/* * Copyright (C) 2007 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.settings; import android.app.Activity; import android.app.AlertDialog; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; import android.content.Context; import android.content.DialogInterface; import android.content.Intent; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.content.pm.UserInfo; import android.content.res.Resources; import android.hardware.fingerprint.Fingerprint; import android.hardware.fingerprint.FingerprintManager; import android.os.Bundle; import android.os.PersistableBundle; import android.os.UserHandle; import android.os.UserManager; import android.provider.SearchIndexableResource; import android.provider.Settings; import android.security.KeyStore; import android.service.trust.TrustAgentService; import android.support.v14.preference.SwitchPreference; import android.support.v7.preference.Preference; import android.support.v7.preference.Preference.OnPreferenceChangeListener; import android.support.v7.preference.Preference.OnPreferenceClickListener; import android.support.v7.preference.PreferenceGroup; import android.support.v7.preference.PreferenceScreen; import android.telephony.CarrierConfigManager; import android.telephony.SubscriptionInfo; import android.telephony.SubscriptionManager; import android.telephony.TelephonyManager; import android.text.TextUtils; import android.util.Log; import com.android.internal.logging.MetricsLogger; import com.android.internal.widget.LockPatternUtils; import com.android.settings.RestrictedListPreference; import com.android.settings.TrustAgentUtils.TrustAgentComponentInfo; import com.android.settings.fingerprint.FingerprintEnrollIntroduction; import com.android.settings.fingerprint.FingerprintSettings; import com.android.settings.search.BaseSearchIndexProvider; import com.android.settings.search.Index; import com.android.settings.search.Indexable; import com.android.settings.search.SearchIndexableRaw; import com.android.settingslib.RestrictedLockUtils; import com.android.settingslib.RestrictedPreference; import com.android.settingslib.RestrictedSwitchPreference; import java.util.ArrayList; import java.util.List; import static android.provider.Settings.System.SCREEN_OFF_TIMEOUT; import static com.android.settings.RestrictedListPreference.RestrictedItem; import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; /** * Gesture lock pattern settings. */ public class SecuritySettings extends SettingsPreferenceFragment implements OnPreferenceChangeListener, DialogInterface.OnClickListener, Indexable { private static final String TAG = "SecuritySettings"; private static final String TRUST_AGENT_CLICK_INTENT = "trust_agent_click_intent"; private static final Intent TRUST_AGENT_INTENT = new Intent(TrustAgentService.SERVICE_INTERFACE); // Lock Settings private static final String KEY_UNLOCK_SET_OR_CHANGE = "unlock_set_or_change"; private static final String KEY_UNLOCK_SET_OR_CHANGE_PROFILE = "profile_challenge"; private static final String KEY_VISIBLE_PATTERN = "visiblepattern"; private static final String KEY_SECURITY_CATEGORY = "security_category"; private static final String KEY_DEVICE_ADMIN_CATEGORY = "device_admin_category"; private static final String KEY_LOCK_AFTER_TIMEOUT = "lock_after_timeout"; private static final String KEY_OWNER_INFO_SETTINGS = "owner_info_settings"; private static final String KEY_ADVANCED_SECURITY = "advanced_security"; private static final String KEY_MANAGE_TRUST_AGENTS = "manage_trust_agents"; private static final int SET_OR_CHANGE_LOCK_METHOD_REQUEST = 123; private static final int CHANGE_TRUST_AGENT_SETTINGS = 126; // Misc Settings private static final String KEY_SIM_LOCK = "sim_lock"; private static final String KEY_SHOW_PASSWORD = "show_password"; private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type"; private static final String KEY_RESET_CREDENTIALS = "credentials_reset"; private static final String KEY_CREDENTIALS_INSTALL = "credentials_install"; private static final String KEY_TOGGLE_INSTALL_APPLICATIONS = "toggle_install_applications"; private static final String KEY_POWER_INSTANTLY_LOCKS = "power_button_instantly_locks"; private static final String KEY_CREDENTIALS_MANAGER = "credentials_management"; private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; private static final String KEY_TRUST_AGENT = "trust_agent"; private static final String KEY_SCREEN_PINNING = "screen_pinning_settings"; // These switch preferences need special handling since they're not all stored in Settings. private static final String SWITCH_PREFERENCE_KEYS[] = { KEY_LOCK_AFTER_TIMEOUT, KEY_VISIBLE_PATTERN, KEY_POWER_INSTANTLY_LOCKS, KEY_SHOW_PASSWORD, KEY_TOGGLE_INSTALL_APPLICATIONS }; // Only allow one trust agent on the platform. private static final boolean ONLY_ONE_TRUST_AGENT = true; private static final int MY_USER_ID = UserHandle.myUserId(); private DevicePolicyManager mDPM; private SubscriptionManager mSubscriptionManager; private UserManager mUm; private ChooseLockSettingsHelper mChooseLockSettingsHelper; private LockPatternUtils mLockPatternUtils; private RestrictedListPreference mLockAfter; private SwitchPreference mVisiblePattern; private SwitchPreference mShowPassword; private KeyStore mKeyStore; private RestrictedPreference mResetCredentials; private RestrictedSwitchPreference mToggleAppInstallation; private DialogInterface mWarnInstallApps; private SwitchPreference mPowerButtonInstantlyLocks; private boolean mIsAdmin; private Intent mTrustAgentClickIntent; private Preference mOwnerInfoPref; private int mProfileChallengeUserId; @Override protected int getMetricsCategory() { return MetricsLogger.SECURITY; } @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); mSubscriptionManager = SubscriptionManager.from(getActivity()); mLockPatternUtils = new LockPatternUtils(getActivity()); mDPM = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE); mUm = UserManager.get(getActivity()); mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity()); if (savedInstanceState != null && savedInstanceState.containsKey(TRUST_AGENT_CLICK_INTENT)) { mTrustAgentClickIntent = savedInstanceState.getParcelable(TRUST_AGENT_CLICK_INTENT); } } private static int getResIdForLockUnlockScreen(Context context, LockPatternUtils lockPatternUtils) { int resid = 0; if (!lockPatternUtils.isSecure(MY_USER_ID)) { if (lockPatternUtils.isLockScreenDisabled(MY_USER_ID)) { resid = R.xml.security_settings_lockscreen; } else { resid = R.xml.security_settings_chooser; } } else { switch (lockPatternUtils.getKeyguardStoredPasswordQuality(MY_USER_ID)) { case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: resid = R.xml.security_settings_pattern; break; case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: resid = R.xml.security_settings_pin; break; case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: resid = R.xml.security_settings_password; break; } } return resid; } /** * Important! * * Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the * logic or adding/removing preferences here. */ private PreferenceScreen createPreferenceHierarchy() { PreferenceScreen root = getPreferenceScreen(); if (root != null) { root.removeAll(); } addPreferencesFromResource(R.xml.security_settings); root = getPreferenceScreen(); // Add options for lock/unlock screen final int resid = getResIdForLockUnlockScreen(getActivity(), mLockPatternUtils); addPreferencesFromResource(resid); List profiles = mUm.getProfiles(UserHandle.myUserId()); int numProfiles = profiles.size(); if (numProfiles > 1) { for (int i = 0; i < numProfiles; ++i) { UserInfo profile = profiles.get(i); if (profile.id != UserHandle.myUserId()) { mProfileChallengeUserId = profile.id; } } if (mLockPatternUtils.isSeparateProfileChallengeAllowed(mProfileChallengeUserId)) { addPreferencesFromResource(R.xml.security_settings_profile); } } // Add options for device encryption mIsAdmin = mUm.isAdminUser(); mOwnerInfoPref = findPreference(KEY_OWNER_INFO_SETTINGS); if (mOwnerInfoPref != null) { mOwnerInfoPref.setEnabled(!mLockPatternUtils.isLockScreenDisabled(MY_USER_ID) && !mLockPatternUtils.isDeviceOwnerInfoEnabled()); if (mOwnerInfoPref.isEnabled()) { mOwnerInfoPref.setOnPreferenceClickListener(new OnPreferenceClickListener() { @Override public boolean onPreferenceClick(Preference preference) { OwnerInfoSettings.show(SecuritySettings.this); return true; } }); } } if (mIsAdmin) { if (LockPatternUtils.isDeviceEncryptionEnabled()) { // The device is currently encrypted. addPreferencesFromResource(R.xml.security_settings_encrypted); } else { // This device supports encryption but isn't encrypted. addPreferencesFromResource(R.xml.security_settings_unencrypted); } } // Fingerprint and trust agents PreferenceGroup securityCategory = (PreferenceGroup) root.findPreference(KEY_SECURITY_CATEGORY); if (securityCategory != null) { maybeAddFingerprintPreference(securityCategory); addTrustAgentSettings(securityCategory); } // lock after preference mLockAfter = (RestrictedListPreference) root.findPreference(KEY_LOCK_AFTER_TIMEOUT); if (mLockAfter != null) { setupLockAfterPreference(); updateLockAfterPreferenceSummary(); } // visible pattern mVisiblePattern = (SwitchPreference) root.findPreference(KEY_VISIBLE_PATTERN); // lock instantly on power key press mPowerButtonInstantlyLocks = (SwitchPreference) root.findPreference( KEY_POWER_INSTANTLY_LOCKS); Preference trustAgentPreference = root.findPreference(KEY_TRUST_AGENT); if (mPowerButtonInstantlyLocks != null && trustAgentPreference != null && trustAgentPreference.getTitle().length() > 0) { mPowerButtonInstantlyLocks.setSummary(getString( R.string.lockpattern_settings_power_button_instantly_locks_summary, trustAgentPreference.getTitle())); } // Append the rest of the settings addPreferencesFromResource(R.xml.security_settings_misc); // Do not display SIM lock for devices without an Icc card TelephonyManager tm = TelephonyManager.getDefault(); CarrierConfigManager cfgMgr = (CarrierConfigManager) getActivity().getSystemService(Context.CARRIER_CONFIG_SERVICE); PersistableBundle b = cfgMgr.getConfig(); if (!mIsAdmin || !isSimIccReady() || b.getBoolean(CarrierConfigManager.KEY_HIDE_SIM_LOCK_SETTINGS_BOOL)) { root.removePreference(root.findPreference(KEY_SIM_LOCK)); } else { // Disable SIM lock if there is no ready SIM card. root.findPreference(KEY_SIM_LOCK).setEnabled(isSimReady()); } if (Settings.System.getInt(getContentResolver(), Settings.System.LOCK_TO_APP_ENABLED, 0) != 0) { root.findPreference(KEY_SCREEN_PINNING).setSummary( getResources().getString(R.string.switch_on_text)); } // Show password mShowPassword = (SwitchPreference) root.findPreference(KEY_SHOW_PASSWORD); mResetCredentials = (RestrictedPreference) root.findPreference(KEY_RESET_CREDENTIALS); // Credential storage final UserManager um = (UserManager) getActivity().getSystemService(Context.USER_SERVICE); mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume() RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference( KEY_CREDENTIAL_STORAGE_TYPE); credentialStorageType.checkRestrictionAndSetDisabled( UserManager.DISALLOW_CONFIG_CREDENTIALS); RestrictedPreference installCredentials = (RestrictedPreference) root.findPreference( KEY_CREDENTIALS_INSTALL); installCredentials.checkRestrictionAndSetDisabled(UserManager.DISALLOW_CONFIG_CREDENTIALS); mResetCredentials.checkRestrictionAndSetDisabled(UserManager.DISALLOW_CONFIG_CREDENTIALS); final int storageSummaryRes = mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware : R.string.credential_storage_type_software; credentialStorageType.setSummary(storageSummaryRes); // Application install PreferenceGroup deviceAdminCategory = (PreferenceGroup) root.findPreference(KEY_DEVICE_ADMIN_CATEGORY); mToggleAppInstallation = (RestrictedSwitchPreference) findPreference( KEY_TOGGLE_INSTALL_APPLICATIONS); mToggleAppInstallation.setChecked(isNonMarketAppsAllowed()); // Side loading of apps. // Disable for restricted profiles. For others, check if policy disallows it. mToggleAppInstallation.setEnabled(!um.getUserInfo(MY_USER_ID).isRestricted()); if (mToggleAppInstallation.isEnabled()) { mToggleAppInstallation.checkRestrictionAndSetDisabled( UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES); if (!mToggleAppInstallation.isDisabledByAdmin()) { mToggleAppInstallation.checkRestrictionAndSetDisabled( UserManager.DISALLOW_INSTALL_APPS); } } // Advanced Security features PreferenceGroup advancedCategory = (PreferenceGroup)root.findPreference(KEY_ADVANCED_SECURITY); if (advancedCategory != null) { Preference manageAgents = advancedCategory.findPreference(KEY_MANAGE_TRUST_AGENTS); if (manageAgents != null && !mLockPatternUtils.isSecure(MY_USER_ID)) { manageAgents.setEnabled(false); manageAgents.setSummary(R.string.disabled_because_no_backup_security); } } // The above preferences come and go based on security state, so we need to update // the index. This call is expected to be fairly cheap, but we may want to do something // smarter in the future. Index.getInstance(getActivity()) .updateFromClassNameResource(SecuritySettings.class.getName(), true, true); for (int i = 0; i < SWITCH_PREFERENCE_KEYS.length; i++) { final Preference pref = findPreference(SWITCH_PREFERENCE_KEYS[i]); if (pref != null) pref.setOnPreferenceChangeListener(this); } return root; } private void maybeAddFingerprintPreference(PreferenceGroup securityCategory) { Preference fingerprintPreference = FingerprintSettings.getFingerprintPreferenceForUser( securityCategory.getContext(), UserHandle.myUserId()); if (fingerprintPreference != null) { securityCategory.addPreference(fingerprintPreference); } } private void addTrustAgentSettings(PreferenceGroup securityCategory) { final boolean hasSecurity = mLockPatternUtils.isSecure(MY_USER_ID); ArrayList agents = getActiveTrustAgents(getPackageManager(), mLockPatternUtils, mDPM); for (int i = 0; i < agents.size(); i++) { final TrustAgentComponentInfo agent = agents.get(i); Preference trustAgentPreference = new Preference(securityCategory.getContext()); trustAgentPreference.setKey(KEY_TRUST_AGENT); trustAgentPreference.setTitle(agent.title); trustAgentPreference.setSummary(agent.summary); // Create intent for this preference. Intent intent = new Intent(); intent.setComponent(agent.componentName); intent.setAction(Intent.ACTION_MAIN); trustAgentPreference.setIntent(intent); // Add preference to the settings menu. securityCategory.addPreference(trustAgentPreference); if (agent.disabledByAdministrator) { trustAgentPreference.setEnabled(false); trustAgentPreference.setSummary(R.string.trust_agent_disabled_device_admin); } else if (!hasSecurity) { trustAgentPreference.setEnabled(false); trustAgentPreference.setSummary(R.string.disabled_because_no_backup_security); } } } /* Return true if a there is a Slot that has Icc. */ private boolean isSimIccReady() { TelephonyManager tm = TelephonyManager.getDefault(); final List subInfoList = mSubscriptionManager.getActiveSubscriptionInfoList(); if (subInfoList != null) { for (SubscriptionInfo subInfo : subInfoList) { if (tm.hasIccCard(subInfo.getSimSlotIndex())) { return true; } } } return false; } /* Return true if a SIM is ready for locking. * TODO: consider adding to TelephonyManager or SubscritpionManasger. */ private boolean isSimReady() { int simState = TelephonyManager.SIM_STATE_UNKNOWN; final List subInfoList = mSubscriptionManager.getActiveSubscriptionInfoList(); if (subInfoList != null) { for (SubscriptionInfo subInfo : subInfoList) { simState = TelephonyManager.getDefault().getSimState(subInfo.getSimSlotIndex()); if((simState != TelephonyManager.SIM_STATE_ABSENT) && (simState != TelephonyManager.SIM_STATE_UNKNOWN)){ return true; } } } return false; } private static ArrayList getActiveTrustAgents( PackageManager pm, LockPatternUtils utils, DevicePolicyManager dpm) { ArrayList result = new ArrayList(); List resolveInfos = pm.queryIntentServices(TRUST_AGENT_INTENT, PackageManager.GET_META_DATA); List enabledTrustAgents = utils.getEnabledTrustAgents(MY_USER_ID); boolean disableTrustAgents = (dpm.getKeyguardDisabledFeatures(null) & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; if (enabledTrustAgents != null && !enabledTrustAgents.isEmpty()) { for (int i = 0; i < resolveInfos.size(); i++) { ResolveInfo resolveInfo = resolveInfos.get(i); if (resolveInfo.serviceInfo == null) continue; if (!TrustAgentUtils.checkProvidePermission(resolveInfo, pm)) continue; TrustAgentComponentInfo trustAgentComponentInfo = TrustAgentUtils.getSettingsComponent(pm, resolveInfo); if (trustAgentComponentInfo.componentName == null || !enabledTrustAgents.contains( TrustAgentUtils.getComponentName(resolveInfo)) || TextUtils.isEmpty(trustAgentComponentInfo.title)) continue; if (disableTrustAgents && dpm.getTrustAgentConfiguration( null, TrustAgentUtils.getComponentName(resolveInfo)) == null) { trustAgentComponentInfo.disabledByAdministrator = true; } result.add(trustAgentComponentInfo); if (ONLY_ONE_TRUST_AGENT) break; } } return result; } private boolean isNonMarketAppsAllowed() { return Settings.Global.getInt(getContentResolver(), Settings.Global.INSTALL_NON_MARKET_APPS, 0) > 0; } private void setNonMarketAppsAllowed(boolean enabled) { final UserManager um = (UserManager) getActivity().getSystemService(Context.USER_SERVICE); if (um.hasUserRestriction(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES)) { return; } // Change the system setting Settings.Global.putInt(getContentResolver(), Settings.Global.INSTALL_NON_MARKET_APPS, enabled ? 1 : 0); } private void warnAppInstallation() { // TODO: DialogFragment? mWarnInstallApps = new AlertDialog.Builder(getActivity()).setTitle( getResources().getString(R.string.error_title)) .setIcon(com.android.internal.R.drawable.ic_dialog_alert) .setMessage(getResources().getString(R.string.install_all_warning)) .setPositiveButton(android.R.string.yes, this) .setNegativeButton(android.R.string.no, this) .show(); } @Override public void onClick(DialogInterface dialog, int which) { if (dialog == mWarnInstallApps) { boolean turnOn = which == DialogInterface.BUTTON_POSITIVE; setNonMarketAppsAllowed(turnOn); if (mToggleAppInstallation != null) { mToggleAppInstallation.setChecked(turnOn); } } } @Override public void onDestroy() { super.onDestroy(); if (mWarnInstallApps != null) { mWarnInstallApps.dismiss(); } } private void setupLockAfterPreference() { // Compatible with pre-Froyo long currentTimeout = Settings.Secure.getLong(getContentResolver(), Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000); mLockAfter.setValue(String.valueOf(currentTimeout)); mLockAfter.setOnPreferenceChangeListener(this); final EnforcedAdmin admin = RestrictedLockUtils.checkIfMaximumTimeToLockIsSet( getActivity()); if (admin != null) { final long adminTimeout = (mDPM != null ? mDPM.getMaximumTimeToLock(null) : 0); final long displayTimeout = Math.max(0, Settings.System.getInt(getContentResolver(), SCREEN_OFF_TIMEOUT, 0)); if (adminTimeout > 0) { // This setting is a slave to display timeout when a device policy is enforced. // As such, maxLockTimeout = adminTimeout - displayTimeout. // If there isn't enough time, shows "immediately" setting. disableUnusableTimeouts(Math.max(0, adminTimeout - displayTimeout), admin); } } } private void updateLockAfterPreferenceSummary() { final String summary; if (mLockAfter.isDisabledByAdmin()) { summary = getString(R.string.disabled_by_policy_title); } else { // Update summary message with current value long currentTimeout = Settings.Secure.getLong(getContentResolver(), Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, 5000); final CharSequence[] entries = mLockAfter.getEntries(); final CharSequence[] values = mLockAfter.getEntryValues(); int best = 0; for (int i = 0; i < values.length; i++) { if (mLockAfter.isRestrictedForEntry(entries[i])) { break; } long timeout = Long.valueOf(values[i].toString()); if (currentTimeout >= timeout) { best = i; } } Preference preference = getPreferenceScreen().findPreference(KEY_TRUST_AGENT); if (preference != null && preference.getTitle().length() > 0) { if (Long.valueOf(values[best].toString()) == 0) { summary = getString(R.string.lock_immediately_summary_with_exception, preference.getTitle()); } else { summary = getString(R.string.lock_after_timeout_summary_with_exception, entries[best], preference.getTitle()); } } else { summary = getString(R.string.lock_after_timeout_summary, entries[best]); } } mLockAfter.setSummary(summary); } private void disableUnusableTimeouts(long maxTimeout, EnforcedAdmin admin) { final CharSequence[] entries = mLockAfter.getEntries(); final CharSequence[] values = mLockAfter.getEntryValues(); long maxTimeoutSelectable = 0; int maxTimeoutEntryIndex = -1; for (int i = 0; i < values.length; i++) { long timeout = Long.parseLong(values[i].toString()); if (timeout > maxTimeout) { break; } maxTimeoutSelectable = timeout; maxTimeoutEntryIndex = i; } // If there are no possible options for the user, then set this preference as // disabled by admin, otherwise remove the padlock in case it was set earlier. if (maxTimeoutSelectable == 0) { mLockAfter.setDisabledByAdmin(admin); return; } else { mLockAfter.setDisabledByAdmin(null); } mLockAfter.clearRestrictedItems(); // Set all the entries after the maximum selectable timeout as disabled by admin. for (int i = maxTimeoutEntryIndex + 1; i < values.length; i++) { mLockAfter.addRestrictedItem( new RestrictedItem(entries[i], values[i], admin)); } final int userPreference = Integer.valueOf(mLockAfter.getValue()); if (userPreference <= maxTimeout) { mLockAfter.setValue(String.valueOf(userPreference)); } else if (maxTimeoutSelectable == maxTimeout) { mLockAfter.setValue(String.valueOf(maxTimeout)); } else { // There will be no highlighted selection since nothing in the list matches // maxTimeout. The user can still select anything less than maxTimeout. // TODO: maybe append maxTimeout to the list and mark selected. } } @Override public void onSaveInstanceState(Bundle outState) { super.onSaveInstanceState(outState); if (mTrustAgentClickIntent != null) { outState.putParcelable(TRUST_AGENT_CLICK_INTENT, mTrustAgentClickIntent); } } @Override public void onResume() { super.onResume(); // Make sure we reload the preference hierarchy since some of these settings // depend on others... createPreferenceHierarchy(); final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils(); if (mVisiblePattern != null) { mVisiblePattern.setChecked(lockPatternUtils.isVisiblePatternEnabled( MY_USER_ID)); } if (mPowerButtonInstantlyLocks != null) { mPowerButtonInstantlyLocks.setChecked(lockPatternUtils.getPowerButtonInstantlyLocks( MY_USER_ID)); } if (mShowPassword != null) { mShowPassword.setChecked(Settings.System.getInt(getContentResolver(), Settings.System.TEXT_SHOW_PASSWORD, 1) != 0); } if (mResetCredentials != null) { mResetCredentials.setEnabled(!mKeyStore.isEmpty()); } updateOwnerInfo(); } public void updateOwnerInfo() { if (mOwnerInfoPref != null) { if (mLockPatternUtils.isDeviceOwnerInfoEnabled()) { mOwnerInfoPref.setSummary(R.string.disabled_by_administrator_summary); } else { mOwnerInfoPref.setSummary(mLockPatternUtils.isOwnerInfoEnabled(MY_USER_ID) ? mLockPatternUtils.getOwnerInfo(MY_USER_ID) : getString(R.string.owner_info_settings_summary)); } } } @Override public boolean onPreferenceTreeClick(Preference preference) { final String key = preference.getKey(); if (KEY_UNLOCK_SET_OR_CHANGE.equals(key)) { startFragment(this, "com.android.settings.ChooseLockGeneric$ChooseLockGenericFragment", R.string.lock_settings_picker_title, SET_OR_CHANGE_LOCK_METHOD_REQUEST, null); } else if (KEY_UNLOCK_SET_OR_CHANGE_PROFILE.equals(key)) { Bundle extras = new Bundle(); extras.putInt(Intent.EXTRA_USER_ID, mProfileChallengeUserId); startFragment(this, "com.android.settings.ProfileChallengePreferenceFragment", R.string.lock_settings_profile_label, SET_OR_CHANGE_LOCK_METHOD_REQUEST, extras); } else if (KEY_TRUST_AGENT.equals(key)) { ChooseLockSettingsHelper helper = new ChooseLockSettingsHelper(this.getActivity(), this); mTrustAgentClickIntent = preference.getIntent(); boolean confirmationLaunched = helper.launchConfirmationActivity( CHANGE_TRUST_AGENT_SETTINGS, preference.getTitle()); if (!confirmationLaunched&& mTrustAgentClickIntent != null) { // If this returns false, it means no password confirmation is required. startActivity(mTrustAgentClickIntent); mTrustAgentClickIntent = null; } } else { // If we didn't handle it, let preferences handle it. return super.onPreferenceTreeClick(preference); } return true; } /** * see confirmPatternThenDisableAndClear */ @Override public void onActivityResult(int requestCode, int resultCode, Intent data) { super.onActivityResult(requestCode, resultCode, data); if (requestCode == CHANGE_TRUST_AGENT_SETTINGS && resultCode == Activity.RESULT_OK) { if (mTrustAgentClickIntent != null) { startActivity(mTrustAgentClickIntent); mTrustAgentClickIntent = null; } return; } createPreferenceHierarchy(); } @Override public boolean onPreferenceChange(Preference preference, Object value) { boolean result = true; final String key = preference.getKey(); final LockPatternUtils lockPatternUtils = mChooseLockSettingsHelper.utils(); if (KEY_LOCK_AFTER_TIMEOUT.equals(key)) { int timeout = Integer.parseInt((String) value); try { Settings.Secure.putInt(getContentResolver(), Settings.Secure.LOCK_SCREEN_LOCK_AFTER_TIMEOUT, timeout); } catch (NumberFormatException e) { Log.e("SecuritySettings", "could not persist lockAfter timeout setting", e); } updateLockAfterPreferenceSummary(); } else if (KEY_VISIBLE_PATTERN.equals(key)) { lockPatternUtils.setVisiblePatternEnabled((Boolean) value, MY_USER_ID); } else if (KEY_POWER_INSTANTLY_LOCKS.equals(key)) { mLockPatternUtils.setPowerButtonInstantlyLocks((Boolean) value, MY_USER_ID); } else if (KEY_SHOW_PASSWORD.equals(key)) { Settings.System.putInt(getContentResolver(), Settings.System.TEXT_SHOW_PASSWORD, ((Boolean) value) ? 1 : 0); lockPatternUtils.setVisiblePasswordEnabled((Boolean) value, MY_USER_ID); } else if (KEY_TOGGLE_INSTALL_APPLICATIONS.equals(key)) { if ((Boolean) value) { mToggleAppInstallation.setChecked(false); warnAppInstallation(); // Don't change Switch status until user makes choice in dialog, so return false. result = false; } else { setNonMarketAppsAllowed(false); } } return result; } @Override protected int getHelpResource() { return R.string.help_url_security; } /** * For Search. Please keep it in sync when updating "createPreferenceHierarchy()" */ public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER = new SecuritySearchIndexProvider(); private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider { @Override public List getXmlResourcesToIndex( Context context, boolean enabled) { List result = new ArrayList(); LockPatternUtils lockPatternUtils = new LockPatternUtils(context); // Add options for lock/unlock screen int resId = getResIdForLockUnlockScreen(context, lockPatternUtils); SearchIndexableResource sir = new SearchIndexableResource(context); sir.xmlResId = resId; result.add(sir); final UserManager um = UserManager.get(context); List profiles = um.getProfiles(UserHandle.myUserId()); int numProfiles = profiles.size(); if (numProfiles > 1) { int profileUserId = -1; for (int i = 0; i < numProfiles; ++i) { UserInfo profile = profiles.get(i); if (profile.id != UserHandle.myUserId()) { profileUserId = profile.id; } } if (lockPatternUtils.isSeparateProfileChallengeAllowed(profileUserId)) { sir = new SearchIndexableResource(context); sir.xmlResId = R.xml.security_settings_profile; result.add(sir); } } if (um.isAdminUser()) { DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(Context.DEVICE_POLICY_SERVICE); switch (dpm.getStorageEncryptionStatus()) { case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE: // The device is currently encrypted. resId = R.xml.security_settings_encrypted; break; case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE: // This device supports encryption but isn't encrypted. resId = R.xml.security_settings_unencrypted; break; } sir = new SearchIndexableResource(context); sir.xmlResId = resId; result.add(sir); } // Append the rest of the settings sir = new SearchIndexableResource(context); sir.xmlResId = R.xml.security_settings_misc; result.add(sir); return result; } @Override public List getRawDataToIndex(Context context, boolean enabled) { final List result = new ArrayList(); final Resources res = context.getResources(); final String screenTitle = res.getString(R.string.security_settings_title); SearchIndexableRaw data = new SearchIndexableRaw(context); data.title = screenTitle; data.screenTitle = screenTitle; result.add(data); final UserManager um = UserManager.get(context); if (!um.isAdminUser()) { int resId = um.isLinkedUser() ? R.string.profile_info_settings_title : R.string.user_info_settings_title; data = new SearchIndexableRaw(context); data.title = res.getString(resId); data.screenTitle = screenTitle; result.add(data); } // Fingerprint FingerprintManager fpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE); if (fpm.isHardwareDetected()) { // This catches the title which can be overloaded in an overlay data = new SearchIndexableRaw(context); data.title = res.getString(R.string.security_settings_fingerprint_preference_title); data.screenTitle = screenTitle; result.add(data); // Fallback for when the above doesn't contain "fingerprint" data = new SearchIndexableRaw(context); data.title = res.getString(R.string.fingerprint_manage_category_title); data.screenTitle = screenTitle; result.add(data); } // Credential storage if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) { KeyStore keyStore = KeyStore.getInstance(); final int storageSummaryRes = keyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware : R.string.credential_storage_type_software; data = new SearchIndexableRaw(context); data.title = res.getString(storageSummaryRes); data.screenTitle = screenTitle; result.add(data); } // Advanced final LockPatternUtils lockPatternUtils = new LockPatternUtils(context); if (lockPatternUtils.isSecure(MY_USER_ID)) { ArrayList agents = getActiveTrustAgents(context.getPackageManager(), lockPatternUtils, context.getSystemService(DevicePolicyManager.class)); for (int i = 0; i < agents.size(); i++) { final TrustAgentComponentInfo agent = agents.get(i); data = new SearchIndexableRaw(context); data.title = agent.title; data.screenTitle = screenTitle; result.add(data); } } return result; } @Override public List getNonIndexableKeys(Context context) { final List keys = new ArrayList(); LockPatternUtils lockPatternUtils = new LockPatternUtils(context); // Do not display SIM lock for devices without an Icc card final UserManager um = UserManager.get(context); final TelephonyManager tm = TelephonyManager.from(context); if (!um.isAdminUser() || !tm.hasIccCard()) { keys.add(KEY_SIM_LOCK); } if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) { keys.add(KEY_CREDENTIALS_MANAGER); } // TrustAgent settings disappear when the user has no primary security. if (!lockPatternUtils.isSecure(MY_USER_ID)) { keys.add(KEY_TRUST_AGENT); keys.add(KEY_MANAGE_TRUST_AGENTS); } return keys; } } }