Remove FDE support from accessibility settings
With FDE (Full Disk Encryption), secure start-up (i.e. requiring a PIN /
pattern / password to boot the device) was incompatible with
accessibility services. Thus, the accessibility settings would ask the
user to disable secure start-up when enabling an accessibility service.
Now that FDE support has been removed in favor of FBE (File Based
Encryption), this is no longer necessary. Remove it.
Bug: 208476087
Change-Id: I5f6e512f223df63e1b4d1c181fc8b3fe683dcd5f
diff --git a/res/layout/enable_accessibility_service_dialog_content.xml b/res/layout/enable_accessibility_service_dialog_content.xml
index 6b3220b..3fe932c 100644
--- a/res/layout/enable_accessibility_service_dialog_content.xml
+++ b/res/layout/enable_accessibility_service_dialog_content.xml
@@ -43,14 +43,6 @@
style="@style/AccessibilityDialogTitle" />
<TextView
- android:id="@+id/encryption_warning"
- android:layout_width="fill_parent"
- android:layout_height="wrap_content"
- android:padding="10dip"
- android:textAlignment="viewStart"
- android:textAppearance="?android:attr/textAppearanceMedium"/>
-
- <TextView
android:id="@+id/permissionDialog_description"
android:text="@string/accessibility_service_warning_description"
style="@style/AccessibilityDialogDescription" />
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 9dc7a95..a61b09b 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -5727,30 +5727,6 @@
can't verify user consent. [CHAR LIMIT=NONE] -->
<string name="touch_filtered_warning">Because an app is obscuring a permission request, Settings
can’t verify your response.</string>
- <!-- Warning that the device data will not be encrypted with password or PIN if
- enabling an accessibility service and there is a secure lock setup. [CHAR LIMIT=NONE] -->
- <string name="enable_service_encryption_warning">If you turn on <xliff:g id="service"
- example="TalkBack">%1$s</xliff:g>, your device won’t use your screen lock to enhance
- data encryption.</string>
- <!-- Warning that the device data will not be encrypted with password or PIN if
- choosing a secure lock and there is an enabled accessibility service. [CHAR LIMIT=NONE] -->
- <string name="secure_lock_encryption_warning">Because you\u2019ve turned on an accessibility service,
- your device won’t use your screen lock to enhance data encryption.</string>
-
- <!-- Message to the users to enter their pattern before enabling an accessibility service. [CHAR LIMIT=NONE] -->
- <string name="enable_service_pattern_reason">Because turning on <xliff:g id="service"
- example="TalkBack">%1$s</xliff:g> affects data encryption, you need to confirm your pattern.
- </string>
-
- <!-- Message to the users to enter their PIN before enabling an accessibility service. [CHAR LIMIT=NONE] -->
- <string name="enable_service_pin_reason">Because turning on <xliff:g id="service"
- example="TalkBack">%1$s</xliff:g> affects data encryption, you need to confirm your PIN.
- </string>
-
- <!-- Message to the users to enter their password before enabling an accessibility service. [CHAR LIMIT=NONE] -->
- <string name="enable_service_password_reason">Because turning on <xliff:g id="service"
- example="TalkBack">%1$s</xliff:g> affects data encryption, you need to confirm your password.
- </string>
<!-- Warning that explains that accessibility services have a lot of access to user data [CHAR LIMIT=NONE] -->
<string name="accessibility_service_warning"><xliff:g id="service"
diff --git a/src/com/android/settings/accessibility/AccessibilityServiceWarning.java b/src/com/android/settings/accessibility/AccessibilityServiceWarning.java
index dcf7897..93ec8030 100644
--- a/src/com/android/settings/accessibility/AccessibilityServiceWarning.java
+++ b/src/com/android/settings/accessibility/AccessibilityServiceWarning.java
@@ -23,7 +23,6 @@
import android.content.Context;
import android.content.DialogInterface;
import android.graphics.drawable.Drawable;
-import android.os.storage.StorageManager;
import android.text.BidiFormatter;
import android.view.LayoutInflater;
import android.view.MotionEvent;
@@ -86,16 +85,6 @@
return ad;
}
- /**
- * Returns whether the device is encrypted with legacy full disk encryption. Newer devices
- * should be using File Based Encryption.
- *
- * @return true if device is encrypted
- */
- private static boolean isFullDiskEncrypted() {
- return StorageManager.isNonDefaultBlockEncrypted();
- }
-
private static View createEnableDialogContentView(Context context,
@NonNull AccessibilityServiceInfo info, View.OnClickListener listener,
UninstallActionPerformer performer) {
@@ -105,17 +94,6 @@
View content = inflater.inflate(R.layout.enable_accessibility_service_dialog_content,
null);
- TextView encryptionWarningView = (TextView) content.findViewById(
- R.id.encryption_warning);
- if (isFullDiskEncrypted()) {
- String text = context.getString(R.string.enable_service_encryption_warning,
- getServiceName(context, info));
- encryptionWarningView.setText(text);
- encryptionWarningView.setVisibility(View.VISIBLE);
- } else {
- encryptionWarningView.setVisibility(View.GONE);
- }
-
final Drawable icon;
if (info.getResolveInfo().getIconResource() == 0) {
icon = ContextCompat.getDrawable(context, R.drawable.ic_accessibility_generic);
diff --git a/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java b/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java
index fd987a3..04b5347 100644
--- a/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java
+++ b/src/com/android/settings/accessibility/ToggleAccessibilityServicePreferenceFragment.java
@@ -21,9 +21,7 @@
import static com.android.settings.accessibility.PreferredShortcuts.retrieveUserShortcutType;
import android.accessibilityservice.AccessibilityServiceInfo;
-import android.app.Activity;
import android.app.Dialog;
-import android.app.admin.DevicePolicyManager;
import android.app.settings.SettingsEnums;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
@@ -39,9 +37,6 @@
import android.os.Bundle;
import android.os.Handler;
import android.os.SystemClock;
-import android.os.UserHandle;
-import android.os.storage.StorageManager;
-import android.provider.Settings;
import android.text.TextUtils;
import android.util.Log;
import android.view.Menu;
@@ -52,11 +47,9 @@
import androidx.annotation.Nullable;
-import com.android.internal.widget.LockPatternUtils;
import com.android.settings.R;
import com.android.settings.accessibility.AccessibilityUtil.UserShortcutType;
import com.android.settings.overlay.FeatureFactory;
-import com.android.settings.password.ConfirmDeviceCredentialActivity;
import com.android.settingslib.accessibility.AccessibilityUtils;
import java.util.List;
@@ -67,9 +60,7 @@
ToggleFeaturePreferenceFragment {
private static final String TAG = "ToggleAccessibilityServicePreferenceFragment";
- private static final int ACTIVITY_REQUEST_CONFIRM_CREDENTIAL_FOR_WEAKER_ENCRYPTION = 1;
private static final String KEY_HAS_LOGGED = "has_logged";
- private LockPatternUtils mLockPatternUtils;
private AtomicBoolean mIsDialogShown = new AtomicBoolean(/* initialValue= */ false);
private static final String EMPTY_STRING = "";
@@ -110,7 +101,6 @@
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
- mLockPatternUtils = new LockPatternUtils(getPrefContext());
if (savedInstanceState != null) {
if (savedInstanceState.containsKey(KEY_HAS_LOGGED)) {
mDisabledStateLogged = savedInstanceState.getBoolean(KEY_HAS_LOGGED);
@@ -263,33 +253,8 @@
.contains(mComponentName);
}
- /**
- * Return whether the device is encrypted with legacy full disk encryption. Newer devices
- * should be using File Based Encryption.
- *
- * @return true if device is encrypted
- */
- private boolean isFullDiskEncrypted() {
- return StorageManager.isNonDefaultBlockEncrypted();
- }
-
@Override
public void onActivityResult(int requestCode, int resultCode, Intent data) {
- if (requestCode == ACTIVITY_REQUEST_CONFIRM_CREDENTIAL_FOR_WEAKER_ENCRYPTION) {
- if (resultCode == Activity.RESULT_OK) {
- handleConfirmServiceEnabled(/* confirmed= */ true);
- // The user confirmed that they accept weaker encryption when
- // enabling the accessibility service, so change encryption.
- // Since we came here asynchronously, check encryption again.
- if (isFullDiskEncrypted()) {
- mLockPatternUtils.clearEncryptionPassword();
- Settings.Global.putInt(getContentResolver(),
- Settings.Global.REQUIRE_PASSWORD_TO_DECRYPT, 0);
- }
- } else {
- handleConfirmServiceEnabled(/* confirmed= */ false);
- }
- }
}
private void registerPackageRemoveReceiver() {
@@ -341,23 +306,6 @@
onPreferenceToggled(mPreferenceKey, confirmed);
}
- private String createConfirmCredentialReasonMessage() {
- int resId = R.string.enable_service_password_reason;
- switch (mLockPatternUtils.getKeyguardStoredPasswordQuality(UserHandle.myUserId())) {
- case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: {
- resId = R.string.enable_service_pattern_reason;
- }
- break;
- case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC:
- case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: {
- resId = R.string.enable_service_pin_reason;
- }
- break;
- }
- return getString(resId, getAccessibilityServiceInfo().getResolveInfo()
- .loadLabel(getPackageManager()));
- }
-
@Override
public void onSwitchChanged(Switch switchView, boolean isChecked) {
if (isChecked != isAccessibilityServiceEnabled()) {
@@ -483,20 +431,11 @@
}
private void onAllowButtonFromEnableToggleClicked() {
- if (isFullDiskEncrypted()) {
- final String title = createConfirmCredentialReasonMessage();
- final Intent intent = ConfirmDeviceCredentialActivity.createIntent(title, /* details= */
- null);
- startActivityForResult(intent,
- ACTIVITY_REQUEST_CONFIRM_CREDENTIAL_FOR_WEAKER_ENCRYPTION);
- } else {
- handleConfirmServiceEnabled(/* confirmed= */ true);
- if (isServiceSupportAccessibilityButton()) {
- mIsDialogShown.set(false);
- showPopupDialog(DialogEnums.LAUNCH_ACCESSIBILITY_TUTORIAL);
- }
+ handleConfirmServiceEnabled(/* confirmed= */ true);
+ if (isServiceSupportAccessibilityButton()) {
+ mIsDialogShown.set(false);
+ showPopupDialog(DialogEnums.LAUNCH_ACCESSIBILITY_TUTORIAL);
}
-
mDialog.dismiss();
}
diff --git a/src/com/android/settings/password/ChooseLockGeneric.java b/src/com/android/settings/password/ChooseLockGeneric.java
index a1826ba..2d6f6b0 100644
--- a/src/com/android/settings/password/ChooseLockGeneric.java
+++ b/src/com/android/settings/password/ChooseLockGeneric.java
@@ -614,7 +614,6 @@
disableUnusablePreferences();
updatePreferenceText();
updateCurrentPreference();
- updatePreferenceSummaryIfNeeded();
} else if (!isRecreatingActivity) {
// Don't start the activity again if we are recreated for configuration change
updateUnlockMethodAndFinish(quality, false, true /* chooseLockSkipped */);
@@ -715,13 +714,6 @@
}
}
- private void setPreferenceSummary(ScreenLockType lock, @StringRes int summary) {
- Preference preference = findPreference(lock.preferenceKey);
- if (preference != null) {
- preference.setSummary(summary);
- }
- }
-
private void updateCurrentPreference() {
String currentKey = getKeyForCurrent();
Preference preference = findPreference(currentKey);
@@ -764,28 +756,6 @@
}
}
- private void updatePreferenceSummaryIfNeeded() {
- // On a default block encrypted device with accessibility, add a warning
- // that your data is not credential encrypted
- if (!StorageManager.isBlockEncrypted()) {
- return;
- }
-
- if (StorageManager.isNonDefaultBlockEncrypted()) {
- return;
- }
-
- if (AccessibilityManager.getInstance(getActivity()).getEnabledAccessibilityServiceList(
- AccessibilityServiceInfo.FEEDBACK_ALL_MASK).isEmpty()) {
- return;
- }
-
- setPreferenceSummary(ScreenLockType.PATTERN, R.string.secure_lock_encryption_warning);
- setPreferenceSummary(ScreenLockType.PIN, R.string.secure_lock_encryption_warning);
- setPreferenceSummary(ScreenLockType.PASSWORD, R.string.secure_lock_encryption_warning);
- setPreferenceSummary(ScreenLockType.MANAGED, R.string.secure_lock_encryption_warning);
- }
-
protected Intent getLockManagedPasswordIntent(LockscreenCredential password) {
return mManagedPasswordProvider.createIntent(false, password);
}