1 /*
2  * Copyright 2016, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.managedprovisioning.preprovisioning;
18 
19 import static com.android.internal.util.Preconditions.checkNotNull;
20 
21 import static java.util.Objects.requireNonNull;
22 
23 import android.app.Activity;
24 import android.content.ComponentName;
25 import android.content.Context;
26 import android.content.Intent;
27 import android.content.pm.PackageManager;
28 import android.os.Looper;
29 import android.os.UserHandle;
30 
31 import com.android.internal.annotations.VisibleForTesting;
32 import com.android.managedprovisioning.common.Globals;
33 import com.android.managedprovisioning.common.NotificationHelper;
34 import com.android.managedprovisioning.common.ProvisionLogger;
35 import com.android.managedprovisioning.common.SettingsFacade;
36 import com.android.managedprovisioning.common.TransitionHelper;
37 import com.android.managedprovisioning.common.Utils;
38 import com.android.managedprovisioning.model.ProvisioningParams;
39 
40 import java.io.File;
41 import java.util.function.Consumer;
42 
43 /**
44  * This controller manages all things related to the encryption reboot.
45  *
46  * <p>An encryption reminder can be scheduled using {@link #setEncryptionReminder}. This will store
47  * the provisioning data to disk and enable a HOME intent receiver. After the reboot, the HOME
48  * intent receiver calls {@link #resumeProvisioning} at which point a new provisioning intent is
49  * sent. The reminder can be cancelled using {@link #cancelEncryptionReminder}.
50  */
51 public class EncryptionController {
52     private final Context mContext;
53     private final Utils mUtils;
54     private final SettingsFacade mSettingsFacade;
55     private final ComponentName mHomeReceiver;
56     private final NotificationHelper mNotificationHelper;
57     private final int mUserId;
58 
59     private boolean mProvisioningResumed = false;
60 
61     private final PackageManager mPackageManager;
62 
63     private static EncryptionController sInstance;
64 
65     private static final String PROVISIONING_PARAMS_FILE_NAME
66             = "encryption_controller_provisioning_params.xml";
67     private static final Object LOCK = new Object();
68 
69     /**
70      * Returns an instance of {@link EncryptionController}.
71      *
72      * <p>This method is thread-safe.
73      */
getInstance( Context context, ComponentName homeReceiver)74     public static EncryptionController getInstance(
75             Context context,
76             ComponentName homeReceiver) {
77         requireNonNull(context);
78         requireNonNull(homeReceiver);
79         synchronized (LOCK) {
80             if (sInstance == null) {
81                 sInstance = new EncryptionController(context.getApplicationContext(), homeReceiver);
82             }
83             return sInstance;
84         }
85     }
86 
EncryptionController(Context context, ComponentName homeReceiver)87     private EncryptionController(Context context, ComponentName homeReceiver) {
88         this(context,
89                 new Utils(),
90                 new SettingsFacade(),
91                 homeReceiver,
92                 new NotificationHelper(context),
93                 UserHandle.myUserId());
94     }
95 
96     @VisibleForTesting
EncryptionController(Context context, Utils utils, SettingsFacade settingsFacade, ComponentName homeReceiver, NotificationHelper resumeNotificationHelper, int userId)97     EncryptionController(Context context,
98             Utils utils,
99             SettingsFacade settingsFacade,
100             ComponentName homeReceiver,
101             NotificationHelper resumeNotificationHelper,
102             int userId) {
103         mContext = checkNotNull(context, "Context must not be null").getApplicationContext();
104         mSettingsFacade = checkNotNull(settingsFacade);
105         mUtils = checkNotNull(utils, "Utils must not be null");
106         mHomeReceiver = checkNotNull(homeReceiver, "HomeReceiver must not be null");
107         mNotificationHelper = checkNotNull(resumeNotificationHelper,
108                 "ResumeNotificationHelper must not be null");
109         mUserId = userId;
110 
111         mPackageManager = context.getPackageManager();
112     }
113 
114     /**
115      * Store a resume intent into persistent storage. Provisioning will be resumed after reboot
116      * using the stored intent.
117      *
118      * @param params the params to be stored.
119      */
setEncryptionReminder(ProvisioningParams params)120     public void setEncryptionReminder(ProvisioningParams params) {
121         ProvisionLogger.logd("Setting provisioning reminder for action: "
122                 + params.provisioningAction);
123         params.save(getProvisioningParamsFile(mContext));
124         // Only enable the HOME intent receiver for flows inside SUW, as showing the notification
125         // for non-SUW flows is less time cricital.
126         if (!mSettingsFacade.isUserSetupCompleted(mContext)) {
127             ProvisionLogger.logd("Enabling PostEncryptionActivity");
128             mUtils.enableComponent(mHomeReceiver, mUserId);
129             // To ensure that the enabled state has been persisted to disk, we flush the
130             // restrictions.
131             mPackageManager.flushPackageRestrictionsAsUser(mUserId);
132         }
133     }
134 
135     /**
136      * Cancel the encryption reminder to avoid further resumption of encryption.
137      */
cancelEncryptionReminder()138     public void cancelEncryptionReminder() {
139         ProvisionLogger.logd("Cancelling provisioning reminder.");
140         getProvisioningParamsFile(mContext).delete();
141         mUtils.disableComponent(mHomeReceiver, mUserId);
142     }
143 
144     /**
145      * Resume provisioning after encryption has happened.
146      *
147      * <p>If the device has already been set up, we show a notification to resume provisioning,
148      * otherwise we continue provisioning direclty.
149      *
150      * <p>Note that this method has to be called on the main thread.
151      */
resumeProvisioning()152     public void resumeProvisioning() {
153         resumeProvisioningInternal(mContext::startActivity);
154     }
155 
156     /**
157      * Similar to {@link #resumeProvisioning()}, but starts provisioning with a cross-activity
158      * transition.
159      * @param activity the parent {@link Activity} to launch provisioning
160      * @param transitionHelper helper to determine the appropriate transition to use
161      */
resumeProvisioning(Activity activity, TransitionHelper transitionHelper)162     public void resumeProvisioning(Activity activity, TransitionHelper transitionHelper) {
163         resumeProvisioningInternal(
164                 intent -> transitionHelper.startActivityWithTransition(activity, intent));
165     }
166 
resumeProvisioningInternal(Consumer<Intent> launchActivityConsumer)167     private void resumeProvisioningInternal(Consumer<Intent> launchActivityConsumer) {
168         // verify that this method was called on the main thread.
169         if (Looper.myLooper() != Looper.getMainLooper()) {
170             throw new IllegalStateException("resumeProvisioning must be called on the main thread");
171         }
172 
173         if (mProvisioningResumed) {
174             // If provisioning has already been resumed, don't resume it again.
175             // This can happen if the HOME intent receiver was launched multiple times or the
176             // BOOT_COMPLETED was received after the HOME intent receiver had already been launched.
177             return;
178         }
179 
180         ProvisioningParams params = ProvisioningParams.load(getProvisioningParamsFile(mContext));
181 
182         if (params != null) {
183             Intent resumeIntent = new Intent(Globals.ACTION_RESUME_PROVISIONING);
184             resumeIntent.putExtra(ProvisioningParams.EXTRA_PROVISIONING_PARAMS, params);
185             mProvisioningResumed = true;
186             String action = params.provisioningAction;
187             ProvisionLogger.logd("Provisioning resumed after encryption with action: " + action);
188 
189             if (!mUtils.isPhysicalDeviceEncrypted()) {
190                 ProvisionLogger.loge("Device is not encrypted after provisioning with"
191                         + " action " + action + " but it should");
192                 return;
193             }
194             resumeIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
195 
196             if (mUtils.isProfileOwnerAction(action)) {
197                 if (mSettingsFacade.isUserSetupCompleted(mContext)) {
198                     mNotificationHelper.showResumeNotification(resumeIntent);
199                 } else {
200                     launchActivityConsumer.accept(resumeIntent);
201                 }
202             } else if (mUtils.isDeviceOwnerAction(action)) {
203                 launchActivityConsumer.accept(resumeIntent);
204             } else {
205                 ProvisionLogger.loge("Unknown intent action loaded from the intent store: "
206                         + action);
207             }
208         }
209     }
210 
211     @VisibleForTesting
getProvisioningParamsFile(Context context)212     File getProvisioningParamsFile(Context context) {
213         return new File(context.getFilesDir(), PROVISIONING_PARAMS_FILE_NAME);
214     }
215 }
216