Permalink
Browse files

Profile: respect DPM when overriding screen lock (1/2)

Profile currently allows the user to override the keyguard set by
device policy, which is undesired.

Change-Id: Id8d80cfdad51ca0a64dc231a77e53b104ecb9825
  • Loading branch information...
1 parent ccab0c0 commit 9e331a9c7a5af08a8b25e35310ca576aff848181 @pawitp pawitp committed Apr 3, 2013
@@ -16,6 +16,7 @@
package android.app;
+import android.app.admin.DevicePolicyManager;
import android.content.Context;
import android.media.AudioManager;
import android.os.Parcel;
@@ -290,6 +291,18 @@ public void setRingMode(RingModeSettings descriptor) {
mDirty = true;
}
+ public int getScreenLockModeWithDPM(Context context) {
+ // Check device policy
+ DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE);
+
+ if (dpm.requireSecureKeyguard()) {
+ // Always enforce lock screen
+ return LockMode.DEFAULT;
+ }
+
+ return mScreenLockMode;
+ }
+
public int getScreenLockMode() {
return mScreenLockMode;
}
@@ -30,6 +30,7 @@
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.UserHandle;
+import android.security.KeyStore;
import android.util.Log;
import java.io.IOException;
@@ -1513,4 +1514,20 @@ public void reportSuccessfulPasswordAttempt(int userHandle) {
}
}
}
+
+ /**
+ * CM: check if secure keyguard is required
+ * @hide
+ */
+ public boolean requireSecureKeyguard() {
+ int encryptionStatus = getStorageEncryptionStatus();
+ if (getPasswordQuality(null) > PASSWORD_QUALITY_UNSPECIFIED ||
+ !KeyStore.getInstance().isEmpty() ||
+ encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE ||
+ encryptionStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING) {
+ // Require secure keyguard
+ return true;
+ }
+ return false;
+ }
}
@@ -1279,7 +1279,7 @@ public boolean isSecure() {
|| mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC
|| mode == DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC
|| mode == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
- final boolean isProfileSecure = mProfileManager.getActiveProfile().getScreenLockMode() == Profile.LockMode.DEFAULT;
+ final boolean isProfileSecure = mProfileManager.getActiveProfile().getScreenLockModeWithDPM(mContext) == Profile.LockMode.DEFAULT;
final boolean secure = (isPattern && isLockPatternEnabled() && savedPatternExists()
|| isPassword && savedPasswordExists()) && isProfileSecure;
return secure;
@@ -88,7 +88,7 @@ SecurityMode getSecurityMode() {
} else if (simState == IccCardConstants.State.PUK_REQUIRED
&& mLockPatternUtils.isPukUnlockScreenEnable()) {
mode = SecurityMode.SimPuk;
- } else if (mProfileManager.getActiveProfile().getScreenLockMode() != Profile.LockMode.INSECURE) {
+ } else if (mProfileManager.getActiveProfile().getScreenLockModeWithDPM(mContext) != Profile.LockMode.INSECURE) {
final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality();
switch (security) {
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
@@ -924,7 +924,7 @@ private void doKeyguardLocked(Bundle options) {
Profile profile = mProfileManager.getActiveProfile();
if (profile != null) {
if (!lockedOrMissing
- && profile.getScreenLockMode() == Profile.LockMode.DISABLE) {
+ && profile.getScreenLockModeWithDPM(mContext) == Profile.LockMode.DISABLE) {
if (DEBUG) Log.d(TAG, "doKeyguard: not showing because of profile override");
return;
}

0 comments on commit 9e331a9

Please sign in to comment.