Add wipe on login failure to Privacy Settings page

This CL adds information to the Enterprise Privacy Setting page that tells the user how many times the password can be mistyped before the device (or the work profile) is forcefully wiped. Test: make RunSettingsRoboTests Bug: 32692748 Change-Id: I4ae316802dbf5853ab4eacb0787647372d5e26c2
2017-02-14 11:45:20 +01:00
parent c1a7723c17
commit 8903f66662
20 changed files with 542 additions and 21 deletions
--- a/src/com/android/settings/enterprise/AdminActionPreferenceControllerBase.java
+++ b/src/com/android/settings/enterprise/AdminActionPreferenceControllerBase.java
@@ -26,12 +26,10 @@ import java.util.Date;

 public abstract class AdminActionPreferenceControllerBase extends PreferenceController {

-    private final Context mContext;
    protected final EnterprisePrivacyFeatureProvider mFeatureProvider;

    public AdminActionPreferenceControllerBase(Context context) {
        super(context);
-        mContext = context;
        mFeatureProvider = FeatureFactory.getFactory(context)
                .getEnterprisePrivacyFeatureProvider(context);
    }
--- a/src/com/android/settings/enterprise/DevicePolicyManagerWrapper.java
+++ b/src/com/android/settings/enterprise/DevicePolicyManagerWrapper.java
@@ -26,6 +26,13 @@ import android.support.annotation.Nullable;
 * newer than the API version supported by Robolectric.
 */
 public interface DevicePolicyManagerWrapper {
+    /**
+     * Calls {@code DevicePolicyManager.getMaximumFailedPasswordsForWipe()}.
+     *
+     * @see android.app.admin.DevicePolicyManager#getMaximumFailedPasswordsForWipe
+     */
+    int getMaximumFailedPasswordsForWipe(@Nullable ComponentName admin, int userHandle);
+
    /**
     * Calls {@code DevicePolicyManager.getDeviceOwnerComponentOnAnyUser()}.
     *
@@ -33,12 +40,26 @@ public interface DevicePolicyManagerWrapper {
     */
    ComponentName getDeviceOwnerComponentOnAnyUser();

+    /**
+     * Calls {@code DevicePolicyManager.getDeviceOwnerUserId()}.
+     *
+     * @see android.app.admin.DevicePolicyManager#getDeviceOwnerUserId
+     */
+    int getDeviceOwnerUserId();
+
+    /**
+     * Calls {@code DevicePolicyManager.getProfileOwnerAsUser()}.
+     *
+     * @see android.app.admin.DevicePolicyManager#getProfileOwnerAsUser
+     */
+    @Nullable ComponentName getProfileOwnerAsUser(final int userId);
+
    /**
     * Calls {@code DevicePolicyManager.getDeviceOwnerNameOnAnyUser()}.
     *
     * @see android.app.admin.DevicePolicyManager#getDeviceOwnerNameOnAnyUser
     */
-    public CharSequence getDeviceOwnerOrganizationName();
+    CharSequence getDeviceOwnerOrganizationName();

    /**
     * Calls {@code DevicePolicyManager.getPermissionGrantState()}.
@@ -53,19 +74,19 @@ public interface DevicePolicyManagerWrapper {
     *
     * @see android.app.admin.DevicePolicyManager#getLastSecurityLogRetrievalTime
     */
-    public long getLastSecurityLogRetrievalTime();
+    long getLastSecurityLogRetrievalTime();

    /**
     * Calls {@code DevicePolicyManager.getLastBugReportRequestTime()}.
     *
     * @see android.app.admin.DevicePolicyManager#getLastBugReportRequestTime
     */
-    public long getLastBugReportRequestTime();
+    long getLastBugReportRequestTime();

    /**
     * Calls {@code DevicePolicyManager.getLastNetworkLogRetrievalTime()}.
     *
     * @see android.app.admin.DevicePolicyManager#getLastNetworkLogRetrievalTime
     */
-    public long getLastNetworkLogRetrievalTime();
+    long getLastNetworkLogRetrievalTime();
 }
--- a/src/com/android/settings/enterprise/DevicePolicyManagerWrapperImpl.java
+++ b/src/com/android/settings/enterprise/DevicePolicyManagerWrapperImpl.java
@@ -27,11 +27,26 @@ public class DevicePolicyManagerWrapperImpl implements DevicePolicyManagerWrappe
        mDpm = dpm;
    }

+    @Override
+    public int getMaximumFailedPasswordsForWipe(@Nullable ComponentName admin, int userHandle) {
+        return mDpm.getMaximumFailedPasswordsForWipe(admin, userHandle);
+    }
+
    @Override
    public ComponentName getDeviceOwnerComponentOnAnyUser() {
        return mDpm.getDeviceOwnerComponentOnAnyUser();
    }

+    @Override
+    public int getDeviceOwnerUserId() {
+        return mDpm.getDeviceOwnerUserId();
+    }
+
+    @Override
+    public @Nullable ComponentName getProfileOwnerAsUser(final int userId) {
+        return mDpm.getProfileOwnerAsUser(userId);
+    }
+
    @Override
    public CharSequence getDeviceOwnerOrganizationName() {
        return mDpm.getDeviceOwnerOrganizationName();
--- a/src/com/android/settings/enterprise/EnterprisePrivacyFeatureProvider.java
+++ b/src/com/android/settings/enterprise/EnterprisePrivacyFeatureProvider.java
@@ -74,4 +74,16 @@ public interface EnterprisePrivacyFeatureProvider {
     * Returns whether the Device Owner set a recommended global HTTP proxy.
     */
    boolean isGlobalHttpProxySet();
+
+    /**
+     * Returns the number of failed login attempts that the Device Owner allows before the entire
+     * device is wiped, or zero if no such limit is set.
+     */
+    int getMaximumFailedPasswordsBeforeWipeInPrimaryUser();
+
+    /**
+     * Returns the number of failed login attempts that the Profile Owner allows before the current
+     * user's managed profile (if any) is wiped, or zero if no such limit is set.
+     */
+    int getMaximumFailedPasswordsBeforeWipeInManagedProfile();
 }
--- a/src/com/android/settings/enterprise/EnterprisePrivacyFeatureProviderImpl.java
+++ b/src/com/android/settings/enterprise/EnterprisePrivacyFeatureProviderImpl.java
@@ -16,6 +16,7 @@

 package com.android.settings.enterprise;

+import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.PackageManager;
@@ -70,12 +71,12 @@ public class EnterprisePrivacyFeatureProviderImpl implements EnterprisePrivacyFe
                return userInfo.id;
            }
        }
-        return -1;
+        return UserHandle.USER_NULL;
    }

    @Override
    public boolean isInCompMode() {
-        return hasDeviceOwner() && getManagedProfileUserId() != -1;
+        return hasDeviceOwner() && getManagedProfileUserId() != UserHandle.USER_NULL;
    }

    @Override
@@ -124,7 +125,7 @@ public class EnterprisePrivacyFeatureProviderImpl implements EnterprisePrivacyFe
    @Override
    public boolean isAlwaysOnVpnSetInManagedProfile() {
        final int managedProfileUserId = getManagedProfileUserId();
-        return managedProfileUserId != -1 &&
+        return managedProfileUserId != UserHandle.USER_NULL &&
                VpnUtils.isAlwaysOnVpnSet(mCm, managedProfileUserId);
    }

@@ -133,6 +134,28 @@ public class EnterprisePrivacyFeatureProviderImpl implements EnterprisePrivacyFe
        return mCm.getGlobalProxy() != null;
    }

+    @Override
+    public int getMaximumFailedPasswordsBeforeWipeInPrimaryUser() {
+        final ComponentName deviceOwner = mDpm.getDeviceOwnerComponentOnAnyUser();
+        if (deviceOwner == null) {
+            return 0;
+        }
+        return mDpm.getMaximumFailedPasswordsForWipe(deviceOwner, mDpm.getDeviceOwnerUserId());
+    }
+
+    @Override
+    public int getMaximumFailedPasswordsBeforeWipeInManagedProfile() {
+        final int userId = getManagedProfileUserId();
+        if (userId == UserHandle.USER_NULL) {
+            return 0;
+        }
+        final ComponentName profileOwner = mDpm.getProfileOwnerAsUser(userId);
+        if (profileOwner == null) {
+            return 0;
+        }
+        return mDpm.getMaximumFailedPasswordsForWipe(profileOwner, userId);
+    }
+
    protected static class EnterprisePrivacySpan extends ClickableSpan {
        private final Context mContext;

--- a/src/com/android/settings/enterprise/EnterprisePrivacySettings.java
+++ b/src/com/android/settings/enterprise/EnterprisePrivacySettings.java
@@ -63,6 +63,8 @@ public class EnterprisePrivacySettings extends DashboardFragment {
        controllers.add(new AlwaysOnVpnPrimaryUserPreferenceController(context));
        controllers.add(new AlwaysOnVpnManagedProfilePreferenceController(context));
        controllers.add(new GlobalHttpProxyPreferenceController(context));
+        controllers.add(new FailedPasswordWipePrimaryUserPreferenceController(context));
+        controllers.add(new FailedPasswordWipeManagedProfilePreferenceController(context));
        return controllers;
    }

--- a/src/com/android/settings/enterprise/FailedPasswordWipeManagedProfilePreferenceController.java
+++ b/src/com/android/settings/enterprise/FailedPasswordWipeManagedProfilePreferenceController.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.android.settings.enterprise;
+
+import android.content.Context;
+
+import com.android.settings.R;
+
+public class FailedPasswordWipeManagedProfilePreferenceController
+        extends FailedPasswordWipePreferenceControllerBase {
+
+    private static final String KEY_FAILED_PASSWORD_WIPE_MANAGED_PROFILE
+            = "failed_password_wipe_managed_profile";
+
+    public FailedPasswordWipeManagedProfilePreferenceController(Context context) {
+        super(context, R.plurals.enterprise_privacy_failed_password_wipe_work);
+    }
+
+    @Override
+    protected int getMaximumFailedPasswordsBeforeWipe() {
+        return mFeatureProvider.getMaximumFailedPasswordsBeforeWipeInManagedProfile();
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_FAILED_PASSWORD_WIPE_MANAGED_PROFILE;
+    }
+}
--- a/src/com/android/settings/enterprise/FailedPasswordWipePreferenceControllerBase.java
+++ b/src/com/android/settings/enterprise/FailedPasswordWipePreferenceControllerBase.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.enterprise;
+
+import android.content.Context;
+import android.content.res.Resources;
+import android.support.v7.preference.Preference;
+
+import com.android.settings.core.PreferenceController;
+import com.android.settings.overlay.FeatureFactory;
+
+public abstract class FailedPasswordWipePreferenceControllerBase extends PreferenceController {
+
+    private final int mStringResourceId;
+    protected final EnterprisePrivacyFeatureProvider mFeatureProvider;
+
+    public FailedPasswordWipePreferenceControllerBase(Context context, int stringResourceId) {
+        super(context);
+        mStringResourceId = stringResourceId;
+        mFeatureProvider = FeatureFactory.getFactory(context)
+                .getEnterprisePrivacyFeatureProvider(context);
+    }
+
+    protected abstract int getMaximumFailedPasswordsBeforeWipe();
+
+    @Override
+    public void updateState(Preference preference) {
+        final int failedPasswordsBeforeWipe = getMaximumFailedPasswordsBeforeWipe();
+        if (failedPasswordsBeforeWipe == 0) {
+            preference.setVisible(false);
+        } else {
+            preference.setVisible(true);
+            preference.setTitle(mContext.getResources().getQuantityString(
+                    mStringResourceId, failedPasswordsBeforeWipe, failedPasswordsBeforeWipe));
+        }
+    }
+
+    @Override
+    public boolean isAvailable() {
+        return true;
+    }
+}
--- a/src/com/android/settings/enterprise/FailedPasswordWipePrimaryUserPreferenceController.java
+++ b/src/com/android/settings/enterprise/FailedPasswordWipePrimaryUserPreferenceController.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package com.android.settings.enterprise;
+
+import android.content.Context;
+
+import com.android.settings.R;
+
+public class FailedPasswordWipePrimaryUserPreferenceController
+        extends FailedPasswordWipePreferenceControllerBase {
+
+    private static final String KEY_FAILED_PASSWORD_WIPE_PRIMARY_USER
+            = "failed_password_wipe_primary_user";
+
+    public FailedPasswordWipePrimaryUserPreferenceController(Context context) {
+        super(context, R.plurals.enterprise_privacy_failed_password_wipe_device);
+    }
+
+    @Override
+    protected int getMaximumFailedPasswordsBeforeWipe() {
+        return mFeatureProvider.getMaximumFailedPasswordsBeforeWipeInPrimaryUser();
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_FAILED_PASSWORD_WIPE_PRIMARY_USER;
+    }
+}