1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.service.oemlock; 18 19 import android.annotation.Nullable; 20 import android.annotation.RequiresPermission; 21 import android.annotation.SystemApi; 22 import android.annotation.SystemService; 23 import android.content.Context; 24 import android.os.RemoteException; 25 26 /** 27 * Interface for managing the OEM lock on the device. 28 * 29 * This will only be available if the device implements OEM lock protection. 30 * 31 * Multiple actors have an opinion on whether the device can be OEM unlocked and they must all be in 32 * agreement for unlock to be possible. 33 * 34 * @hide 35 */ 36 @SystemApi 37 @SystemService(Context.OEM_LOCK_SERVICE) 38 public class OemLockManager { 39 private IOemLockService mService; 40 41 /** @hide */ 42 public OemLockManager(IOemLockService service) { 43 mService = service; 44 } 45 46 /** 47 * Sets whether the carrier has allowed this device to be OEM unlocked. 48 * 49 * Depending on the implementation, the validity of the request might need to be proved. This 50 * can be acheived by passing a signature that the system will use to verify the request is 51 * legitimate. 52 * 53 * All actors involved must agree for OEM unlock to be possible. 54 * 55 * @param allowed Whether the device should be allowed to be unlocked. 56 * @param signature Optional proof of request validity, {@code null} for none. 57 * @throws IllegalArgumentException if a signature is required but was not provided. 58 * @throws SecurityException if the wrong signature was provided. 59 * 60 * @see #isOemUnlockAllowedByCarrier() 61 */ 62 @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE) 63 public void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) { 64 try { 65 mService.setOemUnlockAllowedByCarrier(allowed, signature); 66 } catch (RemoteException e) { 67 throw e.rethrowFromSystemServer(); 68 } 69 } 70 71 /** 72 * Returns whether the carrier has allowed this device to be OEM unlocked. 73 * @return Whether OEM unlock is allowed by the carrier, or true if no OEM lock is present. 74 * 75 * @see #setOemUnlockAllowedByCarrier(boolean, byte[]) 76 */ 77 @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE) 78 public boolean isOemUnlockAllowedByCarrier() { 79 try { 80 return mService.isOemUnlockAllowedByCarrier(); 81 } catch (RemoteException e) { 82 throw e.rethrowFromSystemServer(); 83 } 84 } 85 86 /** 87 * Sets whether the user has allowed this device to be unlocked. 88 * 89 * All actors involved must agree for OEM unlock to be possible. 90 * 91 * @param allowed Whether the device should be allowed to be unlocked. 92 * @throws SecurityException if the user is not allowed to unlock the device. 93 * 94 * @see #isOemUnlockAllowedByUser() 95 */ 96 @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE) 97 public void setOemUnlockAllowedByUser(boolean allowed) { 98 try { 99 mService.setOemUnlockAllowedByUser(allowed); 100 } catch (RemoteException e) { 101 throw e.rethrowFromSystemServer(); 102 } 103 } 104 105 /** 106 * Returns whether, or not, the user has allowed this device to be OEM unlocked. 107 * @return Whether OEM unlock is allowed by the user, or true if no OEM lock is present. 108 * 109 * @see #setOemUnlockAllowedByUser(boolean) 110 */ 111 @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE) 112 public boolean isOemUnlockAllowedByUser() { 113 try { 114 return mService.isOemUnlockAllowedByUser(); 115 } catch (RemoteException e) { 116 throw e.rethrowFromSystemServer(); 117 } 118 } 119 120 /** 121 * @return Whether the bootloader is able to OEM unlock the device. 122 * 123 * @hide 124 */ 125 public boolean isOemUnlockAllowed() { 126 try { 127 return mService.isOemUnlockAllowed(); 128 } catch (RemoteException e) { 129 throw e.rethrowFromSystemServer(); 130 } 131 } 132 133 /** 134 * @return Whether the device has been OEM unlocked by the bootloader. 135 * 136 * @hide 137 */ 138 public boolean isDeviceOemUnlocked() { 139 try { 140 return mService.isDeviceOemUnlocked(); 141 } catch (RemoteException e) { 142 throw e.rethrowFromSystemServer(); 143 } 144 } 145 } 146