwordHashLength * passwordHistoryLength |
| + passwordHistoryLength - 1; |
| if (passwordHistory.length() > neededPasswordHistoryLength) { |
| passwordHistory = passwordHistory.substring(0, neededPasswordHistoryLength); |
| } |
| return passwordHistory.contains(passwordHashString); |
| } |
| |
| /** |
| * Check to see if the user has stored a lock pattern. |
| * @return Whether a saved pattern exists. |
| */ |
| public boolean savedPatternExists() { |
| try { |
| return getLockSettings().havePattern(getCurrentOrCallingUserId()); |
| } catch (RemoteException re) { |
| return false; |
| } |
| } |
| |
| /** |
| * Check to see if the user has stored a lock pattern. |
| * @return Whether a saved pattern exists. |
| */ |
| public boolean savedPasswordExists() { |
| try { |
| return getLockSettings().havePassword(getCurrentOrCallingUserId()); |
| } catch (RemoteException re) { |
| return false; |
| } |
| } |
| |
| /** |
| * Return true if the user has ever chosen a pattern. This is true even if the pattern is |
| * currently cleared. |
| * |
| * @return True if the user has ever chosen a pattern. |
| */ |
| public boolean isPatternEverChosen() { |
| return getBoolean(PATTERN_EVER_CHOSEN_KEY, false); |
| } |
| |
| /** |
| * Return true if the user has ever chosen biometric weak. This is true even if biometric |
| * weak is not current set. |
| * |
| * @return True if the user has ever chosen biometric weak. |
| */ |
| public boolean isBiometricWeakEverChosen() { |
| return getBoolean(BIOMETRIC_WEAK_EVER_CHOSEN_KEY, false); |
| } |
| |
| /** |
| * Used by device policy manager to validate the current password |
| * information it has. |
| */ |
| public int getActivePasswordQuality() { |
| int activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| // Note we don't want to use getKeyguardStoredPasswordQuality() because we want this to |
| // return biometric_weak if that is being used instead of the backup |
| int quality = |
| (int) getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); |
| switch (quality) { |
| case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: |
| if (isLockPatternEnabled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; |
| } |
| break; |
| case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK: |
| if (isBiometricWeakInstalled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK; |
| } |
| break; |
| case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: |
| if (isLockPasswordEnabled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_NUMERIC; |
| } |
| break; |
| case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: |
| if (isLockPasswordEnabled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX; |
| } |
| break; |
| case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: |
| if (isLockPasswordEnabled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC; |
| } |
| break; |
| case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: |
| if (isLockPasswordEnabled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC; |
| } |
| break; |
| case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: |
| if (isLockPasswordEnabled()) { |
| activePasswordQuality = DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| } |
| break; |
| } |
| |
| return activePasswordQuality; |
| } |
| |
| /** |
| * Clear any lock pattern or password. |
| */ |
| public void clearLock(boolean isFallback) { |
| if(!isFallback) deleteGallery(); |
| saveLockPassword(null, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); |
| setLockPatternEnabled(false); |
| saveLockPattern(null); |
| setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED); |
| setLong(PASSWORD_TYPE_ALTERNATE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED); |
| onAfterChangingPassword(); |
| } |
| |
| /** |
| * Disable showing lock screen at all when the DevicePolicyManager allows it. |
| * This is only meaningful if pattern, pin or password are not set. |
| * |
| * @param disable Disables lock screen when true |
| */ |
| public void setLockScreenDisabled(boolean disable) { |
| setLong(DISABLE_LOCKSCREEN_KEY, disable ? 1 : 0); |
| } |
| |
| /** |
| * Determine if LockScreen can be disabled. This is used, for example, to tell if we should |
| * show LockScreen or go straight to the home screen. |
| * |
| * @return true if lock screen is can be disabled |
| */ |
| public boolean isLockScreenDisabled() { |
| if (!isSecure() && getLong(DISABLE_LOCKSCREEN_KEY, 0) != 0) { |
| // Check if the number of switchable users forces the lockscreen. |
| final List<UserInfo> users = UserManager.get(mContext).getUsers(true); |
| final int userCount = users.size(); |
| int switchableUsers = 0; |
| for (int i = 0; i < userCount; i++) { |
| if (users.get(i).supportsSwitchTo()) { |
| switchableUsers++; |
| } |
| } |
| return switchableUsers < 2; |
| } |
| return false; |
| } |
| |
| /** |
| * Calls back SetupFaceLock to delete the temporary gallery file |
| */ |
| public void deleteTempGallery() { |
| Intent intent = new Intent().setAction("com.android.facelock.DELETE_GALLERY"); |
| intent.putExtra("deleteTempGallery", true); |
| mContext.sendBroadcast(intent); |
| } |
| |
| /** |
| * Calls back SetupFaceLock to delete the gallery file when the lock type is changed |
| */ |
| void deleteGallery() { |
| if(usingBiometricWeak()) { |
| Intent intent = new Intent().setAction("com.android.facelock.DELETE_GALLERY"); |
| intent.putExtra("deleteGallery", true); |
| mContext.sendBroadcast(intent); |
| } |
| } |
| |
| /** |
| * Save a lock pattern. |
| * @param pattern The new pattern to save. |
| */ |
| public void saveLockPattern(List<LockPatternView.Cell> pattern) { |
| this.saveLockPattern(pattern, false); |
| } |
| |
| /** |
| * Save a lock pattern. |
| * @param pattern The new pattern to save. |
| * @param isFallback Specifies if this is a fallback to biometric weak |
| */ |
| public void saveLockPattern(List<LockPatternView.Cell> pattern, boolean isFallback) { |
| try { |
| int userId = getCurrentOrCallingUserId(); |
| getLockSettings().setLockPattern(patternToString(pattern), userId); |
| DevicePolicyManager dpm = getDevicePolicyManager(); |
| if (pattern != null) { |
| |
| int userHandle = userId; |
| if (userHandle == UserHandle.USER_OWNER) { |
| String stringPattern = patternToString(pattern); |
| updateEncryptionPassword(StorageManager.CRYPT_TYPE_PATTERN, stringPattern); |
| } |
| |
| setBoolean(PATTERN_EVER_CHOSEN_KEY, true); |
| if (!isFallback) { |
| deleteGallery(); |
| setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); |
| dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, |
| pattern.size(), 0, 0, 0, 0, 0, 0, userId); |
| } else { |
| setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK); |
| setLong(PASSWORD_TYPE_ALTERNATE_KEY, |
| DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); |
| finishBiometricWeak(); |
| dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK, |
| 0, 0, 0, 0, 0, 0, 0, userId); |
| } |
| } else { |
| dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, |
| 0, 0, 0, 0, 0, userId); |
| } |
| onAfterChangingPassword(); |
| } catch (RemoteException re) { |
| Log.e(TAG, "Couldn't save lock pattern " + re); |
| } |
| } |
| |
| private void updateCryptoUserInfo() { |
| int userId = getCurrentOrCallingUserId(); |
| if (userId != UserHandle.USER_OWNER) { |
| return; |
| } |
| |
| final String ownerInfo = isOwnerInfoEnabled() ? getOwnerInfo(userId) : ""; |
| |
| IBinder service = ServiceManager.getService("mount"); |
| if (service == null) { |
| Log.e(TAG, "Could not find the mount service to update the user info"); |
| return; |
| } |
| |
| IMountService mountService = IMountService.Stub.asInterface(service); |
| try { |
| Log.d(TAG, "Setting owner info"); |
| mountService.setField(StorageManager.OWNER_INFO_KEY, ownerInfo); |
| } catch (RemoteException e) { |
| Log.e(TAG, "Error changing user info", e); |
| } |
| } |
| |
| public void setOwnerInfo(String info, int userId) { |
| setString(LOCK_SCREEN_OWNER_INFO, info, userId); |
| updateCryptoUserInfo(); |
| } |
| |
| public void setOwnerInfoEnabled(boolean enabled) { |
| setBoolean(LOCK_SCREEN_OWNER_INFO_ENABLED, enabled); |
| updateCryptoUserInfo(); |
| } |
| |
| public String getOwnerInfo(int userId) { |
| return getString(LOCK_SCREEN_OWNER_INFO); |
| } |
| |
| public boolean isOwnerInfoEnabled() { |
| return getBoolean(LOCK_SCREEN_OWNER_INFO_ENABLED, false); |
| } |
| |
| /** |
| * Compute the password quality from the given password string. |
| */ |
| static public int computePasswordQuality(String password) { |
| boolean hasDigit = false; |
| boolean hasNonDigit = false; |
| final int len = password.length(); |
| for (int i = 0; i < len; i++) { |
| if (Character.isDigit(password.charAt(i))) { |
| hasDigit = true; |
| } else { |
| hasNonDigit = true; |
| } |
| } |
| |
| if (hasNonDigit && hasDigit) { |
| return DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC; |
| } |
| if (hasNonDigit) { |
| return DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC; |
| } |
| if (hasDigit) { |
| return maxLengthSequence(password) > MAX_ALLOWED_SEQUENCE |
| ? DevicePolicyManager.PASSWORD_QUALITY_NUMERIC |
| : DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX; |
| } |
| return DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| } |
| |
| private static int categoryChar(char c) { |
| if ('a' <= c && c <= 'z') return 0; |
| if ('A' <= c && c <= 'Z') return 1; |
| if ('0' <= c && c <= '9') return 2; |
| return 3; |
| } |
| |
| private static int maxDiffCategory(int category) { |
| if (category == 0 || category == 1) return 1; |
| else if (category == 2) return 10; |
| return 0; |
| } |
| |
| /* |
| * Returns the maximum length of a sequential characters. A sequence is defined as |
| * monotonically increasing characters with a constant interval or the same character repeated. |
| * |
| * For example: |
| * maxLengthSequence("1234") == 4 |
| * maxLengthSequence("1234abc") == 4 |
| * maxLengthSequence("aabc") == 3 |
| * maxLengthSequence("qwertyuio") == 1 |
| * maxLengthSequence("@ABC") == 3 |
| * maxLengthSequence(";;;;") == 4 (anything that repeats) |
| * maxLengthSequence(":;<=>") == 1 (ordered, but not composed of alphas or digits) |
| * |
| * @param string the pass |
| * @return the number of sequential letters or digits |
| */ |
| public static int maxLengthSequence(String string) { |
| if (string.length() == 0) return 0; |
| char previousChar = string.charAt(0); |
| int category = categoryChar(previousChar); //current category of the sequence |
| int diff = 0; //difference between two consecutive characters |
| boolean hasDiff = false; //if we are currently targeting a sequence |
| int maxLength = 0; //maximum length of a sequence already found |
| int startSequence = 0; //where the current sequence started |
| for (int current = 1; current < string.length(); current++) { |
| char currentChar = string.charAt(current); |
| int categoryCurrent = categoryChar(currentChar); |
| int currentDiff = (int) currentChar - (int) previousChar; |
| if (categoryCurrent != category || Math.abs(currentDiff) > maxDiffCategory(category)) { |
| maxLength = Math.max(maxLength, current - startSequence); |
| startSequence = current; |
| hasDiff = false; |
| category = categoryCurrent; |
| } |
| else { |
| if(hasDiff && currentDiff != diff) { |
| maxLength = Math.max(maxLength, current - startSequence); |
| startSequence = current - 1; |
| } |
| diff = currentDiff; |
| hasDiff = true; |
| } |
| previousChar = currentChar; |
| } |
| maxLength = Math.max(maxLength, string.length() - startSequence); |
| return maxLength; |
| } |
| |
| /** Update the encryption password if it is enabled **/ |
| private void updateEncryptionPassword(final int type, final String password) { |
| DevicePolicyManager dpm = getDevicePolicyManager(); |
| if (dpm.getStorageEncryptionStatus(getCurrentOrCallingUserId()) |
| != DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE) { |
| return; |
| } |
| |
| final IBinder service = ServiceManager.getService("mount"); |
| if (service == null) { |
| Log.e(TAG, "Could not find the mount service to update the encryption password"); |
| return; |
| } |
| |
| new AsyncTask<Void, Void, Void>() { |
| @Override |
| protected Void doInBackground(Void... dummy) { |
| IMountService mountService = IMountService.Stub.asInterface(service); |
| try { |
| mountService.changeEncryptionPassword(type, password); |
| } catch (RemoteException e) { |
| Log.e(TAG, "Error changing encryption password", e); |
| } |
| return null; |
| } |
| }.execute(); |
| } |
| |
| /** |
| * Save a lock password. Does not ensure that the password is as good |
| * as the requested mode, but will adjust the mode to be as good as the |
| * pattern. |
| * @param password The password to save |
| * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| */ |
| public void saveLockPassword(String password, int quality) { |
| this.saveLockPassword(password, quality, false, getCurrentOrCallingUserId()); |
| } |
| |
| /** |
| * Save a lock password. Does not ensure that the password is as good |
| * as the requested mode, but will adjust the mode to be as good as the |
| * pattern. |
| * @param password The password to save |
| * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| * @param isFallback Specifies if this is a fallback to biometric weak |
| */ |
| public void saveLockPassword(String password, int quality, boolean isFallback) { |
| saveLockPassword(password, quality, isFallback, getCurrentOrCallingUserId()); |
| } |
| |
| /** |
| * Save a lock password. Does not ensure that the password is as good |
| * as the requested mode, but will adjust the mode to be as good as the |
| * pattern. |
| * @param password The password to save |
| * @param quality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| * @param isFallback Specifies if this is a fallback to biometric weak |
| * @param userHandle The userId of the user to change the password for |
| */ |
| public void saveLockPassword(String password, int quality, boolean isFallback, int userHandle) { |
| try { |
| DevicePolicyManager dpm = getDevicePolicyManager(); |
| if (!TextUtils.isEmpty(password)) { |
| getLockSettings().setLockPassword(password, userHandle); |
| int computedQuality = computePasswordQuality(password); |
| |
| if (userHandle == UserHandle.USER_OWNER) { |
| // Update the encryption password. |
| int type = computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC |
| || computedQuality == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX |
| ? StorageManager.CRYPT_TYPE_PIN |
| : StorageManager.CRYPT_TYPE_PASSWORD; |
| updateEncryptionPassword(type, password); |
| } |
| |
| if (!isFallback) { |
| deleteGallery(); |
| setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality), userHandle); |
| if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { |
| int letters = 0; |
| int uppercase = 0; |
| int lowercase = 0; |
| int numbers = 0; |
| int symbols = 0; |
| int nonletter = 0; |
| for (int i = 0; i < password.length(); i++) { |
| char c = password.charAt(i); |
| if (c >= 'A' && c <= 'Z') { |
| letters++; |
| uppercase++; |
| } else if (c >= 'a' && c <= 'z') { |
| letters++; |
| lowercase++; |
| } else if (c >= '0' && c <= '9') { |
| numbers++; |
| nonletter++; |
| } else { |
| symbols++; |
| nonletter++; |
| } |
| } |
| dpm.setActivePasswordState(Math.max(quality, computedQuality), |
| password.length(), letters, uppercase, lowercase, |
| numbers, symbols, nonletter, userHandle); |
| } else { |
| // The password is not anything. |
| dpm.setActivePasswordState( |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, |
| 0, 0, 0, 0, 0, 0, 0, userHandle); |
| } |
| } else { |
| // Case where it's a fallback for biometric weak |
| setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK, |
| userHandle); |
| setLong(PASSWORD_TYPE_ALTERNATE_KEY, Math.max(quality, computedQuality), |
| userHandle); |
| finishBiometricWeak(); |
| dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK, |
| 0, 0, 0, 0, 0, 0, 0, userHandle); |
| } |
| // Add the password to the password history. We assume all |
| // password hashes have the same length for simplicity of implementation. |
| String passwordHistory = getString(PASSWORD_HISTORY_KEY, userHandle); |
| if (passwordHistory == null) { |
| passwordHistory = new String(); |
| } |
| int passwordHistoryLength = getRequestedPasswordHistoryLength(); |
| if (passwordHistoryLength == 0) { |
| passwordHistory = ""; |
| } else { |
| byte[] hash = passwordToHash(password, userHandle); |
| passwordHistory = new String(hash) + "," + passwordHistory; |
| // Cut it to contain passwordHistoryLength hashes |
| // and passwordHistoryLength -1 commas. |
| passwordHistory = passwordHistory.substring(0, Math.min(hash.length |
| * passwordHistoryLength + passwordHistoryLength - 1, passwordHistory |
| .length())); |
| } |
| setString(PASSWORD_HISTORY_KEY, passwordHistory, userHandle); |
| } else { |
| // Empty password |
| getLockSettings().setLockPassword(null, userHandle); |
| if (userHandle == UserHandle.USER_OWNER) { |
| // Set the encryption password to default. |
| updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null); |
| } |
| |
| dpm.setActivePasswordState( |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, 0, 0, 0, 0, 0, 0, 0, |
| userHandle); |
| } |
| onAfterChangingPassword(); |
| } catch (RemoteException re) { |
| // Cant do much |
| Log.e(TAG, "Unable to save lock password " + re); |
| } |
| } |
| |
| /** |
| * Gets whether the device is encrypted. |
| * |
| * @return Whether the device is encrypted. |
| */ |
| public static boolean isDeviceEncrypted() { |
| IMountService mountService = IMountService.Stub.asInterface( |
| ServiceManager.getService("mount")); |
| try { |
| return mountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE |
| && mountService.getPasswordType() != StorageManager.CRYPT_TYPE_DEFAULT; |
| } catch (RemoteException re) { |
| Log.e(TAG, "Error getting encryption state", re); |
| } |
| return true; |
| } |
| |
| /** |
| * Clears the encryption password. |
| */ |
| public void clearEncryptionPassword() { |
| updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null); |
| } |
| |
| /** |
| * Retrieves the quality mode we're in. |
| * {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| * |
| * @return stored password quality |
| */ |
| public int getKeyguardStoredPasswordQuality() { |
| return getKeyguardStoredPasswordQuality(getCurrentOrCallingUserId()); |
| } |
| |
| /** |
| * Retrieves the quality mode for {@param userHandle}. |
| * {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| * |
| * @return stored password quality |
| */ |
| public int getKeyguardStoredPasswordQuality(int userHandle) { |
| int quality = (int) getLong(PASSWORD_TYPE_KEY, |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle); |
| // If the user has chosen to use weak biometric sensor, then return the backup locking |
| // method and treat biometric as a special case. |
| if (quality == DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK) { |
| quality = (int) getLong(PASSWORD_TYPE_ALTERNATE_KEY, |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, userHandle); |
| } |
| return quality; |
| } |
| |
| /** |
| * @return true if the lockscreen method is set to biometric weak |
| */ |
| public boolean usingBiometricWeak() { |
| int quality = |
| (int) getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED); |
| return quality == DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK; |
| } |
| |
| /** |
| * Deserialize a pattern. |
| * @param string The pattern serialized with {@link #patternToString} |
| * @return The pattern. |
| */ |
| public static List<LockPatternView.Cell> stringToPattern(String string) { |
| List<LockPatternView.Cell> result = Lists.newArrayList(); |
| |
| final byte[] bytes = string.getBytes(); |
| for (int i = 0; i < bytes.length; i++) { |
| byte b = bytes[i]; |
| result.add(LockPatternView.Cell.of(b / 3, b % 3)); |
| } |
| return result; |
| } |
| |
| /** |
| * Serialize a pattern. |
| * @param pattern The pattern. |
| * @return The pattern in string form. |
| */ |
| public static String patternToString(List<LockPatternView.Cell> pattern) { |
| if (pattern == null) { |
| return ""; |
| } |
| final int patternSize = pattern.size(); |
| |
| byte[] res = new byte[patternSize]; |
| for (int i = 0; i < patternSize; i++) { |
| LockPatternView.Cell cell = pattern.get(i); |
| res[i] = (byte) (cell.getRow() * 3 + cell.getColumn()); |
| } |
| return new String(res); |
| } |
| |
| /* |
| * Generate an SHA-1 hash for the pattern. Not the most secure, but it is |
| * at least a second level of protection. First level is that the file |
| * is in a location only readable by the system process. |
| * @param pattern the gesture pattern. |
| * @return the hash of the pattern in a byte array. |
| */ |
| public static byte[] patternToHash(List<LockPatternView.Cell> pattern) { |
| if (pattern == null) { |
| return null; |
| } |
| |
| final int patternSize = pattern.size(); |
| byte[] res = new byte[patternSize]; |
| for (int i = 0; i < patternSize; i++) { |
| LockPatternView.Cell cell = pattern.get(i); |
| res[i] = (byte) (cell.getRow() * 3 + cell.getColumn()); |
| } |
| try { |
| MessageDigest md = MessageDigest.getInstance("SHA-1"); |
| byte[] hash = md.digest(res); |
| return hash; |
| } catch (NoSuchAlgorithmException nsa) { |
| return res; |
| } |
| } |
| |
| private String getSalt(int userId) { |
| long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0, userId); |
| if (salt == 0) { |
| try { |
| salt = SecureRandom.getInstance("SHA1PRNG").nextLong(); |
| setLong(LOCK_PASSWORD_SALT_KEY, salt, userId); |
| Log.v(TAG, "Initialized lock password salt for user: " + userId); |
| } catch (NoSuchAlgorithmException e) { |
| // Throw an exception rather than storing a password we'll never be able to recover |
| throw new IllegalStateException("Couldn't get SecureRandom number", e); |
| } |
| } |
| return Long.toHexString(salt); |
| } |
| |
| /* |
| * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash. |
| * Not the most secure, but it is at least a second level of protection. First level is that |
| * the file is in a location only readable by the system process. |
| * @param password the gesture pattern. |
| * @return the hash of the pattern in a byte array. |
| */ |
| public byte[] passwordToHash(String password, int userId) { |
| if (password == null) { |
| return null; |
| } |
| String algo = null; |
| byte[] hashed = null; |
| try { |
| byte[] saltedPassword = (password + getSalt(userId)).getBytes(); |
| byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); |
| byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); |
| hashed = (toHex(sha1) + toHex(md5)).getBytes(); |
| } catch (NoSuchAlgorithmException e) { |
| Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo); |
| } |
| return hashed; |
| } |
| |
| private static String toHex(byte[] ary) { |
| final String hex = "0123456789ABCDEF"; |
| String ret = ""; |
| for (int i = 0; i < ary.length; i++) { |
| ret += hex.charAt((ary[i] >> 4) & 0xf); |
| ret += hex.charAt(ary[i] & 0xf); |
| } |
| return ret; |
| } |
| |
| /** |
| * @return Whether the lock password is enabled, or if it is set as a backup for biometric weak |
| */ |
| public boolean isLockPasswordEnabled() { |
| long mode = getLong(PASSWORD_TYPE_KEY, 0); |
| long backupMode = getLong(PASSWORD_TYPE_ALTERNATE_KEY, 0); |
| final boolean passwordEnabled = mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| final boolean backupEnabled = backupMode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC |
| || backupMode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC |
| || backupMode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX |
| || backupMode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC |
| || backupMode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| |
| return savedPasswordExists() && (passwordEnabled || |
| (usingBiometricWeak() && backupEnabled)); |
| } |
| |
| /** |
| * @return Whether the lock pattern is enabled, or if it is set as a backup for biometric weak |
| */ |
| public boolean isLockPatternEnabled() { |
| final boolean backupEnabled = |
| getLong(PASSWORD_TYPE_ALTERNATE_KEY, |
| DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) |
| == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; |
| |
| return getBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, false) |
| && (getLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) |
| == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING || |
| (usingBiometricWeak() && backupEnabled)); |
| } |
| |
| /** |
| * @return Whether biometric weak lock is installed and that the front facing camera exists |
| */ |
| public boolean isBiometricWeakInstalled() { |
| // Check that it's installed |
| PackageManager pm = mContext.getPackageManager(); |
| try { |
| pm.getPackageInfo("com.android.facelock", PackageManager.GET_ACTIVITIES); |
| } catch (PackageManager.NameNotFoundException e) { |
| return false; |
| } |
| |
| // Check that the camera is enabled |
| if (!pm.hasSystemFeature(PackageManager.FEATURE_CAMERA_FRONT)) { |
| return false; |
| } |
| if (getDevicePolicyManager().getCameraDisabled(null, getCurrentOrCallingUserId())) { |
| return false; |
| } |
| |
| // TODO: If we decide not to proceed with Face Unlock as a trustlet, this must be changed |
| // back to returning true. If we become certain that Face Unlock will be a trustlet, this |
| // entire function and a lot of other code can be removed. |
| if (DEBUG) Log.d(TAG, "Forcing isBiometricWeakInstalled() to return false to disable it"); |
| return false; |
| } |
| |
| /** |
| * Set whether biometric weak liveliness is enabled. |
| */ |
| public void setBiometricWeakLivelinessEnabled(boolean enabled) { |
| long currentFlag = getLong(Settings.Secure.LOCK_BIOMETRIC_WEAK_FLAGS, 0L); |
| long newFlag; |
| if (enabled) { |
| newFlag = currentFlag | FLAG_BIOMETRIC_WEAK_LIVELINESS; |
| } else { |
| newFlag = currentFlag & ~FLAG_BIOMETRIC_WEAK_LIVELINESS; |
| } |
| setLong(Settings.Secure.LOCK_BIOMETRIC_WEAK_FLAGS, newFlag); |
| } |
| |
| /** |
| * @return Whether the biometric weak liveliness is enabled. |
| */ |
| public boolean isBiometricWeakLivelinessEnabled() { |
| long currentFlag = getLong(Settings.Secure.LOCK_BIOMETRIC_WEAK_FLAGS, 0L); |
| return ((currentFlag & FLAG_BIOMETRIC_WEAK_LIVELINESS) != 0); |
| } |
| |
| /** |
| * Set whether the lock pattern is enabled. |
| */ |
| public void setLockPatternEnabled(boolean enabled) { |
| setBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, enabled); |
| } |
| |
| /** |
| * @return Whether the visible pattern is enabled. |
| */ |
| public boolean isVisiblePatternEnabled() { |
| return getBoolean(Settings.Secure.LOCK_PATTERN_VISIBLE, false); |
| } |
| |
| /** |
| * Set whether the visible pattern is enabled. |
| */ |
| public void setVisiblePatternEnabled(boolean enabled) { |
| setBoolean(Settings.Secure.LOCK_PATTERN_VISIBLE, enabled); |
| |
| // Update for crypto if owner |
| int userId = getCurrentOrCallingUserId(); |
| if (userId != UserHandle.USER_OWNER) { |
| return; |
| } |
| |
| IBinder service = ServiceManager.getService("mount"); |
| if (service == null) { |
| Log.e(TAG, "Could not find the mount service to update the user info"); |
| return; |
| } |
| |
| IMountService mountService = IMountService.Stub.asInterface(service); |
| try { |
| mountService.setField(StorageManager.PATTERN_VISIBLE_KEY, enabled ? "1" : "0"); |
| } catch (RemoteException e) { |
| Log.e(TAG, "Error changing pattern visible state", e); |
| } |
| } |
| |
| /** |
| * @return Whether tactile feedback for the pattern is enabled. |
| */ |
| public boolean isTactileFeedbackEnabled() { |
| return Settings.System.getIntForUser(mContentResolver, |
| Settings.System.HAPTIC_FEEDBACK_ENABLED, 1, UserHandle.USER_CURRENT) != 0; |
| } |
| |
| /** |
| * Set and store the lockout deadline, meaning the user can't attempt his/her unlock |
| * pattern until the deadline has passed. |
| * @return the chosen deadline. |
| */ |
| public long setLockoutAttemptDeadline() { |
| final long deadline = SystemClock.elapsedRealtime() + FAILED_ATTEMPT_TIMEOUT_MS; |
| setLong(LOCKOUT_ATTEMPT_DEADLINE, deadline); |
| return deadline; |
| } |
| |
| /** |
| * @return The elapsed time in millis in the future when the user is allowed to |
| * attempt to enter his/her lock pattern, or 0 if the user is welcome to |
| * enter a pattern. |
| */ |
| public long getLockoutAttemptDeadline() { |
| final long deadline = getLong(LOCKOUT_ATTEMPT_DEADLINE, 0L); |
| final long now = SystemClock.elapsedRealtime(); |
| if (deadline < now || deadline > (now + FAILED_ATTEMPT_TIMEOUT_MS)) { |
| return 0L; |
| } |
| return deadline; |
| } |
| |
| /** |
| * @return Whether the user is permanently locked out until they verify their |
| * credentials. Occurs after {@link #FAILED_ATTEMPTS_BEFORE_RESET} failed |
| * attempts. |
| */ |
| public boolean isPermanentlyLocked() { |
| return getBoolean(LOCKOUT_PERMANENT_KEY, false); |
| } |
| |
| /** |
| * Set the state of whether the device is permanently locked, meaning the user |
| * must authenticate via other means. |
| * |
| * @param locked Whether the user is permanently locked out until they verify their |
| * credentials. Occurs after {@link #FAILED_ATTEMPTS_BEFORE_RESET} failed |
| * attempts. |
| */ |
| public void setPermanentlyLocked(boolean locked) { |
| setBoolean(LOCKOUT_PERMANENT_KEY, locked); |
| } |
| |
| public boolean isEmergencyCallCapable() { |
| return mContext.getResources().getBoolean( |
| com.android.internal.R.bool.config_voice_capable); |
| } |
| |
| public boolean isPukUnlockScreenEnable() { |
| return mContext.getResources().getBoolean( |
| com.android.internal.R.bool.config_enable_puk_unlock_screen); |
| } |
| |
| public boolean isEmergencyCallEnabledWhileSimLocked() { |
| return mContext.getResources().getBoolean( |
| com.android.internal.R.bool.config_enable_emergency_call_while_sim_locked); |
| } |
| |
| /** |
| * @return A formatted string of the next alarm (for showing on the lock screen), |
| * or null if there is no next alarm. |
| */ |
| public AlarmManager.AlarmClockInfo getNextAlarm() { |
| AlarmManager alarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE); |
| return alarmManager.getNextAlarmClock(UserHandle.USER_CURRENT); |
| } |
| |
| private boolean getBoolean(String secureSettingKey, boolean defaultValue, int userId) { |
| try { |
| return getLockSettings().getBoolean(secureSettingKey, defaultValue, userId); |
| } catch (RemoteException re) { |
| return defaultValue; |
| } |
| } |
| |
| private boolean getBoolean(String secureSettingKey, boolean defaultValue) { |
| return getBoolean(secureSettingKey, defaultValue, getCurrentOrCallingUserId()); |
| } |
| |
| private void setBoolean(String secureSettingKey, boolean enabled, int userId) { |
| try { |
| getLockSettings().setBoolean(secureSettingKey, enabled, userId); |
| } catch (RemoteException re) { |
| // What can we do? |
| Log.e(TAG, "Couldn't write boolean " + secureSettingKey + re); |
| } |
| } |
| |
| private void setBoolean(String secureSettingKey, boolean enabled) { |
| setBoolean(secureSettingKey, enabled, getCurrentOrCallingUserId()); |
| } |
| |
| public int[] getAppWidgets() { |
| return getAppWidgets(UserHandle.USER_CURRENT); |
| } |
| |
| private int[] getAppWidgets(int userId) { |
| String appWidgetIdString = Settings.Secure.getStringForUser( |
| mContentResolver, Settings.Secure.LOCK_SCREEN_APPWIDGET_IDS, userId); |
| String delims = ","; |
| if (appWidgetIdString != null && appWidgetIdString.length() > 0) { |
| String[] appWidgetStringIds = appWidgetIdString.split(delims); |
| int[] appWidgetIds = new int[appWidgetStringIds.length]; |
| for (int i = 0; i < appWidgetStringIds.length; i++) { |
| String appWidget = appWidgetStringIds[i]; |
| try { |
| appWidgetIds[i] = Integer.decode(appWidget); |
| } catch (NumberFormatException e) { |
| Log.d(TAG, "Error when parsing widget id " + appWidget); |
| return null; |
| } |
| } |
| return appWidgetIds; |
| } |
| return new int[0]; |
| } |
| |
| private static String combineStrings(int[] list, String separator) { |
| int listLength = list.length; |
| |
| switch (listLength) { |
| case 0: { |
| return ""; |
| } |
| case 1: { |
| return Integer.toString(list[0]); |
| } |
| } |
| |
| int strLength = 0; |
| int separatorLength = separator.length(); |
| |
| String[] stringList = new String[list.length]; |
| for (int i = 0; i < listLength; i++) { |
| stringList[i] = Integer.toString(list[i]); |
| strLength += stringList[i].length(); |
| if (i < listLength - 1) { |
| strLength += separatorLength; |
| } |
| } |
| |
| StringBuilder sb = new StringBuilder(strLength); |
| |
| for (int i = 0; i < listLength; i++) { |
| sb.append(list[i]); |
| if (i < listLength - 1) { |
| sb.append(separator); |
| } |
| } |
| |
| return sb.toString(); |
| } |
| |
| // appwidget used when appwidgets are disabled (we make an exception for |
| // default clock widget) |
| public void writeFallbackAppWidgetId(int appWidgetId) { |
| Settings.Secure.putIntForUser(mContentResolver, |
| Settings.Secure.LOCK_SCREEN_FALLBACK_APPWIDGET_ID, |
| appWidgetId, |
| UserHandle.USER_CURRENT); |
| } |
| |
| // appwidget used when appwidgets are disabled (we make an exception for |
| // default clock widget) |
| public int getFallbackAppWidgetId() { |
| return Settings.Secure.getIntForUser( |
| mContentResolver, |
| Settings.Secure.LOCK_SCREEN_FALLBACK_APPWIDGET_ID, |
| AppWidgetManager.INVALID_APPWIDGET_ID, |
| UserHandle.USER_CURRENT); |
| } |
| |
| private void writeAppWidgets(int[] appWidgetIds) { |
| Settings.Secure.putStringForUser(mContentResolver, |
| Settings.Secure.LOCK_SCREEN_APPWIDGET_IDS, |
| combineStrings(appWidgetIds, ","), |
| UserHandle.USER_CURRENT); |
| } |
| |
| // TODO: log an error if this returns false |
| public boolean addAppWidget(int widgetId, int index) { |
| int[] widgets = getAppWidgets(); |
| if (widgets == null) { |
| return false; |
| } |
| if (index < 0 || index > widgets.length) { |
| return false; |
| } |
| int[] newWidgets = new int[widgets.length + 1]; |
| for (int i = 0, j = 0; i < newWidgets.length; i++) { |
| if (index == i) { |
| newWidgets[i] = widgetId; |
| i++; |
| } |
| if (i < newWidgets.length) { |
| newWidgets[i] = widgets[j]; |
| j++; |
| } |
| } |
| writeAppWidgets(newWidgets); |
| return true; |
| } |
| |
| public boolean removeAppWidget(int widgetId) { |
| int[] widgets = getAppWidgets(); |
| |
| if (widgets.length == 0) { |
| return false; |
| } |
| |
| int[] newWidgets = new int[widgets.length - 1]; |
| for (int i = 0, j = 0; i < widgets.length; i++) { |
| if (widgets[i] == widgetId) { |
| // continue... |
| } else if (j >= newWidgets.length) { |
| // we couldn't find the widget |
| return false; |
| } else { |
| newWidgets[j] = widgets[i]; |
| j++; |
| } |
| } |
| writeAppWidgets(newWidgets); |
| return true; |
| } |
| |
| private long getLong(String secureSettingKey, long defaultValue, int userHandle) { |
| try { |
| return getLockSettings().getLong(secureSettingKey, defaultValue, userHandle); |
| } catch (RemoteException re) { |
| return defaultValue; |
| } |
| } |
| |
| private long getLong(String secureSettingKey, long defaultValue) { |
| try { |
| return getLockSettings().getLong(secureSettingKey, defaultValue, |
| getCurrentOrCallingUserId()); |
| } catch (RemoteException re) { |
| return defaultValue; |
| } |
| } |
| |
| private void setLong(String secureSettingKey, long value) { |
| setLong(secureSettingKey, value, getCurrentOrCallingUserId()); |
| } |
| |
| private void setLong(String secureSettingKey, long value, int userHandle) { |
| try { |
| getLockSettings().setLong(secureSettingKey, value, userHandle); |
| } catch (RemoteException re) { |
| // What can we do? |
| Log.e(TAG, "Couldn't write long " + secureSettingKey + re); |
| } |
| } |
| |
| private String getString(String secureSettingKey) { |
| return getString(secureSettingKey, getCurrentOrCallingUserId()); |
| } |
| |
| private String getString(String secureSettingKey, int userHandle) { |
| try { |
| return getLockSettings().getString(secureSettingKey, null, userHandle); |
| } catch (RemoteException re) { |
| return null; |
| } |
| } |
| |
| private void setString(String secureSettingKey, String value, int userHandle) { |
| try { |
| getLockSettings().setString(secureSettingKey, value, userHandle); |
| } catch (RemoteException re) { |
| // What can we do? |
| Log.e(TAG, "Couldn't write string " + secureSettingKey + re); |
| } |
| } |
| |
| public boolean isSecure() { |
| long mode = getKeyguardStoredPasswordQuality(); |
| final boolean isPattern = mode == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; |
| final boolean isPassword = mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC |
| || mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| final boolean secure = isPattern && isLockPatternEnabled() && savedPatternExists() |
| || isPassword && savedPasswordExists(); |
| return secure; |
| } |
| |
| /** |
| * Sets the emergency button visibility based on isEmergencyCallCapable(). |
| * |
| * If the emergency button is visible, sets the text on the emergency button |
| * to indicate what action will be taken. |
| * |
| * If there's currently a call in progress, the button will take them to the call |
| * @param button The button to update |
| * @param shown Indicates whether the given screen wants the emergency button to show at all |
| * @param showIcon Indicates whether to show a phone icon for the button. |
| */ |
| public void updateEmergencyCallButtonState(Button button, boolean shown, boolean showIcon) { |
| if (isEmergencyCallCapable() && shown) { |
| button.setVisibility(View.VISIBLE); |
| } else { |
| button.setVisibility(View.GONE); |
| return; |
| } |
| |
| int textId; |
| if (isInCall()) { |
| // show "return to call" text and show phone icon |
| textId = R.string.lockscreen_return_to_call; |
| int phoneCallIcon = showIcon ? R.drawable.stat_sys_phone_call : 0; |
| button.setCompoundDrawablesWithIntrinsicBounds(phoneCallIcon, 0, 0, 0); |
| } else { |
| textId = R.string.lockscreen_emergency_call; |
| int emergencyIcon = showIcon ? R.drawable.ic_emergency : 0; |
| button.setCompoundDrawablesWithIntrinsicBounds(emergencyIcon, 0, 0, 0); |
| } |
| button.setText(textId); |
| } |
| |
| /** |
| * Resumes a call in progress. Typically launched from the EmergencyCall button |
| * on various lockscreens. |
| */ |
| public void resumeCall() { |
| getTelecommManager().showInCallScreen(false); |
| } |
| |
| /** |
| * @return {@code true} if there is a call currently in progress, {@code false} otherwise. |
| */ |
| public boolean isInCall() { |
| return getTelecommManager().isInCall(); |
| } |
| |
| private TelecomManager getTelecommManager() { |
| return (TelecomManager) mContext.getSystemService(Context.TELECOM_SERVICE); |
| } |
| |
| private void finishBiometricWeak() { |
| setBoolean(BIOMETRIC_WEAK_EVER_CHOSEN_KEY, true); |
| |
| // Launch intent to show final screen, this also |
| // moves the temporary gallery to the actual gallery |
| Intent intent = new Intent(); |
| intent.setClassName("com.android.facelock", |
| "com.android.facelock.SetupEndScreen"); |
| mContext.startActivity(intent); |
| } |
| |
| public void setPowerButtonInstantlyLocks(boolean enabled) { |
| setBoolean(LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS, enabled); |
| } |
| |
| public boolean getPowerButtonInstantlyLocks() { |
| return getBoolean(LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS, true); |
| } |
| |
| public static boolean isSafeModeEnabled() { |
| try { |
| return IWindowManager.Stub.asInterface( |
| ServiceManager.getService("window")).isSafeModeEnabled(); |
| } catch (RemoteException e) { |
| // Shouldn't happen! |
| } |
| return false; |
| } |
| |
| /** |
| * Determine whether the user has selected any non-system widgets in keyguard |
| * |
| * @return true if widgets have been selected |
| */ |
| public boolean hasWidgetsEnabledInKeyguard(int userid) { |
| int widgets[] = getAppWidgets(userid); |
| for (int i = 0; i < widgets.length; i++) { |
| if (widgets[i] > 0) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| public boolean getWidgetsEnabled() { |
| return getWidgetsEnabled(getCurrentOrCallingUserId()); |
| } |
| |
| public boolean getWidgetsEnabled(int userId) { |
| return getBoolean(LOCKSCREEN_WIDGETS_ENABLED, false, userId); |
| } |
| |
| public void setWidgetsEnabled(boolean enabled) { |
| setWidgetsEnabled(enabled, getCurrentOrCallingUserId()); |
| } |
| |
| public void setWidgetsEnabled(boolean enabled, int userId) { |
| setBoolean(LOCKSCREEN_WIDGETS_ENABLED, enabled, userId); |
| } |
| |
| public void setEnabledTrustAgents(Collection<ComponentName> activeTrustAgents) { |
| setEnabledTrustAgents(activeTrustAgents, getCurrentOrCallingUserId()); |
| } |
| |
| public List<ComponentName> getEnabledTrustAgents() { |
| return getEnabledTrustAgents(getCurrentOrCallingUserId()); |
| } |
| |
| public void setEnabledTrustAgents(Collection<ComponentName> activeTrustAgents, int userId) { |
| StringBuilder sb = new StringBuilder(); |
| for (ComponentName cn : activeTrustAgents) { |
| if (sb.length() > 0) { |
| sb.append(','); |
| } |
| sb.append(cn.flattenToShortString()); |
| } |
| setString(ENABLED_TRUST_AGENTS, sb.toString(), userId); |
| getTrustManager().reportEnabledTrustAgentsChanged(getCurrentOrCallingUserId()); |
| } |
| |
| public List<ComponentName> getEnabledTrustAgents(int userId) { |
| String serialized = getString(ENABLED_TRUST_AGENTS, userId); |
| if (TextUtils.isEmpty(serialized)) { |
| return null; |
| } |
| String[] split = serialized.split(","); |
| ArrayList<ComponentName> activeTrustAgents = new ArrayList<ComponentName>(split.length); |
| for (String s : split) { |
| if (!TextUtils.isEmpty(s)) { |
| activeTrustAgents.add(ComponentName.unflattenFromString(s)); |
| } |
| } |
| return activeTrustAgents; |
| } |
| |
| /** |
| * @see android.app.trust.TrustManager#reportRequireCredentialEntry(int) |
| */ |
| public void requireCredentialEntry(int userId) { |
| getTrustManager().reportRequireCredentialEntry(userId); |
| } |
| |
| private void onAfterChangingPassword() { |
| getTrustManager().reportEnabledTrustAgentsChanged(getCurrentOrCallingUserId()); |
| } |
| } |