User to confirm credentials if an accessibility service changes encryption.

When an accessibility service is enabled we are not using the user secure
lock when encrypting the data. If the latter is already used for encryption
we are decreasing the encryption level and therefore shall challenge the
user with their secure lock.

bug:17881324

Change-Id: If8905c05e20bc6bb6a6415e501871e5ad83f3d86

res/layout-sw600dp-land/confirm_lock_password.xml

@@ -41,7 +41,7 @@
             android:layout_marginBottom="10dip"
             android:gravity="start"
             android:ellipsize="marquee"
-            android:textAppearance="?android:attr/textAppearanceLarge"
+            android:textAppearance="?android:attr/textAppearanceMedium"
         />
 
         <!-- Password entry field -->

res/layout-sw600dp/confirm_lock_password.xml

@@ -30,8 +30,7 @@
         android:layout_width="fill_parent"
         android:layout_height="wrap_content"
         android:gravity="center"
-        android:lines="2"
+        android:textAppearance="?android:attr/textAppearanceMedium"/>
-        android:textAppearance="?android:attr/textAppearanceLarge"/>
 
     <!-- spacer above text entry field -->
     <View

res/layout/confirm_lock_password.xml

@@ -30,8 +30,7 @@
         android:layout_width="fill_parent"
         android:layout_height="wrap_content"
         android:gravity="center"
-        android:lines="2"
+        android:textAppearance="?android:attr/textAppearanceMedium"/>
-        android:textAppearance="?android:attr/textAppearanceLarge"/>
 
     <!-- Password entry field -->
     <EditText android:id="@+id/password_entry"

res/values/strings.xml

@@ -3675,6 +3675,21 @@
     <string name="secure_lock_encryption_warning">Because you\'ve turned on an accessibility service,
         your device won’t use your screen lock to enhance data encryption.</string>
 
+    <!-- Message to the user to enter his pattern before enabling an accessibility service. [CHAR LIMIT=NONE] -->
+    <string name="enable_service_pattern_reason">Turning on <xliff:g id="service"
+        example="TalkBack">%1$s</xliff:g> reduces data protection.
+    </string>
+
+    <!-- Message to the user to enter his PIN before enabling an accessibility service. [CHAR LIMIT=NONE] -->
+    <string name="enable_service_pin_reason">Turning on <xliff:g id="service"
+        example="TalkBack">%1$s</xliff:g> reduces data protection.
+    </string>
+
+    <!-- Message to the user to enter his password before enabling an accessibility service. [CHAR LIMIT=NONE] -->
+    <string name="enable_service_password_reason">Turning on <xliff:g id="service"
+        example="TalkBack">%1$s</xliff:g> reduces data protection.
+    </string>
+
     <!-- Title for the capability of an accessibility service to receive events and keys. -->
     <string name="capability_title_receiveAccessibilityEvents">Observe your actions</string>
     <!-- Description for the capability of an accessibility service to receive events and keys. -->

src/com/android/settings/ChooseLockSettingsHelper.java

@@ -79,7 +79,7 @@ public final class ChooseLockSettingsHelper {
             case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC:
             case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX:
                 // TODO: update UI layout for ConfirmPassword to show message and details
-                launched = confirmPassword(request, returnCredentials);
+                launched = confirmPassword(request, message, returnCredentials);
                 break;
         }
         return launched;
@@ -116,13 +116,17 @@ public final class ChooseLockSettingsHelper {
 
     /**
      * Launch screen to confirm the existing lock password.
+     * @param message shown in header of ConfirmLockPassword if not null
      * @param returnCredentials if true, put credentials into intent.
      * @see #onActivityResult(int, int, android.content.Intent)
      * @return true if we launched an activity to confirm password
      */
-    private boolean confirmPassword(int request, boolean returnCredentials) {
+    private boolean confirmPassword(int request, CharSequence message,
+            boolean returnCredentials) {
         if (!mLockPatternUtils.isLockPasswordEnabled()) return false;
         final Intent intent = new Intent();
+        // supply header text in the intent
+        intent.putExtra(ConfirmLockPattern.HEADER_TEXT, message);
         intent.setClassName("com.android.settings",
                             returnCredentials
                             ? ConfirmLockPassword.InternalActivity.class.getName()

src/com/android/settings/ConfirmDeviceCredentialActivity.java

@@ -30,6 +30,15 @@ import android.util.Log;
 public class ConfirmDeviceCredentialActivity extends Activity {
     public static final String TAG = ConfirmDeviceCredentialActivity.class.getSimpleName();
 
+    public static Intent createIntent(CharSequence title, CharSequence details) {
+        Intent intent = new Intent();
+        intent.setClassName("com.android.settings",
+                ConfirmDeviceCredentialActivity.class.getName());
+        intent.putExtra(KeyguardManager.EXTRA_TITLE, title);
+        intent.putExtra(KeyguardManager.EXTRA_DESCRIPTION, details);
+        return intent;
+    }
+
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);

src/com/android/settings/ConfirmLockPassword.java

@@ -16,6 +16,7 @@
 
 package com.android.settings;
 
+import android.text.TextUtils;
 import com.android.internal.widget.LockPatternUtils;
 import com.android.internal.widget.PasswordEntryKeyboardHelper;
 import com.android.internal.widget.PasswordEntryKeyboardView;
@@ -44,6 +45,9 @@ import android.widget.TextView.OnEditorActionListener;
 
 public class ConfirmLockPassword extends SettingsActivity {
 
+    public static final String PACKAGE = "com.android.settings";
+    public static final String HEADER_TEXT = PACKAGE + ".ConfirmLockPattern.header";
+
     public static class InternalActivity extends ConfirmLockPassword {
     }
 
@@ -122,7 +126,15 @@ public class ConfirmLockPassword extends SettingsActivity {
             mIsAlpha = DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC == storedQuality
                     || DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC == storedQuality
                     || DevicePolicyManager.PASSWORD_QUALITY_COMPLEX == storedQuality;
-            mHeaderText.setText(getDefaultHeader());
+
+            Intent intent = getActivity().getIntent();
+            if (intent != null) {
+                CharSequence headerMessage = intent.getCharSequenceExtra(HEADER_TEXT);
+                if (TextUtils.isEmpty(headerMessage)) {
+                    headerMessage = getString(getDefaultHeader());
+                }
+                mHeaderText.setText(headerMessage);
+            }
 
             final Activity activity = getActivity();
             mKeyboardHelper = new PasswordEntryKeyboardHelper(activity,

src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java

@@ -17,8 +17,10 @@
 package com.android.settings.accessibility;
 
 import android.accessibilityservice.AccessibilityServiceInfo;
+import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Dialog;
+import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.DialogInterface;
@@ -37,6 +39,7 @@ import android.widget.LinearLayout;
 import android.widget.TextView;
 
 import com.android.internal.widget.LockPatternUtils;
+import com.android.settings.ConfirmDeviceCredentialActivity;
 import com.android.settings.R;
 import com.android.settings.widget.ToggleSwitch;
 import com.android.settings.widget.ToggleSwitch.OnBeforeCheckedChangeListener;
@@ -52,6 +55,10 @@ public class ToggleAccessibilityServicePreferenceFragment
     private static final int DIALOG_ID_ENABLE_WARNING = 1;
     private static final int DIALOG_ID_DISABLE_WARNING = 2;
 
+    public static final int ACTIVITY_REQUEST_CONFIRM_CREDENTIAL = 1;
+
+    private LockPatternUtils mLockPatternUtils;
+
     private final SettingsContentObserver mSettingsContentObserver =
             new SettingsContentObserver(new Handler()) {
             @Override
@@ -67,6 +74,12 @@ public class ToggleAccessibilityServicePreferenceFragment
 
     private int mShownDialogId;
 
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        mLockPatternUtils = new LockPatternUtils(getActivity());
+    }
+
     @Override
     public void onResume() {
         mSettingsContentObserver.register(getContentResolver());
@@ -269,27 +282,64 @@ public class ToggleAccessibilityServicePreferenceFragment
         return content;
     }
 
+    @Override
+    public void onActivityResult(int requestCode, int resultCode, Intent data) {
+        if (requestCode == ACTIVITY_REQUEST_CONFIRM_CREDENTIAL) {
+            if (resultCode == Activity.RESULT_OK) {
+                handleConfirmServiceEnabled(true);
+            } else {
+                handleConfirmServiceEnabled(false);
+            }
+        }
+    }
+
     @Override
     public void onClick(DialogInterface dialog, int which) {
         final boolean checked;
         switch (which) {
             case DialogInterface.BUTTON_POSITIVE:
-                checked = (mShownDialogId == DIALOG_ID_ENABLE_WARNING);
+                if (mShownDialogId == DIALOG_ID_ENABLE_WARNING) {
-                mSwitchBar.setCheckedInternal(checked);
+                    if (LockPatternUtils.isDeviceEncrypted()) {
-                getArguments().putBoolean(AccessibilitySettings.EXTRA_CHECKED, checked);
+                        String title = createConfirmCredentialReasonMessage();
-                onPreferenceToggled(mPreferenceKey, checked);
+                        Intent intent = ConfirmDeviceCredentialActivity.createIntent(title, null);
+                        startActivityForResult(intent, ACTIVITY_REQUEST_CONFIRM_CREDENTIAL);
+                    } else {
+                        handleConfirmServiceEnabled(true);
+                    }
+                } else {
+                    handleConfirmServiceEnabled(false);
+                }
                 break;
             case DialogInterface.BUTTON_NEGATIVE:
                 checked = (mShownDialogId == DIALOG_ID_DISABLE_WARNING);
-                mSwitchBar.setCheckedInternal(checked);
+                handleConfirmServiceEnabled(checked);
-                getArguments().putBoolean(AccessibilitySettings.EXTRA_CHECKED, checked);
-                onPreferenceToggled(mPreferenceKey, checked);
                 break;
             default:
                 throw new IllegalArgumentException();
         }
     }
 
+    private void handleConfirmServiceEnabled(boolean confirmed) {
+        mSwitchBar.setCheckedInternal(confirmed);
+        getArguments().putBoolean(AccessibilitySettings.EXTRA_CHECKED, confirmed);
+        onPreferenceToggled(mPreferenceKey, confirmed);
+    }
+
+    private String createConfirmCredentialReasonMessage() {
+        int resId = R.string.enable_service_password_reason;
+        switch (mLockPatternUtils.getKeyguardStoredPasswordQuality()) {
+            case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: {
+                resId = R.string.enable_service_pattern_reason;
+            } break;
+            case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
+            case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: {
+                resId = R.string.enable_service_pin_reason;
+            } break;
+        }
+        return getString(resId, getAccessibilityServiceInfo().getResolveInfo()
+                .loadLabel(getPackageManager()));
+    }
+
     @Override
     protected void onInstallSwitchBarToggleSwitch() {
         super.onInstallSwitchBarToggleSwitch();