KeyguardSecurityModel.java revision cc4104fd71225ed092f16b11882d9a10084e34ac
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package com.android.internal.policy.impl.keyguard; 17 18import android.app.admin.DevicePolicyManager; 19import android.content.Context; 20 21import com.android.internal.telephony.IccCardConstants; 22import com.android.internal.widget.LockPatternUtils; 23 24public class KeyguardSecurityModel { 25 /** 26 * The different types of security available for {@link Mode#UnlockScreen}. 27 * @see com.android.internal.policy.impl.LockPatternKeyguardView#getUnlockMode() 28 */ 29 enum SecurityMode { 30 None, // No security enabled 31 Pattern, // Unlock by drawing a pattern. 32 Password, // Unlock by entering a password or PIN 33 Biometric, // Unlock with a biometric key (e.g. finger print or face unlock) 34 Account, // Unlock by entering an account's login and password. 35 SimPin, // Unlock by entering a sim pin. 36 SimPuk // Unlock by entering a sim puk 37 } 38 39 private Context mContext; 40 private LockPatternUtils mLockPatternUtils; 41 42 KeyguardSecurityModel(Context context) { 43 mContext = context; 44 mLockPatternUtils = new LockPatternUtils(context); 45 } 46 47 void setLockPatternUtils(LockPatternUtils utils) { 48 mLockPatternUtils = utils; 49 } 50 51 /** 52 * Returns true if biometric unlock is installed and selected. If this returns false there is 53 * no need to even construct the biometric unlock. 54 */ 55 private boolean isBiometricUnlockEnabled() { 56 return mLockPatternUtils.usingBiometricWeak() 57 && mLockPatternUtils.isBiometricWeakInstalled(); 58 } 59 60 /** 61 * Returns true if a condition is currently suppressing the biometric unlock. If this returns 62 * true there is no need to even construct the biometric unlock. 63 */ 64 private boolean isBiometricUnlockSuppressed() { 65 KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext); 66 final boolean backupIsTimedOut = monitor.getFailedUnlockAttempts() >= 67 LockPatternUtils.FAILED_ATTEMPTS_BEFORE_TIMEOUT; 68 return monitor.getMaxBiometricUnlockAttemptsReached() || backupIsTimedOut 69 || monitor.didBiometricUnlockUserSwitch(); 70 } 71 72 SecurityMode getSecurityMode() { 73 KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(mContext); 74 final IccCardConstants.State simState = updateMonitor.getSimState(); 75 SecurityMode mode = SecurityMode.None; 76 if (simState == IccCardConstants.State.PIN_REQUIRED) { 77 mode = SecurityMode.SimPin; 78 } else if (simState == IccCardConstants.State.PUK_REQUIRED 79 && mLockPatternUtils.isPukUnlockScreenEnable()) { 80 mode = SecurityMode.SimPuk; 81 } else { 82 final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality(); 83 switch (security) { 84 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: 85 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: 86 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: 87 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: 88 mode = mLockPatternUtils.isLockPasswordEnabled() ? 89 SecurityMode.Password : SecurityMode.None; 90 break; 91 92 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: 93 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: 94 if (mLockPatternUtils.isLockPatternEnabled()) { 95 mode = mLockPatternUtils.isPermanentlyLocked() ? 96 SecurityMode.Account : SecurityMode.Pattern; 97 } 98 break; 99 100 default: 101 throw new IllegalStateException("Unknown unlock mode:" + mode); 102 } 103 } 104 return mode; 105 } 106 107 /** 108 * Some unlock methods can have an alternate, such as biometric unlocks (e.g. face unlock). 109 * This function decides if an alternate unlock is available and returns it. Otherwise, 110 * returns @param mode. 111 * 112 * @param mode the mode we want the alternate for 113 * @return alternate or the given mode 114 */ 115 SecurityMode getAlternateFor(SecurityMode mode) { 116 if (isBiometricUnlockEnabled() && !isBiometricUnlockSuppressed() 117 && (mode == SecurityMode.Password || mode == SecurityMode.Pattern)) { 118 return SecurityMode.Biometric; 119 } 120 return mode; // no alternate, return what was given 121 } 122 123 /** 124 * Some unlock methods can have a backup which gives the user another way to get into 125 * the device. This is currently only supported for Biometric and Pattern unlock. 126 * 127 * @return backup method or current security mode 128 */ 129 SecurityMode getBackupSecurityMode() { 130 SecurityMode mode = getSecurityMode(); 131 132 // Note that getAlternateFor() cannot be called here because we want to get the backup for 133 // biometric unlock even if it's suppressed; it just has to be enabled. 134 if (isBiometricUnlockEnabled() 135 && (mode == SecurityMode.Password || mode == SecurityMode.Pattern)) { 136 mode = SecurityMode.Biometric; 137 } 138 switch(mode) { 139 case Biometric: 140 return getSecurityMode(); 141 case Pattern: 142 return SecurityMode.Account; 143 } 144 return mode; // no backup, return current security mode 145 } 146} 147