182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/* 282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Copyright (C) 2014 The Android Open Source Project 382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Licensed under the Apache License, Version 2.0 (the "License"); 582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * you may not use this file except in compliance with the License. 682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * You may obtain a copy of the License at 782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * http://www.apache.org/licenses/LICENSE-2.0 982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 1082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Unless required by applicable law or agreed to in writing, software 1182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * distributed under the License is distributed on an "AS IS" BASIS, 1282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * See the License for the specific language governing permissions and 1482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * limitations under the License 1582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 1682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospackage android.app.trust; 1882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roosimport android.annotation.IntDef; 2082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Handler; 2182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.IBinder; 2282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Looper; 2382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Message; 2482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.RemoteException; 25b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roosimport android.os.UserHandle; 2682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.ArrayMap; 2782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Log; 28b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roosimport android.util.SparseIntArray; 29b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 30b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roosimport java.lang.annotation.Retention; 31b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roosimport java.lang.annotation.RetentionPolicy; 3282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 3382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/** 3482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * See {@link com.android.server.trust.TrustManagerService} 3582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * @hide 3682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 3782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospublic class TrustManager { 3882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 3982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_TRUST_CHANGED = 1; 407861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private static final int MSG_TRUST_MANAGED_CHANGED = 2; 4182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 4282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final String TAG = "TrustManager"; 4394e15a59b757678949cccb5d783bee1638e84697Adrian Roos private static final String DATA_FLAGS = "initiatedByUser"; 4482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 4582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final ITrustManager mService; 4682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final ArrayMap<TrustListener, ITrustListener> mTrustListeners; 4782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 4882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public TrustManager(IBinder b) { 4982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mService = ITrustManager.Stub.asInterface(b); 5082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mTrustListeners = new ArrayMap<TrustListener, ITrustListener>(); 5182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 5282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 5382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos /** 5482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Reports that user {@param userId} has tried to unlock the device. 5582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 5682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * @param successful if true, the unlock attempt was successful. 5782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 5882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 5982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 6082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportUnlockAttempt(boolean successful, int userId) { 6182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 6282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mService.reportUnlockAttempt(successful, userId); 6382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 6482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos onError(e); 6582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 6682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 6782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 6882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos /** 6982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Reports that the list of enabled trust agents changed for user {@param userId}. 7082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 7182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 7282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 7382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportEnabledTrustAgentsChanged(int userId) { 7482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 7582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mService.reportEnabledTrustAgentsChanged(userId); 7682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 7782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos onError(e); 7882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 7982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 8082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 8182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos /** 82481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos * Reports that the visibility of the keyguard has changed. 83481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos * 84481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 85481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos */ 86481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void reportKeyguardShowingChanged() { 87481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos try { 88481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mService.reportKeyguardShowingChanged(); 89481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } catch (RemoteException e) { 90481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos onError(e); 91481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 92481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 93481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 94481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos /** 9582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Registers a listener for trust events. 9682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 9782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 9882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 9982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void registerTrustListener(final TrustListener trustListener) { 10082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 10182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ITrustListener.Stub iTrustListener = new ITrustListener.Stub() { 10282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 10394e15a59b757678949cccb5d783bee1638e84697Adrian Roos public void onTrustChanged(boolean enabled, int userId, int flags) { 1043c9a3501651aa8ad4f289e89119a6c0b4bdaf78aAdrian Roos Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId, 1053c9a3501651aa8ad4f289e89119a6c0b4bdaf78aAdrian Roos trustListener); 10694e15a59b757678949cccb5d783bee1638e84697Adrian Roos if (flags != 0) { 10794e15a59b757678949cccb5d783bee1638e84697Adrian Roos m.getData().putInt(DATA_FLAGS, flags); 1083c9a3501651aa8ad4f289e89119a6c0b4bdaf78aAdrian Roos } 1093c9a3501651aa8ad4f289e89119a6c0b4bdaf78aAdrian Roos m.sendToTarget(); 11082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 1117861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 1127861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos @Override 1133c9a3501651aa8ad4f289e89119a6c0b4bdaf78aAdrian Roos public void onTrustManagedChanged(boolean managed, int userId) { 1147861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId, 1157861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos trustListener).sendToTarget(); 1167861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 11782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 11882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mService.registerTrustListener(iTrustListener); 11982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mTrustListeners.put(trustListener, iTrustListener); 12082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 12182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos onError(e); 12282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 12382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 12482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 12582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos /** 12682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Unregisters a listener for trust events. 12782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 12882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 12982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 13082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void unregisterTrustListener(final TrustListener trustListener) { 13182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ITrustListener iTrustListener = mTrustListeners.remove(trustListener); 13282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (iTrustListener != null) { 13382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 13482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mService.unregisterTrustListener(iTrustListener); 13582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 13682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos onError(e); 13782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 13882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 13982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 14182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void onError(Exception e) { 14282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Log.e(TAG, "Error while calling TrustManagerService", e); 14382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 14582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Handler mHandler = new Handler(Looper.getMainLooper()) { 14682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 14782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void handleMessage(Message msg) { 14882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos switch(msg.what) { 14982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_TRUST_CHANGED: 15094e15a59b757678949cccb5d783bee1638e84697Adrian Roos int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0; 15194e15a59b757678949cccb5d783bee1638e84697Adrian Roos ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags); 15282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 1537861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos case MSG_TRUST_MANAGED_CHANGED: 1547861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2); 15582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 15682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 15782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 15882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 15982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public interface TrustListener { 16082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 16182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos /** 16282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Reports that the trust state has changed. 16382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * @param enabled if true, the system believes the environment to be trusted. 16482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * @param userId the user, for which the trust changed. 16594e15a59b757678949cccb5d783bee1638e84697Adrian Roos * @param flags flags specified by the trust agent when granting trust. See 16694e15a59b757678949cccb5d783bee1638e84697Adrian Roos * {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int) 16794e15a59b757678949cccb5d783bee1638e84697Adrian Roos * TrustAgentService.grantTrust(CharSequence, long, int)}. 16882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 16994e15a59b757678949cccb5d783bee1638e84697Adrian Roos void onTrustChanged(boolean enabled, int userId, int flags); 1707861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 1717861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos /** 1727861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * Reports that whether trust is managed has changed 1737861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * @param enabled if true, at least one trust agent is managing trust. 1747861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * @param userId the user, for which the state changed. 1757861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos */ 1767861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos void onTrustManagedChanged(boolean enabled, int userId); 17782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 17882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos} 179