Merge "Allow smart unlock right after boot."
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index a1b18fe..2354125 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -1418,25 +1418,32 @@
*/
public static final int SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL = 0x10;
- public static final int DEFAULT = STRONG_AUTH_REQUIRED_AFTER_BOOT;
-
private static final int ALLOWING_FINGERPRINT = STRONG_AUTH_NOT_REQUIRED
| SOME_AUTH_REQUIRED_AFTER_USER_REQUEST
| SOME_AUTH_REQUIRED_AFTER_WRONG_CREDENTIAL;
private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray();
private final H mHandler;
+ private final int mDefaultStrongAuthFlags;
- public StrongAuthTracker() {
- this(Looper.myLooper());
+ public StrongAuthTracker(Context context) {
+ this(context, Looper.myLooper());
}
/**
* @param looper the looper on whose thread calls to {@link #onStrongAuthRequiredChanged}
* will be scheduled.
+ * @param context the current {@link Context}
*/
- public StrongAuthTracker(Looper looper) {
+ public StrongAuthTracker(Context context, Looper looper) {
mHandler = new H(looper);
+ mDefaultStrongAuthFlags = getDefaultFlags(context);
+ }
+
+ public static @StrongAuthFlags int getDefaultFlags(Context context) {
+ boolean strongAuthRequired = context.getResources().getBoolean(
+ com.android.internal.R.bool.config_strongAuthRequiredOnBoot);
+ return strongAuthRequired ? STRONG_AUTH_REQUIRED_AFTER_BOOT : STRONG_AUTH_NOT_REQUIRED;
}
/**
@@ -1447,7 +1454,7 @@
* @param userId the user for whom the state is queried.
*/
public @StrongAuthFlags int getStrongAuthForUser(int userId) {
- return mStrongAuthRequiredForUser.get(userId, DEFAULT);
+ return mStrongAuthRequiredForUser.get(userId, mDefaultStrongAuthFlags);
}
/**
@@ -1477,7 +1484,7 @@
int oldValue = getStrongAuthForUser(userId);
if (strongAuthFlags != oldValue) {
- if (strongAuthFlags == DEFAULT) {
+ if (strongAuthFlags == mDefaultStrongAuthFlags) {
mStrongAuthRequiredForUser.delete(userId);
} else {
mStrongAuthRequiredForUser.put(userId, strongAuthFlags);
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index 655a5fa..507925b 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -2462,4 +2462,11 @@
<!-- If true, all guest users created on the device will be ephemeral. -->
<bool name="config_guestUserEphemeral">false</bool>
+
+ <!-- Enforce strong auth on boot. Setting this to false represents a security risk and should
+ not be ordinarily done. The only case in which this might be permissible is in a car head
+ unit where there are hardware mechanisms to protect the device (physical keys) and not
+ much in the way of user data.
+ -->
+ <bool name="config_strongAuthRequiredOnBoot">true</bool>
</resources>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index e59c935..81705b4 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -2503,4 +2503,6 @@
<!-- New SMS notification while phone is locked. -->
<java-symbol type="string" name="new_sms_notification_title" />
<java-symbol type="string" name="new_sms_notification_content" />
+
+ <java-symbol type="bool" name="config_strongAuthRequiredOnBoot" />
</resources>
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
index b4f9b9f..a8419bf 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -188,7 +188,7 @@
/** Tracks whether strong authentication hasn't been used since quite some time per user. */
private ArraySet<Integer> mStrongAuthNotTimedOut = new ArraySet<>();
- private final StrongAuthTracker mStrongAuthTracker = new StrongAuthTracker();
+ private final StrongAuthTracker mStrongAuthTracker;
private final ArrayList<WeakReference<KeyguardUpdateMonitorCallback>>
mCallbacks = Lists.newArrayList();
@@ -871,6 +871,9 @@
}
public class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker {
+ public StrongAuthTracker(Context context) {
+ super(context);
+ }
public boolean isUnlockingWithFingerprintAllowed() {
int userId = getCurrentUser();
@@ -981,6 +984,7 @@
mSubscriptionManager = SubscriptionManager.from(context);
mAlarmManager = context.getSystemService(AlarmManager.class);
mDeviceProvisioned = isDeviceProvisionedInSettingsDb();
+ mStrongAuthTracker = new StrongAuthTracker(context);
// Since device can't be un-provisioned, we only need to register a content observer
// to update mDeviceProvisioned when we are...
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java
index 377d52f..f6f05fe 100644
--- a/services/core/java/com/android/server/LockSettingsService.java
+++ b/services/core/java/com/android/server/LockSettingsService.java
@@ -78,7 +78,7 @@
private final Context mContext;
private final LockSettingsStorage mStorage;
- private final LockSettingsStrongAuth mStrongAuth = new LockSettingsStrongAuth();
+ private final LockSettingsStrongAuth mStrongAuth;
private LockPatternUtils mLockPatternUtils;
private boolean mFirstCallToVold;
@@ -93,6 +93,7 @@
public LockSettingsService(Context context) {
mContext = context;
+ mStrongAuth = new LockSettingsStrongAuth(context);
// Open the database
mLockPatternUtils = new LockPatternUtils(context);
diff --git a/services/core/java/com/android/server/LockSettingsStrongAuth.java b/services/core/java/com/android/server/LockSettingsStrongAuth.java
index 0e4d5a7..551ceb8 100644
--- a/services/core/java/com/android/server/LockSettingsStrongAuth.java
+++ b/services/core/java/com/android/server/LockSettingsStrongAuth.java
@@ -20,6 +20,7 @@
import com.android.internal.widget.LockPatternUtils.StrongAuthTracker;
import android.app.trust.IStrongAuthTracker;
+import android.content.Context;
import android.os.DeadObjectException;
import android.os.Handler;
import android.os.Message;
@@ -46,6 +47,11 @@
private final ArrayList<IStrongAuthTracker> mStrongAuthTrackers = new ArrayList<>();
private final SparseIntArray mStrongAuthForUser = new SparseIntArray();
+ private final int mDefaultStrongAuthFlags;
+
+ public LockSettingsStrongAuth(Context context) {
+ mDefaultStrongAuthFlags = StrongAuthTracker.getDefaultFlags(context);
+ }
private void handleAddStrongAuthTracker(IStrongAuthTracker tracker) {
for (int i = 0; i < mStrongAuthTrackers.size(); i++) {
@@ -87,7 +93,7 @@
}
private void handleRequireStrongAuthOneUser(int strongAuthReason, int userId) {
- int oldValue = mStrongAuthForUser.get(userId, LockPatternUtils.StrongAuthTracker.DEFAULT);
+ int oldValue = mStrongAuthForUser.get(userId, mDefaultStrongAuthFlags);
int newValue = strongAuthReason == STRONG_AUTH_NOT_REQUIRED
? STRONG_AUTH_NOT_REQUIRED
: (oldValue | strongAuthReason);
@@ -101,7 +107,7 @@
int index = mStrongAuthForUser.indexOfKey(userId);
if (index >= 0) {
mStrongAuthForUser.removeAt(index);
- notifyStrongAuthTrackers(StrongAuthTracker.DEFAULT, userId);
+ notifyStrongAuthTrackers(mDefaultStrongAuthFlags, userId);
}
}
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 3452f41..b54e866 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -125,6 +125,8 @@
@GuardedBy("mDeviceLockedForUser")
private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray();
+ private final StrongAuthTracker mStrongAuthTracker;
+
private boolean mTrustAgentsCanRun = false;
private int mCurrentUser = UserHandle.USER_SYSTEM;
@@ -134,6 +136,13 @@
mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
mLockPatternUtils = new LockPatternUtils(context);
+
+ mStrongAuthTracker = new StrongAuthTracker(context) {
+ @Override
+ public void onStrongAuthRequiredChanged(int userId) {
+ refreshAgentList(userId);
+ }
+ };
}
@Override
@@ -920,13 +929,6 @@
}
};
- private final StrongAuthTracker mStrongAuthTracker = new StrongAuthTracker() {
- @Override
- public void onStrongAuthRequiredChanged(int userId) {
- refreshAgentList(userId);
- }
- };
-
private class Receiver extends BroadcastReceiver {
@Override