TrustManager.java revision f8880561e67e1da246970b49b14285efd4164ab1 
1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
15 */
16
17package android.app.trust;
18
19import android.Manifest;
20import android.annotation.RequiresPermission;
21import android.os.Handler;
22import android.os.IBinder;
23import android.os.Looper;
24import android.os.Message;
25import android.os.RemoteException;
26import android.util.ArrayMap;
27
28import com.android.internal.widget.LockPatternUtils;
29
30/**
31 * See {@link com.android.server.trust.TrustManagerService}
32 * @hide
33 */
34public class TrustManager {
35
36    private static final int MSG_TRUST_CHANGED = 1;
37    private static final int MSG_TRUST_MANAGED_CHANGED = 2;
38
39    private static final String TAG = "TrustManager";
40    private static final String DATA_FLAGS = "initiatedByUser";
41
42    private final ITrustManager mService;
43    private final ArrayMap<TrustListener, ITrustListener> mTrustListeners;
44
45    public TrustManager(IBinder b) {
46        mService = ITrustManager.Stub.asInterface(b);
47        mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();
48    }
49
50    /**
51     * Changes the lock status for the given user. This is only applicable to Managed Profiles,
52     * other users should be handled by Keyguard.
53     *
54     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
55     *
56     * @param userId The id for the user to be locked/unlocked.
57     * @param locked The value for that user's locked state.
58     */
59    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
60    public void setDeviceLockedForUser(int userId, boolean locked) {
61        try {
62            mService.setDeviceLockedForUser(userId, locked);
63        } catch (RemoteException e) {
64            throw e.rethrowFromSystemServer();
65        }
66    }
67
68    /**
69     * Reports that user {@param userId} has tried to unlock the device.
70     *
71     * @param successful if true, the unlock attempt was successful.
72     *
73     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
74     */
75    public void reportUnlockAttempt(boolean successful, int userId) {
76        try {
77            mService.reportUnlockAttempt(successful, userId);
78        } catch (RemoteException e) {
79            throw e.rethrowFromSystemServer();
80        }
81    }
82
83    /**
84     * Reports that the list of enabled trust agents changed for user {@param userId}.
85     *
86     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
87     */
88    public void reportEnabledTrustAgentsChanged(int userId) {
89        try {
90            mService.reportEnabledTrustAgentsChanged(userId);
91        } catch (RemoteException e) {
92            throw e.rethrowFromSystemServer();
93        }
94    }
95
96    /**
97     * Reports that the visibility of the keyguard has changed.
98     *
99     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
100     */
101    public void reportKeyguardShowingChanged() {
102        try {
103            mService.reportKeyguardShowingChanged();
104        } catch (RemoteException e) {
105            throw e.rethrowFromSystemServer();
106        }
107    }
108
109    /**
110     * Registers a listener for trust events.
111     *
112     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
113     */
114    public void registerTrustListener(final TrustListener trustListener) {
115        try {
116            ITrustListener.Stub iTrustListener = new ITrustListener.Stub() {
117                @Override
118                public void onTrustChanged(boolean enabled, int userId, int flags) {
119                    Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId,
120                            trustListener);
121                    if (flags != 0) {
122                        m.getData().putInt(DATA_FLAGS, flags);
123                    }
124                    m.sendToTarget();
125                }
126
127                @Override
128                public void onTrustManagedChanged(boolean managed, int userId) {
129                    mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId,
130                            trustListener).sendToTarget();
131                }
132            };
133            mService.registerTrustListener(iTrustListener);
134            mTrustListeners.put(trustListener, iTrustListener);
135        } catch (RemoteException e) {
136            throw e.rethrowFromSystemServer();
137        }
138    }
139
140    /**
141     * Unregisters a listener for trust events.
142     *
143     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.
144     */
145    public void unregisterTrustListener(final TrustListener trustListener) {
146        ITrustListener iTrustListener = mTrustListeners.remove(trustListener);
147        if (iTrustListener != null) {
148            try {
149                mService.unregisterTrustListener(iTrustListener);
150            } catch (RemoteException e) {
151                throw e.rethrowFromSystemServer();
152            }
153        }
154    }
155
156    /**
157     * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term
158     * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.
159     */
160    @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)
161    public boolean isTrustUsuallyManaged(int userId) {
162        try {
163            return mService.isTrustUsuallyManaged(userId);
164        } catch (RemoteException e) {
165            throw e.rethrowFromSystemServer();
166        }
167    }
168
169    private final Handler mHandler = new Handler(Looper.getMainLooper()) {
170        @Override
171        public void handleMessage(Message msg) {
172            switch(msg.what) {
173                case MSG_TRUST_CHANGED:
174                    int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0;
175                    ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags);
176                    break;
177                case MSG_TRUST_MANAGED_CHANGED:
178                    ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2);
179            }
180        }
181    };
182
183    public interface TrustListener {
184
185        /**
186         * Reports that the trust state has changed.
187         * @param enabled if true, the system believes the environment to be trusted.
188         * @param userId the user, for which the trust changed.
189         * @param flags flags specified by the trust agent when granting trust. See
190         *     {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int)
191         *                 TrustAgentService.grantTrust(CharSequence, long, int)}.
192         */
193        void onTrustChanged(boolean enabled, int userId, int flags);
194
195        /**
196         * Reports that whether trust is managed has changed
197         * @param enabled if true, at least one trust agent is managing trust.
198         * @param userId the user, for which the state changed.
199         */
200        void onTrustManagedChanged(boolean enabled, int userId);
201    }
202}
203