182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/* 282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Copyright (C) 2014 The Android Open Source Project 382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Licensed under the Apache License, Version 2.0 (the "License"); 582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * you may not use this file except in compliance with the License. 682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * You may obtain a copy of the License at 782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * http://www.apache.org/licenses/LICENSE-2.0 982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 1082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Unless required by applicable law or agreed to in writing, software 1182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * distributed under the License is distributed on an "AS IS" BASIS, 1282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * See the License for the specific language governing permissions and 1482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * limitations under the License 1582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 1682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospackage com.android.server.trust; 1882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.Manifest; 2085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scullimport android.annotation.UserIdInt; 21bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport android.app.ActivityManager; 22ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.app.admin.DevicePolicyManager; 2382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.app.trust.ITrustListener; 2482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.app.trust.ITrustManager; 25ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.content.BroadcastReceiver; 2682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.ComponentName; 2782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.Context; 2882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.Intent; 29ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.content.IntentFilter; 303870d451f7d3913a05ffa144d03167bde9221adbAdrian Roosimport android.content.pm.ApplicationInfo; 3182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.PackageManager; 3282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.ResolveInfo; 3382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.UserInfo; 3482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.Resources; 3582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.TypedArray; 3682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.XmlResourceParser; 3782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.graphics.drawable.Drawable; 38bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport android.os.Binder; 395d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roosimport android.os.Build; 40a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roosimport android.os.DeadObjectException; 4182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Handler; 4282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.IBinder; 4382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Message; 44e303bf443532c2ad756260133f00747bcff11e69Jim Millerimport android.os.PersistableBundle; 4582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.RemoteException; 46c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roosimport android.os.SystemClock; 4782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.UserHandle; 4882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.UserManager; 4968771eb837b0a7b94c120a450624d392496413ceAdrian Roosimport android.os.storage.StorageManager; 503870d451f7d3913a05ffa144d03167bde9221adbAdrian Roosimport android.provider.Settings; 5182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.service.trust.TrustAgentService; 5282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.ArraySet; 5382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.AttributeSet; 5418ea893a2319e2a192188d2288bb881149c9b06eAdrian Roosimport android.util.Log; 5582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Slog; 567046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roosimport android.util.SparseBooleanArray; 5782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Xml; 58481a6df99fea124bc4354da34ff668750cdc9041Adrian Roosimport android.view.IWindowManager; 5950bfeec868157106e8b60abf8964cb24462af182Adrian Roosimport android.view.WindowManagerGlobal; 6093a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.internal.annotations.GuardedBy; 6193a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.internal.content.PackageMonitor; 62fe9a53bc45fd0124a876dc0a49680aaf86641d3eJeff Sharkeyimport com.android.internal.util.DumpUtils; 6393a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.internal.widget.LockPatternUtils; 6493a145f6880f71332b8288774671392259a9b6dfLingjun Liimport com.android.server.SystemService; 657a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roosimport java.io.FileDescriptor; 6682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.io.IOException; 677a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roosimport java.io.PrintWriter; 6882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.util.ArrayList; 6982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.util.List; 7093a145f6880f71332b8288774671392259a9b6dfLingjun Liimport org.xmlpull.v1.XmlPullParser; 7193a145f6880f71332b8288774671392259a9b6dfLingjun Liimport org.xmlpull.v1.XmlPullParserException; 7282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 7382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/** 7482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Manages trust agents and trust listeners. 7582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 7682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s 7782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * of each user and notifies them about events that are relevant to them. 7882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It start and stops them based on the value of 7982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}. 8082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 8182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the 8282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * trust state changes for any user. 8382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 8482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Trust state and the setting of enabled agents is kept per user and each user has its own 8582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * instance of a {@link android.service.trust.TrustAgentService}. 8682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 8782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospublic class TrustManagerService extends SystemService { 8882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final String TAG = "TrustManagerService"; 895d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos static final boolean DEBUG = Build.IS_DEBUGGABLE && Log.isLoggable(TAG, Log.VERBOSE); 9082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 9182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final Intent TRUST_AGENT_INTENT = 9282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos new Intent(TrustAgentService.SERVICE_INTERFACE); 9318ea893a2319e2a192188d2288bb881149c9b06eAdrian Roos private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT; 9482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 9582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_REGISTER_LISTENER = 1; 9682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_UNREGISTER_LISTENER = 2; 9782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3; 9882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_ENABLED_AGENTS_CHANGED = 4; 99481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6; 100481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_START_USER = 7; 101481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_CLEANUP_USER = 8; 102481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_SWITCH_USER = 9; 10383a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu private static final int MSG_FLUSH_TRUST_USUALLY_MANAGED = 10; 10483a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu private static final int MSG_UNLOCK_USER = 11; 10585a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull private static final int MSG_STOP_USER = 12; 106327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal private static final int MSG_DISPATCH_UNLOCK_LOCKOUT = 13; 107c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 108517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000; 10982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 110b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<>(); 111b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<>(); 1129dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos private final Receiver mReceiver = new Receiver(); 113b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 1147a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos /* package */ final TrustArchive mArchive = new TrustArchive(); 11582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Context mContext; 1163870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private final LockPatternUtils mLockPatternUtils; 117bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private final UserManager mUserManager; 118cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private final ActivityManager mActivityManager; 11982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 120bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos @GuardedBy("mUserIsTrusted") 121bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray(); 12282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 123481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @GuardedBy("mDeviceLockedForUser") 124481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray(); 125481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 126c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos @GuardedBy("mDeviceLockedForUser") 127c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray(); 128c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 129a7aa4d6f0b91e050c083c19459b0c8b265c92617Rakesh Iyer private final StrongAuthTracker mStrongAuthTracker; 130a7aa4d6f0b91e050c083c19459b0c8b265c92617Rakesh Iyer 131cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private boolean mTrustAgentsCanRun = false; 13209e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen private int mCurrentUser = UserHandle.USER_SYSTEM; 133cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 13482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public TrustManagerService(Context context) { 13582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos super(context); 13682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mContext = context; 13782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); 138cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE); 1393870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos mLockPatternUtils = new LockPatternUtils(context); 140517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStrongAuthTracker = new StrongAuthTracker(context); 14182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 14382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 14482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onStart() { 14582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos publishBinderService(Context.TRUST_SERVICE, mService); 14682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 14882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 14982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onBootPhase(int phase) { 15049d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (isSafeMode()) { 15149d53452e744f03593093f6588cea12a405f9ff5Adrian Roos // No trust agents in safe mode. 15249d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 15349d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 15449d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) { 15582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true); 1569dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos mReceiver.register(mContext); 157b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker); 158cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { 159cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos mTrustAgentsCanRun = true; 1604e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 161605733b09a187b1d520ebe125d6a03ef04c303b5Xiaohui Chen refreshDeviceLockedForUser(UserHandle.USER_ALL); 16249d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } else if (phase == SystemService.PHASE_BOOT_COMPLETED) { 16309e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_SYSTEM); 16482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 16582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 16682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 16782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Agent management 16882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 16982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final class AgentInfo { 17082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos CharSequence label; 17182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Drawable icon; 17282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ComponentName component; // service that implements ITrustAgent 17320914d79393aead044848a337ff4f802e4afb48eLingjun Li SettingsAttrs settings; // setting to launch to modify agent. 17482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TrustAgentWrapper agent; 17582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos int userId; 17682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 17782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 17882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public boolean equals(Object other) { 17982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (!(other instanceof AgentInfo)) { 18082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return false; 18182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 18282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo o = (AgentInfo) other; 18382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return component.equals(o.component) && userId == o.userId; 18482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 18582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 18682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 18782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public int hashCode() { 18882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return component.hashCode() * 31 + userId; 18982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void updateTrustAll() { 19382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */); 19482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (UserInfo userInfo : userInfos) { 19594e15a59b757678949cccb5d783bee1638e84697Adrian Roos updateTrust(userInfo.id, 0); 19682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19994e15a59b757678949cccb5d783bee1638e84697Adrian Roos public void updateTrust(int userId, int flags) { 200c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean managed = aggregateIsTrustManaged(userId); 201c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos dispatchOnTrustManagedChanged(managed, userId); 202c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (mStrongAuthTracker.isTrustAllowedForUser(userId) 203c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos && isTrustUsuallyManagedInternal(userId) != managed) { 204c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos updateTrustUsuallyManaged(userId, managed); 205c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 206bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos boolean trusted = aggregateIsTrusted(userId); 207481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean changed; 208bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos synchronized (mUserIsTrusted) { 209481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos changed = mUserIsTrusted.get(userId) != trusted; 210bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos mUserIsTrusted.put(userId, trusted); 211bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 21294e15a59b757678949cccb5d783bee1638e84697Adrian Roos dispatchOnTrustChanged(trusted, userId, flags); 213481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (changed) { 214481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(userId); 215481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 21682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 21782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 218c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private void updateTrustUsuallyManaged(int userId, boolean managed) { 219c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 220c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mTrustUsuallyManagedForUser.put(userId, managed); 221c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 222c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // Wait a few minutes before committing to flash, in case the trust agent is transiently not 223c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // managing trust (crashed, needs to acknowledge DPM restrictions, etc). 224c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.removeMessages(MSG_FLUSH_TRUST_USUALLY_MANAGED); 225c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.sendMessageDelayed( 226c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.obtainMessage(MSG_FLUSH_TRUST_USUALLY_MANAGED), 227c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos TRUST_USUALLY_MANAGED_FLUSH_DELAY); 228c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 229c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 23093a145f6880f71332b8288774671392259a9b6dfLingjun Li public long addEscrowToken(byte[] token, int userId) { 23193a145f6880f71332b8288774671392259a9b6dfLingjun Li return mLockPatternUtils.addEscrowToken(token, userId); 23293a145f6880f71332b8288774671392259a9b6dfLingjun Li } 23393a145f6880f71332b8288774671392259a9b6dfLingjun Li 23493a145f6880f71332b8288774671392259a9b6dfLingjun Li public boolean removeEscrowToken(long handle, int userId) { 23593a145f6880f71332b8288774671392259a9b6dfLingjun Li return mLockPatternUtils.removeEscrowToken(handle, userId); 23693a145f6880f71332b8288774671392259a9b6dfLingjun Li } 23793a145f6880f71332b8288774671392259a9b6dfLingjun Li 23893a145f6880f71332b8288774671392259a9b6dfLingjun Li public boolean isEscrowTokenActive(long handle, int userId) { 23993a145f6880f71332b8288774671392259a9b6dfLingjun Li return mLockPatternUtils.isEscrowTokenActive(handle, userId); 24093a145f6880f71332b8288774671392259a9b6dfLingjun Li } 24193a145f6880f71332b8288774671392259a9b6dfLingjun Li 24293a145f6880f71332b8288774671392259a9b6dfLingjun Li public void unlockUserWithToken(long handle, byte[] token, int userId) { 24393a145f6880f71332b8288774671392259a9b6dfLingjun Li mLockPatternUtils.unlockUserWithToken(handle, token, userId); 24493a145f6880f71332b8288774671392259a9b6dfLingjun Li } 24593a145f6880f71332b8288774671392259a9b6dfLingjun Li 246517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos void refreshAgentList(int userIdOrAll) { 247517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList(" + userIdOrAll + ")"); 248cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (!mTrustAgentsCanRun) { 24949d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 25049d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 251517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll != UserHandle.USER_ALL && userIdOrAll < UserHandle.USER_SYSTEM) { 252517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.e(TAG, "refreshAgentList(userId=" + userIdOrAll + "): Invalid user handle," 253e681c27dc62006358102a250b46726b7a88efe06Adrian Roos + " must be USER_ALL or a specific user.", new Throwable("here")); 254517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos userIdOrAll = UserHandle.USER_ALL; 255e681c27dc62006358102a250b46726b7a88efe06Adrian Roos } 25682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos PackageManager pm = mContext.getPackageManager(); 25782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 2584e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci List<UserInfo> userInfos; 259517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL) { 2604e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci userInfos = mUserManager.getUsers(true /* excludeDying */); 2614e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci } else { 2624e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci userInfos = new ArrayList<>(); 263517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos userInfos.add(mUserManager.getUserInfo(userIdOrAll)); 2644e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci } 2653870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos LockPatternUtils lockPatternUtils = mLockPatternUtils; 26682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 267c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>(); 268c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos obsoleteAgents.addAll(mActiveAgents); 26982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 27082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (UserInfo userInfo : userInfos) { 271fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos if (userInfo == null || userInfo.partial || !userInfo.isEnabled() 272fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos || userInfo.guestToRemove) continue; 2735d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!userInfo.supportsSwitchToByUser()) { 2745d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2755d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": switchToByUser=false"); 2765d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2775d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2785d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!mActivityManager.isUserRunning(userInfo.id)) { 2795d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2805d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": user not started"); 2815d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2825d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2835d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!lockPatternUtils.isSecure(userInfo.id)) { 2845d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2855d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": no secure credential"); 2865d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2875d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 28820914d79393aead044848a337ff4f802e4afb48eLingjun Li 2898f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager(); 2908f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id); 291604e7558ef32098644b2f9456d7743a07ae789dcJim Miller final boolean disableTrustAgents = 292ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 293ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 29482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id); 2958f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (enabledAgents == null) { 2965d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2975d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": no agents enabled by user"); 29882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos continue; 29982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 3003870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id); 30182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 30282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ComponentName name = getComponentName(resolveInfo); 30382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 3045d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!enabledAgents.contains(name)) { 3055d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping " 3065d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + name.flattenToShortString() + " u"+ userInfo.id 3075d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": not enabled by user"); 3085d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 3095d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 3108f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (disableTrustAgents) { 311e303bf443532c2ad756260133f00747bcff11e69Jim Miller List<PersistableBundle> config = 312e303bf443532c2ad756260133f00747bcff11e69Jim Miller dpm.getTrustAgentConfiguration(null /* admin */, name, userInfo.id); 3138f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos // Disable agent if no features are enabled. 3145d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (config == null || config.isEmpty()) { 3155d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping " 3165d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + name.flattenToShortString() + " u"+ userInfo.id 3175d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": not allowed by DPM"); 3185d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 3195d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 3208f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 32182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo agentInfo = new AgentInfo(); 32282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.component = name; 32382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.userId = userInfo.id; 32482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (!mActiveAgents.contains(agentInfo)) { 32582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.label = resolveInfo.loadLabel(pm); 32682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.icon = resolveInfo.loadIcon(pm); 32720914d79393aead044848a337ff4f802e4afb48eLingjun Li agentInfo.settings = getSettingsAttrs(pm, resolveInfo); 32820914d79393aead044848a337ff4f802e4afb48eLingjun Li } else { 32920914d79393aead044848a337ff4f802e4afb48eLingjun Li int index = mActiveAgents.indexOf(agentInfo); 33020914d79393aead044848a337ff4f802e4afb48eLingjun Li agentInfo = mActiveAgents.valueAt(index); 33120914d79393aead044848a337ff4f802e4afb48eLingjun Li } 33220914d79393aead044848a337ff4f802e4afb48eLingjun Li 33320914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean directUnlock = resolveInfo.serviceInfo.directBootAware 33420914d79393aead044848a337ff4f802e4afb48eLingjun Li && agentInfo.settings.canUnlockProfile; 33520914d79393aead044848a337ff4f802e4afb48eLingjun Li 33620914d79393aead044848a337ff4f802e4afb48eLingjun Li if (directUnlock) { 33720914d79393aead044848a337ff4f802e4afb48eLingjun Li if (DEBUG) Slog.d(TAG, "refreshAgentList: trustagent " + name 33820914d79393aead044848a337ff4f802e4afb48eLingjun Li + "of user " + userInfo.id + "can unlock user profile."); 33920914d79393aead044848a337ff4f802e4afb48eLingjun Li } 34020914d79393aead044848a337ff4f802e4afb48eLingjun Li 34120914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!StorageManager.isUserKeyUnlocked(userInfo.id) 34220914d79393aead044848a337ff4f802e4afb48eLingjun Li && !directUnlock) { 34320914d79393aead044848a337ff4f802e4afb48eLingjun Li if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 34493a145f6880f71332b8288774671392259a9b6dfLingjun Li + "'s trust agent " + name + ": FBE still locked and " 34520914d79393aead044848a337ff4f802e4afb48eLingjun Li + " the agent cannot unlock user profile."); 34620914d79393aead044848a337ff4f802e4afb48eLingjun Li continue; 34720914d79393aead044848a337ff4f802e4afb48eLingjun Li } 34820914d79393aead044848a337ff4f802e4afb48eLingjun Li 34920914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id)) { 35020914d79393aead044848a337ff4f802e4afb48eLingjun Li int flag = mStrongAuthTracker.getStrongAuthForUser(userInfo.id); 351327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT) { 352327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT 353327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal || !directUnlock) { 354327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (DEBUG) 355327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 356327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal + ": prevented by StrongAuthTracker = 0x" 357327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal + Integer.toHexString(mStrongAuthTracker.getStrongAuthForUser( 358327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal userInfo.id))); 359327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal continue; 360327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 36120914d79393aead044848a337ff4f802e4afb48eLingjun Li } 36220914d79393aead044848a337ff4f802e4afb48eLingjun Li } 36320914d79393aead044848a337ff4f802e4afb48eLingjun Li 364b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos if (agentInfo.agent == null) { 365b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos agentInfo.agent = new TrustAgentWrapper(mContext, this, 366b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos new Intent().setComponent(name), userInfo.getUserHandle()); 367b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos } 368b884bb28b1416f8d0d93403eeac11af74b9f9968Adrian Roos 36920914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!mActiveAgents.contains(agentInfo)) { 37082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mActiveAgents.add(agentInfo); 37182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } else { 372c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos obsoleteAgents.remove(agentInfo); 37382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 37482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 37582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 37682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 37782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos boolean trustMayHaveChanged = false; 378c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = 0; i < obsoleteAgents.size(); i++) { 379c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = obsoleteAgents.valueAt(i); 380517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL || userIdOrAll == info.userId) { 381e681c27dc62006358102a250b46726b7a88efe06Adrian Roos if (info.agent.isManagingTrust()) { 382e681c27dc62006358102a250b46726b7a88efe06Adrian Roos trustMayHaveChanged = true; 383e681c27dc62006358102a250b46726b7a88efe06Adrian Roos } 384fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 385e681c27dc62006358102a250b46726b7a88efe06Adrian Roos mActiveAgents.remove(info); 38682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 38782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 38882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 38982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (trustMayHaveChanged) { 390517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL) { 391cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos updateTrustAll(); 392cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else { 393517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos updateTrust(userIdOrAll, 0); 394cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 39582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 39682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 39782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 398481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean isDeviceLockedInner(int userId) { 399481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mDeviceLockedForUser) { 400481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos return mDeviceLockedForUser.get(userId, true); 401481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 402481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 403481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 404481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private void refreshDeviceLockedForUser(int userId) { 40509e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) { 4067e2e40e127f5b421f946427071a20d0e9d88ca03Adrian Roos Log.e(TAG, "refreshDeviceLockedForUser(userId=" + userId + "): Invalid user handle," 407481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos + " must be USER_ALL or a specific user.", new Throwable("here")); 408481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userId = UserHandle.USER_ALL; 409481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 410481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 411481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos List<UserInfo> userInfos; 412481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (userId == UserHandle.USER_ALL) { 413481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos = mUserManager.getUsers(true /* excludeDying */); 414481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } else { 415481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos = new ArrayList<>(); 416481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos.add(mUserManager.getUserInfo(userId)); 417481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 418481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 419481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos IWindowManager wm = WindowManagerGlobal.getWindowManagerService(); 420481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 421481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos for (int i = 0; i < userInfos.size(); i++) { 422481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos UserInfo info = userInfos.get(i); 423481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 424481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (info == null || info.partial || !info.isEnabled() || info.guestToRemove 4257cb69df507f5f7956c52a2868a0d6e89aec6dde2Xiaohui Chen || !info.supportsSwitchToByUser()) { 426481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos continue; 427481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 428481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 429481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos int id = info.id; 430481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean secure = mLockPatternUtils.isSecure(id); 431481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean trusted = aggregateIsTrusted(id); 432481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean showingKeyguard = true; 433481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (mCurrentUser == id) { 434481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos try { 435481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos showingKeyguard = wm.isKeyguardLocked(); 436481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } catch (RemoteException e) { 437481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 438481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 439481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean deviceLocked = secure && showingKeyguard && !trusted; 44085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull setDeviceLockedForUser(id, deviceLocked); 44185a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 44285a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 443481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 44485a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull private void setDeviceLockedForUser(@UserIdInt int userId, boolean locked) { 44585a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull final boolean changed; 44685a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull synchronized (mDeviceLockedForUser) { 44785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull changed = isDeviceLockedInner(userId) != locked; 44885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull mDeviceLockedForUser.put(userId, locked); 44985a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 45085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull if (changed) { 45185a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull dispatchDeviceLocked(userId, locked); 452481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 453481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 454481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 455481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private void dispatchDeviceLocked(int userId, boolean isLocked) { 456481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 457481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos AgentInfo agent = mActiveAgents.valueAt(i); 458481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (agent.userId == userId) { 459481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (isLocked) { 460481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos agent.agent.onDeviceLocked(); 461481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } else{ 462481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos agent.agent.onDeviceUnlocked(); 463481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 464481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 465481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 466481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 467481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 4684e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci void updateDevicePolicyFeatures() { 4699d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos boolean changed = false; 4708f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 4718f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 4728f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (info.agent.isConnected()) { 4738f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos info.agent.updateDevicePolicyFeatures(); 4749d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos changed = true; 4758f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4768f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4779d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos if (changed) { 4789d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos mArchive.logDevicePolicyChanged(); 4799d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos } 4808f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4818f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos 482c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos private void removeAgentsOfPackage(String packageName) { 483c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos boolean trustMayHaveChanged = false; 484c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = mActiveAgents.size() - 1; i >= 0; i--) { 485c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 486c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (packageName.equals(info.component.getPackageName())) { 487c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos Log.i(TAG, "Resetting agent " + info.component.flattenToShortString()); 4887861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 489c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos trustMayHaveChanged = true; 490c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 491fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 492c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos mActiveAgents.removeAt(i); 493c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 494c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 495c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (trustMayHaveChanged) { 496c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos updateTrustAll(); 497c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 498c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 499c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 500c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos public void resetAgent(ComponentName name, int userId) { 501c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos boolean trustMayHaveChanged = false; 502c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = mActiveAgents.size() - 1; i >= 0; i--) { 503c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 504c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (name.equals(info.component) && userId == info.userId) { 505c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos Log.i(TAG, "Resetting agent " + info.component.flattenToShortString()); 5067861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 507c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos trustMayHaveChanged = true; 508c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 509fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 510c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos mActiveAgents.removeAt(i); 511c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 512c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 513c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (trustMayHaveChanged) { 51494e15a59b757678949cccb5d783bee1638e84697Adrian Roos updateTrust(userId, 0); 515c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 5164e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(userId); 517c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 518c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 51920914d79393aead044848a337ff4f802e4afb48eLingjun Li private SettingsAttrs getSettingsAttrs(PackageManager pm, ResolveInfo resolveInfo) { 52082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (resolveInfo == null || resolveInfo.serviceInfo == null 52182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos || resolveInfo.serviceInfo.metaData == null) return null; 52282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos String cn = null; 52320914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean canUnlockProfile = false; 52420914d79393aead044848a337ff4f802e4afb48eLingjun Li 52582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos XmlResourceParser parser = null; 52682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Exception caughtException = null; 52782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 52882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos parser = resolveInfo.serviceInfo.loadXmlMetaData(pm, 52982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TrustAgentService.TRUST_AGENT_META_DATA); 53082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (parser == null) { 53182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Slog.w(TAG, "Can't find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data"); 53282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 53382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 53482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo); 53582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AttributeSet attrs = Xml.asAttributeSet(parser); 53682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos int type; 53782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 53882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos && type != XmlPullParser.START_TAG) { 53982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Drain preamble. 54082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 54182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos String nodeName = parser.getName(); 5427e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos if (!"trust-agent".equals(nodeName)) { 5437e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos Slog.w(TAG, "Meta-data does not start with trust-agent tag"); 54482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 54582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 54682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TypedArray sa = res 54782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos .obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent); 54882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity); 54920914d79393aead044848a337ff4f802e4afb48eLingjun Li canUnlockProfile = sa.getBoolean( 55020914d79393aead044848a337ff4f802e4afb48eLingjun Li com.android.internal.R.styleable.TrustAgent_unlockProfile, false); 55182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos sa.recycle(); 55282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (PackageManager.NameNotFoundException e) { 55382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 55482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (IOException e) { 55582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 55682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (XmlPullParserException e) { 55782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 55882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } finally { 55982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (parser != null) parser.close(); 56082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 56182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (caughtException != null) { 56282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException); 56382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 56482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 56582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (cn == null) { 56682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 56782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 56882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (cn.indexOf('/') < 0) { 56982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos cn = resolveInfo.serviceInfo.packageName + "/" + cn; 57082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 57120914d79393aead044848a337ff4f802e4afb48eLingjun Li return new SettingsAttrs(ComponentName.unflattenFromString(cn), canUnlockProfile); 57282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 57382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 57482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private ComponentName getComponentName(ResolveInfo resolveInfo) { 57582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (resolveInfo == null || resolveInfo.serviceInfo == null) return null; 57682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name); 57782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 57882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 5793870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) { 5803870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(), 5813870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) { 5823870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos return; 5833870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5843870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos PackageManager pm = mContext.getPackageManager(); 5853870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId); 5863870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ArraySet<ComponentName> discoveredAgents = new ArraySet<>(); 5873870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 5883870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ComponentName componentName = getComponentName(resolveInfo); 5893870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags; 5903870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if ((applicationInfoFlags & ApplicationInfo.FLAG_SYSTEM) == 0) { 5913870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Log.i(TAG, "Leaving agent " + componentName + " disabled because package " 5923870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos + "is not a system package."); 5933870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos continue; 5943870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5953870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos discoveredAgents.add(componentName); 5963870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5973870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 5983870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId); 5993870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (previouslyEnabledAgents != null) { 6003870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos discoveredAgents.addAll(previouslyEnabledAgents); 6013870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6023870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos utils.setEnabledTrustAgents(discoveredAgents, userId); 6033870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.putIntForUser(mContext.getContentResolver(), 6043870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId); 6053870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6063870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 6073870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) { 6083870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT, 60920914d79393aead044848a337ff4f802e4afb48eLingjun Li PackageManager.GET_META_DATA | 61068771eb837b0a7b94c120a450624d392496413ceAdrian Roos PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 61168771eb837b0a7b94c120a450624d392496413ceAdrian Roos userId); 6123870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size()); 6133870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 6143870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (resolveInfo.serviceInfo == null) continue; 6153870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (resolveInfo.serviceInfo.applicationInfo == null) continue; 6163870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos String packageName = resolveInfo.serviceInfo.packageName; 6173870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName) 6183870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos != PackageManager.PERMISSION_GRANTED) { 6193870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ComponentName name = getComponentName(resolveInfo); 6203870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Log.w(TAG, "Skipping agent " + name + " because package does not have" 6213870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos + " permission " + PERMISSION_PROVIDE_AGENT + "."); 6223870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos continue; 6233870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6243870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos allowedAgents.add(resolveInfo); 6253870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6263870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos return allowedAgents; 6273870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6283870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 62982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Agent dispatch and aggregation 63082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 63182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private boolean aggregateIsTrusted(int userId) { 632b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { 6337046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roos return false; 6347046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roos } 63582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 63682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo info = mActiveAgents.valueAt(i); 63782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.userId == userId) { 63882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.agent.isTrusted()) { 63982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return true; 64082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 64182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 64282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 64382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return false; 64482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 64582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 6467861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private boolean aggregateIsTrustManaged(int userId) { 647b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { 6487861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return false; 6497861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6507861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 6517861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 6527861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.userId == userId) { 6537861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 6547861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return true; 6557861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6567861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6577861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6587861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return false; 6597861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6607861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 66182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void dispatchUnlockAttempt(boolean successful, int userId) { 662517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (successful) { 663517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStrongAuthTracker.allowTrustFromUnlock(userId); 664517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 665517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 66682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 66782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo info = mActiveAgents.valueAt(i); 66882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.userId == userId) { 66982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos info.agent.onUnlockAttempt(successful); 67082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 67182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 672237b061182d36fd3bf2238092ccf3d529ec8877bJorim Jaggi } 673237b061182d36fd3bf2238092ccf3d529ec8877bJorim Jaggi 674327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal private void dispatchUnlockLockout(int timeoutMs, int userId) { 675327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal for (int i = 0; i < mActiveAgents.size(); i++) { 676327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal AgentInfo info = mActiveAgents.valueAt(i); 677327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (info.userId == userId) { 678327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal info.agent.onUnlockLockout(timeoutMs); 679327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 680327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 681327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 682327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal 68382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Listeners 68482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 68582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void addListener(ITrustListener listener) { 68682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 68782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (mTrustListeners.get(i).asBinder() == listener.asBinder()) { 68882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return; 68982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 69082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 69182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mTrustListeners.add(listener); 6923870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos updateTrustAll(); 69382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 69482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 69582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void removeListener(ITrustListener listener) { 69682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 69782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (mTrustListeners.get(i).asBinder() == listener.asBinder()) { 698979a32e4a0133e0b55210247aa776f57c17b9b9aJay Civelli mTrustListeners.remove(i); 69982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return; 70082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 70182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 70282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 70382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 70494e15a59b757678949cccb5d783bee1638e84697Adrian Roos private void dispatchOnTrustChanged(boolean enabled, int userId, int flags) { 705517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 706517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onTrustChanged(" + enabled + ", " + userId + ", 0x" 707517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + Integer.toHexString(flags) + ")"); 708517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 70994e15a59b757678949cccb5d783bee1638e84697Adrian Roos if (!enabled) flags = 0; 71082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 71182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 71294e15a59b757678949cccb5d783bee1638e84697Adrian Roos mTrustListeners.get(i).onTrustChanged(enabled, userId, flags); 713a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos } catch (DeadObjectException e) { 7147861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.d(TAG, "Removing dead TrustListener."); 7157861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mTrustListeners.remove(i); 7167861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos i--; 7177861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (RemoteException e) { 7187861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.e(TAG, "Exception while notifying TrustListener.", e); 7197861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7207861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7217861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7227861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 7237861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private void dispatchOnTrustManagedChanged(boolean managed, int userId) { 724517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 725517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onTrustManagedChanged(" + managed + ", " + userId + ")"); 726517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 7277861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 7287861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos try { 7297861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mTrustListeners.get(i).onTrustManagedChanged(managed, userId); 7307861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (DeadObjectException e) { 7317861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.d(TAG, "Removing dead TrustListener."); 732a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos mTrustListeners.remove(i); 733a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos i--; 73482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 735a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos Slog.e(TAG, "Exception while notifying TrustListener.", e); 73682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 73782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 73882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 73982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 740cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos // User lifecycle 741cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 742cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos @Override 743cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos public void onStartUser(int userId) { 744481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget(); 745cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 746cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 747cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos @Override 748cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos public void onCleanupUser(int userId) { 749481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget(); 750481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 751481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 752481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @Override 753481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void onSwitchUser(int userId) { 754481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget(); 755cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 756cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 75768771eb837b0a7b94c120a450624d392496413ceAdrian Roos @Override 75868771eb837b0a7b94c120a450624d392496413ceAdrian Roos public void onUnlockUser(int userId) { 75968771eb837b0a7b94c120a450624d392496413ceAdrian Roos mHandler.obtainMessage(MSG_UNLOCK_USER, userId, 0, null).sendToTarget(); 76068771eb837b0a7b94c120a450624d392496413ceAdrian Roos } 76168771eb837b0a7b94c120a450624d392496413ceAdrian Roos 76285a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull @Override 76385a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull public void onStopUser(@UserIdInt int userId) { 76485a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull mHandler.obtainMessage(MSG_STOP_USER, userId, 0, null).sendToTarget(); 76585a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 76685a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull 76782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Plumbing 76882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 76982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final IBinder mService = new ITrustManager.Stub() { 77082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 77182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException { 77282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceReportPermission(); 77382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId) 77482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos .sendToTarget(); 77582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 77682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 77782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 778327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal public void reportUnlockLockout(int timeoutMs, int userId) throws RemoteException { 779327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal enforceReportPermission(); 780327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_LOCKOUT, timeoutMs, userId) 781327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal .sendToTarget(); 782327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 783327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal 784327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal @Override 78582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException { 78682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceReportPermission(); 78782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // coalesce refresh messages. 78882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED); 78982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED); 79082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 79182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 79282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 793481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void reportKeyguardShowingChanged() throws RemoteException { 794481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos enforceReportPermission(); 795481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos // coalesce refresh messages. 796481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED); 797481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED); 7985277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi 7995277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi // Make sure handler processes the message before returning, such that isDeviceLocked 8005277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi // after this call will retrieve the correct value. 8015277deaa591cabb163fa7ad0b139219c3f13313cJorim Jaggi mHandler.runWithScissors(() -> {}, 0); 802481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 803481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 804481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @Override 80582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void registerTrustListener(ITrustListener trustListener) throws RemoteException { 80682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceListenerPermission(); 80782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget(); 80882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 80982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 81082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 81182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException { 81282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceListenerPermission(); 81382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget(); 81482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 81582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 816bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos @Override 81750bfeec868157106e8b60abf8964cb24462af182Adrian Roos public boolean isDeviceLocked(int userId) throws RemoteException { 818bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, 81950bfeec868157106e8b60abf8964cb24462af182Adrian Roos false /* allowAll */, true /* requireFull */, "isDeviceLocked", null); 82050bfeec868157106e8b60abf8964cb24462af182Adrian Roos 821078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri long token = Binder.clearCallingIdentity(); 822078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri try { 823078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 824078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri userId = resolveProfileParent(userId); 825078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } 826078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri return isDeviceLockedInner(userId); 827078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } finally { 828078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri Binder.restoreCallingIdentity(token); 829078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } 830bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 831bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos 83282893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos @Override 83382893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos public boolean isDeviceSecure(int userId) throws RemoteException { 83482893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, 83582893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos false /* allowAll */, true /* requireFull */, "isDeviceSecure", null); 83682893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos 83782893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos long token = Binder.clearCallingIdentity(); 83882893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos try { 8398d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 8408d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri userId = resolveProfileParent(userId); 8418d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri } 842a1771110d67fa7361f92d92f2e91019882ce3305Clara Bayarri return mLockPatternUtils.isSecure(userId); 84382893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } finally { 84482893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos Binder.restoreCallingIdentity(token); 84582893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } 84682893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } 84782893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos 84882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void enforceReportPermission() { 8492c12cfa1d53b586ae8a8d6aca64a4de771dc85b0Adrian Roos mContext.enforceCallingOrSelfPermission( 8502c12cfa1d53b586ae8a8d6aca64a4de771dc85b0Adrian Roos Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events"); 85182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 85282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 85382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void enforceListenerPermission() { 85482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER, 85582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos "register trust listener"); 85682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 8577a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 8587a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos @Override 8597a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) { 860fe9a53bc45fd0124a876dc0a49680aaf86641d3eJeff Sharkey if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return; 86149d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (isSafeMode()) { 86249d53452e744f03593093f6588cea12a405f9ff5Adrian Roos fout.println("disabled because the system is in safe mode."); 86349d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 86449d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 865cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (!mTrustAgentsCanRun) { 866cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos fout.println("disabled because the third-party apps can't run yet."); 867cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return; 868cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 8697a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */); 8707a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mHandler.runWithScissors(new Runnable() { 8717a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos @Override 8727a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos public void run() { 8737a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println("Trust manager state:"); 8747a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos for (UserInfo user : userInfos) { 875481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos dumpUser(fout, user, user.id == mCurrentUser); 8767a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8777a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8787a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos }, 1500); 8797a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8807a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 8817a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) { 8827a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.printf(" User \"%s\" (id=%d, flags=%#x)", 8837a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos user.name, user.id, user.flags); 8847cb69df507f5f7956c52a2868a0d6e89aec6dde2Xiaohui Chen if (!user.supportsSwitchToByUser()) { 885481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.println("(managed profile)"); 886481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.println(" disabled because switching to this user is not possible."); 887481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos return; 888481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 8897a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (isCurrent) { 8907a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(" (current)"); 8917a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8927a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id))); 8937861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id))); 894481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id))); 895b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos fout.print(", strongAuthRequired=" + dumpHex( 896b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos mStrongAuthTracker.getStrongAuthForUser(user.id))); 8977a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(); 8987a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" Enabled agents:"); 8997a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos boolean duplicateSimpleNames = false; 9007a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos ArraySet<String> simpleNames = new ArraySet<String>(); 9017a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos for (AgentInfo info : mActiveAgents) { 9027a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (info.userId != user.id) { continue; } 9037a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos boolean trusted = info.agent.isTrusted(); 9047a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(" "); fout.println(info.component.flattenToShortString()); 905c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.print(" bound=" + dumpBool(info.agent.isBound())); 906c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.print(", connected=" + dumpBool(info.agent.isConnected())); 9077861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust())); 9087861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", trusted=" + dumpBool(trusted)); 9097861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.println(); 9107a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (trusted) { 9117a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" message=\"" + info.agent.getMessage() + "\""); 9127a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 913c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (!info.agent.isConnected()) { 914c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos String restartTime = TrustArchive.formatDuration( 915c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos info.agent.getScheduledRestartUptimeMillis() 916c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos - SystemClock.uptimeMillis()); 917c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.println(" restartScheduledAt=" + restartTime); 918c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 9197a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) { 9207a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos duplicateSimpleNames = true; 9217a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9227a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9237a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" Events:"); 9247a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mArchive.dump(fout, 50, user.id, " " /* linePrefix */, duplicateSimpleNames); 9257a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(); 9267a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9277a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 9287a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos private String dumpBool(boolean b) { 9297a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos return b ? "1" : "0"; 9307a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 931b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 932b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private String dumpHex(int i) { 933b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos return "0x" + Integer.toHexString(i); 934b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos } 93556878a93989a49538fabccfb7218face645030bfClara Bayarri 93656878a93989a49538fabccfb7218face645030bfClara Bayarri @Override 93783a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu public void setDeviceLockedForUser(int userId, boolean locked) { 93800a9b890853e9660dde5854fe786b80f6c3e616cClara Bayarri enforceReportPermission(); 939e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu final long identity = Binder.clearCallingIdentity(); 940e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu try { 941e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 942e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu synchronized (mDeviceLockedForUser) { 943e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu mDeviceLockedForUser.put(userId, locked); 944e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } 945e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu if (locked) { 946e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu try { 947dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0Sudheer Shanka ActivityManager.getService().notifyLockedProfile(userId); 948e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } catch (RemoteException e) { 949e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } 95083a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 95192b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee final Intent lockIntent = new Intent(Intent.ACTION_DEVICE_LOCKED_CHANGED); 95292b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee lockIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 95392b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee lockIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId); 95492b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee mContext.sendBroadcastAsUser(lockIntent, UserHandle.SYSTEM, 95592b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee Manifest.permission.TRUST_LISTENER, /* options */ null); 95683a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 957e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } finally { 958e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu Binder.restoreCallingIdentity(identity); 95983a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 96056878a93989a49538fabccfb7218face645030bfClara Bayarri } 961c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 962c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos @Override 963c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos public boolean isTrustUsuallyManaged(int userId) { 964c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER, 965c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos "query trust state"); 966c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return isTrustUsuallyManagedInternal(userId); 967c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 96882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 96982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 970c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private boolean isTrustUsuallyManagedInternal(int userId) { 971c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 972c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int i = mTrustUsuallyManagedForUser.indexOfKey(userId); 973c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (i >= 0) { 974c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return mTrustUsuallyManagedForUser.valueAt(i); 975c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 976c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 977c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // It's not in memory yet, get the value from persisted storage instead 978c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean persistedValue = mLockPatternUtils.isTrustUsuallyManaged(userId); 979c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 980c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int i = mTrustUsuallyManagedForUser.indexOfKey(userId); 981c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (i >= 0) { 982c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // Someone set the trust usually managed in the mean time. Better use that. 983c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return mTrustUsuallyManagedForUser.valueAt(i); 984c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } else { 985c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // .. otherwise it's safe to cache the fetched value now. 986c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mTrustUsuallyManagedForUser.put(userId, persistedValue); 987c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return persistedValue; 988c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 989c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 990c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 991c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 992bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private int resolveProfileParent(int userId) { 993bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos long identity = Binder.clearCallingIdentity(); 994bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos try { 995bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos UserInfo parent = mUserManager.getProfileParent(userId); 996bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos if (parent != null) { 997bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos return parent.getUserHandle().getIdentifier(); 998bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 999bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos return userId; 1000bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } finally { 1001bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos Binder.restoreCallingIdentity(identity); 1002bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 1003bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 1004bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos 100582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Handler mHandler = new Handler() { 100682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 100782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void handleMessage(Message msg) { 100882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos switch (msg.what) { 100982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_REGISTER_LISTENER: 101082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos addListener((ITrustListener) msg.obj); 101182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 101282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_UNREGISTER_LISTENER: 101382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos removeListener((ITrustListener) msg.obj); 101482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 101582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_DISPATCH_UNLOCK_ATTEMPT: 101682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2); 101782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 1018327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal case MSG_DISPATCH_UNLOCK_LOCKOUT: 1019327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal dispatchUnlockLockout(msg.arg1, msg.arg2); 1020327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal break; 102182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_ENABLED_AGENTS_CHANGED: 10224e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 1023481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos // This is also called when the security mode of a user changes. 1024481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(UserHandle.USER_ALL); 102582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 1026481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_KEYGUARD_SHOWING_CHANGED: 10277e2e40e127f5b421f946427071a20d0e9d88ca03Adrian Roos refreshDeviceLockedForUser(mCurrentUser); 1028481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 1029481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_START_USER: 1030481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_CLEANUP_USER: 103168771eb837b0a7b94c120a450624d392496413ceAdrian Roos case MSG_UNLOCK_USER: 1032481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshAgentList(msg.arg1); 1033481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 1034481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_SWITCH_USER: 1035481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mCurrentUser = msg.arg1; 1036481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(UserHandle.USER_ALL); 1037481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 103885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull case MSG_STOP_USER: 103985a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull setDeviceLockedForUser(msg.arg1, true); 104085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull break; 1041c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos case MSG_FLUSH_TRUST_USUALLY_MANAGED: 1042c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos SparseBooleanArray usuallyManaged; 1043c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1044c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos usuallyManaged = mTrustUsuallyManagedForUser.clone(); 1045c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1046c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 1047c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos for (int i = 0; i < usuallyManaged.size(); i++) { 1048c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int userId = usuallyManaged.keyAt(i); 1049c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean value = usuallyManaged.valueAt(i); 1050c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (value != mLockPatternUtils.isTrustUsuallyManaged(userId)) { 1051c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mLockPatternUtils.setTrustUsuallyManaged(value, userId); 1052c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1053c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 105468771eb837b0a7b94c120a450624d392496413ceAdrian Roos break; 105582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 105682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 105782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 105882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 105982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final PackageMonitor mPackageMonitor = new PackageMonitor() { 106082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 106182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onSomePackagesChanged() { 10624e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 106382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 106482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 106582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 106682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public boolean onPackageChanged(String packageName, int uid, String[] components) { 106782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // We're interested in all changes, even if just some components get enabled / disabled. 106882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return true; 106982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 1070c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 1071c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos @Override 1072c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos public void onPackageDisappeared(String packageName, int reason) { 1073c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos removeAgentsOfPackage(packageName); 1074c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 107582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 1076ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 107720914d79393aead044848a337ff4f802e4afb48eLingjun Li private static class SettingsAttrs { 107820914d79393aead044848a337ff4f802e4afb48eLingjun Li public ComponentName componentName; 107920914d79393aead044848a337ff4f802e4afb48eLingjun Li public boolean canUnlockProfile; 108020914d79393aead044848a337ff4f802e4afb48eLingjun Li 108120914d79393aead044848a337ff4f802e4afb48eLingjun Li public SettingsAttrs( 108220914d79393aead044848a337ff4f802e4afb48eLingjun Li ComponentName componentName, 108320914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean canUnlockProfile) { 108420914d79393aead044848a337ff4f802e4afb48eLingjun Li this.componentName = componentName; 108520914d79393aead044848a337ff4f802e4afb48eLingjun Li this.canUnlockProfile = canUnlockProfile; 108620914d79393aead044848a337ff4f802e4afb48eLingjun Li } 108720914d79393aead044848a337ff4f802e4afb48eLingjun Li }; 108820914d79393aead044848a337ff4f802e4afb48eLingjun Li 10899dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos private class Receiver extends BroadcastReceiver { 1090ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 1091ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos @Override 1092ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos public void onReceive(Context context, Intent intent) { 10933870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos String action = intent.getAction(); 10943870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action)) { 10954e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(getSendingUserId()); 10964e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci updateDevicePolicyFeatures(); 10973870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } else if (Intent.ACTION_USER_ADDED.equals(action)) { 1098cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = getUserId(intent); 10993870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (userId > 0) { 11003870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos maybeEnableFactoryTrustAgents(mLockPatternUtils, userId); 11013870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 1102cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 1103cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = getUserId(intent); 1104cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (userId > 0) { 1105481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mUserIsTrusted) { 1106481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mUserIsTrusted.delete(userId); 1107481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 1108481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mDeviceLockedForUser) { 1109481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mDeviceLockedForUser.delete(userId); 1110481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 1111ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1112ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos mTrustUsuallyManagedForUser.delete(userId); 1113ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos } 1114cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos refreshAgentList(userId); 1115481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(userId); 1116cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1117cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1118cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1119cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 1120cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private int getUserId(Intent intent) { 1121cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -100); 1122cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (userId > 0) { 1123cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return userId; 1124cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else { 1125cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos Slog.wtf(TAG, "EXTRA_USER_HANDLE missing or invalid, value=" + userId); 1126cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return -100; 1127ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1128ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1129ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 1130ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos public void register(Context context) { 11319dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos IntentFilter filter = new IntentFilter(); 11329dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 11333870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos filter.addAction(Intent.ACTION_USER_ADDED); 1134cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos filter.addAction(Intent.ACTION_USER_REMOVED); 1135ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos context.registerReceiverAsUser(this, 1136ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos UserHandle.ALL, 11379dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos filter, 1138ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos null /* permission */, 1139ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos null /* scheduler */); 1140ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1141ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1142517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1143517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker { 1144517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1145517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos SparseBooleanArray mStartFromSuccessfulUnlock = new SparseBooleanArray(); 1146517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1147517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos public StrongAuthTracker(Context context) { 1148517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos super(context); 1149517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1150517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1151517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos @Override 1152517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos public void onStrongAuthRequiredChanged(int userId) { 1153517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStartFromSuccessfulUnlock.delete(userId); 1154517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1155517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 1156517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onStrongAuthRequiredChanged(" + userId + ") ->" 1157517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " trustAllowed=" + isTrustAllowedForUser(userId) 1158517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " agentsCanRun=" + canAgentsRunForUser(userId)); 1159517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1160517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1161517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos refreshAgentList(userId); 1162517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1163517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos // The list of active trust agents may not have changed, if there was a previous call 1164517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos // to allowTrustFromUnlock, so we update the trust here too. 1165517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos updateTrust(userId, 0 /* flags */); 1166517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1167517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1168517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos boolean canAgentsRunForUser(int userId) { 1169517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos return mStartFromSuccessfulUnlock.get(userId) 1170517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos || super.isTrustAllowedForUser(userId); 1171517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1172517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1173517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos /** 1174517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * Temporarily suppress strong auth requirements for {@param userId} until strong auth 1175517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * changes again. Must only be called when we know about a successful unlock already 1176517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * before the underlying StrongAuthTracker. 1177517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * 1178517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * Note that this only changes whether trust agents can be started, not the actual trusted 1179517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * value. 1180517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos */ 1181517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos void allowTrustFromUnlock(int userId) { 1182517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userId < UserHandle.USER_SYSTEM) { 1183517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos throw new IllegalArgumentException("userId must be a valid user: " + userId); 1184517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1185517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos boolean previous = canAgentsRunForUser(userId); 1186517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStartFromSuccessfulUnlock.put(userId, true); 1187517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1188517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 1189517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "allowTrustFromUnlock(" + userId + ") ->" 1190517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " trustAllowed=" + isTrustAllowedForUser(userId) 1191517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " agentsCanRun=" + canAgentsRunForUser(userId)); 1192517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1193517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1194517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (canAgentsRunForUser(userId) != previous) { 1195517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos refreshAgentList(userId); 1196517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1197517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1198517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 119982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos} 1200