TrustManager.java revision ec68b46bc85b2317053da7e2933876fc6e51ac2f
1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17package android.app.trust; 18 19import android.Manifest; 20import android.annotation.RequiresPermission; 21import android.annotation.SystemService; 22import android.content.Context; 23import android.os.Handler; 24import android.os.IBinder; 25import android.os.Looper; 26import android.os.Message; 27import android.os.RemoteException; 28import android.util.ArrayMap; 29 30/** 31 * See {@link com.android.server.trust.TrustManagerService} 32 * @hide 33 */ 34@SystemService(Context.TRUST_SERVICE) 35public class TrustManager { 36 37 private static final int MSG_TRUST_CHANGED = 1; 38 private static final int MSG_TRUST_MANAGED_CHANGED = 2; 39 40 private static final String TAG = "TrustManager"; 41 private static final String DATA_FLAGS = "initiatedByUser"; 42 43 private final ITrustManager mService; 44 private final ArrayMap<TrustListener, ITrustListener> mTrustListeners; 45 46 public TrustManager(IBinder b) { 47 mService = ITrustManager.Stub.asInterface(b); 48 mTrustListeners = new ArrayMap<TrustListener, ITrustListener>(); 49 } 50 51 /** 52 * Changes the lock status for the given user. This is only applicable to Managed Profiles, 53 * other users should be handled by Keyguard. 54 * 55 * @param userId The id for the user to be locked/unlocked. 56 * @param locked The value for that user's locked state. 57 */ 58 @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) 59 public void setDeviceLockedForUser(int userId, boolean locked) { 60 try { 61 mService.setDeviceLockedForUser(userId, locked); 62 } catch (RemoteException e) { 63 throw e.rethrowFromSystemServer(); 64 } 65 } 66 67 /** 68 * Reports that user {@param userId} has tried to unlock the device. 69 * 70 * @param successful if true, the unlock attempt was successful. 71 * 72 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 73 */ 74 public void reportUnlockAttempt(boolean successful, int userId) { 75 try { 76 mService.reportUnlockAttempt(successful, userId); 77 } catch (RemoteException e) { 78 throw e.rethrowFromSystemServer(); 79 } 80 } 81 82 /** 83 * Reports that user {@param userId} has entered a temporary device lockout. 84 * 85 * This generally occurs when the user has unsuccessfully tried to unlock the device too many 86 * times. The user will then be unable to unlock the device until a set amount of time has 87 * elapsed. 88 * 89 * @param timeout The amount of time that needs to elapse, in milliseconds, until the user may 90 * attempt to unlock the device again. 91 * 92 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 93 */ 94 public void reportUnlockLockout(int timeoutMs, int userId) { 95 try { 96 mService.reportUnlockLockout(timeoutMs, userId); 97 } catch (RemoteException e) { 98 throw e.rethrowFromSystemServer(); 99 } 100 } 101 102 /** 103 * Reports that the list of enabled trust agents changed for user {@param userId}. 104 * 105 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 106 */ 107 public void reportEnabledTrustAgentsChanged(int userId) { 108 try { 109 mService.reportEnabledTrustAgentsChanged(userId); 110 } catch (RemoteException e) { 111 throw e.rethrowFromSystemServer(); 112 } 113 } 114 115 /** 116 * Reports that the visibility of the keyguard has changed. 117 * 118 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 119 */ 120 public void reportKeyguardShowingChanged() { 121 try { 122 mService.reportKeyguardShowingChanged(); 123 } catch (RemoteException e) { 124 throw e.rethrowFromSystemServer(); 125 } 126 } 127 128 /** 129 * Registers a listener for trust events. 130 * 131 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 132 */ 133 public void registerTrustListener(final TrustListener trustListener) { 134 try { 135 ITrustListener.Stub iTrustListener = new ITrustListener.Stub() { 136 @Override 137 public void onTrustChanged(boolean enabled, int userId, int flags) { 138 Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId, 139 trustListener); 140 if (flags != 0) { 141 m.getData().putInt(DATA_FLAGS, flags); 142 } 143 m.sendToTarget(); 144 } 145 146 @Override 147 public void onTrustManagedChanged(boolean managed, int userId) { 148 mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId, 149 trustListener).sendToTarget(); 150 } 151 }; 152 mService.registerTrustListener(iTrustListener); 153 mTrustListeners.put(trustListener, iTrustListener); 154 } catch (RemoteException e) { 155 throw e.rethrowFromSystemServer(); 156 } 157 } 158 159 /** 160 * Unregisters a listener for trust events. 161 * 162 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 163 */ 164 public void unregisterTrustListener(final TrustListener trustListener) { 165 ITrustListener iTrustListener = mTrustListeners.remove(trustListener); 166 if (iTrustListener != null) { 167 try { 168 mService.unregisterTrustListener(iTrustListener); 169 } catch (RemoteException e) { 170 throw e.rethrowFromSystemServer(); 171 } 172 } 173 } 174 175 /** 176 * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term 177 * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}. 178 */ 179 @RequiresPermission(android.Manifest.permission.TRUST_LISTENER) 180 public boolean isTrustUsuallyManaged(int userId) { 181 try { 182 return mService.isTrustUsuallyManaged(userId); 183 } catch (RemoteException e) { 184 throw e.rethrowFromSystemServer(); 185 } 186 } 187 188 /** 189 * Updates the trust state for the user due to the user unlocking via fingerprint. 190 * Should only be called if user authenticated via fingerprint and bouncer can be skipped. 191 * @param userId 192 */ 193 @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) 194 public void unlockedByFingerprintForUser(int userId) { 195 try { 196 mService.unlockedByFingerprintForUser(userId); 197 } catch (RemoteException e) { 198 throw e.rethrowFromSystemServer(); 199 } 200 } 201 202 /** 203 * Clears authenticated fingerprints for all users. 204 */ 205 @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) 206 public void clearAllFingerprints() { 207 try { 208 mService.clearAllFingerprints(); 209 } catch (RemoteException e) { 210 throw e.rethrowFromSystemServer(); 211 } 212 } 213 214 private final Handler mHandler = new Handler(Looper.getMainLooper()) { 215 @Override 216 public void handleMessage(Message msg) { 217 switch(msg.what) { 218 case MSG_TRUST_CHANGED: 219 int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0; 220 ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags); 221 break; 222 case MSG_TRUST_MANAGED_CHANGED: 223 ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2); 224 } 225 } 226 }; 227 228 public interface TrustListener { 229 230 /** 231 * Reports that the trust state has changed. 232 * @param enabled if true, the system believes the environment to be trusted. 233 * @param userId the user, for which the trust changed. 234 * @param flags flags specified by the trust agent when granting trust. See 235 * {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int) 236 * TrustAgentService.grantTrust(CharSequence, long, int)}. 237 */ 238 void onTrustChanged(boolean enabled, int userId, int flags); 239 240 /** 241 * Reports that whether trust is managed has changed 242 * @param enabled if true, at least one trust agent is managing trust. 243 * @param userId the user, for which the state changed. 244 */ 245 void onTrustManagedChanged(boolean enabled, int userId); 246 } 247} 248