KeyguardSecurityModel.java revision 9ded0e1d48c016883858dd2dc574787524c6df84
1/* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package com.android.internal.policy.impl.keyguard; 17 18import android.app.admin.DevicePolicyManager; 19import android.content.Context; 20 21import com.android.internal.telephony.IccCardConstants; 22import com.android.internal.widget.LockPatternUtils; 23 24public class KeyguardSecurityModel { 25 /** 26 * The different types of security available for {@link Mode#UnlockScreen}. 27 * @see com.android.internal.policy.impl.LockPatternKeyguardView#getUnlockMode() 28 */ 29 enum SecurityMode { 30 None, // No security enabled 31 Pattern, // Unlock by drawing a pattern. 32 Password, // Unlock by entering a password or PIN 33 Biometric, // Unlock with a biometric key (e.g. finger print or face unlock) 34 Account, // Unlock by entering an account's login and password. 35 SimPin, // Unlock by entering a sim pin. 36 SimPuk // Unlock by entering a sim puk 37 } 38 39 private Context mContext; 40 private LockPatternUtils mLockPatternUtils; 41 42 KeyguardSecurityModel(Context context) { 43 mContext = context; 44 mLockPatternUtils = new LockPatternUtils(context); 45 } 46 47 void setLockPatternUtils(LockPatternUtils utils) { 48 mLockPatternUtils = utils; 49 } 50 51 /** 52 * Returns true if biometric unlock is installed and selected. If this returns false there is 53 * no need to even construct the biometric unlock. 54 */ 55 private boolean isBiometricUnlockEnabled() { 56 return mLockPatternUtils.usingBiometricWeak() 57 && mLockPatternUtils.isBiometricWeakInstalled(); 58 } 59 60 /** 61 * Returns true if a condition is currently suppressing the biometric unlock. If this returns 62 * true there is no need to even construct the biometric unlock. 63 */ 64 private boolean isBiometricUnlockSuppressed() { 65 KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext); 66 final boolean backupIsTimedOut = monitor.getFailedUnlockAttempts() >= 67 LockPatternUtils.FAILED_ATTEMPTS_BEFORE_TIMEOUT; 68 return monitor.getMaxBiometricUnlockAttemptsReached() || backupIsTimedOut; 69 } 70 71 SecurityMode getSecurityMode() { 72 KeyguardUpdateMonitor updateMonitor = KeyguardUpdateMonitor.getInstance(mContext); 73 final IccCardConstants.State simState = updateMonitor.getSimState(); 74 SecurityMode mode = SecurityMode.None; 75 if (simState == IccCardConstants.State.PIN_REQUIRED) { 76 mode = SecurityMode.SimPin; 77 } else if (simState == IccCardConstants.State.PUK_REQUIRED 78 && mLockPatternUtils.isPukUnlockScreenEnable()) { 79 mode = SecurityMode.SimPuk; 80 } else { 81 final int security = mLockPatternUtils.getKeyguardStoredPasswordQuality(); 82 switch (security) { 83 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: 84 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: 85 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: 86 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: 87 mode = mLockPatternUtils.isLockPasswordEnabled() ? 88 SecurityMode.Password : SecurityMode.None; 89 break; 90 91 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: 92 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: 93 if (mLockPatternUtils.isLockPatternEnabled()) { 94 mode = mLockPatternUtils.isPermanentlyLocked() ? 95 SecurityMode.Account : SecurityMode.Pattern; 96 } 97 break; 98 99 default: 100 throw new IllegalStateException("Unknown unlock mode:" + mode); 101 } 102 } 103 return mode; 104 } 105 106 /** 107 * Some unlock methods can have an alternate, such as biometric unlocks (e.g. face unlock). 108 * This function decides if an alternate unlock is available and returns it. Otherwise, 109 * returns @param mode. 110 * 111 * @param mode the mode we want the alternate for 112 * @return alternate or the given mode 113 */ 114 SecurityMode getAlternateFor(SecurityMode mode) { 115 if (isBiometricUnlockEnabled() && !isBiometricUnlockSuppressed() 116 && (mode == SecurityMode.Password || mode == SecurityMode.Pattern)) { 117 return SecurityMode.Biometric; 118 } 119 return mode; // no alternate, return what was given 120 } 121 122 /** 123 * Some unlock methods can have a backup which gives the user another way to get into 124 * the device. This is currently only supported for Biometric and Pattern unlock. 125 * 126 * @return backup method or current security mode 127 */ 128 SecurityMode getBackupSecurityMode() { 129 SecurityMode mode = getSecurityMode(); 130 131 // Note that getAlternateFor() cannot be called here because we want to get the backup for 132 // biometric unlock even if it's suppressed; it just has to be enabled. 133 if (isBiometricUnlockEnabled() 134 && (mode == SecurityMode.Password || mode == SecurityMode.Pattern)) { 135 mode = SecurityMode.Biometric; 136 } 137 switch(mode) { 138 case Biometric: 139 return getSecurityMode(); 140 case Pattern: 141 return SecurityMode.Account; 142 } 143 return mode; // no backup, return current security mode 144 } 145} 146