Use default encryption password if an accessibility service is enabled.
If accessibility is on and the user selectes a secure lock we use weaker
encryption to enable running accessibility layer at the time the user
authenticates. This change adds a warning message to the enable accessibility
service dialog if there is a secure lock and also adds a warning as a
summary for the secure lock in the lock chooser activity. Both warning
mention the weaker encryption to be used.
bug:17671790
Change-Id: Ib5cc9d3a78f751e18362bb9238fd2804c3b600f8
diff --git a/res/layout/enable_accessibility_service_dialog_content.xml b/res/layout/enable_accessibility_service_dialog_content.xml
index fbeeb27..25c6ba2 100644
--- a/res/layout/enable_accessibility_service_dialog_content.xml
+++ b/res/layout/enable_accessibility_service_dialog_content.xml
@@ -28,6 +28,12 @@
android:paddingStart="16dip"
android:paddingEnd="16dip" >
+ <TextView android:id="@+id/encryption_warning"
+ android:layout_width="fill_parent"
+ android:layout_height="wrap_content"
+ android:padding="10dip"
+ android:textAppearance="?android:attr/textAppearanceMedium"/>
+
<TextView android:id="@+id/capabilities_header"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 139bacc..38ad820 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -3665,6 +3665,14 @@
<!-- Title for the list of capabilities of an accessibility service. -->
<string name="capabilities_list_title"><xliff:g id="service" example="TalkBack">%1$s</xliff:g>
needs to:</string>
+ <!-- Warning that the device data will not be encrypted with password or PIN if
+ enabling an accessibility service and there is a secure lock setup. [CHAR LIMIT=NONE] -->
+ <string name="enable_service_encryption_warning">If you turn on <xliff:g id="service"
+ example="TalkBack">%1$s</xliff:g>, your data\'s encryption won\'t be as strong.</string>
+ <!-- Warning that the device data will not be encrypted with password or PIN if
+ choosing a secure lock and there is an enabled accessibility service. [CHAR LIMIT=NONE] -->
+ <string name="secure_lock_encryption_warning">Because you\'ve turned on an accessibility service,
+ encryption based on this type of lock won\'t be as strong.</string>
<!-- Title for the capability of an accessibility service to receive events and keys. -->
<string name="capability_title_receiveAccessibilityEvents">Observe your actions</string>
diff --git a/src/com/android/settings/ChooseLockGeneric.java b/src/com/android/settings/ChooseLockGeneric.java
index c444dc4..c65aa21 100644
--- a/src/com/android/settings/ChooseLockGeneric.java
+++ b/src/com/android/settings/ChooseLockGeneric.java
@@ -16,6 +16,7 @@
package com.android.settings;
+import android.accessibilityservice.AccessibilityServiceInfo;
import android.app.Activity;
import android.app.PendingIntent;
import android.app.admin.DevicePolicyManager;
@@ -32,6 +33,7 @@
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
+import android.view.accessibility.AccessibilityManager;
import android.widget.ListView;
import com.android.internal.widget.LockPatternUtils;
@@ -213,6 +215,7 @@
}
addPreferencesFromResource(R.xml.security_settings_picker);
disableUnusablePreferences(quality, allowBiometric);
+ updatePreferenceSummaryIfNeeded();
} else {
updateUnlockMethodAndFinish(quality, false);
}
@@ -292,6 +295,28 @@
}
}
+ private void updatePreferenceSummaryIfNeeded() {
+ if (AccessibilityManager.getInstance(getActivity()).getEnabledAccessibilityServiceList(
+ AccessibilityServiceInfo.FEEDBACK_ALL_MASK).isEmpty()) {
+ return;
+ }
+
+ CharSequence summary = getString(R.string.secure_lock_encryption_warning);
+
+ PreferenceScreen screen = getPreferenceScreen();
+ final int preferenceCount = screen.getPreferenceCount();
+ for (int i = 0; i < preferenceCount; i++) {
+ Preference preference = screen.getPreference(i);
+ switch (preference.getKey()) {
+ case KEY_UNLOCK_SET_PATTERN:
+ case KEY_UNLOCK_SET_PIN:
+ case KEY_UNLOCK_SET_PASSWORD: {
+ preference.setSummary(summary);
+ } break;
+ }
+ }
+ }
+
/**
* Check whether the key is allowed for fallback (e.g. bio sensor). Returns true if it's
* supported as a backup.
diff --git a/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java b/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java
index f4b85f3..2375061 100644
--- a/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java
+++ b/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java
@@ -36,6 +36,7 @@
import android.widget.LinearLayout;
import android.widget.TextView;
+import com.android.internal.widget.LockPatternUtils;
import com.android.settings.R;
import com.android.settings.widget.ToggleSwitch;
import com.android.settings.widget.ToggleSwitch.OnBeforeCheckedChangeListener;
@@ -201,6 +202,17 @@
View content = inflater.inflate(R.layout.enable_accessibility_service_dialog_content,
null);
+ TextView encryptionWarningView = (TextView) content.findViewById(
+ R.id.encryption_warning);
+ if (LockPatternUtils.isDeviceEncrypted()) {
+ String text = getString(R.string.enable_service_encryption_warning,
+ info.getResolveInfo().loadLabel(getPackageManager()));
+ encryptionWarningView.setText(text);
+ encryptionWarningView.setVisibility(View.VISIBLE);
+ } else {
+ encryptionWarningView.setVisibility(View.GONE);
+ }
+
TextView capabilitiesHeaderView = (TextView) content.findViewById(
R.id.capabilities_header);
capabilitiesHeaderView.setText(getString(R.string.capabilities_list_title,