Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License |
| 15 | */ |
| 16 | |
Andrew Scull | 507d11c | 2017-05-03 17:19:01 +0100 | [diff] [blame] | 17 | package com.android.server.locksettings; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 18 | |
| 19 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC; |
| 20 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC; |
Lenka Trochtova | 66c492a | 2018-12-06 11:29:21 +0100 | [diff] [blame^] | 21 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 22 | import static com.android.internal.widget.LockPatternUtils.stringToPattern; |
| 23 | |
Sudheer Shanka | dc589ac | 2016-11-10 15:30:17 -0800 | [diff] [blame] | 24 | import android.app.ActivityManager; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 25 | import android.os.ShellCommand; |
| 26 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 27 | import com.android.internal.widget.LockPatternUtils; |
| 28 | import com.android.internal.widget.LockPatternUtils.RequestThrottledException; |
| 29 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 30 | import java.io.PrintWriter; |
| 31 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 32 | class LockSettingsShellCommand extends ShellCommand { |
| 33 | |
| 34 | private static final String COMMAND_SET_PATTERN = "set-pattern"; |
| 35 | private static final String COMMAND_SET_PIN = "set-pin"; |
| 36 | private static final String COMMAND_SET_PASSWORD = "set-password"; |
| 37 | private static final String COMMAND_CLEAR = "clear"; |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 38 | private static final String COMMAND_SP = "sp"; |
Jeff Sharkey | 6544099 | 2017-03-31 09:45:46 -0600 | [diff] [blame] | 39 | private static final String COMMAND_SET_DISABLED = "set-disabled"; |
Pavel Grafov | 5f679b2 | 2017-06-26 18:39:10 +0100 | [diff] [blame] | 40 | private static final String COMMAND_VERIFY = "verify"; |
chaviw | 5953e66 | 2017-08-21 10:46:11 -0700 | [diff] [blame] | 41 | private static final String COMMAND_GET_DISABLED = "get-disabled"; |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 42 | private static final String COMMAND_HELP = "help"; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 43 | |
| 44 | private int mCurrentUserId; |
| 45 | private final LockPatternUtils mLockPatternUtils; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 46 | private String mOld = ""; |
| 47 | private String mNew = ""; |
| 48 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 49 | LockSettingsShellCommand(LockPatternUtils lockPatternUtils) { |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 50 | mLockPatternUtils = lockPatternUtils; |
| 51 | } |
| 52 | |
| 53 | @Override |
| 54 | public int onCommand(String cmd) { |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 55 | if (cmd == null) { |
| 56 | return handleDefaultCommands(cmd); |
| 57 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 58 | try { |
Sudheer Shanka | dc589ac | 2016-11-10 15:30:17 -0800 | [diff] [blame] | 59 | mCurrentUserId = ActivityManager.getService().getCurrentUser().id; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 60 | |
| 61 | parseArgs(); |
Lenka Trochtova | 66c492a | 2018-12-06 11:29:21 +0100 | [diff] [blame^] | 62 | if (!mLockPatternUtils.hasSecureLockScreen()) { |
| 63 | switch (cmd) { |
| 64 | case COMMAND_HELP: |
| 65 | case COMMAND_GET_DISABLED: |
| 66 | case COMMAND_SET_DISABLED: |
| 67 | break; |
| 68 | default: |
| 69 | getErrPrintWriter().println( |
| 70 | "The device does not support lock screen - ignoring the command."); |
| 71 | return -1; |
| 72 | } |
| 73 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 74 | if (!checkCredential()) { |
| 75 | return -1; |
| 76 | } |
| 77 | switch (cmd) { |
| 78 | case COMMAND_SET_PATTERN: |
| 79 | runSetPattern(); |
| 80 | break; |
| 81 | case COMMAND_SET_PASSWORD: |
| 82 | runSetPassword(); |
| 83 | break; |
| 84 | case COMMAND_SET_PIN: |
| 85 | runSetPin(); |
| 86 | break; |
| 87 | case COMMAND_CLEAR: |
| 88 | runClear(); |
| 89 | break; |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 90 | case COMMAND_SP: |
Paul Crowley | 7a0cc0a | 2017-05-31 22:12:57 +0000 | [diff] [blame] | 91 | runChangeSp(); |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 92 | break; |
Jeff Sharkey | 6544099 | 2017-03-31 09:45:46 -0600 | [diff] [blame] | 93 | case COMMAND_SET_DISABLED: |
| 94 | runSetDisabled(); |
| 95 | break; |
Pavel Grafov | 5f679b2 | 2017-06-26 18:39:10 +0100 | [diff] [blame] | 96 | case COMMAND_VERIFY: |
| 97 | runVerify(); |
| 98 | break; |
chaviw | 5953e66 | 2017-08-21 10:46:11 -0700 | [diff] [blame] | 99 | case COMMAND_GET_DISABLED: |
| 100 | runGetDisabled(); |
| 101 | break; |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 102 | case COMMAND_HELP: |
| 103 | onHelp(); |
| 104 | break; |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 105 | default: |
| 106 | getErrPrintWriter().println("Unknown command: " + cmd); |
| 107 | break; |
| 108 | } |
| 109 | return 0; |
| 110 | } catch (Exception e) { |
Rubin Xu | 0cbc19e | 2016-12-09 14:00:21 +0000 | [diff] [blame] | 111 | getErrPrintWriter().println("Error while executing command: " + cmd); |
| 112 | e.printStackTrace(getErrPrintWriter()); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 113 | return -1; |
| 114 | } |
| 115 | } |
| 116 | |
Pavel Grafov | 5f679b2 | 2017-06-26 18:39:10 +0100 | [diff] [blame] | 117 | private void runVerify() { |
| 118 | // The command is only run if the credential is correct. |
| 119 | getOutPrintWriter().println("Lock credential verified successfully"); |
| 120 | } |
| 121 | |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 122 | @Override |
| 123 | public void onHelp() { |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 124 | try (final PrintWriter pw = getOutPrintWriter();) { |
| 125 | pw.println("lockSettings service commands:"); |
| 126 | pw.println(""); |
| 127 | pw.println("NOTE: when lock screen is set, all commands require the --old <CREDENTIAL>" |
| 128 | + " argument."); |
| 129 | pw.println(""); |
| 130 | pw.println(" help"); |
| 131 | pw.println(" Prints this help text."); |
| 132 | pw.println(""); |
| 133 | pw.println(" get-disabled [--old <CREDENTIAL>] [--user USER_ID]"); |
| 134 | pw.println(" Checks whether lock screen is disabled."); |
| 135 | pw.println(""); |
| 136 | pw.println(" set-disabled [--old <CREDENTIAL>] [--user USER_ID] <true|false>"); |
| 137 | pw.println(" When true, disables lock screen."); |
| 138 | pw.println(""); |
| 139 | pw.println(" set-pattern [--old <CREDENTIAL>] [--user USER_ID] <PATTERN>"); |
| 140 | pw.println(" Sets the lock screen as pattern, using the given PATTERN to unlock."); |
| 141 | pw.println(""); |
| 142 | pw.println(" set-pin [--old <CREDENTIAL>] [--user USER_ID] <PIN>"); |
| 143 | pw.println(" Sets the lock screen as PIN, using the given PIN to unlock."); |
| 144 | pw.println(""); |
| 145 | pw.println(" set-pin [--old <CREDENTIAL>] [--user USER_ID] <PASSWORD>"); |
| 146 | pw.println(" Sets the lock screen as password, using the given PASSOWRD to unlock."); |
| 147 | pw.println(""); |
| 148 | pw.println(" sp [--old <CREDENTIAL>] [--user USER_ID]"); |
| 149 | pw.println(" Gets whether synthetic password is enabled."); |
| 150 | pw.println(""); |
| 151 | pw.println(" sp [--old <CREDENTIAL>] [--user USER_ID] <1|0>"); |
| 152 | pw.println(" Enables / disables synthetic password."); |
| 153 | pw.println(""); |
| 154 | pw.println(" clear [--old <CREDENTIAL>] [--user USER_ID]"); |
| 155 | pw.println(" Clears the lock credentials."); |
| 156 | pw.println(""); |
| 157 | pw.println(" verify [--old <CREDENTIAL>] [--user USER_ID]"); |
| 158 | pw.println(" Verifies the lock credentials."); |
| 159 | pw.println(""); |
| 160 | } |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 161 | } |
| 162 | |
| 163 | private void parseArgs() { |
| 164 | String opt; |
| 165 | while ((opt = getNextOption()) != null) { |
| 166 | if ("--old".equals(opt)) { |
| 167 | mOld = getNextArgRequired(); |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 168 | } else if ("--user".equals(opt)) { |
| 169 | mCurrentUserId = Integer.parseInt(getNextArgRequired()); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 170 | } else { |
| 171 | getErrPrintWriter().println("Unknown option: " + opt); |
| 172 | throw new IllegalArgumentException(); |
| 173 | } |
| 174 | } |
| 175 | mNew = getNextArg(); |
| 176 | } |
| 177 | |
Paul Crowley | 7a0cc0a | 2017-05-31 22:12:57 +0000 | [diff] [blame] | 178 | private void runChangeSp() { |
| 179 | if (mNew != null ) { |
| 180 | if ("1".equals(mNew)) { |
| 181 | mLockPatternUtils.enableSyntheticPassword(); |
| 182 | getOutPrintWriter().println("Synthetic password enabled"); |
| 183 | } else if ("0".equals(mNew)) { |
| 184 | mLockPatternUtils.disableSyntheticPassword(); |
| 185 | getOutPrintWriter().println("Synthetic password disabled"); |
| 186 | } |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 187 | } |
| 188 | getOutPrintWriter().println(String.format("SP Enabled = %b", |
| 189 | mLockPatternUtils.isSyntheticPasswordEnabled())); |
| 190 | } |
| 191 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 192 | private void runSetPattern() { |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 193 | mLockPatternUtils.saveLockPattern(stringToPattern(mNew), mOld, mCurrentUserId); |
| 194 | getOutPrintWriter().println("Pattern set to '" + mNew + "'"); |
| 195 | } |
| 196 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 197 | private void runSetPassword() { |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 198 | mLockPatternUtils.saveLockPassword(mNew, mOld, PASSWORD_QUALITY_ALPHABETIC, mCurrentUserId); |
| 199 | getOutPrintWriter().println("Password set to '" + mNew + "'"); |
| 200 | } |
| 201 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 202 | private void runSetPin() { |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 203 | mLockPatternUtils.saveLockPassword(mNew, mOld, PASSWORD_QUALITY_NUMERIC, mCurrentUserId); |
| 204 | getOutPrintWriter().println("Pin set to '" + mNew + "'"); |
| 205 | } |
| 206 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 207 | private void runClear() { |
Rubin Xu | a55b168 | 2017-01-31 10:06:56 +0000 | [diff] [blame] | 208 | mLockPatternUtils.clearLock(mOld, mCurrentUserId); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 209 | getOutPrintWriter().println("Lock credential cleared"); |
| 210 | } |
| 211 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 212 | private void runSetDisabled() { |
Jeff Sharkey | 6544099 | 2017-03-31 09:45:46 -0600 | [diff] [blame] | 213 | final boolean disabled = Boolean.parseBoolean(mNew); |
| 214 | mLockPatternUtils.setLockScreenDisabled(disabled, mCurrentUserId); |
| 215 | getOutPrintWriter().println("Lock screen disabled set to " + disabled); |
| 216 | } |
| 217 | |
chaviw | 5953e66 | 2017-08-21 10:46:11 -0700 | [diff] [blame] | 218 | private void runGetDisabled() { |
| 219 | boolean isLockScreenDisabled = mLockPatternUtils.isLockScreenDisabled(mCurrentUserId); |
| 220 | getOutPrintWriter().println(isLockScreenDisabled); |
| 221 | } |
| 222 | |
Felipe Leme | 1fc9c81 | 2018-07-11 10:02:23 -0700 | [diff] [blame] | 223 | private boolean checkCredential() { |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 224 | final boolean havePassword = mLockPatternUtils.isLockPasswordEnabled(mCurrentUserId); |
| 225 | final boolean havePattern = mLockPatternUtils.isLockPatternEnabled(mCurrentUserId); |
| 226 | if (havePassword || havePattern) { |
Pavel Grafov | fc135c7 | 2017-07-25 16:38:04 +0100 | [diff] [blame] | 227 | if (mLockPatternUtils.isManagedProfileWithUnifiedChallenge(mCurrentUserId)) { |
| 228 | getOutPrintWriter().println("Profile uses unified challenge"); |
| 229 | return false; |
| 230 | } |
| 231 | |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 232 | try { |
| 233 | final boolean result; |
| 234 | if (havePassword) { |
| 235 | result = mLockPatternUtils.checkPassword(mOld, mCurrentUserId); |
| 236 | } else { |
| 237 | result = mLockPatternUtils.checkPattern(stringToPattern(mOld), mCurrentUserId); |
| 238 | } |
| 239 | if (!result) { |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 240 | if (!mLockPatternUtils.isManagedProfileWithUnifiedChallenge(mCurrentUserId)) { |
| 241 | mLockPatternUtils.reportFailedPasswordAttempt(mCurrentUserId); |
| 242 | } |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 243 | getOutPrintWriter().println("Old password '" + mOld + "' didn't match"); |
Irina Dumitrescu | 472dae5 | 2018-07-19 18:07:58 +0100 | [diff] [blame] | 244 | } else { |
| 245 | // Resets the counter for failed password attempts to 0. |
| 246 | mLockPatternUtils.reportSuccessfulPasswordAttempt(mCurrentUserId); |
Pavel Grafov | c07067d | 2017-07-05 16:30:04 +0100 | [diff] [blame] | 247 | } |
| 248 | return result; |
| 249 | } catch (RequestThrottledException e) { |
| 250 | getOutPrintWriter().println("Request throttled"); |
Jorim Jaggi | 2fef6f7 | 2016-11-01 19:06:25 -0700 | [diff] [blame] | 251 | return false; |
| 252 | } |
| 253 | } else { |
| 254 | return true; |
| 255 | } |
| 256 | } |
| 257 | } |