Add API for querying trusted state
Bug: 18084166 Change-Id: Ic755461cc6978943aef4943def93a0e38a1c96c0
This commit is contained in:
Adrian Roos
@@ -4405,6 +4405,7 @@ package android.app {
|
|||||||
method public boolean inKeyguardRestrictedInputMode();
|
method public boolean inKeyguardRestrictedInputMode();
|
||||||
method public boolean isKeyguardLocked();
|
method public boolean isKeyguardLocked();
|
||||||
method public boolean isKeyguardSecure();
|
method public boolean isKeyguardSecure();
|
||||||
|
method public boolean isKeyguardInTrustedState();
|
||||||
method public deprecated android.app.KeyguardManager.KeyguardLock newKeyguardLock(java.lang.String);
|
method public deprecated android.app.KeyguardManager.KeyguardLock newKeyguardLock(java.lang.String);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -16,10 +16,14 @@
|
|||||||
|
|
||||||
package android.app;
|
package android.app;
|
||||||
|
|
||||||
|
import android.app.trust.ITrustManager;
|
||||||
|
import android.content.Context;
|
||||||
import android.content.Intent;
|
import android.content.Intent;
|
||||||
import android.os.Binder;
|
import android.os.Binder;
|
||||||
import android.os.RemoteException;
|
import android.os.RemoteException;
|
||||||
import android.os.IBinder;
|
import android.os.IBinder;
|
||||||
|
import android.os.ServiceManager;
|
||||||
|
import android.os.UserHandle;
|
||||||
import android.view.IWindowManager;
|
import android.view.IWindowManager;
|
||||||
import android.view.IOnKeyguardExitResult;
|
import android.view.IOnKeyguardExitResult;
|
||||||
import android.view.WindowManagerGlobal;
|
import android.view.WindowManagerGlobal;
|
||||||
@@ -33,6 +37,7 @@ import android.view.WindowManagerGlobal;
|
|||||||
*/
|
*/
|
||||||
public class KeyguardManager {
|
public class KeyguardManager {
|
||||||
private IWindowManager mWM;
|
private IWindowManager mWM;
|
||||||
|
private ITrustManager mTrustManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Intent used to prompt user for device credentials.
|
* Intent used to prompt user for device credentials.
|
||||||
@@ -151,6 +156,8 @@ public class KeyguardManager {
|
|||||||
|
|
||||||
KeyguardManager() {
|
KeyguardManager() {
|
||||||
mWM = WindowManagerGlobal.getWindowManagerService();
|
mWM = WindowManagerGlobal.getWindowManagerService();
|
||||||
|
mTrustManager = ITrustManager.Stub.asInterface(
|
||||||
|
ServiceManager.getService(Context.TRUST_SERVICE));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -217,6 +224,34 @@ public class KeyguardManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return whether unlocking the device is currently not requiring a password
|
||||||
|
* because of a trust agent.
|
||||||
|
*
|
||||||
|
* @return true if the keyguard can currently be unlocked without entering credentials
|
||||||
|
* because the device is in a trusted environment.
|
||||||
|
*/
|
||||||
|
public boolean isKeyguardInTrustedState() {
|
||||||
|
return isKeyguardInTrustedState(UserHandle.getCallingUserId());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return whether unlocking the device is currently not requiring a password
|
||||||
|
* because of a trust agent.
|
||||||
|
*
|
||||||
|
* @param userId the user for which the trusted state should be reported.
|
||||||
|
* @return true if the keyguard can currently be unlocked without entering credentials
|
||||||
|
* because the device is in a trusted environment.
|
||||||
|
* @hide
|
||||||
|
*/
|
||||||
|
public boolean isKeyguardInTrustedState(int userId) {
|
||||||
|
try {
|
||||||
|
return mTrustManager.isTrusted(userId);
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @deprecated Use {@link android.view.WindowManager.LayoutParams#FLAG_DISMISS_KEYGUARD}
|
* @deprecated Use {@link android.view.WindowManager.LayoutParams#FLAG_DISMISS_KEYGUARD}
|
||||||
* and/or {@link android.view.WindowManager.LayoutParams#FLAG_SHOW_WHEN_LOCKED}
|
* and/or {@link android.view.WindowManager.LayoutParams#FLAG_SHOW_WHEN_LOCKED}
|
||||||
|
|||||||
@@ -29,4 +29,5 @@ interface ITrustManager {
|
|||||||
void reportRequireCredentialEntry(int userId);
|
void reportRequireCredentialEntry(int userId);
|
||||||
void registerTrustListener(in ITrustListener trustListener);
|
void registerTrustListener(in ITrustListener trustListener);
|
||||||
void unregisterTrustListener(in ITrustListener trustListener);
|
void unregisterTrustListener(in ITrustListener trustListener);
|
||||||
|
boolean isTrusted(int userId);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -16,6 +16,7 @@
|
|||||||
|
|
||||||
package com.android.server.trust;
|
package com.android.server.trust;
|
||||||
|
|
||||||
|
import com.android.internal.annotations.GuardedBy;
|
||||||
import com.android.internal.content.PackageMonitor;
|
import com.android.internal.content.PackageMonitor;
|
||||||
import com.android.internal.widget.LockPatternUtils;
|
import com.android.internal.widget.LockPatternUtils;
|
||||||
import com.android.server.SystemService;
|
import com.android.server.SystemService;
|
||||||
@@ -24,6 +25,7 @@ import org.xmlpull.v1.XmlPullParser;
|
|||||||
import org.xmlpull.v1.XmlPullParserException;
|
import org.xmlpull.v1.XmlPullParserException;
|
||||||
|
|
||||||
import android.Manifest;
|
import android.Manifest;
|
||||||
|
import android.app.ActivityManager;
|
||||||
import android.app.ActivityManagerNative;
|
import android.app.ActivityManagerNative;
|
||||||
import android.app.admin.DevicePolicyManager;
|
import android.app.admin.DevicePolicyManager;
|
||||||
import android.app.trust.ITrustListener;
|
import android.app.trust.ITrustListener;
|
||||||
@@ -41,6 +43,7 @@ import android.content.res.Resources;
|
|||||||
import android.content.res.TypedArray;
|
import android.content.res.TypedArray;
|
||||||
import android.content.res.XmlResourceParser;
|
import android.content.res.XmlResourceParser;
|
||||||
import android.graphics.drawable.Drawable;
|
import android.graphics.drawable.Drawable;
|
||||||
|
import android.os.Binder;
|
||||||
import android.os.DeadObjectException;
|
import android.os.DeadObjectException;
|
||||||
import android.os.Handler;
|
import android.os.Handler;
|
||||||
import android.os.IBinder;
|
import android.os.IBinder;
|
||||||
@@ -100,8 +103,10 @@ public class TrustManagerService extends SystemService {
|
|||||||
/* package */ final TrustArchive mArchive = new TrustArchive();
|
/* package */ final TrustArchive mArchive = new TrustArchive();
|
||||||
private final Context mContext;
|
private final Context mContext;
|
||||||
private final LockPatternUtils mLockPatternUtils;
|
private final LockPatternUtils mLockPatternUtils;
|
||||||
|
private final UserManager mUserManager;
|
||||||
|
|
||||||
private UserManager mUserManager;
|
@GuardedBy("mUserIsTrusted")
|
||||||
|
private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();
|
||||||
|
|
||||||
public TrustManagerService(Context context) {
|
public TrustManagerService(Context context) {
|
||||||
super(context);
|
super(context);
|
||||||
@@ -160,7 +165,11 @@ public class TrustManagerService extends SystemService {
|
|||||||
|
|
||||||
public void updateTrust(int userId, boolean initiatedByUser) {
|
public void updateTrust(int userId, boolean initiatedByUser) {
|
||||||
dispatchOnTrustManagedChanged(aggregateIsTrustManaged(userId), userId);
|
dispatchOnTrustManagedChanged(aggregateIsTrustManaged(userId), userId);
|
||||||
dispatchOnTrustChanged(aggregateIsTrusted(userId), userId, initiatedByUser);
|
boolean trusted = aggregateIsTrusted(userId);
|
||||||
|
synchronized (mUserIsTrusted) {
|
||||||
|
mUserIsTrusted.put(userId, trusted);
|
||||||
|
}
|
||||||
|
dispatchOnTrustChanged(trusted, userId, initiatedByUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
void refreshAgentList(int userId) {
|
void refreshAgentList(int userId) {
|
||||||
@@ -547,6 +556,16 @@ public class TrustManagerService extends SystemService {
|
|||||||
mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();
|
mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isTrusted(int userId) throws RemoteException {
|
||||||
|
userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
|
||||||
|
false /* allowAll */, true /* requireFull */, "isTrusted", null);
|
||||||
|
userId = resolveProfileParent(userId);
|
||||||
|
synchronized (mUserIsTrusted) {
|
||||||
|
return mUserIsTrusted.get(userId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private void enforceReportPermission() {
|
private void enforceReportPermission() {
|
||||||
mContext.enforceCallingOrSelfPermission(
|
mContext.enforceCallingOrSelfPermission(
|
||||||
Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
|
Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
|
||||||
@@ -623,6 +642,19 @@ public class TrustManagerService extends SystemService {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
private int resolveProfileParent(int userId) {
|
||||||
|
long identity = Binder.clearCallingIdentity();
|
||||||
|
try {
|
||||||
|
UserInfo parent = mUserManager.getProfileParent(userId);
|
||||||
|
if (parent != null) {
|
||||||
|
return parent.getUserHandle().getIdentifier();
|
||||||
|
}
|
||||||
|
return userId;
|
||||||
|
} finally {
|
||||||
|
Binder.restoreCallingIdentity(identity);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private final Handler mHandler = new Handler() {
|
private final Handler mHandler = new Handler() {
|
||||||
@Override
|
@Override
|
||||||
public void handleMessage(Message msg) {
|
public void handleMessage(Message msg) {
|
||||||
|
|||||||
Reference in New Issue
Block a user