src/com/android/settings/SecuritySettings.java

   1 /*
   2  * Copyright (C) 2007 The Android Open Source Project
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package com.android.settings;
  18
  19
  20 import android.app.Activity;
  21 import android.app.AlertDialog;
  22 import android.app.admin.DevicePolicyManager;
  23 import android.content.ComponentName;
  24 import android.content.Context;
  25 import android.content.DialogInterface;
  26 import android.content.Intent;
  27 import android.content.pm.PackageManager;
  28 import android.content.pm.ResolveInfo;
  29 import android.content.res.Resources;
  30 import android.hardware.fingerprint.Fingerprint;
  31 import android.hardware.fingerprint.FingerprintManager;
  32 import android.os.Bundle;
  33 import android.os.PersistableBundle;
  34 import android.os.UserHandle;
  35 import android.os.UserManager;
  36 import android.preference.ListPreference;
  37 import android.preference.Preference;
  38 import android.preference.Preference.OnPreferenceChangeListener;
  39 import android.preference.Preference.OnPreferenceClickListener;
  40 import android.preference.PreferenceGroup;
  41 import android.preference.PreferenceScreen;
  42 import android.preference.SwitchPreference;
  43 import android.provider.SearchIndexableResource;
  44 import android.provider.Settings;
  45 import android.security.KeyStore;
  46 import android.service.trust.TrustAgentService;
  47 import android.telephony.CarrierConfigManager;
  48 import android.telephony.SubscriptionInfo;
  49 import android.telephony.SubscriptionManager;
  50 import android.telephony.TelephonyManager;
  51 import android.text.TextUtils;
  52 import android.util.Log;
  53
  54 import com.android.internal.logging.MetricsLogger;
  55 import com.android.internal.widget.LockPatternUtils;
  56 import com.android.settings.TrustAgentUtils.TrustAgentComponentInfo;
  57 import com.android.settings.fingerprint.FingerprintEnrollIntroduction;
  58 import com.android.settings.fingerprint.FingerprintSettings;
  59 import com.android.settings.search.BaseSearchIndexProvider;
  60 import com.android.settings.search.Index;
  61 import com.android.settings.search.Indexable;
  62 import com.android.settings.search.SearchIndexableRaw;
  63
  64 import java.util.ArrayList;
  65 import java.util.List;
  66
  67 import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT;
  68
  69 /**
  70  * Gesture lock pattern settings.
  71  */
  72 public class SecuritySettings extends SettingsPreferenceFragment
  73         implements OnPreferenceChangeListener, DialogInterface.OnClickListener, Indexable {
  74
  75     private static final String TAG = "SecuritySettings";
  76     private static final String TRUST_AGENT_CLICK_INTENT = "trust_agent_click_intent";
  77     private static final Intent TRUST_AGENT_INTENT =
  78             new Intent(TrustAgentService.SERVICE_INTERFACE);
  79
  80     // Lock Settings
  81     private static final String KEY_UNLOCK_SET_OR_CHANGE = "unlock_set_or_change";
  82     private static final String KEY_VISIBLE_PATTERN = "visiblepattern";
  83     private static final String KEY_SECURITY_CATEGORY = "security_category";
  84     private static final String KEY_DEVICE_ADMIN_CATEGORY = "device_admin_category";
  85     private static final String KEY_LOCK_AFTER_TIMEOUT = "lock_after_timeout";
  86     private static final String KEY_OWNER_INFO_SETTINGS = "owner_info_settings";
  87     private static final String KEY_ADVANCED_SECURITY = "advanced_security";
  88     private static final String KEY_MANAGE_TRUST_AGENTS = "manage_trust_agents";
  89     private static final String KEY_FINGERPRINT_SETTINGS = "fingerprint_settings";
  90
  91     private static final int SET_OR_CHANGE_LOCK_METHOD_REQUEST = 123;
  92     private static final int CHANGE_TRUST_AGENT_SETTINGS = 126;
  93
  94     // Misc Settings
  95     private static final String KEY_SIM_LOCK = "sim_lock";
  96     private static final String KEY_SHOW_PASSWORD = "show_password";
  97     private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type";
  98     private static final String KEY_RESET_CREDENTIALS = "credentials_reset";
  99     private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
 100     private static final String KEY_TOGGLE_INSTALL_APPLICATIONS = "toggle_install_applications";
 101     private static final String KEY_POWER_INSTANTLY_LOCKS = "power_button_instantly_locks";
 102     private static final String KEY_CREDENTIALS_MANAGER = "credentials_management";
 103     private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive";
 104     private static final String KEY_TRUST_AGENT = "trust_agent";
 105     private static final String KEY_SCREEN_PINNING = "screen_pinning_settings";
 106     private static final String KEY_TOGGLE_DM_AUTOBOOT = "toggle_dm_autoboot";
 107     private static final String KEY_SMS_SECURITY_CHECK_PREF = "sms_security_check_limit";
 108     private static final String DM_AUTOBOOT_SETTING = "dm_selfregist_autoboot";
 109     private static final int DM_AUTOBOOT_SETTING_ENABLE = 1;
 110     private static final int DM_AUTOBOOT_SETTING_DISABLE = 0;
 111
 112     // These switch preferences need special handling since they're not all stored in Settings.
 113     private static final String SWITCH_PREFERENCE_KEYS[] = { KEY_LOCK_AFTER_TIMEOUT,
 114             KEY_VISIBLE_PATTERN, KEY_POWER_INSTANTLY_LOCKS, KEY_SHOW_PASSWORD,
 115             KEY_TOGGLE_INSTALL_APPLICATIONS };
 116
 117     // Only allow one trust agent on the platform.
 118     private static final boolean ONLY_ONE_TRUST_AGENT = true;
 119
 120     private static final int MY_USER_ID = UserHandle.myUserId();
 121
 122     private DevicePolicyManager mDPM;
 123     private SubscriptionManager mSubscriptionManager;
 124
 125     private ChooseLockSettingsHelper mChooseLockSettingsHelper;
 126     private LockPatternUtils mLockPatternUtils;
 127     private ListPreference mLockAfter;
 128
 129     private SwitchPreference mVisiblePattern;
 130
 131     private SwitchPreference mShowPassword;
 132
 133     private KeyStore mKeyStore;
 134     private Preference mResetCredentials;
 135
 136     private SwitchPreference mToggleAppInstallation;
 137     private DialogInterface mWarnInstallApps;
 138     private SwitchPreference mPowerButtonInstantlyLocks;
 139
 140     private ListPreference mSmsSecurityCheck;
 141
 142     private boolean mIsPrimary;
 143
 144     private Intent mTrustAgentClickIntent;
 145     private Preference mOwnerInfoPref;
 146
 147     @Override
 148     protected int getMetricsCategory() {
 149         return MetricsLogger.SECURITY;
 150     }
 151
 152     @Override
 153     public void onCreate(Bundle savedInstanceState) {
 154         super.onCreate(savedInstanceState);
 155
 156         mSubscriptionManager = SubscriptionManager.from(getActivity());
 157
 158         mLockPatternUtils = new LockPatternUtils(getActivity());
 159
 160         mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
 161
 162         mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity());
 163
 164         if (savedInstanceState != null
 165                 && savedInstanceState.containsKey(TRUST_AGENT_CLICK_INTENT)) {
 166             mTrustAgentClickIntent = savedInstanceState.getParcelable(TRUST_AGENT_CLICK_INTENT);
 167         }
 168     }
 169
 170     private static int getResIdForLockUnlockScreen(Context context,
 171             LockPatternUtils lockPatternUtils) {
 172         int resid = 0;
 173         if (!lockPatternUtils.isSecure(MY_USER_ID)) {
 174             if (lockPatternUtils.isLockScreenDisabled(MY_USER_ID)) {
 175                 resid = R.xml.security_settings_lockscreen;
 176             } else {
 177                 resid = R.xml.security_settings_chooser;
 178             }
 179         } else {
 180             switch (lockPatternUtils.getKeyguardStoredPasswordQuality(MY_USER_ID)) {
 181                 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING:
 182                     resid = R.xml.security_settings_pattern;
 183                     break;
 184                 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
 185                 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX:
 186                     resid = R.xml.security_settings_pin;
 187                     break;
 188                 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC:
 189                 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
 190                 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
 191                     resid = R.xml.security_settings_password;
 192                     break;
 193             }
 194         }
 195         return resid;
 196     }
 197
 198     /**
 199      * Important!
 200      *
 201      * Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the
 202      * logic or adding/removing preferences here.
 203      */
 204     private PreferenceScreen createPreferenceHierarchy() {
 205         PreferenceScreen root = getPreferenceScreen();
 206         if (root != null) {
 207             root.removeAll();
 208         }
 209         addPreferencesFromResource(R.xml.security_settings);
 210         root = getPreferenceScreen();
 211
 212         // Add package manager to check if features are available
 213         PackageManager pm = getPackageManager();
 214
 215         // Add options for lock/unlock screen
 216         final int resid = getResIdForLockUnlockScreen(getActivity(), mLockPatternUtils);
 217         addPreferencesFromResource(resid);
 218
 219         // Add options for device encryption
 220         mIsPrimary = MY_USER_ID == UserHandle.USER_OWNER;
 221
 222         mOwnerInfoPref = findPreference(KEY_OWNER_INFO_SETTINGS);
 223         if (mOwnerInfoPref != null) {
 224             mOwnerInfoPref.setOnPreferenceClickListener(new OnPreferenceClickListener() {
 225                 @Override
 226                 public boolean onPreferenceClick(Preference preference) {
 227                     OwnerInfoSettings.show(SecuritySettings.this);
 228                     return true;
 229                 }
 230             });
 231         }
 232
 233         if (mIsPrimary) {
 234             if (LockPatternUtils.isDeviceEncryptionEnabled()) {
 235                 // The device is currently encrypted.
 236                 addPreferencesFromResource(R.xml.security_settings_encrypted);
 237             } else {
 238                 // This device supports encryption but isn't encrypted.
 239                 addPreferencesFromResource(R.xml.security_settings_unencrypted);
 240             }
 241         }
 242
 243         // Fingerprint and trust agents
 244         PreferenceGroup securityCategory = (PreferenceGroup)
 245                 root.findPreference(KEY_SECURITY_CATEGORY);
 246         if (securityCategory != null) {
 247             maybeAddFingerprintPreference(securityCategory);
 248             addTrustAgentSettings(securityCategory);
 249         }
 250
 251         // lock after preference
 252         mLockAfter = (ListPreference) root.findPreference(KEY_LOCK_AFTER_TIMEOUT);
 253         if (mLockAfter != null) {
 254             setupLockAfterPreference();
 255             updateLockAfterPreferenceSummary();
 256         }
 257
 258         // visible pattern
 259         mVisiblePattern = (SwitchPreference) root.findPreference(KEY_VISIBLE_PATTERN);
 260
 261         // lock instantly on power key press
 262         mPowerButtonInstantlyLocks = (SwitchPreference) root.findPreference(
 263                 KEY_POWER_INSTANTLY_LOCKS);
 264         Preference trustAgentPreference = root.findPreference(KEY_TRUST_AGENT);
 265         if (mPowerButtonInstantlyLocks != null &&
 266                 trustAgentPreference != null &&
 267                 trustAgentPreference.getTitle().length() > 0) {
 268             mPowerButtonInstantlyLocks.setSummary(getString(
 269                     R.string.lockpattern_settings_power_button_instantly_locks_summary,
 270                     trustAgentPreference.getTitle()));
 271         }
 272
 273         // Append the rest of the settings
 274         addPreferencesFromResource(R.xml.security_settings_misc);
 275
 276         // Do not display SIM lock for devices without an Icc card
 277         TelephonyManager tm = TelephonyManager.getDefault();
 278         CarrierConfigManager cfgMgr = (CarrierConfigManager)
 279                 getActivity().getSystemService(Context.CARRIER_CONFIG_SERVICE);
 280         PersistableBundle b = cfgMgr.getConfig();
 281         if (!mIsPrimary || !isSimIccReady() ||
 282                 b.getBoolean(CarrierConfigManager.KEY_HIDE_SIM_LOCK_SETTINGS_BOOL)) {
 283             root.removePreference(root.findPreference(KEY_SIM_LOCK));
 284         } else {
 285             // Disable SIM lock if there is no ready SIM card.
 286             root.findPreference(KEY_SIM_LOCK).setEnabled(isSimReady());
 287         }
 288         if (Settings.System.getInt(getContentResolver(),
 289                 Settings.System.LOCK_TO_APP_ENABLED, 0) != 0) {
 290             root.findPreference(KEY_SCREEN_PINNING).setSummary(
 291                     getResources().getString(R.string.switch_on_text));
 292         }
 293
 294         // SMS rate limit security check
 295         boolean isTelephony = pm.hasSystemFeature(PackageManager.FEATURE_TELEPHONY);
 296         if (isTelephony) {
 297             mSmsSecurityCheck = (ListPreference) root.findPreference(KEY_SMS_SECURITY_CHECK_PREF);
 298             mSmsSecurityCheck.setOnPreferenceChangeListener(this);
 299             int smsSecurityCheck = Integer.valueOf(mSmsSecurityCheck.getValue());
 300             updateSmsSecuritySummary(smsSecurityCheck);
 301         }
 302
 303         // Show password
 304         mShowPassword = (SwitchPreference) root.findPreference(KEY_SHOW_PASSWORD);
 305         mResetCredentials = root.findPreference(KEY_RESET_CREDENTIALS);
 306
 307         // Credential storage
 308         final UserManager um = (UserManager) getActivity().getSystemService(Context.USER_SERVICE);
 309         mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume()
 310         if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
 311             Preference credentialStorageType = root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE);
 312
 313             final int storageSummaryRes =
 314                 mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware
 315                         : R.string.credential_storage_type_software;
 316             credentialStorageType.setSummary(storageSummaryRes);
 317         } else {
 318             PreferenceGroup credentialsManager = (PreferenceGroup)
 319                     root.findPreference(KEY_CREDENTIALS_MANAGER);
 320             credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS));
 321             credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL));
 322             credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE));
 323         }
 324
 325         // Application install
 326         PreferenceGroup deviceAdminCategory = (PreferenceGroup)
 327                 root.findPreference(KEY_DEVICE_ADMIN_CATEGORY);
 328         mToggleAppInstallation = (SwitchPreference) findPreference(
 329                 KEY_TOGGLE_INSTALL_APPLICATIONS);
 330         mToggleAppInstallation.setChecked(isNonMarketAppsAllowed());
 331         // Side loading of apps.
 332         // Disable for restricted profiles. For others, check if policy disallows it.
 333         mToggleAppInstallation.setEnabled(!um.getUserInfo(MY_USER_ID).isRestricted());
 334         if (um.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)
 335                 || um.hasUserRestriction(UserManager.DISALLOW_INSTALL_APPS)) {
 336             mToggleAppInstallation.setEnabled(false);
 337         }
 338
 339         // Advanced Security features
 340         PreferenceGroup advancedCategory =
 341                 (PreferenceGroup)root.findPreference(KEY_ADVANCED_SECURITY);
 342         if (advancedCategory != null) {
 343             Preference manageAgents = advancedCategory.findPreference(KEY_MANAGE_TRUST_AGENTS);
 344             if (manageAgents != null && !mLockPatternUtils.isSecure(MY_USER_ID)) {
 345                 manageAgents.setEnabled(false);
 346                 manageAgents.setSummary(R.string.disabled_because_no_backup_security);
 347             }
 348         }
 349
 350         // The above preferences come and go based on security state, so we need to update
 351         // the index. This call is expected to be fairly cheap, but we may want to do something
 352         // smarter in the future.
 353         Index.getInstance(getActivity())
 354                 .updateFromClassNameResource(SecuritySettings.class.getName(), true, true);
 355
 356         for (int i = 0; i < SWITCH_PREFERENCE_KEYS.length; i++) {
 357             final Preference pref = findPreference(SWITCH_PREFERENCE_KEYS[i]);
 358             if (pref != null) pref.setOnPreferenceChangeListener(this);
 359         }
 360
 361         return root;
 362     }
 363
 364     private void maybeAddFingerprintPreference(PreferenceGroup securityCategory) {
 365         FingerprintManager fpm = (FingerprintManager) getActivity().getSystemService(
 366                 Context.FINGERPRINT_SERVICE);
 367         if (!fpm.isHardwareDetected()) {
 368             Log.v(TAG, "No fingerprint hardware detected!!");
 369             return;
 370         }
 371         Preference fingerprintPreference = new Preference(securityCategory.getContext());
 372         fingerprintPreference.setKey(KEY_FINGERPRINT_SETTINGS);
 373         fingerprintPreference.setTitle(R.string.security_settings_fingerprint_preference_title);
 374         Intent intent = new Intent();
 375         final List<Fingerprint> items = fpm.getEnrolledFingerprints();
 376         final int fingerprintCount = items != null ? items.size() : 0;
 377         final String clazz;
 378         if (fingerprintCount > 0) {
 379             fingerprintPreference.setSummary(getResources().getQuantityString(
 380                     R.plurals.security_settings_fingerprint_preference_summary,
 381                     fingerprintCount, fingerprintCount));
 382             clazz = FingerprintSettings.class.getName();
 383         } else {
 384             fingerprintPreference.setSummary(
 385                     R.string.security_settings_fingerprint_preference_summary_none);
 386             clazz = FingerprintEnrollIntroduction.class.getName();
 387         }
 388         intent.setClassName("com.android.settings", clazz);
 389         fingerprintPreference.setIntent(intent);
 390         securityCategory.addPreference(fingerprintPreference);
 391     }
 392
 393     private void addTrustAgentSettings(PreferenceGroup securityCategory) {
 394         final boolean hasSecurity = mLockPatternUtils.isSecure(MY_USER_ID);
 395         ArrayList<TrustAgentComponentInfo> agents =
 396                 getActiveTrustAgents(getPackageManager(), mLockPatternUtils, mDPM);
 397         for (int i = 0; i < agents.size(); i++) {
 398             final TrustAgentComponentInfo agent = agents.get(i);
 399             Preference trustAgentPreference =
 400                     new Preference(securityCategory.getContext());
 401             trustAgentPreference.setKey(KEY_TRUST_AGENT);
 402             trustAgentPreference.setTitle(agent.title);
 403             trustAgentPreference.setSummary(agent.summary);
 404             // Create intent for this preference.
 405             Intent intent = new Intent();
 406             intent.setComponent(agent.componentName);
 407             intent.setAction(Intent.ACTION_MAIN);
 408             trustAgentPreference.setIntent(intent);
 409             // Add preference to the settings menu.
 410             securityCategory.addPreference(trustAgentPreference);
 411
 412             if (agent.disabledByAdministrator) {
 413                 trustAgentPreference.setEnabled(false);
 414                 trustAgentPreference.setSummary(R.string.trust_agent_disabled_device_admin);
 415             } else if (!hasSecurity) {
 416                 trustAgentPreference.setEnabled(false);
 417                 trustAgentPreference.setSummary(R.string.disabled_because_no_backup_security);
 418             }
 419         }
 420     }
 421
 422     /* Return true if a there is a Slot that has Icc.
 423      */
 424     private boolean isSimIccReady() {
 425         TelephonyManager tm = TelephonyManager.getDefault();
 426         final List<SubscriptionInfo> subInfoList =
 427                 mSubscriptionManager.getActiveSubscriptionInfoList();
 428
 429         if (subInfoList != null) {
 430             for (SubscriptionInfo subInfo : subInfoList) {
 431                 if (tm.hasIccCard(subInfo.getSimSlotIndex())) {
 432                     return true;
 433                 }
 434             }
 435         }
 436
 437         return false;
 438     }
 439
 440     /* Return true if a SIM is ready for locking.
 441      * TODO: consider adding to TelephonyManager or SubscritpionManasger.
 442      */
 443     private boolean isSimReady() {
 444         int simState = TelephonyManager.SIM_STATE_UNKNOWN;
 445         final List<SubscriptionInfo> subInfoList =
 446                 mSubscriptionManager.getActiveSubscriptionInfoList();
 447         if (subInfoList != null) {
 448             for (SubscriptionInfo subInfo : subInfoList) {
 449                 simState = TelephonyManager.getDefault().getSimState(subInfo.getSimSlotIndex());
 450                 if((simState != TelephonyManager.SIM_STATE_ABSENT) &&
 451                             (simState != TelephonyManager.SIM_STATE_UNKNOWN)){
 452                     return true;
 453                 }
 454             }
 455         }
 456         return false;
 457     }
 458
 459     private static ArrayList<TrustAgentComponentInfo> getActiveTrustAgents(
 460             PackageManager pm, LockPatternUtils utils, DevicePolicyManager dpm) {
 461         ArrayList<TrustAgentComponentInfo> result = new ArrayList<TrustAgentComponentInfo>();
 462         List<ResolveInfo> resolveInfos = pm.queryIntentServices(TRUST_AGENT_INTENT,
 463                 PackageManager.GET_META_DATA);
 464         List<ComponentName> enabledTrustAgents = utils.getEnabledTrustAgents(MY_USER_ID);
 465
 466         boolean disableTrustAgents = (dpm.getKeyguardDisabledFeatures(null)
 467                 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
 468
 469         if (enabledTrustAgents != null && !enabledTrustAgents.isEmpty()) {
 470             for (int i = 0; i < resolveInfos.size(); i++) {
 471                 ResolveInfo resolveInfo = resolveInfos.get(i);
 472                 if (resolveInfo.serviceInfo == null) continue;
 473                 if (!TrustAgentUtils.checkProvidePermission(resolveInfo, pm)) continue;
 474                 TrustAgentComponentInfo trustAgentComponentInfo =
 475                         TrustAgentUtils.getSettingsComponent(pm, resolveInfo);
 476                 if (trustAgentComponentInfo.componentName == null ||
 477                         !enabledTrustAgents.contains(
 478                                 TrustAgentUtils.getComponentName(resolveInfo)) ||
 479                         TextUtils.isEmpty(trustAgentComponentInfo.title)) continue;
 480                 if (disableTrustAgents && dpm.getTrustAgentConfiguration(
 481                         null, TrustAgentUtils.getComponentName(resolveInfo)) == null) {
 482                     trustAgentComponentInfo.disabledByAdministrator = true;
 483                 }
 484                 result.add(trustAgentComponentInfo);
 485                 if (ONLY_ONE_TRUST_AGENT) break;
 486             }
 487         }
 488         return result;
 489     }
 490
 491     private boolean isNonMarketAppsAllowed() {
 492         return Settings.Global.getInt(getContentResolver(),
 493                                       Settings.Global.INSTALL_NON_MARKET_APPS, 0) > 0;
 494     }
 495
 496     private void setNonMarketAppsAllowed(boolean enabled) {
 497         final UserManager um = (UserManager) getActivity().getSystemService(Context.USER_SERVICE);
 498         if (um.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)) {
 499             return;
 500         }
 501         // Change the system setting
 502         Settings.Global.putInt(getContentResolver(), Settings.Global.INSTALL_NON_MARKET_APPS,
 503                                 enabled ? 1 : 0);
 504     }
 505
 506     private void warnAppInstallation() {
 507         // TODO: DialogFragment?
 508         mWarnInstallApps = new AlertDialog.Builder(getActivity()).setTitle(
 509                 getResources().getString(R.string.error_title))
 510                 .setIcon(com.android.internal.R.drawable.ic_dialog_alert)
 511                 .setMessage(getResources().getString(R.string.install_all_warning))
 512                 .setPositiveButton(android.R.string.yes, this)
 513                 .setNegativeButton(android.R.string.no, this)
 514                 .show();
 515     }
 516
 517     @Override
 518     public void onClick(DialogInterface dialog, int which) {
 519         if (dialog == mWarnInstallApps) {
 520             boolean turnOn = which == DialogInterface.BUTTON_POSITIVE;
 521             setNonMarketAppsAllowed(turnOn);
 522             if (mToggleAppInstallation != null) {
 523                 mToggleAppInstallation.setChecked(turnOn);
 524             }
 525         }
 526     }
 527
 528     @Override
 529     public void onDestroy() {
 530         super.onDestroy();
 531         if (mWarnInstallApps != null) {
 532             mWarnInstallApps.dismiss();
 533         }
 534     }
 535
 536     private void updateSmsSecuritySummary(int i) {
 537         String message = getString(R.string.sms_security_check_limit_summary, i);
 538         mSmsSecurityCheck.setSummary(message);
 539     }
 540
 541     private void setupLockAfterPreference() {
 542         // Compatible with pre-Froyo
 543         long currentTimeout = Settings.Secure.getLong(getContentResolver(),
 544                 Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000);
 545         mLockAfter.setValue(String.valueOf(currentTimeout));
 546         mLockAfter.setOnPreferenceChangeListener(this);
 547         final long adminTimeout = (mDPM != null ? mDPM.getMaximumTimeToLock(null) : 0);
 548         final long displayTimeout = Math.max(0,
 549                 Settings.System.getInt(getContentResolver(), SCREEN_OFF_TIMEOUT, 0));
 550         if (adminTimeout > 0) {
 551             // This setting is a slave to display timeout when a device policy is enforced.
 552             // As such, maxLockTimeout = adminTimeout - displayTimeout.
 553             // If there isn't enough time, shows "immediately" setting.
 554             disableUnusableTimeouts(Math.max(0, adminTimeout - displayTimeout));
 555         }
 556     }
 557
 558     private void updateLockAfterPreferenceSummary() {
 559         // Update summary message with current value
 560         long currentTimeout = Settings.Secure.getLong(getContentResolver(),
 561                 Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000);
 562         final CharSequence[] entries = mLockAfter.getEntries();
 563         final CharSequence[] values = mLockAfter.getEntryValues();
 564         int best = 0;
 565         for (int i = 0; i < values.length; i++) {
 566             long timeout = Long.valueOf(values[i].toString());
 567             if (currentTimeout >= timeout) {
 568                 best = i;
 569             }
 570         }
 571
 572         Preference preference = getPreferenceScreen().findPreference(KEY_TRUST_AGENT);
 573         if (preference != null && preference.getTitle().length() > 0) {
 574             if (Long.valueOf(values[best].toString()) == 0) {
 575                 mLockAfter.setSummary(getString(R.string.lock_immediately_summary_with_exception,
 576                         preference.getTitle()));
 577             } else {
 578                 mLockAfter.setSummary(getString(R.string.lock_after_timeout_summary_with_exception,
 579                         entries[best], preference.getTitle()));
 580             }
 581         } else {
 582             mLockAfter.setSummary(getString(R.string.lock_after_timeout_summary, entries[best]));
 583         }
 584     }
 585
 586     private void disableUnusableTimeouts(long maxTimeout) {
 587         final CharSequence[] entries = mLockAfter.getEntries();
 588         final CharSequence[] values = mLockAfter.getEntryValues();
 589         ArrayList<CharSequence> revisedEntries = new ArrayList<CharSequence>();
 590         ArrayList<CharSequence> revisedValues = new ArrayList<CharSequence>();
 591         for (int i = 0; i < values.length; i++) {
 592             long timeout = Long.valueOf(values[i].toString());
 593             if (timeout <= maxTimeout) {
 594                 revisedEntries.add(entries[i]);
 595                 revisedValues.add(values[i]);
 596             }
 597         }
 598         if (revisedEntries.size() != entries.length || revisedValues.size() != values.length) {
 599             mLockAfter.setEntries(
 600                     revisedEntries.toArray(new CharSequence[revisedEntries.size()]));
 601             mLockAfter.setEntryValues(
 602                     revisedValues.toArray(new CharSequence[revisedValues.size()]));
 603             final int userPreference = Integer.valueOf(mLockAfter.getValue());
 604             if (userPreference <= maxTimeout) {
 605                 mLockAfter.setValue(String.valueOf(userPreference));
 606             } else {
 607                 // There will be no highlighted selection since nothing in the list matches
 608                 // maxTimeout. The user can still select anything less than maxTimeout.
 609                 // TODO: maybe append maxTimeout to the list and mark selected.
 610             }
 611         }
 612         mLockAfter.setEnabled(revisedEntries.size() > 0);
 613     }
 614
 615     @Override
 616     public void onSaveInstanceState(Bundle outState) {
 617         super.onSaveInstanceState(outState);
 618         if (mTrustAgentClickIntent != null) {
 619             outState.putParcelable(TRUST_AGENT_CLICK_INTENT, mTrustAgentClickIntent);
 620         }
 621     }
 622
 623     @Override
 624     public void onResume() {
 625         super.onResume();
 626
 627         // Make sure we reload the preference hierarchy since some of these settings
 628         // depend on others...
 629         createPreferenceHierarchy();
 630
 631         final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils();
 632         if (mVisiblePattern != null) {
 633             mVisiblePattern.setChecked(lockPatternUtils.isVisiblePatternEnabled(
 634                     MY_USER_ID));
 635         }
 636         if (mPowerButtonInstantlyLocks != null) {
 637             mPowerButtonInstantlyLocks.setChecked(lockPatternUtils.getPowerButtonInstantlyLocks(
 638                     MY_USER_ID));
 639         }
 640
 641         if (mShowPassword != null) {
 642             mShowPassword.setChecked(Settings.System.getInt(getContentResolver(),
 643                     Settings.System.TEXT_SHOW_PASSWORD, 1) != 0);
 644         }
 645
 646         if (mResetCredentials != null) {
 647             mResetCredentials.setEnabled(!mKeyStore.isEmpty());
 648         }
 649
 650         updateOwnerInfo();
 651     }
 652
 653     public void updateOwnerInfo() {
 654         if (mOwnerInfoPref != null) {
 655             mOwnerInfoPref.setSummary(mLockPatternUtils.isOwnerInfoEnabled(MY_USER_ID)
 656                     ? mLockPatternUtils.getOwnerInfo(MY_USER_ID)
 657                     : getString(R.string.owner_info_settings_summary));
 658         }
 659     }
 660
 661     @Override
 662     public boolean onPreferenceTreeClick(PreferenceScreen preferenceScreen, Preference preference) {
 663         final String key = preference.getKey();
 664         if (KEY_UNLOCK_SET_OR_CHANGE.equals(key)) {
 665             startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment",
 666                     R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null);
 667         } else if (KEY_TRUST_AGENT.equals(key)) {
 668             ChooseLockSettingsHelper helper =
 669                     new ChooseLockSettingsHelper(this.getActivity(), this);
 670             mTrustAgentClickIntent = preference.getIntent();
 671             boolean confirmationLaunched = helper.launchConfirmationActivity(
 672                     CHANGE_TRUST_AGENT_SETTINGS, preference.getTitle());
 673             if (!confirmationLaunched&&  mTrustAgentClickIntent != null) {
 674                 // If this returns false, it means no password confirmation is required.
 675                 startActivity(mTrustAgentClickIntent);
 676                 mTrustAgentClickIntent = null;
 677             }
 678         } else {
 679             // If we didn't handle it, let preferences handle it.
 680             return super.onPreferenceTreeClick(preferenceScreen, preference);
 681         }
 682         return true;
 683     }
 684
 685     /**
 686      * see confirmPatternThenDisableAndClear
 687      */
 688     @Override
 689     public void onActivityResult(int requestCode, int resultCode, Intent data) {
 690         super.onActivityResult(requestCode, resultCode, data);
 691         if (requestCode == CHANGE_TRUST_AGENT_SETTINGS && resultCode == Activity.RESULT_OK) {
 692             if (mTrustAgentClickIntent != null) {
 693                 startActivity(mTrustAgentClickIntent);
 694                 mTrustAgentClickIntent = null;
 695             }
 696             return;
 697         }
 698         createPreferenceHierarchy();
 699     }
 700
 701     @Override
 702     public boolean onPreferenceChange(Preference preference, Object value) {
 703         boolean result = true;
 704         final String key = preference.getKey();
 705         final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils();
 706         if (KEY_LOCK_AFTER_TIMEOUT.equals(key)) {
 707             int timeout = Integer.parseInt((String) value);
 708             try {
 709                 Settings.Secure.putInt(getContentResolver(),
 710                         Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, timeout);
 711             } catch (NumberFormatException e) {
 712                 Log.e("SecuritySettings", "could not persist lockAfter timeout setting", e);
 713             }
 714             updateLockAfterPreferenceSummary();
 715         } else if (KEY_VISIBLE_PATTERN.equals(key)) {
 716             lockPatternUtils.setVisiblePatternEnabled((Boolean) value, MY_USER_ID);
 717         } else if (KEY_POWER_INSTANTLY_LOCKS.equals(key)) {
 718             mLockPatternUtils.setPowerButtonInstantlyLocks((Boolean) value, MY_USER_ID);
 719         } else if (KEY_SHOW_PASSWORD.equals(key)) {
 720             Settings.System.putInt(getContentResolver(), Settings.System.TEXT_SHOW_PASSWORD,
 721                     ((Boolean) value) ? 1 : 0);
 722             lockPatternUtils.setVisiblePasswordEnabled((Boolean) value, MY_USER_ID);
 723         } else if (KEY_TOGGLE_INSTALL_APPLICATIONS.equals(key)) {
 724             if ((Boolean) value) {
 725                 mToggleAppInstallation.setChecked(false);
 726                 warnAppInstallation();
 727                 // Don't change Switch status until user makes choice in dialog, so return false.
 728                 result = false;
 729             } else {
 730                 setNonMarketAppsAllowed(false);
 731             }
 732         } else if (KEY_SMS_SECURITY_CHECK_PREF.equals(key)) {
 733             int smsSecurityCheck = Integer.valueOf((String) value);
 734             Settings.Secure.putInt(getContentResolver(), Settings.Global.SMS_OUTGOING_CHECK_MAX_COUNT,
 735                     smsSecurityCheck);
 736             updateSmsSecuritySummary(smsSecurityCheck);
 737         }
 738         return result;
 739     }
 740
 741     @Override
 742     protected int getHelpResource() {
 743         return R.string.help_url_security;
 744     }
 745
 746     /**
 747      * For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
 748      */
 749     public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
 750             new SecuritySearchIndexProvider();
 751
 752     private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider {
 753
 754         boolean mIsPrimary;
 755
 756         public SecuritySearchIndexProvider() {
 757             super();
 758
 759             mIsPrimary = MY_USER_ID == UserHandle.USER_OWNER;
 760         }
 761
 762         @Override
 763         public List<SearchIndexableResource> getXmlResourcesToIndex(
 764                 Context context, boolean enabled) {
 765
 766             List<SearchIndexableResource> result = new ArrayList<SearchIndexableResource>();
 767
 768             LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
 769             // Add options for lock/unlock screen
 770             int resId = getResIdForLockUnlockScreen(context, lockPatternUtils);
 771
 772             SearchIndexableResource sir = new SearchIndexableResource(context);
 773             sir.xmlResId = resId;
 774             result.add(sir);
 775
 776             if (mIsPrimary) {
 777                 DevicePolicyManager dpm = (DevicePolicyManager)
 778                         context.getSystemService(Context.DEVICE_POLICY_SERVICE);
 779
 780                 switch (dpm.getStorageEncryptionStatus()) {
 781                     case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE:
 782                         // The device is currently encrypted.
 783                         resId = R.xml.security_settings_encrypted;
 784                         break;
 785                     case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE:
 786                         // This device supports encryption but isn't encrypted.
 787                         resId = R.xml.security_settings_unencrypted;
 788                         break;
 789                 }
 790
 791                 sir = new SearchIndexableResource(context);
 792                 sir.xmlResId = resId;
 793                 result.add(sir);
 794             }
 795
 796             // Append the rest of the settings
 797             sir = new SearchIndexableResource(context);
 798             sir.xmlResId = R.xml.security_settings_misc;
 799             result.add(sir);
 800
 801             return result;
 802         }
 803
 804         @Override
 805         public List<SearchIndexableRaw> getRawDataToIndex(Context context, boolean enabled) {
 806             final List<SearchIndexableRaw> result = new ArrayList<SearchIndexableRaw>();
 807             final Resources res = context.getResources();
 808
 809             final String screenTitle = res.getString(R.string.security_settings_title);
 810
 811             SearchIndexableRaw data = new SearchIndexableRaw(context);
 812             data.title = screenTitle;
 813             data.screenTitle = screenTitle;
 814             result.add(data);
 815
 816             if (!mIsPrimary) {
 817                 int resId = (UserManager.get(context).isLinkedUser()) ?
 818                         R.string.profile_info_settings_title : R.string.user_info_settings_title;
 819
 820                 data = new SearchIndexableRaw(context);
 821                 data.title = res.getString(resId);
 822                 data.screenTitle = screenTitle;
 823                 result.add(data);
 824             }
 825
 826             // Fingerprint
 827             FingerprintManager fpm =
 828                     (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
 829             if (fpm.isHardwareDetected()) {
 830                 // This catches the title which can be overloaded in an overlay
 831                 data = new SearchIndexableRaw(context);
 832                 data.title = res.getString(R.string.security_settings_fingerprint_preference_title);
 833                 data.screenTitle = screenTitle;
 834                 result.add(data);
 835                 // Fallback for when the above doesn't contain "fingerprint"
 836                 data = new SearchIndexableRaw(context);
 837                 data.title = res.getString(R.string.fingerprint_manage_category_title);
 838                 data.screenTitle = screenTitle;
 839                 result.add(data);
 840             }
 841
 842             // Credential storage
 843             final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
 844
 845             if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
 846                 KeyStore keyStore = KeyStore.getInstance();
 847
 848                 final int storageSummaryRes = keyStore.isHardwareBacked() ?
 849                         R.string.credential_storage_type_hardware :
 850                         R.string.credential_storage_type_software;
 851
 852                 data = new SearchIndexableRaw(context);
 853                 data.title = res.getString(storageSummaryRes);
 854                 data.screenTitle = screenTitle;
 855                 result.add(data);
 856             }
 857
 858             // Advanced
 859             final LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
 860             if (lockPatternUtils.isSecure(MY_USER_ID)) {
 861                 ArrayList<TrustAgentComponentInfo> agents =
 862                         getActiveTrustAgents(context.getPackageManager(), lockPatternUtils,
 863                                 context.getSystemService(DevicePolicyManager.class));
 864                 for (int i = 0; i < agents.size(); i++) {
 865                     final TrustAgentComponentInfo agent = agents.get(i);
 866                     data = new SearchIndexableRaw(context);
 867                     data.title = agent.title;
 868                     data.screenTitle = screenTitle;
 869                     result.add(data);
 870                 }
 871             }
 872             return result;
 873         }
 874
 875         @Override
 876         public List<String> getNonIndexableKeys(Context context) {
 877             final List<String> keys = new ArrayList<String>();
 878
 879             LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
 880             // Add options for lock/unlock screen
 881             int resId = getResIdForLockUnlockScreen(context, lockPatternUtils);
 882
 883             // Do not display SIM lock for devices without an Icc card
 884             TelephonyManager tm = TelephonyManager.getDefault();
 885             if (!mIsPrimary || !tm.hasIccCard()) {
 886                 keys.add(KEY_SIM_LOCK);
 887             }
 888
 889             final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
 890             if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) {
 891                 keys.add(KEY_CREDENTIALS_MANAGER);
 892             }
 893
 894             // TrustAgent settings disappear when the user has no primary security.
 895             if (!lockPatternUtils.isSecure(MY_USER_ID)) {
 896                 keys.add(KEY_TRUST_AGENT);
 897                 keys.add(KEY_MANAGE_TRUST_AGENTS);
 898             }
 899
 900             return keys;
 901         }
 902     }
 903
 904 }