Home | History | Annotate | Download | only in oemlock 
      1 /*
      2  * Copyright (C) 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package android.service.oemlock;
     18 
     19 import android.annotation.Nullable;
     20 import android.annotation.RequiresPermission;
     21 import android.annotation.SystemApi;
     22 import android.annotation.SystemService;
     23 import android.content.Context;
     24 import android.os.RemoteException;
     25 
     26 /**
     27  * Interface for managing the OEM lock on the device.
     28  *
     29  * This will only be available if the device implements OEM lock protection.
     30  *
     31  * Multiple actors have an opinion on whether the device can be OEM unlocked and they must all be in
     32  * agreement for unlock to be possible.
     33  *
     34  * @hide
     35  */
     36 @SystemApi
     37 @SystemService(Context.OEM_LOCK_SERVICE)
     38 public class OemLockManager {
     39     private IOemLockService mService;
     40 
     41     /** @hide */
     42     public OemLockManager(IOemLockService service) {
     43         mService = service;
     44     }
     45 
     46     /**
     47      * Sets whether the carrier has allowed this device to be OEM unlocked.
     48      *
     49      * Depending on the implementation, the validity of the request might need to be proved. This
     50      * can be acheived by passing a signature that the system will use to verify the request is
     51      * legitimate.
     52      *
     53      * All actors involved must agree for OEM unlock to be possible.
     54      *
     55      * @param allowed Whether the device should be allowed to be unlocked.
     56      * @param signature Optional proof of request validity, {@code null} for none.
     57      * @throws IllegalArgumentException if a signature is required but was not provided.
     58      * @throws SecurityException if the wrong signature was provided.
     59      *
     60      * @see #isOemUnlockAllowedByCarrier()
     61      */
     62     @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
     63     public void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) {
     64         try {
     65             mService.setOemUnlockAllowedByCarrier(allowed, signature);
     66         } catch (RemoteException e) {
     67             throw e.rethrowFromSystemServer();
     68         }
     69     }
     70 
     71     /**
     72      * Returns whether the carrier has allowed this device to be OEM unlocked.
     73      * @return Whether OEM unlock is allowed by the carrier, or true if no OEM lock is present.
     74      *
     75      * @see #setOemUnlockAllowedByCarrier(boolean, byte[])
     76      */
     77     @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
     78     public boolean isOemUnlockAllowedByCarrier() {
     79         try {
     80             return mService.isOemUnlockAllowedByCarrier();
     81         } catch (RemoteException e) {
     82             throw e.rethrowFromSystemServer();
     83         }
     84     }
     85 
     86     /**
     87      * Sets whether the user has allowed this device to be unlocked.
     88      *
     89      * All actors involved must agree for OEM unlock to be possible.
     90      *
     91      * @param allowed Whether the device should be allowed to be unlocked.
     92      * @throws SecurityException if the user is not allowed to unlock the device.
     93      *
     94      * @see #isOemUnlockAllowedByUser()
     95      */
     96     @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE)
     97     public void setOemUnlockAllowedByUser(boolean allowed) {
     98         try {
     99             mService.setOemUnlockAllowedByUser(allowed);
    100         } catch (RemoteException e) {
    101             throw e.rethrowFromSystemServer();
    102         }
    103     }
    104 
    105     /**
    106      * Returns whether, or not, the user has allowed this device to be OEM unlocked.
    107      * @return Whether OEM unlock is allowed by the user, or true if no OEM lock is present.
    108      *
    109      * @see #setOemUnlockAllowedByUser(boolean)
    110      */
    111     @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE)
    112     public boolean isOemUnlockAllowedByUser() {
    113         try {
    114             return mService.isOemUnlockAllowedByUser();
    115         } catch (RemoteException e) {
    116             throw e.rethrowFromSystemServer();
    117         }
    118     }
    119 
    120     /**
    121      * @return Whether the bootloader is able to OEM unlock the device.
    122      *
    123      * @hide
    124      */
    125     public boolean isOemUnlockAllowed() {
    126         try {
    127             return mService.isOemUnlockAllowed();
    128         } catch (RemoteException e) {
    129             throw e.rethrowFromSystemServer();
    130         }
    131     }
    132 
    133     /**
    134      * @return Whether the device has been OEM unlocked by the bootloader.
    135      *
    136      * @hide
    137      */
    138     public boolean isDeviceOemUnlocked() {
    139         try {
    140             return mService.isDeviceOemUnlocked();
    141         } catch (RemoteException e) {
    142             throw e.rethrowFromSystemServer();
    143         }
    144     }
    145 }
    146