TrustManager.java revision ec68b46bc85b2317053da7e2933876fc6e51ac2f 
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
15 */
16
17package android.app.trust;
18
19import android.Manifest;
20import android.annotation.RequiresPermission;
21import android.annotation.SystemService;
22import android.content.Context;
23import android.os.Handler;
24import android.os.IBinder;
25import android.os.Looper;
26import android.os.Message;
27import android.os.RemoteException;
28import android.util.ArrayMap;
29
30/**
31 * See {@link com.android.server.trust.TrustManagerService}
32 * @hide
33 */
34@SystemService(Context.TRUST_SERVICE)
35public class TrustManager {
36
37    private static final int MSG_TRUST_CHANGED = 1;
38    private static final int MSG_TRUST_MANAGED_CHANGED = 2;
39
40    private static final String TAG = "TrustManager";
41    private static final String DATA_FLAGS = "initiatedByUser";
42
43    private final ITrustManager mService;
44    private final ArrayMap<TrustListener, ITrustListener> mTrustListeners;
45
46    public TrustManager(IBinder b) {
47        mService = ITrustManager.Stub.asInterface(b);
48        mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();
49    }
50
51    /**
52     * Changes the lock status for the given user. This is only applicable to Managed Profiles,
53     * other users should be handled by Keyguard.
54     *
55     * @param userId The id for the user to be locked/unlocked.
56     * @param locked The value for that user's locked state.
57     */
58    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
59    public void setDeviceLockedForUser(int userId, boolean locked) {
60        try {
61            mService.setDeviceLockedForUser(userId, locked);
62        } catch (RemoteException e) {
63            throw e.rethrowFromSystemServer();
64        }
65    }
66
67    /**
68     * Reports that user {@param userId} has tried to unlock the device.
69     *
70     * @param successful if true, the unlock attempt was successful.
71     *
72     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
73     */
74    public void reportUnlockAttempt(boolean successful, int userId) {
75        try {
76            mService.reportUnlockAttempt(successful, userId);
77        } catch (RemoteException e) {
78            throw e.rethrowFromSystemServer();
79        }
80    }
81
82    /**
83     * Reports that user {@param userId} has entered a temporary device lockout.
84     *
85     * This generally occurs when  the user has unsuccessfully tried to unlock the device too many
86     * times. The user will then be unable to unlock the device until a set amount of time has
87     * elapsed.
88     *
89     * @param timeout The amount of time that needs to elapse, in milliseconds, until the user may
90     *    attempt to unlock the device again.
91     *
92     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
93     */
94    public void reportUnlockLockout(int timeoutMs, int userId) {
95        try {
96            mService.reportUnlockLockout(timeoutMs, userId);
97        } catch (RemoteException e) {
98            throw e.rethrowFromSystemServer();
99        }
100    }
101
102    /**
103     * Reports that the list of enabled trust agents changed for user {@param userId}.
104     *
105     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
106     */
107    public void reportEnabledTrustAgentsChanged(int userId) {
108        try {
109            mService.reportEnabledTrustAgentsChanged(userId);
110        } catch (RemoteException e) {
111            throw e.rethrowFromSystemServer();
112        }
113    }
114
115    /**
116     * Reports that the visibility of the keyguard has changed.
117     *
118     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
119     */
120    public void reportKeyguardShowingChanged() {
121        try {
122            mService.reportKeyguardShowingChanged();
123        } catch (RemoteException e) {
124            throw e.rethrowFromSystemServer();
125        }
126    }
127
128    /**
129     * Registers a listener for trust events.
130     *
131     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
132     */
133    public void registerTrustListener(final TrustListener trustListener) {
134        try {
135            ITrustListener.Stub iTrustListener = new ITrustListener.Stub() {
136                @Override
137                public void onTrustChanged(boolean enabled, int userId, int flags) {
138                    Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId,
139                            trustListener);
140                    if (flags != 0) {
141                        m.getData().putInt(DATA_FLAGS, flags);
142                    }
143                    m.sendToTarget();
144                }
145
146                @Override
147                public void onTrustManagedChanged(boolean managed, int userId) {
148                    mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId,
149                            trustListener).sendToTarget();
150                }
151            };
152            mService.registerTrustListener(iTrustListener);
153            mTrustListeners.put(trustListener, iTrustListener);
154        } catch (RemoteException e) {
155            throw e.rethrowFromSystemServer();
156        }
157    }
158
159    /**
160     * Unregisters a listener for trust events.
161     *
162     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
163     */
164    public void unregisterTrustListener(final TrustListener trustListener) {
165        ITrustListener iTrustListener = mTrustListeners.remove(trustListener);
166        if (iTrustListener != null) {
167            try {
168                mService.unregisterTrustListener(iTrustListener);
169            } catch (RemoteException e) {
170                throw e.rethrowFromSystemServer();
171            }
172        }
173    }
174
175    /**
176     * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term
177     * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.
178     */
179    @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)
180    public boolean isTrustUsuallyManaged(int userId) {
181        try {
182            return mService.isTrustUsuallyManaged(userId);
183        } catch (RemoteException e) {
184            throw e.rethrowFromSystemServer();
185        }
186    }
187
188    /**
189     * Updates the trust state for the user due to the user unlocking via fingerprint.
190     * Should only be called if user authenticated via fingerprint and bouncer can be skipped.
191     * @param userId
192     */
193    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
194    public void unlockedByFingerprintForUser(int userId) {
195        try {
196            mService.unlockedByFingerprintForUser(userId);
197        } catch (RemoteException e) {
198            throw e.rethrowFromSystemServer();
199        }
200    }
201
202    /**
203     * Clears authenticated fingerprints for all users.
204     */
205    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
206    public void clearAllFingerprints() {
207        try {
208            mService.clearAllFingerprints();
209        } catch (RemoteException e) {
210            throw e.rethrowFromSystemServer();
211        }
212    }
213
214    private final Handler mHandler = new Handler(Looper.getMainLooper()) {
215        @Override
216        public void handleMessage(Message msg) {
217            switch(msg.what) {
218                case MSG_TRUST_CHANGED:
219                    int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0;
220                    ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags);
221                    break;
222                case MSG_TRUST_MANAGED_CHANGED:
223                    ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2);
224            }
225        }
226    };
227
228    public interface TrustListener {
229
230        /**
231         * Reports that the trust state has changed.
232         * @param enabled if true, the system believes the environment to be trusted.
233         * @param userId the user, for which the trust changed.
234         * @param flags flags specified by the trust agent when granting trust. See
235         *     {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int)
236         *                 TrustAgentService.grantTrust(CharSequence, long, int)}.
237         */
238        void onTrustChanged(boolean enabled, int userId, int flags);
239
240        /**
241         * Reports that whether trust is managed has changed
242         * @param enabled if true, at least one trust agent is managing trust.
243         * @param userId the user, for which the state changed.
244         */
245        void onTrustManagedChanged(boolean enabled, int userId);
246    }
247}
248