[Settings] Add a verification flow for exiting repair mode
Handles the ACTION_CONFIRM_REPAIR_MODE_DEVICE_CREDENTIAL
intent to launch the confirm device credential activity for
users to exiting repair mode. The activity passes a special
user id USER_REPAIR_MODE to the framework and verify credentials
that the user enrolled in normal mode.
Bug: 277561275
Test: am start -a android.app.action.PREPARE_REPAIR_MODE_DEVICE_CREDENTIAL
settings put global repair_mode_active 1
am start -a android.app.action.CONFIRM_REPAIR_MODE_DEVICE_CREDENTIAL
The credential is verified successfully.
Change-Id: I9ffe32f9925ee2b990c49d5674d27196a4c9edf7
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 185d21e..9c5d6c6 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -2398,6 +2398,7 @@
<action android:name="android.app.action.CONFIRM_DEVICE_CREDENTIAL" />
<action android:name="android.app.action.CONFIRM_FRP_CREDENTIAL" />
<action android:name="android.app.action.PREPARE_REPAIR_MODE_DEVICE_CREDENTIAL" />
+ <action android:name="android.app.action.CONFIRM_REPAIR_MODE_DEVICE_CREDENTIAL" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index bd4e018..a78e74a 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -3495,6 +3495,18 @@
<!-- Checkbox label to set password as new screen lock if remote device credential validation succeeds. [CHAR LIMIT=43] -->
<string name="lockpassword_remote_validation_set_password_as_screenlock">Also use password to unlock this device</string>
+ <!-- Header shown when pattern needs to be solved before the device exits repair mode. [CHAR LIMIT=100] [DO NOT TRANSLATE] TODO(b/275677027): update with finalized UX string -->
+ <string name="lockpassword_confirm_repair_mode_pattern_header">Verify pattern</string>
+ <!-- Header shown when the pin needs to be solved before the device exits repair mode. [CHAR LIMIT=100] [DO NOT TRANSLATE] TODO(b/275677027): update with finalized UX string -->
+ <string name="lockpassword_confirm_repair_mode_pin_header">Verify PIN</string>
+ <!-- Header shown when the password needs to be solved before the device exits repair mode. [CHAR LIMIT=100] [DO NOT TRANSLATE] TODO(b/275677027): update with finalized UX string -->
+ <string name="lockpassword_confirm_repair_mode_password_header">Verify password</string>
+ <!-- An explanation text that the pattern needs to be solved before the device exits repair mode. [CHAR LIMIT=100] [DO NOT TRANSLATE] TODO(b/275677027): update with finalized UX string -->
+ <string name="lockpassword_confirm_repair_mode_pattern_details" translatable="false">Enter your device pattern enrolled in normal mode to continue</string>
+ <!-- An explanation text that the PIN needs to be solved before the device exits repair mode. [CHAR LIMIT=100] [DO NOT TRANSLATE] TODO(b/275677027): update with finalized UX string -->
+ <string name="lockpassword_confirm_repair_mode_pin_details" translatable="false">Enter your device PIN enrolled in normal mode to continue</string>
+ <!-- An explanation text that the password needs to be solved before the device exits repair mode. [CHAR LIMIT=100] [DO NOT TRANSLATE] TODO(b/275677027): update with finalized UX string -->
+ <string name="lockpassword_confirm_repair_mode_password_details" translatable="false">Enter your device password enrolled in normal mode to continue</string>
<!-- Security & location settings screen, change security method screen instruction if user
enters incorrect PIN [CHAR LIMIT=30] -->
diff --git a/src/com/android/settings/Utils.java b/src/com/android/settings/Utils.java
index 68b1a48..a2195df 100644
--- a/src/com/android/settings/Utils.java
+++ b/src/com/android/settings/Utils.java
@@ -708,9 +708,13 @@
final int userId = bundle.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());
if (userId == LockPatternUtils.USER_FRP) {
return allowAnyUser ? userId : checkUserOwnsFrpCredential(context, userId);
- } else {
- return allowAnyUser ? userId : enforceSameOwner(context, userId);
}
+ if (userId == LockPatternUtils.USER_REPAIR_MODE) {
+ enforceRepairModeActive(context);
+ // any users can exit repair mode
+ return userId;
+ }
+ return allowAnyUser ? userId : enforceSameOwner(context, userId);
}
/**
@@ -730,6 +734,16 @@
}
/**
+ * Throws {@link SecurityException} if repair mode is not active on the device.
+ */
+ private static void enforceRepairModeActive(Context context) {
+ if (LockPatternUtils.isRepairModeActive(context)) {
+ return;
+ }
+ throw new SecurityException("Repair mode is not active on the device.");
+ }
+
+ /**
* Returns the given user id if it belongs to the current user.
*
* @throws SecurityException if the given userId does not belong to the current user group.
diff --git a/src/com/android/settings/password/ChooseLockSettingsHelper.java b/src/com/android/settings/password/ChooseLockSettingsHelper.java
index 943a937..9533314 100644
--- a/src/com/android/settings/password/ChooseLockSettingsHelper.java
+++ b/src/com/android/settings/password/ChooseLockSettingsHelper.java
@@ -362,7 +362,8 @@
}
@NonNull public ChooseLockSettingsHelper build() {
- if (!mAllowAnyUserId && mUserId != LockPatternUtils.USER_FRP) {
+ if (!mAllowAnyUserId && mUserId != LockPatternUtils.USER_FRP
+ && mUserId != LockPatternUtils.USER_REPAIR_MODE) {
Utils.enforceSameOwner(mActivity, mUserId);
}
diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
index d409c0f..314ce05 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
@@ -166,8 +166,12 @@
mDetails = intent.getCharSequenceExtra(KeyguardManager.EXTRA_DESCRIPTION);
String alternateButton = intent.getStringExtra(
KeyguardManager.EXTRA_ALTERNATE_BUTTON_LABEL);
- boolean frp = KeyguardManager.ACTION_CONFIRM_FRP_CREDENTIAL.equals(intent.getAction());
- boolean remoteValidation =
+ final boolean frp =
+ KeyguardManager.ACTION_CONFIRM_FRP_CREDENTIAL.equals(intent.getAction());
+ final boolean repairMode =
+ KeyguardManager.ACTION_CONFIRM_REPAIR_MODE_DEVICE_CREDENTIAL
+ .equals(intent.getAction());
+ final boolean remoteValidation =
KeyguardManager.ACTION_CONFIRM_REMOTE_DEVICE_CREDENTIAL.equals(intent.getAction());
mTaskOverlay = isInternalActivity()
&& intent.getBooleanExtra(KeyguardManager.EXTRA_FORCE_TASK_OVERLAY, false);
@@ -222,6 +226,14 @@
.setExternal(true)
.setUserId(LockPatternUtils.USER_FRP)
.show();
+ } else if (repairMode) {
+ final ChooseLockSettingsHelper.Builder builder =
+ new ChooseLockSettingsHelper.Builder(this);
+ launchedCDC = builder.setHeader(mTitle)
+ .setDescription(mDetails)
+ .setExternal(true)
+ .setUserId(LockPatternUtils.USER_REPAIR_MODE)
+ .show();
} else if (remoteValidation) {
RemoteLockscreenValidationSession remoteLockscreenValidationSession =
intent.getParcelableExtra(
diff --git a/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java b/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java
index 5a123b8..43d8440 100644
--- a/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java
+++ b/src/com/android/settings/password/ConfirmDeviceCredentialBaseFragment.java
@@ -106,6 +106,7 @@
protected boolean mFrp;
protected boolean mRemoteValidation;
protected boolean mRequestWriteRepairModePassword;
+ protected boolean mRepairMode;
protected CharSequence mAlternateButtonText;
protected BiometricManager mBiometricManager;
@Nullable protected RemoteLockscreenValidationSession mRemoteLockscreenValidationSession;
@@ -181,6 +182,7 @@
mUserId = Utils.getUserIdFromBundle(getActivity(), intent.getExtras(),
isInternalActivity());
mFrp = (mUserId == LockPatternUtils.USER_FRP);
+ mRepairMode = (mUserId == LockPatternUtils.USER_REPAIR_MODE);
mUserManager = UserManager.get(getActivity());
mEffectiveUserId = mUserManager.getCredentialOwnerProfile(mUserId);
mLockPatternUtils = new LockPatternUtils(getActivity());
@@ -269,7 +271,7 @@
// verifyTiedProfileChallenge. In such case, we also wanna show the user message that
// fingerprint is disabled due to device restart.
protected boolean isStrongAuthRequired() {
- return mFrp
+ return mFrp || mRepairMode
|| !mLockPatternUtils.isBiometricAllowedForUser(mEffectiveUserId)
|| !mUserManager.isUserUnlocked(mUserId);
}
diff --git a/src/com/android/settings/password/ConfirmLockPassword.java b/src/com/android/settings/password/ConfirmLockPassword.java
index 1b53506..c6022b5 100644
--- a/src/com/android/settings/password/ConfirmLockPassword.java
+++ b/src/com/android/settings/password/ConfirmLockPassword.java
@@ -284,6 +284,11 @@
return mIsAlpha ? getString(R.string.lockpassword_confirm_your_password_header_frp)
: getString(R.string.lockpassword_confirm_your_pin_header_frp);
}
+ if (mRepairMode) {
+ return mIsAlpha
+ ? getString(R.string.lockpassword_confirm_repair_mode_password_header)
+ : getString(R.string.lockpassword_confirm_repair_mode_pin_header);
+ }
if (mRemoteValidation) {
return getString(R.string.lockpassword_remote_validation_header);
}
@@ -307,6 +312,11 @@
return mIsAlpha ? getString(R.string.lockpassword_confirm_your_password_details_frp)
: getString(R.string.lockpassword_confirm_your_pin_details_frp);
}
+ if (mRepairMode) {
+ return mIsAlpha
+ ? getString(R.string.lockpassword_confirm_repair_mode_password_details)
+ : getString(R.string.lockpassword_confirm_repair_mode_pin_details);
+ }
if (mRemoteValidation) {
return getContext().getString(mIsAlpha
? R.string.lockpassword_remote_validation_password_details
diff --git a/src/com/android/settings/password/ConfirmLockPattern.java b/src/com/android/settings/password/ConfirmLockPattern.java
index 3951bde..a2bcb5a 100644
--- a/src/com/android/settings/password/ConfirmLockPattern.java
+++ b/src/com/android/settings/password/ConfirmLockPattern.java
@@ -179,7 +179,7 @@
// ability to disable the pattern in L. Remove this block after
// ensuring it's safe to do so. (Note that ConfirmLockPassword
// doesn't have this).
- if (!mFrp && !mRemoteValidation
+ if (!mFrp && !mRemoteValidation && !mRepairMode
&& !mLockPatternUtils.isLockPatternEnabled(mEffectiveUserId)) {
getActivity().setResult(Activity.RESULT_OK);
getActivity().finish();
@@ -308,6 +308,9 @@
if (mFrp) {
return getString(R.string.lockpassword_confirm_your_pattern_details_frp);
}
+ if (mRepairMode) {
+ return getString(R.string.lockpassword_confirm_repair_mode_pattern_details);
+ }
if (mRemoteValidation) {
return getString(
R.string.lockpassword_remote_validation_pattern_details);
@@ -402,7 +405,12 @@
}
private String getDefaultHeader() {
- if (mFrp) return getString(R.string.lockpassword_confirm_your_pattern_header_frp);
+ if (mFrp) {
+ return getString(R.string.lockpassword_confirm_your_pattern_header_frp);
+ }
+ if (mRepairMode) {
+ return getString(R.string.lockpassword_confirm_repair_mode_pattern_header);
+ }
if (mRemoteValidation) {
return getString(R.string.lockpassword_remote_validation_header);
}