2 * Copyright (C) 2007 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package com.android.settings;
19 import android.app.Activity;
20 import android.app.admin.DevicePolicyManager;
21 import android.content.Context;
22 import android.content.Intent;
23 import android.content.res.Resources;
24 import android.os.Bundle;
25 import android.os.UserHandle;
26 import android.os.UserManager;
27 import android.provider.SearchIndexableResource;
28 import android.security.KeyStore;
29 import android.support.v7.preference.PreferenceGroup;
30 import android.support.v7.preference.PreferenceScreen;
32 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
33 import com.android.internal.widget.LockPatternUtils;
34 import com.android.settings.dashboard.DashboardFragment;
35 import com.android.settings.search.BaseSearchIndexProvider;
36 import com.android.settings.search.Indexable;
37 import com.android.settings.search.SearchIndexableRaw;
38 import com.android.settingslib.RestrictedLockUtils;
39 import com.android.settingslib.RestrictedPreference;
41 import java.util.ArrayList;
42 import java.util.List;
45 * Encryption and Credential settings.
46 * TODO: Extends this from {@link DashboardFragment} instead
48 public class EncryptionAndCredential extends SettingsPreferenceFragment implements Indexable {
50 private static final String TAG = "EncryptionAndCredential";
53 private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
54 private static final String KEY_USER_CREDENTIALS = "user_credentials";
55 private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
56 private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
57 private static final String KEY_CREDENTIALS_MANAGER = "credentials_management";
59 private static final int MY_USER_ID = UserHandle.myUserId();
61 private UserManager mUm;
63 private KeyStore mKeyStore;
64 private RestrictedPreference mResetCredentials;
66 private boolean mIsAdmin;
69 public int getMetricsCategory() {
70 return MetricsEvent.ENCRYPTION_AND_CREDENTIAL;
74 public void onCreate(Bundle savedInstanceState) {
75 super.onCreate(savedInstanceState);
77 final Activity activity = getActivity();
79 mUm = UserManager.get(activity);
85 * Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the
86 * logic or adding/removing preferences here.
88 private PreferenceScreen createPreferenceHierarchy() {
89 PreferenceScreen root = getPreferenceScreen();
93 addPreferencesFromResource(R.xml.encryption_and_credential);
94 root = getPreferenceScreen();
96 // Add options for device encryption
97 mIsAdmin = mUm.isAdminUser();
100 if (LockPatternUtils.isDeviceEncryptionEnabled()) {
101 // The device is currently encrypted.
102 addPreferencesFromResource(R.xml.security_settings_encrypted);
104 // This device supports encryption but isn't encrypted.
105 addPreferencesFromResource(R.xml.security_settings_unencrypted);
110 // Credential storage
111 mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume()
113 if (!RestrictedLockUtils.hasBaseUserRestriction(getActivity(),
114 UserManager.DISALLOW_CONFIG_CREDENTIALS, MY_USER_ID)) {
115 RestrictedPreference userCredentials = (RestrictedPreference) root.findPreference(
116 KEY_USER_CREDENTIALS);
117 userCredentials.checkRestrictionAndSetDisabled(
118 UserManager.DISALLOW_CONFIG_CREDENTIALS);
119 RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference(
120 KEY_CREDENTIAL_STORAGE_TYPE);
121 credentialStorageType.checkRestrictionAndSetDisabled(
122 UserManager.DISALLOW_CONFIG_CREDENTIALS);
123 RestrictedPreference installCredentials = (RestrictedPreference) root.findPreference(
124 KEY_CREDENTIALS_INSTALL);
125 installCredentials.checkRestrictionAndSetDisabled(
126 UserManager.DISALLOW_CONFIG_CREDENTIALS);
127 mResetCredentials = (RestrictedPreference) root.findPreference(KEY_RESET_CREDENTIALS);
128 mResetCredentials.checkRestrictionAndSetDisabled(
129 UserManager.DISALLOW_CONFIG_CREDENTIALS);
131 final int storageSummaryRes =
132 mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware
133 : R.string.credential_storage_type_software;
134 credentialStorageType.setSummary(storageSummaryRes);
136 PreferenceGroup credentialsManager = (PreferenceGroup)
137 root.findPreference(KEY_CREDENTIALS_MANAGER);
138 credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
139 credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
140 credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
141 credentialsManager.removePreference(root.findPreference(KEY_USER_CREDENTIALS));
148 public void onResume() {
151 // Make sure we reload the preference hierarchy since some of these settings
152 // depend on others...
153 createPreferenceHierarchy();
155 if (mResetCredentials != null && !mResetCredentials.isDisabledByAdmin()) {
156 mResetCredentials.setEnabled(!mKeyStore.isEmpty());
161 * see confirmPatternThenDisableAndClear
164 public void onActivityResult(int requestCode, int resultCode, Intent data) {
165 super.onActivityResult(requestCode, resultCode, data);
166 createPreferenceHierarchy();
170 protected int getHelpResource() {
171 return R.string.help_url_security;
175 * For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
177 public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
178 new SecuritySearchIndexProvider();
180 private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider {
183 public List<SearchIndexableResource> getXmlResourcesToIndex(
184 Context context, boolean enabled) {
185 final List<SearchIndexableResource> index = new ArrayList<SearchIndexableResource>();
187 final DevicePolicyManager dpm = (DevicePolicyManager)
188 context.getSystemService(Context.DEVICE_POLICY_SERVICE);
189 final UserManager um = UserManager.get(context);
191 if (um.isAdminUser()) {
192 switch (dpm.getStorageEncryptionStatus()) {
193 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
194 // The device is currently encrypted.
195 index.add(getSearchResource(context, R.xml.security_settings_encrypted));
197 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
198 // This device supports encryption but isn't encrypted.
199 index.add(getSearchResource(context, R.xml.security_settings_unencrypted));
207 private SearchIndexableResource getSearchResource(Context context, int xmlResId) {
208 final SearchIndexableResource sir = new SearchIndexableResource(context);
209 sir.xmlResId = xmlResId;
214 public List<SearchIndexableRaw> getRawDataToIndex(Context context, boolean enabled) {
215 final List<SearchIndexableRaw> result = new ArrayList<SearchIndexableRaw>();
216 final Resources res = context.getResources();
218 final String screenTitle = res.getString(
219 R.string.encryption_and_credential_settings_title);
221 SearchIndexableRaw data = new SearchIndexableRaw(context);
222 data.title = screenTitle;
223 data.screenTitle = screenTitle;
226 final UserManager um = UserManager.get(context);
227 if (!um.isAdminUser()) {
228 int resId = um.isLinkedUser() ?
229 R.string.profile_info_settings_title : R.string.user_info_settings_title;
231 data = new SearchIndexableRaw(context);
232 data.title = res.getString(resId);
233 data.screenTitle = screenTitle;
237 // Credential storage
238 if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
239 KeyStore keyStore = KeyStore.getInstance();
241 final int storageSummaryRes = keyStore.isHardwareBacked() ?
242 R.string.credential_storage_type_hardware :
243 R.string.credential_storage_type_software;
245 data = new SearchIndexableRaw(context);
246 data.title = res.getString(storageSummaryRes);
247 data.screenTitle = screenTitle;
255 public List<String> getNonIndexableKeys(Context context) {
256 final List<String> keys = new ArrayList<String>();
258 final UserManager um = UserManager.get(context);
260 if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
261 keys.add(KEY_CREDENTIALS_MANAGER);