Merge "Use default encryption password if an accessibility service is enabled." into lmp-dev
diff --git a/core/java/android/view/AccessibilityManagerInternal.java b/core/java/android/view/AccessibilityManagerInternal.java
new file mode 100644
index 0000000..7bb2dc5
--- /dev/null
+++ b/core/java/android/view/AccessibilityManagerInternal.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.view;
+
+/**
+ * Accessibility manager local system service interface.
+ *
+ * @hide Only for use within the system server.
+ */
+public abstract class AccessibilityManagerInternal {
+
+ /**
+ * Queries if the accessibility manager service permits setting
+ * a non-default encryption password.
+ */
+ public abstract boolean isNonDefaultEncryptionPasswordAllowed();
+}
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index 16fa88e..2b7af4b 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -878,6 +878,30 @@
}
/**
+ * Gets whether the device is encrypted.
+ *
+ * @return Whether the device is encrypted.
+ */
+ public static boolean isDeviceEncrypted() {
+ IMountService mountService = IMountService.Stub.asInterface(
+ ServiceManager.getService("mount"));
+ try {
+ return mountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE
+ && mountService.getPasswordType() != StorageManager.CRYPT_TYPE_DEFAULT;
+ } catch (RemoteException re) {
+ Log.e(TAG, "Error getting encryption state", re);
+ }
+ return true;
+ }
+
+ /**
+ * Clears the encryption password.
+ */
+ public void clearEncryptionPassword() {
+ updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
+ }
+
+ /**
* Retrieves the quality mode we're in.
* {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}
*
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index be3fc47..1253bc7c 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -67,6 +67,7 @@
import android.util.Pools.SimplePool;
import android.util.Slog;
import android.util.SparseArray;
+import android.view.AccessibilityManagerInternal;
import android.view.Display;
import android.view.IWindow;
import android.view.InputDevice;
@@ -91,6 +92,7 @@
import com.android.internal.R;
import com.android.internal.content.PackageMonitor;
import com.android.internal.statusbar.IStatusBarService;
+import com.android.internal.widget.LockPatternUtils;
import com.android.server.LocalServices;
import org.xmlpull.v1.XmlPullParserException;
@@ -202,6 +204,8 @@
private final UserManager mUserManager;
+ private final LockPatternUtils mLockPatternUtils;
+
private int mCurrentUserId = UserHandle.USER_OWNER;
//TODO: Remove this hack
@@ -225,9 +229,11 @@
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
mSecurityPolicy = new SecurityPolicy();
mMainHandler = new MainHandler(mContext.getMainLooper());
+ mLockPatternUtils = new LockPatternUtils(context);
registerBroadcastReceivers();
new AccessibilityContentObserver(mMainHandler).register(
context.getContentResolver());
+ LocalServices.addService(AccessibilityManagerInternal.class, new LocalService());
}
private UserState getUserStateLocked(int userId) {
@@ -1294,6 +1300,7 @@
updateTouchExplorationLocked(userState);
updateEnhancedWebAccessibilityLocked(userState);
updateDisplayColorAdjustmentSettingsLocked(userState);
+ updateEncryptionState(userState);
scheduleUpdateInputFilter(userState);
scheduleUpdateClientsIfNeededLocked(userState);
}
@@ -1570,6 +1577,21 @@
DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
}
+ private void updateEncryptionState(UserState userState) {
+ if (userState.mUserId != UserHandle.USER_OWNER) {
+ return;
+ }
+ if (hasRunningServicesLocked(userState) && LockPatternUtils.isDeviceEncrypted()) {
+ // If there are running accessibility services we do not have encryption as
+ // the user needs the accessibility layer to be running to authenticate.
+ mLockPatternUtils.clearEncryptionPassword();
+ }
+ }
+
+ private boolean hasRunningServicesLocked(UserState userState) {
+ return !userState.mBoundServices.isEmpty() || !userState.mBindingServices.isEmpty();
+ }
+
private MagnificationSpec getCompatibleMagnificationSpecLocked(int windowId) {
IBinder windowToken = mGlobalWindowTokens.get(windowId);
if (windowToken == null) {
@@ -3883,4 +3905,14 @@
}
}
}
+
+ private final class LocalService extends AccessibilityManagerInternal {
+ @Override
+ public boolean isNonDefaultEncryptionPasswordAllowed() {
+ synchronized (mLock) {
+ UserState userState = getCurrentUserStateLocked();
+ return !hasRunningServicesLocked(userState);
+ }
+ }
+ }
}
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 7f24d07..b0535b3 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -63,6 +63,7 @@
import android.util.Slog;
import android.util.Xml;
+import android.view.AccessibilityManagerInternal;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.app.IMediaContainerService;
@@ -557,6 +558,8 @@
private final Handler mHandler;
+ private final AccessibilityManagerInternal mAccessibilityManagerInternal;
+
void waitForAsecScan() {
waitForLatch(mAsecsScanned);
}
@@ -1454,6 +1457,9 @@
hthread.start();
mHandler = new MountServiceHandler(hthread.getLooper());
+ mAccessibilityManagerInternal = LocalServices.getService(
+ AccessibilityManagerInternal.class);
+
// Watch for user changes
final IntentFilter userFilter = new IntentFilter();
userFilter.addAction(Intent.ACTION_USER_ADDED);
@@ -2254,8 +2260,15 @@
final NativeDaemonEvent event;
try {
+ // The accessibility layer may veto having a non-default encryption
+ // password because if there are enabled accessibility services the
+ // user cannot authenticate as the latter need access to the data.
+ if (!TextUtils.isEmpty(password)
+ && !mAccessibilityManagerInternal.isNonDefaultEncryptionPasswordAllowed()) {
+ return getEncryptionState();
+ }
event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
- new SensitiveArg(toHex(password)));
+ new SensitiveArg(toHex(password)));
return Integer.parseInt(event.getMessage());
} catch (NativeDaemonConnectorException e) {
// Encryption failed
@@ -2302,7 +2315,7 @@
* @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager.
*/
@Override
- public int getPasswordType() throws RemoteException {
+ public int getPasswordType() {
waitForReady();