Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add API for querying trusted state

Browse Source 
Bug: 18084166
Change-Id: Ic755461cc6978943aef4943def93a0e38a1c96c0
This commit is contained in:
Adrian Roos
2014-10-22 16:57:16 +02:00
parent fa36b36c8b
commit bcd076525c
4 changed files with 71 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/current.txt
View File

@@ -4405,6 +4405,7 @@ package android.app {
method public boolean inKeyguardRestrictedInputMode();
method public boolean isKeyguardLocked();
method public boolean isKeyguardSecure();
method public boolean isKeyguardInTrustedState();
method public deprecated android.app.KeyguardManager.KeyguardLock newKeyguardLock(java.lang.String);
}

35
core/java/android/app/KeyguardManager.java
View File

@@ -16,10 +16,14 @@
package android.app;
import android.app.trust.ITrustManager;
import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.RemoteException;
import android.os.IBinder;
import android.os.ServiceManager;
import android.os.UserHandle;
import android.view.IWindowManager;
import android.view.IOnKeyguardExitResult;
import android.view.WindowManagerGlobal;
@@ -33,6 +37,7 @@ import android.view.WindowManagerGlobal;
*/
public class KeyguardManager {
private IWindowManager mWM;
private ITrustManager mTrustManager;
/**
* Intent used to prompt user for device credentials.
@@ -151,6 +156,8 @@ public class KeyguardManager {
KeyguardManager() {
mWM = WindowManagerGlobal.getWindowManagerService();
mTrustManager = ITrustManager.Stub.asInterface(
ServiceManager.getService(Context.TRUST_SERVICE));
}
/**
@@ -217,6 +224,34 @@ public class KeyguardManager {
}
}
/**
* Return whether unlocking the device is currently not requiring a password
* because of a trust agent.
*
* @return true if the keyguard can currently be unlocked without entering credentials
* because the device is in a trusted environment.
*/
public boolean isKeyguardInTrustedState() {
return isKeyguardInTrustedState(UserHandle.getCallingUserId());
}
/**
* Return whether unlocking the device is currently not requiring a password
* because of a trust agent.
*
* @param userId the user for which the trusted state should be reported.
* @return true if the keyguard can currently be unlocked without entering credentials
* because the device is in a trusted environment.
* @hide
*/
public boolean isKeyguardInTrustedState(int userId) {
try {
return mTrustManager.isTrusted(userId);
} catch (RemoteException e) {
return false;
}
}
/**
* @deprecated Use {@link android.view.WindowManager.LayoutParams#FLAG_DISMISS_KEYGUARD}
* and/or {@link android.view.WindowManager.LayoutParams#FLAG_SHOW_WHEN_LOCKED}

1
core/java/android/app/trust/ITrustManager.aidl
View File

@@ -29,4 +29,5 @@ interface ITrustManager {
void reportRequireCredentialEntry(int userId);
void registerTrustListener(in ITrustListener trustListener);
void unregisterTrustListener(in ITrustListener trustListener);
boolean isTrusted(int userId);
}

36
services/core/java/com/android/server/trust/TrustManagerService.java
View File

@@ -16,6 +16,7 @@
package com.android.server.trust;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.content.PackageMonitor;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.SystemService;
@@ -24,6 +25,7 @@ import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import android.Manifest;
import android.app.ActivityManager;
import android.app.ActivityManagerNative;
import android.app.admin.DevicePolicyManager;
import android.app.trust.ITrustListener;
@@ -41,6 +43,7 @@ import android.content.res.Resources;
import android.content.res.TypedArray;
import android.content.res.XmlResourceParser;
import android.graphics.drawable.Drawable;
import android.os.Binder;
import android.os.DeadObjectException;
import android.os.Handler;
import android.os.IBinder;
@@ -100,8 +103,10 @@ public class TrustManagerService extends SystemService {
/* package */ final TrustArchive mArchive = new TrustArchive();
private final Context mContext;
private final LockPatternUtils mLockPatternUtils;
private final UserManager mUserManager;
private UserManager mUserManager;
@GuardedBy("mUserIsTrusted")
private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();
public TrustManagerService(Context context) {
super(context);
@@ -160,7 +165,11 @@ public class TrustManagerService extends SystemService {
public void updateTrust(int userId, boolean initiatedByUser) {
dispatchOnTrustManagedChanged(aggregateIsTrustManaged(userId), userId);
dispatchOnTrustChanged(aggregateIsTrusted(userId), userId, initiatedByUser);
boolean trusted = aggregateIsTrusted(userId);
synchronized (mUserIsTrusted) {
mUserIsTrusted.put(userId, trusted);
}
dispatchOnTrustChanged(trusted, userId, initiatedByUser);
}
void refreshAgentList(int userId) {
@@ -547,6 +556,16 @@ public class TrustManagerService extends SystemService {
mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();
}
@Override
public boolean isTrusted(int userId) throws RemoteException {
userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
false /* allowAll */, true /* requireFull */, "isTrusted", null);
userId = resolveProfileParent(userId);
synchronized (mUserIsTrusted) {
return mUserIsTrusted.get(userId);
}
}
private void enforceReportPermission() {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
@@ -623,6 +642,19 @@ public class TrustManagerService extends SystemService {
}
};
private int resolveProfileParent(int userId) {
long identity = Binder.clearCallingIdentity();
try {
UserInfo parent = mUserManager.getProfileParent(userId);
if (parent != null) {
return parent.getUserHandle().getIdentifier();
}
return userId;
} finally {
Binder.restoreCallingIdentity(identity);
}
}
private final Handler mHandler = new Handler() {
@Override
public void handleMessage(Message msg) {