Cross Reference: /frameworks/base/services/core/java/com/android/server/LockSettingsService.java

History log of /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
8cbe1a6309ed330000269dccbfce26de97f11e83	17-Jun-2016	Amith Yamasani <yamasani@google.com>	Merge "Clean up ex-users in lock settings db" into nyc-dev
f11a574027a8dbe18d79ce467984d63d07fea9e1	16-Jun-2016	Amith Yamasani <yamasani@google.com>	Clean up ex-users in lock settings db Just in case a userid was not properly cleaned when the user was removed, make sure it is cleaned up when a new user takes up the same userid. This prevents inconsistent lockscreen state and avoids a crash in Settings when trying to set a password for the new user. Fixes: 29412112 Change-Id: Ic4f0efbb97786b0290c74325b28c9d74825e9e53 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
43f6a45e7e111af8a843e001b555082cb356a529	16-Jun-2016	Ricky Wai <rickywai@google.com>	Merge "Add permission checking on service calls in LockSettingsService" into nyc-dev
d04aaa323c3a788d26f18fc66e0a59b47e525b38	13-Jun-2016	Amith Yamasani <yamasani@google.com>	More thorough cleansing of expired users If any /data/system_[c\|d]e folders were not erased when the user was removed (maybe due to a reboot), make sure they're cleaned up on restart as well as when the userId is recycled later. Mark the users' system folders with the correct serial number for later verification. AccountManager shouldn't be querying accounts of partially created/destroyed users. Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb Fixes: 29285673 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
7f405f170f66d201f893a2f29866f528f0ec7fc8	31-May-2016	Ricky Wai <rickywai@google.com>	Add permission checking on service calls in LockSettingsService Bug: 28941207 Change-Id: I113db10bb57f250d44361a0a5144a7d1c990ba4d /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
6c8187282ecc20419a5a70371bc6a21af6d364e0	27-May-2016	Toni Barzic <tbarzic@google.com>	Clear calling identity before calling mountService Change I8106bfba28da401b9fd38349c6a9fa9a24f54712 unwittingly reintroduced requirement for apps that change password to have STORAGE_INTERNAL permission. This fixes the problem by clearing calling identity before calling mountServce in fixateNewestUserKeyAuth, like it's done in addUserKeyAuth. BUG=28154455 BUG=27600227 Change-Id: I1bcd9f6eefa892b021d93df2638c8dba4d4b5400 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
a39d888651493d20f3814cd88a39a521450b3eac	26-May-2016	Jeff Sharkey <jsharkey@google.com>	Merge "Suppress unlock notifications on non-FBE devices." into nyc-dev
4a39936d3669696dc6a25a4023daf7a7e4b158ef	26-May-2016	Jeff Sharkey <jsharkey@android.com>	Suppress unlock notifications on non-FBE devices. We have a longer-term plan to clean up FBE unlock notifications, but in the meantime don't confuse users by quickly flashing them on non-FBE devices. Bug: 28840764 Change-Id: I696508ef981b6f8f51f22ea24487d87d27d5b6e3 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
1cb6f9d8a4827d50e26bf83068a928e47c5c1f1e	26-May-2016	Ricky Wai <rickywai@google.com>	Merge "Add resetKeyStore() in LockSettingsService" into nyc-dev
7b9eb419e35f12963eeea119b51a241146029b74	12-May-2016	Ricky Wai <rickywai@google.com>	Store work lock type even it uses unified lock If we are not storing this, LockPatternUtils.isSecure(workUserId) will return false, and cause some methods like trySetQuietModeDisabled() cannot show screen lock correctly. Bug: 28738725 Change-Id: I7d0b61022b0afff2dac4cdae72d558118ea892e7 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
d398244513c62c9ea14a0f1c6ffef832e803c16f	24-May-2016	Ricky Wai <rickywai@google.com>	Hide work profile key in user credentials screen Bug: 28878708 Change-Id: Ib250fae2388b061430d93b7d65133002ce664993 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
f420c413b9abd58dcbea881535da5b603f7f7afc	25-May-2016	Ricky Wai <rickywai@google.com>	Merge "Unlock work profile storage even work mode is off" into nyc-dev
99df649aa4907d9f9c6fe4bdf4acb517003f97f2	25-May-2016	Ricky Wai <rickywai@google.com>	Merge "Do not tie managed profile synchronously in onUnlockUser()" into nyc-dev
4613fe41ac9e817e76d7087de45bf01f4a6584d6	24-May-2016	Ricky Wai <rickywai@google.com>	Add resetKeyStore() in LockSettingsService Before resetKeyStore(), it will back up child profile keys, and will be restored after primary profile keystore is cleared. Bug: 28878708 Change-Id: I0cb4a1f885d468894bc7eb95af694328bf92ce16 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
4266feeb93fae4603e8a43d065160430a4c784a5	23-May-2016	Ricky Wai <rickywai@google.com>	Unlock work profile storage even work mode is off Bug: 28860823 Change-Id: Ic89027f163e4c4e1ba9e8c24174475b6a4a983a4 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
d86ac8116bfc64c61d8124ff8d3e92be5e55cd3e	23-May-2016	Victor Chang <vichang@google.com>	Merge "New api in LockSettingsService to get StrongAuth synchronously" into nyc-dev
a0940d33dcbac0245ad5467d9c302f8eaee615dc	16-May-2016	Victor Chang <vichang@google.com>	New api in LockSettingsService to get StrongAuth synchronously Not all client needs to monitor the StrongAuth, e.g. ConfirmDeviceCredentialBaseFragment Provide a quick method to get StrongAuth Bug: 28752364 Change-Id: Iecfd217046da38e43297bdd5832cf7d637b979ed /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
cc70155f3bf18341296aaa2163bd2e7df6997b11	17-May-2016	Paul Crowley <paulcrowley@google.com>	Two phases to set the password for disk encryption Revert "Revert "Two phases to set the password for disk encryption"" This reverts commit a1eb750e75ff7c7ef7698deed4442449c33334c8. Bug: 28154455 Bug: 28694324 Change-Id: I8106bfba28da401b9fd38349c6a9fa9a24f54712 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
b0cdf3845fd33cc40a929a2b9b882bf0a3a994d3	16-May-2016	Ricky Wai <rickywai@google.com>	Do not tie managed profile synchronously in onUnlockUser() Bug: 28736098 Change-Id: I2c687c11b9991d0771cfe721e80ac1541c477f2e /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
f829c1463b4805545d15924ad6243b9405eb83d6	10-May-2016	Paul Crowley <paulcrowley@google.com>	Merge "Revert "Two phases to set the password for disk encryption"" into nyc-dev
a1eb750e75ff7c7ef7698deed4442449c33334c8	10-May-2016	Paul Crowley <paulcrowley@google.com>	Revert "Two phases to set the password for disk encryption" This reverts commit 17e5dce5112fece2d2b9cd070c2f96bf65108e40. Bug: 28694324 Change-Id: I6d89bc26cb429b195c9bcf640666c495617257b7 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
84812583030b3799e8a1203b480b78d3825b7adb	10-May-2016	Ricky Wai <rickywai@google.com>	Hide notification before tie managed profile lock We should hide the notification asap before setting managed profile lock, to reduce the time that user is unlocked while the notification is still showing. Bug: 28689675 Change-Id: I289302302e3079726998adefebe2e8b113b2e52a /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
17e5dce5112fece2d2b9cd070c2f96bf65108e40	22-Apr-2016	Paul Crowley <paulcrowley@google.com>	Two phases to set the password for disk encryption In one phase, we make the new password work, and in the second we make it the only one which works ("fixation"). This means that we can set the password in Gatekeeper between these two phases, and a crash doesn't break things. Unlocking a user automatically fixates the presented credential. Bug: 28154455 Change-Id: I18812f9ce753486ce4e33b4fe2cca392b006b39c /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
3423a513e7c0c0a0a7ae0fada1fc684c990c0aa2	04-May-2016	Ricky Wai <rickywai@google.com>	Merge "Do not show exception stack trace when no child profile key" into nyc-dev
de3a068af63abc0f4173d4c4b2d8530bae6dd203	03-May-2016	Ricky Wai <rickywai@google.com>	Do not show exception stack trace when no child profile key Bug: 28396912 Change-Id: I48e3f3223d04a0ba3dd2d975901b0504ce0dd25f /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
0bbd108aa1fee8c69bbaf41990d3f3d8a99d54cb	27-Apr-2016	Paul Lawrence <paullawrence@google.com>	Check permission on clearPassword and other CryptKeeper APIs Note - this should only ever be called from LockScreen after getting the password to avoid the double prompt Bug: 28376346 Change-Id: Ic44df4fdcc23408c56b1b9375deed1c6ad2af544 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
ce18c8167766f92856f94a8e88e19de4698960e6	28-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Introduce "unlocking" vs "unlocked" nuance. There is a narrow window of time during user unlock where we're reconciling user storage and dispatching the "unlock" status to various internal system services. While in this "unlocking" state, apps need to be told that the user still isn't actually "unlocked" so they don't try making calls to AccountManager, etc. The majority of internal services are interested in merging together both the "unlocking" and "unlocked" state, so update them. Clarify naming in AccountManagerService to make it clear that a local list is being used, which mirrors the naming in MountService. To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch after the user is unlocked, but block BOOT_COMPLETED dispatch until after all PRE_BOOT receivers are finished to avoid ANRs. Bug: 28040947, 28164677 Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
7881cf8f818317cc6efe4d6a4c42da94d6bab223	15-Apr-2016	Ricky Wai <rickywai@google.com>	Make "work mode on dialog" show personal challenge in unified work lock Bug: 28183335 Change-Id: Ib212b283b9561f88899f6e7ea130944391b6e558 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
a482c6e5e61c2c01502a344240ef596dfbe84f26	22-Apr-2016	Paul Crowley <paulcrowley@google.com>	Merge "Clear calling identity before calling mountService" into nyc-dev
fd24108ca9876ac4f3598cf06464b78b61f32a96	19-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Don't block while dispatching PRE_BOOT. While we're waiting on the final UX around PRE_BOOT_COMPLETED, don't frustrate users by giving them a lockscreen that appears frozen for several seconds. Bug: 28164677 Change-Id: I54b62cea9bb83bc0f82fdf7e6e46a4640e1a30de /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
275c94aea32e3c95cbf8177c80c77a1b191e7fa3	15-Apr-2016	Jim Miller <jaggies@google.com>	Merge "Fix missing permission check when saving pattern/password" into nyc-dev
23abc598a5bdeb5d1cf66f83ff14eb3f440d5a9a	15-Apr-2016	Benjamin Franz <bfranz@google.com>	Merge "Don't show the unlock notification when Work mode is off" into nyc-dev
f02420c5e1bcc8b2c278f272aca633fe6d2b4e88	04-Apr-2016	Benjamin Franz <bfranz@google.com>	Maybe decrypt user when quiet mode is disabled When quiet mode is disabled for a user and that user is not currently decrypted, we show a confirm credentials screen to trigger decryption of that user. Only if that was successful, do we actually disable quiet mode. Bug: 27764124 Change-Id: Ib1f649194d89e225dad62c14f3ddba1fa3d79da2 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
e484eaff00096f3819c5002b66487b8c1d16ef57	14-Apr-2016	Jim Miller <jaggies@google.com>	Fix missing permission check when saving pattern/password Fixes bug 28163930 Change-Id: Ic98ef20933b352159b88fdef331e83e9ef6e1f20 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
4ab7e595a5deef72448da950f2f973bc0c90fe18	14-Apr-2016	Adrian Roos <roosa@google.com>	StrongAuthTracker: Don't rely on USER_PRESENT USER_PRESENT is sent via the background queue. A delay there can cause us not to recognize that the user has unlocked and prompt for the credential again, when trust or fingerprint would be sufficient. Also removes an obsolete reference to USER_PRESENT from TrustManagerService. Change-Id: Ie8d1a180170df5f0c8f9e71660504fd71eeacd99 Fixes: 27830458 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
53940d4c7f45a26d8b571982a1f8f4b8094aa5e0	05-Apr-2016	Ricky Wai <rickywai@google.com>	Fingerprint should confirm device lock when unified When unified and adding a fingerprint, the user is prompted to set up a backup Bug:27419438 Change-Id: I3e857fa07c50ee0904f685b721595ef6cfe729f9 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
dc283a897680ffd33c4d15535ebe778ba5b42c43	24-Mar-2016	Ricky Wai <rickywai@google.com>	Keymaster init for work profile Changes: (1) When unified work challenge is enabled and screen lock is secure - Store work profile secure key in primary profile - When primary user keystore unlocked, unlock work profile keystore - When primary user change lock to none, remove work secure key (2) When unified work challenge is enabled but screen lock is not secure - When screen lock changes to secure, store work secure key in primary (3) When user changes work challenge from unified to separated - Remove work secure key in primary (4) When user changes work challenge from separate to unified - Do (1) and (2) Bug: 27460698 Change-Id: I8f77bde5dc6b8e59c90256e75c5990100e93366b /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
0f9dd1e2f5561c57a2a233a42749dbfe12a5dc44	06-Apr-2016	Selim Cinek <cinek@google.com>	Deprecated the contentinfo and the number It was mainly adding noise to the notification rather than useful information. Bug: 27431551 Change-Id: Ie22c9935d60eeac1cca5d9ce97239aadfac9b3cf /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
f52709c42e81537db1471ffeb552b4340324c795	01-Apr-2016	Benjamin Franz <bfranz@google.com>	Don't show the unlock notification when Work mode is off Currently we show the unlock work profile notification when work mode is off. This CL stops this from happening. Bug: 27764124 Change-Id: I63e4e09ab8c35a69d10118cf06d8ef33b1e1eb05 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
815036f055173d4dfcddd03a4e6c03d24bff00c7	29-Mar-2016	Paul Crowley <paulcrowley@google.com>	Clear calling identity before calling mountService Apps that change the password shouldn't need the STORAGE_INTERNAL permission. Bug: 27600227 Change-Id: I73e86c3400c19e9b1cea786dc472ab571ac18803 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
bd91e2f3f6aca512a02be645b2515b5e3331e177	22-Mar-2016	Jeff Sharkey <jsharkey@android.com>	Update PRE_BOOT_COMPLETED for FBE. Now that CE data isn't available until after a user is unlocked, we need to delay the PRE_BOOT_COMPLETED broadcasts. This is done by adding a new RUNNING_UNLOCKING user state to the UserController lifecycle. We now track the last fingerprint a user was logged in under, and we dispatch PRE_BOOT receivers when that fingerprint changes. To work around battery pull issues, we only persist the updated fingerprint once all PRE_BOOT receivers have finished. This is less granular than the original solution, but it's still correct. We only consider a user as "logged in" once it transitions into the RUNNING_UNLOCKED state. When starting a process, track if the user was "unlocked" when started, so that we only spin up unaware providers in processes started before user unlock. Add generic IProgressListener to communicate PRE_BOOT progress and strings up to lock screen. For now, LockSettingsService just blocks until finished, but it could display these strings in the future. Bug: 27220885 Change-Id: I349439776b885acd32f6a578d8951ffd95640be2 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
042a68ae3297db27c4bd6aca7f1c39001261b85e	03-Mar-2016	Jim Miller <jaggies@google.com>	Merge "Attempt to fix bug where OwnerInfo gets lost." into nyc-dev
325c56741a4896741f3e3c5894c20ee55090a31b	02-Mar-2016	Jim Miller <jaggies@google.com>	Attempt to fix bug where OwnerInfo gets lost. Bug 27419272 Change-Id: I2f938606c3155afd2fc31b5da640b7b74c397a14 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
0a587d2840ca105746a9e14d018dc8ec2b3442be	23-Feb-2016	Clara Bayarri <clarabayarri@google.com>	Unlock Keystore/Keymaster separately for Work Challenge The Keystore should be unlocked by the work challenge when the work profile has its own lock, and should not be unlocked by the device lock in this case. Tested use cases: When unified, both users have the password key set to the parent's Setting a work challenge changes the work profile's password key to its own Unifying causes the work challenge key to be set to null first and then when the device password is reset right after that it is reset to the same as the parent Unlocking when locks are unified unlocks both using the same password key Unlocking the device when not unified only unlocks the parent Unlocking the work challenge only unlocks the work profile Bug:26817206 Change-Id: I99dca279687f4f77636992e355dbdb607bbf7b6d /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
b1b302660cf5b1b1c5b342cc90eca93b8f66890c	09-Feb-2016	Kenny Guy <kennyguy@google.com>	Support FBE for managed profiles. Allow launcher to see and attempt to launch non-crypto aware application when profile is locked. Hide unlock notification until parent user is unlocked. Have unlock notitication use confirm credentials to unlock the profile. Updated notification strings as per suggestions in mocks to make it clearer between users and profiles. Bug: 27038260 Change-Id: If2d2c8148670d814544f4edd44193d15da32a289 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
faeb3eb0ba190e6d6cfe2b82ce20af587848de57	08-Feb-2016	Paul Crowley <paulcrowley@google.com>	Password security for FBE disk encryption keys Add the means to protect FBE keys with a combination of an auth token from Gatekeeper, and a hash of the password. Both of these must be passed to unlock_user_key. Keys are created unprotected, and change_user_key changes the way they are protected. Bug: 22950892 Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
98e0a266ea27e8dcd4d5e4380921f40f00e7b685	04-Feb-2016	Paul Crowley <paulcrowley@google.com>	Always get an auth token when we verify. We need the auth token for FBE. In a future commit I'll get rid of the "verify" method altogether, but no need right now. Bug: 22950892 Change-Id: Ied2b666f0613dd97e021d3416ec06e44b9397d11 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
b1135b7196c87d74b293fea3f89400aa4f1dd084	03-Feb-2016	Jim Miller <jaggies@google.com>	Add new icon for fbe notification Fixes bug 26863369 Change-Id: I967d585fa251782d18a5f24c025b28d40268dc85 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
e6c28031edb8137beb5d32ffed9e4dc4897d011b	29-Jan-2016	Jim Miller <jaggies@google.com>	FBE notification improvements - change language for FBE "account locked" notification - use lock icon Fixes bug 26863154 Change-Id: I1cf2e230cf717cadd26879a90fdccbade59057a8 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
4f93c58b393bad5d0bcc4237fa66f14fb9c9ee28	28-Jan-2016	Jim Miller <jaggies@google.com>	Add account locked notification when users are encrypted Fixes bug 26407543 Change-Id: Ic66669cd5f75b5fa41449e33133439752cef112b /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
a7aa4d6f0b91e050c083c19459b0c8b265c92617	20-Jan-2016	Rakesh Iyer <rni@google.com>	Allow smart unlock right after boot. This change enables relaxing the constraint by which strong authentication is needed after device reboot. There are very limited use cases where this might be safe, one of which is in a car. Cars head units usually are protected physically by the car and have hardware anti-theft mechanisms so we can potentially allow for Android to allow users to use smart unlock to avoid the lockscreen just after boot. This change adds in a config flag that sets the default trust flags, which can be set to allow smart unlock after boot for car head units. Bug: 26559008 Change-Id: Id6338a97b617ddaf3d2fae5d51235429a42b81cc /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
a1771110d67fa7361f92d92f2e91019882ce3305	18-Dec-2015	Clara Bayarri <clarabayarri@google.com>	Create Work Challenge per-user condition Change the current static condition to a per-user condition so we can check and enable/disable the work challenge properly. Also add an isAllowed API, as the Work Challenge can only be used when the user's DPC targets N or above to maintain backwards compatibility. Change-Id: I0cb8b475838816801868ffb24726407aa257b4de /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
5a0fed684150f53d2d4293408f445f6092c24183	15-Dec-2015	Bryce Lee <brycelee@google.com>	Allow access to deprecated LOCK_PATTERN_ENABLED flag. am: 4614596a39 am: 36393a5674 am: 4ab8b0696a am: 0510ad1bc9 * commit '0510ad1bc9a2da4fa84f1a5417a218dba48563e3': Allow access to deprecated LOCK_PATTERN_ENABLED flag.
4614596a395b6c86fff3f35a07edda2e848d743c	14-Dec-2015	Bryce Lee <brycelee@google.com>	Allow access to deprecated LOCK_PATTERN_ENABLED flag. It is possible that older platforms may have not cleared the lock pattern, but instead only checked this flag to determine the lock pattern enabled state. In such cases, upgrading to a platform with that only checks the lock pattern can lead to the lock screen being re-enabled by accident. These new methods allow this condition to be identified and resolved. Bug: 26029690 Change-Id: I8f7ebc0e1915049afe49c219c87010aa38a16244 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
b9fe53705ca851c39abe44e980219fd6733bf821	03-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Attempt to unlock users with null token. When starting a locked user, try unlocking their storace will a null token, which will typically succeed if there is an insecure lockscreen (no PIN or pattern). For users with a secure lockscreen, pass through a stub token for now to indicate that it came from a user challenge. Eventually we'll hook that up to gatekeeperd. Without this, we were only unlocking users with secure lockscreens. Bug: 25943941 Change-Id: Ia0324d50f43f55dfe0b8366793ddc5d25d885922 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
10ad84a17d7248488c1653bacc9f20d3a7193999	01-Dec-2015	Clara Bayarri <clarabayarri@google.com>	Create a separate Work Challenge check This allows us to tell lock checks from FBE checks separately, and will be useful when dealing with password unification. Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
56878a93989a49538fabccfb7218face645030bf	29-Oct-2015	Clara Bayarri <clarabayarri@google.com>	Create work challenge timeout The work challenge should be locked whenever the device goes to sleep + admin timeout or when the power button is pressed if the lock setting is on. This change creates the infrastructure to lock a specific user instead of the device and uses it in these cases. Then, the current code that brings up the work challenge can check to only show it if the user is locked. Change-Id: I89b4342b1458d97734d7afa66be52bf04ec3a3d4 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
8924e8759f9a8cffb5ad538ca40a7826793aac07	30-Nov-2015	Jeff Sharkey <jsharkey@android.com>	Wire up lifecycle, send unlocked broadcast. When the correct lock pattern is presented, ask the system to also unlock credential-encrypted storage, if enabled. The token passed along is empty for now, but can be wired up to gatekeeper in the future. During each system boot, ask vold to lock all users keys to give us a known starting state. This also has the effect of chmod'ing away any CE data when in emulation mode. Define and send a new foreground broadcast when the CE storage is unlocked for the first time. Add stronger last-ditch checking for encryption-awareness before starting an app. Bug: 22358539 Change-Id: Id1f1bece96a2b4e6f061214d565d51c7396ab521 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
7c69636c9a406265e1da368f3edfd8fb9651132c	16-Sep-2015	Xiaohui Chen <xiaohuic@google.com>	Cleanup USER_OWNER in various services Bug: 19913735 Change-Id: I980370bab18e1b9ccf4043eed2b9fd721a940f72 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
7f5ef05b3f0417e863aaac0f663364582f30c626	26-Aug-2015	Adrian Roos <roosa@google.com>	am 60aff469: am f90169d1: am 5bc2a2c0: am d56892da: Merge "Disable fingerprint after user lockout" into mnc-dr-dev * commit '60aff469b2abd8787ba4c3d326909128b57d06ea': Disable fingerprint after user lockout
873010dfeea11e0f9982c66ad9bdc990d055b129	26-Aug-2015	Adrian Roos <roosa@google.com>	Disable fingerprint after user lockout Bug: 22677859 Change-Id: I38b918d2e40b5bb423f2e5c171fe65bed8d440a6 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
e3b07451c3ca7064cb70f1829cf35963cba74bd8	22-Aug-2015	Adrian Roos <roosa@google.com>	resolved conflicts for merge of bcc26c02 to master Change-Id: I4260ff0d090cfa9741fd3adcfcadcbbff6839388
b5e4722891e7bbf2fffcd995af02838667a3abab	15-Aug-2015	Adrian Roos <roosa@google.com>	Add StrongAuthTracker Bug: 22846469 Bug: 22115393 Change-Id: I6ef5322d02e540fc043e7f20d3aabf595ce7c224 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
6086a25eb7721d7a59445796b73ee4c3f2e87701	30-Jul-2015	Adrian Roos <roosa@google.com>	am 5334b265: am aeda904f: am 4371922d: am 8e9b33f8: am 726d47b7: Merge "Fix and deprecate lock pattern related settings" into mnc-dev * commit '5334b265af71a31b0cf428b97b437ac040c067dc': Fix and deprecate lock pattern related settings
7811d9f5095a343acd218f4bb0a0e9e8f480b401	28-Jul-2015	Adrian Roos <roosa@google.com>	Fix and deprecate lock pattern related settings Bug: 22557690 Change-Id: Ib4b3ef7cebe815ba9d9d2284f945a9ec746b216c /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
2c4a573f38a942b75d0321e66da2042753188cb7	10-Jul-2015	Andres Morales <anmorales@google.com>	[LockSettings] fail hard when there's an error enrolling Soft failing causes state to go out of whack Bug: 22367550 Change-Id: I9f078cf1c39c35913c672741d8fb1be0b9c8c9e8 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
3188574c14c479a2898e5251b6b01db6be007975	30-Jun-2015	Andres Morales <anmorales@google.com>	Merge "[LockSettings] adjust legacy patterns to base 0 for unlocking keystore" into mnc-dev
59ef126f0787fb1edeec8fcc3ebaadaf12f18c06	26-Jun-2015	Andres Morales <anmorales@google.com>	[LockSettings] adjust legacy patterns to base 0 for unlocking keystore Otherwise, L keys will be lost as they're encrypted with the base 0 pattern. Keystore password is then re-enrolled with the base '1' pattern. Bug: 22118231 Change-Id: I37aea2afc3069f1ba48cb073268f1d66978b723e /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
f1900b500f71c372376b5d951d581afcca8d7b57	25-Jun-2015	Andres Morales <anmorales@google.com>	Merge "[LockSettings] clear secure user id when user is removed" into mnc-dev
070fe63962baf30a648f7f85a7d00c177fc8b7c5	24-Jun-2015	Andres Morales <anmorales@google.com>	[LockSettings] clear secure user id when user is removed Needed for QCOM HALs and for general good housekeeping Bug: 22011857 Change-Id: I6cc157a88ee125ecbf81fc51c226c63ba1d34b80 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
6d2c0e5ee2f717d4a5c00df08aca21c76eea8278	23-Jun-2015	Svetoslav Ganov <svetoslavganov@google.com>	Remove not needed contacts related permissions. This reverts commit ed5ff51b2ca7c051e2719dfc8a8a083e6208848e. Change-Id: If2407e4e474a438d95e1b7ad1aa6f441bb3ace08 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
ed5ff51b2ca7c051e2719dfc8a8a083e6208848e	23-Jun-2015	Bart Sears <bsears@google.com>	Revert "Remove not needed contacts related perissions." Broke the build, reverting. This reverts commit a2991da0d671adf511ccb884cf25bf1241303f92. Change-Id: I2bdfa70fbd8a6c03e48426f85eeb63896762d5da /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
a2991da0d671adf511ccb884cf25bf1241303f92	22-Jun-2015	Svet Ganov <svetoslavganov@google.com>	Remove not needed contacts related perissions. Removing the read/write profile/social stream permissions as they are not needed anymore. These permissions are for accessing data nested in the conacts provider which is already guaded by the read/write contacts runtime permissions. The removed permissions would be in the contacts group which means they would not provide more protection compated to read/write contacts. Also removing the permissions voids the need for app op support for legacy apps. Removed deprecated APIs for social streams as these were deprecated and will go away in the next release. We want apps targeting M to not be able to compile if still suing these APIs to help with migration. Change-Id: I26ed9055847af7f92c78eb0f4ac8f9f1aa616fcd /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
e40bad8cf9397becdf05776c775c8286d3de46fa	28-May-2015	Andres Morales <anmorales@google.com>	[LockSettings] migrate patterns to be indexed at '1' Base zero patterns (ones where the top left is idx 0) are not handled properly by scrypt. Add logic to re-enroll base zero patterns such that the top left is idx 1. Bug: 21433955 Change-Id: I7f67f2c67d40dd1be6c62117710dc3b0392275a2 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
2397427cb1a0bad8a42e6a342dcf29b31e40a234	15-May-2015	Andres Morales <anmorales@google.com>	[LockSettings] migrate password attempt throttling to hardware leverage root protected, cryptographically secured hardware if available Bug: 21118563 Change-Id: Ifa804c5a0728bfd14466eb2a84051bace6d33d57 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
83ce095c848b972156256855d0f2a2ff4aa068fd	12-May-2015	Chad Brubaker <cbrubaker@google.com>	Add keystore onUserAdded/Removed methods (cherry-picked from commit 31c2897105e6d71f8e6edeab312d2147bbdbaeb1) Change-Id: I73fe9344ec5660e58425d5c85d14381820533d57 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
a91a8504191d91d288c55821caa5bf00c9be26a2	07-May-2015	Chad Brubaker <cbrubaker@google.com>	Cleanup keystore password changing and unlocking Add KeyStore.onUserPasswordChanged for the lockscreen to call when the user changes their password. Keystore will then handle the logic of deleting keys. Instead of calling Keystore.password_uid for both unlocking and password changes the behavior has been split into Keystore.unlock and onUserPasswordChanged. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
4383058bf4956f3a3132a58f0904087fdd569526	22-Apr-2015	Adrian Roos <roosa@google.com>	Migrate lockscreen.disabled on upgrade Bug: 19962043 Change-Id: Iecec4ea869aeb9d814f7447b4805caa571f3fd01 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
301ea449921663ffe5673fb5751a7185a40bd5ea	17-Apr-2015	Andres Morales <anmorales@google.com>	Recover from dead GateKeeperService Binder Change-Id: Ie25b46225a88fd59e6426a338bb94152d2c1b302 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
cfb61601fa4e92445655de7b82d2bc0ea9000824	17-Apr-2015	Andres Morales <anmorales@google.com>	Clear secure user ID and notify keystore when lock is cleared Change-Id: Id5bbde81b83add09e8362d439b19f1febe451003 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
d9fc85ac27742adbe89e54fd35f3cb2469e94b91	10-Apr-2015	Andres Morales <anmorales@google.com>	Add challenge to IGateKeeperService required for enrolling secondary auth form-factors Change-Id: Id5a1eb1ed22f01fbaabe8e4ebddfc42d58322625 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
8fa5665f0e757cec0063fb4cf1354f1596f93a91	31-Mar-2015	Andres Morales <anmorales@google.com>	Wire up GateKeeper to LockSettingsService Adds: - Communication to GKService - password upgrade flow - enroll takes previous credential Change-Id: I0161b64642be3d0e34ff4a9e6e3ca8569f2d7c0a /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
855fa30b74c99410869a7cdfa4cf07b37937c238	02-Apr-2015	Adrian Roos <roosa@google.com>	Prevent non-platform apps from reading password type Bug: 20040521 Change-Id: I2b11dd05ff1c978ef658c9f5434eed578b742992 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
08c7116ab9cd04ad6dd3c04aa1017237e7f409ac	28-Feb-2015	John Spurlock <jspurlock@google.com>	Remove unused imports in frameworks/base. Change-Id: I031443de83f93eb57a98863001826671b18f3b17 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
001b00d3bd8c20c7e73cb8101cbe98291bd5e68f	24-Feb-2015	Adrian Roos <roosa@google.com>	Prevent regular processes from accessing the password history Bug: 19019350 Change-Id: Iee410d62827fe0f9d43e08dd8869e8eea590382f /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
072543f58037697772663ed34ee26317e9d662c5	13-Feb-2015	Amith Yamasani <yamasani@google.com>	Backup/restore owner info from locksettings Backup the owner info string and whether or not owner info is to be shown on the lockscreen. Watch for changes to the two settings in LockSettingsService and inform backup manager. Bump up version numbers for the new entity. Bug: 19300363 Change-Id: I35485c961d18b26be68873f4d5eeedc5ae513cc8 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
9dd16ebcf2a25c189a39b72847d3db2b1189cb4d	08-Jan-2015	Adrian Roos <roosa@google.com>	LockPatternUtils clean up continued - Deprecate Settings.Secure.LOCK_PATTERN_ENABLED - Remove unused permanent lock out - Disallow empty/null arguments to saveLockPattern and saveLockPassword - Refactor repeated quality checks Change-Id: I6f369eb60f8f6bb1e33384cd06534c713ab52e79 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
db0f76e1d85f8cb878a9540ac1b692636f9fd89e	07-Jan-2015	Adrian Roos <roosa@google.com>	Directly dispatch USER_REMOVED to LockSettingsService Bug: 18931518 Change-Id: Ibaf875a06868ae3196115d77eed6874daf2fec16 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
230635efe7ffb09d6dc56bfd9193aa1d89c8a898	07-Jan-2015	Adrian Roos <roosa@google.com>	Purge biometric weak and keyguard widgets Bug: 18931518 Change-Id: I5da41908b1d6895a69f981e139f2d268327fafcd /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
138b83347b8da29166ee2eb09fa8126686bda3c7	11-Nov-2014	Adrian Roos <roosa@google.com>	Obliterate LockPatternUtilsCache It is disabled dead code already and not useful anymore with the new caching in LockSettingsService. Bug: 18163444 Change-Id: Icc184e923e0fbeab31ed128336c01f835b24c6f2 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
3dcae68501a1fc1c433d12a9d55a31c7eaab016c	29-Oct-2014	Adrian Roos <roosa@google.com>	Add caching to LockSettingsStorage Bug: 18163444 Change-Id: I4caa80ca55efec761e965807ae793db41864321f /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
450ce9fc8a1522819aec151433e6f509dfe60690	29-Oct-2014	Adrian Roos <roosa@google.com>	Disable LockPatternUtilsCache Also fix a bug where hasPattern and hasPassword were not invalidated properly. Bug: 18163444 Change-Id: I5bd8cc4e7c0d00497ee7a42f3c34449aa3f95a6c /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
261d5ab8f4c3fdd34163468fd48ab07f7ad13d3c	29-Oct-2014	Adrian Roos <roosa@google.com>	Refactor LockSettingsService into storage and logic Creates a new LockSettingsStorage class to handle stroring and retreiving data. Bug: 18163444 Change-Id: Ia3bc4ad679c5e1217756ae6b3b80cfce3599baed /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
49d810cb632bd4c334ebfd3932658fa6973bcbef	23-Sep-2014	Robin Lee <rgl@google.com>	Reset keystore when user is added or removed Because user IDs are recycled it is not safe to leave this kind of information around after deleting. Bug: 17403144 Change-Id: I441f85750cf8818adaf62a1acdb2ba7b4bfc1b7e /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
1096cf8664963a136a325b2bc511c8f381b9ba77	01-Sep-2014	Robin Lee <rgl@google.com>	Delete locksettings files for toplevel users only Fixes an issue created by change: I7941707ca66ac25bd122fd22e5e0f639e7af697e Bug: 16233206 Change-Id: Ia905d153e94303acd611178333adc77c68933711 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
f0246a8a14d69680d1776620e75a485cf963e574	13-Aug-2014	Robin Lee <rgl@google.com>	Keep managed profile keystores in sync with owner Fixes setting a keyguard password for keystore in a multi-user setup while we're at it. Bug: 16233206. Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
987672d2621fa5278dbf48cbef46c50d3fafe4c1	18-Jul-2014	Geoffrey Borggaard <geoffreyb@google.com>	Fixes setting password through DevicePolicyManager LockPatternUtils wasn't taking the userId into account when looking up the salt. Bug: 16204999 Change-Id: I0626b5a0a55c244122c24fb4446f270918f3187c /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
4f7884542ce8fba5bfed01ed834a32e6d3e2dea5	22-May-2014	Adrian Roos <roosa@google.com>	Add a cache to LockPatternUtils Caches responses from LockSettingsService in the client process. Bug: 15088101 Change-Id: If77c5ec45f52a02c800d50cb8550bfcb180f301d /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
945490c12e32b1c13b9097c00702558260b2011f	27-Mar-2014	Paul Lawrence <paullawrence@google.com>	Don't double prompt on booting encrypted device vold will store password securely until KeyGuard requests it and hands it on to KeyStore. This is a revision of https://googleplex-android-review.git.corp.google.com/#/c/418123/ which was reverted. It had two bugs in LockSettingsService.checkVoldPassword. 1) We were not checking password for null, which caused an exception 2) checkPattern/checkPassword return true if there is no saved pattern or password. This leads to situations where we get true returned even when the password doesn't match. Call the correct one based on what is there, not what vold thinks ought to be there. Bug: 12990752 Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
6ee7d25010d4f23b44a151f3953225ba253de8af	26-Mar-2014	Paul Lawrence <paullawrence@google.com>	Revert "Don't prompt at boot if we already did that when decrypting" This reverts commit 493e3e7e6523fd94cc1acae3e45935a1227d58c3. Should fixes Bug: 13611885 Bug: 13656830 Change-Id: I117c988bb6679f44f8add4fcc18f45cb8238dfb4 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
493e3e7e6523fd94cc1acae3e45935a1227d58c3	06-Feb-2014	Paul Lawrence <paullawrence@google.com>	Don't prompt at boot if we already did that when decrypting vold will store password securely until KeyGuard requests it and hands it on to KeyStore. Needs matching vold changes from https://googleplex-android-review.git.corp.google.com/#/c/432050/ Bug: 12990752 Change-Id: I930ed8180cf0b8feb1e58db043d5fb6dff1bab20 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea	20-Dec-2013	Amith Yamasani <yamasani@google.com>	am 9158825f: Move some system services to separate directories * commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce': Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce	22-Nov-2013	Amith Yamasani <yamasani@google.com>	Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85 /frameworks/base/services/core/java/com/android/server/LockSettingsService.java