The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2007 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.internal.widget; |
| 18 | |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 19 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC; |
| 20 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC; |
| 21 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; |
| 22 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_MANAGED; |
| 23 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC; |
| 24 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX; |
| 25 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_SOMETHING; |
| 26 | import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; |
| 27 | |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 28 | import android.annotation.IntDef; |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 29 | import android.annotation.Nullable; |
Dianne Hackborn | 87bba1e | 2010-02-26 17:25:54 -0800 | [diff] [blame] | 30 | import android.app.admin.DevicePolicyManager; |
Andrew Scull | 5f9e6f3 | 2016-08-02 14:22:17 +0100 | [diff] [blame] | 31 | import android.app.admin.PasswordMetrics; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 32 | import android.app.trust.IStrongAuthTracker; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 33 | import android.app.trust.TrustManager; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 34 | import android.content.ComponentName; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 35 | import android.content.ContentResolver; |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 36 | import android.content.Context; |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 37 | import android.content.pm.UserInfo; |
Paul Lawrence | 3a5a0be | 2014-09-25 09:26:34 -0700 | [diff] [blame] | 38 | import android.os.AsyncTask; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 39 | import android.os.Handler; |
Jason parks | f7b3cd4 | 2011-01-27 09:28:25 -0600 | [diff] [blame] | 40 | import android.os.IBinder; |
Xiyuan Xia | aa26294 | 2015-05-05 15:18:45 -0700 | [diff] [blame] | 41 | import android.os.Looper; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 42 | import android.os.Message; |
Jim Miller | 69ac988 | 2010-02-24 15:35:05 -0800 | [diff] [blame] | 43 | import android.os.RemoteException; |
| 44 | import android.os.ServiceManager; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 45 | import android.os.SystemClock; |
Dianne Hackborn | f02b60a | 2012-08-16 10:48:27 -0700 | [diff] [blame] | 46 | import android.os.UserHandle; |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 47 | import android.os.UserManager; |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 48 | import android.os.storage.IStorageManager; |
Paul Lawrence | 8e39736 | 2014-01-27 15:22:30 -0800 | [diff] [blame] | 49 | import android.os.storage.StorageManager; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 50 | import android.provider.Settings; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 51 | import android.text.TextUtils; |
| 52 | import android.util.Log; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 53 | import android.util.SparseIntArray; |
Kevin Chyn | a3e5582 | 2017-10-04 15:47:24 -0700 | [diff] [blame] | 54 | import android.util.SparseLongArray; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 55 | |
Rubin Xu | 0cbc19e | 2016-12-09 14:00:21 +0000 | [diff] [blame] | 56 | import com.android.internal.annotations.VisibleForTesting; |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 57 | import com.android.server.LocalServices; |
Michael Jurka | 1254f2f | 2012-10-25 11:44:31 -0700 | [diff] [blame] | 58 | import com.google.android.collect.Lists; |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 59 | |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 60 | import libcore.util.HexEncoding; |
| 61 | |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 62 | import java.lang.annotation.Retention; |
| 63 | import java.lang.annotation.RetentionPolicy; |
Narayan Kamath | 78108a3 | 2014-12-16 12:56:23 +0000 | [diff] [blame] | 64 | import java.nio.charset.StandardCharsets; |
Brian Carlstrom | 929a1c2 | 2011-02-01 21:54:09 -0800 | [diff] [blame] | 65 | import java.security.MessageDigest; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 66 | import java.security.NoSuchAlgorithmException; |
Jim Miller | 11b019d | 2010-01-20 16:34:45 -0800 | [diff] [blame] | 67 | import java.security.SecureRandom; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 68 | import java.util.ArrayList; |
| 69 | import java.util.Collection; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 70 | import java.util.List; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 71 | /** |
Brian Carlstrom | 5cfee3f | 2011-05-31 01:00:15 -0700 | [diff] [blame] | 72 | * Utilities for the lock pattern and its settings. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 73 | */ |
| 74 | public class LockPatternUtils { |
| 75 | |
| 76 | private static final String TAG = "LockPatternUtils"; |
Brian Colonna | a0ee004 | 2014-07-16 13:50:47 -0400 | [diff] [blame] | 77 | private static final boolean DEBUG = false; |
Adrian Roos | 8370e47 | 2017-07-23 14:35:59 +0200 | [diff] [blame] | 78 | private static final boolean FRP_CREDENTIAL_ENABLED = true; |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 79 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 80 | /** |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 81 | * The key to identify when the lock pattern enabled flag is being accessed for legacy reasons. |
Bryce Lee | 4614596 | 2015-12-14 14:39:10 -0800 | [diff] [blame] | 82 | */ |
| 83 | public static final String LEGACY_LOCK_PATTERN_ENABLED = "legacy_lock_pattern_enabled"; |
| 84 | |
| 85 | /** |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 86 | * The number of incorrect attempts before which we fall back on an alternative |
| 87 | * method of verifying the user, and resetting their lock pattern. |
| 88 | */ |
| 89 | public static final int FAILED_ATTEMPTS_BEFORE_RESET = 20; |
| 90 | |
| 91 | /** |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 92 | * The interval of the countdown for showing progress of the lockout. |
| 93 | */ |
| 94 | public static final long FAILED_ATTEMPT_COUNTDOWN_INTERVAL_MS = 1000L; |
| 95 | |
Jim Miller | 4f36995 | 2011-08-19 18:29:22 -0700 | [diff] [blame] | 96 | |
| 97 | /** |
| 98 | * This dictates when we start telling the user that continued failed attempts will wipe |
| 99 | * their device. |
| 100 | */ |
| 101 | public static final int FAILED_ATTEMPTS_BEFORE_WIPE_GRACE = 5; |
| 102 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 103 | /** |
| 104 | * The minimum number of dots in a valid pattern. |
| 105 | */ |
| 106 | public static final int MIN_LOCK_PATTERN_SIZE = 4; |
| 107 | |
| 108 | /** |
Adrian Roos | f80e66ce9 | 2015-01-15 23:27:24 +0100 | [diff] [blame] | 109 | * The minimum size of a valid password. |
| 110 | */ |
| 111 | public static final int MIN_LOCK_PASSWORD_SIZE = 4; |
| 112 | |
| 113 | /** |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 114 | * The minimum number of dots the user must include in a wrong pattern |
| 115 | * attempt for it to be counted against the counts that affect |
| 116 | * {@link #FAILED_ATTEMPTS_BEFORE_TIMEOUT} and {@link #FAILED_ATTEMPTS_BEFORE_RESET} |
| 117 | */ |
Jim Miller | 4f36995 | 2011-08-19 18:29:22 -0700 | [diff] [blame] | 118 | public static final int MIN_PATTERN_REGISTER_FAIL = MIN_LOCK_PATTERN_SIZE; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 119 | |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 120 | public static final int CREDENTIAL_TYPE_NONE = -1; |
| 121 | |
| 122 | public static final int CREDENTIAL_TYPE_PATTERN = 1; |
| 123 | |
| 124 | public static final int CREDENTIAL_TYPE_PASSWORD = 2; |
| 125 | |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 126 | /** |
| 127 | * Special user id for triggering the FRP verification flow. |
| 128 | */ |
| 129 | public static final int USER_FRP = UserHandle.USER_NULL + 1; |
| 130 | |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 131 | @Deprecated |
Jeff Sharkey | 7a96c39 | 2012-11-15 14:01:46 -0800 | [diff] [blame] | 132 | public final static String LOCKOUT_PERMANENT_KEY = "lockscreen.lockedoutpermanently"; |
Jeff Sharkey | 7a96c39 | 2012-11-15 14:01:46 -0800 | [diff] [blame] | 133 | public final static String PATTERN_EVER_CHOSEN_KEY = "lockscreen.patterneverchosen"; |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 134 | public final static String PASSWORD_TYPE_KEY = "lockscreen.password_type"; |
Adrian Roos | 230635e | 2015-01-07 20:50:29 +0100 | [diff] [blame] | 135 | @Deprecated |
| 136 | public final static String PASSWORD_TYPE_ALTERNATE_KEY = "lockscreen.password_type_alternate"; |
Jeff Sharkey | 7a96c39 | 2012-11-15 14:01:46 -0800 | [diff] [blame] | 137 | public final static String LOCK_PASSWORD_SALT_KEY = "lockscreen.password_salt"; |
| 138 | public final static String DISABLE_LOCKSCREEN_KEY = "lockscreen.disabled"; |
| 139 | public final static String LOCKSCREEN_OPTIONS = "lockscreen.options"; |
Adrian Roos | 230635e | 2015-01-07 20:50:29 +0100 | [diff] [blame] | 140 | @Deprecated |
Jim Miller | 6edf263 | 2011-09-05 16:03:14 -0700 | [diff] [blame] | 141 | public final static String LOCKSCREEN_BIOMETRIC_WEAK_FALLBACK |
| 142 | = "lockscreen.biometric_weak_fallback"; |
Adrian Roos | 230635e | 2015-01-07 20:50:29 +0100 | [diff] [blame] | 143 | @Deprecated |
Danielle Millett | 7a07219 | 2011-10-03 17:36:01 -0400 | [diff] [blame] | 144 | public final static String BIOMETRIC_WEAK_EVER_CHOSEN_KEY |
| 145 | = "lockscreen.biometricweakeverchosen"; |
Jim Miller | a4edd15 | 2012-01-06 18:24:04 -0800 | [diff] [blame] | 146 | public final static String LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS |
| 147 | = "lockscreen.power_button_instantly_locks"; |
Adrian Roos | 230635e | 2015-01-07 20:50:29 +0100 | [diff] [blame] | 148 | @Deprecated |
Jim Miller | f45bb40 | 2013-08-20 18:58:32 -0700 | [diff] [blame] | 149 | public final static String LOCKSCREEN_WIDGETS_ENABLED = "lockscreen.widgets_enabled"; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 150 | |
Jeff Sharkey | 7a96c39 | 2012-11-15 14:01:46 -0800 | [diff] [blame] | 151 | public final static String PASSWORD_HISTORY_KEY = "lockscreen.passwordhistory"; |
Konstantin Lopyrev | 863f22d | 2010-05-12 17:16:58 -0700 | [diff] [blame] | 152 | |
Jim Miller | 187ec58 | 2013-04-15 18:27:54 -0700 | [diff] [blame] | 153 | private static final String LOCK_SCREEN_OWNER_INFO = Settings.Secure.LOCK_SCREEN_OWNER_INFO; |
| 154 | private static final String LOCK_SCREEN_OWNER_INFO_ENABLED = |
| 155 | Settings.Secure.LOCK_SCREEN_OWNER_INFO_ENABLED; |
| 156 | |
Andrei Stingaceanu | 6644cd9 | 2015-11-10 13:03:31 +0000 | [diff] [blame] | 157 | private static final String LOCK_SCREEN_DEVICE_OWNER_INFO = "lockscreen.device_owner_info"; |
| 158 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 159 | private static final String ENABLED_TRUST_AGENTS = "lockscreen.enabledtrustagents"; |
Adrian Roos | c13723f | 2016-01-12 20:29:03 +0100 | [diff] [blame] | 160 | private static final String IS_TRUST_USUALLY_MANAGED = "lockscreen.istrustusuallymanaged"; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 161 | |
Ricky Wai | d398244 | 2016-05-24 19:27:08 +0100 | [diff] [blame] | 162 | public static final String PROFILE_KEY_NAME_ENCRYPT = "profile_key_name_encrypt_"; |
| 163 | public static final String PROFILE_KEY_NAME_DECRYPT = "profile_key_name_decrypt_"; |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 164 | public static final String SYNTHETIC_PASSWORD_KEY_PREFIX = "synthetic_password_"; |
| 165 | |
| 166 | public static final String SYNTHETIC_PASSWORD_HANDLE_KEY = "sp-handle"; |
| 167 | public static final String SYNTHETIC_PASSWORD_ENABLED_KEY = "enable-sp"; |
Ricky Wai | d398244 | 2016-05-24 19:27:08 +0100 | [diff] [blame] | 168 | |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 169 | private final Context mContext; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 170 | private final ContentResolver mContentResolver; |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 171 | private DevicePolicyManager mDevicePolicyManager; |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 172 | private ILockSettings mLockSettingsService; |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 173 | private UserManager mUserManager; |
Adrian Roos | 7a3bf7c | 2016-07-12 15:31:55 -0700 | [diff] [blame] | 174 | private final Handler mHandler; |
Kevin Chyn | a3e5582 | 2017-10-04 15:47:24 -0700 | [diff] [blame] | 175 | private final SparseLongArray mLockoutDeadlines = new SparseLongArray(); |
Jim Miller | ee82f8f | 2012-10-01 16:26:18 -0700 | [diff] [blame] | 176 | |
Adrian Roos | c13723f | 2016-01-12 20:29:03 +0100 | [diff] [blame] | 177 | /** |
| 178 | * Use {@link TrustManager#isTrustUsuallyManaged(int)}. |
| 179 | * |
| 180 | * This returns the lazily-peristed value and should only be used by TrustManagerService. |
| 181 | */ |
| 182 | public boolean isTrustUsuallyManaged(int userId) { |
| 183 | if (!(mLockSettingsService instanceof ILockSettings.Stub)) { |
| 184 | throw new IllegalStateException("May only be called by TrustManagerService. " |
| 185 | + "Use TrustManager.isTrustUsuallyManaged()"); |
| 186 | } |
| 187 | try { |
| 188 | return getLockSettings().getBoolean(IS_TRUST_USUALLY_MANAGED, false, userId); |
| 189 | } catch (RemoteException e) { |
| 190 | return false; |
| 191 | } |
| 192 | } |
| 193 | |
| 194 | public void setTrustUsuallyManaged(boolean managed, int userId) { |
| 195 | try { |
| 196 | getLockSettings().setBoolean(IS_TRUST_USUALLY_MANAGED, managed, userId); |
| 197 | } catch (RemoteException e) { |
| 198 | // System dead. |
| 199 | } |
| 200 | } |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 201 | |
Adrian Roos | 4ab7e59 | 2016-04-13 15:38:13 -0700 | [diff] [blame] | 202 | public void userPresent(int userId) { |
| 203 | try { |
| 204 | getLockSettings().userPresent(userId); |
| 205 | } catch (RemoteException e) { |
| 206 | throw e.rethrowFromSystemServer(); |
| 207 | } |
| 208 | } |
| 209 | |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 210 | public static final class RequestThrottledException extends Exception { |
| 211 | private int mTimeoutMs; |
| 212 | public RequestThrottledException(int timeoutMs) { |
| 213 | mTimeoutMs = timeoutMs; |
| 214 | } |
| 215 | |
| 216 | /** |
| 217 | * @return The amount of time in ms before another request may |
| 218 | * be executed |
| 219 | */ |
| 220 | public int getTimeoutMs() { |
| 221 | return mTimeoutMs; |
| 222 | } |
| 223 | |
| 224 | } |
| 225 | |
Jim Miller | cd70988 | 2010-03-25 18:24:02 -0700 | [diff] [blame] | 226 | public DevicePolicyManager getDevicePolicyManager() { |
Jim Miller | 5b0fb3a | 2010-02-23 13:46:35 -0800 | [diff] [blame] | 227 | if (mDevicePolicyManager == null) { |
| 228 | mDevicePolicyManager = |
| 229 | (DevicePolicyManager)mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); |
| 230 | if (mDevicePolicyManager == null) { |
| 231 | Log.e(TAG, "Can't get DevicePolicyManagerService: is it running?", |
| 232 | new IllegalStateException("Stack trace:")); |
| 233 | } |
| 234 | } |
| 235 | return mDevicePolicyManager; |
| 236 | } |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 237 | |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 238 | private UserManager getUserManager() { |
| 239 | if (mUserManager == null) { |
| 240 | mUserManager = UserManager.get(mContext); |
| 241 | } |
| 242 | return mUserManager; |
| 243 | } |
| 244 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 245 | private TrustManager getTrustManager() { |
| 246 | TrustManager trust = (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE); |
| 247 | if (trust == null) { |
| 248 | Log.e(TAG, "Can't get TrustManagerService: is it running?", |
| 249 | new IllegalStateException("Stack trace:")); |
| 250 | } |
| 251 | return trust; |
| 252 | } |
| 253 | |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 254 | public LockPatternUtils(Context context) { |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 255 | mContext = context; |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 256 | mContentResolver = context.getContentResolver(); |
Adrian Roos | 7a3bf7c | 2016-07-12 15:31:55 -0700 | [diff] [blame] | 257 | |
| 258 | Looper looper = Looper.myLooper(); |
| 259 | mHandler = looper != null ? new Handler(looper) : null; |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 260 | } |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 261 | |
Rubin Xu | 0cbc19e | 2016-12-09 14:00:21 +0000 | [diff] [blame] | 262 | @VisibleForTesting |
| 263 | public ILockSettings getLockSettings() { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 264 | if (mLockSettingsService == null) { |
Adrian Roos | 450ce9f | 2014-10-29 14:30:37 +0100 | [diff] [blame] | 265 | ILockSettings service = ILockSettings.Stub.asInterface( |
| 266 | ServiceManager.getService("lock_settings")); |
Adrian Roos | 138b833 | 2014-11-11 13:51:07 +0100 | [diff] [blame] | 267 | mLockSettingsService = service; |
Brad Fitzpatrick | 9088100 | 2010-08-23 18:30:08 -0700 | [diff] [blame] | 268 | } |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 269 | return mLockSettingsService; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 270 | } |
| 271 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 272 | public int getRequestedMinimumPasswordLength(int userId) { |
| 273 | return getDevicePolicyManager().getPasswordMinimumLength(null, userId); |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 274 | } |
| 275 | |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 276 | /** |
| 277 | * Gets the device policy password mode. If the mode is non-specific, returns |
| 278 | * MODE_PATTERN which allows the user to choose anything. |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 279 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 280 | public int getRequestedPasswordQuality(int userId) { |
| 281 | return getDevicePolicyManager().getPasswordQuality(null, userId); |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 282 | } |
| 283 | |
| 284 | private int getRequestedPasswordHistoryLength(int userId) { |
| 285 | return getDevicePolicyManager().getPasswordHistoryLength(null, userId); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 286 | } |
| 287 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 288 | public int getRequestedPasswordMinimumLetters(int userId) { |
| 289 | return getDevicePolicyManager().getPasswordMinimumLetters(null, userId); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 290 | } |
| 291 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 292 | public int getRequestedPasswordMinimumUpperCase(int userId) { |
| 293 | return getDevicePolicyManager().getPasswordMinimumUpperCase(null, userId); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 294 | } |
| 295 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 296 | public int getRequestedPasswordMinimumLowerCase(int userId) { |
| 297 | return getDevicePolicyManager().getPasswordMinimumLowerCase(null, userId); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 298 | } |
| 299 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 300 | public int getRequestedPasswordMinimumNumeric(int userId) { |
| 301 | return getDevicePolicyManager().getPasswordMinimumNumeric(null, userId); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 302 | } |
| 303 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 304 | public int getRequestedPasswordMinimumSymbols(int userId) { |
| 305 | return getDevicePolicyManager().getPasswordMinimumSymbols(null, userId); |
Konstantin Lopyrev | a15dcfa | 2010-05-24 17:10:56 -0700 | [diff] [blame] | 306 | } |
| 307 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 308 | public int getRequestedPasswordMinimumNonLetter(int userId) { |
| 309 | return getDevicePolicyManager().getPasswordMinimumNonLetter(null, userId); |
Konstantin Lopyrev | c857740 | 2010-06-04 17:15:02 -0700 | [diff] [blame] | 310 | } |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 311 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 312 | public void reportFailedPasswordAttempt(int userId) { |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 313 | if (userId == USER_FRP && frpCredentialEnabled(mContext)) { |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 314 | return; |
| 315 | } |
Adrian Roos | 4f994eb | 2014-07-23 15:45:05 +0200 | [diff] [blame] | 316 | getDevicePolicyManager().reportFailedPasswordAttempt(userId); |
| 317 | getTrustManager().reportUnlockAttempt(false /* authenticated */, userId); |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 318 | } |
| 319 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 320 | public void reportSuccessfulPasswordAttempt(int userId) { |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 321 | if (userId == USER_FRP && frpCredentialEnabled(mContext)) { |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 322 | return; |
| 323 | } |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 324 | getDevicePolicyManager().reportSuccessfulPasswordAttempt(userId); |
| 325 | getTrustManager().reportUnlockAttempt(true /* authenticated */, userId); |
Jim Miller | 31f90b6 | 2010-01-20 13:35:20 -0800 | [diff] [blame] | 326 | } |
| 327 | |
Zachary Iqbal | 327323d | 2017-01-12 14:41:13 -0800 | [diff] [blame] | 328 | public void reportPasswordLockout(int timeoutMs, int userId) { |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 329 | if (userId == USER_FRP && frpCredentialEnabled(mContext)) { |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 330 | return; |
| 331 | } |
Zachary Iqbal | 327323d | 2017-01-12 14:41:13 -0800 | [diff] [blame] | 332 | getTrustManager().reportUnlockLockout(timeoutMs, userId); |
| 333 | } |
| 334 | |
Clara Bayarri | 51e41ad | 2016-02-11 17:48:53 +0000 | [diff] [blame] | 335 | public int getCurrentFailedPasswordAttempts(int userId) { |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 336 | if (userId == USER_FRP && frpCredentialEnabled(mContext)) { |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 337 | return 0; |
| 338 | } |
Clara Bayarri | 51e41ad | 2016-02-11 17:48:53 +0000 | [diff] [blame] | 339 | return getDevicePolicyManager().getCurrentFailedPasswordAttempts(userId); |
| 340 | } |
| 341 | |
| 342 | public int getMaximumFailedPasswordsForWipe(int userId) { |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 343 | if (userId == USER_FRP && frpCredentialEnabled(mContext)) { |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 344 | return 0; |
| 345 | } |
Clara Bayarri | 51e41ad | 2016-02-11 17:48:53 +0000 | [diff] [blame] | 346 | return getDevicePolicyManager().getMaximumFailedPasswordsForWipe( |
| 347 | null /* componentName */, userId); |
| 348 | } |
| 349 | |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 350 | private byte[] verifyCredential(String credential, int type, long challenge, int userId) |
| 351 | throws RequestThrottledException { |
| 352 | try { |
| 353 | VerifyCredentialResponse response = getLockSettings().verifyCredential(credential, |
| 354 | type, challenge, userId); |
| 355 | if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { |
| 356 | return response.getPayload(); |
| 357 | } else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) { |
| 358 | throw new RequestThrottledException(response.getTimeout()); |
| 359 | } else { |
| 360 | return null; |
| 361 | } |
| 362 | } catch (RemoteException re) { |
| 363 | return null; |
| 364 | } |
| 365 | } |
| 366 | |
| 367 | private boolean checkCredential(String credential, int type, int userId, |
| 368 | @Nullable CheckCredentialProgressCallback progressCallback) |
| 369 | throws RequestThrottledException { |
| 370 | try { |
| 371 | VerifyCredentialResponse response = getLockSettings().checkCredential(credential, type, |
| 372 | userId, wrapCallback(progressCallback)); |
| 373 | |
| 374 | if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { |
| 375 | return true; |
| 376 | } else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) { |
| 377 | throw new RequestThrottledException(response.getTimeout()); |
| 378 | } else { |
| 379 | return false; |
| 380 | } |
| 381 | } catch (RemoteException re) { |
| 382 | return false; |
| 383 | } |
| 384 | } |
| 385 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 386 | /** |
Andres Morales | d9fc85a | 2015-04-09 19:14:42 -0700 | [diff] [blame] | 387 | * Check to see if a pattern matches the saved pattern. |
| 388 | * If pattern matches, return an opaque attestation that the challenge |
| 389 | * was verified. |
| 390 | * |
| 391 | * @param pattern The pattern to check. |
| 392 | * @param challenge The challenge to verify against the pattern |
| 393 | * @return the attestation that the challenge was verified, or null. |
| 394 | */ |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 395 | public byte[] verifyPattern(List<LockPatternView.Cell> pattern, long challenge, int userId) |
| 396 | throws RequestThrottledException { |
Xiyuan Xia | aa26294 | 2015-05-05 15:18:45 -0700 | [diff] [blame] | 397 | throwIfCalledOnMainThread(); |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 398 | return verifyCredential(patternToString(pattern), CREDENTIAL_TYPE_PATTERN, challenge, |
| 399 | userId); |
Andres Morales | d9fc85a | 2015-04-09 19:14:42 -0700 | [diff] [blame] | 400 | } |
| 401 | |
| 402 | /** |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 403 | * Check to see if a pattern matches the saved pattern. If no pattern exists, |
| 404 | * always returns true. |
| 405 | * @param pattern The pattern to check. |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 406 | * @return Whether the pattern matches the stored one. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 407 | */ |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 408 | public boolean checkPattern(List<LockPatternView.Cell> pattern, int userId) |
| 409 | throws RequestThrottledException { |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 410 | return checkPattern(pattern, userId, null /* progressCallback */); |
| 411 | } |
| 412 | |
| 413 | /** |
| 414 | * Check to see if a pattern matches the saved pattern. If no pattern exists, |
| 415 | * always returns true. |
| 416 | * @param pattern The pattern to check. |
| 417 | * @return Whether the pattern matches the stored one. |
| 418 | */ |
| 419 | public boolean checkPattern(List<LockPatternView.Cell> pattern, int userId, |
| 420 | @Nullable CheckCredentialProgressCallback progressCallback) |
| 421 | throws RequestThrottledException { |
Xiyuan Xia | aa26294 | 2015-05-05 15:18:45 -0700 | [diff] [blame] | 422 | throwIfCalledOnMainThread(); |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 423 | return checkCredential(patternToString(pattern), CREDENTIAL_TYPE_PATTERN, userId, |
| 424 | progressCallback); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 425 | } |
| 426 | |
| 427 | /** |
Andres Morales | d9fc85a | 2015-04-09 19:14:42 -0700 | [diff] [blame] | 428 | * Check to see if a password matches the saved password. |
| 429 | * If password matches, return an opaque attestation that the challenge |
| 430 | * was verified. |
| 431 | * |
| 432 | * @param password The password to check. |
| 433 | * @param challenge The challenge to verify against the password |
| 434 | * @return the attestation that the challenge was verified, or null. |
| 435 | */ |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 436 | public byte[] verifyPassword(String password, long challenge, int userId) |
| 437 | throws RequestThrottledException { |
Xiyuan Xia | aa26294 | 2015-05-05 15:18:45 -0700 | [diff] [blame] | 438 | throwIfCalledOnMainThread(); |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 439 | return verifyCredential(password, CREDENTIAL_TYPE_PASSWORD, challenge, userId); |
Andres Morales | d9fc85a | 2015-04-09 19:14:42 -0700 | [diff] [blame] | 440 | } |
| 441 | |
Ricky Wai | 53940d4 | 2016-04-05 15:29:24 +0100 | [diff] [blame] | 442 | |
| 443 | /** |
| 444 | * Check to see if a password matches the saved password. |
| 445 | * If password matches, return an opaque attestation that the challenge |
| 446 | * was verified. |
| 447 | * |
| 448 | * @param password The password to check. |
| 449 | * @param challenge The challenge to verify against the password |
| 450 | * @return the attestation that the challenge was verified, or null. |
| 451 | */ |
| 452 | public byte[] verifyTiedProfileChallenge(String password, boolean isPattern, long challenge, |
| 453 | int userId) throws RequestThrottledException { |
| 454 | throwIfCalledOnMainThread(); |
| 455 | try { |
| 456 | VerifyCredentialResponse response = |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 457 | getLockSettings().verifyTiedProfileChallenge(password, |
| 458 | isPattern ? CREDENTIAL_TYPE_PATTERN : CREDENTIAL_TYPE_PASSWORD, challenge, |
Ricky Wai | 53940d4 | 2016-04-05 15:29:24 +0100 | [diff] [blame] | 459 | userId); |
| 460 | |
| 461 | if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) { |
| 462 | return response.getPayload(); |
| 463 | } else if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_RETRY) { |
| 464 | throw new RequestThrottledException(response.getTimeout()); |
| 465 | } else { |
| 466 | return null; |
| 467 | } |
| 468 | } catch (RemoteException re) { |
| 469 | return null; |
| 470 | } |
| 471 | } |
| 472 | |
Andres Morales | d9fc85a | 2015-04-09 19:14:42 -0700 | [diff] [blame] | 473 | /** |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 474 | * Check to see if a password matches the saved password. If no password exists, |
| 475 | * always returns true. |
| 476 | * @param password The password to check. |
| 477 | * @return Whether the password matches the stored one. |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 478 | */ |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 479 | public boolean checkPassword(String password, int userId) throws RequestThrottledException { |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 480 | return checkPassword(password, userId, null /* progressCallback */); |
| 481 | } |
| 482 | |
| 483 | /** |
| 484 | * Check to see if a password matches the saved password. If no password exists, |
| 485 | * always returns true. |
| 486 | * @param password The password to check. |
| 487 | * @return Whether the password matches the stored one. |
| 488 | */ |
| 489 | public boolean checkPassword(String password, int userId, |
| 490 | @Nullable CheckCredentialProgressCallback progressCallback) |
| 491 | throws RequestThrottledException { |
Xiyuan Xia | aa26294 | 2015-05-05 15:18:45 -0700 | [diff] [blame] | 492 | throwIfCalledOnMainThread(); |
Rubin Xu | 1de89b3 | 2016-11-30 20:03:13 +0000 | [diff] [blame] | 493 | return checkCredential(password, CREDENTIAL_TYPE_PASSWORD, userId, progressCallback); |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 494 | } |
| 495 | |
| 496 | /** |
Paul Lawrence | 945490c | 2014-03-27 16:37:28 +0000 | [diff] [blame] | 497 | * Check to see if vold already has the password. |
| 498 | * Note that this also clears vold's copy of the password. |
| 499 | * @return Whether the vold password matches or not. |
| 500 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 501 | public boolean checkVoldPassword(int userId) { |
Paul Lawrence | 945490c | 2014-03-27 16:37:28 +0000 | [diff] [blame] | 502 | try { |
| 503 | return getLockSettings().checkVoldPassword(userId); |
| 504 | } catch (RemoteException re) { |
| 505 | return false; |
| 506 | } |
| 507 | } |
| 508 | |
| 509 | /** |
Konstantin Lopyrev | 863f22d | 2010-05-12 17:16:58 -0700 | [diff] [blame] | 510 | * Check to see if a password matches any of the passwords stored in the |
| 511 | * password history. |
| 512 | * |
| 513 | * @param password The password to check. |
| 514 | * @return Whether the password matches any in the history. |
| 515 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 516 | public boolean checkPasswordHistory(String password, int userId) { |
Geoffrey Borggaard | 987672d2 | 2014-07-18 16:47:18 -0400 | [diff] [blame] | 517 | String passwordHashString = new String( |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 518 | passwordToHash(password, userId), StandardCharsets.UTF_8); |
| 519 | String passwordHistory = getString(PASSWORD_HISTORY_KEY, userId); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 520 | if (passwordHistory == null) { |
| 521 | return false; |
| 522 | } |
| 523 | // Password History may be too long... |
| 524 | int passwordHashLength = passwordHashString.length(); |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 525 | int passwordHistoryLength = getRequestedPasswordHistoryLength(userId); |
Konstantin Lopyrev | 3255823 | 2010-05-20 16:18:05 -0700 | [diff] [blame] | 526 | if(passwordHistoryLength == 0) { |
| 527 | return false; |
| 528 | } |
| 529 | int neededPasswordHistoryLength = passwordHashLength * passwordHistoryLength |
| 530 | + passwordHistoryLength - 1; |
| 531 | if (passwordHistory.length() > neededPasswordHistoryLength) { |
| 532 | passwordHistory = passwordHistory.substring(0, neededPasswordHistoryLength); |
| 533 | } |
| 534 | return passwordHistory.contains(passwordHashString); |
Konstantin Lopyrev | 863f22d | 2010-05-12 17:16:58 -0700 | [diff] [blame] | 535 | } |
| 536 | |
| 537 | /** |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 538 | * Check to see if the user has stored a lock pattern. |
| 539 | * @return Whether a saved pattern exists. |
| 540 | */ |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 541 | private boolean savedPatternExists(int userId) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 542 | try { |
Adrian Roos | 50bfeec | 2014-11-20 16:21:11 +0100 | [diff] [blame] | 543 | return getLockSettings().havePattern(userId); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 544 | } catch (RemoteException re) { |
| 545 | return false; |
| 546 | } |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 547 | } |
| 548 | |
| 549 | /** |
| 550 | * Check to see if the user has stored a lock pattern. |
| 551 | * @return Whether a saved pattern exists. |
| 552 | */ |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 553 | private boolean savedPasswordExists(int userId) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 554 | try { |
Adrian Roos | 50bfeec | 2014-11-20 16:21:11 +0100 | [diff] [blame] | 555 | return getLockSettings().havePassword(userId); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 556 | } catch (RemoteException re) { |
| 557 | return false; |
| 558 | } |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 559 | } |
| 560 | |
| 561 | /** |
The Android Open Source Project | ba87e3e | 2009-03-13 13:04:22 -0700 | [diff] [blame] | 562 | * Return true if the user has ever chosen a pattern. This is true even if the pattern is |
| 563 | * currently cleared. |
| 564 | * |
| 565 | * @return True if the user has ever chosen a pattern. |
| 566 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 567 | public boolean isPatternEverChosen(int userId) { |
| 568 | return getBoolean(PATTERN_EVER_CHOSEN_KEY, false, userId); |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 569 | } |
| 570 | |
| 571 | /** |
Bryan Mawhinney | e483b56 | 2017-05-15 14:46:05 +0100 | [diff] [blame] | 572 | * Records that the user has chosen a pattern at some time, even if the pattern is |
| 573 | * currently cleared. |
| 574 | */ |
| 575 | public void reportPatternWasChosen(int userId) { |
| 576 | setBoolean(PATTERN_EVER_CHOSEN_KEY, true, userId); |
| 577 | } |
| 578 | |
| 579 | /** |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 580 | * Used by device policy manager to validate the current password |
| 581 | * information it has. |
| 582 | */ |
| 583 | public int getActivePasswordQuality(int userId) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 584 | int quality = getKeyguardStoredPasswordQuality(userId); |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 585 | |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 586 | if (isLockPasswordEnabled(quality, userId)) { |
| 587 | // Quality is a password and a password exists. Return the quality. |
| 588 | return quality; |
| 589 | } |
| 590 | |
| 591 | if (isLockPatternEnabled(quality, userId)) { |
| 592 | // Quality is a pattern and a pattern exists. Return the quality. |
| 593 | return quality; |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 594 | } |
Danielle Millett | c8fb532 | 2011-10-04 12:18:51 -0400 | [diff] [blame] | 595 | |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 596 | return PASSWORD_QUALITY_UNSPECIFIED; |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 597 | } |
Jim Miller | cd70988 | 2010-03-25 18:24:02 -0700 | [diff] [blame] | 598 | |
Dianne Hackborn | 85f2c9c | 2010-03-22 11:12:48 -0700 | [diff] [blame] | 599 | /** |
Ricky Wai | 4613fe4 | 2016-05-24 11:11:42 +0100 | [diff] [blame] | 600 | * Use it to reset keystore without wiping work profile |
| 601 | */ |
| 602 | public void resetKeyStore(int userId) { |
| 603 | try { |
| 604 | getLockSettings().resetKeyStore(userId); |
| 605 | } catch (RemoteException e) { |
| 606 | // It should not happen |
| 607 | Log.e(TAG, "Couldn't reset keystore " + e); |
| 608 | } |
| 609 | } |
| 610 | |
| 611 | /** |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 612 | * Clear any lock pattern or password. |
| 613 | */ |
Rubin Xu | a55b168 | 2017-01-31 10:06:56 +0000 | [diff] [blame] | 614 | public void clearLock(String savedCredential, int userHandle) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 615 | final int currentQuality = getKeyguardStoredPasswordQuality(userHandle); |
| 616 | setKeyguardStoredPasswordQuality(PASSWORD_QUALITY_UNSPECIFIED, userHandle); |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 617 | |
Rubin Xu | a55b168 | 2017-01-31 10:06:56 +0000 | [diff] [blame] | 618 | try{ |
| 619 | getLockSettings().setLockCredential(null, CREDENTIAL_TYPE_NONE, savedCredential, |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 620 | PASSWORD_QUALITY_UNSPECIFIED, userHandle); |
| 621 | } catch (Exception e) { |
| 622 | Log.e(TAG, "Failed to clear lock", e); |
| 623 | setKeyguardStoredPasswordQuality(currentQuality, userHandle); |
| 624 | return; |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 625 | } |
| 626 | |
Xiaohui Chen | 86c69dd | 2015-08-27 15:44:02 -0700 | [diff] [blame] | 627 | if (userHandle == UserHandle.USER_SYSTEM) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 628 | // Set the encryption password to default. |
| 629 | updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null); |
Robin Lee | d39113e | 2016-01-22 15:44:49 +0000 | [diff] [blame] | 630 | setCredentialRequiredToDecrypt(false); |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 631 | } |
| 632 | |
Adrian Roos | f8f56bc | 2014-11-20 23:55:34 +0100 | [diff] [blame] | 633 | onAfterChangingPassword(userHandle); |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 634 | } |
Jim Miller | 5b0fb3a | 2010-02-23 13:46:35 -0800 | [diff] [blame] | 635 | |
Dianne Hackborn | df83afa | 2010-01-20 13:37:26 -0800 | [diff] [blame] | 636 | /** |
Benjamin Franz | 51ed794 | 2015-04-07 16:34:56 +0100 | [diff] [blame] | 637 | * Disable showing lock screen at all for a given user. |
| 638 | * This is only meaningful if pattern, pin or password are not set. |
Jim Miller | 2a98a4c | 2010-11-19 18:49:26 -0800 | [diff] [blame] | 639 | * |
Benjamin Franz | 51ed794 | 2015-04-07 16:34:56 +0100 | [diff] [blame] | 640 | * @param disable Disables lock screen when true |
| 641 | * @param userId User ID of the user this has effect on |
| 642 | */ |
| 643 | public void setLockScreenDisabled(boolean disable, int userId) { |
| 644 | setBoolean(DISABLE_LOCKSCREEN_KEY, disable, userId); |
| 645 | } |
| 646 | |
| 647 | /** |
| 648 | * Determine if LockScreen is disabled for the current user. This is used to decide whether |
| 649 | * LockScreen is shown after reboot or after screen timeout / short press on power. |
| 650 | * |
| 651 | * @return true if lock screen is disabled |
Jim Miller | 2a98a4c | 2010-11-19 18:49:26 -0800 | [diff] [blame] | 652 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 653 | public boolean isLockScreenDisabled(int userId) { |
Evan Rosky | 2eff745 | 2016-06-09 12:32:33 -0700 | [diff] [blame] | 654 | if (isSecure(userId)) { |
| 655 | return false; |
| 656 | } |
| 657 | boolean disabledByDefault = mContext.getResources().getBoolean( |
| 658 | com.android.internal.R.bool.config_disableLockscreenByDefault); |
| 659 | boolean isSystemUser = UserManager.isSplitSystemUser() && userId == UserHandle.USER_SYSTEM; |
Christine Franks | 5856be8 | 2017-06-23 18:12:46 -0700 | [diff] [blame] | 660 | UserInfo userInfo = getUserManager().getUserInfo(userId); |
| 661 | boolean isDemoUser = UserManager.isDeviceInDemoMode(mContext) && userInfo != null |
| 662 | && userInfo.isDemo(); |
Evan Rosky | 2eff745 | 2016-06-09 12:32:33 -0700 | [diff] [blame] | 663 | return getBoolean(DISABLE_LOCKSCREEN_KEY, false, userId) |
Christine Franks | 5856be8 | 2017-06-23 18:12:46 -0700 | [diff] [blame] | 664 | || (disabledByDefault && !isSystemUser) |
| 665 | || isDemoUser; |
Jim Miller | 2a98a4c | 2010-11-19 18:49:26 -0800 | [diff] [blame] | 666 | } |
| 667 | |
| 668 | /** |
Jim Miller | 6edf263 | 2011-09-05 16:03:14 -0700 | [diff] [blame] | 669 | * Save a lock pattern. |
| 670 | * @param pattern The new pattern to save. |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 671 | * @param userId the user whose pattern is to be saved. |
Danielle Millett | 2364a22 | 2011-12-21 17:02:32 -0500 | [diff] [blame] | 672 | */ |
Andres Morales | 8fa5665 | 2015-03-31 09:19:50 -0700 | [diff] [blame] | 673 | public void saveLockPattern(List<LockPatternView.Cell> pattern, int userId) { |
| 674 | this.saveLockPattern(pattern, null, userId); |
| 675 | } |
Danielle Millett | 2364a22 | 2011-12-21 17:02:32 -0500 | [diff] [blame] | 676 | /** |
| 677 | * Save a lock pattern. |
| 678 | * @param pattern The new pattern to save. |
Andres Morales | 8fa5665 | 2015-03-31 09:19:50 -0700 | [diff] [blame] | 679 | * @param savedPattern The previously saved pattern, converted to String format |
Adrian Roos | f8f56bc | 2014-11-20 23:55:34 +0100 | [diff] [blame] | 680 | * @param userId the user whose pattern is to be saved. |
| 681 | */ |
Andres Morales | 8fa5665 | 2015-03-31 09:19:50 -0700 | [diff] [blame] | 682 | public void saveLockPattern(List<LockPatternView.Cell> pattern, String savedPattern, int userId) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 683 | if (pattern == null || pattern.size() < MIN_LOCK_PATTERN_SIZE) { |
| 684 | throw new IllegalArgumentException("pattern must not be null and at least " |
| 685 | + MIN_LOCK_PATTERN_SIZE + " dots long."); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 686 | } |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 687 | |
| 688 | final String stringPattern = patternToString(pattern); |
| 689 | final int currentQuality = getKeyguardStoredPasswordQuality(userId); |
| 690 | setKeyguardStoredPasswordQuality(PASSWORD_QUALITY_SOMETHING, userId); |
| 691 | try { |
| 692 | getLockSettings().setLockCredential(stringPattern, CREDENTIAL_TYPE_PATTERN, |
| 693 | savedPattern, PASSWORD_QUALITY_SOMETHING, userId); |
| 694 | } catch (Exception e) { |
| 695 | Log.e(TAG, "Couldn't save lock pattern", e); |
| 696 | setKeyguardStoredPasswordQuality(currentQuality, userId); |
| 697 | return; |
| 698 | } |
| 699 | // Update the device encryption password. |
| 700 | if (userId == UserHandle.USER_SYSTEM |
| 701 | && LockPatternUtils.isDeviceEncryptionEnabled()) { |
| 702 | if (!shouldEncryptWithCredentials(true)) { |
| 703 | clearEncryptionPassword(); |
| 704 | } else { |
| 705 | updateEncryptionPassword(StorageManager.CRYPT_TYPE_PATTERN, stringPattern); |
| 706 | } |
| 707 | } |
| 708 | |
| 709 | reportPatternWasChosen(userId); |
| 710 | onAfterChangingPassword(userId); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 711 | } |
| 712 | |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 713 | private void updateCryptoUserInfo(int userId) { |
Xiaohui Chen | 86c69dd | 2015-08-27 15:44:02 -0700 | [diff] [blame] | 714 | if (userId != UserHandle.USER_SYSTEM) { |
Paul Lawrence | e51dcf9 | 2014-03-18 10:56:00 -0700 | [diff] [blame] | 715 | return; |
| 716 | } |
| 717 | |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 718 | final String ownerInfo = isOwnerInfoEnabled(userId) ? getOwnerInfo(userId) : ""; |
Paul Lawrence | e51dcf9 | 2014-03-18 10:56:00 -0700 | [diff] [blame] | 719 | |
| 720 | IBinder service = ServiceManager.getService("mount"); |
| 721 | if (service == null) { |
| 722 | Log.e(TAG, "Could not find the mount service to update the user info"); |
| 723 | return; |
| 724 | } |
| 725 | |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 726 | IStorageManager storageManager = IStorageManager.Stub.asInterface(service); |
Paul Lawrence | e51dcf9 | 2014-03-18 10:56:00 -0700 | [diff] [blame] | 727 | try { |
| 728 | Log.d(TAG, "Setting owner info"); |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 729 | storageManager.setField(StorageManager.OWNER_INFO_KEY, ownerInfo); |
Paul Lawrence | e51dcf9 | 2014-03-18 10:56:00 -0700 | [diff] [blame] | 730 | } catch (RemoteException e) { |
| 731 | Log.e(TAG, "Error changing user info", e); |
| 732 | } |
| 733 | } |
| 734 | |
Jim Miller | 187ec58 | 2013-04-15 18:27:54 -0700 | [diff] [blame] | 735 | public void setOwnerInfo(String info, int userId) { |
| 736 | setString(LOCK_SCREEN_OWNER_INFO, info, userId); |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 737 | updateCryptoUserInfo(userId); |
Jim Miller | 187ec58 | 2013-04-15 18:27:54 -0700 | [diff] [blame] | 738 | } |
| 739 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 740 | public void setOwnerInfoEnabled(boolean enabled, int userId) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 741 | setBoolean(LOCK_SCREEN_OWNER_INFO_ENABLED, enabled, userId); |
| 742 | updateCryptoUserInfo(userId); |
Jim Miller | 187ec58 | 2013-04-15 18:27:54 -0700 | [diff] [blame] | 743 | } |
| 744 | |
| 745 | public String getOwnerInfo(int userId) { |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 746 | return getString(LOCK_SCREEN_OWNER_INFO, userId); |
Jim Miller | 187ec58 | 2013-04-15 18:27:54 -0700 | [diff] [blame] | 747 | } |
| 748 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 749 | public boolean isOwnerInfoEnabled(int userId) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 750 | return getBoolean(LOCK_SCREEN_OWNER_INFO_ENABLED, false, userId); |
Jim Miller | 187ec58 | 2013-04-15 18:27:54 -0700 | [diff] [blame] | 751 | } |
| 752 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 753 | /** |
Andrei Stingaceanu | 6644cd9 | 2015-11-10 13:03:31 +0000 | [diff] [blame] | 754 | * Sets the device owner information. If the information is {@code null} or empty then the |
| 755 | * device owner info is cleared. |
| 756 | * |
| 757 | * @param info Device owner information which will be displayed instead of the user |
| 758 | * owner info. |
| 759 | */ |
| 760 | public void setDeviceOwnerInfo(String info) { |
| 761 | if (info != null && info.isEmpty()) { |
| 762 | info = null; |
| 763 | } |
| 764 | |
| 765 | setString(LOCK_SCREEN_DEVICE_OWNER_INFO, info, UserHandle.USER_SYSTEM); |
| 766 | } |
| 767 | |
| 768 | public String getDeviceOwnerInfo() { |
| 769 | return getString(LOCK_SCREEN_DEVICE_OWNER_INFO, UserHandle.USER_SYSTEM); |
| 770 | } |
| 771 | |
| 772 | public boolean isDeviceOwnerInfoEnabled() { |
| 773 | return getDeviceOwnerInfo() != null; |
| 774 | } |
| 775 | |
Jason parks | f7b3cd4 | 2011-01-27 09:28:25 -0600 | [diff] [blame] | 776 | /** Update the encryption password if it is enabled **/ |
Paul Lawrence | 3a5a0be | 2014-09-25 09:26:34 -0700 | [diff] [blame] | 777 | private void updateEncryptionPassword(final int type, final String password) { |
Amith Yamasani | cd410ba | 2014-10-17 11:16:58 -0700 | [diff] [blame] | 778 | if (!isDeviceEncryptionEnabled()) { |
Jason parks | f7b3cd4 | 2011-01-27 09:28:25 -0600 | [diff] [blame] | 779 | return; |
| 780 | } |
Paul Lawrence | 3a5a0be | 2014-09-25 09:26:34 -0700 | [diff] [blame] | 781 | final IBinder service = ServiceManager.getService("mount"); |
Jason parks | f7b3cd4 | 2011-01-27 09:28:25 -0600 | [diff] [blame] | 782 | if (service == null) { |
| 783 | Log.e(TAG, "Could not find the mount service to update the encryption password"); |
| 784 | return; |
| 785 | } |
| 786 | |
Paul Lawrence | 3a5a0be | 2014-09-25 09:26:34 -0700 | [diff] [blame] | 787 | new AsyncTask<Void, Void, Void>() { |
| 788 | @Override |
| 789 | protected Void doInBackground(Void... dummy) { |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 790 | IStorageManager storageManager = IStorageManager.Stub.asInterface(service); |
Paul Lawrence | 3a5a0be | 2014-09-25 09:26:34 -0700 | [diff] [blame] | 791 | try { |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 792 | storageManager.changeEncryptionPassword(type, password); |
Paul Lawrence | 3a5a0be | 2014-09-25 09:26:34 -0700 | [diff] [blame] | 793 | } catch (RemoteException e) { |
| 794 | Log.e(TAG, "Error changing encryption password", e); |
| 795 | } |
| 796 | return null; |
| 797 | } |
| 798 | }.execute(); |
Jason parks | f7b3cd4 | 2011-01-27 09:28:25 -0600 | [diff] [blame] | 799 | } |
| 800 | |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 801 | /** |
Jim Miller | cd70988 | 2010-03-25 18:24:02 -0700 | [diff] [blame] | 802 | * Save a lock password. Does not ensure that the password is as good |
Dianne Hackborn | 9327f4f | 2010-01-29 10:38:29 -0800 | [diff] [blame] | 803 | * as the requested mode, but will adjust the mode to be as good as the |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 804 | * password. |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 805 | * @param password The password to save |
Andres Morales | 8fa5665 | 2015-03-31 09:19:50 -0700 | [diff] [blame] | 806 | * @param savedPassword The previously saved lock password, or null if none |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 807 | * @param requestedQuality {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 808 | * @param userHandle The userId of the user to change the password for |
| 809 | */ |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 810 | public void saveLockPassword(String password, String savedPassword, int requestedQuality, |
Andres Morales | 8fa5665 | 2015-03-31 09:19:50 -0700 | [diff] [blame] | 811 | int userHandle) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 812 | if (password == null || password.length() < MIN_LOCK_PASSWORD_SIZE) { |
| 813 | throw new IllegalArgumentException("password must not be null and at least " |
| 814 | + "of length " + MIN_LOCK_PASSWORD_SIZE); |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 815 | } |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 816 | |
| 817 | final int currentQuality = getKeyguardStoredPasswordQuality(userHandle); |
| 818 | setKeyguardStoredPasswordQuality( |
| 819 | computePasswordQuality(CREDENTIAL_TYPE_PASSWORD, password, requestedQuality), |
| 820 | userHandle); |
| 821 | try { |
| 822 | getLockSettings().setLockCredential(password, CREDENTIAL_TYPE_PASSWORD, |
| 823 | savedPassword, requestedQuality, userHandle); |
| 824 | } catch (Exception e) { |
| 825 | Log.e(TAG, "Unable to save lock password", e); |
| 826 | setKeyguardStoredPasswordQuality(currentQuality, userHandle); |
| 827 | return; |
| 828 | } |
| 829 | |
| 830 | updateEncryptionPasswordIfNeeded(password, |
| 831 | PasswordMetrics.computeForPassword(password).quality, userHandle); |
| 832 | updatePasswordHistory(password, userHandle); |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 833 | } |
| 834 | |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 835 | /** |
| 836 | * Update device encryption password if calling user is USER_SYSTEM and device supports |
| 837 | * encryption. |
| 838 | */ |
| 839 | private void updateEncryptionPasswordIfNeeded(String password, int quality, int userHandle) { |
Rubin Xu | a55b168 | 2017-01-31 10:06:56 +0000 | [diff] [blame] | 840 | // Update the device encryption password. |
| 841 | if (userHandle == UserHandle.USER_SYSTEM |
| 842 | && LockPatternUtils.isDeviceEncryptionEnabled()) { |
| 843 | if (!shouldEncryptWithCredentials(true)) { |
| 844 | clearEncryptionPassword(); |
| 845 | } else { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 846 | boolean numeric = quality == PASSWORD_QUALITY_NUMERIC; |
| 847 | boolean numericComplex = quality == PASSWORD_QUALITY_NUMERIC_COMPLEX; |
Rubin Xu | a55b168 | 2017-01-31 10:06:56 +0000 | [diff] [blame] | 848 | int type = numeric || numericComplex ? StorageManager.CRYPT_TYPE_PIN |
| 849 | : StorageManager.CRYPT_TYPE_PASSWORD; |
| 850 | updateEncryptionPassword(type, password); |
| 851 | } |
| 852 | } |
| 853 | } |
| 854 | |
| 855 | private void updatePasswordHistory(String password, int userHandle) { |
| 856 | |
| 857 | // Add the password to the password history. We assume all |
| 858 | // password hashes have the same length for simplicity of implementation. |
| 859 | String passwordHistory = getString(PASSWORD_HISTORY_KEY, userHandle); |
| 860 | if (passwordHistory == null) { |
| 861 | passwordHistory = ""; |
| 862 | } |
| 863 | int passwordHistoryLength = getRequestedPasswordHistoryLength(userHandle); |
| 864 | if (passwordHistoryLength == 0) { |
| 865 | passwordHistory = ""; |
| 866 | } else { |
| 867 | byte[] hash = passwordToHash(password, userHandle); |
| 868 | passwordHistory = new String(hash, StandardCharsets.UTF_8) + "," + passwordHistory; |
| 869 | // Cut it to contain passwordHistoryLength hashes |
| 870 | // and passwordHistoryLength -1 commas. |
| 871 | passwordHistory = passwordHistory.substring(0, Math.min(hash.length |
| 872 | * passwordHistoryLength + passwordHistoryLength - 1, passwordHistory |
| 873 | .length())); |
| 874 | } |
| 875 | setString(PASSWORD_HISTORY_KEY, passwordHistory, userHandle); |
| 876 | onAfterChangingPassword(userHandle); |
| 877 | } |
| 878 | |
Jim Miller | cd70988 | 2010-03-25 18:24:02 -0700 | [diff] [blame] | 879 | /** |
Jim Miller | 6848dc8 | 2014-10-13 18:51:53 -0700 | [diff] [blame] | 880 | * Determine if the device supports encryption, even if it's set to default. This |
| 881 | * differs from isDeviceEncrypted() in that it returns true even if the device is |
| 882 | * encrypted with the default password. |
| 883 | * @return true if device encryption is enabled |
| 884 | */ |
| 885 | public static boolean isDeviceEncryptionEnabled() { |
Paul Lawrence | 20be5d6 | 2016-02-26 13:51:17 -0800 | [diff] [blame] | 886 | return StorageManager.isEncrypted(); |
Jim Miller | 6848dc8 | 2014-10-13 18:51:53 -0700 | [diff] [blame] | 887 | } |
| 888 | |
| 889 | /** |
Paul Lawrence | 5c21c70 | 2016-01-29 13:26:19 -0800 | [diff] [blame] | 890 | * Determine if the device is file encrypted |
| 891 | * @return true if device is file encrypted |
| 892 | */ |
| 893 | public static boolean isFileEncryptionEnabled() { |
Paul Lawrence | 20be5d6 | 2016-02-26 13:51:17 -0800 | [diff] [blame] | 894 | return StorageManager.isFileEncryptedNativeOrEmulated(); |
Paul Lawrence | 5c21c70 | 2016-01-29 13:26:19 -0800 | [diff] [blame] | 895 | } |
| 896 | |
| 897 | /** |
Svetoslav | 16e4a1a | 2014-09-29 18:16:20 -0700 | [diff] [blame] | 898 | * Clears the encryption password. |
| 899 | */ |
| 900 | public void clearEncryptionPassword() { |
| 901 | updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null); |
| 902 | } |
| 903 | |
| 904 | /** |
Adrian Roos | 1572ee3 | 2014-09-01 16:24:32 +0200 | [diff] [blame] | 905 | * Retrieves the quality mode for {@param userHandle}. |
| 906 | * {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| 907 | * |
| 908 | * @return stored password quality |
| 909 | */ |
| 910 | public int getKeyguardStoredPasswordQuality(int userHandle) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 911 | return (int) getLong(PASSWORD_TYPE_KEY, PASSWORD_QUALITY_UNSPECIFIED, userHandle); |
| 912 | } |
| 913 | |
| 914 | private void setKeyguardStoredPasswordQuality(int quality, int userHandle) { |
| 915 | setLong(PASSWORD_TYPE_KEY, quality, userHandle); |
Jim Miller | 6edf263 | 2011-09-05 16:03:14 -0700 | [diff] [blame] | 916 | } |
| 917 | |
Danielle Millett | 5839698 | 2011-09-30 13:55:07 -0400 | [diff] [blame] | 918 | /** |
Rubin Xu | 7cf4509 | 2017-08-28 11:47:35 +0100 | [diff] [blame] | 919 | * Returns the password quality of the given credential, promoting it to a higher level |
| 920 | * if DevicePolicyManager has a stronger quality requirement. This value will be written |
| 921 | * to PASSWORD_TYPE_KEY. |
| 922 | */ |
| 923 | private int computePasswordQuality(int type, String credential, int requestedQuality) { |
| 924 | final int quality; |
| 925 | if (type == CREDENTIAL_TYPE_PASSWORD) { |
| 926 | int computedQuality = PasswordMetrics.computeForPassword(credential).quality; |
| 927 | quality = Math.max(requestedQuality, computedQuality); |
| 928 | } else if (type == CREDENTIAL_TYPE_PATTERN) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 929 | quality = PASSWORD_QUALITY_SOMETHING; |
Rubin Xu | 7cf4509 | 2017-08-28 11:47:35 +0100 | [diff] [blame] | 930 | } else /* if (type == CREDENTIAL_TYPE_NONE) */ { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 931 | quality = PASSWORD_QUALITY_UNSPECIFIED; |
Rubin Xu | 7cf4509 | 2017-08-28 11:47:35 +0100 | [diff] [blame] | 932 | } |
| 933 | return quality; |
| 934 | } |
| 935 | |
| 936 | /** |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 937 | * Enables/disables the Separate Profile Challenge for this {@param userHandle}. This is a no-op |
| 938 | * for user handles that do not belong to a managed profile. |
Ricky Wai | dc283a8 | 2016-03-24 19:55:08 +0000 | [diff] [blame] | 939 | * |
| 940 | * @param userHandle Managed profile user id |
| 941 | * @param enabled True if separate challenge is enabled |
| 942 | * @param managedUserPassword Managed profile previous password. Null when {@param enabled} is |
| 943 | * true |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 944 | */ |
Ricky Wai | dc283a8 | 2016-03-24 19:55:08 +0000 | [diff] [blame] | 945 | public void setSeparateProfileChallengeEnabled(int userHandle, boolean enabled, |
| 946 | String managedUserPassword) { |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 947 | if (!isManagedProfile(userHandle)) { |
| 948 | return; |
| 949 | } |
| 950 | try { |
| 951 | getLockSettings().setSeparateProfileChallengeEnabled(userHandle, enabled, |
| 952 | managedUserPassword); |
| 953 | onAfterChangingPassword(userHandle); |
| 954 | } catch (RemoteException e) { |
| 955 | Log.e(TAG, "Couldn't update work profile challenge enabled"); |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 956 | } |
| 957 | } |
| 958 | |
| 959 | /** |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 960 | * Returns true if {@param userHandle} is a managed profile with separate challenge. |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 961 | */ |
| 962 | public boolean isSeparateProfileChallengeEnabled(int userHandle) { |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 963 | return isManagedProfile(userHandle) && hasSeparateChallenge(userHandle); |
| 964 | } |
| 965 | |
| 966 | /** |
| 967 | * Returns true if {@param userHandle} is a managed profile with unified challenge. |
| 968 | */ |
| 969 | public boolean isManagedProfileWithUnifiedChallenge(int userHandle) { |
| 970 | return isManagedProfile(userHandle) && !hasSeparateChallenge(userHandle); |
| 971 | } |
| 972 | |
| 973 | /** |
| 974 | * Retrieves whether the current DPM allows use of the Profile Challenge. |
| 975 | */ |
| 976 | public boolean isSeparateProfileChallengeAllowed(int userHandle) { |
| 977 | return isManagedProfile(userHandle) |
| 978 | && getDevicePolicyManager().isSeparateProfileChallengeAllowed(userHandle); |
| 979 | } |
| 980 | |
| 981 | /** |
| 982 | * Retrieves whether the current profile and device locks can be unified. |
Pavel Grafov | c4f87e9 | 2017-10-26 16:34:25 +0100 | [diff] [blame] | 983 | * @param userHandle profile user handle. |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 984 | */ |
| 985 | public boolean isSeparateProfileChallengeAllowedToUnify(int userHandle) { |
Pavel Grafov | c4f87e9 | 2017-10-26 16:34:25 +0100 | [diff] [blame] | 986 | return getDevicePolicyManager().isProfileActivePasswordSufficientForParent(userHandle) |
| 987 | && !getUserManager().hasUserRestriction( |
| 988 | UserManager.DISALLOW_UNIFIED_PASSWORD, UserHandle.of(userHandle)); |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 989 | } |
| 990 | |
| 991 | private boolean hasSeparateChallenge(int userHandle) { |
Ricky Wai | dc283a8 | 2016-03-24 19:55:08 +0000 | [diff] [blame] | 992 | try { |
| 993 | return getLockSettings().getSeparateProfileChallengeEnabled(userHandle); |
| 994 | } catch (RemoteException e) { |
| 995 | Log.e(TAG, "Couldn't get separate profile challenge enabled"); |
| 996 | // Default value is false |
| 997 | return false; |
| 998 | } |
Clara Bayarri | a177111 | 2015-12-18 16:29:18 +0000 | [diff] [blame] | 999 | } |
| 1000 | |
Pavel Grafov | b319125 | 2017-07-14 12:30:31 +0100 | [diff] [blame] | 1001 | private boolean isManagedProfile(int userHandle) { |
| 1002 | final UserInfo info = getUserManager().getUserInfo(userHandle); |
| 1003 | return info != null && info.isManagedProfile(); |
Clara Bayarri | d769391 | 2016-01-22 17:26:31 +0000 | [diff] [blame] | 1004 | } |
| 1005 | |
| 1006 | /** |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1007 | * Deserialize a pattern. |
| 1008 | * @param string The pattern serialized with {@link #patternToString} |
| 1009 | * @return The pattern. |
| 1010 | */ |
| 1011 | public static List<LockPatternView.Cell> stringToPattern(String string) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 1012 | if (string == null) { |
| 1013 | return null; |
| 1014 | } |
| 1015 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1016 | List<LockPatternView.Cell> result = Lists.newArrayList(); |
| 1017 | |
| 1018 | final byte[] bytes = string.getBytes(); |
| 1019 | for (int i = 0; i < bytes.length; i++) { |
Andres Morales | e40bad8 | 2015-05-28 14:21:36 -0700 | [diff] [blame] | 1020 | byte b = (byte) (bytes[i] - '1'); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1021 | result.add(LockPatternView.Cell.of(b / 3, b % 3)); |
| 1022 | } |
| 1023 | return result; |
| 1024 | } |
| 1025 | |
| 1026 | /** |
| 1027 | * Serialize a pattern. |
| 1028 | * @param pattern The pattern. |
| 1029 | * @return The pattern in string form. |
| 1030 | */ |
| 1031 | public static String patternToString(List<LockPatternView.Cell> pattern) { |
| 1032 | if (pattern == null) { |
| 1033 | return ""; |
| 1034 | } |
| 1035 | final int patternSize = pattern.size(); |
| 1036 | |
| 1037 | byte[] res = new byte[patternSize]; |
| 1038 | for (int i = 0; i < patternSize; i++) { |
| 1039 | LockPatternView.Cell cell = pattern.get(i); |
Andres Morales | e40bad8 | 2015-05-28 14:21:36 -0700 | [diff] [blame] | 1040 | res[i] = (byte) (cell.getRow() * 3 + cell.getColumn() + '1'); |
| 1041 | } |
| 1042 | return new String(res); |
| 1043 | } |
| 1044 | |
| 1045 | public static String patternStringToBaseZero(String pattern) { |
| 1046 | if (pattern == null) { |
| 1047 | return ""; |
| 1048 | } |
| 1049 | final int patternSize = pattern.length(); |
| 1050 | |
| 1051 | byte[] res = new byte[patternSize]; |
| 1052 | final byte[] bytes = pattern.getBytes(); |
| 1053 | for (int i = 0; i < patternSize; i++) { |
| 1054 | res[i] = (byte) (bytes[i] - '1'); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1055 | } |
| 1056 | return new String(res); |
| 1057 | } |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1058 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1059 | /* |
| 1060 | * Generate an SHA-1 hash for the pattern. Not the most secure, but it is |
| 1061 | * at least a second level of protection. First level is that the file |
| 1062 | * is in a location only readable by the system process. |
| 1063 | * @param pattern the gesture pattern. |
| 1064 | * @return the hash of the pattern in a byte array. |
| 1065 | */ |
Jim Miller | de1af08 | 2013-09-11 14:58:26 -0700 | [diff] [blame] | 1066 | public static byte[] patternToHash(List<LockPatternView.Cell> pattern) { |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1067 | if (pattern == null) { |
| 1068 | return null; |
| 1069 | } |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1070 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1071 | final int patternSize = pattern.size(); |
| 1072 | byte[] res = new byte[patternSize]; |
| 1073 | for (int i = 0; i < patternSize; i++) { |
| 1074 | LockPatternView.Cell cell = pattern.get(i); |
| 1075 | res[i] = (byte) (cell.getRow() * 3 + cell.getColumn()); |
| 1076 | } |
| 1077 | try { |
| 1078 | MessageDigest md = MessageDigest.getInstance("SHA-1"); |
| 1079 | byte[] hash = md.digest(res); |
| 1080 | return hash; |
| 1081 | } catch (NoSuchAlgorithmException nsa) { |
| 1082 | return res; |
| 1083 | } |
| 1084 | } |
| 1085 | |
Geoffrey Borggaard | 987672d2 | 2014-07-18 16:47:18 -0400 | [diff] [blame] | 1086 | private String getSalt(int userId) { |
| 1087 | long salt = getLong(LOCK_PASSWORD_SALT_KEY, 0, userId); |
Jim Miller | 11b019d | 2010-01-20 16:34:45 -0800 | [diff] [blame] | 1088 | if (salt == 0) { |
| 1089 | try { |
| 1090 | salt = SecureRandom.getInstance("SHA1PRNG").nextLong(); |
Geoffrey Borggaard | 987672d2 | 2014-07-18 16:47:18 -0400 | [diff] [blame] | 1091 | setLong(LOCK_PASSWORD_SALT_KEY, salt, userId); |
| 1092 | Log.v(TAG, "Initialized lock password salt for user: " + userId); |
Jim Miller | 11b019d | 2010-01-20 16:34:45 -0800 | [diff] [blame] | 1093 | } catch (NoSuchAlgorithmException e) { |
| 1094 | // Throw an exception rather than storing a password we'll never be able to recover |
| 1095 | throw new IllegalStateException("Couldn't get SecureRandom number", e); |
| 1096 | } |
| 1097 | } |
| 1098 | return Long.toHexString(salt); |
| 1099 | } |
| 1100 | |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1101 | /* |
| 1102 | * Generate a hash for the given password. To avoid brute force attacks, we use a salted hash. |
| 1103 | * Not the most secure, but it is at least a second level of protection. First level is that |
| 1104 | * the file is in a location only readable by the system process. |
Narayan Kamath | 78108a3 | 2014-12-16 12:56:23 +0000 | [diff] [blame] | 1105 | * |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1106 | * @param password the gesture pattern. |
Narayan Kamath | 78108a3 | 2014-12-16 12:56:23 +0000 | [diff] [blame] | 1107 | * |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1108 | * @return the hash of the pattern in a byte array. |
| 1109 | */ |
Geoffrey Borggaard | 987672d2 | 2014-07-18 16:47:18 -0400 | [diff] [blame] | 1110 | public byte[] passwordToHash(String password, int userId) { |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1111 | if (password == null) { |
| 1112 | return null; |
| 1113 | } |
Narayan Kamath | 78108a3 | 2014-12-16 12:56:23 +0000 | [diff] [blame] | 1114 | |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1115 | try { |
Geoffrey Borggaard | 987672d2 | 2014-07-18 16:47:18 -0400 | [diff] [blame] | 1116 | byte[] saltedPassword = (password + getSalt(userId)).getBytes(); |
Narayan Kamath | 78108a3 | 2014-12-16 12:56:23 +0000 | [diff] [blame] | 1117 | byte[] sha1 = MessageDigest.getInstance("SHA-1").digest(saltedPassword); |
| 1118 | byte[] md5 = MessageDigest.getInstance("MD5").digest(saltedPassword); |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1119 | |
Narayan Kamath | 78108a3 | 2014-12-16 12:56:23 +0000 | [diff] [blame] | 1120 | byte[] combined = new byte[sha1.length + md5.length]; |
| 1121 | System.arraycopy(sha1, 0, combined, 0, sha1.length); |
| 1122 | System.arraycopy(md5, 0, combined, sha1.length, md5.length); |
| 1123 | |
| 1124 | final char[] hexEncoded = HexEncoding.encode(combined); |
| 1125 | return new String(hexEncoded).getBytes(StandardCharsets.UTF_8); |
| 1126 | } catch (NoSuchAlgorithmException e) { |
| 1127 | throw new AssertionError("Missing digest algorithm: ", e); |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1128 | } |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1129 | } |
| 1130 | |
| 1131 | /** |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 1132 | * @param userId the user for which to report the value |
| 1133 | * @return Whether the lock screen is secured. |
| 1134 | */ |
| 1135 | public boolean isSecure(int userId) { |
| 1136 | int mode = getKeyguardStoredPasswordQuality(userId); |
| 1137 | return isLockPatternEnabled(mode, userId) || isLockPasswordEnabled(mode, userId); |
| 1138 | } |
| 1139 | |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 1140 | public boolean isLockPasswordEnabled(int userId) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 1141 | return isLockPasswordEnabled(getKeyguardStoredPasswordQuality(userId), userId); |
| 1142 | } |
| 1143 | |
| 1144 | private boolean isLockPasswordEnabled(int mode, int userId) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 1145 | final boolean passwordEnabled = mode == PASSWORD_QUALITY_ALPHABETIC |
| 1146 | || mode == PASSWORD_QUALITY_NUMERIC |
| 1147 | || mode == PASSWORD_QUALITY_NUMERIC_COMPLEX |
| 1148 | || mode == PASSWORD_QUALITY_ALPHANUMERIC |
| 1149 | || mode == PASSWORD_QUALITY_COMPLEX |
| 1150 | || mode == PASSWORD_QUALITY_MANAGED; |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 1151 | return passwordEnabled && savedPasswordExists(userId); |
Jim Miller | 69aa4a9 | 2009-12-22 19:03:28 -0800 | [diff] [blame] | 1152 | } |
| 1153 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1154 | /** |
Adrian Roos | 230635e | 2015-01-07 20:50:29 +0100 | [diff] [blame] | 1155 | * @return Whether the lock pattern is enabled |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1156 | */ |
Adrian Roos | 50bfeec | 2014-11-20 16:21:11 +0100 | [diff] [blame] | 1157 | public boolean isLockPatternEnabled(int userId) { |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 1158 | return isLockPatternEnabled(getKeyguardStoredPasswordQuality(userId), userId); |
Danielle Millett | 925a7d8 | 2012-03-19 18:02:20 -0400 | [diff] [blame] | 1159 | } |
| 1160 | |
Bryce Lee | 4614596 | 2015-12-14 14:39:10 -0800 | [diff] [blame] | 1161 | @Deprecated |
| 1162 | public boolean isLegacyLockPatternEnabled(int userId) { |
| 1163 | // Note: this value should default to {@code true} to avoid any reset that might result. |
| 1164 | // We must use a special key to read this value, since it will by default return the value |
| 1165 | // based on the new logic. |
| 1166 | return getBoolean(LEGACY_LOCK_PATTERN_ENABLED, true, userId); |
| 1167 | } |
| 1168 | |
| 1169 | @Deprecated |
| 1170 | public void setLegacyLockPatternEnabled(int userId) { |
| 1171 | setBoolean(Settings.Secure.LOCK_PATTERN_ENABLED, true, userId); |
| 1172 | } |
| 1173 | |
Adrian Roos | 9dd16eb | 2015-01-08 16:20:49 +0100 | [diff] [blame] | 1174 | private boolean isLockPatternEnabled(int mode, int userId) { |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 1175 | return mode == PASSWORD_QUALITY_SOMETHING && savedPatternExists(userId); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1176 | } |
| 1177 | |
| 1178 | /** |
| 1179 | * @return Whether the visible pattern is enabled. |
| 1180 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 1181 | public boolean isVisiblePatternEnabled(int userId) { |
| 1182 | return getBoolean(Settings.Secure.LOCK_PATTERN_VISIBLE, false, userId); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1183 | } |
| 1184 | |
| 1185 | /** |
| 1186 | * Set whether the visible pattern is enabled. |
| 1187 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 1188 | public void setVisiblePatternEnabled(boolean enabled, int userId) { |
Adrian Roos | dce0122 | 2015-01-07 22:39:01 +0100 | [diff] [blame] | 1189 | setBoolean(Settings.Secure.LOCK_PATTERN_VISIBLE, enabled, userId); |
Paul Lawrence | 878ba0a | 2014-08-20 13:08:01 -0700 | [diff] [blame] | 1190 | |
| 1191 | // Update for crypto if owner |
Xiaohui Chen | 86c69dd | 2015-08-27 15:44:02 -0700 | [diff] [blame] | 1192 | if (userId != UserHandle.USER_SYSTEM) { |
Paul Lawrence | 878ba0a | 2014-08-20 13:08:01 -0700 | [diff] [blame] | 1193 | return; |
| 1194 | } |
| 1195 | |
| 1196 | IBinder service = ServiceManager.getService("mount"); |
| 1197 | if (service == null) { |
| 1198 | Log.e(TAG, "Could not find the mount service to update the user info"); |
| 1199 | return; |
| 1200 | } |
| 1201 | |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 1202 | IStorageManager storageManager = IStorageManager.Stub.asInterface(service); |
Paul Lawrence | 878ba0a | 2014-08-20 13:08:01 -0700 | [diff] [blame] | 1203 | try { |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 1204 | storageManager.setField(StorageManager.PATTERN_VISIBLE_KEY, enabled ? "1" : "0"); |
Paul Lawrence | 878ba0a | 2014-08-20 13:08:01 -0700 | [diff] [blame] | 1205 | } catch (RemoteException e) { |
| 1206 | Log.e(TAG, "Error changing pattern visible state", e); |
| 1207 | } |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1208 | } |
| 1209 | |
Bryan Mawhinney | e483b56 | 2017-05-15 14:46:05 +0100 | [diff] [blame] | 1210 | public boolean isVisiblePatternEverChosen(int userId) { |
| 1211 | return getString(Settings.Secure.LOCK_PATTERN_VISIBLE, userId) != null; |
| 1212 | } |
| 1213 | |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1214 | /** |
Paul Lawrence | d8fdb33 | 2015-05-18 13:26:11 -0700 | [diff] [blame] | 1215 | * Set whether the visible password is enabled for cryptkeeper screen. |
| 1216 | */ |
| 1217 | public void setVisiblePasswordEnabled(boolean enabled, int userId) { |
| 1218 | // Update for crypto if owner |
Xiaohui Chen | 86c69dd | 2015-08-27 15:44:02 -0700 | [diff] [blame] | 1219 | if (userId != UserHandle.USER_SYSTEM) { |
Paul Lawrence | d8fdb33 | 2015-05-18 13:26:11 -0700 | [diff] [blame] | 1220 | return; |
| 1221 | } |
| 1222 | |
| 1223 | IBinder service = ServiceManager.getService("mount"); |
| 1224 | if (service == null) { |
| 1225 | Log.e(TAG, "Could not find the mount service to update the user info"); |
| 1226 | return; |
| 1227 | } |
| 1228 | |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 1229 | IStorageManager storageManager = IStorageManager.Stub.asInterface(service); |
Paul Lawrence | d8fdb33 | 2015-05-18 13:26:11 -0700 | [diff] [blame] | 1230 | try { |
Sudheer Shanka | 2250d56 | 2016-11-07 15:41:02 -0800 | [diff] [blame] | 1231 | storageManager.setField(StorageManager.PASSWORD_VISIBLE_KEY, enabled ? "1" : "0"); |
Paul Lawrence | d8fdb33 | 2015-05-18 13:26:11 -0700 | [diff] [blame] | 1232 | } catch (RemoteException e) { |
| 1233 | Log.e(TAG, "Error changing password visible state", e); |
| 1234 | } |
| 1235 | } |
| 1236 | |
| 1237 | /** |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1238 | * @return Whether tactile feedback for the pattern is enabled. |
| 1239 | */ |
| 1240 | public boolean isTactileFeedbackEnabled() { |
Jeff Sharkey | 5ed9d68 | 2012-10-10 14:28:27 -0700 | [diff] [blame] | 1241 | return Settings.System.getIntForUser(mContentResolver, |
| 1242 | Settings.System.HAPTIC_FEEDBACK_ENABLED, 1, UserHandle.USER_CURRENT) != 0; |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1243 | } |
| 1244 | |
| 1245 | /** |
| 1246 | * Set and store the lockout deadline, meaning the user can't attempt his/her unlock |
| 1247 | * pattern until the deadline has passed. |
| 1248 | * @return the chosen deadline. |
| 1249 | */ |
Andres Morales | 2397427 | 2015-05-14 22:42:26 -0700 | [diff] [blame] | 1250 | public long setLockoutAttemptDeadline(int userId, int timeoutMs) { |
| 1251 | final long deadline = SystemClock.elapsedRealtime() + timeoutMs; |
Adrian Roos | b7d81d9 | 2017-08-08 13:08:01 +0200 | [diff] [blame] | 1252 | if (userId == USER_FRP) { |
| 1253 | // For secure password storage (that is required for FRP), the underlying storage also |
| 1254 | // enforces the deadline. Since we cannot store settings for the FRP user, don't. |
| 1255 | return deadline; |
| 1256 | } |
Kevin Chyn | a3e5582 | 2017-10-04 15:47:24 -0700 | [diff] [blame] | 1257 | mLockoutDeadlines.put(userId, deadline); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1258 | return deadline; |
| 1259 | } |
| 1260 | |
| 1261 | /** |
| 1262 | * @return The elapsed time in millis in the future when the user is allowed to |
| 1263 | * attempt to enter his/her lock pattern, or 0 if the user is welcome to |
| 1264 | * enter a pattern. |
| 1265 | */ |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 1266 | public long getLockoutAttemptDeadline(int userId) { |
Kevin Chyn | a3e5582 | 2017-10-04 15:47:24 -0700 | [diff] [blame] | 1267 | final long deadline = mLockoutDeadlines.get(userId, 0L); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1268 | final long now = SystemClock.elapsedRealtime(); |
Jorim Jaggi | e3e6d56 | 2015-09-28 13:57:37 -0700 | [diff] [blame] | 1269 | if (deadline < now && deadline != 0) { |
Andres Morales | a4e2337 | 2015-09-08 13:17:37 -0700 | [diff] [blame] | 1270 | // timeout expired |
Kevin Chyn | a3e5582 | 2017-10-04 15:47:24 -0700 | [diff] [blame] | 1271 | mLockoutDeadlines.put(userId, 0); |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1272 | return 0L; |
| 1273 | } |
| 1274 | return deadline; |
| 1275 | } |
| 1276 | |
Jim Miller | f45bb40 | 2013-08-20 18:58:32 -0700 | [diff] [blame] | 1277 | private boolean getBoolean(String secureSettingKey, boolean defaultValue, int userId) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1278 | try { |
Jim Miller | f45bb40 | 2013-08-20 18:58:32 -0700 | [diff] [blame] | 1279 | return getLockSettings().getBoolean(secureSettingKey, defaultValue, userId); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1280 | } catch (RemoteException re) { |
| 1281 | return defaultValue; |
| 1282 | } |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1283 | } |
| 1284 | |
Jim Miller | f45bb40 | 2013-08-20 18:58:32 -0700 | [diff] [blame] | 1285 | private void setBoolean(String secureSettingKey, boolean enabled, int userId) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1286 | try { |
Jim Miller | f45bb40 | 2013-08-20 18:58:32 -0700 | [diff] [blame] | 1287 | getLockSettings().setBoolean(secureSettingKey, enabled, userId); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1288 | } catch (RemoteException re) { |
| 1289 | // What can we do? |
| 1290 | Log.e(TAG, "Couldn't write boolean " + secureSettingKey + re); |
| 1291 | } |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1292 | } |
| 1293 | |
Geoffrey Borggaard | 987672d2 | 2014-07-18 16:47:18 -0400 | [diff] [blame] | 1294 | private long getLong(String secureSettingKey, long defaultValue, int userHandle) { |
| 1295 | try { |
| 1296 | return getLockSettings().getLong(secureSettingKey, defaultValue, userHandle); |
| 1297 | } catch (RemoteException re) { |
| 1298 | return defaultValue; |
| 1299 | } |
| 1300 | } |
| 1301 | |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1302 | private void setLong(String secureSettingKey, long value, int userHandle) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1303 | try { |
Kenny Guy | 0cf1370 | 2013-11-29 16:33:05 +0000 | [diff] [blame] | 1304 | getLockSettings().setLong(secureSettingKey, value, userHandle); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1305 | } catch (RemoteException re) { |
| 1306 | // What can we do? |
| 1307 | Log.e(TAG, "Couldn't write long " + secureSettingKey + re); |
| 1308 | } |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1309 | } |
| 1310 | |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1311 | private String getString(String secureSettingKey, int userHandle) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1312 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1313 | return getLockSettings().getString(secureSettingKey, null, userHandle); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1314 | } catch (RemoteException re) { |
| 1315 | return null; |
| 1316 | } |
Konstantin Lopyrev | 863f22d | 2010-05-12 17:16:58 -0700 | [diff] [blame] | 1317 | } |
| 1318 | |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1319 | private void setString(String secureSettingKey, String value, int userHandle) { |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1320 | try { |
Amith Yamasani | 599dd7c | 2012-09-14 23:20:08 -0700 | [diff] [blame] | 1321 | getLockSettings().setString(secureSettingKey, value, userHandle); |
Amith Yamasani | 52c489c | 2012-03-28 11:42:42 -0700 | [diff] [blame] | 1322 | } catch (RemoteException re) { |
| 1323 | // What can we do? |
| 1324 | Log.e(TAG, "Couldn't write string " + secureSettingKey + re); |
| 1325 | } |
Konstantin Lopyrev | 863f22d | 2010-05-12 17:16:58 -0700 | [diff] [blame] | 1326 | } |
| 1327 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 1328 | public void setPowerButtonInstantlyLocks(boolean enabled, int userId) { |
| 1329 | setBoolean(LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS, enabled, userId); |
Jim Miller | a4edd15 | 2012-01-06 18:24:04 -0800 | [diff] [blame] | 1330 | } |
| 1331 | |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 1332 | public boolean getPowerButtonInstantlyLocks(int userId) { |
| 1333 | return getBoolean(LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS, true, userId); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 1334 | } |
| 1335 | |
Bryan Mawhinney | e483b56 | 2017-05-15 14:46:05 +0100 | [diff] [blame] | 1336 | public boolean isPowerButtonInstantlyLocksEverChosen(int userId) { |
| 1337 | return getString(LOCKSCREEN_POWER_BUTTON_INSTANTLY_LOCKS, userId) != null; |
| 1338 | } |
| 1339 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 1340 | public void setEnabledTrustAgents(Collection<ComponentName> activeTrustAgents, int userId) { |
| 1341 | StringBuilder sb = new StringBuilder(); |
| 1342 | for (ComponentName cn : activeTrustAgents) { |
| 1343 | if (sb.length() > 0) { |
| 1344 | sb.append(','); |
| 1345 | } |
| 1346 | sb.append(cn.flattenToShortString()); |
| 1347 | } |
| 1348 | setString(ENABLED_TRUST_AGENTS, sb.toString(), userId); |
Adrian Roos | 8150d2a | 2015-04-16 17:11:20 -0700 | [diff] [blame] | 1349 | getTrustManager().reportEnabledTrustAgentsChanged(userId); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 1350 | } |
| 1351 | |
| 1352 | public List<ComponentName> getEnabledTrustAgents(int userId) { |
| 1353 | String serialized = getString(ENABLED_TRUST_AGENTS, userId); |
| 1354 | if (TextUtils.isEmpty(serialized)) { |
| 1355 | return null; |
| 1356 | } |
| 1357 | String[] split = serialized.split(","); |
| 1358 | ArrayList<ComponentName> activeTrustAgents = new ArrayList<ComponentName>(split.length); |
| 1359 | for (String s : split) { |
| 1360 | if (!TextUtils.isEmpty(s)) { |
| 1361 | activeTrustAgents.add(ComponentName.unflattenFromString(s)); |
| 1362 | } |
| 1363 | } |
| 1364 | return activeTrustAgents; |
| 1365 | } |
Adrian Roos | 2c12cfa | 2014-06-25 23:28:53 +0200 | [diff] [blame] | 1366 | |
| 1367 | /** |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1368 | * Disable trust until credentials have been entered for user {@param userId}. |
| 1369 | * |
| 1370 | * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. |
| 1371 | * |
| 1372 | * @param userId either an explicit user id or {@link android.os.UserHandle#USER_ALL} |
Adrian Roos | 2c12cfa | 2014-06-25 23:28:53 +0200 | [diff] [blame] | 1373 | */ |
| 1374 | public void requireCredentialEntry(int userId) { |
Jorim Jaggi | 16093fe3 | 2015-09-09 23:29:17 +0000 | [diff] [blame] | 1375 | requireStrongAuth(StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_USER_REQUEST, userId); |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1376 | } |
| 1377 | |
| 1378 | /** |
| 1379 | * Requests strong authentication for user {@param userId}. |
| 1380 | * |
| 1381 | * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. |
| 1382 | * |
| 1383 | * @param strongAuthReason a combination of {@link StrongAuthTracker.StrongAuthFlags} indicating |
| 1384 | * the reason for and the strength of the requested authentication. |
| 1385 | * @param userId either an explicit user id or {@link android.os.UserHandle#USER_ALL} |
| 1386 | */ |
| 1387 | public void requireStrongAuth(@StrongAuthTracker.StrongAuthFlags int strongAuthReason, |
| 1388 | int userId) { |
| 1389 | try { |
| 1390 | getLockSettings().requireStrongAuth(strongAuthReason, userId); |
| 1391 | } catch (RemoteException e) { |
| 1392 | Log.e(TAG, "Error while requesting strong auth: " + e); |
| 1393 | } |
Adrian Roos | 2c12cfa | 2014-06-25 23:28:53 +0200 | [diff] [blame] | 1394 | } |
Adrian Roos | 4b9e324 | 2014-08-20 23:36:25 +0200 | [diff] [blame] | 1395 | |
Adrian Roos | f8f56bc | 2014-11-20 23:55:34 +0100 | [diff] [blame] | 1396 | private void onAfterChangingPassword(int userHandle) { |
| 1397 | getTrustManager().reportEnabledTrustAgentsChanged(userHandle); |
Adrian Roos | 4b9e324 | 2014-08-20 23:36:25 +0200 | [diff] [blame] | 1398 | } |
Jim Miller | dd5de71 | 2014-10-16 19:50:18 -0700 | [diff] [blame] | 1399 | |
| 1400 | public boolean isCredentialRequiredToDecrypt(boolean defaultValue) { |
| 1401 | final int value = Settings.Global.getInt(mContentResolver, |
| 1402 | Settings.Global.REQUIRE_PASSWORD_TO_DECRYPT, -1); |
| 1403 | return value == -1 ? defaultValue : (value != 0); |
| 1404 | } |
| 1405 | |
| 1406 | public void setCredentialRequiredToDecrypt(boolean required) { |
Robin Lee | d39113e | 2016-01-22 15:44:49 +0000 | [diff] [blame] | 1407 | if (!(getUserManager().isSystemUser() || getUserManager().isPrimaryUser())) { |
| 1408 | throw new IllegalStateException( |
| 1409 | "Only the system or primary user may call setCredentialRequiredForDecrypt()"); |
Jim Miller | dd5de71 | 2014-10-16 19:50:18 -0700 | [diff] [blame] | 1410 | } |
Paul Lawrence | 688af6c | 2015-05-15 11:26:17 -0700 | [diff] [blame] | 1411 | |
| 1412 | if (isDeviceEncryptionEnabled()){ |
| 1413 | Settings.Global.putInt(mContext.getContentResolver(), |
| 1414 | Settings.Global.REQUIRE_PASSWORD_TO_DECRYPT, required ? 1 : 0); |
| 1415 | } |
Jim Miller | dd5de71 | 2014-10-16 19:50:18 -0700 | [diff] [blame] | 1416 | } |
Andrei Kapishnikov | 4eb6a36 | 2015-04-02 15:21:20 -0400 | [diff] [blame] | 1417 | |
| 1418 | private boolean isDoNotAskCredentialsOnBootSet() { |
Rubin Xu | 4929a5d | 2017-01-23 23:55:28 +0000 | [diff] [blame] | 1419 | return getDevicePolicyManager().getDoNotAskCredentialsOnBoot(); |
Andrei Kapishnikov | 4eb6a36 | 2015-04-02 15:21:20 -0400 | [diff] [blame] | 1420 | } |
| 1421 | |
| 1422 | private boolean shouldEncryptWithCredentials(boolean defaultValue) { |
| 1423 | return isCredentialRequiredToDecrypt(defaultValue) && !isDoNotAskCredentialsOnBootSet(); |
| 1424 | } |
Xiyuan Xia | aa26294 | 2015-05-05 15:18:45 -0700 | [diff] [blame] | 1425 | |
| 1426 | private void throwIfCalledOnMainThread() { |
| 1427 | if (Looper.getMainLooper().isCurrentThread()) { |
| 1428 | throw new IllegalStateException("should not be called from the main thread."); |
| 1429 | } |
| 1430 | } |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1431 | |
| 1432 | public void registerStrongAuthTracker(final StrongAuthTracker strongAuthTracker) { |
| 1433 | try { |
| 1434 | getLockSettings().registerStrongAuthTracker(strongAuthTracker.mStub); |
| 1435 | } catch (RemoteException e) { |
| 1436 | throw new RuntimeException("Could not register StrongAuthTracker"); |
| 1437 | } |
| 1438 | } |
| 1439 | |
| 1440 | public void unregisterStrongAuthTracker(final StrongAuthTracker strongAuthTracker) { |
| 1441 | try { |
| 1442 | getLockSettings().unregisterStrongAuthTracker(strongAuthTracker.mStub); |
| 1443 | } catch (RemoteException e) { |
| 1444 | Log.e(TAG, "Could not unregister StrongAuthTracker", e); |
| 1445 | } |
| 1446 | } |
| 1447 | |
| 1448 | /** |
Victor Chang | a0940d3 | 2016-05-16 19:36:08 +0100 | [diff] [blame] | 1449 | * @see StrongAuthTracker#getStrongAuthForUser |
| 1450 | */ |
| 1451 | public int getStrongAuthForUser(int userId) { |
| 1452 | try { |
| 1453 | return getLockSettings().getStrongAuthForUser(userId); |
| 1454 | } catch (RemoteException e) { |
| 1455 | Log.e(TAG, "Could not get StrongAuth", e); |
| 1456 | return StrongAuthTracker.getDefaultFlags(mContext); |
| 1457 | } |
| 1458 | } |
| 1459 | |
| 1460 | /** |
| 1461 | * @see StrongAuthTracker#isTrustAllowedForUser |
| 1462 | */ |
| 1463 | public boolean isTrustAllowedForUser(int userId) { |
| 1464 | return getStrongAuthForUser(userId) == StrongAuthTracker.STRONG_AUTH_NOT_REQUIRED; |
| 1465 | } |
| 1466 | |
| 1467 | /** |
| 1468 | * @see StrongAuthTracker#isFingerprintAllowedForUser |
| 1469 | */ |
| 1470 | public boolean isFingerprintAllowedForUser(int userId) { |
| 1471 | return (getStrongAuthForUser(userId) & ~StrongAuthTracker.ALLOWING_FINGERPRINT) == 0; |
| 1472 | } |
| 1473 | |
Chad Brubaker | ea8c5ef | 2018-03-15 16:37:43 -0700 | [diff] [blame] | 1474 | public boolean isUserInLockdown(int userId) { |
| 1475 | return getStrongAuthForUser(userId) |
| 1476 | == StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN; |
| 1477 | } |
| 1478 | |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 1479 | private ICheckCredentialProgressCallback wrapCallback( |
| 1480 | final CheckCredentialProgressCallback callback) { |
| 1481 | if (callback == null) { |
| 1482 | return null; |
| 1483 | } else { |
Adrian Roos | 7a3bf7c | 2016-07-12 15:31:55 -0700 | [diff] [blame] | 1484 | if (mHandler == null) { |
| 1485 | throw new IllegalStateException("Must construct LockPatternUtils on a looper thread" |
| 1486 | + " to use progress callbacks."); |
| 1487 | } |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 1488 | return new ICheckCredentialProgressCallback.Stub() { |
| 1489 | |
| 1490 | @Override |
| 1491 | public void onCredentialVerified() throws RemoteException { |
| 1492 | mHandler.post(callback::onEarlyMatched); |
| 1493 | } |
| 1494 | }; |
| 1495 | } |
| 1496 | } |
| 1497 | |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1498 | private LockSettingsInternal getLockSettingsInternal() { |
| 1499 | LockSettingsInternal service = LocalServices.getService(LockSettingsInternal.class); |
| 1500 | if (service == null) { |
| 1501 | throw new SecurityException("Only available to system server itself"); |
| 1502 | } |
| 1503 | return service; |
| 1504 | } |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 1505 | /** |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1506 | * Create an escrow token for the current user, which can later be used to unlock FBE |
| 1507 | * or change user password. |
| 1508 | * |
| 1509 | * After adding, if the user currently has lockscreen password, he will need to perform a |
| 1510 | * confirm credential operation in order to activate the token for future use. If the user |
| 1511 | * has no secure lockscreen, then the token is activated immediately. |
| 1512 | * |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1513 | * <p>This method is only available to code running in the system server process itself. |
| 1514 | * |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1515 | * @return a unique 64-bit token handle which is needed to refer to this token later. |
| 1516 | */ |
| 1517 | public long addEscrowToken(byte[] token, int userId) { |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1518 | return getLockSettingsInternal().addEscrowToken(token, userId); |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1519 | } |
| 1520 | |
| 1521 | /** |
| 1522 | * Remove an escrow token. |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1523 | * |
| 1524 | * <p>This method is only available to code running in the system server process itself. |
| 1525 | * |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1526 | * @return true if the given handle refers to a valid token previously returned from |
| 1527 | * {@link #addEscrowToken}, whether it's active or not. return false otherwise. |
| 1528 | */ |
| 1529 | public boolean removeEscrowToken(long handle, int userId) { |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1530 | return getLockSettingsInternal().removeEscrowToken(handle, userId); |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1531 | } |
| 1532 | |
| 1533 | /** |
| 1534 | * Check if the given escrow token is active or not. Only active token can be used to call |
| 1535 | * {@link #setLockCredentialWithToken} and {@link #unlockUserWithToken} |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1536 | * |
| 1537 | * <p>This method is only available to code running in the system server process itself. |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1538 | */ |
| 1539 | public boolean isEscrowTokenActive(long handle, int userId) { |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1540 | return getLockSettingsInternal().isEscrowTokenActive(handle, userId); |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1541 | } |
| 1542 | |
Rubin Xu | 7cf4509 | 2017-08-28 11:47:35 +0100 | [diff] [blame] | 1543 | /** |
| 1544 | * Change a user's lock credential with a pre-configured escrow token. |
| 1545 | * |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1546 | * <p>This method is only available to code running in the system server process itself. |
| 1547 | * |
Rubin Xu | 7cf4509 | 2017-08-28 11:47:35 +0100 | [diff] [blame] | 1548 | * @param credential The new credential to be set |
| 1549 | * @param type Credential type: password / pattern / none. |
| 1550 | * @param requestedQuality the requested password quality by DevicePolicyManager. |
| 1551 | * See {@link DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} |
| 1552 | * @param tokenHandle Handle of the escrow token |
| 1553 | * @param token Escrow token |
| 1554 | * @param userId The user who's lock credential to be changed |
| 1555 | * @return {@code true} if the operation is successful. |
| 1556 | */ |
| 1557 | public boolean setLockCredentialWithToken(String credential, int type, int requestedQuality, |
| 1558 | long tokenHandle, byte[] token, int userId) { |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1559 | LockSettingsInternal localService = getLockSettingsInternal(); |
| 1560 | if (type != CREDENTIAL_TYPE_NONE) { |
| 1561 | if (TextUtils.isEmpty(credential) || credential.length() < MIN_LOCK_PASSWORD_SIZE) { |
| 1562 | throw new IllegalArgumentException("password must not be null and at least " |
| 1563 | + "of length " + MIN_LOCK_PASSWORD_SIZE); |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1564 | } |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1565 | final int quality = computePasswordQuality(type, credential, requestedQuality); |
| 1566 | if (!localService.setLockCredentialWithToken(credential, type, tokenHandle, |
| 1567 | token, quality, userId)) { |
| 1568 | return false; |
| 1569 | } |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 1570 | setKeyguardStoredPasswordQuality(quality, userId); |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1571 | |
| 1572 | updateEncryptionPasswordIfNeeded(credential, quality, userId); |
| 1573 | updatePasswordHistory(credential, userId); |
| 1574 | } else { |
| 1575 | if (!TextUtils.isEmpty(credential)) { |
| 1576 | throw new IllegalArgumentException("password must be emtpy for NONE type"); |
| 1577 | } |
| 1578 | if (!localService.setLockCredentialWithToken(null, CREDENTIAL_TYPE_NONE, |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 1579 | tokenHandle, token, PASSWORD_QUALITY_UNSPECIFIED, userId)) { |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1580 | return false; |
| 1581 | } |
Rubin Xu | 682d167 | 2018-03-21 09:13:44 +0000 | [diff] [blame] | 1582 | setKeyguardStoredPasswordQuality(PASSWORD_QUALITY_UNSPECIFIED, userId); |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1583 | |
| 1584 | if (userId == UserHandle.USER_SYSTEM) { |
| 1585 | // Set the encryption password to default. |
| 1586 | updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null); |
| 1587 | setCredentialRequiredToDecrypt(false); |
| 1588 | } |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1589 | } |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1590 | onAfterChangingPassword(userId); |
| 1591 | return true; |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1592 | } |
| 1593 | |
Rubin Xu | fcd49f9 | 2017-08-24 18:21:52 +0100 | [diff] [blame] | 1594 | /** |
| 1595 | * Unlock the specified user by an pre-activated escrow token. This should have the same effect |
| 1596 | * on device encryption as the user entering his lockscreen credentials for the first time after |
| 1597 | * boot, this includes unlocking the user's credential-encrypted storage as well as the keystore |
| 1598 | * |
| 1599 | * <p>This method is only available to code running in the system server process itself. |
| 1600 | * |
| 1601 | * @return {@code true} if the supplied token is valid and unlock succeeds, |
| 1602 | * {@code false} otherwise. |
| 1603 | */ |
| 1604 | public boolean unlockUserWithToken(long tokenHandle, byte[] token, int userId) { |
| 1605 | return getLockSettingsInternal().unlockUserWithToken(tokenHandle, token, userId); |
Rubin Xu | f095f83 | 2017-01-31 15:23:34 +0000 | [diff] [blame] | 1606 | } |
| 1607 | |
| 1608 | |
| 1609 | /** |
Jorim Jaggi | e8fde5d | 2016-06-30 23:41:37 -0700 | [diff] [blame] | 1610 | * Callback to be notified about progress when checking credentials. |
| 1611 | */ |
| 1612 | public interface CheckCredentialProgressCallback { |
| 1613 | |
| 1614 | /** |
| 1615 | * Called as soon as possible when we know that the credentials match but the user hasn't |
| 1616 | * been fully unlocked. |
| 1617 | */ |
| 1618 | void onEarlyMatched(); |
| 1619 | } |
| 1620 | |
Victor Chang | a0940d3 | 2016-05-16 19:36:08 +0100 | [diff] [blame] | 1621 | /** |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1622 | * Tracks the global strong authentication state. |
| 1623 | */ |
| 1624 | public static class StrongAuthTracker { |
| 1625 | |
| 1626 | @IntDef(flag = true, |
| 1627 | value = { STRONG_AUTH_NOT_REQUIRED, |
| 1628 | STRONG_AUTH_REQUIRED_AFTER_BOOT, |
| 1629 | STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, |
Adrian Roos | 9d6fc92 | 2016-08-10 17:09:55 -0700 | [diff] [blame] | 1630 | SOME_AUTH_REQUIRED_AFTER_USER_REQUEST, |
Michal Karpinski | c52f867 | 2016-11-18 11:32:45 +0000 | [diff] [blame] | 1631 | STRONG_AUTH_REQUIRED_AFTER_LOCKOUT, |
Chad Brubaker | 4f28f0d | 2017-09-07 14:28:13 -0700 | [diff] [blame] | 1632 | STRONG_AUTH_REQUIRED_AFTER_TIMEOUT, |
| 1633 | STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN}) |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1634 | @Retention(RetentionPolicy.SOURCE) |
| 1635 | public @interface StrongAuthFlags {} |
| 1636 | |
| 1637 | /** |
| 1638 | * Strong authentication is not required. |
| 1639 | */ |
| 1640 | public static final int STRONG_AUTH_NOT_REQUIRED = 0x0; |
| 1641 | |
| 1642 | /** |
| 1643 | * Strong authentication is required because the user has not authenticated since boot. |
| 1644 | */ |
| 1645 | public static final int STRONG_AUTH_REQUIRED_AFTER_BOOT = 0x1; |
| 1646 | |
| 1647 | /** |
Jorim Jaggi | 16093fe3 | 2015-09-09 23:29:17 +0000 | [diff] [blame] | 1648 | * Strong authentication is required because a device admin has requested it. |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1649 | */ |
| 1650 | public static final int STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW = 0x2; |
| 1651 | |
| 1652 | /** |
Jorim Jaggi | 16093fe3 | 2015-09-09 23:29:17 +0000 | [diff] [blame] | 1653 | * Some authentication is required because the user has temporarily disabled trust. |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1654 | */ |
Jorim Jaggi | 16093fe3 | 2015-09-09 23:29:17 +0000 | [diff] [blame] | 1655 | public static final int SOME_AUTH_REQUIRED_AFTER_USER_REQUEST = 0x4; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1656 | |
Adrian Roos | 873010d | 2015-08-25 15:59:00 -0700 | [diff] [blame] | 1657 | /** |
| 1658 | * Strong authentication is required because the user has been locked out after too many |
| 1659 | * attempts. |
| 1660 | */ |
| 1661 | public static final int STRONG_AUTH_REQUIRED_AFTER_LOCKOUT = 0x8; |
| 1662 | |
Adrian Roos | af4ab3e | 2015-09-02 13:23:30 -0700 | [diff] [blame] | 1663 | /** |
Michal Karpinski | c52f867 | 2016-11-18 11:32:45 +0000 | [diff] [blame] | 1664 | * Strong authentication is required because it hasn't been used for a time required by |
| 1665 | * a device admin. |
| 1666 | */ |
| 1667 | public static final int STRONG_AUTH_REQUIRED_AFTER_TIMEOUT = 0x10; |
| 1668 | |
| 1669 | /** |
Chad Brubaker | 4f28f0d | 2017-09-07 14:28:13 -0700 | [diff] [blame] | 1670 | * Strong authentication is required because the user has triggered lockdown. |
| 1671 | */ |
| 1672 | public static final int STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN = 0x20; |
| 1673 | |
| 1674 | /** |
Adrian Roos | 9d6fc92 | 2016-08-10 17:09:55 -0700 | [diff] [blame] | 1675 | * Strong auth flags that do not prevent fingerprint from being accepted as auth. |
| 1676 | * |
| 1677 | * If any other flags are set, fingerprint is disabled. |
Adrian Roos | af4ab3e | 2015-09-02 13:23:30 -0700 | [diff] [blame] | 1678 | */ |
Adrian Roos | af4ab3e | 2015-09-02 13:23:30 -0700 | [diff] [blame] | 1679 | private static final int ALLOWING_FINGERPRINT = STRONG_AUTH_NOT_REQUIRED |
Adrian Roos | 9d6fc92 | 2016-08-10 17:09:55 -0700 | [diff] [blame] | 1680 | | SOME_AUTH_REQUIRED_AFTER_USER_REQUEST; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1681 | |
Adrian Roos | af4ab3e | 2015-09-02 13:23:30 -0700 | [diff] [blame] | 1682 | private final SparseIntArray mStrongAuthRequiredForUser = new SparseIntArray(); |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1683 | private final H mHandler; |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1684 | private final int mDefaultStrongAuthFlags; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1685 | |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1686 | public StrongAuthTracker(Context context) { |
| 1687 | this(context, Looper.myLooper()); |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1688 | } |
| 1689 | |
| 1690 | /** |
| 1691 | * @param looper the looper on whose thread calls to {@link #onStrongAuthRequiredChanged} |
| 1692 | * will be scheduled. |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1693 | * @param context the current {@link Context} |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1694 | */ |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1695 | public StrongAuthTracker(Context context, Looper looper) { |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1696 | mHandler = new H(looper); |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1697 | mDefaultStrongAuthFlags = getDefaultFlags(context); |
| 1698 | } |
| 1699 | |
| 1700 | public static @StrongAuthFlags int getDefaultFlags(Context context) { |
| 1701 | boolean strongAuthRequired = context.getResources().getBoolean( |
| 1702 | com.android.internal.R.bool.config_strongAuthRequiredOnBoot); |
| 1703 | return strongAuthRequired ? STRONG_AUTH_REQUIRED_AFTER_BOOT : STRONG_AUTH_NOT_REQUIRED; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1704 | } |
| 1705 | |
| 1706 | /** |
| 1707 | * Returns {@link #STRONG_AUTH_NOT_REQUIRED} if strong authentication is not required, |
| 1708 | * otherwise returns a combination of {@link StrongAuthFlags} indicating why strong |
| 1709 | * authentication is required. |
| 1710 | * |
| 1711 | * @param userId the user for whom the state is queried. |
| 1712 | */ |
| 1713 | public @StrongAuthFlags int getStrongAuthForUser(int userId) { |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1714 | return mStrongAuthRequiredForUser.get(userId, mDefaultStrongAuthFlags); |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1715 | } |
| 1716 | |
| 1717 | /** |
| 1718 | * @return true if unlocking with trust alone is allowed for {@param userId} by the current |
| 1719 | * strong authentication requirements. |
| 1720 | */ |
| 1721 | public boolean isTrustAllowedForUser(int userId) { |
| 1722 | return getStrongAuthForUser(userId) == STRONG_AUTH_NOT_REQUIRED; |
| 1723 | } |
| 1724 | |
| 1725 | /** |
| 1726 | * @return true if unlocking with fingerprint alone is allowed for {@param userId} by the |
| 1727 | * current strong authentication requirements. |
| 1728 | */ |
| 1729 | public boolean isFingerprintAllowedForUser(int userId) { |
Adrian Roos | af4ab3e | 2015-09-02 13:23:30 -0700 | [diff] [blame] | 1730 | return (getStrongAuthForUser(userId) & ~ALLOWING_FINGERPRINT) == 0; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1731 | } |
| 1732 | |
| 1733 | /** |
| 1734 | * Called when the strong authentication requirements for {@param userId} changed. |
| 1735 | */ |
| 1736 | public void onStrongAuthRequiredChanged(int userId) { |
| 1737 | } |
| 1738 | |
Victor Chang | a0940d3 | 2016-05-16 19:36:08 +0100 | [diff] [blame] | 1739 | protected void handleStrongAuthRequiredChanged(@StrongAuthFlags int strongAuthFlags, |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1740 | int userId) { |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1741 | int oldValue = getStrongAuthForUser(userId); |
| 1742 | if (strongAuthFlags != oldValue) { |
Rakesh Iyer | a7aa4d6 | 2016-01-19 17:27:23 -0800 | [diff] [blame] | 1743 | if (strongAuthFlags == mDefaultStrongAuthFlags) { |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1744 | mStrongAuthRequiredForUser.delete(userId); |
| 1745 | } else { |
| 1746 | mStrongAuthRequiredForUser.put(userId, strongAuthFlags); |
| 1747 | } |
| 1748 | onStrongAuthRequiredChanged(userId); |
| 1749 | } |
| 1750 | } |
| 1751 | |
| 1752 | |
Victor Chang | a0940d3 | 2016-05-16 19:36:08 +0100 | [diff] [blame] | 1753 | protected final IStrongAuthTracker.Stub mStub = new IStrongAuthTracker.Stub() { |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1754 | @Override |
| 1755 | public void onStrongAuthRequiredChanged(@StrongAuthFlags int strongAuthFlags, |
| 1756 | int userId) { |
| 1757 | mHandler.obtainMessage(H.MSG_ON_STRONG_AUTH_REQUIRED_CHANGED, |
| 1758 | strongAuthFlags, userId).sendToTarget(); |
| 1759 | } |
| 1760 | }; |
| 1761 | |
| 1762 | private class H extends Handler { |
| 1763 | static final int MSG_ON_STRONG_AUTH_REQUIRED_CHANGED = 1; |
| 1764 | |
| 1765 | public H(Looper looper) { |
| 1766 | super(looper); |
| 1767 | } |
| 1768 | |
| 1769 | @Override |
| 1770 | public void handleMessage(Message msg) { |
| 1771 | switch (msg.what) { |
| 1772 | case MSG_ON_STRONG_AUTH_REQUIRED_CHANGED: |
| 1773 | handleStrongAuthRequiredChanged(msg.arg1, msg.arg2); |
| 1774 | break; |
| 1775 | } |
| 1776 | } |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 1777 | } |
| 1778 | } |
| 1779 | |
| 1780 | public void enableSyntheticPassword() { |
| 1781 | setLong(SYNTHETIC_PASSWORD_ENABLED_KEY, 1L, UserHandle.USER_SYSTEM); |
| 1782 | } |
| 1783 | |
Paul Crowley | 7a0cc0a | 2017-05-31 22:12:57 +0000 | [diff] [blame] | 1784 | public void disableSyntheticPassword() { |
| 1785 | setLong(SYNTHETIC_PASSWORD_ENABLED_KEY, 0L, UserHandle.USER_SYSTEM); |
| 1786 | } |
| 1787 | |
Rubin Xu | 3bf722a | 2016-12-15 16:07:38 +0000 | [diff] [blame] | 1788 | public boolean isSyntheticPasswordEnabled() { |
| 1789 | return getLong(SYNTHETIC_PASSWORD_ENABLED_KEY, 0, UserHandle.USER_SYSTEM) != 0; |
Adrian Roos | b5e4722 | 2015-08-14 15:53:06 -0700 | [diff] [blame] | 1790 | } |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 1791 | |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 1792 | public static boolean userOwnsFrpCredential(Context context, UserInfo info) { |
| 1793 | return info != null && info.isPrimary() && info.isAdmin() && frpCredentialEnabled(context); |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 1794 | } |
| 1795 | |
Adrian Roos | 2adc263 | 2017-09-05 17:01:42 +0200 | [diff] [blame] | 1796 | public static boolean frpCredentialEnabled(Context context) { |
| 1797 | return FRP_CREDENTIAL_ENABLED && context.getResources().getBoolean( |
| 1798 | com.android.internal.R.bool.config_enableCredentialFactoryResetProtection); |
Adrian Roos | 7374d3a | 2017-03-31 14:14:53 -0700 | [diff] [blame] | 1799 | } |
The Android Open Source Project | 9066cfe | 2009-03-03 19:31:44 -0800 | [diff] [blame] | 1800 | } |