| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.tv.settings.system; |
| |
| import static android.os.UserHandle.USER_SYSTEM; |
| |
| import android.content.BroadcastReceiver; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.IntentFilter; |
| import android.content.SharedPreferences; |
| import android.content.pm.ResolveInfo; |
| import android.os.Bundle; |
| import android.os.Handler; |
| import android.os.Message; |
| import android.os.RemoteException; |
| import android.os.UserManager; |
| import android.util.Log; |
| |
| import androidx.annotation.VisibleForTesting; |
| import androidx.fragment.app.FragmentActivity; |
| |
| import com.android.internal.widget.ILockSettings; |
| import com.android.internal.widget.LockPatternUtils; |
| import com.android.internal.widget.LockscreenCredential; |
| import com.android.tv.settings.dialog.PinDialogFragment; |
| import com.android.tv.settings.users.RestrictedProfilePinDialogFragment; |
| import com.android.tv.settings.users.RestrictedProfilePinService; |
| |
| import java.util.Objects; |
| |
| /** |
| * Triggered instead of the home screen when user-selected home app isn't encryption aware. |
| */ |
| public class FallbackHome extends FragmentActivity implements PinDialogFragment.ResultListener { |
| |
| private static final String TAG = "FallbackHome"; |
| |
| private Handler mHandler = new Handler() { |
| @Override |
| public void handleMessage(Message msg) { |
| maybeFinish(); |
| } |
| }; |
| |
| @Override |
| protected void onCreate(Bundle savedInstanceState) { |
| super.onCreate(savedInstanceState); |
| registerReceiver(mReceiver, new IntentFilter(Intent.ACTION_USER_UNLOCKED)); |
| |
| maybeStartPinDialog(); |
| maybeFinish(); |
| } |
| |
| @Override |
| protected void onDestroy() { |
| super.onDestroy(); |
| unregisterReceiver(mReceiver); |
| } |
| |
| private BroadcastReceiver mReceiver = new BroadcastReceiver() { |
| @Override |
| public void onReceive(Context context, Intent intent) { |
| maybeFinish(); |
| } |
| }; |
| |
| void maybeFinish() { |
| if (isUserUnlocked()) { |
| final Intent homeIntent = new Intent(Intent.ACTION_MAIN) |
| .addCategory(Intent.CATEGORY_HOME); |
| final ResolveInfo homeInfo = getPackageManager().resolveActivity(homeIntent, 0); |
| if (Objects.equals(getPackageName(), homeInfo.activityInfo.packageName)) { |
| Log.d(TAG, "User unlocked but no home; let's hope someone enables one soon?"); |
| mHandler.sendEmptyMessageDelayed(0, 500); |
| } else { |
| Log.d(TAG, "User unlocked and real home found; let's go!"); |
| finish(); |
| } |
| } |
| } |
| |
| /** |
| * If we have file-based encryption and a restricted profile we must request PIN entry on boot. |
| * |
| * Unlike a normal password, the restricted profile PIN is set on USER_OWNER in order to |
| * prevent switching out. Under FBE this means that the underlying USER_SYSTEM will remain |
| * encrypted and in RUNNING_LOCKED state. In order for various system functions to work |
| * we will need to decrypt first. |
| */ |
| @VisibleForTesting |
| void maybeStartPinDialog() { |
| if (isUserUnlocked() || !hasLockscreenSecurity(getUserId()) || !isFileEncryptionEnabled()) { |
| return; |
| } |
| |
| unlockDevice(); |
| } |
| |
| private void unlockDevice() { |
| try (LockscreenCredential pin = getPinFromSharedPreferences()) { |
| if (pin == null || pin.isNone()) { |
| showPinDialogToUnlockDevice(); |
| } else { |
| // Give LockSettings the pin. This unlocks the device. |
| unlockDeviceWithPin(pin); |
| } |
| } |
| } |
| |
| @VisibleForTesting |
| void unlockDeviceWithPin(LockscreenCredential pin) { |
| try { |
| getLockSettings().checkCredential(pin, USER_SYSTEM, null); |
| } catch (RemoteException e) { |
| e.printStackTrace(); |
| } |
| } |
| |
| @VisibleForTesting |
| void showPinDialogToUnlockDevice() { |
| // Prompt the user with a dialog to dial the pin and unlock the device. |
| RestrictedProfilePinDialogFragment restrictedProfilePinDialogFragment = |
| RestrictedProfilePinDialogFragment.newInstance( |
| PinDialogFragment.PIN_DIALOG_TYPE_ENTER_PIN); |
| restrictedProfilePinDialogFragment.show(getSupportFragmentManager(), |
| PinDialogFragment.DIALOG_TAG); |
| } |
| |
| @VisibleForTesting |
| LockscreenCredential getPinFromSharedPreferences() { |
| SharedPreferences sp = getSharedPreferences(RestrictedProfilePinService.PIN_STORE_NAME, |
| Context.MODE_PRIVATE); |
| return LockscreenCredential.createPinOrNone( |
| sp.getString(RestrictedProfilePinService.PIN_STORE_NAME, null)); |
| } |
| |
| @VisibleForTesting |
| boolean isUserUnlocked() { |
| return getSystemService(UserManager.class).isUserUnlocked(); |
| } |
| |
| @VisibleForTesting |
| boolean hasLockscreenSecurity(final int userId) { |
| final LockPatternUtils lpu = new LockPatternUtils(this); |
| return lpu.isLockPasswordEnabled(userId) || lpu.isLockPatternEnabled(userId); |
| } |
| |
| @VisibleForTesting |
| boolean isFileEncryptionEnabled() { |
| return LockPatternUtils.isFileEncryptionEnabled(); |
| } |
| |
| @VisibleForTesting |
| ILockSettings getLockSettings() { |
| return new LockPatternUtils(this).getLockSettings(); |
| } |
| |
| @Override |
| public void pinFragmentDone(int requestCode, boolean success) { |
| maybeStartPinDialog(); |
| maybeFinish(); |
| } |
| } |
