TrustManager.java revision c8d807aa19a9efdfbc13d43af62d0eb3e707bc54 
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
15 */
16
17package android.app.trust;
18
19import com.android.internal.widget.LockPatternUtils;
20
21import android.Manifest;
22import android.annotation.RequiresPermission;
23import android.os.Handler;
24import android.os.IBinder;
25import android.os.Looper;
26import android.os.Message;
27import android.os.RemoteException;
28import android.util.ArrayMap;
29import android.util.Log;
30
31/**
32 * See {@link com.android.server.trust.TrustManagerService}
33 * @hide
34 */
35public class TrustManager {
36
37    private static final int MSG_TRUST_CHANGED = 1;
38    private static final int MSG_TRUST_MANAGED_CHANGED = 2;
39
40    private static final String TAG = "TrustManager";
41    private static final String DATA_FLAGS = "initiatedByUser";
42
43    private final ITrustManager mService;
44    private final ArrayMap<TrustListener, ITrustListener> mTrustListeners;
45
46    public TrustManager(IBinder b) {
47        mService = ITrustManager.Stub.asInterface(b);
48        mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();
49    }
50
51    /**
52     * Changes the lock status for the given user. This is only applicable to Managed Profiles,
53     * other users should be handled by Keyguard.
54     *
55     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
56     *
57     * @param userId The id for the user to be locked/unlocked.
58     * @param locked The value for that user's locked state.
59     */
60    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
61    public void setDeviceLockedForUser(int userId, boolean locked) {
62        try {
63            mService.setDeviceLockedForUser(userId, locked);
64        } catch (RemoteException e) {
65            onError(e);
66        }
67    }
68
69    /**
70     * Reports that user {@param userId} has tried to unlock the device.
71     *
72     * @param successful if true, the unlock attempt was successful.
73     *
74     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
75     */
76    public void reportUnlockAttempt(boolean successful, int userId) {
77        try {
78            mService.reportUnlockAttempt(successful, userId);
79        } catch (RemoteException e) {
80            onError(e);
81        }
82    }
83
84    /**
85     * Reports that the list of enabled trust agents changed for user {@param userId}.
86     *
87     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
88     */
89    public void reportEnabledTrustAgentsChanged(int userId) {
90        try {
91            mService.reportEnabledTrustAgentsChanged(userId);
92        } catch (RemoteException e) {
93            onError(e);
94        }
95    }
96
97    /**
98     * Reports that the visibility of the keyguard has changed.
99     *
100     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
101     */
102    public void reportKeyguardShowingChanged() {
103        try {
104            mService.reportKeyguardShowingChanged();
105        } catch (RemoteException e) {
106            onError(e);
107        }
108    }
109
110    /**
111     * Registers a listener for trust events.
112     *
113     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
114     */
115    public void registerTrustListener(final TrustListener trustListener) {
116        try {
117            ITrustListener.Stub iTrustListener = new ITrustListener.Stub() {
118                @Override
119                public void onTrustChanged(boolean enabled, int userId, int flags) {
120                    Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId,
121                            trustListener);
122                    if (flags != 0) {
123                        m.getData().putInt(DATA_FLAGS, flags);
124                    }
125                    m.sendToTarget();
126                }
127
128                @Override
129                public void onTrustManagedChanged(boolean managed, int userId) {
130                    mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId,
131                            trustListener).sendToTarget();
132                }
133            };
134            mService.registerTrustListener(iTrustListener);
135            mTrustListeners.put(trustListener, iTrustListener);
136        } catch (RemoteException e) {
137            onError(e);
138        }
139    }
140
141    /**
142     * Unregisters a listener for trust events.
143     *
144     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
145     */
146    public void unregisterTrustListener(final TrustListener trustListener) {
147        ITrustListener iTrustListener = mTrustListeners.remove(trustListener);
148        if (iTrustListener != null) {
149            try {
150                mService.unregisterTrustListener(iTrustListener);
151            } catch (RemoteException e) {
152                onError(e);
153            }
154        }
155    }
156
157    /**
158     * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term
159     * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.
160     */
161    @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)
162    public boolean isTrustUsuallyManaged(int userId) {
163        try {
164            return mService.isTrustUsuallyManaged(userId);
165        } catch (RemoteException e) {
166            return false;
167        }
168    }
169
170
171
172    private void onError(Exception e) {
173        Log.e(TAG, "Error while calling TrustManagerService", e);
174    }
175
176    private final Handler mHandler = new Handler(Looper.getMainLooper()) {
177        @Override
178        public void handleMessage(Message msg) {
179            switch(msg.what) {
180                case MSG_TRUST_CHANGED:
181                    int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0;
182                    ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags);
183                    break;
184                case MSG_TRUST_MANAGED_CHANGED:
185                    ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2);
186            }
187        }
188    };
189
190    public interface TrustListener {
191
192        /**
193         * Reports that the trust state has changed.
194         * @param enabled if true, the system believes the environment to be trusted.
195         * @param userId the user, for which the trust changed.
196         * @param flags flags specified by the trust agent when granting trust. See
197         *     {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int)
198         *                 TrustAgentService.grantTrust(CharSequence, long, int)}.
199         */
200        void onTrustChanged(boolean enabled, int userId, int flags);
201
202        /**
203         * Reports that whether trust is managed has changed
204         * @param enabled if true, at least one trust agent is managing trust.
205         * @param userId the user, for which the state changed.
206         */
207        void onTrustManagedChanged(boolean enabled, int userId);
208    }
209}
210