TrustManagerService.java revision 8f21158fe64eb93ff005dc1b831b282b95531023
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
15 */
16
17package com.android.server.trust;
18
19import com.android.internal.content.PackageMonitor;
20import com.android.internal.widget.LockPatternUtils;
21import com.android.server.SystemService;
22
23import org.xmlpull.v1.XmlPullParser;
24import org.xmlpull.v1.XmlPullParserException;
25
26import android.Manifest;
27import android.app.ActivityManagerNative;
28import android.app.admin.DevicePolicyManager;
29import android.app.trust.ITrustListener;
30import android.app.trust.ITrustManager;
31import android.content.BroadcastReceiver;
32import android.content.ComponentName;
33import android.content.Context;
34import android.content.Intent;
35import android.content.IntentFilter;
36import android.content.pm.PackageManager;
37import android.content.pm.ResolveInfo;
38import android.content.pm.UserInfo;
39import android.content.res.Resources;
40import android.content.res.TypedArray;
41import android.content.res.XmlResourceParser;
42import android.graphics.drawable.Drawable;
43import android.os.DeadObjectException;
44import android.os.Handler;
45import android.os.IBinder;
46import android.os.Message;
47import android.os.RemoteException;
48import android.os.SystemClock;
49import android.os.UserHandle;
50import android.os.UserManager;
51import android.service.trust.TrustAgentService;
52import android.util.ArraySet;
53import android.util.AttributeSet;
54import android.util.Log;
55import android.util.Slog;
56import android.util.SparseBooleanArray;
57import android.util.Xml;
58
59import java.io.FileDescriptor;
60import java.io.IOException;
61import java.io.PrintWriter;
62import java.util.ArrayList;
63import java.util.List;
64
65/**
66 * Manages trust agents and trust listeners.
67 *
68 * It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s
69 * of each user and notifies them about events that are relevant to them.
70 * It start and stops them based on the value of
71 * {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}.
72 *
73 * It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the
74 * trust state changes for any user.
75 *
76 * Trust state and the setting of enabled agents is kept per user and each user has its own
77 * instance of a {@link android.service.trust.TrustAgentService}.
78 */
79public class TrustManagerService extends SystemService {
80
81    private static final boolean DEBUG = false;
82    private static final String TAG = "TrustManagerService";
83
84    private static final Intent TRUST_AGENT_INTENT =
85            new Intent(TrustAgentService.SERVICE_INTERFACE);
86    private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;
87
88    private static final int MSG_REGISTER_LISTENER = 1;
89    private static final int MSG_UNREGISTER_LISTENER = 2;
90    private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3;
91    private static final int MSG_ENABLED_AGENTS_CHANGED = 4;
92    private static final int MSG_REQUIRE_CREDENTIAL_ENTRY = 5;
93
94    private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<AgentInfo>();
95    private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<ITrustListener>();
96    private final DevicePolicyReceiver mDevicePolicyReceiver = new DevicePolicyReceiver();
97    private final SparseBooleanArray mUserHasAuthenticatedSinceBoot = new SparseBooleanArray();
98    /* package */ final TrustArchive mArchive = new TrustArchive();
99    private final Context mContext;
100
101    private UserManager mUserManager;
102
103    public TrustManagerService(Context context) {
104        super(context);
105        mContext = context;
106        mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
107    }
108
109    @Override
110    public void onStart() {
111        publishBinderService(Context.TRUST_SERVICE, mService);
112    }
113
114    @Override
115    public void onBootPhase(int phase) {
116        if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY && !isSafeMode()) {
117            mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true);
118            mDevicePolicyReceiver.register(mContext);
119            refreshAgentList();
120        }
121    }
122
123    // Agent management
124
125    private static final class AgentInfo {
126        CharSequence label;
127        Drawable icon;
128        ComponentName component; // service that implements ITrustAgent
129        ComponentName settings; // setting to launch to modify agent.
130        TrustAgentWrapper agent;
131        int userId;
132
133        @Override
134        public boolean equals(Object other) {
135            if (!(other instanceof AgentInfo)) {
136                return false;
137            }
138            AgentInfo o = (AgentInfo) other;
139            return component.equals(o.component) && userId == o.userId;
140        }
141
142        @Override
143        public int hashCode() {
144            return component.hashCode() * 31 + userId;
145        }
146    }
147
148    private void updateTrustAll() {
149        List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
150        for (UserInfo userInfo : userInfos) {
151            updateTrust(userInfo.id);
152        }
153    }
154
155    public void updateTrust(int userId) {
156        dispatchOnTrustManagedChanged(aggregateIsTrustManaged(userId), userId);
157        dispatchOnTrustChanged(aggregateIsTrusted(userId), userId);
158    }
159
160    void refreshAgentList() {
161        if (DEBUG) Slog.d(TAG, "refreshAgentList()");
162        PackageManager pm = mContext.getPackageManager();
163
164        List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
165        LockPatternUtils lockPatternUtils = new LockPatternUtils(mContext);
166
167        ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>();
168        obsoleteAgents.addAll(mActiveAgents);
169
170        for (UserInfo userInfo : userInfos) {
171            DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
172            int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
173            final boolean disableTrustAgents =
174                    (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
175
176            List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id);
177            if (enabledAgents == null) {
178                continue;
179            }
180            List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,
181                    PackageManager.GET_META_DATA, userInfo.id);
182            for (ResolveInfo resolveInfo : resolveInfos) {
183                if (resolveInfo.serviceInfo == null) continue;
184
185                String packageName = resolveInfo.serviceInfo.packageName;
186                if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)
187                        != PackageManager.PERMISSION_GRANTED) {
188                    Log.w(TAG, "Skipping agent because package " + packageName
189                            + " does not have permission " + PERMISSION_PROVIDE_AGENT + ".");
190                    continue;
191                }
192
193                ComponentName name = getComponentName(resolveInfo);
194                if (!enabledAgents.contains(name)) continue;
195
196                if (disableTrustAgents) {
197                    List<String> features =
198                            dpm.getTrustAgentFeaturesEnabled(null /* admin */, name);
199                    // Disable agent if no features are enabled.
200                    if (features == null || features.isEmpty()) continue;
201                }
202
203                AgentInfo agentInfo = new AgentInfo();
204                agentInfo.component = name;
205                agentInfo.userId = userInfo.id;
206                if (!mActiveAgents.contains(agentInfo)) {
207                    agentInfo.label = resolveInfo.loadLabel(pm);
208                    agentInfo.icon = resolveInfo.loadIcon(pm);
209                    agentInfo.settings = getSettingsComponentName(pm, resolveInfo);
210                    agentInfo.agent = new TrustAgentWrapper(mContext, this,
211                            new Intent().setComponent(name), userInfo.getUserHandle());
212                    mActiveAgents.add(agentInfo);
213                } else {
214                    obsoleteAgents.remove(agentInfo);
215                }
216            }
217        }
218
219        boolean trustMayHaveChanged = false;
220        for (int i = 0; i < obsoleteAgents.size(); i++) {
221            AgentInfo info = obsoleteAgents.valueAt(i);
222            if (info.agent.isManagingTrust()) {
223                trustMayHaveChanged = true;
224            }
225            info.agent.unbind();
226            mActiveAgents.remove(info);
227        }
228
229        if (trustMayHaveChanged) {
230            updateTrustAll();
231        }
232    }
233
234    void updateDevicePolicyFeatures(int userId) {
235        for (int i = 0; i < mActiveAgents.size(); i++) {
236            AgentInfo info = mActiveAgents.valueAt(i);
237            if (info.agent.isConnected()) {
238                info.agent.updateDevicePolicyFeatures();
239            }
240        }
241    }
242
243    private void removeAgentsOfPackage(String packageName) {
244        boolean trustMayHaveChanged = false;
245        for (int i = mActiveAgents.size() - 1; i >= 0; i--) {
246            AgentInfo info = mActiveAgents.valueAt(i);
247            if (packageName.equals(info.component.getPackageName())) {
248                Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());
249                if (info.agent.isManagingTrust()) {
250                    trustMayHaveChanged = true;
251                }
252                info.agent.unbind();
253                mActiveAgents.removeAt(i);
254            }
255        }
256        if (trustMayHaveChanged) {
257            updateTrustAll();
258        }
259    }
260
261    public void resetAgent(ComponentName name, int userId) {
262        boolean trustMayHaveChanged = false;
263        for (int i = mActiveAgents.size() - 1; i >= 0; i--) {
264            AgentInfo info = mActiveAgents.valueAt(i);
265            if (name.equals(info.component) && userId == info.userId) {
266                Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());
267                if (info.agent.isManagingTrust()) {
268                    trustMayHaveChanged = true;
269                }
270                info.agent.unbind();
271                mActiveAgents.removeAt(i);
272            }
273        }
274        if (trustMayHaveChanged) {
275            updateTrust(userId);
276        }
277        refreshAgentList();
278    }
279
280    private ComponentName getSettingsComponentName(PackageManager pm, ResolveInfo resolveInfo) {
281        if (resolveInfo == null || resolveInfo.serviceInfo == null
282                || resolveInfo.serviceInfo.metaData == null) return null;
283        String cn = null;
284        XmlResourceParser parser = null;
285        Exception caughtException = null;
286        try {
287            parser = resolveInfo.serviceInfo.loadXmlMetaData(pm,
288                    TrustAgentService.TRUST_AGENT_META_DATA);
289            if (parser == null) {
290                Slog.w(TAG, "Can't find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data");
291                return null;
292            }
293            Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo);
294            AttributeSet attrs = Xml.asAttributeSet(parser);
295            int type;
296            while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
297                    && type != XmlPullParser.START_TAG) {
298                // Drain preamble.
299            }
300            String nodeName = parser.getName();
301            if (!"trust-agent".equals(nodeName)) {
302                Slog.w(TAG, "Meta-data does not start with trust-agent tag");
303                return null;
304            }
305            TypedArray sa = res
306                    .obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent);
307            cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity);
308            sa.recycle();
309        } catch (PackageManager.NameNotFoundException e) {
310            caughtException = e;
311        } catch (IOException e) {
312            caughtException = e;
313        } catch (XmlPullParserException e) {
314            caughtException = e;
315        } finally {
316            if (parser != null) parser.close();
317        }
318        if (caughtException != null) {
319            Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException);
320            return null;
321        }
322        if (cn == null) {
323            return null;
324        }
325        if (cn.indexOf('/') < 0) {
326            cn = resolveInfo.serviceInfo.packageName + "/" + cn;
327        }
328        return ComponentName.unflattenFromString(cn);
329    }
330
331    private ComponentName getComponentName(ResolveInfo resolveInfo) {
332        if (resolveInfo == null || resolveInfo.serviceInfo == null) return null;
333        return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name);
334    }
335
336    // Agent dispatch and aggregation
337
338    private boolean aggregateIsTrusted(int userId) {
339        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
340            return false;
341        }
342        for (int i = 0; i < mActiveAgents.size(); i++) {
343            AgentInfo info = mActiveAgents.valueAt(i);
344            if (info.userId == userId) {
345                if (info.agent.isTrusted()) {
346                    return true;
347                }
348            }
349        }
350        return false;
351    }
352
353    private boolean aggregateIsTrustManaged(int userId) {
354        if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
355            return false;
356        }
357        for (int i = 0; i < mActiveAgents.size(); i++) {
358            AgentInfo info = mActiveAgents.valueAt(i);
359            if (info.userId == userId) {
360                if (info.agent.isManagingTrust()) {
361                    return true;
362                }
363            }
364        }
365        return false;
366    }
367
368    private void dispatchUnlockAttempt(boolean successful, int userId) {
369        for (int i = 0; i < mActiveAgents.size(); i++) {
370            AgentInfo info = mActiveAgents.valueAt(i);
371            if (info.userId == userId) {
372                info.agent.onUnlockAttempt(successful);
373            }
374        }
375
376        if (successful && !mUserHasAuthenticatedSinceBoot.get(userId)) {
377            mUserHasAuthenticatedSinceBoot.put(userId, true);
378            updateTrust(userId);
379        }
380    }
381
382
383    private void requireCredentialEntry(int userId) {
384        if (userId == UserHandle.USER_ALL) {
385            mUserHasAuthenticatedSinceBoot.clear();
386            updateTrustAll();
387        } else {
388            mUserHasAuthenticatedSinceBoot.put(userId, false);
389            updateTrust(userId);
390        }
391    }
392
393    // Listeners
394
395    private void addListener(ITrustListener listener) {
396        for (int i = 0; i < mTrustListeners.size(); i++) {
397            if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {
398                return;
399            }
400        }
401        mTrustListeners.add(listener);
402    }
403
404    private void removeListener(ITrustListener listener) {
405        for (int i = 0; i < mTrustListeners.size(); i++) {
406            if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {
407                mTrustListeners.remove(i);
408                return;
409            }
410        }
411    }
412
413    private void dispatchOnTrustChanged(boolean enabled, int userId) {
414        for (int i = 0; i < mTrustListeners.size(); i++) {
415            try {
416                mTrustListeners.get(i).onTrustChanged(enabled, userId);
417            } catch (DeadObjectException e) {
418                Slog.d(TAG, "Removing dead TrustListener.");
419                mTrustListeners.remove(i);
420                i--;
421            } catch (RemoteException e) {
422                Slog.e(TAG, "Exception while notifying TrustListener.", e);
423            }
424        }
425    }
426
427    private void dispatchOnTrustManagedChanged(boolean managed, int userId) {
428        for (int i = 0; i < mTrustListeners.size(); i++) {
429            try {
430                mTrustListeners.get(i).onTrustManagedChanged(managed, userId);
431            } catch (DeadObjectException e) {
432                Slog.d(TAG, "Removing dead TrustListener.");
433                mTrustListeners.remove(i);
434                i--;
435            } catch (RemoteException e) {
436                Slog.e(TAG, "Exception while notifying TrustListener.", e);
437            }
438        }
439    }
440
441    // Plumbing
442
443    private final IBinder mService = new ITrustManager.Stub() {
444        @Override
445        public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException {
446            enforceReportPermission();
447            mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId)
448                    .sendToTarget();
449        }
450
451        @Override
452        public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException {
453            enforceReportPermission();
454            // coalesce refresh messages.
455            mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED);
456            mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED);
457        }
458
459        @Override
460        public void reportRequireCredentialEntry(int userId) throws RemoteException {
461            enforceReportPermission();
462            if (userId == UserHandle.USER_ALL || userId >= UserHandle.USER_OWNER) {
463                mHandler.obtainMessage(MSG_REQUIRE_CREDENTIAL_ENTRY, userId, 0).sendToTarget();
464            } else {
465                throw new IllegalArgumentException(
466                        "userId must be an explicit user id or USER_ALL");
467            }
468        }
469
470        @Override
471        public void registerTrustListener(ITrustListener trustListener) throws RemoteException {
472            enforceListenerPermission();
473            mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget();
474        }
475
476        @Override
477        public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException {
478            enforceListenerPermission();
479            mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();
480        }
481
482        private void enforceReportPermission() {
483            mContext.enforceCallingOrSelfPermission(
484                    Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
485        }
486
487        private void enforceListenerPermission() {
488            mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER,
489                    "register trust listener");
490        }
491
492        @Override
493        protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) {
494            mContext.enforceCallingPermission(Manifest.permission.DUMP,
495                    "dumping TrustManagerService");
496            final UserInfo currentUser;
497            final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
498            try {
499                currentUser = ActivityManagerNative.getDefault().getCurrentUser();
500            } catch (RemoteException e) {
501                throw new RuntimeException(e);
502            }
503            mHandler.runWithScissors(new Runnable() {
504                @Override
505                public void run() {
506                    fout.println("Trust manager state:");
507                    for (UserInfo user : userInfos) {
508                        dumpUser(fout, user, user.id == currentUser.id);
509                    }
510                }
511            }, 1500);
512        }
513
514        private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) {
515            fout.printf(" User \"%s\" (id=%d, flags=%#x)",
516                    user.name, user.id, user.flags);
517            if (isCurrent) {
518                fout.print(" (current)");
519            }
520            fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id)));
521            fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id)));
522            fout.println();
523            fout.println("   Enabled agents:");
524            boolean duplicateSimpleNames = false;
525            ArraySet<String> simpleNames = new ArraySet<String>();
526            for (AgentInfo info : mActiveAgents) {
527                if (info.userId != user.id) { continue; }
528                boolean trusted = info.agent.isTrusted();
529                fout.print("    "); fout.println(info.component.flattenToShortString());
530                fout.print("     bound=" + dumpBool(info.agent.isBound()));
531                fout.print(", connected=" + dumpBool(info.agent.isConnected()));
532                fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust()));
533                fout.print(", trusted=" + dumpBool(trusted));
534                fout.println();
535                if (trusted) {
536                    fout.println("      message=\"" + info.agent.getMessage() + "\"");
537                }
538                if (!info.agent.isConnected()) {
539                    String restartTime = TrustArchive.formatDuration(
540                            info.agent.getScheduledRestartUptimeMillis()
541                                    - SystemClock.uptimeMillis());
542                    fout.println("      restartScheduledAt=" + restartTime);
543                }
544                if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) {
545                    duplicateSimpleNames = true;
546                }
547            }
548            fout.println("   Events:");
549            mArchive.dump(fout, 50, user.id, "    " /* linePrefix */, duplicateSimpleNames);
550            fout.println();
551        }
552
553        private String dumpBool(boolean b) {
554            return b ? "1" : "0";
555        }
556    };
557
558    private final Handler mHandler = new Handler() {
559        @Override
560        public void handleMessage(Message msg) {
561            switch (msg.what) {
562                case MSG_REGISTER_LISTENER:
563                    addListener((ITrustListener) msg.obj);
564                    break;
565                case MSG_UNREGISTER_LISTENER:
566                    removeListener((ITrustListener) msg.obj);
567                    break;
568                case MSG_DISPATCH_UNLOCK_ATTEMPT:
569                    dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2);
570                    break;
571                case MSG_ENABLED_AGENTS_CHANGED:
572                    refreshAgentList();
573                    break;
574                case MSG_REQUIRE_CREDENTIAL_ENTRY:
575                    requireCredentialEntry(msg.arg1);
576                    break;
577            }
578        }
579    };
580
581    private final PackageMonitor mPackageMonitor = new PackageMonitor() {
582        @Override
583        public void onSomePackagesChanged() {
584            refreshAgentList();
585        }
586
587        @Override
588        public boolean onPackageChanged(String packageName, int uid, String[] components) {
589            // We're interested in all changes, even if just some components get enabled / disabled.
590            return true;
591        }
592
593        @Override
594        public void onPackageDisappeared(String packageName, int reason) {
595            removeAgentsOfPackage(packageName);
596        }
597    };
598
599    private class DevicePolicyReceiver extends BroadcastReceiver {
600
601        @Override
602        public void onReceive(Context context, Intent intent) {
603            if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(
604                    intent.getAction())) {
605                refreshAgentList();
606                updateDevicePolicyFeatures(getSendingUserId());
607            }
608        }
609
610        public void register(Context context) {
611            context.registerReceiverAsUser(this,
612                    UserHandle.ALL,
613                    new IntentFilter(
614                            DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
615                    null /* permission */,
616                    null /* scheduler */);
617        }
618    }
619}
620