For private space lock setup as part of both PS setup and separate lock
form private space settings we need to show only traditional unlock
factors and Fingerprint but not show Face enrolment even on devices
where Face unlock is supported by hardware.
Once LSKF is enrolled it should be followed by Fingerprint enrollment
flow and after that Face enrollment should not be shown and exit lock
setup flow.
Currently for separate profile lock setup ACTION_SET_NEW_PASSWORD intent
is used in private space setup.
With this intent the options of LSKF+fingerprint+Face is shown in
devices supporting both fingerprint and face hardware. After the LSKF
ennrollment BiometricEnrollActivity is started which continues with
fingerprint and Face enrollment.
With this change we are passing an extra along with the intent to enroll
fingerprint only. Based on the intent extra value if set even if hardware
support exists the lock enrollment for the profile will support only
LSKF and fingerprint enrollment but not start Face enrollment.
User will still have the option to enroll Face from the dedicated settings
entrypoint in private space settings.
Recording link : b/323839067#comment4
Bug: 323839067
Test: Manual, verified option for face enrollment is shown or not shown
based on the intent extra. When extra is not passed the behaviour will be
default.
Change-Id: Idf92084052e02df9ca89f288c618796750e563e6
Update the strings for the warning shown to the user when they are about
to remove their screen lock and there are authentication-bound keys
that would be invalidated.
These strings are provided by Android UXW.
Additionally, apply the new string to all types of device lock screen:
Pattern, password and unknown.
Bug: 302109605
Test: Manual, flashed a device and added different types of screen lock.
Change-Id: Ida6f5f16c5aa1671f3f2c1358160b8173a1d1407
When the user goes through the flow of removing the device's lockscreen
knowledge factor (LSKF), warn them in case they have apps with
auth-bound keys on the device. Auth-bound keys that are bound to the
LSKF's secure user ID (that is, auth-bound keys that can be
authenticated by the user entering their LSKF) will be invalidated
when the LSKF is removed.
That means apps will not be able to decrypt the data encrypted with
these keys or use them to sign anything anymore (potentially effectively
losing the user's ability to prove their identity).
In this case, change the warning message that is shown to the user,
to make it clear wallet apps (that typically use such keys) will stop
working as well as other apps.
Bug: 302109605
Test: Manual, enrolled a PIN, face and fingerprint and tried removing PIN.
A CtsVerifier test will be added later.
Change-Id: I276b744f54763e291abe1f20824da4f8f156679d
During a new lock setup for profile whose credential is shareable with
its parent first the user is authenticated with device lock after which
an activity having options of Pin/Pattern/Password with fingerprint and
face combinations is shown.
On choosing any option which has combination to set LSFK and biometric
it is expected that after setting LSKF the Biometric enroll activity is
started but currently this does not work as expected as the
ChooseLockGeneric activity is finished after adding LSKF and it does not
start the biometric enrollment for the profile.
The issue also exists with non-profile users using this workflow through
SET_NEW_PASSWORD intent and if already have LSKF assigned.
This change adds a new boolean which takes care to not finish the
activity till the Biometric enrollment is started.
Below conditions are taken care with this change
- For new lock setup when device lock already exists then after
authentication of current device lock make sure the activity is not
finished untill the biometrics enrollment activity is started.
- On choosing continue without fingerprint or face option the biometrics
enrollment is not started
screen recordings uploaded to buganizer - b/316109077
Bug: 316109077
Test: Manual
Change-Id: Ifcbaa7d89195d87d432fc848092f2301752c3c22
Repair mode requires the completion result after an user chooses
a new screen lock. This change defers finishing the activity until
the activity result is available.
Bug: 281641188
Test: atest SettingsRoboTests:com.android.settings.password
Change-Id: If635521ef7e1c509950d9683c15dffe45375cf4f
go/ss/3kmkEkasv6vmDDo.png
go/ss/7CzzSXZthbJVcEr.png
Bug: 308862923
Test: atest ChooseLockGenericTest and Verified manually customized
message is shown when passed with intent.
Change-Id: I784d42c4702801ec45bc8d4c5e911a404f549d46
Whenever launching
ChooseLockGeneric/ChooseLockPassword/ChooseLockPassword the activity
will finish itself when it goes into the background. This is to ensure
that a user only has an opporunity to complete this process once the
activity is shown. (It cannot be resumed after a power button press, or
sending the activity to the background)
Test: Verified in Settings that the ChooseLockGeneric,
ChooseLockPassword and the ChooseLockPattern activities now exit if they
are sent to the background.
Test: Same as above but in SUW
Test: m -j40 RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password.ChooseLockPatternTest
Test: m -j40 RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password.ChooseLockPasswordTest
Fixes: 287473148
Change-Id: Icc9142ff4672ab3669b2f425ff351b03ce7a223a
So the new password can be saved per caller's request.
This will remove the additional step to ask the user
to enter the new credential again and thus simplifying
the UI flow.
Bug: 271968977
Bug: 277561275
Test: atest SettingsUnitTests:SaveAndFinishWorkerTest
Test: atest ChooseLockPasswordTest
Change-Id: I20232619225b17edda0a72dad43b120d5a249203
Legacy choose lock options was hard coded description.
1. In T-QPR when device do not support Face enroll in SUW flow,
We should remove "Face" from the description.
2. Use BidiFormatter to handle RTL string combination.
3. Define a new string for "Fingerprint"
4. Add workaround crash in ChooseLockGenericTest/SetupChooseLockGenericTest
Test: Manual login corp, and observe the UI in Choose screen lock
Test: adb shell settings put system system_locales ar check RTL
Test: m RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.password
Bug: 269786629
Bug: 277361320
Change-Id: I2b26b7cc229f66300bb23ca190bb21f86f1caa01
Test: Manual - navigate to the activity mentioned in the bug and observe
the background
Bug: 264993674
Change-Id: I21c8143099e4c76ed5744cff12f31f578320a871
Support for Full Disk Encryption was removed in Android 13, since now
File Based Encryption is always used instead. It turns out that I
missed a fairly large chunk of obsolete code: EncryptionInterstitial,
which is the screen that asks whether the device will require the
primary user's lockscreen credential when it starts up. This used to be
shown when setting the primary user's lockscreen credential, to
determine whether the full-disk encryption key would be tied to that
lockscreen credential or not. But now it's unused code.
This CL removes all this unused code.
This should not change any behavior, with one very minor exception:
Settings will no longer explicitly set the REQUIRE_PASSWORD_TO_DECRYPT
setting to 0 whenever the primary user's lockscreen credential is
changed. (This happened in SaveChosenLockWorkerBase.) This setting is
a @SystemApi, but it no longer has any meaning, since it is never set to
1 anymore. If there is a reason to keep it explicitly set to 0, instead
of unset, we should make LockSettingsService in system_server set it.
Test: Went through SUW, set a PIN, cleared the PIN, set a PIN again (all
using the UI). Nothing unusual seen.
Bug: 208476087
Change-Id: I039cc7a284e3f43e1e284970a5869958c909d1b7
Since emulated FBE is no longer supported, isFileEncryptedNativeOnly()
and isFileEncryptedNativeOrEmulated() are the same as the new method
isFileEncrypted(). Replace all calls to these deprecated methods in
this repository with isFileEncrypted().
Bug: 232458753
Change-Id: I95beea86ef771396c2e08f2d6a643fdc629ad89f
Links are not allowed in footer preference title now, so splitting the
string in to title text and learn more text for set a separate work
lock message
Bug: 206083998
Bug: 231296099
Test: NA
Change-Id: Ic19b4b7a9c8239726b1d53cecad1e341458610cb
With FDE (Full Disk Encryption), secure start-up (i.e. requiring a PIN /
pattern / password to boot the device) was incompatible with
accessibility services. Thus, the accessibility settings would ask the
user to disable secure start-up when enabling an accessibility service.
Now that FDE support has been removed in favor of FBE (File Based
Encryption), this is no longer necessary. Remove it.
Bug: 208476087
Change-Id: I5f6e512f223df63e1b4d1c181fc8b3fe683dcd5f
* Move all logics around aggregating password policies
to the controller
* Replace HIDE_DISABLED_PREFS and MINIMUM_QUALITY_KEY
with HIDE_INSECURE_OPTIONS as all call sites are just
using them to hide insecure screenlock options.
* Remove password policy aggregation logic from
ChooseLockPassword and make it use policies passed in.
* Remove padlock from disabled screen lock options,
per UX mock.
* Increase char limit for some strings
Bug: 177638284
Bug: 177641868
Bug: 182561862
Test: m RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.password
Test: 1. set profile password quality/complexity and enroll device lock
2. set profile password quality/complexity and enroll work challenge
3. set parent password quality/complexity and enroll device lock
4. set parent password quality/complexity and enroll work challenge
5. set profile and parent password complexity, then enroll work challenge
6. set profile and parent password complexity, then unify work challenge
7. Enroll device lock during SUW
Change-Id: Iba1d37e6f33eba7b7e8e1f805f8e37aaec108404
1) Credential can no longer be removed for separate challenge profiles,
so strings and supporting logic are also now removed
2) Updates existing strings for credential and fingerprint
3) Adds new strings for face
4) Adds new strings for face + fingerprint
Bug: 185180691
Test: manual on device
Change-Id: I2a850eb6644103e14ef2a670222e500c705a16cd
Show different titles and description messages when
enrolling password under various conditions:
* personal lock verus work lock
* adding a new lock versus updating existing lock
* enrolling a PIN verus password versus pattern
Add icons to options in screen lock picker.
Add an option to redirect to work lock flow if the admin
has set device-wide password requirement.
Bug: 183922696
Test: m RunSettingsRoboTests -j ROBOTEST_FILTER=com.android.settings.password
Change-Id: I40417b113814659d3226a44eb7f9d553386e3c58
Need to make a copy of the LockscreenCredential in
onSaveInstanceState() since the credential will be
zeroized in onDestroy() while Bundle.putParcelable()
only keeps a reference of the object without any
copying.
Bug: 179108398
Test: manual
Change-Id: I090b691630f82406d1ae2f625dd2e0d578b83707
When set, only enforce password requirement explicitly set device-wide.
As part of the change, restructure the code such that ChooseLockGeneric
becomes the central place for aggregating password requirements from
different parties, while ChooseLockPassword only enforces whatever
password reuirement it is told (by ChooseLockGeneric via intent extras)
Bug: 169832516
Test: m RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password
Change-Id: I0acbea4819c13d4a8444c7b06928baccead18837
Enforce a lock screen that adheres with the required complexity set by
the admin.
This is done by querying the DevicePolicyManager for the complexity set
for the given user, and merging it with the complexity from the "change
lock screen" intent (if any).
If the admin sets a higher complexity requirement than the app
triggering the lock screen change request, then the admin-set complexity
is enforced and the user is not shown information about the requesting
app.
Bug: 165573442
Test: Manually, set complexity using TestDPC and see it applies.
Test: m RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password.ChooseLockGenericTest
Test: m RunSettingsRoboTests ROBOTEST_FILTER=com.android.settings.password.ChooseLockPasswordTest
Change-Id: If3f24f7430bdcbcd34265339f7d2a1ff82a44fc1
1) Adds a layout for multi-biometric selection in BiometricEnrollActivity
2) Adds widgets for checkboxes
3) Shows ConfirmLock*/ChooseLock* for multi-biometric devices in
BiometricEnrollActivity
4) finish()'s when loses foreground
5) Adds default string for ChooseLock* and multi-biometrics, e.g.
"Set up Password + Biometrics", as well as associated plumbing
to bring the user back to BiometricEnrollActivity once the
credential is enrolled
6) When max templates enrolled, checkbox becomes disabled and
description string is updated
Bug: 162341940
Bug: 152242790
Fixes: 161742393
No effect on existing devices with the following:
Test: adb shell am start -a android.settings.BIOMETRIC_ENROLL
Test: SUW
Test: make -j RunSettingsRoboTests
Exempt-From-Owner-Approval: Biometric-related change
to EncryptionInterstitial
Change-Id: I855460d50228ace24d4ec5fbe330f02ab406cc02
LockSettingsService returns a handle to the gatekeeper password
instead of the password itself now. As such, update areas of code
accordingly.
Bug: 161765592
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Ibc71ec88f8192620d041bfd125f400371708b296
Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.
Bug: 161765592
1) Request credential setup / confirmation to return a
Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
verify(GatekeeperPassword, challenge), and upon verification,
the Gatekeeper HAT will be returned.
Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).
Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename
Test: RunSettingsRoboTests
Run the following on face/fingerprint devices
Test: Remove credential
adb shell am start -a android.app.action.SET_NEW_PASSWORD
Set up credential + fingerprint
Test: Remove credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
adb shell am start -a android.settings.FINGERPRINT_SETTINGS
This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
This tests the ChooseLock* returning SP path from
BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
fingerprint/face settings and enroll. This tests the
ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
fingerprint/face separately. Succeeds. This tests the
ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
This tests the ConfirmLock* path in SUW
Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc
The multitude of slightly different launchConfirmationActivity(*)
methods are a big unsustainable pyramid. It's too difficult to
read, too difficult to track which clients are interested in which
parameters, and too difficult to add new parameters, since we need to
1) Read through all of them and find one that's the closest
2) Try not to affect other callers, so potentially add yet another
3) Modify the internal paths, which all basically call each other
until it reaches the biggest launchConfirmationActivity which
has ALL of the parameters
This change should have no behavioral change.
Note: CredentialStorage doesn't need returnCredentials anymore as of
ag/6073449
Test: make -j56 RunSettingsRoboTests
Test: Manually traced code paths for each invocation. A few hidden
dependencies (such as explicitly setting challenge=0 with
hasChallenge=true) were found. Left them the way they were in
case they were intended
Test: Enroll face, fingerprint
Test: Enable developer options
Test: Change to PIN, Pattern, Password, then back to PIN (so each
type requests confirmation)
Test: adb shell am start -a android.app.action.CONFIRM_DEVICE_CREDENTIAL,
authenticate
Test: adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL
(shows confirm credential screen)
Fixes: 138453993
Change-Id: Ic82ef3c3ac2e14d624281921f2d816bcdacbd82b
Force a garbage collection and zeroize some fields after Activity finishes
Test: Goes through password change flow, then grab a heap dump via
adb shell 'am dumpheap $(pidof com.android.settings)
/data/local/tmp/settings.hprof'
And grep for password in the dump
Bug: 144537463
Change-Id: Idd0a04ada98900aeb2a6d20bb1270a4a4aec2cfd
On devices without PersistentDataBlock support, we should
always allow setting up password during provisioning.
Bug: 157451551
Test: make RunSettingsRoboTests
ROBOTEST_FILTER=com.android.settings.password
Test: On cuttlefish, file ACTION_SET_NET_PASSWORD before SUW completes
Change-Id: Ic7b5d99b38e6427750ce70fa7e38f7ef6054d4ad
When unifying work profile challenge, keep the device lock
as long as it will still meet password requirement after unification.
If not, prompt the user to set a new device lock and only unify
work challenge after a compliant device lock is set.
Bug: 148630506
Fix: 149682344
Test: make RunSettingsRoboTests
ROBOTEST_FILTER='ChooseLockGenericTest|ChooseLockPasswordTest|ChooseLockPatternTest|LockUnificationPreferenceControllerTest'
Change-Id: I99cde2650902927f6a4cc7c0cc7c6016e0dc283f
- Assign metrics category to perferences at an earlier stage in
DashboardFragment for better usability.
Bug: 137559984
Test: robotest
Change-Id: Icd4185efa0e655be20c4b673a1380fa42140923f
The device management app may run before the end of device provisioning,
and it may start SetNewPasswordActivity. If this happens, use
ChooseLockGeneric instead of SetupChooseLockGeneric. Only use
SetupChoseLockGeneric if SetNewPasswordActivity was started by Setup
Wizard itself.
Fixes: 151552453
Test: atest com.android.settings.password.SetNewPasswordActivityTest
Test: atest com.android.settings.password.ChooseLockGenericTest
Test: Manually run consumer and enterprise device setup
Change-Id: I3b479ed18211d6625654f266fe692f07d0047e4f
