Merge "Accessibility no longer overrides strong encryption." into lmp-dev
This commit is contained in:
Svetoslav
Android (Google) Code Review
@ -1,31 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (C) 2014 The Android Open Source Project
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package android.view;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Accessibility manager local system service interface.
|
|
||||||
*
|
|
||||||
* @hide Only for use within the system server.
|
|
||||||
*/
|
|
||||||
public abstract class AccessibilityManagerInternal {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Queries if the accessibility manager service permits setting
|
|
||||||
* a non-default encryption password.
|
|
||||||
*/
|
|
||||||
public abstract boolean isNonDefaultEncryptionPasswordAllowed();
|
|
||||||
}
|
|
||||||
@ -67,7 +67,6 @@ import android.util.Pools.Pool;
|
|||||||
import android.util.Pools.SimplePool;
|
import android.util.Pools.SimplePool;
|
||||||
import android.util.Slog;
|
import android.util.Slog;
|
||||||
import android.util.SparseArray;
|
import android.util.SparseArray;
|
||||||
import android.view.AccessibilityManagerInternal;
|
|
||||||
import android.view.Display;
|
import android.view.Display;
|
||||||
import android.view.IWindow;
|
import android.view.IWindow;
|
||||||
import android.view.InputDevice;
|
import android.view.InputDevice;
|
||||||
@ -235,7 +234,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
|
|||||||
registerBroadcastReceivers();
|
registerBroadcastReceivers();
|
||||||
new AccessibilityContentObserver(mMainHandler).register(
|
new AccessibilityContentObserver(mMainHandler).register(
|
||||||
context.getContentResolver());
|
context.getContentResolver());
|
||||||
LocalServices.addService(AccessibilityManagerInternal.class, new LocalService());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private UserState getUserStateLocked(int userId) {
|
private UserState getUserStateLocked(int userId) {
|
||||||
@ -1331,7 +1329,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
|
|||||||
updateTouchExplorationLocked(userState);
|
updateTouchExplorationLocked(userState);
|
||||||
updateEnhancedWebAccessibilityLocked(userState);
|
updateEnhancedWebAccessibilityLocked(userState);
|
||||||
updateDisplayColorAdjustmentSettingsLocked(userState);
|
updateDisplayColorAdjustmentSettingsLocked(userState);
|
||||||
updateEncryptionState(userState);
|
|
||||||
scheduleUpdateInputFilter(userState);
|
scheduleUpdateInputFilter(userState);
|
||||||
scheduleUpdateClientsIfNeededLocked(userState);
|
scheduleUpdateClientsIfNeededLocked(userState);
|
||||||
}
|
}
|
||||||
@ -1608,22 +1605,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
|
|||||||
DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
|
DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void updateEncryptionState(UserState userState) {
|
|
||||||
if (userState.mUserId != UserHandle.USER_OWNER) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
final long identity = Binder.clearCallingIdentity();
|
|
||||||
try {
|
|
||||||
if (hasRunningServicesLocked(userState) && LockPatternUtils.isDeviceEncrypted()) {
|
|
||||||
// If there are running accessibility services we do not have encryption as
|
|
||||||
// the user needs the accessibility layer to be running to authenticate.
|
|
||||||
mLockPatternUtils.clearEncryptionPassword();
|
|
||||||
}
|
|
||||||
} finally {
|
|
||||||
Binder.restoreCallingIdentity(identity);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean hasRunningServicesLocked(UserState userState) {
|
private boolean hasRunningServicesLocked(UserState userState) {
|
||||||
return !userState.mBoundServices.isEmpty() || !userState.mBindingServices.isEmpty();
|
return !userState.mBoundServices.isEmpty() || !userState.mBindingServices.isEmpty();
|
||||||
}
|
}
|
||||||
@ -3969,14 +3950,4 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private final class LocalService extends AccessibilityManagerInternal {
|
|
||||||
@Override
|
|
||||||
public boolean isNonDefaultEncryptionPasswordAllowed() {
|
|
||||||
synchronized (mLock) {
|
|
||||||
UserState userState = getCurrentUserStateLocked();
|
|
||||||
return !hasRunningServicesLocked(userState);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -63,7 +63,6 @@ import android.util.AttributeSet;
|
|||||||
import android.util.Slog;
|
import android.util.Slog;
|
||||||
import android.util.Xml;
|
import android.util.Xml;
|
||||||
|
|
||||||
import android.view.AccessibilityManagerInternal;
|
|
||||||
import com.android.internal.annotations.GuardedBy;
|
import com.android.internal.annotations.GuardedBy;
|
||||||
import com.android.internal.annotations.VisibleForTesting;
|
import com.android.internal.annotations.VisibleForTesting;
|
||||||
import com.android.internal.app.IMediaContainerService;
|
import com.android.internal.app.IMediaContainerService;
|
||||||
@ -558,8 +557,6 @@ class MountService extends IMountService.Stub
|
|||||||
|
|
||||||
private final Handler mHandler;
|
private final Handler mHandler;
|
||||||
|
|
||||||
private final AccessibilityManagerInternal mAccessibilityManagerInternal;
|
|
||||||
|
|
||||||
void waitForAsecScan() {
|
void waitForAsecScan() {
|
||||||
waitForLatch(mAsecsScanned);
|
waitForLatch(mAsecsScanned);
|
||||||
}
|
}
|
||||||
@ -1462,9 +1459,6 @@ class MountService extends IMountService.Stub
|
|||||||
hthread.start();
|
hthread.start();
|
||||||
mHandler = new MountServiceHandler(hthread.getLooper());
|
mHandler = new MountServiceHandler(hthread.getLooper());
|
||||||
|
|
||||||
mAccessibilityManagerInternal = LocalServices.getService(
|
|
||||||
AccessibilityManagerInternal.class);
|
|
||||||
|
|
||||||
// Watch for user changes
|
// Watch for user changes
|
||||||
final IntentFilter userFilter = new IntentFilter();
|
final IntentFilter userFilter = new IntentFilter();
|
||||||
userFilter.addAction(Intent.ACTION_USER_ADDED);
|
userFilter.addAction(Intent.ACTION_USER_ADDED);
|
||||||
@ -2263,16 +2257,8 @@ class MountService extends IMountService.Stub
|
|||||||
Slog.i(TAG, "changing encryption password...");
|
Slog.i(TAG, "changing encryption password...");
|
||||||
}
|
}
|
||||||
|
|
||||||
final NativeDaemonEvent event;
|
|
||||||
try {
|
try {
|
||||||
// The accessibility layer may veto having a non-default encryption
|
NativeDaemonEvent event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
|
||||||
// password because if there are enabled accessibility services the
|
|
||||||
// user cannot authenticate as the latter need access to the data.
|
|
||||||
if (!TextUtils.isEmpty(password)
|
|
||||||
&& !mAccessibilityManagerInternal.isNonDefaultEncryptionPasswordAllowed()) {
|
|
||||||
return getEncryptionState();
|
|
||||||
}
|
|
||||||
event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
|
|
||||||
new SensitiveArg(toHex(password)));
|
new SensitiveArg(toHex(password)));
|
||||||
return Integer.parseInt(event.getMessage());
|
return Integer.parseInt(event.getMessage());
|
||||||
} catch (NativeDaemonConnectorException e) {
|
} catch (NativeDaemonConnectorException e) {
|
||||||
|
|||||||
Reference in New Issue
Block a user