Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 4e312d81: Merge "Add device locked API for TrustAgentService" into lmp-mr1-dev

Browse Source 
* commit '4e312d81c18b286170c904659e78cab4fdf27200':
  Add device locked API for TrustAgentService
This commit is contained in:
Adrian Roos
2014-11-20 21:41:46 +00:00
committed by Android Git Automerger
parent 866bae50b7 4e312d81c1
commit 62a7d53343
10 changed files with 270 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
core/java/android/app/trust/ITrustManager.aidl
View File

@@ -29,5 +29,6 @@ interface ITrustManager {
void reportRequireCredentialEntry(int userId);
void registerTrustListener(in ITrustListener trustListener);
void unregisterTrustListener(in ITrustListener trustListener);
void reportKeyguardShowingChanged();
boolean isDeviceLocked(int userId);
}

13
core/java/android/app/trust/TrustManager.java
View File

@@ -87,6 +87,19 @@ public class TrustManager {
}
}
/**
* Reports that the visibility of the keyguard has changed.
*
* Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
*/
public void reportKeyguardShowingChanged() {
try {
mService.reportKeyguardShowingChanged();
} catch (RemoteException e) {
onError(e);
}
}
/**
* Registers a listener for trust events.
*

2
core/java/android/service/trust/ITrustAgentService.aidl
View File

@@ -25,6 +25,8 @@ import android.service.trust.ITrustAgentServiceCallback;
interface ITrustAgentService {
oneway void onUnlockAttempt(boolean successful);
oneway void onTrustTimeout();
oneway void onDeviceLocked();
oneway void onDeviceUnlocked();
oneway void onConfigure(in List<PersistableBundle> options, IBinder token);
oneway void setCallback(ITrustAgentServiceCallback callback);
}

32
core/java/android/service/trust/TrustAgentService.java
View File

@@ -92,6 +92,8 @@ public class TrustAgentService extends Service {
private static final int MSG_UNLOCK_ATTEMPT = 1;
private static final int MSG_CONFIGURE = 2;
private static final int MSG_TRUST_TIMEOUT = 3;
private static final int MSG_DEVICE_LOCKED = 4;
private static final int MSG_DEVICE_UNLOCKED = 5;
/**
* Class containing raw data for a given configuration request.
@@ -134,6 +136,12 @@ public class TrustAgentService extends Service {
case MSG_TRUST_TIMEOUT:
onTrustTimeout();
break;
case MSG_DEVICE_LOCKED:
onDeviceLocked();
break;
case MSG_DEVICE_UNLOCKED:
onDeviceUnlocked();
break;
}
}
};
@@ -173,6 +181,20 @@ public class TrustAgentService extends Service {
public void onTrustTimeout() {
}
/**
* Called when the device enters a state where a PIN, pattern or
* password must be entered to unlock it.
*/
public void onDeviceLocked() {
}
/**
* Called when the device leaves a state where a PIN, pattern or
* password must be entered to unlock it.
*/
public void onDeviceUnlocked() {
}
private void onError(String msg) {
Slog.v(TAG, "Remote exception while " + msg);
}
@@ -300,6 +322,16 @@ public class TrustAgentService extends Service {
.sendToTarget();
}
@Override
public void onDeviceLocked() throws RemoteException {
mHandler.obtainMessage(MSG_DEVICE_LOCKED).sendToTarget();
}
@Override
public void onDeviceUnlocked() throws RemoteException {
mHandler.obtainMessage(MSG_DEVICE_UNLOCKED).sendToTarget();
}
@Override /* Binder API */
public void setCallback(ITrustAgentServiceCallback callback) {
synchronized (mLock) {

6
packages/Keyguard/test/SampleTrustAgent/res/layout/sample_trust_agent_settings.xml
View File

@@ -44,6 +44,12 @@
android:paddingTop="8dp"
android:paddingBottom="8dp"
android:text="Report unlock attempts" />
<CheckBox android:id="@+id/report_device_locked"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:paddingTop="8dp"
android:paddingBottom="8dp"
android:text="Report device locked or unlocked" />
<LinearLayout
android:layout_width="match_parent"

42
packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgent.java
View File

@@ -56,6 +56,7 @@ public class SampleTrustAgent extends TrustAgentService
= "preference.report_unlock_attempts";
private static final String PREFERENCE_MANAGING_TRUST
= "preference.managing_trust";
private static final String PREFERENCE_REPORT_DEVICE_LOCKED = "preference.report_device_locked";
private static final String TAG = "SampleTrustAgent";
@@ -80,17 +81,37 @@ public class SampleTrustAgent extends TrustAgentService
@Override
public void onTrustTimeout() {
super.onTrustTimeout();
Toast.makeText(this, "onTrustTimeout(): timeout expired", Toast.LENGTH_SHORT).show();
logAndShowToast("onTrustTimeout(): timeout expired");
}
@Override
public void onDeviceLocked() {
super.onDeviceLocked();
if (getReportDeviceLocked(this)) {
logAndShowToast("onDeviceLocked(): device is now locked");
}
}
@Override
public void onDeviceUnlocked() {
super.onDeviceUnlocked();
if (getReportDeviceLocked(this)) {
logAndShowToast("onDeviceUnlocked(): device is now unlocked");
}
}
@Override
public void onUnlockAttempt(boolean successful) {
if (getReportUnlockAttempts(this)) {
Toast.makeText(this, "onUnlockAttempt(successful=" + successful + ")",
Toast.LENGTH_SHORT).show();
logAndShowToast("onUnlockAttempt(successful=" + successful + ")");
}
}
private void logAndShowToast(String text) {
Log.i(TAG, text);
Toast.makeText(this, text, Toast.LENGTH_SHORT).show();
}
@Override
public boolean onConfigure(List<PersistableBundle> options) {
if (options != null) {
@@ -125,8 +146,7 @@ public class SampleTrustAgent extends TrustAgentService
intent.getLongExtra(EXTRA_DURATION, 0),
intent.getBooleanExtra(EXTRA_INITIATED_BY_USER, false));
} catch (IllegalStateException e) {
Toast.makeText(context,
"IllegalStateException: " + e.getMessage(), Toast.LENGTH_SHORT).show();
logAndShowToast("IllegalStateException: " + e.getMessage());
}
} else if (ACTION_REVOKE_TRUST.equals(action)) {
revokeTrust();
@@ -160,6 +180,18 @@ public class SampleTrustAgent extends TrustAgentService
return sharedPreferences.getBoolean(PREFERENCE_REPORT_UNLOCK_ATTEMPTS, false);
}
public static void setReportDeviceLocked(Context context, boolean enabled) {
SharedPreferences sharedPreferences = PreferenceManager
.getDefaultSharedPreferences(context);
sharedPreferences.edit().putBoolean(PREFERENCE_REPORT_DEVICE_LOCKED, enabled).apply();
}
public static boolean getReportDeviceLocked(Context context) {
SharedPreferences sharedPreferences = PreferenceManager
.getDefaultSharedPreferences(context);
return sharedPreferences.getBoolean(PREFERENCE_REPORT_DEVICE_LOCKED, false);
}
public static void setIsManagingTrust(Context context, boolean enabled) {
SharedPreferences sharedPreferences = PreferenceManager
.getDefaultSharedPreferences(context);

6
packages/Keyguard/test/SampleTrustAgent/src/com/android/trustagent/test/SampleTrustAgentSettings.java
View File

@@ -31,6 +31,7 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
private static final int TRUST_DURATION_MS = 30 * 1000;
private CheckBox mReportUnlockAttempts;
private CheckBox mReportDeviceLocked;
private CheckBox mManagingTrust;
private TextView mCheckDeviceLockedResult;
@@ -53,6 +54,9 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
mReportUnlockAttempts = (CheckBox) findViewById(R.id.report_unlock_attempts);
mReportUnlockAttempts.setOnCheckedChangeListener(this);
mReportDeviceLocked = (CheckBox) findViewById(R.id.report_device_locked);
mReportDeviceLocked.setOnCheckedChangeListener(this);
mManagingTrust = (CheckBox) findViewById(R.id.managing_trust);
mManagingTrust.setOnCheckedChangeListener(this);
@@ -88,6 +92,8 @@ public class SampleTrustAgentSettings extends Activity implements View.OnClickLi
SampleTrustAgent.setReportUnlockAttempts(this, isChecked);
} else if (buttonView == mManagingTrust) {
SampleTrustAgent.setIsManagingTrust(this, isChecked);
} else if (buttonView == mReportDeviceLocked) {
SampleTrustAgent.setReportDeviceLocked(this, isChecked);
}
}

26
packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
View File

@@ -23,6 +23,7 @@ import android.app.AlarmManager;
import android.app.PendingIntent;
import android.app.SearchManager;
import android.app.StatusBarManager;
import android.app.trust.TrustManager;
import android.content.BroadcastReceiver;
import android.content.ContentResolver;
import android.content.Context;
@@ -187,8 +188,9 @@ public class KeyguardViewMediator extends SystemUI {
/** High level access to the window manager for dismissing keyguard animation */
private IWindowManager mWM;
/** UserManager for querying number of users */
private UserManager mUserManager;
/** TrustManager for letting it know when we change visibility */
private TrustManager mTrustManager;
/** SearchManager for determining whether or not search assistant is available */
private SearchManager mSearchManager;
@@ -484,7 +486,8 @@ public class KeyguardViewMediator extends SystemUI {
private void setup() {
mPM = (PowerManager) mContext.getSystemService(Context.POWER_SERVICE);
mWM = WindowManagerGlobal.getWindowManagerService();
mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
mTrustManager = (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE);
mShowKeyguardWakeLock = mPM.newWakeLock(PowerManager.PARTIAL_WAKE_LOCK, "show keyguard");
mShowKeyguardWakeLock.setReferenceCounted(false);
@@ -501,6 +504,7 @@ public class KeyguardViewMediator extends SystemUI {
// Assume keyguard is showing (unless it's disabled) until we know for sure...
mShowing = !shouldWaitForProvisioning() && !mLockPatternUtils.isLockScreenDisabled();
mTrustManager.reportKeyguardShowingChanged();
mStatusBarKeyguardViewManager = new StatusBarKeyguardViewManager(mContext,
mViewMediatorCallback, mLockPatternUtils);
@@ -931,7 +935,7 @@ public class KeyguardViewMediator extends SystemUI {
if (mLockPatternUtils.checkVoldPassword()) {
if (DEBUG) Log.d(TAG, "Not showing lock screen since just decrypted");
// Without this, settings is not enabled until the lock screen first appears
mShowing = false;
setShowing(false);
hideLocked();
return;
}
@@ -1249,7 +1253,7 @@ public class KeyguardViewMediator extends SystemUI {
mStatusBarKeyguardViewManager.show(options);
mHiding = false;
mShowing = true;
setShowing(true);
resetKeyguardDonePendingLocked();
mHideAnimationRun = false;
updateActivityLockScreenState();
@@ -1328,7 +1332,7 @@ public class KeyguardViewMediator extends SystemUI {
}
mStatusBarKeyguardViewManager.hide(startTime, fadeoutDuration);
mShowing = false;
setShowing(false);
resetKeyguardDonePendingLocked();
mHideAnimationRun = false;
updateActivityLockScreenState();
@@ -1389,7 +1393,7 @@ public class KeyguardViewMediator extends SystemUI {
synchronized (KeyguardViewMediator.this) {
if (DEBUG) Log.d(TAG, "handleVerifyUnlock");
mStatusBarKeyguardViewManager.verifyUnlock();
mShowing = true;
setShowing(true);
updateActivityLockScreenState();
}
}
@@ -1471,4 +1475,12 @@ public class KeyguardViewMediator extends SystemUI {
this.fadeoutDuration = fadeoutDuration;
}
}
private void setShowing(boolean showing) {
boolean changed = (showing != mShowing);
mShowing = showing;
if (changed) {
mTrustManager.reportKeyguardShowingChanged();
}
}
}

29
services/core/java/com/android/server/trust/TrustAgentWrapper.java
View File

@@ -232,6 +232,12 @@ public class TrustAgentWrapper {
mTrustManagerService.mArchive.logAgentConnected(mUserId, name);
setCallback(mCallback);
updateDevicePolicyFeatures();
if (mTrustManagerService.isDeviceLockedInner(mUserId)) {
onDeviceLocked();
} else {
onDeviceUnlocked();
}
}
@Override
@@ -287,6 +293,7 @@ public class TrustAgentWrapper {
onError(e);
}
}
/**
* @see android.service.trust.TrustAgentService#onUnlockAttempt(boolean)
*/
@@ -298,6 +305,28 @@ public class TrustAgentWrapper {
}
}
/**
* @see android.service.trust.TrustAgentService#onDeviceLocked()
*/
public void onDeviceLocked() {
try {
if (mTrustAgentService != null) mTrustAgentService.onDeviceLocked();
} catch (RemoteException e) {
onError(e);
}
}
/**
* @see android.service.trust.TrustAgentService#onDeviceUnlocked()
*/
public void onDeviceUnlocked() {
try {
if (mTrustAgentService != null) mTrustAgentService.onDeviceUnlocked();
} catch (RemoteException e) {
onError(e);
}
}
private void setCallback(ITrustAgentServiceCallback callback) {
try {
if (mTrustAgentService != null) {

154
services/core/java/com/android/server/trust/TrustManagerService.java
View File

@@ -26,7 +26,6 @@ import org.xmlpull.v1.XmlPullParserException;
import android.Manifest;
import android.app.ActivityManager;
import android.app.ActivityManagerNative;
import android.app.admin.DevicePolicyManager;
import android.app.trust.ITrustListener;
import android.app.trust.ITrustManager;
@@ -61,8 +60,8 @@ import android.util.Log;
import android.util.Slog;
import android.util.SparseBooleanArray;
import android.util.Xml;
import android.view.IWindowManager;
import android.view.WindowManagerGlobal;
import android.view.WindowManagerInternal;
import java.io.FileDescriptor;
import java.io.IOException;
@@ -98,6 +97,10 @@ public class TrustManagerService extends SystemService {
private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3;
private static final int MSG_ENABLED_AGENTS_CHANGED = 4;
private static final int MSG_REQUIRE_CREDENTIAL_ENTRY = 5;
private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6;
private static final int MSG_START_USER = 7;
private static final int MSG_CLEANUP_USER = 8;
private static final int MSG_SWITCH_USER = 9;
private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<AgentInfo>();
private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<ITrustListener>();
@@ -112,7 +115,11 @@ public class TrustManagerService extends SystemService {
@GuardedBy("mUserIsTrusted")
private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();
@GuardedBy("mDeviceLockedForUser")
private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray();
private boolean mTrustAgentsCanRun = false;
private int mCurrentUser = UserHandle.USER_OWNER;
public TrustManagerService(Context context) {
super(context);
@@ -179,10 +186,15 @@ public class TrustManagerService extends SystemService {
public void updateTrust(int userId, boolean initiatedByUser) {
dispatchOnTrustManagedChanged(aggregateIsTrustManaged(userId), userId);
boolean trusted = aggregateIsTrusted(userId);
boolean changed;
synchronized (mUserIsTrusted) {
changed = mUserIsTrusted.get(userId) != trusted;
mUserIsTrusted.put(userId, trusted);
}
dispatchOnTrustChanged(trusted, userId, initiatedByUser);
if (changed) {
refreshDeviceLockedForUser(userId);
}
}
void refreshAgentList(int userId) {
@@ -214,8 +226,7 @@ public class TrustManagerService extends SystemService {
|| userInfo.guestToRemove) continue;
if (!userInfo.supportsSwitchTo()) continue;
if (!mActivityManager.isUserRunning(userInfo.id)) continue;
if (lockPatternUtils.getKeyguardStoredPasswordQuality(userInfo.id)
== DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) continue;
if (!lockPatternUtils.isSecure(userInfo.id)) continue;
if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue;
DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
@@ -275,6 +286,73 @@ public class TrustManagerService extends SystemService {
}
}
boolean isDeviceLockedInner(int userId) {
synchronized (mDeviceLockedForUser) {
return mDeviceLockedForUser.get(userId, true);
}
}
private void refreshDeviceLockedForUser(int userId) {
if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_OWNER) {
Log.e(TAG, "refreshAgentList(userId=" + userId + "): Invalid user handle,"
+ " must be USER_ALL or a specific user.", new Throwable("here"));
userId = UserHandle.USER_ALL;
}
List<UserInfo> userInfos;
if (userId == UserHandle.USER_ALL) {
userInfos = mUserManager.getUsers(true /* excludeDying */);
} else {
userInfos = new ArrayList<>();
userInfos.add(mUserManager.getUserInfo(userId));
}
IWindowManager wm = WindowManagerGlobal.getWindowManagerService();
for (int i = 0; i < userInfos.size(); i++) {
UserInfo info = userInfos.get(i);
if (info == null || info.partial || !info.isEnabled() || info.guestToRemove
|| !info.supportsSwitchTo()) {
continue;
}
int id = info.id;
boolean secure = mLockPatternUtils.isSecure(id);
boolean trusted = aggregateIsTrusted(id);
boolean showingKeyguard = true;
if (mCurrentUser == id) {
try {
showingKeyguard = wm.isKeyguardLocked();
} catch (RemoteException e) {
}
}
boolean deviceLocked = secure && showingKeyguard && !trusted;
boolean changed;
synchronized (mDeviceLockedForUser) {
changed = isDeviceLockedInner(id) != deviceLocked;
mDeviceLockedForUser.put(id, deviceLocked);
}
if (changed) {
dispatchDeviceLocked(id, deviceLocked);
}
}
}
private void dispatchDeviceLocked(int userId, boolean isLocked) {
for (int i = 0; i < mActiveAgents.size(); i++) {
AgentInfo agent = mActiveAgents.valueAt(i);
if (agent.userId == userId) {
if (isLocked) {
agent.agent.onDeviceLocked();
} else{
agent.agent.onDeviceUnlocked();
}
}
}
}
void updateDevicePolicyFeatures() {
for (int i = 0; i < mActiveAgents.size(); i++) {
AgentInfo info = mActiveAgents.valueAt(i);
@@ -542,12 +620,17 @@ public class TrustManagerService extends SystemService {
@Override
public void onStartUser(int userId) {
refreshAgentList(userId);
mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget();
}
@Override
public void onCleanupUser(int userId) {
refreshAgentList(userId);
mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget();
}
@Override
public void onSwitchUser(int userId) {
mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget();
}
// Plumbing
@@ -579,6 +662,14 @@ public class TrustManagerService extends SystemService {
}
}
@Override
public void reportKeyguardShowingChanged() throws RemoteException {
enforceReportPermission();
// coalesce refresh messages.
mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED);
mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED);
}
@Override
public void registerTrustListener(ITrustListener trustListener) throws RemoteException {
enforceListenerPermission();
@@ -597,21 +688,7 @@ public class TrustManagerService extends SystemService {
false /* allowAll */, true /* requireFull */, "isDeviceLocked", null);
userId = resolveProfileParent(userId);
boolean isSecure = mLockPatternUtils.isSecure(userId);
boolean isTrusted;
synchronized (mUserIsTrusted) {
isTrusted = mUserIsTrusted.get(userId);
}
boolean isLocked;
if (ActivityManager.getCurrentUser() != userId) {
isLocked = true;
} else {
isLocked = WindowManagerGlobal.getWindowManagerService().isKeyguardLocked();
}
return isSecure && isLocked && !isTrusted;
return isDeviceLockedInner(userId);
}
private void enforceReportPermission() {
@@ -636,19 +713,13 @@ public class TrustManagerService extends SystemService {
fout.println("disabled because the third-party apps can't run yet.");
return;
}
final UserInfo currentUser;
final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
try {
currentUser = ActivityManagerNative.getDefault().getCurrentUser();
} catch (RemoteException e) {
throw new RuntimeException(e);
}
mHandler.runWithScissors(new Runnable() {
@Override
public void run() {
fout.println("Trust manager state:");
for (UserInfo user : userInfos) {
dumpUser(fout, user, user.id == currentUser.id);
dumpUser(fout, user, user.id == mCurrentUser);
}
}
}, 1500);
@@ -657,11 +728,17 @@ public class TrustManagerService extends SystemService {
private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) {
fout.printf(" User \"%s\" (id=%d, flags=%#x)",
user.name, user.id, user.flags);
if (!user.supportsSwitchTo()) {
fout.println("(managed profile)");
fout.println(" disabled because switching to this user is not possible.");
return;
}
if (isCurrent) {
fout.print(" (current)");
}
fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id)));
fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id)));
fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id)));
fout.println();
fout.println(" Enabled agents:");
boolean duplicateSimpleNames = false;
@@ -726,10 +803,23 @@ public class TrustManagerService extends SystemService {
break;
case MSG_ENABLED_AGENTS_CHANGED:
refreshAgentList(UserHandle.USER_ALL);
// This is also called when the security mode of a user changes.
refreshDeviceLockedForUser(UserHandle.USER_ALL);
break;
case MSG_REQUIRE_CREDENTIAL_ENTRY:
requireCredentialEntry(msg.arg1);
break;
case MSG_KEYGUARD_SHOWING_CHANGED:
refreshDeviceLockedForUser(UserHandle.USER_CURRENT);
break;
case MSG_START_USER:
case MSG_CLEANUP_USER:
refreshAgentList(msg.arg1);
break;
case MSG_SWITCH_USER:
mCurrentUser = msg.arg1;
refreshDeviceLockedForUser(UserHandle.USER_ALL);
break;
}
}
};
@@ -771,8 +861,14 @@ public class TrustManagerService extends SystemService {
int userId = getUserId(intent);
if (userId > 0) {
mUserHasAuthenticatedSinceBoot.delete(userId);
mUserIsTrusted.delete(userId);
synchronized (mUserIsTrusted) {
mUserIsTrusted.delete(userId);
}
synchronized (mDeviceLockedForUser) {
mDeviceLockedForUser.delete(userId);
}
refreshAgentList(userId);
refreshDeviceLockedForUser(userId);
}
}
}