1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.settings; 18 19 import android.app.Activity; 20 import android.app.admin.DevicePolicyManager; 21 import android.content.Context; 22 import android.content.Intent; 23 import android.content.res.Resources; 24 import android.os.Bundle; 25 import android.os.UserHandle; 26 import android.os.UserManager; 27 import android.provider.SearchIndexableResource; 28 import android.security.KeyStore; 29 import android.support.v7.preference.PreferenceGroup; 30 import android.support.v7.preference.PreferenceScreen; 31 32 import com.android.internal.logging.nano.MetricsProto.MetricsEvent; 33 import com.android.internal.widget.LockPatternUtils; 34 import com.android.settings.dashboard.DashboardFragment; 35 import com.android.settings.search.BaseSearchIndexProvider; 36 import com.android.settings.search.Indexable; 37 import com.android.settings.search.SearchIndexableRaw; 38 import com.android.settingslib.RestrictedLockUtils; 39 import com.android.settingslib.RestrictedPreference; 40 41 import java.util.ArrayList; 42 import java.util.List; 43 44 /** 45 * Encryption and Credential settings. 46 * TODO: Extends this from {@link DashboardFragment} instead 47 */ 48 public class EncryptionAndCredential extends SettingsPreferenceFragment implements Indexable { 49 50 private static final String TAG = "EncryptionAndCredential"; 51 52 // Misc Settings 53 private static final String KEY_CREDENTIAL_STORAGE_TYPE = "credential_storage_type"; 54 private static final String KEY_USER_CREDENTIALS = "user_credentials"; 55 private static final String KEY_RESET_CREDENTIALS = "credentials_reset"; 56 private static final String KEY_CREDENTIALS_INSTALL = "credentials_install"; 57 private static final String KEY_CREDENTIALS_MANAGER = "credentials_management"; 58 59 private static final int MY_USER_ID = UserHandle.myUserId(); 60 61 private UserManager mUm; 62 63 private KeyStore mKeyStore; 64 private RestrictedPreference mResetCredentials; 65 66 private boolean mIsAdmin; 67 68 @Override 69 public int getMetricsCategory() { 70 return MetricsEvent.ENCRYPTION_AND_CREDENTIAL; 71 } 72 73 @Override 74 public void onCreate(Bundle savedInstanceState) { 75 super.onCreate(savedInstanceState); 76 77 final Activity activity = getActivity(); 78 79 mUm = UserManager.get(activity); 80 } 81 82 /** 83 * Important! 84 * 85 * Don't forget to update the SecuritySearchIndexProvider if you are doing any change in the 86 * logic or adding/removing preferences here. 87 */ 88 private PreferenceScreen createPreferenceHierarchy() { 89 PreferenceScreen root = getPreferenceScreen(); 90 if (root != null) { 91 root.removeAll(); 92 } 93 addPreferencesFromResource(R.xml.encryption_and_credential); 94 root = getPreferenceScreen(); 95 96 // Add options for device encryption 97 mIsAdmin = mUm.isAdminUser(); 98 99 if (mIsAdmin) { 100 if (LockPatternUtils.isDeviceEncryptionEnabled()) { 101 // The device is currently encrypted. 102 addPreferencesFromResource(R.xml.security_settings_encrypted); 103 } else { 104 // This device supports encryption but isn't encrypted. 105 addPreferencesFromResource(R.xml.security_settings_unencrypted); 106 } 107 } 108 109 110 // Credential storage 111 mKeyStore = KeyStore.getInstance(); // needs to be initialized for onResume() 112 113 if (!RestrictedLockUtils.hasBaseUserRestriction(getActivity(), 114 UserManager.DISALLOW_CONFIG_CREDENTIALS, MY_USER_ID)) { 115 RestrictedPreference userCredentials = (RestrictedPreference) root.findPreference( 116 KEY_USER_CREDENTIALS); 117 userCredentials.checkRestrictionAndSetDisabled( 118 UserManager.DISALLOW_CONFIG_CREDENTIALS); 119 RestrictedPreference credentialStorageType = (RestrictedPreference) root.findPreference( 120 KEY_CREDENTIAL_STORAGE_TYPE); 121 credentialStorageType.checkRestrictionAndSetDisabled( 122 UserManager.DISALLOW_CONFIG_CREDENTIALS); 123 RestrictedPreference installCredentials = (RestrictedPreference) root.findPreference( 124 KEY_CREDENTIALS_INSTALL); 125 installCredentials.checkRestrictionAndSetDisabled( 126 UserManager.DISALLOW_CONFIG_CREDENTIALS); 127 mResetCredentials = (RestrictedPreference) root.findPreference(KEY_RESET_CREDENTIALS); 128 mResetCredentials.checkRestrictionAndSetDisabled( 129 UserManager.DISALLOW_CONFIG_CREDENTIALS); 130 131 final int storageSummaryRes = 132 mKeyStore.isHardwareBacked() ? R.string.credential_storage_type_hardware 133 : R.string.credential_storage_type_software; 134 credentialStorageType.setSummary(storageSummaryRes); 135 } else { 136 PreferenceGroup credentialsManager = (PreferenceGroup) 137 root.findPreference(KEY_CREDENTIALS_MANAGER); 138 credentialsManager.removePreference(root.findPreference(KEY_RESET_CREDENTIALS)); 139 credentialsManager.removePreference(root.findPreference(KEY_CREDENTIALS_INSTALL)); 140 credentialsManager.removePreference(root.findPreference(KEY_CREDENTIAL_STORAGE_TYPE)); 141 credentialsManager.removePreference(root.findPreference(KEY_USER_CREDENTIALS)); 142 } 143 144 return root; 145 } 146 147 @Override 148 public void onResume() { 149 super.onResume(); 150 151 // Make sure we reload the preference hierarchy since some of these settings 152 // depend on others... 153 createPreferenceHierarchy(); 154 155 if (mResetCredentials != null && !mResetCredentials.isDisabledByAdmin()) { 156 mResetCredentials.setEnabled(!mKeyStore.isEmpty()); 157 } 158 } 159 160 /** 161 * see confirmPatternThenDisableAndClear 162 */ 163 @Override 164 public void onActivityResult(int requestCode, int resultCode, Intent data) { 165 super.onActivityResult(requestCode, resultCode, data); 166 createPreferenceHierarchy(); 167 } 168 169 @Override 170 protected int getHelpResource() { 171 return R.string.help_url_security; 172 } 173 174 /** 175 * For Search. Please keep it in sync when updating "createPreferenceHierarchy()" 176 */ 177 public static final SearchIndexProvider SEARCH_INDEX_DATA_PROVIDER = 178 new SecuritySearchIndexProvider(); 179 180 private static class SecuritySearchIndexProvider extends BaseSearchIndexProvider { 181 182 @Override 183 public List<SearchIndexableResource> getXmlResourcesToIndex( 184 Context context, boolean enabled) { 185 final List<SearchIndexableResource> index = new ArrayList<SearchIndexableResource>(); 186 187 final DevicePolicyManager dpm = (DevicePolicyManager) 188 context.getSystemService(Context.DEVICE_POLICY_SERVICE); 189 final UserManager um = UserManager.get(context); 190 191 if (um.isAdminUser()) { 192 switch (dpm.getStorageEncryptionStatus()) { 193 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE: 194 // The device is currently encrypted. 195 index.add(getSearchResource(context, R.xml.security_settings_encrypted)); 196 break; 197 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE: 198 // This device supports encryption but isn't encrypted. 199 index.add(getSearchResource(context, R.xml.security_settings_unencrypted)); 200 break; 201 } 202 } 203 204 return index; 205 } 206 207 private SearchIndexableResource getSearchResource(Context context, int xmlResId) { 208 final SearchIndexableResource sir = new SearchIndexableResource(context); 209 sir.xmlResId = xmlResId; 210 return sir; 211 } 212 213 @Override 214 public List<SearchIndexableRaw> getRawDataToIndex(Context context, boolean enabled) { 215 final List<SearchIndexableRaw> result = new ArrayList<SearchIndexableRaw>(); 216 final Resources res = context.getResources(); 217 218 final String screenTitle = res.getString( 219 R.string.encryption_and_credential_settings_title); 220 221 SearchIndexableRaw data = new SearchIndexableRaw(context); 222 data.title = screenTitle; 223 data.screenTitle = screenTitle; 224 result.add(data); 225 226 final UserManager um = UserManager.get(context); 227 if (!um.isAdminUser()) { 228 int resId = um.isLinkedUser() ? 229 R.string.profile_info_settings_title : R.string.user_info_settings_title; 230 231 data = new SearchIndexableRaw(context); 232 data.title = res.getString(resId); 233 data.screenTitle = screenTitle; 234 result.add(data); 235 } 236 237 // Credential storage 238 if (!um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) { 239 KeyStore keyStore = KeyStore.getInstance(); 240 241 final int storageSummaryRes = keyStore.isHardwareBacked() ? 242 R.string.credential_storage_type_hardware : 243 R.string.credential_storage_type_software; 244 245 data = new SearchIndexableRaw(context); 246 data.title = res.getString(storageSummaryRes); 247 data.screenTitle = screenTitle; 248 result.add(data); 249 } 250 251 return result; 252 } 253 254 @Override 255 public List<String> getNonIndexableKeys(Context context) { 256 final List<String> keys = new ArrayList<String>(); 257 258 final UserManager um = UserManager.get(context); 259 260 if (um.hasUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS)) { 261 keys.add(KEY_CREDENTIALS_MANAGER); 262 } 263 264 return keys; 265 } 266 } 267 268 } 269
