TrustManagerService.java revision 327323d2b337077433fe02438a79cc98e91799e3
182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/* 282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Copyright (C) 2014 The Android Open Source Project 382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Licensed under the Apache License, Version 2.0 (the "License"); 582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * you may not use this file except in compliance with the License. 682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * You may obtain a copy of the License at 782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * http://www.apache.org/licenses/LICENSE-2.0 982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 1082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Unless required by applicable law or agreed to in writing, software 1182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * distributed under the License is distributed on an "AS IS" BASIS, 1282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * See the License for the specific language governing permissions and 1482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * limitations under the License 1582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 1682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 1782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospackage com.android.server.trust; 1882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport com.android.internal.annotations.GuardedBy; 2082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport com.android.internal.content.PackageMonitor; 2182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport com.android.internal.widget.LockPatternUtils; 2282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport com.android.server.SystemService; 2382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 2482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport org.xmlpull.v1.XmlPullParser; 2582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport org.xmlpull.v1.XmlPullParserException; 2682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 2782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.Manifest; 2885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scullimport android.annotation.UserIdInt; 29bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport android.app.ActivityManager; 30ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.app.admin.DevicePolicyManager; 3182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.app.trust.ITrustListener; 3282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.app.trust.ITrustManager; 33ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.content.BroadcastReceiver; 3482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.ComponentName; 3582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.Context; 3682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.Intent; 37ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roosimport android.content.IntentFilter; 383870d451f7d3913a05ffa144d03167bde9221adbAdrian Roosimport android.content.pm.ApplicationInfo; 3982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.PackageManager; 4082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.ResolveInfo; 4182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.pm.UserInfo; 4282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.Resources; 4382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.TypedArray; 4482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.content.res.XmlResourceParser; 4582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.graphics.drawable.Drawable; 46bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roosimport android.os.Binder; 475d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roosimport android.os.Build; 48a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roosimport android.os.DeadObjectException; 4982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Handler; 5082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.IBinder; 5182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.Message; 52e303bf443532c2ad756260133f00747bcff11e69Jim Millerimport android.os.PersistableBundle; 5382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.RemoteException; 54c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roosimport android.os.SystemClock; 5582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.UserHandle; 5682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.os.UserManager; 5768771eb837b0a7b94c120a450624d392496413ceAdrian Roosimport android.os.storage.StorageManager; 583870d451f7d3913a05ffa144d03167bde9221adbAdrian Roosimport android.provider.Settings; 5982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.service.trust.TrustAgentService; 6082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.ArraySet; 6182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.AttributeSet; 6218ea893a2319e2a192188d2288bb881149c9b06eAdrian Roosimport android.util.Log; 6382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Slog; 647046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roosimport android.util.SparseBooleanArray; 6582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport android.util.Xml; 66481a6df99fea124bc4354da34ff668750cdc9041Adrian Roosimport android.view.IWindowManager; 6750bfeec868157106e8b60abf8964cb24462af182Adrian Roosimport android.view.WindowManagerGlobal; 6882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 697a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roosimport java.io.FileDescriptor; 7082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.io.IOException; 717a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roosimport java.io.PrintWriter; 7282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.util.ArrayList; 7382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roosimport java.util.List; 7482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 7582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos/** 7682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Manages trust agents and trust listeners. 7782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 7882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s 7982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * of each user and notifies them about events that are relevant to them. 8082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It start and stops them based on the value of 8182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}. 8282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 8382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the 8482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * trust state changes for any user. 8582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * 8682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * Trust state and the setting of enabled agents is kept per user and each user has its own 8782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos * instance of a {@link android.service.trust.TrustAgentService}. 8882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos */ 8982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roospublic class TrustManagerService extends SystemService { 9082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final String TAG = "TrustManagerService"; 915d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos static final boolean DEBUG = Build.IS_DEBUGGABLE && Log.isLoggable(TAG, Log.VERBOSE); 9282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 9382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final Intent TRUST_AGENT_INTENT = 9482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos new Intent(TrustAgentService.SERVICE_INTERFACE); 9518ea893a2319e2a192188d2288bb881149c9b06eAdrian Roos private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT; 9682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 9782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_REGISTER_LISTENER = 1; 9882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_UNREGISTER_LISTENER = 2; 9982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3; 10082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final int MSG_ENABLED_AGENTS_CHANGED = 4; 101481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6; 102481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_START_USER = 7; 103481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_CLEANUP_USER = 8; 104481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private static final int MSG_SWITCH_USER = 9; 10583a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu private static final int MSG_FLUSH_TRUST_USUALLY_MANAGED = 10; 10683a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu private static final int MSG_UNLOCK_USER = 11; 10785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull private static final int MSG_STOP_USER = 12; 108327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal private static final int MSG_DISPATCH_UNLOCK_LOCKOUT = 13; 109c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 110517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000; 11182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 112b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<>(); 113b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<>(); 1149dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos private final Receiver mReceiver = new Receiver(); 115b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 1167a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos /* package */ final TrustArchive mArchive = new TrustArchive(); 11782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Context mContext; 1183870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private final LockPatternUtils mLockPatternUtils; 119bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private final UserManager mUserManager; 120cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private final ActivityManager mActivityManager; 12182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 122bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos @GuardedBy("mUserIsTrusted") 123bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray(); 12482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 125481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @GuardedBy("mDeviceLockedForUser") 126481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray(); 127481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 128c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos @GuardedBy("mDeviceLockedForUser") 129c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray(); 130c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 131a7aa4d6f0b91e050c083c19459b0c8b265c92617Rakesh Iyer private final StrongAuthTracker mStrongAuthTracker; 132a7aa4d6f0b91e050c083c19459b0c8b265c92617Rakesh Iyer 133cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private boolean mTrustAgentsCanRun = false; 13409e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen private int mCurrentUser = UserHandle.USER_SYSTEM; 135cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 13682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public TrustManagerService(Context context) { 13782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos super(context); 13882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mContext = context; 13982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); 140cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE); 1413870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos mLockPatternUtils = new LockPatternUtils(context); 142517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStrongAuthTracker = new StrongAuthTracker(context); 14382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 14582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 14682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onStart() { 14782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos publishBinderService(Context.TRUST_SERVICE, mService); 14882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 14982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 15082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 15182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onBootPhase(int phase) { 15249d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (isSafeMode()) { 15349d53452e744f03593093f6588cea12a405f9ff5Adrian Roos // No trust agents in safe mode. 15449d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 15549d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 15649d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) { 15782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true); 1589dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos mReceiver.register(mContext); 159b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker); 160cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { 161cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos mTrustAgentsCanRun = true; 1624e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 163605733b09a187b1d520ebe125d6a03ef04c303b5Xiaohui Chen refreshDeviceLockedForUser(UserHandle.USER_ALL); 16449d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } else if (phase == SystemService.PHASE_BOOT_COMPLETED) { 16509e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_SYSTEM); 16682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 16782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 16882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 16982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Agent management 17082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 17182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private static final class AgentInfo { 17282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos CharSequence label; 17382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Drawable icon; 17482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ComponentName component; // service that implements ITrustAgent 17520914d79393aead044848a337ff4f802e4afb48eLingjun Li SettingsAttrs settings; // setting to launch to modify agent. 17682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TrustAgentWrapper agent; 17782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos int userId; 17882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 17982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 18082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public boolean equals(Object other) { 18182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (!(other instanceof AgentInfo)) { 18282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return false; 18382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 18482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo o = (AgentInfo) other; 18582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return component.equals(o.component) && userId == o.userId; 18682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 18782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 18882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 18982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public int hashCode() { 19082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return component.hashCode() * 31 + userId; 19182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 19482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void updateTrustAll() { 19582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */); 19682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (UserInfo userInfo : userInfos) { 19794e15a59b757678949cccb5d783bee1638e84697Adrian Roos updateTrust(userInfo.id, 0); 19882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 19982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 20082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 20194e15a59b757678949cccb5d783bee1638e84697Adrian Roos public void updateTrust(int userId, int flags) { 202c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean managed = aggregateIsTrustManaged(userId); 203c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos dispatchOnTrustManagedChanged(managed, userId); 204c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (mStrongAuthTracker.isTrustAllowedForUser(userId) 205c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos && isTrustUsuallyManagedInternal(userId) != managed) { 206c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos updateTrustUsuallyManaged(userId, managed); 207c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 208bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos boolean trusted = aggregateIsTrusted(userId); 209481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean changed; 210bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos synchronized (mUserIsTrusted) { 211481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos changed = mUserIsTrusted.get(userId) != trusted; 212bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos mUserIsTrusted.put(userId, trusted); 213bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 21494e15a59b757678949cccb5d783bee1638e84697Adrian Roos dispatchOnTrustChanged(trusted, userId, flags); 215481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (changed) { 216481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(userId); 217481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 21882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 21982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 220c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private void updateTrustUsuallyManaged(int userId, boolean managed) { 221c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 222c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mTrustUsuallyManagedForUser.put(userId, managed); 223c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 224c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // Wait a few minutes before committing to flash, in case the trust agent is transiently not 225c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // managing trust (crashed, needs to acknowledge DPM restrictions, etc). 226c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.removeMessages(MSG_FLUSH_TRUST_USUALLY_MANAGED); 227c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.sendMessageDelayed( 228c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mHandler.obtainMessage(MSG_FLUSH_TRUST_USUALLY_MANAGED), 229c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos TRUST_USUALLY_MANAGED_FLUSH_DELAY); 230c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 231c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 232517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos void refreshAgentList(int userIdOrAll) { 233517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList(" + userIdOrAll + ")"); 234cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (!mTrustAgentsCanRun) { 23549d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 23649d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 237517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll != UserHandle.USER_ALL && userIdOrAll < UserHandle.USER_SYSTEM) { 238517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.e(TAG, "refreshAgentList(userId=" + userIdOrAll + "): Invalid user handle," 239e681c27dc62006358102a250b46726b7a88efe06Adrian Roos + " must be USER_ALL or a specific user.", new Throwable("here")); 240517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos userIdOrAll = UserHandle.USER_ALL; 241e681c27dc62006358102a250b46726b7a88efe06Adrian Roos } 24282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos PackageManager pm = mContext.getPackageManager(); 24382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 2444e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci List<UserInfo> userInfos; 245517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL) { 2464e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci userInfos = mUserManager.getUsers(true /* excludeDying */); 2474e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci } else { 2484e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci userInfos = new ArrayList<>(); 249517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos userInfos.add(mUserManager.getUserInfo(userIdOrAll)); 2504e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci } 2513870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos LockPatternUtils lockPatternUtils = mLockPatternUtils; 25282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 253c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>(); 254c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos obsoleteAgents.addAll(mActiveAgents); 25582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 25682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (UserInfo userInfo : userInfos) { 257fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos if (userInfo == null || userInfo.partial || !userInfo.isEnabled() 258fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos || userInfo.guestToRemove) continue; 2595d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!userInfo.supportsSwitchToByUser()) { 2605d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2615d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": switchToByUser=false"); 2625d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2635d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2645d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!mActivityManager.isUserRunning(userInfo.id)) { 2655d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2665d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": user not started"); 2675d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2685d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2695d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!lockPatternUtils.isSecure(userInfo.id)) { 2705d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2715d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": no secure credential"); 2725d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2735d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 27420914d79393aead044848a337ff4f802e4afb48eLingjun Li 2758f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager(); 2768f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id); 277604e7558ef32098644b2f9456d7743a07ae789dcJim Miller final boolean disableTrustAgents = 278ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 279ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 28082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id); 2818f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (enabledAgents == null) { 2825d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 2835d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": no agents enabled by user"); 28482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos continue; 28582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 2863870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id); 28782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 28882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos ComponentName name = getComponentName(resolveInfo); 28982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 2905d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (!enabledAgents.contains(name)) { 2915d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping " 2925d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + name.flattenToShortString() + " u"+ userInfo.id 2935d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": not enabled by user"); 2945d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 2955d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 2968f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (disableTrustAgents) { 297e303bf443532c2ad756260133f00747bcff11e69Jim Miller List<PersistableBundle> config = 298e303bf443532c2ad756260133f00747bcff11e69Jim Miller dpm.getTrustAgentConfiguration(null /* admin */, name, userInfo.id); 2998f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos // Disable agent if no features are enabled. 3005d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (config == null || config.isEmpty()) { 3015d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping " 3025d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + name.flattenToShortString() + " u"+ userInfo.id 3035d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos + ": not allowed by DPM"); 3045d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos continue; 3055d639783a3619ef5f70af31b4ed420455d1e7329Adrian Roos } 3068f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 30782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo agentInfo = new AgentInfo(); 30882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.component = name; 30982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.userId = userInfo.id; 31082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (!mActiveAgents.contains(agentInfo)) { 31182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.label = resolveInfo.loadLabel(pm); 31282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.icon = resolveInfo.loadIcon(pm); 31320914d79393aead044848a337ff4f802e4afb48eLingjun Li agentInfo.settings = getSettingsAttrs(pm, resolveInfo); 31482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos agentInfo.agent = new TrustAgentWrapper(mContext, this, 31582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos new Intent().setComponent(name), userInfo.getUserHandle()); 31620914d79393aead044848a337ff4f802e4afb48eLingjun Li } else { 31720914d79393aead044848a337ff4f802e4afb48eLingjun Li int index = mActiveAgents.indexOf(agentInfo); 31820914d79393aead044848a337ff4f802e4afb48eLingjun Li agentInfo = mActiveAgents.valueAt(index); 31920914d79393aead044848a337ff4f802e4afb48eLingjun Li } 32020914d79393aead044848a337ff4f802e4afb48eLingjun Li 32120914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean directUnlock = resolveInfo.serviceInfo.directBootAware 32220914d79393aead044848a337ff4f802e4afb48eLingjun Li && agentInfo.settings.canUnlockProfile; 32320914d79393aead044848a337ff4f802e4afb48eLingjun Li 32420914d79393aead044848a337ff4f802e4afb48eLingjun Li if (directUnlock) { 32520914d79393aead044848a337ff4f802e4afb48eLingjun Li if (DEBUG) Slog.d(TAG, "refreshAgentList: trustagent " + name 32620914d79393aead044848a337ff4f802e4afb48eLingjun Li + "of user " + userInfo.id + "can unlock user profile."); 32720914d79393aead044848a337ff4f802e4afb48eLingjun Li } 32820914d79393aead044848a337ff4f802e4afb48eLingjun Li 32920914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!StorageManager.isUserKeyUnlocked(userInfo.id) 33020914d79393aead044848a337ff4f802e4afb48eLingjun Li && !directUnlock) { 33120914d79393aead044848a337ff4f802e4afb48eLingjun Li if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 33220914d79393aead044848a337ff4f802e4afb48eLingjun Li + "'s trust agent " + name + ": FDE still locked and " 33320914d79393aead044848a337ff4f802e4afb48eLingjun Li + " the agent cannot unlock user profile."); 33420914d79393aead044848a337ff4f802e4afb48eLingjun Li continue; 33520914d79393aead044848a337ff4f802e4afb48eLingjun Li } 33620914d79393aead044848a337ff4f802e4afb48eLingjun Li 33720914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id)) { 33820914d79393aead044848a337ff4f802e4afb48eLingjun Li int flag = mStrongAuthTracker.getStrongAuthForUser(userInfo.id); 339327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT) { 340327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT 341327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal || !directUnlock) { 342327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (DEBUG) 343327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id 344327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal + ": prevented by StrongAuthTracker = 0x" 345327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal + Integer.toHexString(mStrongAuthTracker.getStrongAuthForUser( 346327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal userInfo.id))); 347327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal continue; 348327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 34920914d79393aead044848a337ff4f802e4afb48eLingjun Li } 35020914d79393aead044848a337ff4f802e4afb48eLingjun Li } 35120914d79393aead044848a337ff4f802e4afb48eLingjun Li 35220914d79393aead044848a337ff4f802e4afb48eLingjun Li if (!mActiveAgents.contains(agentInfo)) { 35382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mActiveAgents.add(agentInfo); 35482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } else { 355c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos obsoleteAgents.remove(agentInfo); 35682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 35782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 35882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 35982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 36082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos boolean trustMayHaveChanged = false; 361c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = 0; i < obsoleteAgents.size(); i++) { 362c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = obsoleteAgents.valueAt(i); 363517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL || userIdOrAll == info.userId) { 364e681c27dc62006358102a250b46726b7a88efe06Adrian Roos if (info.agent.isManagingTrust()) { 365e681c27dc62006358102a250b46726b7a88efe06Adrian Roos trustMayHaveChanged = true; 366e681c27dc62006358102a250b46726b7a88efe06Adrian Roos } 367fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 368e681c27dc62006358102a250b46726b7a88efe06Adrian Roos mActiveAgents.remove(info); 36982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 37082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 37182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 37282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (trustMayHaveChanged) { 373517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userIdOrAll == UserHandle.USER_ALL) { 374cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos updateTrustAll(); 375cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else { 376517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos updateTrust(userIdOrAll, 0); 377cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 37882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 37982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 38082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 381481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean isDeviceLockedInner(int userId) { 382481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mDeviceLockedForUser) { 383481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos return mDeviceLockedForUser.get(userId, true); 384481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 385481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 386481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 387481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private void refreshDeviceLockedForUser(int userId) { 38809e02917ff7bb36b89d13fd5df10d2d3c43d5fe9Xiaohui Chen if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) { 3897e2e40e127f5b421f946427071a20d0e9d88ca03Adrian Roos Log.e(TAG, "refreshDeviceLockedForUser(userId=" + userId + "): Invalid user handle," 390481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos + " must be USER_ALL or a specific user.", new Throwable("here")); 391481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userId = UserHandle.USER_ALL; 392481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 393481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 394481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos List<UserInfo> userInfos; 395481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (userId == UserHandle.USER_ALL) { 396481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos = mUserManager.getUsers(true /* excludeDying */); 397481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } else { 398481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos = new ArrayList<>(); 399481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos userInfos.add(mUserManager.getUserInfo(userId)); 400481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 401481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 402481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos IWindowManager wm = WindowManagerGlobal.getWindowManagerService(); 403481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 404481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos for (int i = 0; i < userInfos.size(); i++) { 405481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos UserInfo info = userInfos.get(i); 406481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 407481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (info == null || info.partial || !info.isEnabled() || info.guestToRemove 4087cb69df507f5f7956c52a2868a0d6e89aec6dde2Xiaohui Chen || !info.supportsSwitchToByUser()) { 409481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos continue; 410481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 411481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 412481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos int id = info.id; 413481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean secure = mLockPatternUtils.isSecure(id); 414481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean trusted = aggregateIsTrusted(id); 415481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean showingKeyguard = true; 416481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (mCurrentUser == id) { 417481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos try { 418481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos showingKeyguard = wm.isKeyguardLocked(); 419481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } catch (RemoteException e) { 420481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 421481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 422481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos boolean deviceLocked = secure && showingKeyguard && !trusted; 42385a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull setDeviceLockedForUser(id, deviceLocked); 42485a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 42585a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 426481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 42785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull private void setDeviceLockedForUser(@UserIdInt int userId, boolean locked) { 42885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull final boolean changed; 42985a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull synchronized (mDeviceLockedForUser) { 43085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull changed = isDeviceLockedInner(userId) != locked; 43185a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull mDeviceLockedForUser.put(userId, locked); 43285a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 43385a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull if (changed) { 43485a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull dispatchDeviceLocked(userId, locked); 435481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 436481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 437481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 438481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos private void dispatchDeviceLocked(int userId, boolean isLocked) { 439481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 440481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos AgentInfo agent = mActiveAgents.valueAt(i); 441481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (agent.userId == userId) { 442481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos if (isLocked) { 443481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos agent.agent.onDeviceLocked(); 444481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } else{ 445481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos agent.agent.onDeviceUnlocked(); 446481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 447481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 448481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 449481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 450481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 4514e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci void updateDevicePolicyFeatures() { 4529d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos boolean changed = false; 4538f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 4548f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 4558f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos if (info.agent.isConnected()) { 4568f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos info.agent.updateDevicePolicyFeatures(); 4579d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos changed = true; 4588f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4598f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4609d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos if (changed) { 4619d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos mArchive.logDevicePolicyChanged(); 4629d6fc9246ba0b726872a6a8dabe6c334292c3a10Adrian Roos } 4638f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos } 4648f21158fe64eb93ff005dc1b831b282b95531023Adrian Roos 465c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos private void removeAgentsOfPackage(String packageName) { 466c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos boolean trustMayHaveChanged = false; 467c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = mActiveAgents.size() - 1; i >= 0; i--) { 468c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 469c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (packageName.equals(info.component.getPackageName())) { 470c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos Log.i(TAG, "Resetting agent " + info.component.flattenToShortString()); 4717861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 472c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos trustMayHaveChanged = true; 473c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 474fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 475c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos mActiveAgents.removeAt(i); 476c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 477c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 478c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (trustMayHaveChanged) { 479c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos updateTrustAll(); 480c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 481c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 482c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 483c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos public void resetAgent(ComponentName name, int userId) { 484c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos boolean trustMayHaveChanged = false; 485c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos for (int i = mActiveAgents.size() - 1; i >= 0; i--) { 486c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 487c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (name.equals(info.component) && userId == info.userId) { 488c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos Log.i(TAG, "Resetting agent " + info.component.flattenToShortString()); 4897861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 490c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos trustMayHaveChanged = true; 491c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 492fc29e0b5829034d9c0a60882d2a21606b2f513b1Adrian Roos info.agent.destroy(); 493c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos mActiveAgents.removeAt(i); 494c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 495c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 496c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (trustMayHaveChanged) { 49794e15a59b757678949cccb5d783bee1638e84697Adrian Roos updateTrust(userId, 0); 498c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 4994e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(userId); 500c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 501c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 50220914d79393aead044848a337ff4f802e4afb48eLingjun Li private SettingsAttrs getSettingsAttrs(PackageManager pm, ResolveInfo resolveInfo) { 50382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (resolveInfo == null || resolveInfo.serviceInfo == null 50482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos || resolveInfo.serviceInfo.metaData == null) return null; 50582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos String cn = null; 50620914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean canUnlockProfile = false; 50720914d79393aead044848a337ff4f802e4afb48eLingjun Li 50882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos XmlResourceParser parser = null; 50982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Exception caughtException = null; 51082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 51182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos parser = resolveInfo.serviceInfo.loadXmlMetaData(pm, 51282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TrustAgentService.TRUST_AGENT_META_DATA); 51382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (parser == null) { 51482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Slog.w(TAG, "Can't find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data"); 51582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 51682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 51782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo); 51882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AttributeSet attrs = Xml.asAttributeSet(parser); 51982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos int type; 52082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 52182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos && type != XmlPullParser.START_TAG) { 52282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Drain preamble. 52382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 52482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos String nodeName = parser.getName(); 5257e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos if (!"trust-agent".equals(nodeName)) { 5267e03dfcb796ef1a6000a5fd5fda03c9e15ea62e1Adrian Roos Slog.w(TAG, "Meta-data does not start with trust-agent tag"); 52782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 52882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 52982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos TypedArray sa = res 53082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos .obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent); 53182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity); 53220914d79393aead044848a337ff4f802e4afb48eLingjun Li canUnlockProfile = sa.getBoolean( 53320914d79393aead044848a337ff4f802e4afb48eLingjun Li com.android.internal.R.styleable.TrustAgent_unlockProfile, false); 53482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos sa.recycle(); 53582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (PackageManager.NameNotFoundException e) { 53682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 53782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (IOException e) { 53882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 53982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (XmlPullParserException e) { 54082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos caughtException = e; 54182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } finally { 54282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (parser != null) parser.close(); 54382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 54482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (caughtException != null) { 54582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException); 54682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 54782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 54882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (cn == null) { 54982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return null; 55082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 55182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (cn.indexOf('/') < 0) { 55282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos cn = resolveInfo.serviceInfo.packageName + "/" + cn; 55382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 55420914d79393aead044848a337ff4f802e4afb48eLingjun Li return new SettingsAttrs(ComponentName.unflattenFromString(cn), canUnlockProfile); 55582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 55682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 55782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private ComponentName getComponentName(ResolveInfo resolveInfo) { 55882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (resolveInfo == null || resolveInfo.serviceInfo == null) return null; 55982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name); 56082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 56182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 5623870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) { 5633870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(), 5643870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) { 5653870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos return; 5663870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5673870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos PackageManager pm = mContext.getPackageManager(); 5683870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId); 5693870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ArraySet<ComponentName> discoveredAgents = new ArraySet<>(); 5703870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 5713870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ComponentName componentName = getComponentName(resolveInfo); 5723870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags; 5733870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if ((applicationInfoFlags & ApplicationInfo.FLAG_SYSTEM) == 0) { 5743870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Log.i(TAG, "Leaving agent " + componentName + " disabled because package " 5753870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos + "is not a system package."); 5763870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos continue; 5773870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5783870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos discoveredAgents.add(componentName); 5793870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5803870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 5813870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId); 5823870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (previouslyEnabledAgents != null) { 5833870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos discoveredAgents.addAll(previouslyEnabledAgents); 5843870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5853870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos utils.setEnabledTrustAgents(discoveredAgents, userId); 5863870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.putIntForUser(mContext.getContentResolver(), 5873870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId); 5883870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 5893870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 5903870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) { 5913870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT, 59220914d79393aead044848a337ff4f802e4afb48eLingjun Li PackageManager.GET_META_DATA | 59368771eb837b0a7b94c120a450624d392496413ceAdrian Roos PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 59468771eb837b0a7b94c120a450624d392496413ceAdrian Roos userId); 5953870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size()); 5963870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos for (ResolveInfo resolveInfo : resolveInfos) { 5973870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (resolveInfo.serviceInfo == null) continue; 5983870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (resolveInfo.serviceInfo.applicationInfo == null) continue; 5993870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos String packageName = resolveInfo.serviceInfo.packageName; 6003870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName) 6013870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos != PackageManager.PERMISSION_GRANTED) { 6023870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos ComponentName name = getComponentName(resolveInfo); 6033870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos Log.w(TAG, "Skipping agent " + name + " because package does not have" 6043870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos + " permission " + PERMISSION_PROVIDE_AGENT + "."); 6053870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos continue; 6063870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6073870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos allowedAgents.add(resolveInfo); 6083870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6093870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos return allowedAgents; 6103870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 6113870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos 61282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Agent dispatch and aggregation 61382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 61482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private boolean aggregateIsTrusted(int userId) { 615b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { 6167046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roos return false; 6177046bfd054b67fd3cfe8f462f7b9ea126652610fAdrian Roos } 61882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 61982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo info = mActiveAgents.valueAt(i); 62082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.userId == userId) { 62182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.agent.isTrusted()) { 62282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return true; 62382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 62482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 62582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 62682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return false; 62782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 62882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 6297861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private boolean aggregateIsTrustManaged(int userId) { 630b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { 6317861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return false; 6327861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6337861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 6347861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos AgentInfo info = mActiveAgents.valueAt(i); 6357861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.userId == userId) { 6367861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos if (info.agent.isManagingTrust()) { 6377861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return true; 6387861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6397861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6407861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6417861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos return false; 6427861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 6437861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 64482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void dispatchUnlockAttempt(boolean successful, int userId) { 645517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (successful) { 646517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStrongAuthTracker.allowTrustFromUnlock(userId); 647517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 648517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 64982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mActiveAgents.size(); i++) { 65082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos AgentInfo info = mActiveAgents.valueAt(i); 65182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (info.userId == userId) { 65282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos info.agent.onUnlockAttempt(successful); 65382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 65482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 655237b061182d36fd3bf2238092ccf3d529ec8877bJorim Jaggi } 656237b061182d36fd3bf2238092ccf3d529ec8877bJorim Jaggi 657327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal private void dispatchUnlockLockout(int timeoutMs, int userId) { 658327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal for (int i = 0; i < mActiveAgents.size(); i++) { 659327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal AgentInfo info = mActiveAgents.valueAt(i); 660327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal if (info.userId == userId) { 661327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal info.agent.onUnlockLockout(timeoutMs); 662327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 663327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 664327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 665327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal 66682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Listeners 66782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 66882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void addListener(ITrustListener listener) { 66982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 67082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (mTrustListeners.get(i).asBinder() == listener.asBinder()) { 67182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return; 67282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 67382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 67482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mTrustListeners.add(listener); 6753870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos updateTrustAll(); 67682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 67782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 67882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void removeListener(ITrustListener listener) { 67982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 68082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos if (mTrustListeners.get(i).asBinder() == listener.asBinder()) { 681979a32e4a0133e0b55210247aa776f57c17b9b9aJay Civelli mTrustListeners.remove(i); 68282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return; 68382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 68482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 68582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 68682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 68794e15a59b757678949cccb5d783bee1638e84697Adrian Roos private void dispatchOnTrustChanged(boolean enabled, int userId, int flags) { 688517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 689517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onTrustChanged(" + enabled + ", " + userId + ", 0x" 690517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + Integer.toHexString(flags) + ")"); 691517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 69294e15a59b757678949cccb5d783bee1638e84697Adrian Roos if (!enabled) flags = 0; 69382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 69482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos try { 69594e15a59b757678949cccb5d783bee1638e84697Adrian Roos mTrustListeners.get(i).onTrustChanged(enabled, userId, flags); 696a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos } catch (DeadObjectException e) { 6977861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.d(TAG, "Removing dead TrustListener."); 6987861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mTrustListeners.remove(i); 6997861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos i--; 7007861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (RemoteException e) { 7017861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.e(TAG, "Exception while notifying TrustListener.", e); 7027861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7037861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7047861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } 7057861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos 7067861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos private void dispatchOnTrustManagedChanged(boolean managed, int userId) { 707517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 708517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onTrustManagedChanged(" + managed + ", " + userId + ")"); 709517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 7107861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos for (int i = 0; i < mTrustListeners.size(); i++) { 7117861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos try { 7127861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos mTrustListeners.get(i).onTrustManagedChanged(managed, userId); 7137861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos } catch (DeadObjectException e) { 7147861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos Slog.d(TAG, "Removing dead TrustListener."); 715a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos mTrustListeners.remove(i); 716a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos i--; 71782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } catch (RemoteException e) { 718a4ba56ba879b83e2866c31b4eb395d38302a1769Adrian Roos Slog.e(TAG, "Exception while notifying TrustListener.", e); 71982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 72082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 72182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 72282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 723cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos // User lifecycle 724cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 725cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos @Override 726cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos public void onStartUser(int userId) { 727481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget(); 728cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 729cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 730cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos @Override 731cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos public void onCleanupUser(int userId) { 732481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget(); 733481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 734481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 735481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @Override 736481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void onSwitchUser(int userId) { 737481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget(); 738cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 739cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 74068771eb837b0a7b94c120a450624d392496413ceAdrian Roos @Override 74168771eb837b0a7b94c120a450624d392496413ceAdrian Roos public void onUnlockUser(int userId) { 74268771eb837b0a7b94c120a450624d392496413ceAdrian Roos mHandler.obtainMessage(MSG_UNLOCK_USER, userId, 0, null).sendToTarget(); 74368771eb837b0a7b94c120a450624d392496413ceAdrian Roos } 74468771eb837b0a7b94c120a450624d392496413ceAdrian Roos 74585a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull @Override 74685a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull public void onStopUser(@UserIdInt int userId) { 74785a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull mHandler.obtainMessage(MSG_STOP_USER, userId, 0, null).sendToTarget(); 74885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull } 74985a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull 75082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // Plumbing 75182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 75282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final IBinder mService = new ITrustManager.Stub() { 75382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 75482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException { 75582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceReportPermission(); 75682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId) 75782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos .sendToTarget(); 75882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 75982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 76082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 761327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal public void reportUnlockLockout(int timeoutMs, int userId) throws RemoteException { 762327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal enforceReportPermission(); 763327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_LOCKOUT, timeoutMs, userId) 764327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal .sendToTarget(); 765327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal } 766327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal 767327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal @Override 76882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException { 76982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceReportPermission(); 77082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // coalesce refresh messages. 77182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED); 77282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED); 77382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 77482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 77582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 776481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos public void reportKeyguardShowingChanged() throws RemoteException { 777481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos enforceReportPermission(); 778481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos // coalesce refresh messages. 779481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED); 780481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED); 781481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 782481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos 783481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos @Override 78482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void registerTrustListener(ITrustListener trustListener) throws RemoteException { 78582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceListenerPermission(); 78682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget(); 78782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 78882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 78982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 79082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException { 79182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos enforceListenerPermission(); 79282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget(); 79382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 79482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 795bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos @Override 79650bfeec868157106e8b60abf8964cb24462af182Adrian Roos public boolean isDeviceLocked(int userId) throws RemoteException { 797bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, 79850bfeec868157106e8b60abf8964cb24462af182Adrian Roos false /* allowAll */, true /* requireFull */, "isDeviceLocked", null); 79950bfeec868157106e8b60abf8964cb24462af182Adrian Roos 800078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri long token = Binder.clearCallingIdentity(); 801078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri try { 802078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 803078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri userId = resolveProfileParent(userId); 804078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } 805078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri return isDeviceLockedInner(userId); 806078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } finally { 807078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri Binder.restoreCallingIdentity(token); 808078e91b03a14b9e84f811a9941ca412f5d281dabClara Bayarri } 809bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 810bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos 81182893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos @Override 81282893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos public boolean isDeviceSecure(int userId) throws RemoteException { 81382893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, 81482893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos false /* allowAll */, true /* requireFull */, "isDeviceSecure", null); 81582893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos 81682893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos long token = Binder.clearCallingIdentity(); 81782893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos try { 8188d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 8198d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri userId = resolveProfileParent(userId); 8208d35de84456cec0c0e0c340d6444dcd4f46663b8Clara Bayarri } 821a1771110d67fa7361f92d92f2e91019882ce3305Clara Bayarri return mLockPatternUtils.isSecure(userId); 82282893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } finally { 82382893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos Binder.restoreCallingIdentity(token); 82482893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } 82582893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos } 82682893681ad6530eec8f2a9b4ecd2e039addf48b7Adrian Roos 82782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void enforceReportPermission() { 8282c12cfa1d53b586ae8a8d6aca64a4de771dc85b0Adrian Roos mContext.enforceCallingOrSelfPermission( 8292c12cfa1d53b586ae8a8d6aca64a4de771dc85b0Adrian Roos Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events"); 83082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 83182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 83282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private void enforceListenerPermission() { 83382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER, 83482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos "register trust listener"); 83582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 8367a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 8377a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos @Override 8387a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) { 8397a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mContext.enforceCallingPermission(Manifest.permission.DUMP, 8407a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos "dumping TrustManagerService"); 84149d53452e744f03593093f6588cea12a405f9ff5Adrian Roos if (isSafeMode()) { 84249d53452e744f03593093f6588cea12a405f9ff5Adrian Roos fout.println("disabled because the system is in safe mode."); 84349d53452e744f03593093f6588cea12a405f9ff5Adrian Roos return; 84449d53452e744f03593093f6588cea12a405f9ff5Adrian Roos } 845cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (!mTrustAgentsCanRun) { 846cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos fout.println("disabled because the third-party apps can't run yet."); 847cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return; 848cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 8497a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */); 8507a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mHandler.runWithScissors(new Runnable() { 8517a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos @Override 8527a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos public void run() { 8537a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println("Trust manager state:"); 8547a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos for (UserInfo user : userInfos) { 855481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos dumpUser(fout, user, user.id == mCurrentUser); 8567a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8577a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8587a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos }, 1500); 8597a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8607a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 8617a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) { 8627a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.printf(" User \"%s\" (id=%d, flags=%#x)", 8637a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos user.name, user.id, user.flags); 8647cb69df507f5f7956c52a2868a0d6e89aec6dde2Xiaohui Chen if (!user.supportsSwitchToByUser()) { 865481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.println("(managed profile)"); 866481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.println(" disabled because switching to this user is not possible."); 867481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos return; 868481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 8697a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (isCurrent) { 8707a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(" (current)"); 8717a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 8727a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id))); 8737861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id))); 874481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id))); 875b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos fout.print(", strongAuthRequired=" + dumpHex( 876b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos mStrongAuthTracker.getStrongAuthForUser(user.id))); 8777a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(); 8787a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" Enabled agents:"); 8797a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos boolean duplicateSimpleNames = false; 8807a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos ArraySet<String> simpleNames = new ArraySet<String>(); 8817a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos for (AgentInfo info : mActiveAgents) { 8827a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (info.userId != user.id) { continue; } 8837a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos boolean trusted = info.agent.isTrusted(); 8847a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.print(" "); fout.println(info.component.flattenToShortString()); 885c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.print(" bound=" + dumpBool(info.agent.isBound())); 886c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.print(", connected=" + dumpBool(info.agent.isConnected())); 8877861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust())); 8887861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.print(", trusted=" + dumpBool(trusted)); 8897861c663fd64af33ec2a4c5ad653c806dc8bd994Adrian Roos fout.println(); 8907a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (trusted) { 8917a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" message=\"" + info.agent.getMessage() + "\""); 8927a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 893c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos if (!info.agent.isConnected()) { 894c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos String restartTime = TrustArchive.formatDuration( 895c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos info.agent.getScheduledRestartUptimeMillis() 896c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos - SystemClock.uptimeMillis()); 897c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos fout.println(" restartScheduledAt=" + restartTime); 898c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 8997a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) { 9007a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos duplicateSimpleNames = true; 9017a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9027a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9037a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(" Events:"); 9047a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos mArchive.dump(fout, 50, user.id, " " /* linePrefix */, duplicateSimpleNames); 9057a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos fout.println(); 9067a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 9077a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos 9087a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos private String dumpBool(boolean b) { 9097a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos return b ? "1" : "0"; 9107a4f3d448b17b4bea190c906d7ecc7f8bec9ff80Adrian Roos } 911b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos 912b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos private String dumpHex(int i) { 913b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos return "0x" + Integer.toHexString(i); 914b5e4722891e7bbf2fffcd995af02838667a3ababAdrian Roos } 91556878a93989a49538fabccfb7218face645030bfClara Bayarri 91656878a93989a49538fabccfb7218face645030bfClara Bayarri @Override 91783a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu public void setDeviceLockedForUser(int userId, boolean locked) { 91800a9b890853e9660dde5854fe786b80f6c3e616cClara Bayarri enforceReportPermission(); 919e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu final long identity = Binder.clearCallingIdentity(); 920e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu try { 921e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { 922e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu synchronized (mDeviceLockedForUser) { 923e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu mDeviceLockedForUser.put(userId, locked); 924e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } 925e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu if (locked) { 926e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu try { 927dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0Sudheer Shanka ActivityManager.getService().notifyLockedProfile(userId); 928e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } catch (RemoteException e) { 929e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } 93083a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 93192b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee final Intent lockIntent = new Intent(Intent.ACTION_DEVICE_LOCKED_CHANGED); 93292b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee lockIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 93392b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee lockIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId); 93492b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee mContext.sendBroadcastAsUser(lockIntent, UserHandle.SYSTEM, 93592b83c6495abb3c091474b3a2f16dcbd949d6da7Robin Lee Manifest.permission.TRUST_LISTENER, /* options */ null); 93683a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 937e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu } finally { 938e07813326b59ec1ce359c9650f5539f6283c2592Rubin Xu Binder.restoreCallingIdentity(identity); 93983a15bca70884e3dcbf7d4ee23492fe531374ee7Rubin Xu } 94056878a93989a49538fabccfb7218face645030bfClara Bayarri } 941c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 942c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos @Override 943c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos public boolean isTrustUsuallyManaged(int userId) { 944c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER, 945c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos "query trust state"); 946c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return isTrustUsuallyManagedInternal(userId); 947c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 94882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 94982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 950c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos private boolean isTrustUsuallyManagedInternal(int userId) { 951c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 952c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int i = mTrustUsuallyManagedForUser.indexOfKey(userId); 953c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (i >= 0) { 954c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return mTrustUsuallyManagedForUser.valueAt(i); 955c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 956c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 957c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // It's not in memory yet, get the value from persisted storage instead 958c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean persistedValue = mLockPatternUtils.isTrustUsuallyManaged(userId); 959c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 960c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int i = mTrustUsuallyManagedForUser.indexOfKey(userId); 961c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (i >= 0) { 962c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // Someone set the trust usually managed in the mean time. Better use that. 963c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return mTrustUsuallyManagedForUser.valueAt(i); 964c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } else { 965c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos // .. otherwise it's safe to cache the fetched value now. 966c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mTrustUsuallyManagedForUser.put(userId, persistedValue); 967c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos return persistedValue; 968c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 969c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 970c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 971c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 972bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos private int resolveProfileParent(int userId) { 973bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos long identity = Binder.clearCallingIdentity(); 974bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos try { 975bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos UserInfo parent = mUserManager.getProfileParent(userId); 976bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos if (parent != null) { 977bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos return parent.getUserHandle().getIdentifier(); 978bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 979bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos return userId; 980bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } finally { 981bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos Binder.restoreCallingIdentity(identity); 982bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 983bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos } 984bcd076525ccb8a3dfe7d1002bcae059661c1d111Adrian Roos 98582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final Handler mHandler = new Handler() { 98682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 98782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void handleMessage(Message msg) { 98882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos switch (msg.what) { 98982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_REGISTER_LISTENER: 99082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos addListener((ITrustListener) msg.obj); 99182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 99282142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_UNREGISTER_LISTENER: 99382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos removeListener((ITrustListener) msg.obj); 99482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 99582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_DISPATCH_UNLOCK_ATTEMPT: 99682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2); 99782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 998327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal case MSG_DISPATCH_UNLOCK_LOCKOUT: 999327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal dispatchUnlockLockout(msg.arg1, msg.arg2); 1000327323d2b337077433fe02438a79cc98e91799e3Zachary Iqbal break; 100182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos case MSG_ENABLED_AGENTS_CHANGED: 10024e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 1003481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos // This is also called when the security mode of a user changes. 1004481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(UserHandle.USER_ALL); 100582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos break; 1006481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_KEYGUARD_SHOWING_CHANGED: 10077e2e40e127f5b421f946427071a20d0e9d88ca03Adrian Roos refreshDeviceLockedForUser(mCurrentUser); 1008481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 1009481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_START_USER: 1010481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_CLEANUP_USER: 101168771eb837b0a7b94c120a450624d392496413ceAdrian Roos case MSG_UNLOCK_USER: 1012481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshAgentList(msg.arg1); 1013481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 1014481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos case MSG_SWITCH_USER: 1015481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mCurrentUser = msg.arg1; 1016481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(UserHandle.USER_ALL); 1017481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos break; 101885a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull case MSG_STOP_USER: 101985a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull setDeviceLockedForUser(msg.arg1, true); 102085a63bc1a06870b5a86926b0bce94a2bf559e3f0Andrew Scull break; 1021c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos case MSG_FLUSH_TRUST_USUALLY_MANAGED: 1022c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos SparseBooleanArray usuallyManaged; 1023c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1024c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos usuallyManaged = mTrustUsuallyManagedForUser.clone(); 1025c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1026c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos 1027c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos for (int i = 0; i < usuallyManaged.size(); i++) { 1028c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos int userId = usuallyManaged.keyAt(i); 1029c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos boolean value = usuallyManaged.valueAt(i); 1030c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos if (value != mLockPatternUtils.isTrustUsuallyManaged(userId)) { 1031c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos mLockPatternUtils.setTrustUsuallyManaged(value, userId); 1032c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 1033c13723f22e476b4558061942c001ee62eaca79e4Adrian Roos } 103468771eb837b0a7b94c120a450624d392496413ceAdrian Roos break; 103582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 103682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 103782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 103882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 103982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos private final PackageMonitor mPackageMonitor = new PackageMonitor() { 104082142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 104182142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public void onSomePackagesChanged() { 10424e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(UserHandle.USER_ALL); 104382142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 104482142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos 104582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos @Override 104682142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos public boolean onPackageChanged(String packageName, int uid, String[] components) { 104782142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos // We're interested in all changes, even if just some components get enabled / disabled. 104882142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos return true; 104982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos } 1050c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos 1051c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos @Override 1052c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos public void onPackageDisappeared(String packageName, int reason) { 1053c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos removeAgentsOfPackage(packageName); 1054c5f95cea2639b698594a85acbde6a5519941d7b1Adrian Roos } 105582142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos }; 1056ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 105720914d79393aead044848a337ff4f802e4afb48eLingjun Li private static class SettingsAttrs { 105820914d79393aead044848a337ff4f802e4afb48eLingjun Li public ComponentName componentName; 105920914d79393aead044848a337ff4f802e4afb48eLingjun Li public boolean canUnlockProfile; 106020914d79393aead044848a337ff4f802e4afb48eLingjun Li 106120914d79393aead044848a337ff4f802e4afb48eLingjun Li public SettingsAttrs( 106220914d79393aead044848a337ff4f802e4afb48eLingjun Li ComponentName componentName, 106320914d79393aead044848a337ff4f802e4afb48eLingjun Li boolean canUnlockProfile) { 106420914d79393aead044848a337ff4f802e4afb48eLingjun Li this.componentName = componentName; 106520914d79393aead044848a337ff4f802e4afb48eLingjun Li this.canUnlockProfile = canUnlockProfile; 106620914d79393aead044848a337ff4f802e4afb48eLingjun Li } 106720914d79393aead044848a337ff4f802e4afb48eLingjun Li }; 106820914d79393aead044848a337ff4f802e4afb48eLingjun Li 10699dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos private class Receiver extends BroadcastReceiver { 1070ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 1071ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos @Override 1072ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos public void onReceive(Context context, Intent intent) { 10733870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos String action = intent.getAction(); 10743870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action)) { 10754e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci refreshAgentList(getSendingUserId()); 10764e68f11672bdb2d11b0da5cef942cfc9bfabd696Marco Fucci updateDevicePolicyFeatures(); 10773870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } else if (Intent.ACTION_USER_ADDED.equals(action)) { 1078cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = getUserId(intent); 10793870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos if (userId > 0) { 10803870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos maybeEnableFactoryTrustAgents(mLockPatternUtils, userId); 10813870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos } 1082cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 1083cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = getUserId(intent); 1084cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (userId > 0) { 1085481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mUserIsTrusted) { 1086481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mUserIsTrusted.delete(userId); 1087481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 1088481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos synchronized (mDeviceLockedForUser) { 1089481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos mDeviceLockedForUser.delete(userId); 1090481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos } 1091ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos synchronized (mTrustUsuallyManagedForUser) { 1092ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos mTrustUsuallyManagedForUser.delete(userId); 1093ae025828bba3328c6fc958154348c297b4c3e4e8Adrian Roos } 1094cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos refreshAgentList(userId); 1095481a6df99fea124bc4354da34ff668750cdc9041Adrian Roos refreshDeviceLockedForUser(userId); 1096cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1097cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1098cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } 1099cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos 1100cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos private int getUserId(Intent intent) { 1101cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -100); 1102cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos if (userId > 0) { 1103cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return userId; 1104cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos } else { 1105cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos Slog.wtf(TAG, "EXTRA_USER_HANDLE missing or invalid, value=" + userId); 1106cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos return -100; 1107ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1108ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1109ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos 1110ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos public void register(Context context) { 11119dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos IntentFilter filter = new IntentFilter(); 11129dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 11133870d451f7d3913a05ffa144d03167bde9221adbAdrian Roos filter.addAction(Intent.ACTION_USER_ADDED); 1114cbe614ff7d8770ddc01f1c7b048d9fe5d21a2dceAdrian Roos filter.addAction(Intent.ACTION_USER_REMOVED); 1115ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos context.registerReceiverAsUser(this, 1116ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos UserHandle.ALL, 11179dbe190099a34c6420541a36425d8c68007bc86eAdrian Roos filter, 1118ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos null /* permission */, 1119ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos null /* scheduler */); 1120ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1121ca36b95bd3e0cc8b6f1685bd57a09419db756b91Adrian Roos } 1122517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1123517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker { 1124517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1125517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos SparseBooleanArray mStartFromSuccessfulUnlock = new SparseBooleanArray(); 1126517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1127517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos public StrongAuthTracker(Context context) { 1128517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos super(context); 1129517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1130517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1131517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos @Override 1132517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos public void onStrongAuthRequiredChanged(int userId) { 1133517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStartFromSuccessfulUnlock.delete(userId); 1134517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1135517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 1136517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "onStrongAuthRequiredChanged(" + userId + ") ->" 1137517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " trustAllowed=" + isTrustAllowedForUser(userId) 1138517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " agentsCanRun=" + canAgentsRunForUser(userId)); 1139517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1140517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1141517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos refreshAgentList(userId); 1142517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1143517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos // The list of active trust agents may not have changed, if there was a previous call 1144517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos // to allowTrustFromUnlock, so we update the trust here too. 1145517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos updateTrust(userId, 0 /* flags */); 1146517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1147517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1148517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos boolean canAgentsRunForUser(int userId) { 1149517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos return mStartFromSuccessfulUnlock.get(userId) 1150517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos || super.isTrustAllowedForUser(userId); 1151517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1152517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1153517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos /** 1154517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * Temporarily suppress strong auth requirements for {@param userId} until strong auth 1155517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * changes again. Must only be called when we know about a successful unlock already 1156517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * before the underlying StrongAuthTracker. 1157517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * 1158517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * Note that this only changes whether trust agents can be started, not the actual trusted 1159517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos * value. 1160517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos */ 1161517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos void allowTrustFromUnlock(int userId) { 1162517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (userId < UserHandle.USER_SYSTEM) { 1163517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos throw new IllegalArgumentException("userId must be a valid user: " + userId); 1164517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1165517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos boolean previous = canAgentsRunForUser(userId); 1166517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos mStartFromSuccessfulUnlock.put(userId, true); 1167517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1168517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (DEBUG) { 1169517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos Log.i(TAG, "allowTrustFromUnlock(" + userId + ") ->" 1170517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " trustAllowed=" + isTrustAllowedForUser(userId) 1171517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos + " agentsCanRun=" + canAgentsRunForUser(userId)); 1172517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1173517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos 1174517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos if (canAgentsRunForUser(userId) != previous) { 1175517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos refreshAgentList(userId); 1176517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1177517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 1178517b3a4d9f76e4e351632b442f2fc68bd8100c46Adrian Roos } 117982142c21dd333307682d5f4bb09de3ab3ccfa06cAdrian Roos} 1180