Home | History | Annotate | Download | only in trust 
      1 /*
      2  * Copyright (C) 2014 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License
     15  */
     16 
     17 package android.app.trust;
     18 
     19 import android.os.Handler;
     20 import android.os.IBinder;
     21 import android.os.Looper;
     22 import android.os.Message;
     23 import android.os.RemoteException;
     24 import android.util.ArrayMap;
     25 import android.util.Log;
     26 
     27 /**
     28  * See {@link com.android.server.trust.TrustManagerService}
     29  * @hide
     30  */
     31 public class TrustManager {
     32 
     33     private static final int MSG_TRUST_CHANGED = 1;
     34     private static final int MSG_TRUST_MANAGED_CHANGED = 2;
     35 
     36     private static final String TAG = "TrustManager";
     37     private static final String DATA_FLAGS = "initiatedByUser";
     38 
     39     private final ITrustManager mService;
     40     private final ArrayMap<TrustListener, ITrustListener> mTrustListeners;
     41 
     42     public TrustManager(IBinder b) {
     43         mService = ITrustManager.Stub.asInterface(b);
     44         mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();
     45     }
     46 
     47     /**
     48      * Reports that user {@param userId} has tried to unlock the device.
     49      *
     50      * @param successful if true, the unlock attempt was successful.
     51      *
     52      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
     53      */
     54     public void reportUnlockAttempt(boolean successful, int userId) {
     55         try {
     56             mService.reportUnlockAttempt(successful, userId);
     57         } catch (RemoteException e) {
     58             onError(e);
     59         }
     60     }
     61 
     62     /**
     63      * Reports that the list of enabled trust agents changed for user {@param userId}.
     64      *
     65      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
     66      */
     67     public void reportEnabledTrustAgentsChanged(int userId) {
     68         try {
     69             mService.reportEnabledTrustAgentsChanged(userId);
     70         } catch (RemoteException e) {
     71             onError(e);
     72         }
     73     }
     74 
     75     /**
     76      * Reports that trust is disabled until credentials have been entered for user {@param userId}.
     77      *
     78      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
     79      *
     80      * @param userId either an explicit user id or {@link android.os.UserHandle#USER_ALL}
     81      */
     82     public void reportRequireCredentialEntry(int userId) {
     83         try {
     84             mService.reportRequireCredentialEntry(userId);
     85         } catch (RemoteException e) {
     86             onError(e);
     87         }
     88     }
     89 
     90     /**
     91      * Reports that the visibility of the keyguard has changed.
     92      *
     93      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
     94      */
     95     public void reportKeyguardShowingChanged() {
     96         try {
     97             mService.reportKeyguardShowingChanged();
     98         } catch (RemoteException e) {
     99             onError(e);
    100         }
    101     }
    102 
    103     /**
    104      * Registers a listener for trust events.
    105      *
    106      * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
    107      */
    108     public void registerTrustListener(final TrustListener trustListener) {
    109         try {
    110             ITrustListener.Stub iTrustListener = new ITrustListener.Stub() {
    111                 @Override
    112                 public void onTrustChanged(boolean enabled, int userId, int flags) {
    113                     Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId,
    114                             trustListener);
    115                     if (flags != 0) {
    116                         m.getData().putInt(DATA_FLAGS, flags);
    117                     }
    118                     m.sendToTarget();
    119                 }
    120 
    121                 @Override
    122                 public void onTrustManagedChanged(boolean managed, int userId) {
    123                     mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId,
    124                             trustListener).sendToTarget();
    125                 }
    126             };
    127             mService.registerTrustListener(iTrustListener);
    128             mTrustListeners.put(trustListener, iTrustListener);
    129         } catch (RemoteException e) {
    130             onError(e);
    131         }
    132     }
    133 
    134     /**
    135      * Unregisters a listener for trust events.
    136      *
    137      * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
    138      */
    139     public void unregisterTrustListener(final TrustListener trustListener) {
    140         ITrustListener iTrustListener = mTrustListeners.remove(trustListener);
    141         if (iTrustListener != null) {
    142             try {
    143                 mService.unregisterTrustListener(iTrustListener);
    144             } catch (RemoteException e) {
    145                 onError(e);
    146             }
    147         }
    148     }
    149 
    150     /**
    151      * Checks whether the specified user has been authenticated since the last boot.
    152      *
    153      * @param userId the user id of the user to check for
    154      * @return true if the user has authenticated since boot, false otherwise
    155      *
    156      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
    157      */
    158     public boolean hasUserAuthenticatedSinceBoot(int userId) {
    159         try {
    160             return mService.hasUserAuthenticatedSinceBoot(userId);
    161         } catch (RemoteException e) {
    162             onError(e);
    163             return false;
    164         }
    165     }
    166 
    167     private void onError(Exception e) {
    168         Log.e(TAG, "Error while calling TrustManagerService", e);
    169     }
    170 
    171     private final Handler mHandler = new Handler(Looper.getMainLooper()) {
    172         @Override
    173         public void handleMessage(Message msg) {
    174             switch(msg.what) {
    175                 case MSG_TRUST_CHANGED:
    176                     int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0;
    177                     ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags);
    178                     break;
    179                 case MSG_TRUST_MANAGED_CHANGED:
    180                     ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2);
    181             }
    182         }
    183     };
    184 
    185     public interface TrustListener {
    186 
    187         /**
    188          * Reports that the trust state has changed.
    189          * @param enabled if true, the system believes the environment to be trusted.
    190          * @param userId the user, for which the trust changed.
    191          * @param flags flags specified by the trust agent when granting trust. See
    192          *     {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int)
    193          *                 TrustAgentService.grantTrust(CharSequence, long, int)}.
    194          */
    195         void onTrustChanged(boolean enabled, int userId, int flags);
    196 
    197         /**
    198          * Reports that whether trust is managed has changed
    199          * @param enabled if true, at least one trust agent is managing trust.
    200          * @param userId the user, for which the state changed.
    201          */
    202         void onTrustManagedChanged(boolean enabled, int userId);
    203     }
    204 }
    205