Merge "Use default encryption password if an accessibility service is enabled." into lmp-dev

Author: sganov

core/java/android/view/AccessibilityManagerInternal.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.view;
+
+/**
+ * Accessibility manager local system service interface.
+ *
+ * @hide Only for use within the system server.
+ */
+public abstract class AccessibilityManagerInternal {
+
+    /**
+     * Queries if the accessibility manager service permits setting
+     * a non-default encryption password.
+     */
+    public abstract boolean isNonDefaultEncryptionPasswordAllowed();
+}

core/java/com/android/internal/widget/LockPatternUtils.java

@@ -877,6 +877,30 @@ public void saveLockPassword(String password, int quality, boolean isFallback, i
         }
     }
 
+    /**
+     * Gets whether the device is encrypted.
+     *
+     * @return Whether the device is encrypted.
+     */
+    public static boolean isDeviceEncrypted() {
+        IMountService mountService = IMountService.Stub.asInterface(
+                ServiceManager.getService("mount"));
+        try {
+            return mountService.getEncryptionState() != IMountService.ENCRYPTION_STATE_NONE
+                    && mountService.getPasswordType() != StorageManager.CRYPT_TYPE_DEFAULT;
+        } catch (RemoteException re) {
+            Log.e(TAG, "Error getting encryption state", re);
+        }
+        return true;
+    }
+
+    /**
+     * Clears the encryption password.
+     */
+    public void clearEncryptionPassword() {
+        updateEncryptionPassword(StorageManager.CRYPT_TYPE_DEFAULT, null);
+    }
+
     /**
      * Retrieves the quality mode we're in.
      * {@see DevicePolicyManager#getPasswordQuality(android.content.ComponentName)}

services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java

@@ -67,6 +67,7 @@
 import android.util.Pools.SimplePool;
 import android.util.Slog;
 import android.util.SparseArray;
+import android.view.AccessibilityManagerInternal;
 import android.view.Display;
 import android.view.IWindow;
 import android.view.InputDevice;
@@ -91,6 +92,7 @@
 import com.android.internal.R;
 import com.android.internal.content.PackageMonitor;
 import com.android.internal.statusbar.IStatusBarService;
+import com.android.internal.widget.LockPatternUtils;
 import com.android.server.LocalServices;
 
 import org.xmlpull.v1.XmlPullParserException;
@@ -202,6 +204,8 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
 
     private final UserManager mUserManager;
 
+    private final LockPatternUtils mLockPatternUtils;
+
     private int mCurrentUserId = UserHandle.USER_OWNER;
 
     //TODO: Remove this hack
@@ -225,9 +229,11 @@ public AccessibilityManagerService(Context context) {
         mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
         mSecurityPolicy = new SecurityPolicy();
         mMainHandler = new MainHandler(mContext.getMainLooper());
+        mLockPatternUtils = new LockPatternUtils(context);
         registerBroadcastReceivers();
         new AccessibilityContentObserver(mMainHandler).register(
                 context.getContentResolver());
+        LocalServices.addService(AccessibilityManagerInternal.class, new LocalService());
     }
 
     private UserState getUserStateLocked(int userId) {
@@ -1294,6 +1300,7 @@ private void onUserStateChangedLocked(UserState userState) {
         updateTouchExplorationLocked(userState);
         updateEnhancedWebAccessibilityLocked(userState);
         updateDisplayColorAdjustmentSettingsLocked(userState);
+        updateEncryptionState(userState);
         scheduleUpdateInputFilter(userState);
         scheduleUpdateClientsIfNeededLocked(userState);
     }
@@ -1570,6 +1577,21 @@ private void updateDisplayColorAdjustmentSettingsLocked(UserState userState) {
         DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
     }
 
+    private void updateEncryptionState(UserState userState) {
+        if (userState.mUserId != UserHandle.USER_OWNER) {
+            return;
+        }
+        if (hasRunningServicesLocked(userState) && LockPatternUtils.isDeviceEncrypted()) {
+            // If there are running accessibility services we do not have encryption as
+            // the user needs the accessibility layer to be running to authenticate.
+            mLockPatternUtils.clearEncryptionPassword();
+        }
+    }
+
+    private boolean hasRunningServicesLocked(UserState userState) {
+        return !userState.mBoundServices.isEmpty() || !userState.mBindingServices.isEmpty();
+    }
+
     private MagnificationSpec getCompatibleMagnificationSpecLocked(int windowId) {
         IBinder windowToken = mGlobalWindowTokens.get(windowId);
         if (windowToken == null) {
@@ -3883,4 +3905,14 @@ public void onChange(boolean selfChange, Uri uri) {
             }
         }
     }
+
+    private final class LocalService extends AccessibilityManagerInternal {
+        @Override
+        public boolean isNonDefaultEncryptionPasswordAllowed() {
+            synchronized (mLock) {
+                UserState userState = getCurrentUserStateLocked();
+                return !hasRunningServicesLocked(userState);
+            }
+        }
+    }
 }

services/core/java/com/android/server/MountService.java

@@ -63,6 +63,7 @@
 import android.util.Slog;
 import android.util.Xml;
 
+import android.view.AccessibilityManagerInternal;
 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.app.IMediaContainerService;
@@ -557,6 +558,8 @@ public void handleMessage(Message msg) {
 
     private final Handler mHandler;
 
+    private final AccessibilityManagerInternal mAccessibilityManagerInternal;
+
     void waitForAsecScan() {
         waitForLatch(mAsecsScanned);
     }
@@ -1454,6 +1457,9 @@ public MountService(Context context) {
         hthread.start();
         mHandler = new MountServiceHandler(hthread.getLooper());
 
+        mAccessibilityManagerInternal = LocalServices.getService(
+                AccessibilityManagerInternal.class);
+
         // Watch for user changes
         final IntentFilter userFilter = new IntentFilter();
         userFilter.addAction(Intent.ACTION_USER_ADDED);
@@ -2254,8 +2260,15 @@ public int changeEncryptionPassword(int type, String password) {
 
         final NativeDaemonEvent event;
         try {
+            // The accessibility layer may veto having a non-default encryption
+            // password because if there are enabled accessibility services the
+            // user cannot authenticate as the latter need access to the data.
+            if (!TextUtils.isEmpty(password)
+                    && !mAccessibilityManagerInternal.isNonDefaultEncryptionPasswordAllowed()) {
+                return getEncryptionState();
+            }
             event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
-                                       new SensitiveArg(toHex(password)));
+                        new SensitiveArg(toHex(password)));
             return Integer.parseInt(event.getMessage());
         } catch (NativeDaemonConnectorException e) {
             // Encryption failed
@@ -2302,7 +2315,7 @@ public int verifyEncryptionPassword(String password) throws RemoteException {
      * @return The type, one of the CRYPT_TYPE_XXX consts from StorageManager.
      */
     @Override
-    public int getPasswordType() throws RemoteException {
+    public int getPasswordType() {
 
         waitForReady();