Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define initial trust agent API

Browse Source 
Adds the minimal API needed to define a useful trust agent.

Bug: 13723878
Change-Id: Ib24440bab7b16d0b656bde8b059e7d42cab2c7dc
This commit is contained in:
Adrian Roos
2014-03-28 13:02:19 +01:00
parent 47bbaea4c3
commit ff2144ccb4
8 changed files with 244 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Android.mk
View File

@@ -190,6 +190,8 @@ LOCAL_SRC_FILES += \
core/java/android/service/dreams/IDozeHardware.aidl \
core/java/android/service/dreams/IDreamManager.aidl \
core/java/android/service/dreams/IDreamService.aidl \
core/java/android/service/trust/ITrustAgentService.aidl \
core/java/android/service/trust/ITrustAgentServiceCallback.aidl \
core/java/android/service/wallpaper/IWallpaperConnection.aidl \
core/java/android/service/wallpaper/IWallpaperEngine.aidl \
core/java/android/service/wallpaper/IWallpaperService.aidl \

15
api/current.txt
View File

@@ -28,6 +28,7 @@ package android {
field public static final java.lang.String BIND_PRINT_SERVICE = "android.permission.BIND_PRINT_SERVICE";
field public static final java.lang.String BIND_REMOTEVIEWS = "android.permission.BIND_REMOTEVIEWS";
field public static final java.lang.String BIND_TEXT_SERVICE = "android.permission.BIND_TEXT_SERVICE";
field public static final java.lang.String BIND_TRUST_AGENT_SERVICE = "android.permission.BIND_TRUST_AGENT_SERVICE";
field public static final java.lang.String BIND_VPN_SERVICE = "android.permission.BIND_VPN_SERVICE";
field public static final java.lang.String BIND_WALLPAPER = "android.permission.BIND_WALLPAPER";
field public static final java.lang.String BLUETOOTH = "android.permission.BLUETOOTH";
@@ -24387,6 +24388,20 @@ package android.service.textservice {
}
package android.service.trust {
public class TrustAgentService extends android.app.Service {
ctor public TrustAgentService();
method protected final void enableTrust(java.lang.String, long, boolean);
method public final android.os.IBinder onBind(android.content.Intent);
method protected void onUnlockAttempt(boolean);
method protected final void revokeTrust();
field public static final java.lang.String SERVICE_INTERFACE = "android.service.trust.TrustAgentService";
field public static final java.lang.String TRUST_AGENT_META_DATA = "android.service.trust.trustagent";
}
}
package android.service.wallpaper {
public abstract class WallpaperService extends android.app.Service {

28
core/java/android/service/trust/ITrustAgentService.aidl Normal file
View File

@@ -0,0 +1,28 @@
/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.service.trust;
import android.os.Bundle;
import android.service.trust.ITrustAgentServiceCallback;
/**
* Communication channel from TrustManagerService to the TrustAgent.
* @hide
*/
oneway interface ITrustAgentService {
void onUnlockAttempt(boolean successful);
void setCallback(ITrustAgentServiceCallback callback);
}

28
core/java/android/service/trust/ITrustAgentServiceCallback.aidl Normal file
View File

@@ -0,0 +1,28 @@
/*
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.service.trust;
import android.os.Bundle;
import android.os.UserHandle;
/**
* Communication channel from the TrustAgentService back to TrustManagerService.
* @hide
*/
oneway interface ITrustAgentServiceCallback {
void enableTrust(String message, long durationMs, boolean initiatedByUser);
void revokeTrust();
}

148
core/java/android/service/trust/TrustAgentService.java Normal file
View File

@@ -0,0 +1,148 @@
/**
* Copyright (C) 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.service.trust;
import android.annotation.SdkConstant;
import android.app.Service;
import android.content.Intent;
import android.os.Handler;
import android.os.IBinder;
import android.os.RemoteException;
import android.util.Slog;
/**
* A service that notifies the system about whether it believes the environment of the device
* to be trusted.
*
* <p>To extend this class, you must declare the service in your manifest file with
* the {@link android.Manifest.permission#BIND_TRUST_AGENT_SERVICE} permission
* and include an intent filter with the {@link #SERVICE_INTERFACE} action. For example:</p>
* <pre>
* &lt;service android:name=".TrustAgent"
* android:label="&#64;string/service_name"
* android:permission="android.permission.BIND_TRUST_AGENT_SERVICE">
* &lt;intent-filter>
* &lt;action android:name="android.service.trust.TrustAgentService" />
* &lt;/intent-filter>
* &lt;meta-data android:name="android.service.trust.trustagent"
* android:value="&#64;xml/trust_agent" />
* &lt;/service></pre>
*
* <p>The associated meta-data file can specify an activity that is accessible through Settings
* and should allow configuring the trust agent, as defined in
* {@link android.R.styleable#TrustAgent}. For example:</p>
*
* <pre>
* &lt;trust_agent xmlns:android="http://schemas.android.com/apk/res/android"
* android:settingsActivity=".TrustAgentSettings" /></pre>
*/
public class TrustAgentService extends Service {
private final String TAG = TrustAgentService.class.getSimpleName() +
"[" + getClass().getSimpleName() + "]";
/**
* The {@link Intent} that must be declared as handled by the service.
*/
@SdkConstant(SdkConstant.SdkConstantType.SERVICE_ACTION)
public static final String SERVICE_INTERFACE
= "android.service.trust.TrustAgentService";
/**
* The name of the {@code meta-data} tag pointing to additional configuration of the trust
* agent.
*/
public static final String TRUST_AGENT_META_DATA = "android.service.trust.trustagent";
private static final int MSG_UNLOCK_ATTEMPT = 1;
private static final boolean DEBUG = false;
private ITrustAgentServiceCallback mCallback;
private Handler mHandler = new Handler() {
public void handleMessage(android.os.Message msg) {
switch (msg.what) {
case MSG_UNLOCK_ATTEMPT:
onUnlockAttempt(msg.arg1 != 0);
break;
}
};
};
/**
* Called when the user attempted to authenticate on the device.
*
* @param successful true if the attempt succeeded
*/
protected void onUnlockAttempt(boolean successful) {
}
private void onError(String msg) {
Slog.v(TAG, "Remote exception while " + msg);
}
/**
* Call to enable trust on the device.
*
* @param message describes why the device is trusted, e.g. "Trusted by location".
* @param durationMs amount of time in milliseconds to keep the device in a trusted state. Trust
* for this agent will automatically be revoked when the timeout expires.
* @param initiatedByUser indicates that the user has explicitly initiated an action that proves
* the user is about to use the device.
*/
protected final void enableTrust(String message, long durationMs, boolean initiatedByUser) {
if (mCallback != null) {
try {
mCallback.enableTrust(message, durationMs, initiatedByUser);
} catch (RemoteException e) {
onError("calling enableTrust()");
}
}
}
/**
* Call to revoke trust on the device.
*/
protected final void revokeTrust() {
if (mCallback != null) {
try {
mCallback.revokeTrust();
} catch (RemoteException e) {
onError("calling revokeTrust()");
}
}
}
@Override
public final IBinder onBind(Intent intent) {
if (DEBUG) Slog.v(TAG, "onBind() intent = " + intent);
return new TrustAgentServiceWrapper();
}
private final class TrustAgentServiceWrapper extends ITrustAgentService.Stub {
@Override
public void onUnlockAttempt(boolean successful) {
mHandler.obtainMessage(MSG_UNLOCK_ATTEMPT, successful ? 1 : 0, 0)
.sendToTarget();
}
public void setCallback(ITrustAgentServiceCallback callback) {
mCallback = callback;
}
}
}

8
core/res/AndroidManifest.xml
View File

@@ -2547,6 +2547,14 @@
android:label="@string/permlab_control_keyguard"
android:description="@string/permdesc_control_keyguard" />
<!-- Must be required by an {@link
android.service.trust.TrustAgentService},
to ensure that only the system can bind to it. -->
<permission android:name="android.permission.BIND_TRUST_AGENT_SERVICE"
android:protectionLevel="signature"
android:label="@string/permlab_bind_trust_agent_service"
android:description="@string/permdesc_bind_trust_agent_service" />
<!-- Must be required by an {@link
android.service.notification.NotificationListenerService},
to ensure that only the system can bind to it. -->

10
core/res/res/values/attrs.xml
View File

@@ -5925,6 +5925,16 @@
<attr name="settingsActivity" />
</declare-styleable>
<!-- Use <code>trust_agent</code> as the root tag of the XML resource that
describes an {@link android.service.trust.TrustAgentService}, which is
referenced from its {@link android.service.trust.TrustAgentService#TRUST_AGENT_META_DATA}
meta-data entry. Described here are the attributes that can be included in that tag. -->
<declare-styleable name="TrustAgent">
<!-- Component name of an activity that allows the user to modify
the settings for this TrustAgent. -->
<attr name="settingsActivity" />
</declare-styleable>
<!-- =============================== -->
<!-- Accounts package class attributes -->
<!-- =============================== -->

5
core/res/res/values/strings.xml
View File

@@ -3651,6 +3651,11 @@
<!-- Description of an application permission that lets it control keyguard. -->
<string name="permdesc_control_keyguard">Allows an application to control keguard.</string>
<!-- Title of an application permission that lets it bind to a trust agent service. -->
<string name="permlab_bind_trust_agent_service">Bind to a trust agent service</string>
<!-- Description of an application permission that lets it bind to a trust agent service. -->
<string name="permdesc_bind_trust_agent_service">Allows an application to bind to a trust agent service.</string>
<!-- Title of an application permission that lets it interact with recovery. -->
<string name="permlab_recovery">Interact with update and recovery system</string>
<!-- Description of an application permission that lets it control keyguard. -->