• Home
  • History
  • Annotate
  • only in /frameworks/base/services/core/java/com/android/server/trust/
History log of /frameworks/base/services/core/java/com/android/server/trust/
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
5277deaa591cabb163fa7ad0b139219c3f13313c 18-May-2017 Jorim Jaggi <jjaggi@google.com> Fix ordering of notifying dismiss callback

Otherwise all unlocks will result in onDismissCancelled.

Also fixes a race condition bug where we call
reportKeyguardShowingChanged but we don't wait until the state is
updated. Then, we called onDismissSucceeded such that
KeyguardManager.isDeviceLocked would still return true. Fix this
by waiting for the message to be processed.

Note that delays shouldn't be a problem here as we are soon
calling reportKeyguardShowingChanged from the UiOffloadThread.

Test: KeyguardLockedTests
Change-Id: I0b312a5f02be3a3d1028d8bf0cd1b8e6a33476ce
Fixes: 38219395
rustManagerService.java
b884bb28b1416f8d0d93403eeac11af74b9f9968 03-May-2017 Adrian Roos <roosa@google.com> TrustManagerService: Fix service binding leak

Fixes an issue where TrustAgentWrapper was created too early.
If we later decide to not actually start that agent, it is already
bound to, and then we just drop the TrustAgentWrapper class, never
unbinding.

In addition, this can also create a rebind loop where we are constantly
trying to rebind to the trust agent.

Bug: 37853858
Test: force-lock, observe that trust agents are properly unbound and not constantly trying to rebind
Change-Id: I4d383f9cb499874803a7f024915baf85b3682631
rustManagerService.java
fe9a53bc45fd0124a876dc0a49680aaf86641d3e 31-Mar-2017 Jeff Sharkey <jsharkey@android.com> Consistent dump() permission checking.

This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
rustManagerService.java
44196d3136e3f6d2eba6cef347d516bcd8f8a321 18-Feb-2017 Lingjun Li <lingjunl@google.com> Null check before calling TrustAgentService and throw Security exception if the API is not allowed.
Test: manual

Change-Id: I5dfe6bc4347459e0e4349c7624afdde86fce0000
rustAgentWrapper.java
93a145f6880f71332b8288774671392259a9b6df 24-Jan-2017 Lingjun Li <lingjunl@google.com> Add escrow token APIs to TrustAgentService
Security review: b/31273740
Design doc: go/auto_login
Test: manual
Change-Id: Ib11d4146135a58f1dc451ae8e081977a8f8e6ace
rustAgentWrapper.java
rustManagerService.java
327323d2b337077433fe02438a79cc98e91799e3 12-Jan-2017 Zachary Iqbal <zacharyi@google.com> Added an onDeviceUnlockLockout callback to TrustAgentService.

Test: Manually tested onDeviceUnlockLockout being called with an actual
TestAgentService implementation.

Notes:
- Active Trust Agents are no longer killed/unbinded from when a temporary
device lockout occurs. Instead, the onDeviceUnlockLockout callback of
the agent is called.

Change-Id: Ifa0984d1d7e5153568334d736e9ebd5a00ef1297
Bug: 34198873
rustAgentWrapper.java
rustManagerService.java
85a63bc1a06870b5a86926b0bce94a2bf559e3f0 24-Oct-2016 Andrew Scull <ascull@google.com> Evict CE key on request and when work mode is turned off.

DPMS.lockNow takes a flag which can request the managed profile CE key to
be evicted.

Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: I68f4d6eed4b041c39fd13375f7f284f5d6ac33da
rustManagerService.java
20914d79393aead044848a337ff4f802e4afb48e 15-Nov-2016 Lingjun Li <lingjunl@google.com> Adding unlockProfile to trust-agent meta data and makes TrustAgent runnable under direct boot

Test: manual
Change-Id: I1f0ccafac08be2cc3f4540232e764ef21d4fed38
rustManagerService.java
dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0 11-Nov-2016 Sudheer Shanka <sudheersai@google.com> Update usage of ActivityManagerNative.

- Remove references to ActivityManagerProxy.
- Add isSystemReady to ActivityManager.

Bug: 30977067
Test: cts/hostsidetests/services/activityandwindowmanager/util/run-test android.server.cts
adb shell am instrument -e class com.android.server.am.ActivityManagerTest,com.android.server.am.TaskStackChangedListenerTest \
-w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I07390b6124fb1515821f5c0b37baf6ae74adc8fa
rustManagerService.java
ae025828bba3328c6fc958154348c297b4c3e4e8 03-Nov-2016 Adrian Roos <roosa@google.com> Trust: Add missing cleanup upon removing user

Change-Id: I4a1d9d38344aea54d1f0ae6d6834a45b2e73cb1c
Fixes: 31995569
rustManagerService.java
92b83c6495abb3c091474b3a2f16dcbd949d6da7 31-Aug-2016 Robin Lee <rgl@google.com> Redact work notifications separately from personal

This will strictly decrease the set of cases where work notifications
can be shown.

They will continue to honour the parent profile's settings, but will
also get redacted/hidden if the work profile has stricter settings
than the parent or when the parent is unlocked but the profile is still
locked.

Bug: 31001762
Change-Id: I2152631dbb8beb7a9899d6406b05f4447d757010
rustManagerService.java
e07813326b59ec1ce359c9650f5539f6283c2592 19-Aug-2016 Rubin Xu <rubinxu@google.com> Add missing clearCallingIdentity

Bug: 30728557
Change-Id: Ie978b63cd60ae419d5e3171918badad3a89fcca0
rustManagerService.java
83a15bca70884e3dcbf7d4ee23492fe531374ee7 10-Aug-2016 Rubin Xu <rubinxu@google.com> Set DeviceLockedForUser state synchronously

Setting DeviceLockedForUser on the handler thread will lead to a race
condition where an immedidate read might see a stale value.

Bug: 30728557
Change-Id: Id9d510d7ad4dbcde6344a044e45f4b2feac19257
rustManagerService.java
367e0761c5af88b3b82ffd1c62bad374f40514e0 11-Aug-2016 Adrian Roos <roosa@google.com> Only disable trust agents after lockout am: 9d6fc9246b am: 73b2f5981e
am: bbf52f2e85

Change-Id: I4606854b24313cc8231aaa0ce3ea33ea909f68b0
9d6fc9246ba0b726872a6a8dabe6c334292c3a10 11-Aug-2016 Adrian Roos <roosa@google.com> Only disable trust agents after lockout

Previously trust agents would be disabled even after one
wrong attempt. Now we wait for the cooldown (usually 5 attempts),
the same as fingerprint.

Also adds a TrustArchive entry of when device policy changes are sent to
trust agents.

Bug: 30037948
Change-Id: I9e284d994ddae45ef66b5b8b601297c63d8ba667
rustArchive.java
rustManagerService.java
5d639783a3619ef5f70af31b4ed420455d1e7329 21-Jul-2016 Adrian Roos <roosa@google.com> TrustAgents: Improve debug logging

Bug: 30037948
Change-Id: If374c6d4b4fb6e5341986dc42a2f7debb60a4955
rustAgentWrapper.java
rustManagerService.java
605733b09a187b1d520ebe125d6a03ef04c303b5 20-May-2016 Xiaohui Chen <xiaohuic@google.com> Initialize device locked state during boot

Bug: 28682128
Change-Id: I4d56d6935b5f122b5eb8c33cfdb6e21f9c71807e
(cherry picked from commit 91df2a912af717176f5b6238741071222d60d5c7)
rustManagerService.java
68771eb837b0a7b94c120a450624d392496413ce 03-May-2016 Adrian Roos <roosa@google.com> Fix Trust Agent discovery for FBE

Trust agent discovery happens earlier than unlocking the user's
key for file based encryption (FBE), so we need to explicitly
also ask for non-direct-boot-aware packages.

Additionally, never run trust agents for a user that hasn't been
unlocked yet.

Change-Id: Ice8a6510f163508abecfd83d627658f7aaa5107f
Fixes: 28537596
rustManagerService.java
428fdd104c6877889da1af2d35af41d5c14833c9 15-Apr-2016 Nicolas Prévot <nprevot@google.com> Merge "Call notifyLockedProfile in TrustManagerService instead of KeyguardViewMediator." into nyc-dev
c662898a182ca8f13d73b71649feeeeceb574edd 14-Apr-2016 Nicolas Prevot <nprevot@google.com> Call notifyLockedProfile in TrustManagerService instead of KeyguardViewMediator.

Setting the profile as locked is not synchronous.
In some cases, KeyguardViewMediator called notifyLockedProfile before
TrustManagerService had actually marked the profile as locked.

BUG:28161912

Change-Id: Ic2ad302c74806ae368d56050eb31503a8ef0bd38
rustManagerService.java
4ab7e595a5deef72448da950f2f973bc0c90fe18 14-Apr-2016 Adrian Roos <roosa@google.com> StrongAuthTracker: Don't rely on USER_PRESENT

USER_PRESENT is sent via the background queue. A delay
there can cause us not to recognize that the user has
unlocked and prompt for the credential again, when trust
or fingerprint would be sufficient.

Also removes an obsolete reference to USER_PRESENT from
TrustManagerService.

Change-Id: Ie8d1a180170df5f0c8f9e71660504fd71eeacd99
Fixes: 27830458
rustManagerService.java
035e92447084b96ef2c9125e77105c237e20bad3 18-Mar-2016 Ricky Wai <rickywai@google.com> Fix work profile screen timeout policy

Settings screen should apply both primary and managed maximum
timeout policy, even separate profile challenge is enabled.

Bug: 27493348
Change-Id: Ia1ec1cafc7665c54816833af64e0f446a77a55b2
rustAgentWrapper.java
517b3a4d9f76e4e351632b442f2fc68bd8100c46 03-Mar-2016 Adrian Roos <roosa@google.com> Start trust agents earlier on successful unlocks

Frequently, trust agents are not running because
a successful unlock is required for them to start.

Unfortunately, that means they were not able to receive the
successful unlock. To fix this, we'll now override
StrongAuth requirements and start agents early if we
detect a successful unlock.

Bug: 23021202
Change-Id: Ie85f78d9ce2823dd5c9b6215a52db069fb796d91
rustAgentWrapper.java
rustManagerService.java
a7aa4d6f0b91e050c083c19459b0c8b265c92617 20-Jan-2016 Rakesh Iyer <rni@google.com> Allow smart unlock right after boot.

This change enables relaxing the constraint by which
strong authentication is needed after device reboot.

There are very limited use cases where this might be
safe, one of which is in a car. Cars head units usually
are protected physically by the car and have hardware
anti-theft mechanisms so we can potentially allow for
Android to allow users to use smart unlock to avoid the
lockscreen just after boot.

This change adds in a config flag that sets the default
trust flags, which can be set to allow smart unlock after
boot for car head units.

Bug: 26559008
Change-Id: Id6338a97b617ddaf3d2fae5d51235429a42b81cc
rustManagerService.java
c13723f22e476b4558061942c001ee62eaca79e4 12-Jan-2016 Adrian Roos <roosa@google.com> Improved trust error messaging (1/2)

Tracks why trust agents are disabled and shows
a generic message on the keyguard. Dedicated strings
in follow-up.

Bug: 22704995
Change-Id: Ibb4fd9c9386c4dc12f0734004502b9a9cc6ded79
rustManagerService.java
078e91b03a14b9e84f811a9941ca412f5d281dab 15-Jan-2016 Clara Bayarri <clarabayarri@google.com> Fix crash in KeyguardManager.isDeviceLocked

A missing clearCallingIdentity was causing crashes when
isDeviceLocked is queried.

Bug: 26576080
Change-Id: I2d78e803873a02861335a95b1bbf13a4d9b45655
rustManagerService.java
00a9b890853e9660dde5854fe786b80f6c3e616c 13-Jan-2016 Clara Bayarri <clarabayarri@google.com> Protect TrustManager.setDeviceLockedForUser with permission

Bug: 26535793
Change-Id: I172f1ec7d9285213ecd70564728c7328a3a675ff
rustManagerService.java
8d35de84456cec0c0e0c340d6444dcd4f46663b8 12-Jan-2016 Clara Bayarri <clarabayarri@google.com> Fix missing MANAGE_USER error on calls to isDeviceSecure

A poorly placed clear identity was causing some crashes as
apps were required to have the MANAGE_USERS permission to
query if the current user is secured.

Change-Id: I1120b1e4405e78389fcbcb3e7d1dba8c80500da3
rustManagerService.java
a1771110d67fa7361f92d92f2e91019882ce3305 18-Dec-2015 Clara Bayarri <clarabayarri@google.com> Create Work Challenge per-user condition

Change the current static condition to a per-user condition so we
can check and enable/disable the work challenge properly. Also add
an isAllowed API, as the Work Challenge can only be used when the
user's DPC targets N or above to maintain backwards compatibility.

Change-Id: I0cb8b475838816801868ffb24726407aa257b4de
rustManagerService.java
b3987bd7e9d9ed6e2b336c239b1d8019f8ffe073 19-Nov-2015 Clara Bayarri <clarabayarri@google.com> Make ConfirmCredentials take user into account when creating intent

The existing implementation returned null if the device was not locked,
but when using ConfirmCredentials for the Work Profile we need to take into
account the user we want to confirm credentials for, given that the device
user might not have a lock but the work profile will.

Change-Id: Ifb5882846b0a62c73ac7cc04d90d1a4d9b103e63
rustManagerService.java
10ad84a17d7248488c1653bacc9f20d3a7193999 01-Dec-2015 Clara Bayarri <clarabayarri@google.com> Create a separate Work Challenge check

This allows us to tell lock checks from FBE checks separately,
and will be useful when dealing with password unification.

Change-Id: Ifbea425f749fee4d6d51faddd8b64bf717a1a5f8
rustManagerService.java
56878a93989a49538fabccfb7218face645030bf 29-Oct-2015 Clara Bayarri <clarabayarri@google.com> Create work challenge timeout

The work challenge should be locked whenever the device goes to sleep + admin
timeout or when the power button is pressed if the lock setting is on.

This change creates the infrastructure to lock a specific user instead of the
device and uses it in these cases. Then, the current code that brings up the
work challenge can check to only show it if the user is locked.

Change-Id: I89b4342b1458d97734d7afa66be52bf04ec3a3d4
rustManagerService.java
e3b07451c3ca7064cb70f1829cf35963cba74bd8 22-Aug-2015 Adrian Roos <roosa@google.com> resolved conflicts for merge of bcc26c02 to master

Change-Id: I4260ff0d090cfa9741fd3adcfcadcbbff6839388
b5e4722891e7bbf2fffcd995af02838667a3abab 15-Aug-2015 Adrian Roos <roosa@google.com> Add StrongAuthTracker

Bug: 22846469
Bug: 22115393
Change-Id: I6ef5322d02e540fc043e7f20d3aabf595ce7c224
rustManagerService.java
10fe83a9b9fd4e9d1a560dfaf6505de7f14f9d67 19-Aug-2015 Jim Miller <jaggies@google.com> am 8978d9ac: am 309fef16: am e11fbc08: am 33a5c807: resolved conflicts for merge of 448216e7 to mnc-dr-dev

* commit '8978d9acbaaa89be3c14ed758e7c8a8d06071779':
Revert "Disable fingerprint when remotely reset by DPM"
deb050706c5964800461333881b48ebb7329c536 18-Aug-2015 Jim Miller <jaggies@google.com> Revert "Disable fingerprint when remotely reset by DPM"

This reverts commit 8ae1be120806d0189f65a492004a7b5416aa6c6f.

Fixes bug 23187090

Change-Id: Idd9798895b08618f7d272b818818a45d3c9dc7d2
rustManagerService.java
86fff063eb3014ec96b05ca3ff1cc341210b3a05 07-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Merge "Clean up USER_OWNER in TrustManagerService"
4f50d59580983c90accfc3bfff1930a81fecbdfd 06-Aug-2015 Jim Miller <jaggies@google.com> am 40fa4070: am 4a66bbf7: am 5f96eb0c: am 6fdb85d3: am 120fc2c7: Merge "Disable fingerprint when remotely reset by DPM" into mnc-dev

* commit '40fa4070c70d9ddde681b2fb28627b8a4889080e':
Disable fingerprint when remotely reset by DPM
8ae1be120806d0189f65a492004a7b5416aa6c6f 05-Aug-2015 Jim Miller <jaggies@google.com> Disable fingerprint when remotely reset by DPM

When the device is lost or stolen, it's safer to
fall back to strong authentication (pin, pattern or
password). This disables fingerprint like we do with
trust agents.

Fixes bug 21620081

Change-Id: I7bbe54be3721b2f160b783daeb3acbe434705046
rustManagerService.java
09e02917ff7bb36b89d13fd5df10d2d3c43d5fe9 05-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Clean up USER_OWNER in TrustManagerService

Bug: 19913735
Change-Id: I4d0ce3d7f68772faed166818978156c663cebdc9
rustManagerService.java
7cb69df507f5f7956c52a2868a0d6e89aec6dde2 14-Jul-2015 Xiaohui Chen <xiaohuic@google.com> sys user split: refactor systemui user switcher

BUG:19913735
Change-Id: I017dd1b03fd163c266b8080b969fb7a2e934e26c
rustManagerService.java
53a6b06e4bc5ea5edcb1e95ab82c99ab6778b091 30-Jun-2015 Adrian Roos <roosa@google.com> Trust: Track separate user has authenticated since boot

Bug: 22115393
Change-Id: Ieb907ec988da1b92c7178c00ecdc40c48d1348db
rustManagerService.java
237b061182d36fd3bf2238092ccf3d529ec8877b 01-May-2015 Jorim Jaggi <jjaggi@google.com> Only enable fingerprint auth after first regular auth

- Add method hasUserAuthenticatedSinceBoot to TrustManagerService
- Use this information to only enable fingerprint auth after the user
has at least once authenticated with his regular authentication
method.

Change-Id: Icf073ac3b340d557b044f6bf27f1a7f8511048e2
rustManagerService.java
d69e4c1460017062e7c36be55801cb434ad19d97 24-Apr-2015 Dianne Hackborn <hackbod@google.com> Update use of procstate for services.

Now that we have a separate foreground service proc state
(above a sleeping top app), update various system services
to put their bindings into this state when appropriate.

There are two new bind flags for this -- one that just always
makes it a foreground service, another that only does it when
the device is awake (useful for things like the wallpaper).

And with all of that, tweak network policy manager to only
include apps that are at least foreground service state when
in power save and device idle modes. This will allow us to
further reduce the set of apps that have network access
(in particular not giving access to the current top app when
the screen is off), hopefully leading to even better battery
life.

Change-Id: I91d85a5c5ed64e856149e9a5d94a634a7925ec7f
rustAgentWrapper.java
94e15a59b757678949cccb5d783bee1638e84697 16-Apr-2015 Adrian Roos <roosa@google.com> Allow dismissing Keyguard from TrustAgentService

Bug: 19900313
Change-Id: I44d13ee6fe65070327076e73a3ed96c94acdc108
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
82893681ad6530eec8f2a9b4ecd2e039addf48b7 02-Apr-2015 Adrian Roos <roosa@google.com> Add KeyguardManager.isDeviceSecure

Bug: 19823211
Change-Id: I92a1d2542274bf1dc2d5757511ce495264f90733
rustManagerService.java
1221b0628d0b896102c20545b30fa7bafa08ae32 26-Mar-2015 Adrian Roos <roosa@google.com> Properly unregister TrustAgentWrapper's broadcast receiver

Bug: 19820505
Change-Id: I6f9463a54aa1c33d485b8f55c5f22f18535b0d29
rustAgentWrapper.java
bd5e03b6d996aa39a6f607a55ffd0691a55b1cee 11-Mar-2015 Adrian Roos <roosa@google.com> Merge "Notify TrustAgentService when device policy configuration no longer applies"
a43fd03b9b23f9ad0deae9ee69ee80aaa1433cdb 09-Mar-2015 Adrian Roos <roosa@google.com> Notify TrustAgentService when device policy configuration no longer applies

Also updates the outdated javadoc to match the current API.

Bug: 19500731
Change-Id: I7976bbcc815b84e168718672377a963ffea68c51
rustAgentWrapper.java
dfdbad309f610c242931cd588a9c1ea1112b8bd0 05-Mar-2015 Adrian Roos <roosa@google.com> Prevent receiver leak in TrustAgentWrapper

Bug: 19601687
Change-Id: Idfe5429926e1c849dc2d908b4877d8410335391c
rustAgentWrapper.java
7e2e40e127f5b421f946427071a20d0e9d88ca03 21-Nov-2014 Adrian Roos <roosa@google.com> Follow up to I96c68af9ccc9940acf9fab3b5bd39a3485f01045

Fix log spam and wrong log string.

Bug: 18414067
Change-Id: I588ec7b62055d2374d311d3adf9edd500ca40380
rustManagerService.java
481a6df99fea124bc4354da34ff668750cdc9041 20-Nov-2014 Adrian Roos <roosa@google.com> Add device locked API for TrustAgentService

Bug: 18414067
Change-Id: I96c68af9ccc9940acf9fab3b5bd39a3485f01045
rustAgentWrapper.java
rustManagerService.java
50bfeec868157106e8b60abf8964cb24462af182 20-Nov-2014 Adrian Roos <roosa@google.com> Update KeyguardManager.isDeviceLocked API

Bug: 18414067
Change-Id: I0715714c2c9a122f578ec0c6f508faae12e6f752
rustManagerService.java
fc29e0b5829034d9c0a60882d2a21606b2f513b1 11-Nov-2014 Adrian Roos <roosa@google.com> Properly destroy TrustAgentWrapper when not bound

Also fixes a potential issue where refreshing agents
for a user that no longer exists would result in a crash.

Bug: 18318629
Change-Id: I3589ea7e0f2e63fca02daeecf3ca964a8a8e4b3b
rustAgentWrapper.java
rustManagerService.java
e303bf443532c2ad756260133f00747bcff11e69 27-Aug-2014 Jim Miller <jaggies@google.com> Update TrustAgentService API after review

This change incorporates API council feedback and enables the
TrustAgent whitelisting API.

It also contains a minor cleanup of DPM's use of UserHandle
to eliminate unnecessary object creation.

Fixes bug 17008504

Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
rustAgentWrapper.java
rustManagerService.java
cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dce 28-Oct-2014 Adrian Roos <roosa@google.com> Improve TrustManagerService user lifecycle

- Only bind agents of running users
- Explicitly clean up state when users are removed
- Delay binding until third-party apps can actually run

Bug: 18102460
Change-Id: I5017adc1634b249068099fc5779ba95904312438
rustManagerService.java
49d53452e744f03593093f6588cea12a405f9ff5 24-Oct-2014 Adrian Roos <roosa@google.com> Ensure trust agents are disabled in safe-mode

Bug: 18070351
Change-Id: I71c5441bb501bb0996b557519328eb0847f043cf
rustManagerService.java
bcd076525ccb8a3dfe7d1002bcae059661c1d111 22-Oct-2014 Adrian Roos <roosa@google.com> Add API for querying trusted state

Bug: 18084166
Change-Id: Ic755461cc6978943aef4943def93a0e38a1c96c0
rustManagerService.java
7b4a38b197ce43cb286d80fc6c4e9713b2807f13 21-Oct-2014 Adrian Roos <roosa@google.com> Delay discovery of system trust agents

Waits for BOOT_COMPLETED when enabling system trust agents.
This fixes an issue where no agents were discovered because the
packages were not ready after an OTA.

Bug: 18065140
Change-Id: Ibff9948e1536e07f868d6b29f432923a137091e6
rustManagerService.java
c727fb1fc2a0653f2f1355c2f5aa826a3126dcc4 10-Sep-2014 Adrian Roos <roosa@google.com> Merge "Only unbind agents of the user that is being refreshed" into lmp-dev
3870d451f7d3913a05ffa144d03167bde9221adb 05-Sep-2014 Adrian Roos <roosa@google.com> Add system trust agents on first boot or when adding user

While we're in there also call listeners when they're added
so they know the state immediately.

Bug: 17258031
Change-Id: I5f1186314795f3fafd78e1b3e2d5102cdaec65d6
rustManagerService.java
e681c27dc62006358102a250b46726b7a88efe06 08-Sep-2014 Adrian Roos <roosa@google.com> Only unbind agents of the user that is being refreshed

Follow-up to I470261f659a573400b2eb1421eeb953c87e58b66.

Bug: 17416492
Change-Id: If0da5f163049540476d84d147c0e733fab1ae6d5
rustManagerService.java
4e68f11672bdb2d11b0da5cef942cfc9bfabd696 29-Aug-2014 Marco Fucci <mfucci@google.com> Disconnect TrustAgent when not active.

Bug: 17191952
Change-Id: I470261f659a573400b2eb1421eeb953c87e58b66
rustManagerService.java
1572ee379e1d070c7ad1c37a626ed25db5341a3e 01-Sep-2014 Adrian Roos <roosa@google.com> Trust: Look at the security unlock method of the right user

Follow up to Ic9e93862c722ebc529f5b2010b9cea941f569ce7.

Bug: 17107213
Change-Id: I8f3c19aedeaca3f265c98a4fb60ab74b115fca47
rustManagerService.java
76b9b8b0ca537bad6c4da388d77a9e5dee023856 23-Aug-2014 Jim Miller <jaggies@google.com> Limit grantTrust() duration to DevicePolicy-imposed limit.

Fixes bug 17046034

Change-Id: I5c512c2d05e7e0ed81eaf0dcafacc6f62a5c5937
rustAgentWrapper.java
d4efaac5d54cdb3735b032bb76a5639949f33216 15-Aug-2014 Jim Miller <jaggies@google.com> Update TrustAgentService API after review.

Also documents timebase on related DevicePolicyManager API.

Fixes bugs 16401527 and 17046034

Change-Id: I8ee6d0055ab6f52ec71630344d3232f7875d9c1d
rustAgentWrapper.java
4b9e324b6f59f49a8ca4bc4cd8b38a5ea005a6b2 20-Aug-2014 Adrian Roos <roosa@google.com> Only run TrustAgentServices for users with secure keyguards

Bug: 17107213
Change-Id: Ic9e93862c722ebc529f5b2010b9cea941f569ce7
rustManagerService.java
9dbe190099a34c6420541a36425d8c68007bc86e 13-Aug-2014 Adrian Roos <roosa@google.com> Trust: Insecure unlock also removes disable-trust-on-boot restriction

Bug: 16485702
Change-Id: I437f619eb680fa9461a5e0d854db2d9f84dc602c
rustManagerService.java
2bb8bfd1e85c8359412159fde57dd5722f5be58c 13-Aug-2014 Adrian Roos <roosa@google.com> Dismiss bouncer when onTrustInitiatedByUser fires

Also modifies the SampleTrustAgent to allow testing of the feature
and adds the initiatedByUser flag to the dumpsys output.

Bug: 16840500
Change-Id: I4c08ddcdcbd0ab02c694a1873f73cb9a250f98d7
rustArchive.java
3c9a3501651aa8ad4f289e89119a6c0b4bdaf78a 06-Aug-2014 Adrian Roos <roosa@google.com> Pass initiatedByUser to TrustListeners

Bug: 16840500
Change-Id: I8d9bd8fe9a305066f33ac5c888d8a41ce219a6f1
rustAgentWrapper.java
rustManagerService.java
8f21158fe64eb93ff005dc1b831b282b95531023 29-Jul-2014 Adrian Roos <roosa@google.com> Trust: Make setEnabledFeatures asynchronous

Unsynchronizes the call into app code from setEnabledFeatures,
replacing it with a callback mechanism. Also makes this actually
work by fixing the check in TrustManagerService to take into account
whitelisting.

Change-Id: I0831752cd2d3158eda9c8404a5569498f11ac2ac
rustAgentWrapper.java
rustManagerService.java
7861c663fd64af33ec2a4c5ad653c806dc8bd994 25-Jul-2014 Adrian Roos <roosa@google.com> Add setManagingTrust and expose it on lockscreen

Adds a facility for trust agents to indicate if they
are ready to manage trust. Also adds an indication to
the lock icon on the lockscreen to show whether trust is
being managed.

Bug: 15518469
Bug: 16123013

Change-Id: Ie17f588aebeafe66c81dea4a69c733b0d2c72fd4
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
604e7558ef32098644b2f9456d7743a07ae789dc 19-Jul-2014 Jim Miller <jaggies@google.com> Add new DevicePolicyManager API to allow fine-grained TrustAgent management

This adds a new feature that allows a device admin to specify a
whitelist of features that are allowed for the given admin.

Change-Id: I83f853318efbcf72308532d0a997374f73fa9c10
rustAgentWrapper.java
rustManagerService.java
b42fe576f6f4b194866fde51175cd7062a4a435d 25-Jul-2014 Adrian Roos <roosa@google.com> am 5de758d3: am f8a01f5f: am 6468d5c2: Merge "Restart trust agents when updated or when they are dead" into lmp-dev

* commit '5de758d3868b036f5067ad9f86ee7b02331e4818':
Restart trust agents when updated or when they are dead
c5f95cea2639b698594a85acbde6a5519941d7b1 24-Jul-2014 Adrian Roos <roosa@google.com> Restart trust agents when updated or when they are dead

ActivityManager restarts the trust agent service for us
when it gets killed automatically. This does not apply
when its process crashes too often or when its package
gets updated however.
To catch the update case, the trust agent connection
is removed as soon as the package disappears, and then
readded when the new package appears.
To catch the repeated crashing case, the connection is
reset if it hasn't successfully connected for several minutes.

Also adds a button to SampleTrustAgent to simulate a crash.

Bug: 16137258
Change-Id: I1b18fc7a3025e23e25ca1623b6af658d5430a94b
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
979a32e4a0133e0b55210247aa776f57c17b9b9a 19-Jul-2014 Jay Civelli <jcivelli@google.com> Fix removeListener in TrustManagerService.

The removeListener method was not removing listeners.

Change-Id: Icd5366f03f8fc9c3d283c7b4416b9cff3c75cc59
rustManagerService.java
2c12cfa1d53b586ae8a8d6aca64a4de771dc85b0 25-Jun-2014 Adrian Roos <roosa@google.com> Trust Agents: Add facility to request credential entry

Bug: 15871777
Change-Id: I43c80151f6403ff62961aeb3dc7aafe049e18a62
rustManagerService.java
800631affd5eaae69855f2a0c1ba24d1e4f3acbc 19-Jun-2014 Jay Civelli <jcivelli@google.com> Reenabling permission check for TrustAgent.

Now that master is using Manchego, the permission check for TrustAgent can
be reenabled.

Change-Id: I3c05a97de965684bef460ab3e3289657f9542af3
rustManagerService.java
abc40bbeeb9d8a183b296a7c7ac3a0c55ed8c636 11-Jun-2014 Jay Civelli <jcivelli@google.com> Temporary removing the Trust Agent permission change.

Removing the permission check for Trust Agents, until the GMS core prebuilt
has that permission.

BUG: 15546358

Change-Id: Id42d3820d8d772b7788ea1f7431944bf13d4cc92
rustManagerService.java
b4df2f586ad7b5a0387489401de0c83203610ba9 04-Jun-2014 Adrian Roos <roosa@google.com> am b2302d43: Merge "Ensure trust agents are only provided by platform packages" into lmp-preview-dev

* commit 'b2302d437fd636d9973f466062cfad145cdd042d':
Ensure trust agents are only provided by platform packages
18ea893a2319e2a192188d2288bb881149c9b06e 28-May-2014 Adrian Roos <roosa@google.com> Ensure trust agents are only provided by platform packages

Prevents the TrustManagerService from binding to any non-platform
trust agents and updates the SampleTrustAgent to use the new
permission.

Bug: 15287044
Change-Id: I38c3deebd5ad359075e68f52d19417bab5ab43db
rustManagerService.java
b9fc22029f766e5b5a19d5615b5d64f163476b20 28-May-2014 Adrian Roos <roosa@google.com> am 9fb0925e: Merge "Add and improve logged TrustAgent connection events" into lmp-preview-dev

* commit '9fb0925e0ea64ac6124cc0c843db05155cc4ea64':
Add and improve logged TrustAgent connection events
7d59b4f981e24a4a446522e9b8d3d6a7115c1459 27-May-2014 Adrian Roos <roosa@google.com> Add and improve logged TrustAgent connection events

Adds events for when a TrustAgentService gets connected
or is stopped. Also explicitly revokes trust when a
trust agent gets disconnected, such that it shows up in
dumpsys.

Bug: 15281644
Change-Id: I5875a34da923345683279c1f755d43454ff6318d
rustAgentWrapper.java
rustArchive.java
995757e330237813a62e8d163a243e98984fc535 22-May-2014 Adrian Roos <roosa@google.com> Merge "Remove dead TrustListeners"
7a4f3d448b17b4bea190c906d7ecc7f8bec9ff80 02-May-2014 Adrian Roos <roosa@google.com> Add dumpsys facility and a history to TrustManagerService

TrustManagerService now keeps track of all events that
influence its state and reports them when it is dumped or
a bugreport is collected.

Bug: 15079129

Change-Id: Iac13de8a848d2b12c8d06168a6969f55b264144a
rustAgentWrapper.java
rustArchive.java
rustManagerService.java
a4ba56ba879b83e2866c31b4eb395d38302a1769 20-May-2014 Adrian Roos <roosa@google.com> Remove dead TrustListeners

Follow-up to I972a9134aed18fc160c919eac93e9d488b5691f1
Bug: 15092272

Change-Id: I46d718edcbad0e46416263dd21507fa8abeb8d7b
rustManagerService.java
577b6f6ae4c41ee5a5b79a82962f38df395e8752 20-May-2014 Jim Miller <jaggies@google.com> Fix infinite loop in TrustManagerService exception handler.

Fixes bug 15092272

Change-Id: I972a9134aed18fc160c919eac93e9d488b5691f1
rustManagerService.java
7046bfd054b67fd3cfe8f462f7b9ea126652610f 16-May-2014 Adrian Roos <roosa@google.com> Trust Agents: Withhold trust until user has authenticated

Bug: 14229695
Change-Id: I40d9fa442aa05437c20081c007ed64f984042418
rustManagerService.java
ca36b95bd3e0cc8b6f1685bd57a09419db756b91 16-May-2014 Adrian Roos <roosa@google.com> Trust Agents: Implement DPM override

Disable trust agents when a device policy
disabling them is in effect.

Bug: 14619289
Change-Id: I0920a17021cbf045d2362735df49ef4d013fcc7f
rustManagerService.java
7e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1 16-May-2014 Adrian Roos <roosa@google.com> Apply revised TrustAgent API

Bug: 14997466
Change-Id: I81042e058a20f28603a11471882f3dcfc4f8b13c
rustAgentWrapper.java
rustManagerService.java
a5956424b817fbe3d20a22b994a693f0011cc632 30-Apr-2014 Adrian Roos <roosa@google.com> Fix broken trust agent reloading v2

Bug: 13723878
Change-Id: I61f313bfc7ff0dc502551b54d580a7ce8694f04d
rustManagerService.java
81e046645def5ded2cc72740b251df0ebe40334c 30-Apr-2014 Adrian Roos <roosa@google.com> Fix broken trust agent reloading

Bug: 13723878
Change-Id: I2f7f3fad5685e5e57dcddf2f2c3494bb95e38b15
rustManagerService.java
82142c21dd333307682d5f4bb09de3ab3ccfa06c 27-Mar-2014 Adrian Roos <roosa@google.com> Define trust agent framework components

Adds the TrustManager system service that allows
registering for changes to the trust status and
reporting events that are important to trust agents.

Bug: 13723878
Change-Id: I7d0d2ea86fd755702d31aa5d49cac038a6cd4301
rustAgentWrapper.java
rustManagerService.java