blob: f6f17cfacc600252234d8debb443bc1d5b93d837 [file] [log] [blame]
/*
* Copyright (C) 2007 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings;
import android.app.Activity;
import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.content.Intent;
import android.content.res.Resources;
import android.os.Bundle;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.SearchIndexableResource;
import android.security.KeyStore;
import android.support.v7.preference.PreferenceGroup;
import android.support.v7.preference.PreferenceScreen;
import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
import com.android.internal.widget.LockPatternUtils;
import com.android.settings.dashboard.DashboardFragment;
import com.android.settings.search.BaseSearchIndexProvider;
import com.android.settings.search.Indexable;
import com.android.settings.search.SearchIndexableRaw;
import com.android.settingslib.RestrictedLockUtils;
import com.android.settingslib.RestrictedPreference;
import java.util.ArrayList;
import java.util.List;
/**
* Encryption and Credential settings.
* TODO: Extends this from {@link DashboardFragment} instead
*/
public class EncryptionAndCredential extends SettingsPreferenceFragment implements Indexable {
private static final String TAG = "EncryptionAndCredential";
// Misc Settings
private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
private static final String KEY_USER_CREDENTIALS = "user_credentials";
private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
private static final String KEY_CREDENTIALS_MANAGER = "credentials_management";
private static final int MY_USER_ID = UserHandle.myUserId();
private UserManager mUm;
private KeyStore mKeyStore;
private RestrictedPreference mResetCredentials;
private boolean mIsAdmin;
@Override
public int getMetricsCategory() {
return MetricsEvent.ENCRYPTION_AND_CREDENTIAL;
}
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
final Activity activity = getActivity();
mUm = UserManager.get(activity);
}
/**
* Important!
*
* Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the
* logic or adding/removing preferences here.
*/
private PreferenceScreen createPreferenceHierarchy() {
PreferenceScreen root = getPreferenceScreen();
if (root != null) {
root.removeAll();
}
addPreferencesFromResource(R.xml.encryption_and_credential);
root = getPreferenceScreen();
// Add options for device encryption
mIsAdmin = mUm.isAdminUser();
if (mIsAdmin) {
if (LockPatternUtils.isDeviceEncryptionEnabled()) {
// The device is currently encrypted.
addPreferencesFromResource(R.xml.security_settings_encrypted);
} else {
// This device supports encryption but isn't encrypted.
addPreferencesFromResource(R.xml.security_settings_unencrypted);
}
}
// Credential storage
mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume()
if (!RestrictedLockUtils.hasBaseUserRestriction(getActivity(),
UserManager.DISALLOW_CONFIG_CREDENTIALS, MY_USER_ID)) {
RestrictedPreference userCredentials = (RestrictedPreference) root.findPreference(
KEY_USER_CREDENTIALS);
userCredentials.checkRestrictionAndSetDisabled(
UserManager.DISALLOW_CONFIG_CREDENTIALS);
RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference(
KEY_CREDENTIAL_STORAGE_TYPE);
credentialStorageType.checkRestrictionAndSetDisabled(
UserManager.DISALLOW_CONFIG_CREDENTIALS);
RestrictedPreference installCredentials = (RestrictedPreference) root.findPreference(
KEY_CREDENTIALS_INSTALL);
installCredentials.checkRestrictionAndSetDisabled(
UserManager.DISALLOW_CONFIG_CREDENTIALS);
mResetCredentials = (RestrictedPreference) root.findPreference(KEY_RESET_CREDENTIALS);
mResetCredentials.checkRestrictionAndSetDisabled(
UserManager.DISALLOW_CONFIG_CREDENTIALS);
final int storageSummaryRes =
mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware
: R.string.credential_storage_type_software;
credentialStorageType.setSummary(storageSummaryRes);
} else {
PreferenceGroup credentialsManager = (PreferenceGroup)
root.findPreference(KEY_CREDENTIALS_MANAGER);
credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
credentialsManager.removePreference(root.findPreference(KEY_USER_CREDENTIALS));
}
return root;
}
@Override
public void onResume() {
super.onResume();
// Make sure we reload the preference hierarchy since some of these settings
// depend on others...
createPreferenceHierarchy();
if (mResetCredentials != null && !mResetCredentials.isDisabledByAdmin()) {
mResetCredentials.setEnabled(!mKeyStore.isEmpty());
}
}
/**
* see confirmPatternThenDisableAndClear
*/
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
createPreferenceHierarchy();
}
@Override
protected int getHelpResource() {
return R.string.help_url_security;
}
/**
* For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
*/
public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
new SecuritySearchIndexProvider();
private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider {
@Override
public List<SearchIndexableResource> getXmlResourcesToIndex(
Context context, boolean enabled) {
final List<SearchIndexableResource> index = new ArrayList<SearchIndexableResource>();
final DevicePolicyManager dpm = (DevicePolicyManager)
context.getSystemService(Context.DEVICE_POLICY_SERVICE);
final UserManager um = UserManager.get(context);
if (um.isAdminUser()) {
switch (dpm.getStorageEncryptionStatus()) {
case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
// The device is currently encrypted.
index.add(getSearchResource(context, R.xml.security_settings_encrypted));
break;
case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
// This device supports encryption but isn't encrypted.
index.add(getSearchResource(context, R.xml.security_settings_unencrypted));
break;
}
}
return index;
}
private SearchIndexableResource getSearchResource(Context context, int xmlResId) {
final SearchIndexableResource sir = new SearchIndexableResource(context);
sir.xmlResId = xmlResId;
return sir;
}
@Override
public List<SearchIndexableRaw> getRawDataToIndex(Context context, boolean enabled) {
final List<SearchIndexableRaw> result = new ArrayList<SearchIndexableRaw>();
final Resources res = context.getResources();
final String screenTitle = res.getString(
R.string.encryption_and_credential_settings_title);
SearchIndexableRaw data = new SearchIndexableRaw(context);
data.title = screenTitle;
data.screenTitle = screenTitle;
result.add(data);
final UserManager um = UserManager.get(context);
if (!um.isAdminUser()) {
int resId = um.isLinkedUser() ?
R.string.profile_info_settings_title : R.string.user_info_settings_title;
data = new SearchIndexableRaw(context);
data.title = res.getString(resId);
data.screenTitle = screenTitle;
result.add(data);
}
// Credential storage
if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
KeyStore keyStore = KeyStore.getInstance();
final int storageSummaryRes = keyStore.isHardwareBacked() ?
R.string.credential_storage_type_hardware :
R.string.credential_storage_type_software;
data = new SearchIndexableRaw(context);
data.title = res.getString(storageSummaryRes);
data.screenTitle = screenTitle;
result.add(data);
}
return result;
}
@Override
public List<String> getNonIndexableKeys(Context context) {
final List<String> keys = super.getNonIndexableKeys(context);
final UserManager um = UserManager.get(context);
if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
keys.add(KEY_CREDENTIALS_MANAGER);
}
return keys;
}
}
}