TrustManager.java revision c13723f22e476b4558061942c001ee62eaca79e4
1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17package android.app.trust; 18 19import com.android.internal.widget.LockPatternUtils; 20 21import android.Manifest; 22import android.annotation.RequiresPermission; 23import android.os.Handler; 24import android.os.IBinder; 25import android.os.Looper; 26import android.os.Message; 27import android.os.RemoteException; 28import android.util.ArrayMap; 29import android.util.Log; 30 31/** 32 * See {@link com.android.server.trust.TrustManagerService} 33 * @hide 34 */ 35public class TrustManager { 36 37 private static final int MSG_TRUST_CHANGED = 1; 38 private static final int MSG_TRUST_MANAGED_CHANGED = 2; 39 40 private static final String TAG = "TrustManager"; 41 private static final String DATA_FLAGS = "initiatedByUser"; 42 43 private final ITrustManager mService; 44 private final ArrayMap<TrustListener, ITrustListener> mTrustListeners; 45 46 public TrustManager(IBinder b) { 47 mService = ITrustManager.Stub.asInterface(b); 48 mTrustListeners = new ArrayMap<TrustListener, ITrustListener>(); 49 } 50 51 /** 52 * Changes the lock status for the given user. This is only applicable to Managed Profiles, 53 * other users should be handled by Keyguard. 54 * 55 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 56 * 57 * @param userId The id for the user to be locked/unlocked. 58 * @param locked The value for that user's locked state. 59 */ 60 @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) 61 public void setDeviceLockedForUser(int userId, boolean locked) { 62 try { 63 mService.setDeviceLockedForUser(userId, locked); 64 } catch (RemoteException e) { 65 onError(e); 66 } 67 } 68 69 /** 70 * Reports that user {@param userId} has tried to unlock the device. 71 * 72 * @param successful if true, the unlock attempt was successful. 73 * 74 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 75 */ 76 public void reportUnlockAttempt(boolean successful, int userId) { 77 try { 78 mService.reportUnlockAttempt(successful, userId); 79 } catch (RemoteException e) { 80 onError(e); 81 } 82 } 83 84 /** 85 * Reports that the list of enabled trust agents changed for user {@param userId}. 86 * 87 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 88 */ 89 public void reportEnabledTrustAgentsChanged(int userId) { 90 try { 91 mService.reportEnabledTrustAgentsChanged(userId); 92 } catch (RemoteException e) { 93 onError(e); 94 } 95 } 96 97 /** 98 * Reports that the visibility of the keyguard has changed. 99 * 100 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 101 */ 102 public void reportKeyguardShowingChanged() { 103 try { 104 mService.reportKeyguardShowingChanged(); 105 } catch (RemoteException e) { 106 onError(e); 107 } 108 } 109 110 /** 111 * Registers a listener for trust events. 112 * 113 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 114 */ 115 public void registerTrustListener(final TrustListener trustListener) { 116 try { 117 ITrustListener.Stub iTrustListener = new ITrustListener.Stub() { 118 @Override 119 public void onTrustChanged(boolean enabled, int userId, int flags) { 120 Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId, 121 trustListener); 122 if (flags != 0) { 123 m.getData().putInt(DATA_FLAGS, flags); 124 } 125 m.sendToTarget(); 126 } 127 128 @Override 129 public void onTrustManagedChanged(boolean managed, int userId) { 130 mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId, 131 trustListener).sendToTarget(); 132 } 133 }; 134 mService.registerTrustListener(iTrustListener); 135 mTrustListeners.put(trustListener, iTrustListener); 136 } catch (RemoteException e) { 137 onError(e); 138 } 139 } 140 141 /** 142 * Unregisters a listener for trust events. 143 * 144 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 145 */ 146 public void unregisterTrustListener(final TrustListener trustListener) { 147 ITrustListener iTrustListener = mTrustListeners.remove(trustListener); 148 if (iTrustListener != null) { 149 try { 150 mService.unregisterTrustListener(iTrustListener); 151 } catch (RemoteException e) { 152 onError(e); 153 } 154 } 155 } 156 157 /** 158 * @return whether {@userId} has enabled and configured trust agents. Ignores short-term 159 * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}. 160 */ 161 @RequiresPermission(android.Manifest.permission.TRUST_LISTENER) 162 public boolean isTrustUsuallyManaged(int userId) { 163 try { 164 return mService.isTrustUsuallyManaged(userId); 165 } catch (RemoteException e) { 166 return false; 167 } 168 } 169 170 171 172 private void onError(Exception e) { 173 Log.e(TAG, "Error while calling TrustManagerService", e); 174 } 175 176 private final Handler mHandler = new Handler(Looper.getMainLooper()) { 177 @Override 178 public void handleMessage(Message msg) { 179 switch(msg.what) { 180 case MSG_TRUST_CHANGED: 181 int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0; 182 ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags); 183 break; 184 case MSG_TRUST_MANAGED_CHANGED: 185 ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2); 186 } 187 } 188 }; 189 190 public interface TrustListener { 191 192 /** 193 * Reports that the trust state has changed. 194 * @param enabled if true, the system believes the environment to be trusted. 195 * @param userId the user, for which the trust changed. 196 * @param flags flags specified by the trust agent when granting trust. See 197 * {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int) 198 * TrustAgentService.grantTrust(CharSequence, long, int)}. 199 */ 200 void onTrustChanged(boolean enabled, int userId, int flags); 201 202 /** 203 * Reports that whether trust is managed has changed 204 * @param enabled if true, at least one trust agent is managing trust. 205 * @param userId the user, for which the state changed. 206 */ 207 void onTrustManagedChanged(boolean enabled, int userId); 208 } 209} 210