PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix Continous loop in unifed screenlock when trying to Trust a CA cert" into nyc-dev

Browse Source
This commit is contained in:
Victor Chang
2016-05-23 11:51:54 +00:00
committed by Android (Google) Code Review
parent ffe930ec76 5e0a46bff6
commit b0054ec4e2
6 changed files with 236 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
src/com/android/settings/ChooseLockSettingsHelper.java
View File

@@ -24,12 +24,14 @@ import android.content.Intent;
import android.content.IntentSender;
import android.os.UserManager;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.widget.LockPatternUtils;
public final class ChooseLockSettingsHelper {
static final String EXTRA_KEY_TYPE = "type";
static final String EXTRA_KEY_PASSWORD = "password";
public static final String EXTRA_KEY_RETURN_CREDENTIALS = "return_credentials";
public static final String EXTRA_KEY_HAS_CHALLENGE = "has_challenge";
public static final String EXTRA_KEY_CHALLENGE = "challenge";
public static final String EXTRA_KEY_CHALLENGE_TOKEN = "hw_auth_token";
@@ -37,7 +39,7 @@ public final class ChooseLockSettingsHelper {
public static final String EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT = "for_cred_req_boot";
private LockPatternUtils mLockPatternUtils;
@VisibleForTesting LockPatternUtils mLockPatternUtils;
private Activity mActivity;
private Fragment mFragment;
@@ -104,7 +106,8 @@ public final class ChooseLockSettingsHelper {
* @param returnCredentials if true, put credentials into intent. Note that if this is true,
* this can only be called internally.
* @param external specifies whether this activity is launched externally, meaning that it will
* get a dark theme and allow fingerprint authentication
* get a dark theme, allow fingerprint authentication and it will forward
* activity result.
* @return true if one exists and we launched an activity to confirm it
* @see Activity#onActivityResult(int, int, android.content.Intent)
*/
@@ -124,7 +127,8 @@ public final class ChooseLockSettingsHelper {
* @param returnCredentials if true, put credentials into intent. Note that if this is true,
* this can only be called internally.
* @param external specifies whether this activity is launched externally, meaning that it will
* get a dark theme and allow fingerprint authentication
* get a dark theme, allow fingerprint authentication and it will forward
* activity result.
* @param userId The userId for whom the lock should be confirmed.
* @return true if one exists and we launched an activity to confirm it
* @see Activity#onActivityResult(int, int, android.content.Intent)
@@ -138,35 +142,58 @@ public final class ChooseLockSettingsHelper {
/**
* If a pattern, password or PIN exists, prompt the user before allowing them to change it.
* @param message optional message to display about the action about to be done
* @param details optional detail message to display
*
* @param title title of the confirmation screen; shown in the action bar
* @param header header of the confirmation screen; shown as large text
* @param description description of the confirmation screen
* @param challenge a challenge to be verified against the device credential.
* This method can only be called internally.
* @return true if one exists and we launched an activity to confirm it
* @see #onActivityResult(int, int, android.content.Intent)
* @see Activity#onActivityResult(int, int, android.content.Intent)
*/
public boolean launchConfirmationActivity(int request, @Nullable CharSequence title,
@Nullable CharSequence header, @Nullable CharSequence description,
long challenge) {
return launchConfirmationActivity(request, title, header, description,
false, false, true, challenge, Utils.getCredentialOwnerUserId(mActivity));
true, false, true, challenge, Utils.getCredentialOwnerUserId(mActivity));
}
/**
* If a pattern, password or PIN exists, prompt the user before allowing them to change it.
* @param message optional message to display about the action about to be done
* @param details optional detail message to display
*
* @param title title of the confirmation screen; shown in the action bar
* @param header header of the confirmation screen; shown as large text
* @param description description of the confirmation screen
* @param challenge a challenge to be verified against the device credential.
* This method can only be called internally.
* @param userId The userId for whom the lock should be confirmed.
* @return true if one exists and we launched an activity to confirm it
* @see #onActivityResult(int, int, android.content.Intent)
* @see Activity#onActivityResult(int, int, android.content.Intent)
*/
public boolean launchConfirmationActivity(int request, @Nullable CharSequence title,
@Nullable CharSequence header, @Nullable CharSequence description,
long challenge, int userId) {
return launchConfirmationActivity(request, title, header, description,
false, false, true, challenge, Utils.enforceSameOwner(mActivity, userId));
true, false, true, challenge, Utils.enforceSameOwner(mActivity, userId));
}
/**
* If a pattern, password or PIN exists, prompt the user before allowing them to change it.
*
* @param title title of the confirmation screen; shown in the action bar
* @param header header of the confirmation screen; shown as large text
* @param description description of the confirmation screen
* @param external specifies whether this activity is launched externally, meaning that it will
* get a dark theme, allow fingerprint authentication and it will forward
* activity result.
* @param challenge a challenge to be verified against the device credential.
* @param userId The userId for whom the lock should be confirmed.
* @return true if one exists and we launched an activity to confirm it
* @see Activity#onActivityResult(int, int, android.content.Intent)
*/
public boolean launchConfirmationActivityWithExternalAndChallenge(int request,
@Nullable CharSequence title, @Nullable CharSequence header,
@Nullable CharSequence description, boolean external, long challenge, int userId) {
return launchConfirmationActivity(request, title, header, description, false,
external, true, challenge, Utils.enforceSameOwner(mActivity, userId));
}
private boolean launchConfirmationActivity(int request, @Nullable CharSequence title,
@@ -181,7 +208,7 @@ public final class ChooseLockSettingsHelper {
launched = launchConfirmationActivity(request, title, header, description,
returnCredentials || hasChallenge
? ConfirmLockPattern.InternalActivity.class
: ConfirmLockPattern.class, external,
: ConfirmLockPattern.class, returnCredentials, external,
hasChallenge, challenge, userId);
break;
case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
@@ -193,7 +220,7 @@ public final class ChooseLockSettingsHelper {
launched = launchConfirmationActivity(request, title, header, description,
returnCredentials || hasChallenge
? ConfirmLockPassword.InternalActivity.class
: ConfirmLockPassword.class, external,
: ConfirmLockPassword.class, returnCredentials, external,
hasChallenge, challenge, userId);
break;
}
@@ -201,8 +228,9 @@ public final class ChooseLockSettingsHelper {
}
private boolean launchConfirmationActivity(int request, CharSequence title, CharSequence header,
CharSequence message, Class<?> activityClass, boolean external, boolean hasChallenge,
long challenge, int userId) {
CharSequence message, Class<?> activityClass, boolean returnCredentials,
boolean external, boolean hasChallenge, long challenge,
int userId) {
final Intent intent = new Intent();
intent.putExtra(ConfirmDeviceCredentialBaseFragment.TITLE_TEXT, title);
intent.putExtra(ConfirmDeviceCredentialBaseFragment.HEADER_TEXT, header);
@@ -211,6 +239,7 @@ public final class ChooseLockSettingsHelper {
intent.putExtra(ConfirmDeviceCredentialBaseFragment.DARK_THEME, external);
intent.putExtra(ConfirmDeviceCredentialBaseFragment.SHOW_CANCEL_BUTTON, external);
intent.putExtra(ConfirmDeviceCredentialBaseFragment.SHOW_WHEN_LOCKED, external);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, returnCredentials);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, hasChallenge);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
// we should never have a drawer when confirming device credentials.

5
src/com/android/settings/ConfirmDeviceCredentialActivity.java
View File

@@ -89,8 +89,9 @@ public class ConfirmDeviceCredentialActivity extends Activity {
&& !lockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
// We set the challenge as 0L, so it will force to unlock managed profile when it
// unlocks primary profile screen lock, by calling verifyTiedProfileChallenge()
launched = helper.launchConfirmationActivity(0 /* request code */, null /* title */,
title, details, 0L, userId);
launched = helper.launchConfirmationActivityWithExternalAndChallenge(
0 /* request code */, null /* title */, title, details, true /* isExternal */,
0L /* challenge */, userId);
} else {
launched = helper.launchConfirmationActivity(0 /* request code */, null /* title */,
title, details, false /* returnCredentials */, true /* isExternal */, userId);

22
src/com/android/settings/ConfirmDeviceCredentialBaseFragment.java
View File

@@ -37,6 +37,7 @@ import android.os.Bundle;
import android.os.Handler;
import android.os.RemoteException;
import android.os.UserManager;
import android.security.KeyStore;
import android.view.View;
import android.view.ViewGroup;
import android.widget.Button;
@@ -68,6 +69,7 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
private FingerprintUiHelper mFingerprintHelper;
protected boolean mIsStrongAuthRequired;
private boolean mAllowFpAuthentication;
protected boolean mReturnCredentials = false;
protected Button mCancelButton;
protected ImageView mFingerprintIcon;
protected int mEffectiveUserId;
@@ -81,15 +83,17 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
super.onCreate(savedInstanceState);
mAllowFpAuthentication = getActivity().getIntent().getBooleanExtra(
ALLOW_FP_AUTHENTICATION, false);
mReturnCredentials = getActivity().getIntent().getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false);
// Only take this argument into account if it belongs to the current profile.
Intent intent = getActivity().getIntent();
mUserId = Utils.getUserIdFromBundle(getActivity(), intent.getExtras());
final UserManager userManager = UserManager.get(getActivity());
mEffectiveUserId = userManager.getCredentialOwnerProfile(mUserId);
mIsStrongAuthRequired = isStrongAuthRequired();
mAllowFpAuthentication = mAllowFpAuthentication && !isFingerprintDisabledByAdmin()
&& !mIsStrongAuthRequired;
mLockPatternUtils = new LockPatternUtils(getActivity());
mIsStrongAuthRequired = isFingerprintDisallowedByStrongAuth();
mAllowFpAuthentication = mAllowFpAuthentication && !isFingerprintDisabledByAdmin()
&& !mReturnCredentials && !mIsStrongAuthRequired;
}
@Override
@@ -126,8 +130,13 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
return (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT) != 0;
}
private boolean isStrongAuthRequired() {
return !(UserManager.get(getContext()).isUserUnlocked(mEffectiveUserId));
// User could be locked while Effective user is unlocked even though the effective owns the
// credential. Otherwise, fingerprint can't unlock fbe/keystore through
// verifyTiedProfileChallenge. In such case, we also wanna show the user message that
// fingerprint is disabled due to device restart.
private boolean isFingerprintDisallowedByStrongAuth() {
return !(mLockPatternUtils.isFingerprintAllowedForUser(mEffectiveUserId)
&& KeyStore.getInstance().state(mUserId) == KeyStore.State.UNLOCKED);
}
@Override
@@ -245,6 +254,9 @@ public abstract class ConfirmDeviceCredentialBaseFragment extends OptionsMenuFra
protected void reportSuccessfullAttempt() {
if (isProfileChallenge()) {
mLockPatternUtils.reportSuccessfulPasswordAttempt(mEffectiveUserId);
// Keyguard is responsible to disable StrongAuth for primary user. Disable StrongAuth
// for work challenge only here.
mLockPatternUtils.userPresent(mEffectiveUserId);
}
}

12
src/com/android/settings/ConfirmLockPassword.java
View File

@@ -187,7 +187,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
boolean isProfile = Utils.isManagedProfile(
UserManager.get(getActivity()), mEffectiveUserId);
// Map boolean flags to an index by isStrongAuth << 2 + isProfile << 1 + isAlpha.
int index = ((mIsStrongAuthRequired ? 1 : 0) << 2) + ((isProfile ? 1 : 0 ) << 1)
int index = ((mIsStrongAuthRequired ? 1 : 0) << 2) + ((isProfile ? 1 : 0) << 1)
+ (mIsAlpha ? 1 : 0);
return DETAIL_TEXTS[index];
}
@@ -356,9 +356,11 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
boolean matched = false;
if (token != null) {
matched = true;
intent.putExtra(
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
token);
if (mReturnCredentials) {
intent.putExtra(
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
token);
}
}
mCredentialCheckResultTracker.setResult(matched, intent, timeoutMs,
localUserId);
@@ -382,7 +384,7 @@ public class ConfirmLockPassword extends ConfirmDeviceCredentialBaseActivity {
@Override
public void onChecked(boolean matched, int timeoutMs) {
mPendingLockCheck = null;
if (matched && isInternalActivity()) {
if (matched && isInternalActivity() && mReturnCredentials) {
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
mIsAlpha ? StorageManager.CRYPT_TYPE_PASSWORD
: StorageManager.CRYPT_TYPE_PIN);

10
src/com/android/settings/ConfirmLockPattern.java
View File

@@ -439,9 +439,11 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
boolean matched = false;
if (token != null) {
matched = true;
intent.putExtra(
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
token);
if (mReturnCredentials) {
intent.putExtra(
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
token);
}
}
mCredentialCheckResultTracker.setResult(matched, intent, timeoutMs,
localEffectiveUserId);
@@ -472,7 +474,7 @@ public class ConfirmLockPattern extends ConfirmDeviceCredentialBaseActivity {
@Override
public void onChecked(boolean matched, int timeoutMs) {
mPendingLockCheck = null;
if (matched && isInternalActivity()) {
if (matched && isInternalActivity() && mReturnCredentials) {
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_TYPE,
StorageManager.CRYPT_TYPE_PATTERN);
intent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD,

157
tests/unit/src/com/android/settings/ChooseLockSettingsHelperTest.java Normal file
View File

@@ -0,0 +1,157 @@
package com.android.settings;
import android.app.Activity;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.os.UserHandle;
import android.os.UserManager;
import android.test.AndroidTestCase;
import com.android.internal.widget.LockPatternUtils;
import org.mockito.ArgumentCaptor;
import java.util.List;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
public class ChooseLockSettingsHelperTest extends AndroidTestCase {
private static final String SYSTEM_PROPERTY_DEXMAKER_DEXCACHE = "dexmaker.dexcache";
@Override
protected void setUp() throws Exception {
super.setUp();
System.setProperty(SYSTEM_PROPERTY_DEXMAKER_DEXCACHE, getContext().getCacheDir().getPath());
}
@Override
protected void tearDown() throws Exception {
super.tearDown();
System.clearProperty(SYSTEM_PROPERTY_DEXMAKER_DEXCACHE);
}
public void testlaunchConfirmationActivityWithExternalAndChallenge() {
final int userId = UserHandle.myUserId();
final int request = 100;
final long challenge = 10000L;
{
// Test external == true
final boolean external = true;
final Activity mockActivity = getMockActivity();
ChooseLockSettingsHelper helper = getChooseLockSettingsHelper(mockActivity);
helper.launchConfirmationActivityWithExternalAndChallenge(
request, // request
"title",
"header",
"description",
external,
challenge,
userId
);
final ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class);
verify(mockActivity, times(1)).startActivity(intentCaptor.capture());
Intent capturedIntent = getResultIntent(intentCaptor);
assertEquals(new ComponentName("com.android.settings",
ConfirmLockPattern.InternalActivity.class.getName()),
capturedIntent.getComponent());
assertFalse(capturedIntent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false));
assertTrue(capturedIntent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false));
assertEquals(challenge, capturedIntent.getLongExtra(
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0L));
assertEquals(external,
(capturedIntent.getFlags() & Intent.FLAG_ACTIVITY_FORWARD_RESULT) != 0);
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.ALLOW_FP_AUTHENTICATION, false));
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.DARK_THEME, false));
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.SHOW_CANCEL_BUTTON, false));
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.SHOW_WHEN_LOCKED, false));
}
{
// Test external == false
final boolean external = false;
final Activity mockActivity = getMockActivity();
ChooseLockSettingsHelper helper = getChooseLockSettingsHelper(mockActivity);
helper.launchConfirmationActivityWithExternalAndChallenge(
request, // request
"title",
"header",
"description",
external,
challenge,
userId
);
final ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class);
verify(mockActivity, times(1)).startActivityForResult(intentCaptor.capture(),
eq(request));
Intent capturedIntent = getResultIntent(intentCaptor);
assertEquals(new ComponentName("com.android.settings",
ConfirmLockPattern.InternalActivity.class.getName()),
capturedIntent.getComponent());
assertFalse(capturedIntent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_RETURN_CREDENTIALS, false));
assertTrue(capturedIntent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false));
assertEquals(challenge, capturedIntent.getLongExtra(
ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0L));
assertEquals(external,
(capturedIntent.getFlags() & Intent.FLAG_ACTIVITY_FORWARD_RESULT) != 0);
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.ALLOW_FP_AUTHENTICATION, false));
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.DARK_THEME, false));
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.SHOW_CANCEL_BUTTON, false));
assertEquals(external, capturedIntent.getBooleanExtra(
ConfirmDeviceCredentialBaseFragment.SHOW_WHEN_LOCKED, false));
}
}
private ChooseLockSettingsHelper getChooseLockSettingsHelper(Activity mockActivity) {
LockPatternUtils mockLockPatternUtils = mock(LockPatternUtils.class);
when(mockLockPatternUtils.getKeyguardStoredPasswordQuality(anyInt()))
.thenReturn(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING);
ChooseLockSettingsHelper helper = new ChooseLockSettingsHelper(mockActivity);
helper.mLockPatternUtils = mockLockPatternUtils;
return helper;
}
private Activity getMockActivity() {
Activity mockActivity = mock(Activity.class);
when(mockActivity.getSystemService(Context.USER_SERVICE))
.thenReturn(getContext().getSystemService(UserManager.class));
when(mockActivity.getContentResolver()).thenReturn(getContext().getContentResolver());
when(mockActivity.getIntent()).thenReturn(new Intent());
return mockActivity;
}
private static Intent getResultIntent(ArgumentCaptor<Intent> intentCaptor) {
List<Intent> capturedIntents = intentCaptor.getAllValues();
assertEquals(1, capturedIntents.size());
return capturedIntents.get(0);
}
}