TrustAgentService.java revision 7861c663fd64af33ec2a4c5ad653c806dc8bd994
1ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos/** 2ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * Copyright (C) 2014 The Android Open Source Project 3ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 4ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * Licensed under the Apache License, Version 2.0 (the "License"); 5ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * you may not use this file except in compliance with the License. 6ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * You may obtain a copy of the License at 7ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 8ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * http://www.apache.org/licenses/LICENSE-2.0 9ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 10ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * Unless required by applicable law or agreed to in writing, software 11ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * distributed under the License is distributed on an "AS IS" BASIS, 12ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * See the License for the specific language governing permissions and 14ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * limitations under the License. 15ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 16ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 17ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roospackage android.service.trust; 18ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 19cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roosimport android.Manifest; 20ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.annotation.SdkConstant; 21a06d5ca1d96af3555ad4e384994e6321a0c5bb9cAdrian Roosimport android.annotation.SystemApi; 22ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.app.Service; 23604e7558ef32098644b2f9456d7743a07ae789dcJim Millerimport android.app.admin.DevicePolicyManager; 24cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roosimport android.content.ComponentName; 25ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.content.Intent; 26cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roosimport android.content.pm.PackageManager; 27cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roosimport android.content.pm.ServiceInfo; 28604e7558ef32098644b2f9456d7743a07ae789dcJim Millerimport android.os.Bundle; 29ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.os.Handler; 30ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.os.IBinder; 31ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.os.RemoteException; 32cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roosimport android.util.Log; 33ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roosimport android.util.Slog; 34ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 35ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos/** 36ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * A service that notifies the system about whether it believes the environment of the device 37ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * to be trusted. 38ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 3918ea893a2319e2a192188d2288bb881149c9b06eAdrian Roos * <p>Trust agents may only be provided by the platform.</p> 4018ea893a2319e2a192188d2288bb881149c9b06eAdrian Roos * 41ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <p>To extend this class, you must declare the service in your manifest file with 427e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos * the {@link android.Manifest.permission#BIND_TRUST_AGENT} permission 43ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * and include an intent filter with the {@link #SERVICE_INTERFACE} action. For example:</p> 44ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <pre> 45ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <service android:name=".TrustAgent" 46ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * android:label="@string/service_name" 477e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos * android:permission="android.permission.BIND_TRUST_AGENT"> 48ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <intent-filter> 49ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <action android:name="android.service.trust.TrustAgentService" /> 50ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * </intent-filter> 51ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <meta-data android:name="android.service.trust.trustagent" 52ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * android:value="@xml/trust_agent" /> 53ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * </service></pre> 54ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 55ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <p>The associated meta-data file can specify an activity that is accessible through Settings 56ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * and should allow configuring the trust agent, as defined in 57ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * {@link android.R.styleable#TrustAgent}. For example:</p> 58ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 59ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * <pre> 607e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos * <trust-agent xmlns:android="http://schemas.android.com/apk/res/android" 61ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * android:settingsActivity=".TrustAgentSettings" /></pre> 62a06d5ca1d96af3555ad4e384994e6321a0c5bb9cAdrian Roos * 63a06d5ca1d96af3555ad4e384994e6321a0c5bb9cAdrian Roos * @hide 64ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 65a06d5ca1d96af3555ad4e384994e6321a0c5bb9cAdrian Roos@SystemApi 66ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roospublic class TrustAgentService extends Service { 67ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos private final String TAG = TrustAgentService.class.getSimpleName() + 68ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos "[" + getClass().getSimpleName() + "]"; 697861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private static final boolean DEBUG = false; 707861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 717861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // Temporary workaround to allow current trust agent implementations to continue working. 727861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // This and the code guarded by this should be removed before shipping. 737861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // If true, calls setManagingTrust(true) after onCreate, if it wasn't already set. 747861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // TODO: Remove this once all agents are updated. 757861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private static final boolean SET_MANAGED_FOR_LEGACY_AGENTS = true; 76ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 77ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos /** 78ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * The {@link Intent} that must be declared as handled by the service. 79ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 80ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos @SdkConstant(SdkConstant.SdkConstantType.SERVICE_ACTION) 81ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos public static final String SERVICE_INTERFACE 82ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos = "android.service.trust.TrustAgentService"; 83ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 84ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos /** 85ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * The name of the {@code meta-data} tag pointing to additional configuration of the trust 86ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * agent. 87ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 88ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos public static final String TRUST_AGENT_META_DATA = "android.service.trust.trustagent"; 89ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 90604e7558ef32098644b2f9456d7743a07ae789dcJim Miller /** 91604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * A white list of features that the given trust agent should support when otherwise disabled 92604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * by device policy. 93604e7558ef32098644b2f9456d7743a07ae789dcJim Miller */ 94604e7558ef32098644b2f9456d7743a07ae789dcJim Miller public static final String KEY_FEATURES = "trust_agent_features"; 95604e7558ef32098644b2f9456d7743a07ae789dcJim Miller 96ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos private static final int MSG_UNLOCK_ATTEMPT = 1; 97ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 98ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos private ITrustAgentServiceCallback mCallback; 99ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 1004f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli private Runnable mPendingGrantTrustTask; 1014f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli 1027861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private boolean mManagingTrust; 1037861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 1044f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli // Lock used to access mPendingGrantTrustTask and mCallback. 1054f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli private final Object mLock = new Object(); 1064f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli 107ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos private Handler mHandler = new Handler() { 108ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos public void handleMessage(android.os.Message msg) { 109ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos switch (msg.what) { 110ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos case MSG_UNLOCK_ATTEMPT: 111ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos onUnlockAttempt(msg.arg1 != 0); 112ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos break; 113ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 114ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos }; 115ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos }; 116ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 117cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos @Override 118cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos public void onCreate() { 1197861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // TODO: Remove this once all agents are updated. 1207861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (SET_MANAGED_FOR_LEGACY_AGENTS) { 1217861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos setManagingTrust(true); 1227861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 1237861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 124cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos super.onCreate(); 125cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos ComponentName component = new ComponentName(this, getClass()); 126cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos try { 127cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos ServiceInfo serviceInfo = getPackageManager().getServiceInfo(component, 0 /* flags */); 128cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos if (!Manifest.permission.BIND_TRUST_AGENT.equals(serviceInfo.permission)) { 129cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos throw new IllegalStateException(component.flattenToShortString() 130cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos + " is not declared with the permission " 131cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos + "\"" + Manifest.permission.BIND_TRUST_AGENT + "\""); 132cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos } 133cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos } catch (PackageManager.NameNotFoundException e) { 134cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos Log.e(TAG, "Can't get ServiceInfo for " + component.toShortString()); 135cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos } 136cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos } 137cb9fbc3a30b562a61e316af54fb0aa1d26ce0a73Adrian Roos 138ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos /** 139ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * Called when the user attempted to authenticate on the device. 140ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 141ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * @param successful true if the attempt succeeded 142ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 1437e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos public void onUnlockAttempt(boolean successful) { 144ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 145ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 146ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos private void onError(String msg) { 147ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos Slog.v(TAG, "Remote exception while " + msg); 148ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 149ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 150ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos /** 151604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * Called when device policy wants to restrict features in the TrustAgent in response to 152604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * {@link DevicePolicyManager#setTrustAgentFeaturesEnabled(ComponentName, ComponentName, java.util.List) }. 153604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * TrustAgents that support this feature should overload this method and return 'true'. 154604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * 155604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * The list of options can be obtained by calling 156604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * options.getStringArrayList({@link #KEY_FEATURES}). Presence of a feature string in the list 157604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * means it should be enabled ("white-listed"). Absence of the feature means it should be 158604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * disabled. An empty list means all features should be disabled. 159604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * 160604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * This function is only called if {@link DevicePolicyManager#KEYGUARD_DISABLE_TRUST_AGENTS} is 161604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * set. 162604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * 163604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * @param options Option feature bundle. 164604e7558ef32098644b2f9456d7743a07ae789dcJim Miller * @return true if the {@link #TrustAgentService()} supports this feature. 165604e7558ef32098644b2f9456d7743a07ae789dcJim Miller */ 166604e7558ef32098644b2f9456d7743a07ae789dcJim Miller public boolean onSetTrustAgentFeaturesEnabled(Bundle options) { 167604e7558ef32098644b2f9456d7743a07ae789dcJim Miller return false; 168604e7558ef32098644b2f9456d7743a07ae789dcJim Miller } 169604e7558ef32098644b2f9456d7743a07ae789dcJim Miller 170604e7558ef32098644b2f9456d7743a07ae789dcJim Miller /** 1717e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos * Call to grant trust on the device. 172ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * 173ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * @param message describes why the device is trusted, e.g. "Trusted by location". 174ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * @param durationMs amount of time in milliseconds to keep the device in a trusted state. Trust 175ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * for this agent will automatically be revoked when the timeout expires. 176ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * @param initiatedByUser indicates that the user has explicitly initiated an action that proves 177ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * the user is about to use the device. 1787861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * @throws IllegalStateException if the agent is not currently managing trust. 179ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 1804f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli public final void grantTrust( 1814f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli final CharSequence message, final long durationMs, final boolean initiatedByUser) { 1824f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli synchronized (mLock) { 1837861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (!mManagingTrust) { 1847861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos throw new IllegalStateException("Cannot grant trust if agent is not managing trust." 1857861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos + " Call setManagingTrust(true) first."); 1867861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 1874f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli if (mCallback != null) { 1884f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli try { 1894f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mCallback.grantTrust(message.toString(), durationMs, initiatedByUser); 1904f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } catch (RemoteException e) { 1914f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli onError("calling enableTrust()"); 1924f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } 1934f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } else { 1944f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli // Remember trust has been granted so we can effectively grant it once the service 1954f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli // is bound. 1964f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mPendingGrantTrustTask = new Runnable() { 1974f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli @Override 1984f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli public void run() { 1994f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli grantTrust(message, durationMs, initiatedByUser); 2004f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } 2014f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli }; 202ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 203ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 204ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 205ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 206ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos /** 207ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos * Call to revoke trust on the device. 208ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos */ 2097e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos public final void revokeTrust() { 2104f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli synchronized (mLock) { 2114f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli if (mPendingGrantTrustTask != null) { 2124f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mPendingGrantTrustTask = null; 2134f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } 2144f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli if (mCallback != null) { 2154f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli try { 2164f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mCallback.revokeTrust(); 2174f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } catch (RemoteException e) { 2184f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli onError("calling revokeTrust()"); 2194f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } 220ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 221ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 222ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 223ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 2247861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos /** 2257861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * Call to notify the system if the agent is ready to manage trust. 2267861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * 2277861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * This property is not persistent across recreating the service and defaults to false. 2287861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * Therefore this method is typically called when initializing the agent in {@link #onCreate}. 2297861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * 2307861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos * @param managingTrust indicates if the agent would like to manage trust. 2317861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos */ 2327861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos public final void setManagingTrust(boolean managingTrust) { 2337861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos synchronized (mLock) { 2347861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (mManagingTrust != managingTrust) { 2357861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mManagingTrust = managingTrust; 2367861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (mCallback != null) { 2377861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos try { 2387861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mCallback.setManagingTrust(managingTrust); 2397861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (RemoteException e) { 2407861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos onError("calling setManagingTrust()"); 2417861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2427861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2437861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2447861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2457861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2467861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 247ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos @Override 248ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos public final IBinder onBind(Intent intent) { 249ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos if (DEBUG) Slog.v(TAG, "onBind() intent = " + intent); 250ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos return new TrustAgentServiceWrapper(); 251ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 252ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 253ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos private final class TrustAgentServiceWrapper extends ITrustAgentService.Stub { 254ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos @Override 255ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos public void onUnlockAttempt(boolean successful) { 256ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos mHandler.obtainMessage(MSG_UNLOCK_ATTEMPT, successful ? 1 : 0, 0) 257ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos .sendToTarget(); 258ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 259ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 260604e7558ef32098644b2f9456d7743a07ae789dcJim Miller @Override 261ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos public void setCallback(ITrustAgentServiceCallback callback) { 2624f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli synchronized (mLock) { 2634f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mCallback = callback; 2647861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // The managingTrust property is false implicitly on the server-side, so we only 2657861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos // need to set it here if the agent has decided to manage trust. 2667861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (mManagingTrust) { 2677861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos try { 2687861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mCallback.setManagingTrust(mManagingTrust); 2697861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (RemoteException e ) { 2707861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos onError("calling setManagingTrust()"); 2717861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2727861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 2734f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli if (mPendingGrantTrustTask != null) { 2744f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mPendingGrantTrustTask.run(); 2754f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli mPendingGrantTrustTask = null; 2764f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } 2774f22777efb6dc99b61c664b39b4087fe89f0c050Jay Civelli } 278ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 279604e7558ef32098644b2f9456d7743a07ae789dcJim Miller 280604e7558ef32098644b2f9456d7743a07ae789dcJim Miller @Override 281604e7558ef32098644b2f9456d7743a07ae789dcJim Miller public boolean setTrustAgentFeaturesEnabled(Bundle features) { 282604e7558ef32098644b2f9456d7743a07ae789dcJim Miller synchronized (mLock) { 283604e7558ef32098644b2f9456d7743a07ae789dcJim Miller return onSetTrustAgentFeaturesEnabled(features); 284604e7558ef32098644b2f9456d7743a07ae789dcJim Miller } 285604e7558ef32098644b2f9456d7743a07ae789dcJim Miller } 286ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos } 287ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos 288ff2144ccb4215acf4587fc628493b3d49dca6043Adrian Roos} 289