src/com/android/settings/EncryptionAndCredential.java

   1 /*
   2  * Copyright (C) 2007 The Android Open Source Project
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package com.android.settings;
  18
  19 import android.app.Activity;
  20 import android.app.admin.DevicePolicyManager;
  21 import android.content.Context;
  22 import android.content.Intent;
  23 import android.content.res.Resources;
  24 import android.os.Bundle;
  25 import android.os.UserHandle;
  26 import android.os.UserManager;
  27 import android.provider.SearchIndexableResource;
  28 import android.security.KeyStore;
  29 import android.support.v7.preference.PreferenceGroup;
  30 import android.support.v7.preference.PreferenceScreen;
  31
  32 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
  33 import com.android.internal.widget.LockPatternUtils;
  34 import com.android.settings.dashboard.DashboardFragment;
  35 import com.android.settings.search.BaseSearchIndexProvider;
  36 import com.android.settings.search.Indexable;
  37 import com.android.settings.search.SearchIndexableRaw;
  38 import com.android.settingslib.RestrictedLockUtils;
  39 import com.android.settingslib.RestrictedPreference;
  40
  41 import java.util.ArrayList;
  42 import java.util.List;
  43
  44 /**
  45  * Encryption and Credential settings.
  46  * TODO: Extends this from {@link DashboardFragment} instead
  47  */
  48 public class EncryptionAndCredential extends SettingsPreferenceFragment implements Indexable {
  49
  50     private static final String TAG = "EncryptionAndCredential";
  51
  52     // Misc Settings
  53     private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
  54     private static final String KEY_USER_CREDENTIALS = "user_credentials";
  55     private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
  56     private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
  57     private static final String KEY_CREDENTIALS_MANAGER = "credentials_management";
  58
  59     private static final int MY_USER_ID = UserHandle.myUserId();
  60
  61     private UserManager mUm;
  62
  63     private KeyStore mKeyStore;
  64     private RestrictedPreference mResetCredentials;
  65
  66     private boolean mIsAdmin;
  67
  68     @Override
  69     public int getMetricsCategory() {
  70         return MetricsEvent.ENCRYPTION_AND_CREDENTIAL;
  71     }
  72
  73     @Override
  74     public void onCreate(Bundle savedInstanceState) {
  75         super.onCreate(savedInstanceState);
  76
  77         final Activity activity = getActivity();
  78
  79         mUm = UserManager.get(activity);
  80     }
  81
  82     /**
  83      * Important!
  84      *
  85      * Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the
  86      * logic or adding/removing preferences here.
  87      */
  88     private PreferenceScreen createPreferenceHierarchy() {
  89         PreferenceScreen root = getPreferenceScreen();
  90         if (root != null) {
  91             root.removeAll();
  92         }
  93         addPreferencesFromResource(R.xml.encryption_and_credential);
  94         root = getPreferenceScreen();
  95
  96         // Add options for device encryption
  97         mIsAdmin = mUm.isAdminUser();
  98
  99         if (mIsAdmin) {
 100             if (LockPatternUtils.isDeviceEncryptionEnabled()) {
 101                 // The device is currently encrypted.
 102                 addPreferencesFromResource(R.xml.security_settings_encrypted);
 103             } else {
 104                 // This device supports encryption but isn't encrypted.
 105                 addPreferencesFromResource(R.xml.security_settings_unencrypted);
 106             }
 107         }
 108
 109
 110         // Credential storage
 111         mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume()
 112
 113         if (!RestrictedLockUtils.hasBaseUserRestriction(getActivity(),
 114                 UserManager.DISALLOW_CONFIG_CREDENTIALS, MY_USER_ID)) {
 115             RestrictedPreference userCredentials = (RestrictedPreference) root.findPreference(
 116                     KEY_USER_CREDENTIALS);
 117             userCredentials.checkRestrictionAndSetDisabled(
 118                     UserManager.DISALLOW_CONFIG_CREDENTIALS);
 119             RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference(
 120                     KEY_CREDENTIAL_STORAGE_TYPE);
 121             credentialStorageType.checkRestrictionAndSetDisabled(
 122                     UserManager.DISALLOW_CONFIG_CREDENTIALS);
 123             RestrictedPreference installCredentials = (RestrictedPreference) root.findPreference(
 124                     KEY_CREDENTIALS_INSTALL);
 125             installCredentials.checkRestrictionAndSetDisabled(
 126                     UserManager.DISALLOW_CONFIG_CREDENTIALS);
 127             mResetCredentials = (RestrictedPreference) root.findPreference(KEY_RESET_CREDENTIALS);
 128             mResetCredentials.checkRestrictionAndSetDisabled(
 129                     UserManager.DISALLOW_CONFIG_CREDENTIALS);
 130
 131             final int storageSummaryRes =
 132                     mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware
 133                             : R.string.credential_storage_type_software;
 134             credentialStorageType.setSummary(storageSummaryRes);
 135         } else {
 136             PreferenceGroup credentialsManager = (PreferenceGroup)
 137                     root.findPreference(KEY_CREDENTIALS_MANAGER);
 138             credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
 139             credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
 140             credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
 141             credentialsManager.removePreference(root.findPreference(KEY_USER_CREDENTIALS));
 142         }
 143
 144         return root;
 145     }
 146
 147     @Override
 148     public void onResume() {
 149         super.onResume();
 150
 151         // Make sure we reload the preference hierarchy since some of these settings
 152         // depend on others...
 153         createPreferenceHierarchy();
 154
 155         if (mResetCredentials != null && !mResetCredentials.isDisabledByAdmin()) {
 156             mResetCredentials.setEnabled(!mKeyStore.isEmpty());
 157         }
 158     }
 159
 160     /**
 161      * see confirmPatternThenDisableAndClear
 162      */
 163     @Override
 164     public void onActivityResult(int requestCode, int resultCode, Intent data) {
 165         super.onActivityResult(requestCode, resultCode, data);
 166         createPreferenceHierarchy();
 167     }
 168
 169     @Override
 170     protected int getHelpResource() {
 171         return R.string.help_url_security;
 172     }
 173
 174     /**
 175      * For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
 176      */
 177     public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
 178             new SecuritySearchIndexProvider();
 179
 180     private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider {
 181
 182         @Override
 183         public List<SearchIndexableResource> getXmlResourcesToIndex(
 184                 Context context, boolean enabled) {
 185             final List<SearchIndexableResource> index = new ArrayList<SearchIndexableResource>();
 186
 187             final DevicePolicyManager dpm = (DevicePolicyManager)
 188                     context.getSystemService(Context.DEVICE_POLICY_SERVICE);
 189             final UserManager um = UserManager.get(context);
 190
 191             if (um.isAdminUser()) {
 192                 switch (dpm.getStorageEncryptionStatus()) {
 193                     case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
 194                         // The device is currently encrypted.
 195                         index.add(getSearchResource(context, R.xml.security_settings_encrypted));
 196                         break;
 197                     case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
 198                         // This device supports encryption but isn't encrypted.
 199                         index.add(getSearchResource(context, R.xml.security_settings_unencrypted));
 200                         break;
 201                 }
 202             }
 203
 204             return index;
 205         }
 206
 207         private SearchIndexableResource getSearchResource(Context context, int xmlResId) {
 208             final SearchIndexableResource sir = new SearchIndexableResource(context);
 209             sir.xmlResId = xmlResId;
 210             return sir;
 211         }
 212
 213         @Override
 214         public List<SearchIndexableRaw> getRawDataToIndex(Context context, boolean enabled) {
 215             final List<SearchIndexableRaw> result = new ArrayList<SearchIndexableRaw>();
 216             final Resources res = context.getResources();
 217
 218             final String screenTitle = res.getString(
 219                 R.string.encryption_and_credential_settings_title);
 220
 221             SearchIndexableRaw data = new SearchIndexableRaw(context);
 222             data.title = screenTitle;
 223             data.screenTitle = screenTitle;
 224             result.add(data);
 225
 226             final UserManager um = UserManager.get(context);
 227             if (!um.isAdminUser()) {
 228                 int resId = um.isLinkedUser() ?
 229                         R.string.profile_info_settings_title : R.string.user_info_settings_title;
 230
 231                 data = new SearchIndexableRaw(context);
 232                 data.title = res.getString(resId);
 233                 data.screenTitle = screenTitle;
 234                 result.add(data);
 235             }
 236
 237             // Credential storage
 238             if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
 239                 KeyStore keyStore = KeyStore.getInstance();
 240
 241                 final int storageSummaryRes = keyStore.isHardwareBacked() ?
 242                         R.string.credential_storage_type_hardware :
 243                         R.string.credential_storage_type_software;
 244
 245                 data = new SearchIndexableRaw(context);
 246                 data.title = res.getString(storageSummaryRes);
 247                 data.screenTitle = screenTitle;
 248                 result.add(data);
 249             }
 250
 251             return result;
 252         }
 253
 254         @Override
 255         public List<String> getNonIndexableKeys(Context context) {
 256             final List<String> keys = new ArrayList<String>();
 257
 258             final UserManager um = UserManager.get(context);
 259
 260             if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
 261                 keys.add(KEY_CREDENTIALS_MANAGER);
 262             }
 263
 264             return keys;
 265         }
 266     }
 267
 268 }