TrustAgentWrapper.java revision 604e7558ef32098644b2f9456d7743a07ae789dc
1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.trust; 18 19import android.app.admin.DevicePolicyManager; 20import android.content.BroadcastReceiver; 21import android.content.ComponentName; 22import android.content.Context; 23import android.content.Intent; 24import android.content.IntentFilter; 25import android.content.ServiceConnection; 26import android.os.Bundle; 27import android.os.Handler; 28import android.os.IBinder; 29import android.os.Message; 30import android.os.RemoteException; 31import android.os.SystemClock; 32import android.os.UserHandle; 33import android.util.Log; 34import android.util.Slog; 35import android.service.trust.ITrustAgentService; 36import android.service.trust.ITrustAgentServiceCallback; 37import android.service.trust.TrustAgentService; 38 39import java.util.ArrayList; 40import java.util.List; 41 42/** 43 * A wrapper around a TrustAgentService interface. Coordinates communication between 44 * TrustManager and the actual TrustAgent. 45 */ 46public class TrustAgentWrapper { 47 private static final boolean DEBUG = false; 48 private static final String TAG = "TrustAgentWrapper"; 49 50 private static final int MSG_GRANT_TRUST = 1; 51 private static final int MSG_REVOKE_TRUST = 2; 52 private static final int MSG_TRUST_TIMEOUT = 3; 53 private static final int MSG_RESTART_TIMEOUT = 4; 54 private static final int MSG_DPM_CHANGED = 5; 55 56 /** 57 * Time in uptime millis that we wait for the service connection, both when starting 58 * and when the service disconnects. 59 */ 60 private static final long RESTART_TIMEOUT_MILLIS = 5 * 60000; 61 62 /** 63 * Long extra for {@link #MSG_GRANT_TRUST} 64 */ 65 private static final String DATA_DURATION = "duration"; 66 67 private final TrustManagerService mTrustManagerService; 68 private final int mUserId; 69 private final Context mContext; 70 private final ComponentName mName; 71 72 private ITrustAgentService mTrustAgentService; 73 private boolean mBound; 74 private long mScheduledRestartUptimeMillis; 75 76 // Trust state 77 private boolean mTrusted; 78 private CharSequence mMessage; 79 private boolean mTrustDisabledByDpm; 80 81 private final Handler mHandler = new Handler() { 82 @Override 83 public void handleMessage(Message msg) { 84 switch (msg.what) { 85 case MSG_GRANT_TRUST: 86 if (!isConnected()) { 87 Log.w(TAG, "Agent is not connected, cannot grant trust: " 88 + mName.flattenToShortString()); 89 return; 90 } 91 mTrusted = true; 92 mMessage = (CharSequence) msg.obj; 93 boolean initiatedByUser = msg.arg1 != 0; 94 // TODO: Handle initiatedByUser. 95 long durationMs = msg.getData().getLong(DATA_DURATION); 96 if (durationMs > 0) { 97 mHandler.removeMessages(MSG_TRUST_TIMEOUT); 98 mHandler.sendEmptyMessageDelayed(MSG_TRUST_TIMEOUT, durationMs); 99 } 100 mTrustManagerService.mArchive.logGrantTrust(mUserId, mName, 101 (mMessage != null ? mMessage.toString() : null), 102 durationMs, initiatedByUser); 103 mTrustManagerService.updateTrust(mUserId); 104 break; 105 case MSG_TRUST_TIMEOUT: 106 if (DEBUG) Slog.v(TAG, "Trust timed out : " + mName.flattenToShortString()); 107 mTrustManagerService.mArchive.logTrustTimeout(mUserId, mName); 108 // Fall through. 109 case MSG_REVOKE_TRUST: 110 mTrusted = false; 111 mMessage = null; 112 mHandler.removeMessages(MSG_TRUST_TIMEOUT); 113 if (msg.what == MSG_REVOKE_TRUST) { 114 mTrustManagerService.mArchive.logRevokeTrust(mUserId, mName); 115 } 116 mTrustManagerService.updateTrust(mUserId); 117 break; 118 case MSG_RESTART_TIMEOUT: 119 unbind(); 120 mTrustManagerService.resetAgent(mName, mUserId); 121 break; 122 case MSG_DPM_CHANGED: 123 updateDevicePolicyFeatures(mName); 124 break; 125 } 126 } 127 }; 128 129 private ITrustAgentServiceCallback mCallback = new ITrustAgentServiceCallback.Stub() { 130 131 @Override 132 public void grantTrust(CharSequence userMessage, long durationMs, boolean initiatedByUser) { 133 if (DEBUG) Slog.v(TAG, "enableTrust(" + userMessage + ", durationMs = " + durationMs 134 + ", initiatedByUser = " + initiatedByUser + ")"); 135 136 Message msg = mHandler.obtainMessage( 137 MSG_GRANT_TRUST, initiatedByUser ? 1 : 0, 0, userMessage); 138 msg.getData().putLong(DATA_DURATION, durationMs); 139 msg.sendToTarget(); 140 } 141 142 @Override 143 public void revokeTrust() { 144 if (DEBUG) Slog.v(TAG, "revokeTrust()"); 145 mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); 146 } 147 }; 148 149 private final ServiceConnection mConnection = new ServiceConnection() { 150 @Override 151 public void onServiceConnected(ComponentName name, IBinder service) { 152 if (DEBUG) Log.v(TAG, "TrustAgent started : " + name.flattenToString()); 153 mHandler.removeMessages(MSG_RESTART_TIMEOUT); 154 mTrustAgentService = ITrustAgentService.Stub.asInterface(service); 155 mTrustManagerService.mArchive.logAgentConnected(mUserId, name); 156 setCallback(mCallback); 157 updateDevicePolicyFeatures(name); 158 watchForDpmChanges(true); 159 } 160 161 @Override 162 public void onServiceDisconnected(ComponentName name) { 163 if (DEBUG) Log.v(TAG, "TrustAgent disconnected : " + name.flattenToShortString()); 164 mTrustAgentService = null; 165 mTrustManagerService.mArchive.logAgentDied(mUserId, name); 166 mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); 167 if (mBound) { 168 scheduleRestart(); 169 } 170 // mTrustDisabledByDpm maintains state 171 watchForDpmChanges(false); 172 } 173 }; 174 175 private BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() { 176 177 @Override 178 public void onReceive(Context context, Intent intent) { 179 if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED 180 .equals(intent.getAction())) { 181 mHandler.sendEmptyMessage(MSG_DPM_CHANGED); 182 } 183 } 184 }; 185 186 public TrustAgentWrapper(Context context, TrustManagerService trustManagerService, 187 Intent intent, UserHandle user) { 188 mContext = context; 189 mTrustManagerService = trustManagerService; 190 mUserId = user.getIdentifier(); 191 mName = intent.getComponent(); 192 // Schedules a restart for when connecting times out. If the connection succeeds, 193 // the restart is canceled in mCallback's onConnected. 194 scheduleRestart(); 195 mBound = context.bindServiceAsUser(intent, mConnection, Context.BIND_AUTO_CREATE, user); 196 if (!mBound) { 197 Log.e(TAG, "Can't bind to TrustAgent " + mName.flattenToShortString()); 198 } 199 } 200 201 private void onError(Exception e) { 202 Slog.w(TAG , "Remote Exception", e); 203 } 204 205 /** 206 * @see android.service.trust.TrustAgentService#onUnlockAttempt(boolean) 207 */ 208 public void onUnlockAttempt(boolean successful) { 209 try { 210 if (mTrustAgentService != null) mTrustAgentService.onUnlockAttempt(successful); 211 } catch (RemoteException e) { 212 onError(e); 213 } 214 } 215 216 private void setCallback(ITrustAgentServiceCallback callback) { 217 try { 218 if (mTrustAgentService != null) { 219 mTrustAgentService.setCallback(callback); 220 } 221 } catch (RemoteException e) { 222 onError(e); 223 } 224 } 225 226 private void watchForDpmChanges(boolean start) { 227 if (start) { 228 final IntentFilter filter = new IntentFilter(); 229 filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 230 filter.addAction(Intent.ACTION_USER_REMOVED); 231 mContext.registerReceiver(mBroadcastReceiver, filter); 232 } else { 233 mContext.unregisterReceiver(mBroadcastReceiver); 234 } 235 } 236 237 private boolean updateDevicePolicyFeatures(ComponentName name) { 238 boolean trustDisabled = false; 239 if (DEBUG) Slog.v(TAG, "updateDevicePolicyFeatures(" + name + ")"); 240 try { 241 if (mTrustAgentService != null) { 242 DevicePolicyManager dpm = 243 (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); 244 if (dpm != null) { 245 // If trust disabled, only enable it if the options bundle is set and 246 // accepted by the TrustAgent. 247 if ((dpm.getKeyguardDisabledFeatures(null) 248 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) { 249 List<String> features = dpm.getTrustAgentFeaturesEnabled(null, name); 250 if (DEBUG) Slog.v(TAG, "Detected trust agents disabled. Features = " + features); 251 if (features != null && features.size() > 0) { 252 Bundle bundle = new Bundle(); 253 bundle.putStringArrayList(TrustAgentService.KEY_FEATURES, 254 (ArrayList<String>)features); 255 if (DEBUG) { 256 Slog.v(TAG, "TrustAgent " + name.flattenToShortString() 257 + " disabled except "+ features); 258 } 259 trustDisabled = mTrustAgentService.setTrustAgentFeaturesEnabled(bundle); 260 } else { 261 if (DEBUG) Slog.v(TAG, "TrustAgent " + name + " disabled by flag"); 262 trustDisabled = true; // trust agent should be disabled 263 } 264 } 265 } else { 266 Log.e(TAG, "Can't get DevicePolicyManagerService: is it running?", 267 new IllegalStateException("Stack trace:")); 268 } 269 } 270 } catch (RemoteException e) { 271 onError(e); 272 } 273 if (mTrustDisabledByDpm != trustDisabled) { 274 mTrustDisabledByDpm = trustDisabled; 275 mTrustManagerService.updateTrust(mUserId); 276 } 277 return trustDisabled; 278 } 279 280 public boolean isTrusted() { 281 return mTrusted && !mTrustDisabledByDpm; 282 } 283 284 public CharSequence getMessage() { 285 return mMessage; 286 } 287 288 public void unbind() { 289 if (!mBound) { 290 return; 291 } 292 if (DEBUG) Log.v(TAG, "TrustAgent unbound : " + mName.flattenToShortString()); 293 mTrustManagerService.mArchive.logAgentStopped(mUserId, mName); 294 mContext.unbindService(mConnection); 295 mBound = false; 296 mTrustAgentService = null; 297 mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); 298 mHandler.removeMessages(MSG_RESTART_TIMEOUT); 299 } 300 301 public boolean isConnected() { 302 return mTrustAgentService != null; 303 } 304 305 public boolean isBound() { 306 return mBound; 307 } 308 309 /** 310 * If not connected, returns the time at which the agent is restarted. 311 * 312 * @return restart time in uptime millis. 313 */ 314 public long getScheduledRestartUptimeMillis() { 315 return mScheduledRestartUptimeMillis; 316 } 317 318 private void scheduleRestart() { 319 mHandler.removeMessages(MSG_RESTART_TIMEOUT); 320 mScheduledRestartUptimeMillis = SystemClock.uptimeMillis() + RESTART_TIMEOUT_MILLIS; 321 mHandler.sendEmptyMessageAtTime(MSG_RESTART_TIMEOUT, mScheduledRestartUptimeMillis); 322 } 323} 324