PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Enforce policy management."

Browse Source
This commit is contained in:
Joshua Mccloskey
2019-10-16 23:23:27 +00:00
committed by Android (Google) Code Review
parent 7bdfda7775 9be0899b3c
commit 0546a9faf1
1 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
View File

@@ -25,6 +25,7 @@ import android.app.admin.DevicePolicyManager;
import android.app.trust.TrustManager; import android.app.trust.TrustManager;
import android.content.Context; import android.content.Context;
import android.content.Intent; import android.content.Intent;
import android.content.pm.PackageManager;
import android.hardware.biometrics.BiometricConstants; import android.hardware.biometrics.BiometricConstants;
import android.hardware.biometrics.BiometricManager; import android.hardware.biometrics.BiometricManager;
import android.hardware.biometrics.BiometricPrompt; import android.hardware.biometrics.BiometricPrompt;
@@ -52,6 +53,12 @@ import java.util.concurrent.Executor;
public class ConfirmDeviceCredentialActivity extends FragmentActivity { public class ConfirmDeviceCredentialActivity extends FragmentActivity {
public static final String TAG = ConfirmDeviceCredentialActivity.class.getSimpleName(); public static final String TAG = ConfirmDeviceCredentialActivity.class.getSimpleName();
/**
* If the intent is sent from {@link com.android.systemui.keyguard.WorkLockActivity} then
* check for device policy management flags.
*/
public static final String EXTRA_FROM_WORK_LOCK_ACTIVITY = "from_work_lock_activity";
// The normal flow that apps go through // The normal flow that apps go through
private static final int CREDENTIAL_NORMAL = 1; private static final int CREDENTIAL_NORMAL = 1;
// Unlocks the managed profile when the primary profile is unlocked // Unlocks the managed profile when the primary profile is unlocked
@@ -90,6 +97,8 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
private TrustManager mTrustManager; private TrustManager mTrustManager;
private ChooseLockSettingsHelper mChooseLockSettingsHelper; private ChooseLockSettingsHelper mChooseLockSettingsHelper;
private Handler mHandler = new Handler(Looper.getMainLooper()); private Handler mHandler = new Handler(Looper.getMainLooper());
private Context mContext;
private boolean mFromWorkLockActivity;
private String mTitle; private String mTitle;
private String mDetails; private String mDetails;
@@ -149,6 +158,8 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
mLockPatternUtils = new LockPatternUtils(this); mLockPatternUtils = new LockPatternUtils(this);
Intent intent = getIntent(); Intent intent = getIntent();
mContext = this;
mFromWorkLockActivity = intent.getBooleanExtra(EXTRA_FROM_WORK_LOCK_ACTIVITY, false);
mTitle = intent.getStringExtra(KeyguardManager.EXTRA_TITLE); mTitle = intent.getStringExtra(KeyguardManager.EXTRA_TITLE);
mDetails = intent.getStringExtra(KeyguardManager.EXTRA_DESCRIPTION); mDetails = intent.getStringExtra(KeyguardManager.EXTRA_DESCRIPTION);
String alternateButton = intent.getStringExtra( String alternateButton = intent.getStringExtra(
@@ -190,7 +201,7 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
} else if (isManagedProfile && isInternalActivity() } else if (isManagedProfile && isInternalActivity()
&& !lockPatternUtils.isSeparateProfileChallengeEnabled(mUserId)) { && !lockPatternUtils.isSeparateProfileChallengeEnabled(mUserId)) {
mCredentialMode = CREDENTIAL_MANAGED; mCredentialMode = CREDENTIAL_MANAGED;
if (isBiometricAllowed(effectiveUserId, mUserId)) { if (mFromWorkLockActivity && isBiometricAllowed(effectiveUserId, mUserId)) {
showBiometricPrompt(bpBundle); showBiometricPrompt(bpBundle);
launchedBiometric = true; launchedBiometric = true;
} else { } else {
@@ -256,10 +267,36 @@ public class ConfirmDeviceCredentialActivity extends FragmentActivity {
|| !mUserManager.isUserUnlocked(mUserId); || !mUserManager.isUserUnlocked(mUserId);
} }
/**
* TODO: Pass a list of disabled features to an internal BiometricPrompt API, so we can
* potentially show different modalities on multi-auth devices.
*
* @param effectiveUserId
* @return false if their exists one biometric on the device which is not disabled by the
* policy manager.
*/
private boolean isBiometricDisabledByAdmin(int effectiveUserId) { private boolean isBiometricDisabledByAdmin(int effectiveUserId) {
final int disabledFeatures = final int disabledFeatures =
mDevicePolicyManager.getKeyguardDisabledFeatures(null, effectiveUserId); mDevicePolicyManager.getKeyguardDisabledFeatures(null, effectiveUserId);
return (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_BIOMETRICS) != 0;
final PackageManager pm = mContext.getPackageManager();
if (pm.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)
&& (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT) == 0) {
Log.d(TAG,"Fingerprint enabled & allowed by device policy manager");
return false;
}
if (pm.hasSystemFeature(PackageManager.FEATURE_IRIS)
&& (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_IRIS) == 0) {
Log.d(TAG,"Iris enabled & allowed by device policy manager");
return false;
}
if (pm.hasSystemFeature(PackageManager.FEATURE_FACE)
&& (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_FACE) == 0) {
Log.d(TAG,"Face enabled & allowed by device policy manager");
return false;
}
return true;
} }
private boolean isBiometricAllowed(int effectiveUserId, int realUserId) { private boolean isBiometricAllowed(int effectiveUserId, int realUserId) {