Cause: with unified screenlock, ConfirmDeviceCredentialActivity didn't
forward result with FLAG_ACTIVITY_FORWARD_RESULT
Also, fixed that ConfirmDeviceCredentialActivity didn't allow fingerprint
authenication in unified screenlock after keystore unlocked.
In ChooseLockSettingsHelper, add one new util function to allow
extra option to set returnCredentials to false while external to true.
Set StrongAuth to "not required" when it has been successfully unlocked.
Test:
1. PO Unified Screenlock/Work Challenge x fingerprint -> ok to trust cert
(Also, no credential is returned in intent)
2. WorkMode off -> Reboot -> turn on Work mode
-> no fingerprint option, PIN unlock successful to turn work mode on
Bug: 28752364
Change-Id: I6dc8865e8f005545f8577d7731afb4495647062b
Add hooks for adding an option for selecting a managed password as
lock credential. By default this option will not be visible.
BUG=27923581
Change-Id: Id17bd8074bf23cbcffb96d8576cc760df6f2298a
If the work profile is locked, and the user tries to add a
work account from Settings:
Show the work profile security challenge.
BUG:28005200
Change-Id: I87ff25d9de94026b0d7ac307ea3a541e77989aa6
When ChooseLockScreenGeneric is started via the set password
intents, it should not allow the drawer menu to show.
bug:26288300
Change-Id: I10d512e20fedab2be8c725c7d524db0c55666590
The problem is because ConfirmDeviceCredentialActivity is not created
again when the new intent is fired. Add no history flag to kill it once
it is not visible. We have the exclude from recent flag anyway, so
finishing it should be fine.
Bug: 27564634
Change-Id: I2e22f3d7a108f8fbad5f27894b1a92f19d25bcda
If the challenge shown is for a work profile, add the default image and
color to the background of the fragment.
Change-Id: I148c6cd3a835a84c7bac78b020839dfdae4a6c36
Create a new section in Security Settings which includes all
settings for the Work Challenge.
Only some settings apply to the Work Challenge, so we reuse
the security settings layouts for items and compare them against
a whitelist to remove unwanted items.
Additionally, remove all usages of ChooseLockGeneric.KEY_USER_ID
in favor of Intent.EXTRA_USER_ID.
Change-Id: I3d1ba953a2056f7c61a7b3feeb8b49f1a352dff6
When using ConfirmDeviceCredential as the Work Challenge, we sometimes
have intercepted a task launching from recents. In this case, read the
taskId given as an extra and request that task to be started from
recents instead of launching a new intent.
Change-Id: Icca92f246e8f025b64de1f138493fc4069f98829
Add support in the Confirm Credentials flow to read an Intent extra
and fire it when authentication succeeds.
This is part of the Separate Work Challenge feature.
Change-Id: I52c203735fa9b53fd2f7df971824747eeb930f36
Actually call to recovery from ConvertToFBE
Adding credential check
Gray out Convert option when converted
Change-Id: Ic98929ff49733d182b529012e58870156f40679a
This is a first step to allow this flow to be reused for setting
a work profile-specific lock, to be used with the work challenge.
Change-Id: Iaa65fdab9021cda5f0a1d3bc526a6b54f8a7dd16
Make sure to finish ConfirmDeviceCredentialActivity directly, and use
Intent.FLAG_ACTIVITY_FORWARD_RESULT, so we can't even end up in a
state where we have the trampoline activity but not the real activity.
Bug: 23849216
Change-Id: I7a5be5af74ca85c11df1f61a69c3fd5cf558e1fb
Change the message for encryption interstitial when enrollin
fingerprint, to make it clear that fingerprint unlock is still used,
just that the backup unlock PIN / password / pattern will be needed
to start the device.
Bug: 22559146
Change-Id: Ia134e0d9b118151833a9118ff44667dcc9122185
ConfirmDeviceCredentialsActivity and ChooseLockGeneric now understand
CLSH.EXTRA_KEY_HAS_CHALLENGE and CLSH.EXTRA_KEY_CHALLENGE in their
launching intents. If present, they return a hw_auth_token_t verifying
the challenge passed in as a field in keyed by
CLSH.EXTRA_KEY_CHALLENGE_TOKEN in their result intents.
Change-Id: I0b4e02b6a798a9e57d02522880a180dffadfcde1
- New strings in the screen.
- New layout/style.
- Clean up internal API's around it.
- Add fingerprint support if launched from externally
- Separate theme if launched from externally
- If launched from above Keyguard, use SHOW_WHEN_LOCKED flag
Change-Id: Icdf9bf9e0506841f24e8aab5f0f1d1f4b688951f
The correct method to call is isLockPatternEnabled, which
also checks whether we've actually selected a pattern.
Also removes the code for the obsolete pattern enabled setting.
Bug: 18931518
Change-Id: I6f369eb60f8f6bb1e33384cd06534c713ab52e79
When an accessibility service is enabled we are not using the user secure
lock when encrypting the data. If the latter is already used for encryption
we are decreasing the encryption level and therefore shall challenge the
user with their secure lock.
bug:17881324
Change-Id: If8905c05e20bc6bb6a6415e501871e5ad83f3d86
ConfirmLockPattern and ConfirmLockPassword return an intent that contains the
password, and as such are dangerous. Create internal versions that are locked
down, and don't put this info in the externally accessible versions.
Bug: 13741939
Change-Id: I0df4d1e720b3c33d2c9ca086636dc54f17b19bf0
This adds a feature to allow DevicePolicyAdmins to prevent using
simple PINs, which are defined as those containing more than 3
repeated values. Examples include '1234', '2468', '1111', '9876', etc.
Bug 12081139
Change-Id: I68d8fe2459837cb5e083724e1740e65f0519f7e1
As noted by the class javadoc, CredentialStorage has seen the number
of cases to cope with grow. This change tries to address those cases.
src/com/android/settings/CredentialStorage.java
Added ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD to coordinate
additional producer and consumer.
constant declaration here, since its used by callers of
ChooseLockSettingsHelper.launchConfirmationActivity
src/com/android/settings/ChooseLockSettingsHelper.java
old producer
src/com/android/settings/ConfirmLockPassword.java
new producer (CredentialStorage wants passwords and patterns)
src/com/android/settings/ConfirmLockPattern.java
new consumer
src/com/android/settings/CredentialStorage.java
old consumer
src/com/android/settings/CryptKeeperSettings.java
Made class final and removed protected from method to make it clear
ChooseLockSettingsHelper is not to be used by subclassing.
src/com/android/settings/ChooseLockSettingsHelper.java
Change-Id: Ib2d65398fe44573168a6267a0376c3b0388b16c8
This fixes a bug where user was allowed to factory reset the device
without entering their PIN/Password.
It also fixes the same issue with MediaFormat (Settings->SD Card->Format).
Change-Id: I0677a50aa771ad8663513fd7ec398a70953dcde2
