For work challenges, do not reset incorrect password attempts if
challenge is resolved via biometric authentication. This is the
behaviour for personal keyguard and work challenge should be
consistent.
Bug: 139438785
Test: manual: enroll work challenge with fingerprint, set failed wipe
count (3) via TestDPC and attempt two failed attempts (via cmd
lock_settings). Resolve work challenge with fingerprint and attempt one
last failed attempt. Verify work profiel is wiped.
Change-Id: Ic64d3e44f3faa5adf8ac43db09e33c8403427990
Currently if a work profile with a separate lock is turned off
(a.k.a. in quiet mode), and the user has forgotten the password,
profile owner app cannot use DPM.resetPasswordWithToken because
the profile user is not running.
In BYOD case the user can remove and re-provision the profile but
in the new COPE mode (a.k.a. on an organization owned device with
work profile) it is not possible to remove the profile. So full
factory reset is required.
This CL allows the user to start the profile in locked state
(a.k.a direct boot mode) so that the admin can reset the password.
This CL adds "Forgot my password" button to work profile credential prompt
if all of the following conditions are true:
* Work profile is turned off
* Profile owner app is capable of running in direct boot mode.
* Profile owner app has an active password reset token.
* The device is an FBE device (otherwise profile will be unlocked).
Clicking this button starts the profile in locked state and shows an
activity to the user that instruct them to go to their IT admin.
Bug: 143516540
Test: manual
Change-Id: I832f7121b43e39161c5afa816f44ce89584b66e2
* The incorrect string was being displayed when the user
was asked to enter their pin/password.
* Updated the string to include **work** instead of
**device** when entering a work pin/password.
Bug: 148211118
Test: Manual testing
Change-Id: I2239a5011dec62fd63574bbf75495548ddd0d907
* Updated FrameLayout of work profile lock in Settings to use GlifLayout
* Removed old background image of work profile lock
* Updated text for PIN, password and pattern
* Added enterprise logo to work profile lock
Bug: 141290838
Test: Manual testing
atest com.android.settings.password
Change-Id: Ie09974857b6c76a182a8075b9e1964a2e0af0de9
Bug: 140128468
Test: Verified with biometricpromptdemo that confirm device credential
still works correctly.
Change-Id: I0f608ba1256c696317402f56549452bf6933066b
Fixes: 132156012
Test: Verified with BiometricPromptDemo that talkback now
announces the correct password type for PIN/Pattern/Pass.
Change-Id: I3a04fe691140abba40396f95a601f863d87ee394
Converting to Soong will move some code from directly compiled
into the app to compiled into an Android library and then
shared between the app and the tests. This will cause resource
IDs in the library to become non-final, which means they can
no longer be used in case statements. Convert affect case
statements to if blocks.
Test: m RunSettingsRoboTests
Change-Id: I25742a374f06d3fa4decbfc0d223a350acc50881
Relating to packages/apps/Settings
Bug: 120484642
Test: manual - test setting and unlocking passwords/pins/patterns.
automated - 20 of about 500 tests fail due to fragile synthetic
password test code.
Change-Id: Idec8338d141c185bef67ade12035fdb2fa9d17ea
CDCA can be invoked with a bundle extra originating from BiometricService.
This allows us to add/forward new BP builder options to CDCA without having
duplicate API each time.
Bug: 111461540
Test: test app, receives correct callbacks
Test: CDC still works
Change-Id: Ia2080d161abba87949338176b34cdf440ed4ed53
1) Fixed the theme for CDCA$InternalActivity to be transparent
2) CDCA only cares about biometrics, which are tied to userId
3) Moved shared methods to a util class
Fixes: 119296586
Test: Followed the steps in comment#1 of the bug linked above
Change-Id: Ie47fc7c3a53dfb7780087937e1ca83287cc52d71
CDC is going to use BiometricPrompt instead. This change
removes FingerprintManager from CDC. BiometricPrompt
will show before pin/pattern/pass is shown.
Bug: 111461540
Test: modified BiometricPromptDemo to use
KeyguardManager#createConfirmDeviceCredentialIntent,
Test: Fingerprint is gone from CDC, rotation works
Test: atest SettingsRoboTests
Change-Id: I9ce2aad71961af8a0d5ee636600e2fbdb6154e47
Having consistent import order will reduce chance of merge
conflict between internal and external master
Test: rebuild
Change-Id: I0b1a170967ddcce7f388603fd521f6ed1eeba30b
This patch focused on fixing compile errors and some runtime errors.
Test: We can't test it now. But we will have an integration test later.
Bug: 110259478
Change-Id: I16c471ddcd0fa1460c665b7f74d86fcace5ee67b
Use GLIF theme as the default for confirm lock screen, even for
"external" launches of the screen. Renamed the theme from "internal"
to "normal" to reflect this change.
Dark theme code will be cleaned up later.
Test: Existing tests pass
Bug: 62573742
Change-Id: I86958eb3a440d7274807f1cf453c3e53c16c23e7
- for fragments that do not implement the preference screen, change them
to inherit from InstrumentedFragment instead.
Change-Id: I791c2634024bd2c248efea955be5c680180d735c
Fixes: 68277111
Test: make RunSettingsRoboTests
When the user enters a wrong pattern/pin/password, a "Wrong
pattern/pin/password" text shows up on ConfirmLockPattern or
ConfirmLockPassword screen. In ConfirmLockPassword, it disappears
automatically after 3 seconds, whereas it doesn't in ConfirmLockPattern.
In this change, we make the prompt in ConfirmLockPattern disappear
automatically as well.
Bug: 64781905
Test: manual
Test: make RunSettingsRoboTests
Change-Id: I53a25576413671ced4197064d51fbcc397733265
The ConfirmLockPassword screen (responsible for both PIN and password
locks) should not accept any input during the lock-out period after
consecutive incorrect unlock attempts. However, this is broken if the
activity is resumed from a paused state (e.g. from Recents).
In this CL, we clean up the logic around updating the UI controls, which
fixes the issue above and also hopefully simplifies potential future
work.
Bug: 63277910
Test: make RunSettingsRoboTests
Test: manual, both unified and separate work challenge
Change-Id: I752a5911d4445bf0caeea299ca3eb182e1defc62
Due to incorrect strings, we temporarily disabled the prompt strings for
strong auth and instead used the generic ones as a short-term fix. In
this CL, we correct the strong auth prompt strings and add them back to
the lock screen UI. The new strings are in line with those in keyguard.
Bug: 36511626
Test: manual
Test: make RunSettingsRoboTests
Change-Id: Ifba689db37cc7d331eb1a774814f6b6235977ff9
These screens are used whenever setting or confirming the
lockscreen PIN or password. Set them to a consistent textSize (24sp)
and a consistent fontFamily.
Would have set the fontFamily in the style, but unfortunately
setInputType is called on the TextViews after inflation which blows
away the fontFamily. Instead, we set it in code right after that
call.
Change-Id: I77c3f94e2b1ce6d1f19697394c5caa09aac423b0
Fixes: 62873478
Test: manual
The prompt strings on the confirm credentials screen (pin, password,
pattern) are incorrect. They currently say strong auth is "required
after device restarts". But instead they should be "required for
additional security" because strong auth can be enforced not only after
device or profile restarts, but also after profile key eviction, for
example.
Unfortunately, we've already missed the window for string changes.
Therefore, as an alternative, we use generic prompt strings in this CL,
to avoid conveying the incorrect (and misleading) information. We'll
follow up with another CL in master with a proper string change to fix
the issue.
Bug: 36511626
Test: manual
Test: make SettingsRoboTests
Change-Id: I44f84420b88bb4933ad0afa6e8032af465de0cd3
Both View focus (which is triggered by View.requestFocus()) and IME focus
(which is internally handled inside InputMethodManager), are implemented
as delayed tasks on the UI thread. The goal here is to make sure that
InputMethodManager.showSoftInput() always gets called only after the target
EditText gained IME focus.
This requires some tricks, but is basically a solved problem with
ImeAwareEditText introduced by
I182b05d3ff59fb3b4732d60d0d5a464f0e0e0235. Here we can just reuse it.
Note that ConfirmLockPassword & ChooseLockPassword are the only ones
using ScrollToParentEditText. Latter doesn't call IMM.showSoftInput().
Fixes: 62542157
Test: Verified keyboard still shows-up on the ConfirmLock screen.
Change-Id: I892d639f3cc5d43db553b682d5278b8ce2fe72da
Bug: 36814845
Test: adb shell settings put global device_provisioned 0 && adb shell am start -a android.app.action.CONFIRM_FRP_CREDENTIAL
Change-Id: Id6ce6bc5ebd9c9e2a88790cc800678aff50e580f
Previously, failed ConfirmDeviceCredential attempts only counted towards the
wipe limit if it is used as a separate work challenge.
In this CL, we additionally make these failed attempts count towards the total
failures in the following scenarios:
1) when unified work challenge is enabled
2) for the primary user (e.g. when a wipe limit is set by a DO)
3) for secondary users
Bug: 27238008
Test: manual, by entering wrong credentials multiple times
Test: make SettingsRoboTests
Change-Id: Ie5a099bb3fd46245c13ccf4c8f91c4d935412a4e
Consolidated the many variants of ChooseLock*.createIntent, so that
it will take the same set of arguments.
Also modified SetupChooseLock*.createIntent to modifyIntentForSetup,
which will take the intent created by ChooseLock* and modify it for
use with setup.
Test: cd tests/robotests && mma
Change-Id: I5ff033f459c33ec9980872a536b3996d89f2bbbb
