Remove EncryptionInterstitial for Full Disk Encryption
Support for Full Disk Encryption was removed in Android 13, since now
File Based Encryption is always used instead. It turns out that I
missed a fairly large chunk of obsolete code: EncryptionInterstitial,
which is the screen that asks whether the device will require the
primary user's lockscreen credential when it starts up. This used to be
shown when setting the primary user's lockscreen credential, to
determine whether the full-disk encryption key would be tied to that
lockscreen credential or not. But now it's unused code.
This CL removes all this unused code.
This should not change any behavior, with one very minor exception:
Settings will no longer explicitly set the REQUIRE_PASSWORD_TO_DECRYPT
setting to 0 whenever the primary user's lockscreen credential is
changed. (This happened in SaveChosenLockWorkerBase.) This setting is
a @SystemApi, but it no longer has any meaning, since it is never set to
1 anymore. If there is a reason to keep it explicitly set to 0, instead
of unset, we should make LockSettingsService in system_server set it.
Test: Went through SUW, set a PIN, cleared the PIN, set a PIN again (all
using the UI). Nothing unusual seen.
Bug: 208476087
Change-Id: I039cc7a284e3f43e1e284970a5869958c909d1b7
This commit is contained in:
Eric Biggers
@@ -54,7 +54,6 @@ import android.util.Log;
|
||||
import android.view.LayoutInflater;
|
||||
import android.view.View;
|
||||
import android.view.ViewGroup;
|
||||
import android.view.accessibility.AccessibilityManager;
|
||||
import android.widget.TextView;
|
||||
|
||||
import androidx.annotation.StringRes;
|
||||
@@ -67,7 +66,6 @@ import androidx.preference.PreferenceScreen;
|
||||
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.settings.EncryptionInterstitial;
|
||||
import com.android.settings.EventLogTags;
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.SettingsActivity;
|
||||
@@ -143,8 +141,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
@VisibleForTesting
|
||||
static final int CONFIRM_EXISTING_REQUEST = 100;
|
||||
@VisibleForTesting
|
||||
static final int ENABLE_ENCRYPTION_REQUEST = 101;
|
||||
@VisibleForTesting
|
||||
static final int CHOOSE_LOCK_REQUEST = 102;
|
||||
@VisibleForTesting
|
||||
static final int CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST = 103;
|
||||
@@ -156,7 +152,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
private boolean mRequestGatekeeperPasswordHandle = false;
|
||||
private boolean mPasswordConfirmed = false;
|
||||
private boolean mWaitingForConfirmation = false;
|
||||
private boolean mForChangeCredRequiredForBoot = false;
|
||||
private LockscreenCredential mUserPassword;
|
||||
private FingerprintManager mFingerprintManager;
|
||||
private FaceManager mFaceManager;
|
||||
@@ -250,8 +245,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
|
||||
mIsCallingAppAdmin = intent
|
||||
.getBooleanExtra(EXTRA_KEY_IS_CALLING_APP_ADMIN, /* defValue= */ false);
|
||||
mForChangeCredRequiredForBoot = arguments != null && arguments.getBoolean(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT);
|
||||
mUserManager = UserManager.get(activity);
|
||||
|
||||
if (arguments != null) {
|
||||
@@ -299,10 +292,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
|
||||
if (mPasswordConfirmed) {
|
||||
updatePreferencesOrFinish(savedInstanceState != null);
|
||||
if (mForChangeCredRequiredForBoot) {
|
||||
maybeEnableEncryption(mLockPatternUtils.getKeyguardStoredPasswordQuality(
|
||||
mUserId), false);
|
||||
}
|
||||
} else if (!mWaitingForConfirmation) {
|
||||
final ChooseLockSettingsHelper.Builder builder =
|
||||
new ChooseLockSettingsHelper.Builder(activity, this);
|
||||
@@ -447,58 +436,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* If the device has encryption already enabled, then ask the user if they
|
||||
* also want to encrypt the phone with this password.
|
||||
*
|
||||
* @param quality
|
||||
* @param disabled
|
||||
*/
|
||||
// TODO: why does this take disabled, its always called with a quality higher than
|
||||
// what makes sense with disabled == true
|
||||
private void maybeEnableEncryption(int quality, boolean disabled) {
|
||||
DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(DEVICE_POLICY_SERVICE);
|
||||
if (UserManager.get(getActivity()).isAdminUser()
|
||||
&& mUserId == UserHandle.myUserId()
|
||||
&& LockPatternUtils.isDeviceEncryptionEnabled()
|
||||
&& !LockPatternUtils.isFileEncryptionEnabled()
|
||||
&& !dpm.getDoNotAskCredentialsOnBoot()) {
|
||||
// Get the intent that the encryption interstitial should start for creating
|
||||
// the new unlock method.
|
||||
Intent unlockMethodIntent = getIntentForUnlockMethod(quality);
|
||||
unlockMethodIntent.putExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT,
|
||||
mForChangeCredRequiredForBoot);
|
||||
final Context context = getActivity();
|
||||
// If accessibility is enabled and the user hasn't seen this dialog before, set the
|
||||
// default state to agree with that which is compatible with accessibility
|
||||
// (password not required).
|
||||
final boolean accEn = AccessibilityManager.getInstance(context).isEnabled();
|
||||
final boolean required = mLockPatternUtils.isCredentialRequiredToDecrypt(!accEn);
|
||||
Intent intent = getEncryptionInterstitialIntent(context, quality, required,
|
||||
unlockMethodIntent);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT,
|
||||
mForFingerprint);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, mForFace);
|
||||
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_BIOMETRICS, mForBiometrics);
|
||||
// If the caller requested Gatekeeper Password to be returned, we assume it came
|
||||
// from biometric enrollment. This should be cleaned up, since requesting
|
||||
// Gatekeeper Password should not imply it came from biometric setup/settings.
|
||||
startActivityForResult(
|
||||
intent,
|
||||
mIsSetNewPassword && mRequestGatekeeperPasswordHandle
|
||||
? CHOOSE_LOCK_BEFORE_BIOMETRIC_REQUEST
|
||||
: ENABLE_ENCRYPTION_REQUEST);
|
||||
} else {
|
||||
if (mForChangeCredRequiredForBoot) {
|
||||
// Welp, couldn't change it. Oh well.
|
||||
finish();
|
||||
return;
|
||||
}
|
||||
updateUnlockMethodAndFinish(quality, disabled, false /* chooseLockSkipped */);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onActivityResult(int requestCode, int resultCode, Intent data) {
|
||||
super.onActivityResult(requestCode, resultCode, data);
|
||||
@@ -509,17 +446,8 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
? data.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD)
|
||||
: null;
|
||||
updatePreferencesOrFinish(false /* isRecreatingActivity */);
|
||||
if (mForChangeCredRequiredForBoot) {
|
||||
if (mUserPassword != null && !mUserPassword.isNone()) {
|
||||
maybeEnableEncryption(
|
||||
mLockPatternUtils.getKeyguardStoredPasswordQuality(mUserId), false);
|
||||
} else {
|
||||
finish();
|
||||
}
|
||||
}
|
||||
} else if (requestCode == CHOOSE_LOCK_REQUEST
|
||||
|| requestCode == ENABLE_ENCRYPTION_REQUEST) {
|
||||
if (resultCode != RESULT_CANCELED || mForChangeCredRequiredForBoot) {
|
||||
} else if (requestCode == CHOOSE_LOCK_REQUEST) {
|
||||
if (resultCode != RESULT_CANCELED) {
|
||||
getActivity().setResult(resultCode, data);
|
||||
finish();
|
||||
} else {
|
||||
@@ -559,9 +487,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
getActivity().setResult(Activity.RESULT_CANCELED);
|
||||
finish();
|
||||
}
|
||||
if (requestCode == Activity.RESULT_CANCELED && mForChangeCredRequiredForBoot) {
|
||||
finish();
|
||||
}
|
||||
}
|
||||
|
||||
protected Intent getBiometricEnrollIntent(Context context) {
|
||||
@@ -590,8 +515,8 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
if (StorageManager.isFileEncrypted()) {
|
||||
quality = intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY, -1);
|
||||
} else {
|
||||
// For non-file encrypted devices we need to show encryption interstitial, so always
|
||||
// show the lock type picker and ignore PASSWORD_TYPE_KEY.
|
||||
// For unencrypted devices, always show the lock type picker and ignore
|
||||
// PASSWORD_TYPE_KEY.
|
||||
Log.i(TAG, "Ignoring PASSWORD_TYPE_KEY because device is not file encrypted");
|
||||
}
|
||||
if (quality == -1) {
|
||||
@@ -821,12 +746,6 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
protected Intent getEncryptionInterstitialIntent(Context context, int quality,
|
||||
boolean required, Intent unlockMethodIntent) {
|
||||
return EncryptionInterstitial.createStartIntent(context, quality, required,
|
||||
unlockMethodIntent);
|
||||
}
|
||||
|
||||
/**
|
||||
* Invokes an activity to change the user's pattern, password or PIN based on given quality
|
||||
* and minimum quality specified by DevicePolicyManager. If quality is
|
||||
@@ -992,16 +911,14 @@ public class ChooseLockGeneric extends SettingsActivity {
|
||||
switch (lock) {
|
||||
case NONE:
|
||||
case SWIPE:
|
||||
updateUnlockMethodAndFinish(
|
||||
lock.defaultQuality,
|
||||
lock == ScreenLockType.NONE,
|
||||
false /* chooseLockSkipped */);
|
||||
return true;
|
||||
case PATTERN:
|
||||
case PIN:
|
||||
case PASSWORD:
|
||||
case MANAGED:
|
||||
maybeEnableEncryption(lock.defaultQuality, false);
|
||||
updateUnlockMethodAndFinish(
|
||||
lock.defaultQuality,
|
||||
lock == ScreenLockType.NONE,
|
||||
false /* chooseLockSkipped */);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -86,7 +86,6 @@ import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.internal.widget.PasswordValidationError;
|
||||
import com.android.internal.widget.TextViewInputDisabler;
|
||||
import com.android.internal.widget.VerifyCredentialResponse;
|
||||
import com.android.settings.EncryptionInterstitial;
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.SettingsActivity;
|
||||
import com.android.settings.SetupWizardUtils;
|
||||
@@ -124,7 +123,6 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
public IntentBuilder(Context context) {
|
||||
mIntent = new Intent(context, ChooseLockPassword.class);
|
||||
mIntent.putExtra(ChooseLockGeneric.CONFIRM_CREDENTIALS, false);
|
||||
mIntent.putExtra(EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, false);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -461,21 +459,6 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
mMinMetrics = intent.getParcelableExtra(EXTRA_KEY_MIN_METRICS);
|
||||
if (mMinMetrics == null) mMinMetrics = new PasswordMetrics(CREDENTIAL_TYPE_NONE);
|
||||
|
||||
if (intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT, false)) {
|
||||
SaveAndFinishWorker w = new SaveAndFinishWorker();
|
||||
final boolean required = getActivity().getIntent().getBooleanExtra(
|
||||
EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, true);
|
||||
LockscreenCredential currentCredential = intent.getParcelableExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
|
||||
final LockPatternUtils utils = new LockPatternUtils(getActivity());
|
||||
|
||||
w.setBlocking(true);
|
||||
w.setListener(this);
|
||||
w.start(utils, required, false /* requestGatekeeperPassword */, currentCredential,
|
||||
currentCredential, mUserId);
|
||||
}
|
||||
mTextChangedHandler = new TextChangedHandler();
|
||||
}
|
||||
|
||||
@@ -968,8 +951,6 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
getFragmentManager().executePendingTransactions();
|
||||
|
||||
final Intent intent = getActivity().getIntent();
|
||||
final boolean required = intent.getBooleanExtra(
|
||||
EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, true);
|
||||
if (mUnificationProfileId != UserHandle.USER_NULL) {
|
||||
try (LockscreenCredential profileCredential = (LockscreenCredential)
|
||||
intent.getParcelableExtra(EXTRA_KEY_UNIFICATION_PROFILE_CREDENTIAL)) {
|
||||
@@ -977,7 +958,7 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
profileCredential);
|
||||
}
|
||||
}
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, required, mRequestGatekeeperPassword,
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, mRequestGatekeeperPassword,
|
||||
mChosenPassword, mCurrentCredential, mUserId);
|
||||
}
|
||||
|
||||
@@ -1036,10 +1017,10 @@ public class ChooseLockPassword extends SettingsActivity {
|
||||
private LockscreenCredential mChosenPassword;
|
||||
private LockscreenCredential mCurrentCredential;
|
||||
|
||||
public void start(LockPatternUtils utils, boolean required,
|
||||
boolean requestGatekeeperPassword, LockscreenCredential chosenPassword,
|
||||
LockscreenCredential currentCredential, int userId) {
|
||||
prepare(utils, required, requestGatekeeperPassword, userId);
|
||||
public void start(LockPatternUtils utils, boolean requestGatekeeperPassword,
|
||||
LockscreenCredential chosenPassword, LockscreenCredential currentCredential,
|
||||
int userId) {
|
||||
prepare(utils, requestGatekeeperPassword, userId);
|
||||
|
||||
mChosenPassword = chosenPassword;
|
||||
mCurrentCredential = currentCredential != null ? currentCredential
|
||||
|
||||
@@ -54,7 +54,6 @@ import com.android.internal.widget.LockPatternView.Cell;
|
||||
import com.android.internal.widget.LockPatternView.DisplayMode;
|
||||
import com.android.internal.widget.LockscreenCredential;
|
||||
import com.android.internal.widget.VerifyCredentialResponse;
|
||||
import com.android.settings.EncryptionInterstitial;
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.SettingsActivity;
|
||||
import com.android.settings.SetupWizardUtils;
|
||||
@@ -106,7 +105,6 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
|
||||
public IntentBuilder(Context context) {
|
||||
mIntent = new Intent(context, ChooseLockPattern.class);
|
||||
mIntent.putExtra(EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, false);
|
||||
mIntent.putExtra(ChooseLockGeneric.CONFIRM_CREDENTIALS, false);
|
||||
}
|
||||
|
||||
@@ -458,18 +456,6 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
|
||||
mLockPatternUtils = new LockPatternUtils(getActivity());
|
||||
|
||||
if (intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT, false)) {
|
||||
SaveAndFinishWorker w = new SaveAndFinishWorker();
|
||||
final boolean required = getActivity().getIntent().getBooleanExtra(
|
||||
EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, true);
|
||||
LockscreenCredential current = intent.getParcelableExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
|
||||
w.setBlocking(true);
|
||||
w.setListener(this);
|
||||
w.start(mLockPatternUtils, required, false /* requestGatekeeperPassword */, current,
|
||||
current, mUserId);
|
||||
}
|
||||
mForFingerprint = intent.getBooleanExtra(
|
||||
ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
|
||||
mForFace = intent.getBooleanExtra(
|
||||
@@ -854,8 +840,6 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
getFragmentManager().executePendingTransactions();
|
||||
|
||||
final Intent intent = getActivity().getIntent();
|
||||
final boolean required = intent.getBooleanExtra(
|
||||
EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, true);
|
||||
if (intent.hasExtra(EXTRA_KEY_UNIFICATION_PROFILE_ID)) {
|
||||
try (LockscreenCredential profileCredential = (LockscreenCredential)
|
||||
intent.getParcelableExtra(EXTRA_KEY_UNIFICATION_PROFILE_CREDENTIAL)) {
|
||||
@@ -865,8 +849,8 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
profileCredential);
|
||||
}
|
||||
}
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, required,
|
||||
mRequestGatekeeperPassword, mChosenPattern, mCurrentCredential, mUserId);
|
||||
mSaveAndFinishWorker.start(mLockPatternUtils, mRequestGatekeeperPassword,
|
||||
mChosenPattern, mCurrentCredential, mUserId);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -896,10 +880,10 @@ public class ChooseLockPattern extends SettingsActivity {
|
||||
private LockscreenCredential mCurrentCredential;
|
||||
private boolean mLockVirgin;
|
||||
|
||||
public void start(LockPatternUtils utils, boolean credentialRequired,
|
||||
boolean requestGatekeeperPassword, LockscreenCredential chosenPattern,
|
||||
LockscreenCredential currentCredential, int userId) {
|
||||
prepare(utils, credentialRequired, requestGatekeeperPassword, userId);
|
||||
public void start(LockPatternUtils utils, boolean requestGatekeeperPassword,
|
||||
LockscreenCredential chosenPattern, LockscreenCredential currentCredential,
|
||||
int userId) {
|
||||
prepare(utils, requestGatekeeperPassword, userId);
|
||||
|
||||
mCurrentCredential = currentCredential != null ? currentCredential
|
||||
: LockscreenCredential.createNone();
|
||||
|
||||
@@ -58,7 +58,6 @@ public final class ChooseLockSettingsHelper {
|
||||
public static final String EXTRA_KEY_FOR_FACE = "for_face";
|
||||
// For the paths where multiple biometric sensors exist
|
||||
public static final String EXTRA_KEY_FOR_BIOMETRICS = "for_biometrics";
|
||||
public static final String EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT = "for_cred_req_boot";
|
||||
public static final String EXTRA_KEY_FOREGROUND_ONLY = "foreground_only";
|
||||
public static final String EXTRA_KEY_REQUEST_GK_PW_HANDLE = "request_gk_pw_handle";
|
||||
// Gatekeeper password handle, which can subsequently be used to generate Gatekeeper
|
||||
|
||||
@@ -16,12 +16,10 @@
|
||||
|
||||
package com.android.settings.password;
|
||||
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
import android.os.AsyncTask;
|
||||
import android.os.Bundle;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.util.Pair;
|
||||
import android.widget.Toast;
|
||||
|
||||
@@ -68,21 +66,12 @@ abstract class SaveChosenLockWorkerBase extends Fragment {
|
||||
}
|
||||
}
|
||||
|
||||
protected void prepare(LockPatternUtils utils, boolean credentialRequired,
|
||||
boolean requestGatekeeperPassword, int userId) {
|
||||
protected void prepare(LockPatternUtils utils, boolean requestGatekeeperPassword, int userId) {
|
||||
mUtils = utils;
|
||||
mUserId = userId;
|
||||
mRequestGatekeeperPassword = requestGatekeeperPassword;
|
||||
// This will be a no-op for non managed profiles.
|
||||
mWasSecureBefore = mUtils.isSecure(mUserId);
|
||||
|
||||
Context context = getContext();
|
||||
// If context is null, we're being invoked to change the setCredentialRequiredToDecrypt,
|
||||
// and we made sure that this is the primary user already.
|
||||
if (context == null || UserManager.get(context).getUserInfo(mUserId).isPrimary()) {
|
||||
mUtils.setCredentialRequiredToDecrypt(credentialRequired);
|
||||
}
|
||||
|
||||
mFinished = false;
|
||||
mResultData = null;
|
||||
}
|
||||
|
||||
@@ -38,7 +38,6 @@ import androidx.recyclerview.widget.RecyclerView;
|
||||
|
||||
import com.android.internal.widget.LockPatternUtils;
|
||||
import com.android.settings.R;
|
||||
import com.android.settings.SetupEncryptionInterstitial;
|
||||
import com.android.settings.SetupWizardUtils;
|
||||
import com.android.settings.utils.SettingsDividerItemDecoration;
|
||||
|
||||
@@ -216,15 +215,6 @@ public class SetupChooseLockGeneric extends ChooseLockGeneric {
|
||||
return intent;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Intent getEncryptionInterstitialIntent(Context context, int quality,
|
||||
boolean required, Intent unlockMethodIntent) {
|
||||
Intent intent = SetupEncryptionInterstitial.createStartIntent(context, quality,
|
||||
required, unlockMethodIntent);
|
||||
SetupWizardUtils.copySetupExtras(getActivity().getIntent(), intent);
|
||||
return intent;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Intent getBiometricEnrollIntent(Context context) {
|
||||
final Intent intent = super.getBiometricEnrollIntent(context);
|
||||
|
||||
Reference in New Issue
Block a user