182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/* 282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Copyright (C) 2014 The Android Open Source Project 382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Licensed under the Apache License, Version 2.0 (the "License"); 582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * you may not use this file except in compliance with the License. 682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * You may obtain a copy of the License at 782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * http://www.apache.org/licenses/LICENSE-2.0 982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 1082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Unless required by applicable law or agreed to in writing, software 1182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * distributed under the License is distributed on an "AS IS" BASIS, 1282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * See the License for the specific language governing permissions and 1482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * limitations under the License 1582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 1682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospackage com.android.server.trust; 1882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.Manifest; 2085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scullimport android.annotation.UserIdInt; 21bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport android.app.ActivityManager; 22ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.app.admin.DevicePolicyManager; 2382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.app.trust.ITrustListener; 2482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.app.trust.ITrustManager; 25ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.content.BroadcastReceiver; 2682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.ComponentName; 2782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.Context; 2882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.Intent; 29ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.content.IntentFilter; 303870d451f7d3913a05ffa144d03167bde9221adbAdrian Roosimport android.content.pm.ApplicationInfo; 3182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.PackageManager; 3282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.ResolveInfo; 3382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.UserInfo; 3482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.Resources; 3582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.TypedArray; 3682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.XmlResourceParser; 3782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.graphics.drawable.Drawable; 38bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport android.os.Binder; 395d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roosimport android.os.Build; 40a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roosimport android.os.DeadObjectException; 4182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Handler; 4282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.IBinder; 4382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Message; 44e303bf443532c2ad756260133f00747bcff11e69Jim Millerimport android.os.PersistableBundle; 4582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.RemoteException; 46c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roosimport android.os.SystemClock; 4782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.UserHandle; 4882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.UserManager; 4968771eb837b0a7b94c120a450624d392496413ceAdrian Roosimport android.os.storage.StorageManager; 503870d451f7d3913a05ffa144d03167bde9221adbAdrian Roosimport android.provider.Settings; 5182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.service.trust.TrustAgentService; 52666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbalimport android.text.TextUtils; 5382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.ArraySet; 5482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.AttributeSet; 5518ea893a2319e2a192188d2288bb881149c9b06eAdrian Roosimport android.util.Log; 5682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Slog; 577046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roosimport android.util.SparseBooleanArray; 5882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Xml; 59481a6df99fea124bc4354da34ff668750cdc9041Adrian Roosimport android.view.IWindowManager; 6050bfeec868157106e8b60abf8964cb24462af182Adrian Roosimport android.view.WindowManagerGlobal; 6193a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.internal.annotations.GuardedBy; 6293a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.internal.content.PackageMonitor; 63ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupinimport com.android.internal.policy.IKeyguardDismissCallback; 64fe9a53bc45fd0124a876dc0a49680aaf86641d3eJeff Sharkeyimport com.android.internal.util.DumpUtils; 6593a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.internal.widget.LockPatternUtils; 6693a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.server.SystemService; 677a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roosimport java.io.FileDescriptor; 6882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.io.IOException; 697a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roosimport java.io.PrintWriter; 7082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.util.ArrayList; 7182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.util.List; 7293a145f6880f71332b8288774671392259a9b6dfLingjun Liimport org.xmlpull.v1.XmlPullParser; 7393a145f6880f71332b8288774671392259a9b6dfLingjun Liimport org.xmlpull.v1.XmlPullParserException; 7482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 7582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/** 7682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Manages trust agents and trust listeners. 7782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 7882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s 7982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * of each user and notifies them about events that are relevant to them. 8082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It start and stops them based on the value of 8182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}. 8282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 8382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the 8482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * trust state changes for any user. 8582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 8682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Trust state and the setting of enabled agents is kept per user and each user has its own 8782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * instance of a {@link android.service.trust.TrustAgentService}. 8882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 8982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospublic class TrustManagerService extends SystemService { 9082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final String TAG = "TrustManagerService"; 915d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos static final boolean DEBUG = Build.IS_DEBUGGABLE && Log.isLoggable(TAG, Log.VERBOSE); 9282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 9382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final Intent TRUST_AGENT_INTENT = 9482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos new Intent(TrustAgentService.SERVICE_INTERFACE); 9518ea893a2319e2a192188d2288bb881149c9b06eAdrian Roos private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT; 9682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 9782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_REGISTER_LISTENER = 1; 9882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_UNREGISTER_LISTENER = 2; 9982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3; 10082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_ENABLED_AGENTS_CHANGED = 4; 101481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6; 102481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_START_USER = 7; 103481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_CLEANUP_USER = 8; 104481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_SWITCH_USER = 9; 10583a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu private static final int MSG_FLUSH_TRUST_USUALLY_MANAGED = 10; 10683a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu private static final int MSG_UNLOCK_USER = 11; 10785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull private static final int MSG_STOP_USER = 12; 108327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal private static final int MSG_DISPATCH_UNLOCK_LOCKOUT = 13; 1093fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn private static final int MSG_REFRESH_DEVICE_LOCKED_FOR_USER = 14; 110c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 111517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000; 11282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 113b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<>(); 114b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<>(); 1159dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos private final Receiver mReceiver = new Receiver(); 116b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 1177a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos /* package */ final TrustArchive mArchive = new TrustArchive(); 11882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Context mContext; 1193870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private final LockPatternUtils mLockPatternUtils; 120bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private final UserManager mUserManager; 121cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private final ActivityManager mActivityManager; 12282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 123bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos @GuardedBy("mUserIsTrusted") 124bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray(); 12582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 126481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @GuardedBy("mDeviceLockedForUser") 127481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray(); 128481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 1293fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn @GuardedBy("mTrustUsuallyManagedForUser") 130c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray(); 131c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 1323fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn // set to true only if user can skip bouncer 1333fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn @GuardedBy("mUsersUnlockedByFingerprint") 1346e00c464c73f782084239246398fb1359187d93aAndrew Scull private final SparseBooleanArray mUsersUnlockedByFingerprint = new SparseBooleanArray(); 1353fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn 136a7aa4d6f0b91e050c083c19459b0c8b265c92617Rakesh Iyer private final StrongAuthTracker mStrongAuthTracker; 137a7aa4d6f0b91e050c083c19459b0c8b265c92617Rakesh Iyer 138cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private boolean mTrustAgentsCanRun = false; 13909e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen private int mCurrentUser = UserHandle.USER_SYSTEM; 140cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 14182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public TrustManagerService(Context context) { 14282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos super(context); 14382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mContext = context; 14482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); 145cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE); 1463870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos mLockPatternUtils = new LockPatternUtils(context); 147517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStrongAuthTracker = new StrongAuthTracker(context); 14882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 15082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 15182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onStart() { 15282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos publishBinderService(Context.TRUST_SERVICE, mService); 15382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 15482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 15582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 15682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onBootPhase(int phase) { 15749d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (isSafeMode()) { 15849d53452e744f03593093f6588cea12a405f9ff5Adrian Roos // No trust agents in safe mode. 15949d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 16049d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 16149d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) { 16282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true); 1639dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos mReceiver.register(mContext); 164b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker); 165cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { 166cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos mTrustAgentsCanRun = true; 1674e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 168605733b09a187b1d520ebe125d6a03ef04c303b5Xiaohui Chen refreshDeviceLockedForUser(UserHandle.USER_ALL); 16949d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } else if (phase == SystemService.PHASE_BOOT_COMPLETED) { 17009e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_SYSTEM); 17182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 17282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 17382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 17482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Agent management 17582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 17682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final class AgentInfo { 17782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos CharSequence label; 17882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Drawable icon; 17982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ComponentName component; // service that implements ITrustAgent 18020914d79393aead044848a337ff4f802e4afb48eLingjun Li SettingsAttrs settings; // setting to launch to modify agent. 18182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TrustAgentWrapper agent; 18282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos int userId; 18382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 18482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 18582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public boolean equals(Object other) { 18682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (!(other instanceof AgentInfo)) { 18782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return false; 18882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 18982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo o = (AgentInfo) other; 19082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return component.equals(o.component) && userId == o.userId; 19182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 19482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public int hashCode() { 19582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return component.hashCode() * 31 + userId; 19682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void updateTrustAll() { 20082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */); 20182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (UserInfo userInfo : userInfos) { 20294e15a59b757678949cccb5d783bee1638e84697Adrian Roos updateTrust(userInfo.id, 0); 20382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 20482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 20582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 20694e15a59b757678949cccb5d783bee1638e84697Adrian Roos public void updateTrust(int userId, int flags) { 207c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean managed = aggregateIsTrustManaged(userId); 208c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos dispatchOnTrustManagedChanged(managed, userId); 209c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (mStrongAuthTracker.isTrustAllowedForUser(userId) 210c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos && isTrustUsuallyManagedInternal(userId) != managed) { 211c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos updateTrustUsuallyManaged(userId, managed); 212c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 213bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos boolean trusted = aggregateIsTrusted(userId); 214481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean changed; 215bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos synchronized (mUserIsTrusted) { 216481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos changed = mUserIsTrusted.get(userId) != trusted; 217bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos mUserIsTrusted.put(userId, trusted); 218bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 21994e15a59b757678949cccb5d783bee1638e84697Adrian Roos dispatchOnTrustChanged(trusted, userId, flags); 220481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (changed) { 221481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(userId); 222481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 22382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 22482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 225c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private void updateTrustUsuallyManaged(int userId, boolean managed) { 226c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 227c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mTrustUsuallyManagedForUser.put(userId, managed); 228c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 229c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // Wait a few minutes before committing to flash, in case the trust agent is transiently not 230c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // managing trust (crashed, needs to acknowledge DPM restrictions, etc). 231c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.removeMessages(MSG_FLUSH_TRUST_USUALLY_MANAGED); 232c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.sendMessageDelayed( 233c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.obtainMessage(MSG_FLUSH_TRUST_USUALLY_MANAGED), 234c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos TRUST_USUALLY_MANAGED_FLUSH_DELAY); 235c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 236c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 23793a145f6880f71332b8288774671392259a9b6dfLingjun Li public long addEscrowToken(byte[] token, int userId) { 23893a145f6880f71332b8288774671392259a9b6dfLingjun Li return mLockPatternUtils.addEscrowToken(token, userId); 23993a145f6880f71332b8288774671392259a9b6dfLingjun Li } 24093a145f6880f71332b8288774671392259a9b6dfLingjun Li 24193a145f6880f71332b8288774671392259a9b6dfLingjun Li public boolean removeEscrowToken(long handle, int userId) { 24293a145f6880f71332b8288774671392259a9b6dfLingjun Li return mLockPatternUtils.removeEscrowToken(handle, userId); 24393a145f6880f71332b8288774671392259a9b6dfLingjun Li } 24493a145f6880f71332b8288774671392259a9b6dfLingjun Li 24593a145f6880f71332b8288774671392259a9b6dfLingjun Li public boolean isEscrowTokenActive(long handle, int userId) { 24693a145f6880f71332b8288774671392259a9b6dfLingjun Li return mLockPatternUtils.isEscrowTokenActive(handle, userId); 24793a145f6880f71332b8288774671392259a9b6dfLingjun Li } 24893a145f6880f71332b8288774671392259a9b6dfLingjun Li 24993a145f6880f71332b8288774671392259a9b6dfLingjun Li public void unlockUserWithToken(long handle, byte[] token, int userId) { 25093a145f6880f71332b8288774671392259a9b6dfLingjun Li mLockPatternUtils.unlockUserWithToken(handle, token, userId); 25193a145f6880f71332b8288774671392259a9b6dfLingjun Li } 25293a145f6880f71332b8288774671392259a9b6dfLingjun Li 253ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin void showKeyguardErrorMessage(CharSequence message) { 254ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin dispatchOnTrustError(message); 255ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } 256ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin 257517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos void refreshAgentList(int userIdOrAll) { 258517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList(" + userIdOrAll + ")"); 259cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (!mTrustAgentsCanRun) { 26049d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 26149d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 262517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll != UserHandle.USER_ALL && userIdOrAll < UserHandle.USER_SYSTEM) { 263517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.e(TAG, "refreshAgentList(userId=" + userIdOrAll + "): Invalid user handle," 264e681c27dc62006358102a250b46726b7a88efe06Adrian Roos + " must be USER_ALL or a specific user.", new Throwable("here")); 265517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos userIdOrAll = UserHandle.USER_ALL; 266e681c27dc62006358102a250b46726b7a88efe06Adrian Roos } 26782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos PackageManager pm = mContext.getPackageManager(); 26882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 2694e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci List<UserInfo> userInfos; 270517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL) { 2714e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci userInfos = mUserManager.getUsers(true /* excludeDying */); 2724e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci } else { 2734e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci userInfos = new ArrayList<>(); 274517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos userInfos.add(mUserManager.getUserInfo(userIdOrAll)); 2754e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci } 2763870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos LockPatternUtils lockPatternUtils = mLockPatternUtils; 27782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 278c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>(); 279c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos obsoleteAgents.addAll(mActiveAgents); 28082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 28182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (UserInfo userInfo : userInfos) { 282fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos if (userInfo == null || userInfo.partial || !userInfo.isEnabled() 283fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos || userInfo.guestToRemove) continue; 2845d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!userInfo.supportsSwitchToByUser()) { 2855d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2865d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": switchToByUser=false"); 2875d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2885d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2895d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!mActivityManager.isUserRunning(userInfo.id)) { 2905d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2915d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": user not started"); 2925d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2935d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2945d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!lockPatternUtils.isSecure(userInfo.id)) { 2955d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2965d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": no secure credential"); 2975d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2985d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 29920914d79393aead044848a337ff4f802e4afb48eLingjun Li 3008f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager(); 3018f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id); 302604e7558ef32098644b2f9456d7743a07ae789dcJim Miller final boolean disableTrustAgents = 303ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 304ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 30582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id); 3068f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (enabledAgents == null) { 3075d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 3085d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": no agents enabled by user"); 30982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos continue; 31082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 3113870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id); 31282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 31382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ComponentName name = getComponentName(resolveInfo); 31482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 3155d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!enabledAgents.contains(name)) { 3165d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping " 3175d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + name.flattenToShortString() + " u"+ userInfo.id 3185d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": not enabled by user"); 3195d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 3205d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 3218f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (disableTrustAgents) { 322e303bf443532c2ad756260133f00747bcff11e69Jim Miller List<PersistableBundle> config = 323e303bf443532c2ad756260133f00747bcff11e69Jim Miller dpm.getTrustAgentConfiguration(null /* admin */, name, userInfo.id); 3248f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos // Disable agent if no features are enabled. 3255d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (config == null || config.isEmpty()) { 3265d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping " 3275d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + name.flattenToShortString() + " u"+ userInfo.id 3285d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": not allowed by DPM"); 3295d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 3305d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 3318f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 33282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo agentInfo = new AgentInfo(); 33382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.component = name; 33482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.userId = userInfo.id; 33582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (!mActiveAgents.contains(agentInfo)) { 33682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.label = resolveInfo.loadLabel(pm); 33782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.icon = resolveInfo.loadIcon(pm); 33820914d79393aead044848a337ff4f802e4afb48eLingjun Li agentInfo.settings = getSettingsAttrs(pm, resolveInfo); 33920914d79393aead044848a337ff4f802e4afb48eLingjun Li } else { 34020914d79393aead044848a337ff4f802e4afb48eLingjun Li int index = mActiveAgents.indexOf(agentInfo); 34120914d79393aead044848a337ff4f802e4afb48eLingjun Li agentInfo = mActiveAgents.valueAt(index); 34220914d79393aead044848a337ff4f802e4afb48eLingjun Li } 34320914d79393aead044848a337ff4f802e4afb48eLingjun Li 34420914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean directUnlock = resolveInfo.serviceInfo.directBootAware 34520914d79393aead044848a337ff4f802e4afb48eLingjun Li && agentInfo.settings.canUnlockProfile; 34620914d79393aead044848a337ff4f802e4afb48eLingjun Li 34720914d79393aead044848a337ff4f802e4afb48eLingjun Li if (directUnlock) { 34820914d79393aead044848a337ff4f802e4afb48eLingjun Li if (DEBUG) Slog.d(TAG, "refreshAgentList: trustagent " + name 34920914d79393aead044848a337ff4f802e4afb48eLingjun Li + "of user " + userInfo.id + "can unlock user profile."); 35020914d79393aead044848a337ff4f802e4afb48eLingjun Li } 35120914d79393aead044848a337ff4f802e4afb48eLingjun Li 352a65e6491e4aa90611045ecf696db4bf3328d09bcJeff Sharkey if (!mUserManager.isUserUnlockingOrUnlocked(userInfo.id) 35320914d79393aead044848a337ff4f802e4afb48eLingjun Li && !directUnlock) { 35420914d79393aead044848a337ff4f802e4afb48eLingjun Li if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 35593a145f6880f71332b8288774671392259a9b6dfLingjun Li + "'s trust agent " + name + ": FBE still locked and " 35620914d79393aead044848a337ff4f802e4afb48eLingjun Li + " the agent cannot unlock user profile."); 35720914d79393aead044848a337ff4f802e4afb48eLingjun Li continue; 35820914d79393aead044848a337ff4f802e4afb48eLingjun Li } 35920914d79393aead044848a337ff4f802e4afb48eLingjun Li 36020914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id)) { 36120914d79393aead044848a337ff4f802e4afb48eLingjun Li int flag = mStrongAuthTracker.getStrongAuthForUser(userInfo.id); 362327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT) { 363327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT 364327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal || !directUnlock) { 365327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (DEBUG) 366327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 367327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal + ": prevented by StrongAuthTracker = 0x" 368327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal + Integer.toHexString(mStrongAuthTracker.getStrongAuthForUser( 369327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal userInfo.id))); 370327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal continue; 371327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 37220914d79393aead044848a337ff4f802e4afb48eLingjun Li } 37320914d79393aead044848a337ff4f802e4afb48eLingjun Li } 37420914d79393aead044848a337ff4f802e4afb48eLingjun Li 375b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos if (agentInfo.agent == null) { 376b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos agentInfo.agent = new TrustAgentWrapper(mContext, this, 377b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos new Intent().setComponent(name), userInfo.getUserHandle()); 378b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos } 379b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos 38020914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!mActiveAgents.contains(agentInfo)) { 38182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mActiveAgents.add(agentInfo); 38282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } else { 383c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos obsoleteAgents.remove(agentInfo); 38482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 38582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 38682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 38782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 38882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos boolean trustMayHaveChanged = false; 389c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = 0; i < obsoleteAgents.size(); i++) { 390c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = obsoleteAgents.valueAt(i); 391517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL || userIdOrAll == info.userId) { 392e681c27dc62006358102a250b46726b7a88efe06Adrian Roos if (info.agent.isManagingTrust()) { 393e681c27dc62006358102a250b46726b7a88efe06Adrian Roos trustMayHaveChanged = true; 394e681c27dc62006358102a250b46726b7a88efe06Adrian Roos } 395fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 396e681c27dc62006358102a250b46726b7a88efe06Adrian Roos mActiveAgents.remove(info); 39782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 39882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 39982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 40082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (trustMayHaveChanged) { 401517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL) { 402cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos updateTrustAll(); 403cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else { 404517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos updateTrust(userIdOrAll, 0); 405cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 40682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 40782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 40882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 409481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean isDeviceLockedInner(int userId) { 410481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mDeviceLockedForUser) { 411481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos return mDeviceLockedForUser.get(userId, true); 412481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 413481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 414481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 415481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private void refreshDeviceLockedForUser(int userId) { 41609e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) { 4177e2e40e127f5b421f946427071a20d0e9d88ca03Adrian Roos Log.e(TAG, "refreshDeviceLockedForUser(userId=" + userId + "): Invalid user handle," 418481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos + " must be USER_ALL or a specific user.", new Throwable("here")); 419481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userId = UserHandle.USER_ALL; 420481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 421481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos List<UserInfo> userInfos; 422481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (userId == UserHandle.USER_ALL) { 423481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos = mUserManager.getUsers(true /* excludeDying */); 424481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } else { 425481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos = new ArrayList<>(); 426481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos.add(mUserManager.getUserInfo(userId)); 427481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 428481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 429481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos IWindowManager wm = WindowManagerGlobal.getWindowManagerService(); 430481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 431481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos for (int i = 0; i < userInfos.size(); i++) { 432481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos UserInfo info = userInfos.get(i); 433481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 434481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (info == null || info.partial || !info.isEnabled() || info.guestToRemove 4357cb69df507f5f7956c52a2868a0d6e89aec6dde2Xiaohui Chen || !info.supportsSwitchToByUser()) { 436481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos continue; 437481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 438481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 439481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos int id = info.id; 440481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean secure = mLockPatternUtils.isSecure(id); 441481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean trusted = aggregateIsTrusted(id); 442481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean showingKeyguard = true; 4433fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn boolean fingerprintAuthenticated = false; 4443fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn 445481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (mCurrentUser == id) { 4463fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn synchronized(mUsersUnlockedByFingerprint) { 4473fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn fingerprintAuthenticated = mUsersUnlockedByFingerprint.get(id, false); 4483fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn } 449481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos try { 450481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos showingKeyguard = wm.isKeyguardLocked(); 451481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } catch (RemoteException e) { 452481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 453481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 4543fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn boolean deviceLocked = secure && showingKeyguard && !trusted && 4553fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn !fingerprintAuthenticated; 45685a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull setDeviceLockedForUser(id, deviceLocked); 45785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 45885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 459481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 46085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull private void setDeviceLockedForUser(@UserIdInt int userId, boolean locked) { 46185a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull final boolean changed; 46285a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull synchronized (mDeviceLockedForUser) { 46385a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull changed = isDeviceLockedInner(userId) != locked; 46485a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull mDeviceLockedForUser.put(userId, locked); 46585a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 46685a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull if (changed) { 46785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull dispatchDeviceLocked(userId, locked); 468481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 469481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 470481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 471481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private void dispatchDeviceLocked(int userId, boolean isLocked) { 472481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 473481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos AgentInfo agent = mActiveAgents.valueAt(i); 474481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (agent.userId == userId) { 475481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (isLocked) { 476481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos agent.agent.onDeviceLocked(); 477481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } else{ 478481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos agent.agent.onDeviceUnlocked(); 479481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 480481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 481481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 482481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 483481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 4844e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci void updateDevicePolicyFeatures() { 4859d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos boolean changed = false; 4868f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 4878f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 4888f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (info.agent.isConnected()) { 4898f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos info.agent.updateDevicePolicyFeatures(); 4909d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos changed = true; 4918f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4928f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4939d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos if (changed) { 4949d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos mArchive.logDevicePolicyChanged(); 4959d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos } 4968f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4978f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos 498c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos private void removeAgentsOfPackage(String packageName) { 499c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos boolean trustMayHaveChanged = false; 500c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = mActiveAgents.size() - 1; i >= 0; i--) { 501c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 502c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (packageName.equals(info.component.getPackageName())) { 503c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos Log.i(TAG, "Resetting agent " + info.component.flattenToShortString()); 5047861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 505c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos trustMayHaveChanged = true; 506c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 507fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 508c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos mActiveAgents.removeAt(i); 509c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 510c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 511c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (trustMayHaveChanged) { 512c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos updateTrustAll(); 513c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 514c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 515c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 516c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos public void resetAgent(ComponentName name, int userId) { 517c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos boolean trustMayHaveChanged = false; 518c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = mActiveAgents.size() - 1; i >= 0; i--) { 519c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 520c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (name.equals(info.component) && userId == info.userId) { 521c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos Log.i(TAG, "Resetting agent " + info.component.flattenToShortString()); 5227861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 523c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos trustMayHaveChanged = true; 524c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 525fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 526c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos mActiveAgents.removeAt(i); 527c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 528c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 529c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (trustMayHaveChanged) { 53094e15a59b757678949cccb5d783bee1638e84697Adrian Roos updateTrust(userId, 0); 531c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 5324e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(userId); 533c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 534c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 53520914d79393aead044848a337ff4f802e4afb48eLingjun Li private SettingsAttrs getSettingsAttrs(PackageManager pm, ResolveInfo resolveInfo) { 53682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (resolveInfo == null || resolveInfo.serviceInfo == null 53782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos || resolveInfo.serviceInfo.metaData == null) return null; 53882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos String cn = null; 53920914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean canUnlockProfile = false; 54020914d79393aead044848a337ff4f802e4afb48eLingjun Li 54182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos XmlResourceParser parser = null; 54282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Exception caughtException = null; 54382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 54482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos parser = resolveInfo.serviceInfo.loadXmlMetaData(pm, 54582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TrustAgentService.TRUST_AGENT_META_DATA); 54682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (parser == null) { 54782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Slog.w(TAG, "Can't find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data"); 54882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 54982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 55082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo); 55182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AttributeSet attrs = Xml.asAttributeSet(parser); 55282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos int type; 55382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 55482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos && type != XmlPullParser.START_TAG) { 55582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Drain preamble. 55682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 55782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos String nodeName = parser.getName(); 5587e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos if (!"trust-agent".equals(nodeName)) { 5597e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos Slog.w(TAG, "Meta-data does not start with trust-agent tag"); 56082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 56182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 56282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TypedArray sa = res 56382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos .obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent); 56482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity); 56520914d79393aead044848a337ff4f802e4afb48eLingjun Li canUnlockProfile = sa.getBoolean( 56620914d79393aead044848a337ff4f802e4afb48eLingjun Li com.android.internal.R.styleable.TrustAgent_unlockProfile, false); 56782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos sa.recycle(); 56882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (PackageManager.NameNotFoundException e) { 56982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 57082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (IOException e) { 57182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 57282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (XmlPullParserException e) { 57382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 57482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } finally { 57582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (parser != null) parser.close(); 57682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 57782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (caughtException != null) { 57882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException); 57982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 58082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 58182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (cn == null) { 58282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 58382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 58482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (cn.indexOf('/') < 0) { 58582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos cn = resolveInfo.serviceInfo.packageName + "/" + cn; 58682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 58720914d79393aead044848a337ff4f802e4afb48eLingjun Li return new SettingsAttrs(ComponentName.unflattenFromString(cn), canUnlockProfile); 58882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 58982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 59082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private ComponentName getComponentName(ResolveInfo resolveInfo) { 59182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (resolveInfo == null || resolveInfo.serviceInfo == null) return null; 59282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name); 59382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 59482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 5953870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) { 5962f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(), 5972f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) { 5982f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos return; 5992f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos } 6002f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos PackageManager pm = mContext.getPackageManager(); 6012f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId); 602666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal ComponentName defaultAgent = getDefaultFactoryTrustAgent(mContext); 603666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal boolean shouldUseDefaultAgent = defaultAgent != null; 6042f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos ArraySet<ComponentName> discoveredAgents = new ArraySet<>(); 605666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal 606666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal if (shouldUseDefaultAgent) { 6072f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos discoveredAgents.add(defaultAgent); 608666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal Log.i(TAG, "Enabling " + defaultAgent + " because it is a default agent."); 609666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal } else { // A default agent is not set; perform regular trust agent discovery 610666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal for (ResolveInfo resolveInfo : resolveInfos) { 611666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal ComponentName componentName = getComponentName(resolveInfo); 612666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags; 613666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal if ((applicationInfoFlags & ApplicationInfo.FLAG_SYSTEM) == 0) { 614666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal Log.i(TAG, "Leaving agent " + componentName + " disabled because package " 615666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal + "is not a system package."); 616666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal continue; 617666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal } 618666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal discoveredAgents.add(componentName); 6193870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6202f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos } 6213870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 6222f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId); 6232f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos if (previouslyEnabledAgents != null) { 6242f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos discoveredAgents.addAll(previouslyEnabledAgents); 6253870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6262f19ad4aedc85f2929afb5ab662f30a0838dc521Adrian Roos utils.setEnabledTrustAgents(discoveredAgents, userId); 6273870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.putIntForUser(mContext.getContentResolver(), 6283870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId); 6293870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6303870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 631666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal /** 632666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal * Returns the {@link ComponentName} for the default trust agent, or {@code null} if there 633666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal * is no trust agent set. 634666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal */ 635666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal private static ComponentName getDefaultFactoryTrustAgent(Context context) { 636666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal String defaultTrustAgent = context.getResources() 637666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal .getString(com.android.internal.R.string.config_defaultTrustAgent); 638666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal if (TextUtils.isEmpty(defaultTrustAgent)) { 639666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal return null; 640666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal } 641666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal return ComponentName.unflattenFromString(defaultTrustAgent); 642666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal } 643666484d54d0da771e107f396b33891c2dc4d8f6dZachary Iqbal 6443870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) { 6453870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT, 64620914d79393aead044848a337ff4f802e4afb48eLingjun Li PackageManager.GET_META_DATA | 64768771eb837b0a7b94c120a450624d392496413ceAdrian Roos PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 64868771eb837b0a7b94c120a450624d392496413ceAdrian Roos userId); 6493870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size()); 6503870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 6513870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (resolveInfo.serviceInfo == null) continue; 6523870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (resolveInfo.serviceInfo.applicationInfo == null) continue; 6533870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos String packageName = resolveInfo.serviceInfo.packageName; 6543870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName) 6553870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos != PackageManager.PERMISSION_GRANTED) { 6563870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ComponentName name = getComponentName(resolveInfo); 6573870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Log.w(TAG, "Skipping agent " + name + " because package does not have" 6583870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos + " permission " + PERMISSION_PROVIDE_AGENT + "."); 6593870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos continue; 6603870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6613870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos allowedAgents.add(resolveInfo); 6623870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6633870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos return allowedAgents; 6643870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6653870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 66682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Agent dispatch and aggregation 66782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 66882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private boolean aggregateIsTrusted(int userId) { 669b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { 6707046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roos return false; 6717046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roos } 67282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 67382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo info = mActiveAgents.valueAt(i); 67482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.userId == userId) { 67582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.agent.isTrusted()) { 67682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return true; 67782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 67882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 67982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 68082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return false; 68182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 68282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 6837861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private boolean aggregateIsTrustManaged(int userId) { 684b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { 6857861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return false; 6867861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6877861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 6887861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 6897861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.userId == userId) { 6907861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 6917861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return true; 6927861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6937861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6947861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6957861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return false; 6967861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6977861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 69882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void dispatchUnlockAttempt(boolean successful, int userId) { 699517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (successful) { 700517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStrongAuthTracker.allowTrustFromUnlock(userId); 701517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 702517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 70382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 70482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo info = mActiveAgents.valueAt(i); 70582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.userId == userId) { 70682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos info.agent.onUnlockAttempt(successful); 70782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 70882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 709237b061182d36fd3bf2238092ccf3d529ec8877bJorim Jaggi } 710237b061182d36fd3bf2238092ccf3d529ec8877bJorim Jaggi 711327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal private void dispatchUnlockLockout(int timeoutMs, int userId) { 712327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal for (int i = 0; i < mActiveAgents.size(); i++) { 713327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal AgentInfo info = mActiveAgents.valueAt(i); 714327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (info.userId == userId) { 715327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal info.agent.onUnlockLockout(timeoutMs); 716327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 717327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 718327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 719327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal 72082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Listeners 72182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 72282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void addListener(ITrustListener listener) { 72382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 72482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (mTrustListeners.get(i).asBinder() == listener.asBinder()) { 72582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return; 72682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 72782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 72882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mTrustListeners.add(listener); 7293870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos updateTrustAll(); 73082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 73182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 73282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void removeListener(ITrustListener listener) { 73382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 73482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (mTrustListeners.get(i).asBinder() == listener.asBinder()) { 735979a32e4a0133e0b55210247aa776f57c17b9b9aJay Civelli mTrustListeners.remove(i); 73682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return; 73782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 73882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 73982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 74082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 74194e15a59b757678949cccb5d783bee1638e84697Adrian Roos private void dispatchOnTrustChanged(boolean enabled, int userId, int flags) { 742517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 743517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onTrustChanged(" + enabled + ", " + userId + ", 0x" 744517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + Integer.toHexString(flags) + ")"); 745517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 74694e15a59b757678949cccb5d783bee1638e84697Adrian Roos if (!enabled) flags = 0; 74782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 74882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 74994e15a59b757678949cccb5d783bee1638e84697Adrian Roos mTrustListeners.get(i).onTrustChanged(enabled, userId, flags); 750a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos } catch (DeadObjectException e) { 7517861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.d(TAG, "Removing dead TrustListener."); 7527861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mTrustListeners.remove(i); 7537861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos i--; 7547861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (RemoteException e) { 7557861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.e(TAG, "Exception while notifying TrustListener.", e); 7567861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7577861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7587861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7597861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 7607861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private void dispatchOnTrustManagedChanged(boolean managed, int userId) { 761517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 762517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onTrustManagedChanged(" + managed + ", " + userId + ")"); 763517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 7647861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 7657861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos try { 7667861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mTrustListeners.get(i).onTrustManagedChanged(managed, userId); 7677861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (DeadObjectException e) { 7687861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.d(TAG, "Removing dead TrustListener."); 769a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos mTrustListeners.remove(i); 770a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos i--; 77182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 772a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos Slog.e(TAG, "Exception while notifying TrustListener.", e); 77382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 77482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 77582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 77682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 777ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin private void dispatchOnTrustError(CharSequence message) { 778ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin if (DEBUG) { 779ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin Log.i(TAG, "onTrustError(" + message + ")"); 780ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } 781ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin for (int i = 0; i < mTrustListeners.size(); i++) { 782ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin try { 783ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin mTrustListeners.get(i).onTrustError(message); 784ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } catch (DeadObjectException e) { 785ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin Slog.d(TAG, "Removing dead TrustListener."); 786ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin mTrustListeners.remove(i); 787ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin i--; 788ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } catch (RemoteException e) { 789ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin Slog.e(TAG, "Exception while notifying TrustListener.", e); 790ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } 791ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } 792ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin } 793ef886544599f43e7ffc18b11b2d512b88709527cLucas Dupin 794cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos // User lifecycle 795cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 796cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos @Override 797cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos public void onStartUser(int userId) { 798481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget(); 799cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 800cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 801cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos @Override 802cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos public void onCleanupUser(int userId) { 803481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget(); 804481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 805481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 806481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @Override 807481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void onSwitchUser(int userId) { 808481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget(); 809cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 810cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 81168771eb837b0a7b94c120a450624d392496413ceAdrian Roos @Override 81268771eb837b0a7b94c120a450624d392496413ceAdrian Roos public void onUnlockUser(int userId) { 81368771eb837b0a7b94c120a450624d392496413ceAdrian Roos mHandler.obtainMessage(MSG_UNLOCK_USER, userId, 0, null).sendToTarget(); 81468771eb837b0a7b94c120a450624d392496413ceAdrian Roos } 81568771eb837b0a7b94c120a450624d392496413ceAdrian Roos 81685a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull @Override 81785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull public void onStopUser(@UserIdInt int userId) { 81885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull mHandler.obtainMessage(MSG_STOP_USER, userId, 0, null).sendToTarget(); 81985a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 82085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull 82182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Plumbing 82282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 82382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final IBinder mService = new ITrustManager.Stub() { 82482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 82582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException { 82682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceReportPermission(); 82782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId) 82882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos .sendToTarget(); 82982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 83082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 83182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 832327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal public void reportUnlockLockout(int timeoutMs, int userId) throws RemoteException { 833327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal enforceReportPermission(); 834327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_LOCKOUT, timeoutMs, userId) 835327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal .sendToTarget(); 836327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 837327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal 838327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal @Override 83982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException { 84082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceReportPermission(); 84182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // coalesce refresh messages. 84282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED); 84382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED); 84482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 84582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 84682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 847481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void reportKeyguardShowingChanged() throws RemoteException { 848481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos enforceReportPermission(); 849481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos // coalesce refresh messages. 850481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED); 851481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED); 8525277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi 8535277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi // Make sure handler processes the message before returning, such that isDeviceLocked 8545277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi // after this call will retrieve the correct value. 8555277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi mHandler.runWithScissors(() -> {}, 0); 856481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 857481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 858481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @Override 85982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void registerTrustListener(ITrustListener trustListener) throws RemoteException { 86082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceListenerPermission(); 86182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget(); 86282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 86382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 86482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 86582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException { 86682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceListenerPermission(); 86782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget(); 86882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 86982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 870bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos @Override 87150bfeec868157106e8b60abf8964cb24462af182Adrian Roos public boolean isDeviceLocked(int userId) throws RemoteException { 872bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, 87350bfeec868157106e8b60abf8964cb24462af182Adrian Roos false /* allowAll */, true /* requireFull */, "isDeviceLocked", null); 87450bfeec868157106e8b60abf8964cb24462af182Adrian Roos 875078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri long token = Binder.clearCallingIdentity(); 876078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri try { 877078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 878078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri userId = resolveProfileParent(userId); 879078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } 880078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri return isDeviceLockedInner(userId); 881078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } finally { 882078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri Binder.restoreCallingIdentity(token); 883078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } 884bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 885bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos 88682893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos @Override 88782893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos public boolean isDeviceSecure(int userId) throws RemoteException { 88882893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, 88982893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos false /* allowAll */, true /* requireFull */, "isDeviceSecure", null); 89082893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos 89182893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos long token = Binder.clearCallingIdentity(); 89282893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos try { 8938d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 8948d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri userId = resolveProfileParent(userId); 8958d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri } 896a1771110d67fa7361f92d92f2e91019882ce3305Clara Bayarri return mLockPatternUtils.isSecure(userId); 89782893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } finally { 89882893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos Binder.restoreCallingIdentity(token); 89982893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } 90082893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } 90182893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos 90282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void enforceReportPermission() { 9032c12cfa1d53b586ae8a8d6aca64a4de771dc85b0Adrian Roos mContext.enforceCallingOrSelfPermission( 9042c12cfa1d53b586ae8a8d6aca64a4de771dc85b0Adrian Roos Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events"); 90582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 90682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 90782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void enforceListenerPermission() { 90882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER, 90982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos "register trust listener"); 91082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 9117a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 9127a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos @Override 9137a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) { 914fe9a53bc45fd0124a876dc0a49680aaf86641d3eJeff Sharkey if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return; 91549d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (isSafeMode()) { 91649d53452e744f03593093f6588cea12a405f9ff5Adrian Roos fout.println("disabled because the system is in safe mode."); 91749d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 91849d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 919cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (!mTrustAgentsCanRun) { 920cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos fout.println("disabled because the third-party apps can't run yet."); 921cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return; 922cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 9237a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */); 9247a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mHandler.runWithScissors(new Runnable() { 9257a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos @Override 9267a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos public void run() { 9277a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println("Trust manager state:"); 9287a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos for (UserInfo user : userInfos) { 929481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos dumpUser(fout, user, user.id == mCurrentUser); 9307a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9317a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9327a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos }, 1500); 9337a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9347a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 9357a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) { 9367a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.printf(" User \"%s\" (id=%d, flags=%#x)", 9377a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos user.name, user.id, user.flags); 9387cb69df507f5f7956c52a2868a0d6e89aec6dde2Xiaohui Chen if (!user.supportsSwitchToByUser()) { 939481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.println("(managed profile)"); 940481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.println(" disabled because switching to this user is not possible."); 941481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos return; 942481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 9437a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (isCurrent) { 9447a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(" (current)"); 9457a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9467a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id))); 9477861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id))); 948481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id))); 949b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos fout.print(", strongAuthRequired=" + dumpHex( 950b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos mStrongAuthTracker.getStrongAuthForUser(user.id))); 9517a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(); 9527a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" Enabled agents:"); 9537a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos boolean duplicateSimpleNames = false; 9547a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos ArraySet<String> simpleNames = new ArraySet<String>(); 9557a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos for (AgentInfo info : mActiveAgents) { 9567a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (info.userId != user.id) { continue; } 9577a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos boolean trusted = info.agent.isTrusted(); 9587a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(" "); fout.println(info.component.flattenToShortString()); 959c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.print(" bound=" + dumpBool(info.agent.isBound())); 960c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.print(", connected=" + dumpBool(info.agent.isConnected())); 9617861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust())); 9627861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", trusted=" + dumpBool(trusted)); 9637861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.println(); 9647a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (trusted) { 9657a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" message=\"" + info.agent.getMessage() + "\""); 9667a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 967c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (!info.agent.isConnected()) { 968c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos String restartTime = TrustArchive.formatDuration( 969c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos info.agent.getScheduledRestartUptimeMillis() 970c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos - SystemClock.uptimeMillis()); 971c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.println(" restartScheduledAt=" + restartTime); 972c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 9737a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) { 9747a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos duplicateSimpleNames = true; 9757a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9767a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9777a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" Events:"); 9787a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mArchive.dump(fout, 50, user.id, " " /* linePrefix */, duplicateSimpleNames); 9797a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(); 9807a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9817a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 9827a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos private String dumpBool(boolean b) { 9837a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos return b ? "1" : "0"; 9847a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 985b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 986b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private String dumpHex(int i) { 987b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos return "0x" + Integer.toHexString(i); 988b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos } 98956878a93989a49538fabccfb7218face645030bfClara Bayarri 99056878a93989a49538fabccfb7218face645030bfClara Bayarri @Override 99183a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu public void setDeviceLockedForUser(int userId, boolean locked) { 99200a9b890853e9660dde5854fe786b80f6c3e616cClara Bayarri enforceReportPermission(); 993e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu final long identity = Binder.clearCallingIdentity(); 994e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu try { 995e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 996e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu synchronized (mDeviceLockedForUser) { 997e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu mDeviceLockedForUser.put(userId, locked); 998e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } 999e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu if (locked) { 1000e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu try { 1001dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0Sudheer Shanka ActivityManager.getService().notifyLockedProfile(userId); 1002e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } catch (RemoteException e) { 1003e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } 100483a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 100592b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee final Intent lockIntent = new Intent(Intent.ACTION_DEVICE_LOCKED_CHANGED); 100692b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee lockIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 100792b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee lockIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId); 100892b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee mContext.sendBroadcastAsUser(lockIntent, UserHandle.SYSTEM, 100992b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee Manifest.permission.TRUST_LISTENER, /* options */ null); 101083a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 1011e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } finally { 1012e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu Binder.restoreCallingIdentity(identity); 101383a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 101456878a93989a49538fabccfb7218face645030bfClara Bayarri } 1015c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 1016c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos @Override 1017c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos public boolean isTrustUsuallyManaged(int userId) { 1018c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER, 1019c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos "query trust state"); 1020c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return isTrustUsuallyManagedInternal(userId); 1021c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 10223fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn 10233fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn @Override 10243fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn public void unlockedByFingerprintForUser(int userId) { 10253fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn enforceReportPermission(); 10263fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn synchronized(mUsersUnlockedByFingerprint) { 10273fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn mUsersUnlockedByFingerprint.put(userId, true); 10283fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn } 10293fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, userId, 10303fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn 0 /* arg2 */).sendToTarget(); 10313fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn } 10323fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn 10333fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn @Override 10343fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn public void clearAllFingerprints() { 10353fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn enforceReportPermission(); 10363fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn synchronized(mUsersUnlockedByFingerprint) { 10373fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn mUsersUnlockedByFingerprint.clear(); 10383fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn } 10393fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, UserHandle.USER_ALL, 10403fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn 0 /* arg2 */).sendToTarget(); 10413fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn } 104282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 104382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1044c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private boolean isTrustUsuallyManagedInternal(int userId) { 1045c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1046c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int i = mTrustUsuallyManagedForUser.indexOfKey(userId); 1047c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (i >= 0) { 1048c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return mTrustUsuallyManagedForUser.valueAt(i); 1049c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1050c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1051c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // It's not in memory yet, get the value from persisted storage instead 1052c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean persistedValue = mLockPatternUtils.isTrustUsuallyManaged(userId); 1053c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1054c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int i = mTrustUsuallyManagedForUser.indexOfKey(userId); 1055c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (i >= 0) { 1056c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // Someone set the trust usually managed in the mean time. Better use that. 1057c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return mTrustUsuallyManagedForUser.valueAt(i); 1058c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } else { 1059c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // .. otherwise it's safe to cache the fetched value now. 1060c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mTrustUsuallyManagedForUser.put(userId, persistedValue); 1061c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return persistedValue; 1062c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1063c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1064c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1065c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 1066bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private int resolveProfileParent(int userId) { 1067bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos long identity = Binder.clearCallingIdentity(); 1068bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos try { 1069bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos UserInfo parent = mUserManager.getProfileParent(userId); 1070bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos if (parent != null) { 1071bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos return parent.getUserHandle().getIdentifier(); 1072bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 1073bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos return userId; 1074bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } finally { 1075bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos Binder.restoreCallingIdentity(identity); 1076bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 1077bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 1078bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos 107982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Handler mHandler = new Handler() { 108082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 108182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void handleMessage(Message msg) { 108282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos switch (msg.what) { 108382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_REGISTER_LISTENER: 108482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos addListener((ITrustListener) msg.obj); 108582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 108682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_UNREGISTER_LISTENER: 108782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos removeListener((ITrustListener) msg.obj); 108882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 108982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_DISPATCH_UNLOCK_ATTEMPT: 109082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2); 109182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 1092327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal case MSG_DISPATCH_UNLOCK_LOCKOUT: 1093327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal dispatchUnlockLockout(msg.arg1, msg.arg2); 1094327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal break; 109582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_ENABLED_AGENTS_CHANGED: 10964e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 1097481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos // This is also called when the security mode of a user changes. 1098481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(UserHandle.USER_ALL); 109982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 1100481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_KEYGUARD_SHOWING_CHANGED: 11017e2e40e127f5b421f946427071a20d0e9d88ca03Adrian Roos refreshDeviceLockedForUser(mCurrentUser); 1102481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 1103481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_START_USER: 1104481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_CLEANUP_USER: 110568771eb837b0a7b94c120a450624d392496413ceAdrian Roos case MSG_UNLOCK_USER: 1106481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshAgentList(msg.arg1); 1107481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 1108481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_SWITCH_USER: 1109481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mCurrentUser = msg.arg1; 1110481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(UserHandle.USER_ALL); 1111481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 111285a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull case MSG_STOP_USER: 111385a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull setDeviceLockedForUser(msg.arg1, true); 111485a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull break; 1115c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos case MSG_FLUSH_TRUST_USUALLY_MANAGED: 1116c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos SparseBooleanArray usuallyManaged; 1117c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1118c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos usuallyManaged = mTrustUsuallyManagedForUser.clone(); 1119c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1120c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 1121c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos for (int i = 0; i < usuallyManaged.size(); i++) { 1122c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int userId = usuallyManaged.keyAt(i); 1123c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean value = usuallyManaged.valueAt(i); 1124c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (value != mLockPatternUtils.isTrustUsuallyManaged(userId)) { 1125c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mLockPatternUtils.setTrustUsuallyManaged(value, userId); 1126c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1127c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 112868771eb837b0a7b94c120a450624d392496413ceAdrian Roos break; 11293fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn case MSG_REFRESH_DEVICE_LOCKED_FOR_USER: 11303fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn refreshDeviceLockedForUser(msg.arg1); 11313fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn break; 113282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 113382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 113482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 113582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 113682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final PackageMonitor mPackageMonitor = new PackageMonitor() { 113782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 113882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onSomePackagesChanged() { 11394e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 114082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 114182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 114282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 114382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public boolean onPackageChanged(String packageName, int uid, String[] components) { 114482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // We're interested in all changes, even if just some components get enabled / disabled. 114582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return true; 114682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 1147c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 1148c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos @Override 1149c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos public void onPackageDisappeared(String packageName, int reason) { 1150c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos removeAgentsOfPackage(packageName); 1151c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 115282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 1153ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 115420914d79393aead044848a337ff4f802e4afb48eLingjun Li private static class SettingsAttrs { 115520914d79393aead044848a337ff4f802e4afb48eLingjun Li public ComponentName componentName; 115620914d79393aead044848a337ff4f802e4afb48eLingjun Li public boolean canUnlockProfile; 115720914d79393aead044848a337ff4f802e4afb48eLingjun Li 115820914d79393aead044848a337ff4f802e4afb48eLingjun Li public SettingsAttrs( 115920914d79393aead044848a337ff4f802e4afb48eLingjun Li ComponentName componentName, 116020914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean canUnlockProfile) { 116120914d79393aead044848a337ff4f802e4afb48eLingjun Li this.componentName = componentName; 116220914d79393aead044848a337ff4f802e4afb48eLingjun Li this.canUnlockProfile = canUnlockProfile; 116320914d79393aead044848a337ff4f802e4afb48eLingjun Li } 116420914d79393aead044848a337ff4f802e4afb48eLingjun Li }; 116520914d79393aead044848a337ff4f802e4afb48eLingjun Li 11669dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos private class Receiver extends BroadcastReceiver { 1167ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 1168ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos @Override 1169ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos public void onReceive(Context context, Intent intent) { 11703870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos String action = intent.getAction(); 11713870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action)) { 11724e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(getSendingUserId()); 11734e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci updateDevicePolicyFeatures(); 11743870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } else if (Intent.ACTION_USER_ADDED.equals(action)) { 1175cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = getUserId(intent); 11763870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (userId > 0) { 11773870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos maybeEnableFactoryTrustAgents(mLockPatternUtils, userId); 11783870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 1179cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 1180cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = getUserId(intent); 1181cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (userId > 0) { 1182481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mUserIsTrusted) { 1183481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mUserIsTrusted.delete(userId); 1184481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 1185481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mDeviceLockedForUser) { 1186481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mDeviceLockedForUser.delete(userId); 1187481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 1188ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1189ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos mTrustUsuallyManagedForUser.delete(userId); 1190ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos } 11913fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn synchronized (mUsersUnlockedByFingerprint) { 11923fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn mUsersUnlockedByFingerprint.delete(userId); 11933fdbbf87bd0c7a1b8cca3ef0ff5a441876d5c8d1Kevin Chyn } 1194cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos refreshAgentList(userId); 1195481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(userId); 1196cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1197cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1198cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1199cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 1200cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private int getUserId(Intent intent) { 1201cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -100); 1202cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (userId > 0) { 1203cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return userId; 1204cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else { 1205cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos Slog.wtf(TAG, "EXTRA_USER_HANDLE missing or invalid, value=" + userId); 1206cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return -100; 1207ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1208ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1209ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 1210ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos public void register(Context context) { 12119dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos IntentFilter filter = new IntentFilter(); 12129dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 12133870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos filter.addAction(Intent.ACTION_USER_ADDED); 1214cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos filter.addAction(Intent.ACTION_USER_REMOVED); 1215ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos context.registerReceiverAsUser(this, 1216ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos UserHandle.ALL, 12179dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos filter, 1218ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos null /* permission */, 1219ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos null /* scheduler */); 1220ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1221ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1222517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1223517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker { 1224517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1225517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos SparseBooleanArray mStartFromSuccessfulUnlock = new SparseBooleanArray(); 1226517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1227517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos public StrongAuthTracker(Context context) { 1228517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos super(context); 1229517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1230517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1231517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos @Override 1232517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos public void onStrongAuthRequiredChanged(int userId) { 1233517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStartFromSuccessfulUnlock.delete(userId); 1234517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1235517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 1236517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onStrongAuthRequiredChanged(" + userId + ") ->" 1237517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " trustAllowed=" + isTrustAllowedForUser(userId) 1238517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " agentsCanRun=" + canAgentsRunForUser(userId)); 1239517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1240517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1241517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos refreshAgentList(userId); 1242517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1243517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos // The list of active trust agents may not have changed, if there was a previous call 1244517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos // to allowTrustFromUnlock, so we update the trust here too. 1245517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos updateTrust(userId, 0 /* flags */); 1246517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1247517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1248517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos boolean canAgentsRunForUser(int userId) { 1249517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos return mStartFromSuccessfulUnlock.get(userId) 1250517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos || super.isTrustAllowedForUser(userId); 1251517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1252517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1253517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos /** 1254517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * Temporarily suppress strong auth requirements for {@param userId} until strong auth 1255517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * changes again. Must only be called when we know about a successful unlock already 1256517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * before the underlying StrongAuthTracker. 1257517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * 1258517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * Note that this only changes whether trust agents can be started, not the actual trusted 1259517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * value. 1260517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos */ 1261517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos void allowTrustFromUnlock(int userId) { 1262517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userId < UserHandle.USER_SYSTEM) { 1263517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos throw new IllegalArgumentException("userId must be a valid user: " + userId); 1264517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1265517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos boolean previous = canAgentsRunForUser(userId); 1266517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStartFromSuccessfulUnlock.put(userId, true); 1267517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1268517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 1269517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "allowTrustFromUnlock(" + userId + ") ->" 1270517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " trustAllowed=" + isTrustAllowedForUser(userId) 1271517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " agentsCanRun=" + canAgentsRunForUser(userId)); 1272517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1273517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1274517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (canAgentsRunForUser(userId) != previous) { 1275517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos refreshAgentList(userId); 1276517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1277517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1278517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 127982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos} 1280