2 * Copyright (C) 2010 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package com.android.settings;
19 import static android.app.admin.DevicePolicyManager.ACTION_SET_NEW_PARENT_PROFILE_PASSWORD;
20 import static android.app.admin.DevicePolicyManager.ACTION_SET_NEW_PASSWORD;
21 import static com.android.settings.ChooseLockPassword.ChooseLockPasswordFragment.RESULT_FINISHED;
22 import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
24 import android.accessibilityservice.AccessibilityServiceInfo;
25 import android.app.Activity;
26 import android.app.AlertDialog;
27 import android.app.Dialog;
28 import android.app.Fragment;
29 import android.app.FragmentManager;
30 import android.app.admin.DevicePolicyManager;
31 import android.content.Context;
32 import android.content.DialogInterface;
33 import android.content.Intent;
34 import android.content.pm.UserInfo;
35 import android.hardware.fingerprint.Fingerprint;
36 import android.hardware.fingerprint.FingerprintManager;
37 import android.hardware.fingerprint.FingerprintManager.RemovalCallback;
38 import android.os.Bundle;
39 import android.os.UserHandle;
40 import android.os.UserManager;
41 import android.os.storage.StorageManager;
42 import android.security.KeyStore;
43 import android.support.v7.preference.Preference;
44 import android.support.v7.preference.PreferenceScreen;
45 import android.text.TextUtils;
46 import android.util.EventLog;
47 import android.util.Log;
48 import android.view.accessibility.AccessibilityManager;
49 import android.widget.TextView;
51 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
52 import com.android.internal.widget.LockPatternUtils;
53 import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
54 import com.android.settings.fingerprint.FingerprintEnrollBase;
55 import com.android.settings.fingerprint.FingerprintEnrollFindSensor;
56 import com.android.settingslib.RestrictedLockUtils;
57 import com.android.settingslib.RestrictedPreference;
59 import java.util.List;
61 public class ChooseLockGeneric extends SettingsActivity {
62 public static final String CONFIRM_CREDENTIALS = "confirm_credentials";
65 public Intent getIntent() {
66 Intent modIntent = new Intent(super.getIntent());
67 modIntent.putExtra(EXTRA_SHOW_FRAGMENT, getFragmentClass().getName());
69 String action = modIntent.getAction();
70 if (ACTION_SET_NEW_PASSWORD.equals(action)
71 || ACTION_SET_NEW_PARENT_PROFILE_PASSWORD.equals(action)) {
72 modIntent.putExtra(EXTRA_HIDE_DRAWER, true);
78 protected boolean isValidFragment(String fragmentName) {
79 if (ChooseLockGenericFragment.class.getName().equals(fragmentName)) return true;
83 /* package */ Class<? extends Fragment> getFragmentClass() {
84 return ChooseLockGenericFragment.class;
87 public static class InternalActivity extends ChooseLockGeneric {
90 public static class ChooseLockGenericFragment extends SettingsPreferenceFragment {
91 private static final String TAG = "ChooseLockGenericFragment";
92 private static final int MIN_PASSWORD_LENGTH = 4;
93 private static final String KEY_UNLOCK_SET_OFF = "unlock_set_off";
94 private static final String KEY_UNLOCK_SET_NONE = "unlock_set_none";
95 private static final String KEY_UNLOCK_SET_PIN = "unlock_set_pin";
96 private static final String KEY_UNLOCK_SET_PASSWORD = "unlock_set_password";
97 private static final String KEY_UNLOCK_SET_PATTERN = "unlock_set_pattern";
98 private static final String KEY_UNLOCK_SET_MANAGED = "unlock_set_managed";
99 private static final String KEY_SKIP_FINGERPRINT = "unlock_skip_fingerprint";
100 private static final String PASSWORD_CONFIRMED = "password_confirmed";
101 private static final String WAITING_FOR_CONFIRMATION = "waiting_for_confirmation";
102 public static final String MINIMUM_QUALITY_KEY = "minimum_quality";
103 public static final String HIDE_DISABLED_PREFS = "hide_disabled_prefs";
104 public static final String ENCRYPT_REQUESTED_QUALITY = "encrypt_requested_quality";
105 public static final String ENCRYPT_REQUESTED_DISABLED = "encrypt_requested_disabled";
106 public static final String TAG_FRP_WARNING_DIALOG = "frp_warning_dialog";
108 private static final int CONFIRM_EXISTING_REQUEST = 100;
109 private static final int ENABLE_ENCRYPTION_REQUEST = 101;
110 private static final int CHOOSE_LOCK_REQUEST = 102;
111 private static final int CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST = 103;
112 private static final int SKIP_FINGERPRINT_REQUEST = 104;
114 private ChooseLockSettingsHelper mChooseLockSettingsHelper;
115 private DevicePolicyManager mDPM;
116 private KeyStore mKeyStore;
117 private boolean mHasChallenge = false;
118 private long mChallenge;
119 private boolean mPasswordConfirmed = false;
120 private boolean mWaitingForConfirmation = false;
121 private int mEncryptionRequestQuality;
122 private boolean mEncryptionRequestDisabled;
123 private boolean mRequirePassword;
124 private boolean mForChangeCredRequiredForBoot = false;
125 private String mUserPassword;
126 private LockPatternUtils mLockPatternUtils;
127 private FingerprintManager mFingerprintManager;
129 private boolean mHideDrawer = false;
130 private ManagedLockPasswordProvider mManagedPasswordProvider;
131 private boolean mIsSetNewPassword = false;
133 protected boolean mForFingerprint = false;
136 public int getMetricsCategory() {
137 return MetricsEvent.CHOOSE_LOCK_GENERIC;
141 public void onCreate(Bundle savedInstanceState) {
142 super.onCreate(savedInstanceState);
144 String chooseLockAction = getActivity().getIntent().getAction();
145 mFingerprintManager = Utils.getFingerprintManagerOrNull(getActivity());
146 mDPM = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
147 mKeyStore = KeyStore.getInstance();
148 mChooseLockSettingsHelper = new ChooseLockSettingsHelper(this.getActivity());
149 mLockPatternUtils = new LockPatternUtils(getActivity());
150 mIsSetNewPassword = ACTION_SET_NEW_PARENT_PROFILE_PASSWORD.equals(chooseLockAction)
151 || ACTION_SET_NEW_PASSWORD.equals(chooseLockAction);
153 // Defaults to needing to confirm credentials
154 final boolean confirmCredentials = getActivity().getIntent()
155 .getBooleanExtra(CONFIRM_CREDENTIALS, true);
156 if (getActivity() instanceof ChooseLockGeneric.InternalActivity) {
157 mPasswordConfirmed = !confirmCredentials;
159 mHideDrawer = getActivity().getIntent().getBooleanExtra(EXTRA_HIDE_DRAWER, false);
161 mHasChallenge = getActivity().getIntent().getBooleanExtra(
162 ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
163 mChallenge = getActivity().getIntent().getLongExtra(
164 ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
165 mForFingerprint = getActivity().getIntent().getBooleanExtra(
166 ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
167 mForChangeCredRequiredForBoot = getArguments() != null && getArguments().getBoolean(
168 ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT);
169 if (mIsSetNewPassword) {
170 // In ACTION_SET_NEW_PARENT_PROFILE_PASSWORD or ACTION_SET_NEW_PASSWORD, the user
171 // will be asked to confirm the password if one has been set.
172 // On fingerprint supported device, fingerprint options are represented in the
173 // options. If the user chooses to skip fingerprint setup, ChooseLockGeneric is
174 // relaunched to only show options without fingerprint. In this case, we shouldn't
175 // ask the user to confirm the password again.
176 mPasswordConfirmed = getActivity().getIntent().getBooleanExtra(
177 PASSWORD_CONFIRMED, false);
180 if (savedInstanceState != null) {
181 mPasswordConfirmed = savedInstanceState.getBoolean(PASSWORD_CONFIRMED);
182 mWaitingForConfirmation = savedInstanceState.getBoolean(WAITING_FOR_CONFIRMATION);
183 mEncryptionRequestQuality = savedInstanceState.getInt(ENCRYPT_REQUESTED_QUALITY);
184 mEncryptionRequestDisabled = savedInstanceState.getBoolean(
185 ENCRYPT_REQUESTED_DISABLED);
188 // a) If this is started from other user, use that user id.
189 // b) If this is started from the same user, read the extra if this is launched
190 // from Settings app itself.
191 // c) Otherwise, use UserHandle.myUserId().
192 mUserId = Utils.getSecureTargetUser(
193 getActivity().getActivityToken(),
194 UserManager.get(getActivity()),
196 getActivity().getIntent().getExtras()).getIdentifier();
197 if (ACTION_SET_NEW_PASSWORD.equals(chooseLockAction)
198 && UserManager.get(getActivity()).isManagedProfile(mUserId)
199 && mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId)) {
200 getActivity().setTitle(R.string.lock_settings_picker_title_profile);
203 mManagedPasswordProvider = ManagedLockPasswordProvider.get(getActivity(), mUserId);
205 if (mPasswordConfirmed) {
206 updatePreferencesOrFinish();
207 if (mForChangeCredRequiredForBoot) {
208 maybeEnableEncryption(mLockPatternUtils.getKeyguardStoredPasswordQuality(
211 } else if (!mWaitingForConfirmation) {
212 ChooseLockSettingsHelper helper =
213 new ChooseLockSettingsHelper(this.getActivity(), this);
214 boolean managedProfileWithUnifiedLock =
215 UserManager.get(getActivity()).isManagedProfile(mUserId)
216 && !mLockPatternUtils.isSeparateProfileChallengeEnabled(mUserId);
217 if (managedProfileWithUnifiedLock
218 || !helper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
219 getString(R.string.unlock_set_unlock_launch_picker_title), true, mUserId)) {
220 mPasswordConfirmed = true; // no password set, so no need to confirm
221 updatePreferencesOrFinish();
223 mWaitingForConfirmation = true;
229 protected void addHeaderView() {
230 if (mForFingerprint) {
231 setHeaderView(R.layout.choose_lock_generic_fingerprint_header);
232 if (mIsSetNewPassword) {
233 ((TextView) getHeaderView().findViewById(R.id.fingerprint_header_description))
234 .setText(R.string.fingerprint_unlock_title);
240 public boolean onPreferenceTreeClick(Preference preference) {
241 final String key = preference.getKey();
243 if (!isUnlockMethodSecure(key) && mLockPatternUtils.isSecure(mUserId)) {
244 // Show the disabling FRP warning only when the user is switching from a secure
245 // unlock method to an insecure one
246 showFactoryResetProtectionWarningDialog(key);
248 } else if (KEY_SKIP_FINGERPRINT.equals(key)) {
249 Intent chooseLockGenericIntent = new Intent(getActivity(), ChooseLockGeneric.class);
250 chooseLockGenericIntent.setAction(getIntent().getAction());
251 // Forward the target user id to ChooseLockGeneric.
252 chooseLockGenericIntent.putExtra(Intent.EXTRA_USER_ID, mUserId);
253 chooseLockGenericIntent.putExtra(PASSWORD_CONFIRMED, mPasswordConfirmed);
254 startActivityForResult(chooseLockGenericIntent, SKIP_FINGERPRINT_REQUEST);
257 return setUnlockMethod(key);
262 * If the device has encryption already enabled, then ask the user if they
263 * also want to encrypt the phone with this password.
268 // TODO: why does this take disabled, its always called with a quality higher than
269 // what makes sense with disabled == true
270 private void maybeEnableEncryption(int quality, boolean disabled) {
271 DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(DEVICE_POLICY_SERVICE);
272 if (UserManager.get(getActivity()).isAdminUser()
273 && mUserId == UserHandle.myUserId()
274 && LockPatternUtils.isDeviceEncryptionEnabled()
275 && !LockPatternUtils.isFileEncryptionEnabled()
276 && !dpm.getDoNotAskCredentialsOnBoot()) {
277 mEncryptionRequestQuality = quality;
278 mEncryptionRequestDisabled = disabled;
279 // Get the intent that the encryption interstitial should start for creating
280 // the new unlock method.
281 Intent unlockMethodIntent = getIntentForUnlockMethod(quality, disabled);
282 unlockMethodIntent.putExtra(
283 ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT,
284 mForChangeCredRequiredForBoot);
285 final Context context = getActivity();
286 // If accessibility is enabled and the user hasn't seen this dialog before, set the
287 // default state to agree with that which is compatible with accessibility
288 // (password not required).
289 final boolean accEn = AccessibilityManager.getInstance(context).isEnabled();
290 final boolean required = mLockPatternUtils.isCredentialRequiredToDecrypt(!accEn);
291 Intent intent = getEncryptionInterstitialIntent(context, quality, required,
293 intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT,
295 intent.putExtra(EXTRA_HIDE_DRAWER, mHideDrawer);
296 startActivityForResult(
298 mIsSetNewPassword && mHasChallenge
299 ? CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST
300 : ENABLE_ENCRYPTION_REQUEST);
302 if (mForChangeCredRequiredForBoot) {
303 // Welp, couldn't change it. Oh well.
307 mRequirePassword = false; // device encryption not enabled or not device owner.
308 updateUnlockMethodAndFinish(quality, disabled);
313 public void onActivityResult(int requestCode, int resultCode, Intent data) {
314 super.onActivityResult(requestCode, resultCode, data);
315 mWaitingForConfirmation = false;
316 if (requestCode == CONFIRM_EXISTING_REQUEST && resultCode == Activity.RESULT_OK) {
317 mPasswordConfirmed = true;
318 mUserPassword = data.getStringExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
319 updatePreferencesOrFinish();
320 if (mForChangeCredRequiredForBoot) {
321 if (!TextUtils.isEmpty(mUserPassword)) {
322 maybeEnableEncryption(
323 mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId), false);
328 } else if (requestCode == CHOOSE_LOCK_REQUEST
329 || requestCode == ENABLE_ENCRYPTION_REQUEST) {
330 if (resultCode != RESULT_CANCELED || mForChangeCredRequiredForBoot) {
331 getActivity().setResult(resultCode, data);
334 } else if (requestCode == CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST
335 && resultCode == FingerprintEnrollBase.RESULT_FINISHED) {
336 Intent intent = getFindSensorIntent(getActivity());
338 intent.putExtras(data.getExtras());
340 // Forward the target user id to fingerprint setup page.
341 intent.putExtra(Intent.EXTRA_USER_ID, mUserId);
342 startActivity(intent);
344 } else if (requestCode == SKIP_FINGERPRINT_REQUEST) {
345 if (resultCode != RESULT_CANCELED) {
346 getActivity().setResult(
347 resultCode == RESULT_FINISHED ? RESULT_OK : resultCode, data);
351 getActivity().setResult(Activity.RESULT_CANCELED);
354 if (requestCode == Activity.RESULT_CANCELED && mForChangeCredRequiredForBoot) {
359 protected Intent getFindSensorIntent(Context context) {
360 return new Intent(context, FingerprintEnrollFindSensor.class);
364 public void onSaveInstanceState(Bundle outState) {
365 super.onSaveInstanceState(outState);
366 // Saved so we don't force user to re-enter their password if configuration changes
367 outState.putBoolean(PASSWORD_CONFIRMED, mPasswordConfirmed);
368 outState.putBoolean(WAITING_FOR_CONFIRMATION, mWaitingForConfirmation);
369 outState.putInt(ENCRYPT_REQUESTED_QUALITY, mEncryptionRequestQuality);
370 outState.putBoolean(ENCRYPT_REQUESTED_DISABLED, mEncryptionRequestDisabled);
373 private void updatePreferencesOrFinish() {
374 Intent intent = getActivity().getIntent();
375 int quality = intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY, -1);
377 // If caller didn't specify password quality, show UI and allow the user to choose.
378 quality = intent.getIntExtra(MINIMUM_QUALITY_KEY, -1);
379 quality = upgradeQuality(quality);
380 final boolean hideDisabledPrefs = intent.getBooleanExtra(
381 HIDE_DISABLED_PREFS, false);
382 final PreferenceScreen prefScreen = getPreferenceScreen();
383 if (prefScreen != null) {
384 prefScreen.removeAll();
387 disableUnusablePreferences(quality, hideDisabledPrefs);
388 updatePreferenceText();
389 updateCurrentPreference();
390 updatePreferenceSummaryIfNeeded();
392 updateUnlockMethodAndFinish(quality, false);
396 protected void addPreferences() {
397 addPreferencesFromResource(R.xml.security_settings_picker);
399 // Used for testing purposes
400 findPreference(KEY_UNLOCK_SET_NONE).setViewId(R.id.lock_none);
401 findPreference(KEY_SKIP_FINGERPRINT).setViewId(R.id.lock_none);
402 findPreference(KEY_UNLOCK_SET_PIN).setViewId(R.id.lock_pin);
403 findPreference(KEY_UNLOCK_SET_PASSWORD).setViewId(R.id.lock_password);
406 private void updatePreferenceText() {
407 if (mForFingerprint) {
408 final String key[] = { KEY_UNLOCK_SET_PATTERN,
410 KEY_UNLOCK_SET_PASSWORD };
411 final int res[] = { R.string.fingerprint_unlock_set_unlock_pattern,
412 R.string.fingerprint_unlock_set_unlock_pin,
413 R.string.fingerprint_unlock_set_unlock_password };
414 for (int i = 0; i < key.length; i++) {
415 Preference pref = findPreference(key[i]);
416 if (pref != null) { // can be removed by device admin
417 pref.setTitle(res[i]);
422 if (mManagedPasswordProvider.isSettingManagedPasswordSupported()) {
423 Preference managed = findPreference(KEY_UNLOCK_SET_MANAGED);
424 managed.setTitle(mManagedPasswordProvider.getPickerOptionTitle(mForFingerprint));
426 removePreference(KEY_UNLOCK_SET_MANAGED);
429 if (!(mForFingerprint && mIsSetNewPassword)) {
430 removePreference(KEY_SKIP_FINGERPRINT);
434 private void updateCurrentPreference() {
435 String currentKey = getKeyForCurrent();
436 Preference preference = findPreference(currentKey);
437 if (preference != null) {
438 preference.setSummary(R.string.current_screen_lock);
442 private String getKeyForCurrent() {
443 final int credentialOwner = UserManager.get(getContext())
444 .getCredentialOwnerProfile(mUserId);
445 if (mLockPatternUtils.isLockScreenDisabled(credentialOwner)) {
446 return KEY_UNLOCK_SET_OFF;
448 switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(credentialOwner)) {
449 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
450 return KEY_UNLOCK_SET_PATTERN;
451 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
452 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
453 return KEY_UNLOCK_SET_PIN;
454 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
455 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
456 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
457 return KEY_UNLOCK_SET_PASSWORD;
458 case DevicePolicyManager.PASSWORD_QUALITY_MANAGED:
459 return KEY_UNLOCK_SET_MANAGED;
460 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED:
461 return KEY_UNLOCK_SET_NONE;
466 /** increases the quality if necessary */
467 private int upgradeQuality(int quality) {
468 quality = upgradeQualityForDPM(quality);
472 private int upgradeQualityForDPM(int quality) {
473 // Compare min allowed password quality
474 int minQuality = mDPM.getPasswordQuality(null, mUserId);
475 if (quality < minQuality) {
476 quality = minQuality;
482 * Disables preferences that are less secure than required quality. The actual
483 * implementation is in disableUnusablePreferenceImpl.
485 * @param quality the requested quality.
486 * @param hideDisabledPrefs if false preferences show why they were disabled; otherwise
487 * they're not shown at all.
489 protected void disableUnusablePreferences(final int quality, boolean hideDisabledPrefs) {
490 disableUnusablePreferencesImpl(quality, hideDisabledPrefs);
494 * Disables preferences that are less secure than required quality.
496 * @param quality the requested quality.
497 * @param hideDisabled whether to hide disable screen lock options.
499 protected void disableUnusablePreferencesImpl(final int quality,
500 boolean hideDisabled) {
501 final PreferenceScreen entries = getPreferenceScreen();
503 int adminEnforcedQuality = mDPM.getPasswordQuality(null, mUserId);
504 EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfPasswordQualityIsSet(
505 getActivity(), mUserId);
506 for (int i = entries.getPreferenceCount() - 1; i >= 0; --i) {
507 Preference pref = entries.getPreference(i);
508 if (pref instanceof RestrictedPreference) {
509 final String key = pref.getKey();
510 boolean enabled = true;
511 boolean visible = true;
512 boolean disabledByAdmin = false;
513 if (KEY_UNLOCK_SET_OFF.equals(key)) {
514 enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
515 if (getResources().getBoolean(R.bool.config_hide_none_security_option)) {
519 disabledByAdmin = adminEnforcedQuality
520 > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
521 } else if (KEY_UNLOCK_SET_NONE.equals(key)) {
522 if (getResources().getBoolean(R.bool.config_hide_swipe_security_option)) {
526 if (mUserId != UserHandle.myUserId()) {
527 // Swipe doesn't make sense for profiles.
530 enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
532 disabledByAdmin = adminEnforcedQuality
533 > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
534 } else if (KEY_UNLOCK_SET_PATTERN.equals(key)) {
535 enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_SOMETHING;
536 disabledByAdmin = adminEnforcedQuality
537 > DevicePolicyManager.PASSWORD_QUALITY_SOMETHING;
538 } else if (KEY_UNLOCK_SET_PIN.equals(key)) {
539 enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX;
540 disabledByAdmin = adminEnforcedQuality
541 > DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX;
542 } else if (KEY_UNLOCK_SET_PASSWORD.equals(key)) {
543 enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
544 disabledByAdmin = adminEnforcedQuality
545 > DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
546 } else if (KEY_UNLOCK_SET_MANAGED.equals(key)) {
547 enabled = quality <= DevicePolicyManager.PASSWORD_QUALITY_MANAGED
548 && mManagedPasswordProvider.isManagedPasswordChoosable();
549 disabledByAdmin = adminEnforcedQuality
550 > DevicePolicyManager.PASSWORD_QUALITY_MANAGED;
556 entries.removePreference(pref);
557 } else if (disabledByAdmin && enforcedAdmin != null) {
558 ((RestrictedPreference) pref).setDisabledByAdmin(enforcedAdmin);
559 } else if (!enabled) {
560 // we need to setDisabledByAdmin to null first to disable the padlock
561 // in case it was set earlier.
562 ((RestrictedPreference) pref).setDisabledByAdmin(null);
563 pref.setSummary(R.string.unlock_set_unlock_disabled_summary);
564 pref.setEnabled(false);
566 ((RestrictedPreference) pref).setDisabledByAdmin(null);
572 private void updatePreferenceSummaryIfNeeded() {
573 // On a default block encrypted device with accessibility, add a warning
574 // that your data is not credential encrypted
575 if (!StorageManager.isBlockEncrypted()) {
579 if (StorageManager.isNonDefaultBlockEncrypted()) {
583 if (AccessibilityManager.getInstance(getActivity()).getEnabledAccessibilityServiceList(
584 AccessibilityServiceInfo.FEEDBACK_ALL_MASK).isEmpty()) {
588 CharSequence summary = getString(R.string.secure_lock_encryption_warning);
590 PreferenceScreen screen = getPreferenceScreen();
591 final int preferenceCount = screen.getPreferenceCount();
592 for (int i = 0; i < preferenceCount; i++) {
593 Preference preference = screen.getPreference(i);
594 switch (preference.getKey()) {
595 case KEY_UNLOCK_SET_PATTERN:
596 case KEY_UNLOCK_SET_PIN:
597 case KEY_UNLOCK_SET_PASSWORD:
598 case KEY_UNLOCK_SET_MANAGED: {
599 preference.setSummary(summary);
605 protected Intent getLockManagedPasswordIntent(boolean requirePassword, String password) {
606 return mManagedPasswordProvider.createIntent(requirePassword, password);
609 protected Intent getLockPasswordIntent(Context context, int quality,
610 int minLength, final int maxLength,
611 boolean requirePasswordToDecrypt, boolean confirmCredentials, int userId) {
612 return ChooseLockPassword.createIntent(context, quality, minLength,
613 maxLength, requirePasswordToDecrypt, confirmCredentials, userId);
616 protected Intent getLockPasswordIntent(Context context, int quality,
617 int minLength, final int maxLength,
618 boolean requirePasswordToDecrypt, long challenge, int userId) {
619 return ChooseLockPassword.createIntent(context, quality, minLength,
620 maxLength, requirePasswordToDecrypt, challenge, userId);
623 protected Intent getLockPasswordIntent(Context context, int quality, int minLength,
624 int maxLength, boolean requirePasswordToDecrypt, String password, int userId) {
625 return ChooseLockPassword.createIntent(context, quality, minLength, maxLength,
626 requirePasswordToDecrypt, password, userId);
629 protected Intent getLockPatternIntent(Context context, final boolean requirePassword,
630 final boolean confirmCredentials, int userId) {
631 return ChooseLockPattern.createIntent(context, requirePassword,
632 confirmCredentials, userId);
635 protected Intent getLockPatternIntent(Context context, final boolean requirePassword,
636 long challenge, int userId) {
637 return ChooseLockPattern.createIntent(context, requirePassword, challenge, userId);
640 protected Intent getLockPatternIntent(Context context, final boolean requirePassword,
641 final String pattern, int userId) {
642 return ChooseLockPattern.createIntent(context, requirePassword, pattern, userId);
645 protected Intent getEncryptionInterstitialIntent(Context context, int quality,
646 boolean required, Intent unlockMethodIntent) {
647 return EncryptionInterstitial.createStartIntent(context, quality, required,
652 * Invokes an activity to change the user's pattern, password or PIN based on given quality
653 * and minimum quality specified by DevicePolicyManager. If quality is
654 * {@link DevicePolicyManager#PASSWORD_QUALITY_UNSPECIFIED}, password is cleared.
656 * @param quality the desired quality. Ignored if DevicePolicyManager requires more security
657 * @param disabled whether or not to show LockScreen at all. Only meaningful when quality is
658 * {@link DevicePolicyManager#PASSWORD_QUALITY_UNSPECIFIED}
660 void updateUnlockMethodAndFinish(int quality, boolean disabled) {
661 // Sanity check. We should never get here without confirming user's existing password.
662 if (!mPasswordConfirmed) {
663 throw new IllegalStateException("Tried to update password without confirming it");
666 quality = upgradeQuality(quality);
667 Intent intent = getIntentForUnlockMethod(quality, disabled);
668 if (intent != null) {
669 startActivityForResult(intent,
670 mIsSetNewPassword && mHasChallenge
671 ? CHOOSE_LOCK_BEFORE_FINGERPRINT_REQUEST
672 : CHOOSE_LOCK_REQUEST);
676 if (quality == DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
677 mLockPatternUtils.setSeparateProfileChallengeEnabled(mUserId, true, mUserPassword);
678 mChooseLockSettingsHelper.utils().clearLock(mUserId);
679 mChooseLockSettingsHelper.utils().setLockScreenDisabled(disabled, mUserId);
680 getActivity().setResult(Activity.RESULT_OK);
681 removeAllFingerprintForUserAndFinish(mUserId);
683 removeAllFingerprintForUserAndFinish(mUserId);
687 private Intent getIntentForUnlockMethod(int quality, boolean disabled) {
688 Intent intent = null;
689 final Context context = getActivity();
690 if (quality >= DevicePolicyManager.PASSWORD_QUALITY_MANAGED) {
691 intent = getLockManagedPasswordIntent(mRequirePassword, mUserPassword);
692 } else if (quality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC) {
693 int minLength = mDPM.getPasswordMinimumLength(null, mUserId);
694 if (minLength < MIN_PASSWORD_LENGTH) {
695 minLength = MIN_PASSWORD_LENGTH;
697 final int maxLength = mDPM.getPasswordMaximumLength(quality);
699 intent = getLockPasswordIntent(context, quality, minLength,
700 maxLength, mRequirePassword, mChallenge, mUserId);
702 intent = getLockPasswordIntent(context, quality, minLength,
703 maxLength, mRequirePassword, mUserPassword, mUserId);
705 } else if (quality == DevicePolicyManager.PASSWORD_QUALITY_SOMETHING) {
707 intent = getLockPatternIntent(context, mRequirePassword,
708 mChallenge, mUserId);
710 intent = getLockPatternIntent(context, mRequirePassword,
711 mUserPassword, mUserId);
714 if (intent != null) {
715 intent.putExtra(EXTRA_HIDE_DRAWER, mHideDrawer);
720 private void removeAllFingerprintForUserAndFinish(final int userId) {
721 if (mFingerprintManager != null && mFingerprintManager.isHardwareDetected()) {
722 if (mFingerprintManager.hasEnrolledFingerprints(userId)) {
723 mFingerprintManager.setActiveUser(userId);
724 // For the purposes of M and N, groupId is the same as userId.
725 final int groupId = userId;
726 Fingerprint finger = new Fingerprint(null, groupId, 0, 0);
727 mFingerprintManager.remove(finger, userId,
728 new RemovalCallback() {
730 public void onRemovalError(Fingerprint fp, int errMsgId,
731 CharSequence errString) {
732 Log.v(TAG, "Fingerprint removed: " + fp.getFingerId());
733 if (fp.getFingerId() == 0) {
734 removeManagedProfileFingerprintsAndFinishIfNecessary(userId);
739 public void onRemovalSucceeded(Fingerprint fingerprint) {
740 if (fingerprint.getFingerId() == 0) {
741 removeManagedProfileFingerprintsAndFinishIfNecessary(userId);
746 // No fingerprints in this user, we may also want to delete managed profile
748 removeManagedProfileFingerprintsAndFinishIfNecessary(userId);
751 // The removal callback will call finish, once all fingerprints are removed.
752 // We need to wait for that to occur, otherwise, the UI will still show that
753 // fingerprints exist even though they are (about to) be removed depending on
754 // the race condition.
759 private void removeManagedProfileFingerprintsAndFinishIfNecessary(final int parentUserId) {
760 if (mFingerprintManager != null && mFingerprintManager.isHardwareDetected()) {
761 mFingerprintManager.setActiveUser(UserHandle.myUserId());
763 final UserManager um = UserManager.get(getActivity());
764 boolean hasChildProfile = false;
765 if (!um.getUserInfo(parentUserId).isManagedProfile()) {
766 // Current user is primary profile, remove work profile fingerprints if necessary
767 final List<UserInfo> profiles = um.getProfiles(parentUserId);
768 final int profilesSize = profiles.size();
769 for (int i = 0; i < profilesSize; i++) {
770 final UserInfo userInfo = profiles.get(i);
771 if (userInfo.isManagedProfile() && !mLockPatternUtils
772 .isSeparateProfileChallengeEnabled(userInfo.id)) {
773 removeAllFingerprintForUserAndFinish(userInfo.id);
774 hasChildProfile = true;
779 if (!hasChildProfile) {
785 public void onDestroy() {
790 protected int getHelpResource() {
791 return R.string.help_url_choose_lockscreen;
794 private int getResIdForFactoryResetProtectionWarningTitle() {
795 boolean isProfile = UserManager.get(getActivity()).isManagedProfile(mUserId);
796 return isProfile ? R.string.unlock_disable_frp_warning_title_profile
797 : R.string.unlock_disable_frp_warning_title;
800 private int getResIdForFactoryResetProtectionWarningMessage() {
801 final boolean hasFingerprints;
802 if (mFingerprintManager != null && mFingerprintManager.isHardwareDetected()) {
803 hasFingerprints = mFingerprintManager.hasEnrolledFingerprints(mUserId);
805 hasFingerprints = false;
807 boolean isProfile = UserManager.get(getActivity()).isManagedProfile(mUserId);
808 switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId)) {
809 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
810 if (hasFingerprints && isProfile) {
812 .unlock_disable_frp_warning_content_pattern_fingerprint_profile;
813 } else if (hasFingerprints && !isProfile) {
814 return R.string.unlock_disable_frp_warning_content_pattern_fingerprint;
815 } else if (isProfile) {
816 return R.string.unlock_disable_frp_warning_content_pattern_profile;
818 return R.string.unlock_disable_frp_warning_content_pattern;
820 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
821 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
822 if (hasFingerprints && isProfile) {
823 return R.string.unlock_disable_frp_warning_content_pin_fingerprint_profile;
824 } else if (hasFingerprints && !isProfile) {
825 return R.string.unlock_disable_frp_warning_content_pin_fingerprint;
826 } else if (isProfile) {
827 return R.string.unlock_disable_frp_warning_content_pin_profile;
829 return R.string.unlock_disable_frp_warning_content_pin;
831 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
832 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
833 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
834 case DevicePolicyManager.PASSWORD_QUALITY_MANAGED:
835 if (hasFingerprints && isProfile) {
837 .unlock_disable_frp_warning_content_password_fingerprint_profile;
838 } else if (hasFingerprints && !isProfile) {
839 return R.string.unlock_disable_frp_warning_content_password_fingerprint;
840 } else if (isProfile) {
841 return R.string.unlock_disable_frp_warning_content_password_profile;
843 return R.string.unlock_disable_frp_warning_content_password;
846 if (hasFingerprints && isProfile) {
848 .unlock_disable_frp_warning_content_unknown_fingerprint_profile;
849 } else if (hasFingerprints && !isProfile) {
850 return R.string.unlock_disable_frp_warning_content_unknown_fingerprint;
851 } else if (isProfile) {
852 return R.string.unlock_disable_frp_warning_content_unknown_profile;
854 return R.string.unlock_disable_frp_warning_content_unknown;
859 private boolean isUnlockMethodSecure(String unlockMethod) {
860 return !(KEY_UNLOCK_SET_OFF.equals(unlockMethod) ||
861 KEY_UNLOCK_SET_NONE.equals(unlockMethod));
864 private boolean setUnlockMethod(String unlockMethod) {
865 EventLog.writeEvent(EventLogTags.LOCK_SCREEN_TYPE, unlockMethod);
867 if (KEY_UNLOCK_SET_OFF.equals(unlockMethod)) {
868 updateUnlockMethodAndFinish(
869 DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, true /* disabled */ );
870 } else if (KEY_UNLOCK_SET_NONE.equals(unlockMethod)) {
871 updateUnlockMethodAndFinish(
872 DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED, false /* disabled */ );
873 } else if (KEY_UNLOCK_SET_MANAGED.equals(unlockMethod)) {
874 maybeEnableEncryption(DevicePolicyManager.PASSWORD_QUALITY_MANAGED, false);
875 } else if (KEY_UNLOCK_SET_PATTERN.equals(unlockMethod)) {
876 maybeEnableEncryption(
877 DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, false);
878 } else if (KEY_UNLOCK_SET_PIN.equals(unlockMethod)) {
879 maybeEnableEncryption(
880 DevicePolicyManager.PASSWORD_QUALITY_NUMERIC, false);
881 } else if (KEY_UNLOCK_SET_PASSWORD.equals(unlockMethod)) {
882 maybeEnableEncryption(
883 DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC, false);
885 Log.e(TAG, "Encountered unknown unlock method to set: " + unlockMethod);
891 private void showFactoryResetProtectionWarningDialog(String unlockMethodToSet) {
892 int title = getResIdForFactoryResetProtectionWarningTitle();
893 int message = getResIdForFactoryResetProtectionWarningMessage();
894 FactoryResetProtectionWarningDialog dialog =
895 FactoryResetProtectionWarningDialog.newInstance(
896 title, message, unlockMethodToSet);
897 dialog.show(getChildFragmentManager(), TAG_FRP_WARNING_DIALOG);
900 public static class FactoryResetProtectionWarningDialog extends InstrumentedDialogFragment {
902 private static final String ARG_TITLE_RES = "titleRes";
903 private static final String ARG_MESSAGE_RES = "messageRes";
904 private static final String ARG_UNLOCK_METHOD_TO_SET = "unlockMethodToSet";
906 public static FactoryResetProtectionWarningDialog newInstance(
907 int titleRes, int messageRes, String unlockMethodToSet) {
908 FactoryResetProtectionWarningDialog frag =
909 new FactoryResetProtectionWarningDialog();
910 Bundle args = new Bundle();
911 args.putInt(ARG_TITLE_RES, titleRes);
912 args.putInt(ARG_MESSAGE_RES, messageRes);
913 args.putString(ARG_UNLOCK_METHOD_TO_SET, unlockMethodToSet);
914 frag.setArguments(args);
919 public void show(FragmentManager manager, String tag) {
920 if (manager.findFragmentByTag(tag) == null) {
921 // Prevent opening multiple dialogs if tapped on button quickly
922 super.show(manager, tag);
927 public Dialog onCreateDialog(Bundle savedInstanceState) {
928 final Bundle args = getArguments();
930 return new AlertDialog.Builder(getActivity())
931 .setTitle(args.getInt(ARG_TITLE_RES))
932 .setMessage(args.getInt(ARG_MESSAGE_RES))
933 .setPositiveButton(R.string.unlock_disable_frp_warning_ok,
934 new DialogInterface.OnClickListener() {
936 public void onClick(DialogInterface dialog, int whichButton) {
937 ((ChooseLockGenericFragment) getParentFragment())
939 args.getString(ARG_UNLOCK_METHOD_TO_SET));
943 .setNegativeButton(R.string.cancel,
944 new DialogInterface.OnClickListener() {
946 public void onClick(DialogInterface dialog, int whichButton) {
955 public int getMetricsCategory() {
956 return MetricsEvent.DIALOG_FRP;