Accessibility no longer overrides strong encryption.

Updating the accessibility layer behavior to reflect the new
model where accessibility no longer overrides strong encryption.
Now enabling an accessibility service lowers the encryption
level but the user can bump it up in settings if desired.

bug:17881324

Change-Id: Ic60d760c267d3f934040a42e1963b179bd8b9f5f

3 files changed, 1 insertions, 75 deletions

diff --git a/core/java/android/view/AccessibilityManagerInternal.java b/core/java/android/view/AccessibilityManagerInternal.java
deleted file mode 100644
index 7bb2dc510222..000000000000
--- a/core/java/android/view/AccessibilityManagerInternal.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.view;
-
-/**
- * Accessibility manager local system service interface.
- *
- * @hide Only for use within the system server.
- */
-public abstract class AccessibilityManagerInternal {
-
-    /**
-     * Queries if the accessibility manager service permits setting
-     * a non-default encryption password.
-     */
-    public abstract boolean isNonDefaultEncryptionPasswordAllowed();
-}
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
index 8ef5b049438f..0fe7a4b38067 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java
@@ -67,7 +67,6 @@ import android.util.Pools.Pool;
 import android.util.Pools.SimplePool;
 import android.util.Slog;
 import android.util.SparseArray;
-import android.view.AccessibilityManagerInternal;
 import android.view.Display;
 import android.view.IWindow;
 import android.view.InputDevice;
@@ -235,7 +234,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
         registerBroadcastReceivers();
         new AccessibilityContentObserver(mMainHandler).register(
                 context.getContentResolver());
-        LocalServices.addService(AccessibilityManagerInternal.class, new LocalService());
     }
 
     private UserState getUserStateLocked(int userId) {
@@ -1331,7 +1329,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
         updateTouchExplorationLocked(userState);
         updateEnhancedWebAccessibilityLocked(userState);
         updateDisplayColorAdjustmentSettingsLocked(userState);
-        updateEncryptionState(userState);
         scheduleUpdateInputFilter(userState);
         scheduleUpdateClientsIfNeededLocked(userState);
     }
@@ -1608,22 +1605,6 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
         DisplayAdjustmentUtils.applyAdjustments(mContext, userState.mUserId);
     }
 
-    private void updateEncryptionState(UserState userState) {
-        if (userState.mUserId != UserHandle.USER_OWNER) {
-            return;
-        }
-        final long identity = Binder.clearCallingIdentity();
-        try {
-            if (hasRunningServicesLocked(userState) && LockPatternUtils.isDeviceEncrypted()) {
-                // If there are running accessibility services we do not have encryption as
-                // the user needs the accessibility layer to be running to authenticate.
-                mLockPatternUtils.clearEncryptionPassword();
-            }
-        } finally {
-            Binder.restoreCallingIdentity(identity);
-        }
-    }
-
     private boolean hasRunningServicesLocked(UserState userState) {
         return !userState.mBoundServices.isEmpty() || !userState.mBindingServices.isEmpty();
     }
@@ -3969,14 +3950,4 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub {
             }
         }
     }
-
-    private final class LocalService extends AccessibilityManagerInternal {
-        @Override
-        public boolean isNonDefaultEncryptionPasswordAllowed() {
-            synchronized (mLock) {
-                UserState userState = getCurrentUserStateLocked();
-                return !hasRunningServicesLocked(userState);
-            }
-        }
-    }
 }
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 976e707d418f..24d81a0e6700 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -63,7 +63,6 @@ import android.util.AttributeSet;
 import android.util.Slog;
 import android.util.Xml;
 
-import android.view.AccessibilityManagerInternal;
 import com.android.internal.annotations.GuardedBy;
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.app.IMediaContainerService;
@@ -558,8 +557,6 @@ class MountService extends IMountService.Stub
 
     private final Handler mHandler;
 
-    private final AccessibilityManagerInternal mAccessibilityManagerInternal;
-
     void waitForAsecScan() {
         waitForLatch(mAsecsScanned);
     }
@@ -1462,9 +1459,6 @@ class MountService extends IMountService.Stub
         hthread.start();
         mHandler = new MountServiceHandler(hthread.getLooper());
 
-        mAccessibilityManagerInternal = LocalServices.getService(
-                AccessibilityManagerInternal.class);
-
         // Watch for user changes
         final IntentFilter userFilter = new IntentFilter();
         userFilter.addAction(Intent.ACTION_USER_ADDED);
@@ -2263,16 +2257,8 @@ class MountService extends IMountService.Stub
             Slog.i(TAG, "changing encryption password...");
         }
 
-        final NativeDaemonEvent event;
         try {
-            // The accessibility layer may veto having a non-default encryption
-            // password because if there are enabled accessibility services the
-            // user cannot authenticate as the latter need access to the data.
-            if (!TextUtils.isEmpty(password)
-                    && !mAccessibilityManagerInternal.isNonDefaultEncryptionPasswordAllowed()) {
-                return getEncryptionState();
-            }
-            event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
+            NativeDaemonEvent event = mConnector.execute("cryptfs", "changepw", CRYPTO_TYPES[type],
                         new SensitiveArg(toHex(password)));
             return Integer.parseInt(event.getMessage());
         } catch (NativeDaemonConnectorException e) {