Home | History | Annotate | Download | only in trust 
      1 /*
      2  * Copyright (C) 2014 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License
     15  */
     16 
     17 package android.app.trust;
     18 
     19 import android.Manifest;
     20 import android.annotation.RequiresPermission;
     21 import android.annotation.SystemService;
     22 import android.content.Context;
     23 import android.os.Handler;
     24 import android.os.IBinder;
     25 import android.os.Looper;
     26 import android.os.Message;
     27 import android.os.RemoteException;
     28 import android.util.ArrayMap;
     29 
     30 /**
     31  * See {@link com.android.server.trust.TrustManagerService}
     32  * @hide
     33  */
     34 @SystemService(Context.TRUST_SERVICE)
     35 public class TrustManager {
     36 
     37     private static final int MSG_TRUST_CHANGED = 1;
     38     private static final int MSG_TRUST_MANAGED_CHANGED = 2;
     39 
     40     private static final String TAG = "TrustManager";
     41     private static final String DATA_FLAGS = "initiatedByUser";
     42 
     43     private final ITrustManager mService;
     44     private final ArrayMap<TrustListener, ITrustListener> mTrustListeners;
     45 
     46     public TrustManager(IBinder b) {
     47         mService = ITrustManager.Stub.asInterface(b);
     48         mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();
     49     }
     50 
     51     /**
     52      * Changes the lock status for the given user. This is only applicable to Managed Profiles,
     53      * other users should be handled by Keyguard.
     54      *
     55      * @param userId The id for the user to be locked/unlocked.
     56      * @param locked The value for that user's locked state.
     57      */
     58     @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
     59     public void setDeviceLockedForUser(int userId, boolean locked) {
     60         try {
     61             mService.setDeviceLockedForUser(userId, locked);
     62         } catch (RemoteException e) {
     63             throw e.rethrowFromSystemServer();
     64         }
     65     }
     66 
     67     /**
     68      * Reports that user {@param userId} has tried to unlock the device.
     69      *
     70      * @param successful if true, the unlock attempt was successful.
     71      *
     72      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
     73      */
     74     public void reportUnlockAttempt(boolean successful, int userId) {
     75         try {
     76             mService.reportUnlockAttempt(successful, userId);
     77         } catch (RemoteException e) {
     78             throw e.rethrowFromSystemServer();
     79         }
     80     }
     81 
     82     /**
     83      * Reports that user {@param userId} has entered a temporary device lockout.
     84      *
     85      * This generally occurs when  the user has unsuccessfully tried to unlock the device too many
     86      * times. The user will then be unable to unlock the device until a set amount of time has
     87      * elapsed.
     88      *
     89      * @param timeout The amount of time that needs to elapse, in milliseconds, until the user may
     90      *    attempt to unlock the device again.
     91      *
     92      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
     93      */
     94     public void reportUnlockLockout(int timeoutMs, int userId) {
     95         try {
     96             mService.reportUnlockLockout(timeoutMs, userId);
     97         } catch (RemoteException e) {
     98             throw e.rethrowFromSystemServer();
     99         }
    100     }
    101 
    102     /**
    103      * Reports that the list of enabled trust agents changed for user {@param userId}.
    104      *
    105      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
    106      */
    107     public void reportEnabledTrustAgentsChanged(int userId) {
    108         try {
    109             mService.reportEnabledTrustAgentsChanged(userId);
    110         } catch (RemoteException e) {
    111             throw e.rethrowFromSystemServer();
    112         }
    113     }
    114 
    115     /**
    116      * Reports that the visibility of the keyguard has changed.
    117      *
    118      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
    119      */
    120     public void reportKeyguardShowingChanged() {
    121         try {
    122             mService.reportKeyguardShowingChanged();
    123         } catch (RemoteException e) {
    124             throw e.rethrowFromSystemServer();
    125         }
    126     }
    127 
    128     /**
    129      * Registers a listener for trust events.
    130      *
    131      * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
    132      */
    133     public void registerTrustListener(final TrustListener trustListener) {
    134         try {
    135             ITrustListener.Stub iTrustListener = new ITrustListener.Stub() {
    136                 @Override
    137                 public void onTrustChanged(boolean enabled, int userId, int flags) {
    138                     Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId,
    139                             trustListener);
    140                     if (flags != 0) {
    141                         m.getData().putInt(DATA_FLAGS, flags);
    142                     }
    143                     m.sendToTarget();
    144                 }
    145 
    146                 @Override
    147                 public void onTrustManagedChanged(boolean managed, int userId) {
    148                     mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId,
    149                             trustListener).sendToTarget();
    150                 }
    151             };
    152             mService.registerTrustListener(iTrustListener);
    153             mTrustListeners.put(trustListener, iTrustListener);
    154         } catch (RemoteException e) {
    155             throw e.rethrowFromSystemServer();
    156         }
    157     }
    158 
    159     /**
    160      * Unregisters a listener for trust events.
    161      *
    162      * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
    163      */
    164     public void unregisterTrustListener(final TrustListener trustListener) {
    165         ITrustListener iTrustListener = mTrustListeners.remove(trustListener);
    166         if (iTrustListener != null) {
    167             try {
    168                 mService.unregisterTrustListener(iTrustListener);
    169             } catch (RemoteException e) {
    170                 throw e.rethrowFromSystemServer();
    171             }
    172         }
    173     }
    174 
    175     /**
    176      * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term
    177      * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.
    178      */
    179     @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)
    180     public boolean isTrustUsuallyManaged(int userId) {
    181         try {
    182             return mService.isTrustUsuallyManaged(userId);
    183         } catch (RemoteException e) {
    184             throw e.rethrowFromSystemServer();
    185         }
    186     }
    187 
    188     /**
    189      * Updates the trust state for the user due to the user unlocking via fingerprint.
    190      * Should only be called if user authenticated via fingerprint and bouncer can be skipped.
    191      * @param userId
    192      */
    193     @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
    194     public void unlockedByFingerprintForUser(int userId) {
    195         try {
    196             mService.unlockedByFingerprintForUser(userId);
    197         } catch (RemoteException e) {
    198             throw e.rethrowFromSystemServer();
    199         }
    200     }
    201 
    202     /**
    203      * Clears authenticated fingerprints for all users.
    204      */
    205     @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
    206     public void clearAllFingerprints() {
    207         try {
    208             mService.clearAllFingerprints();
    209         } catch (RemoteException e) {
    210             throw e.rethrowFromSystemServer();
    211         }
    212     }
    213 
    214     private final Handler mHandler = new Handler(Looper.getMainLooper()) {
    215         @Override
    216         public void handleMessage(Message msg) {
    217             switch(msg.what) {
    218                 case MSG_TRUST_CHANGED:
    219                     int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0;
    220                     ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags);
    221                     break;
    222                 case MSG_TRUST_MANAGED_CHANGED:
    223                     ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2);
    224             }
    225         }
    226     };
    227 
    228     public interface TrustListener {
    229 
    230         /**
    231          * Reports that the trust state has changed.
    232          * @param enabled if true, the system believes the environment to be trusted.
    233          * @param userId the user, for which the trust changed.
    234          * @param flags flags specified by the trust agent when granting trust. See
    235          *     {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int)
    236          *                 TrustAgentService.grantTrust(CharSequence, long, int)}.
    237          */
    238         void onTrustChanged(boolean enabled, int userId, int flags);
    239 
    240         /**
    241          * Reports that whether trust is managed has changed
    242          * @param enabled if true, at least one trust agent is managing trust.
    243          * @param userId the user, for which the state changed.
    244          */
    245         void onTrustManagedChanged(boolean enabled, int userId);
    246     }
    247 }
    248