Use the setup wizard theme for EncryptionInterstital and
RedactionInterstitial as they will show during the lock screen setup
as part of setup wizard.
Bug: 18482708
Change-Id: I65c8924952345a4e17fcf4ffb7d68df53244c5d7
Added a dialog fragment to display warning message about disabling
device protection features when changing from a secure unlock
method to an insecure one.
Bug: 18509782
Change-Id: I0eaa9ff55c14092d8b3361d10da8b4530dd79bee
Basic theming for pattern and password screens. Create subclasses for
ChooseLockPassword and ChooseLockPattern, and copied their XML
layouts.
This CL mainly uses the buttons in the original screens as-is, with a
follow-up CL coming to change to use the nav bar buttons.
Bug: 18482708
Change-Id: I81751f781de633aff23fc68657589360007c235a
This is step one of theming the set-up lock screen flow to match the
setup wizard theme. This shows the general approach of creating a
subclass of both the activity and fragment and overriding methods to
achieve the desired behavior for setup.
ag/594000 is a much more comprehensive change for what the final
change will look like.
Bug: 18482708
Change-Id: Idff34937f39f46a0c488df2cae4c46155b80cab7
The code now observes whether accessibility is turned on when
deciding the default state.
Additionally, it fixes a bug where the user can back out of
EncryptionInterstitial and leave the setting in a bad state.
We now propagate the state until the place where it ultimately
gets stored.
Also fixes problem where Encryption was ignoring the state
where the device was already encrypted.
Fixes bug 17881324
Change-Id: Iec09e4464832a506bb2a78bb14a38b3531971fa0
Updating the accessibility layer behavior to reflect the new
model where accessibility no longer overrides strong encryption.
Now enabling an accessibility service lowers the encryption
level but the user can bump it up in settings if desired.
bug:17881324
Change-Id: Iaf46cbabf1c19c193ea39b35add27aaa4ff509e4
If accessibility is on and the user selectes a secure lock we use weaker
encryption to enable running accessibility layer at the time the user
authenticates. This change adds a warning message to the enable accessibility
service dialog if there is a secure lock and also adds a warning as a
summary for the secure lock in the lock chooser activity. Both warning
mention the weaker encryption to be used.
bug:17671790
Change-Id: Ib5cc9d3a78f751e18362bb9238fd2804c3b600f8
This adds a feature to allow DevicePolicyAdmins to prevent using
simple PINs, which are defined as those containing more than 3
repeated values. Examples include '1234', '2468', '1111', '9876', etc.
Bug 12081139
Change-Id: I68d8fe2459837cb5e083724e1740e65f0519f7e1
- clean some imports
- add key and title to security_settings_picker.xml
- add ChooseLockGenericFragment in SearchIndexableResources
Change-Id: I867a1e11905cc4059d6eccabeab04d55cc3d799e
- the EXTRA_NO_HEADERS flag as no more meaning as we are showing
the Tiles (previously named "Headers") only in the Dashboard
(which is the main Settings screen)
Change-Id: I55656de0d28ca9c84adbe6647d870838b4ac230b
Use plumbing provided by dependant change to bring up correct dialog
at boot time.
Needs matching framework changes from
https://googleplex-android-review.googlesource.com/#/c/412885/
Bug: 8769627
Change-Id: Ib04a2875e051a7cccca035fadb25978dfec22491
- get rid of PreferenceActivity as much as we can and use fragments instead
- add Drawer widget
- add Dashboard high level entry into the Drawer (but this is work in progress and would be done in another CL)
- add bypass of fragment's Header validation when launched from the Drawer but *force* validation if external
call thru an Intent
Be aware that WifiPickerActivity should remain for now a PreferenceActivity. It is used by SetupWizard and should
not trigger running the SettingsActivity's header building code. SetupWizard is a Home during the provisionnig process
and then deactivate itself as a Home but would make the Home header to appear in the Drawer (because momentarily we
would have two Home).
Also, verified that:
- the WiFi settings still work when called from SetupWizard
- when you have multiple Launchers, the Home header will appear in the list of Headers in the Drawer
Change-Id: I407a5e0fdd843ad7615d3d511c416a44e3d97c90
Security fix for vulnerability where an app could launch into the screen lock
change dialog without first confirming the existing password/pattern.
Also, make sure that the fragments are launched with the correct corresponding
activity.
Bug: 9858403
Change-Id: I0f2c00a44abeb624c6fba0497bf6036a6f1a4564
Bug: 10446469
Screen lock options should have been locked down when encryption is
enabled. An incorrect comparison (== instead of equals) caused it
to always bypass encryption quality check.
Change-Id: I7f3856146181a92183555f30bbc50d58bfe0c3d5
Earlier the finish of the chooser was happening before the pattern/pin chooser
was started, resulting in two transitions.
This change defers the finish to after returning from the other activity. There
is still sometimes a very small glitch on the way back, but much smaller than
the current problem.
Bug: 7342594
Change-Id: I5f4f4393b841ce31dc7236074381283155ebddbd
This fixes a bug where orientation changes caused the system to
ask for the pin/pattern/password multiple times.
It also fixes a minor issue where we were showing buttons
on the pattern confirmation screen (bug 6218057)
Change-Id: I0894f37bb697baa4cc17917aaeb466440279b092
We need to allow FaceUnlock if the backup lock supports encryption (PIN).
This requires changing the way the minimum encryption quality is enforced
to allow FaceUnlock as long as the backup lock is a PIN, as FaceUnlock
is considered a lower security than the minimum for encrypted drives.
This change adds some complexity to upgradeQualityForEncryption because it's
used in two places: once to grey out selections that aren't sufficient
security level, and second to force the user to use a higher security level.
This still increases the minimum security level,
but makes an exception for FaceUnlock if it's allowed without encryption.
This uses a MutableBoolean to provide a mutable boolean capability.
We could instead write a custom one or use some other type of mutable
boolean if it exists.
In CryptKeeperSettings, using getKeyguardStoredPasswordQuality directly instead
of getActivePasswordQuality is simpler, but this uses a more complex approach
with a minor tweak as jaggies suggested it and it is clear about the
biometric exception being made.
Change-Id: Ia2645d6bd98857c79c6a9be45eda98087bfe517a
Adding an option which will launch a version of setup where faces
can be added to the current gallery. It requires the user to first
confirm their password before launching addToSetup.
Patch 3 - Updated for renaming of FackLockTutorial to SetupIntro.
Now it is called every time regardless of it it's showing the tutorial
and a flag is passed in to determine whether or not SetupIntro shows
the tutorial.
Patch 4 - Removed 'Setup Complete' toast at the end of screen lock
setups since it was primarily for Face Unlock and the congratulations
screen removes the need for it.
Change-Id: Idc5f960809d992ec7bbce59ef1e13b95ef7cce45
Removed summary line from the screen lock picker and displaying
the about screen for face unlock every time instead of just the
first time
Change-Id: Iac572d2366acf28d32e632e8dcdde63475641e39
Moved isBiometricSensorAvailable functionality into
isBiometricWeakInstalled (formerly called isBiometricEnabled). Settings
now only shows biometric weak if it's installed, if it's not installed
and the lock type is currently set to biometric weak, the backup lock
is shown as being set instead.
Change-Id: Icfe326a6598df33ee60d5fdc024273d94f115983
This is done when the backup lock is complete or canceled.
If successful, the permanent gallery is replaced with the new one.
The temporary gallery is always deleted
Also deletes the main gallery if the lock type is changed from facial recognition
Change-Id: Id7b066fd852c7ba188d6e46b47391a362cbab40f
-Changed main header to show backup lock text
-Reworded normal header
-Changed instances of FacePass to FaceLock
Change-Id: I66cbd3ada87df30b6b7ceb1a784d365ba60a8f41
This changes the security picker when selecting a backup lock for facelock
such that it says back up lock and gives a brief description of why it's needed.
This is currently a temporary way to display the info and will need to be changed
for the final release.
Change-Id: I6373f97caec088482d36c65bd210c79238c623cf
This adds a simple biometric sensor (face lock) to the security choices.
Updated to disable biometric sensor by default.
Change-Id: I088e5e99cf5f8c7a06a1a992a9257940eb2cc07f
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: I80533bf8986a92b0b99cd5fb1c4943e0f23fc1c8
This converts most of the existing activities to fragments and wraps
them in PreferenceActivities so they can be launched as before
(e.g. by a DevicePolicyManager)
Upload after sync/rebase.
Change-Id: I4f351b75d9fca0498bcb04b4e11ff3b70765a4ba
This allows the user to tell the device to not show lock screen
at all as long as the DevicePolicyManager allows it.
Change-Id: Id46002500b47fc955565be197ac78b7b13b6757d
