1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17 package android.app.trust; 18 19 import android.os.Handler; 20 import android.os.IBinder; 21 import android.os.Looper; 22 import android.os.Message; 23 import android.os.RemoteException; 24 import android.util.ArrayMap; 25 import android.util.Log; 26 27 /** 28 * See {@link com.android.server.trust.TrustManagerService} 29 * @hide 30 */ 31 public class TrustManager { 32 33 private static final int MSG_TRUST_CHANGED = 1; 34 private static final int MSG_TRUST_MANAGED_CHANGED = 2; 35 36 private static final String TAG = "TrustManager"; 37 private static final String DATA_FLAGS = "initiatedByUser"; 38 39 private final ITrustManager mService; 40 private final ArrayMap<TrustListener, ITrustListener> mTrustListeners; 41 TrustManager(IBinder b)42 public TrustManager(IBinder b) { 43 mService = ITrustManager.Stub.asInterface(b); 44 mTrustListeners = new ArrayMap<TrustListener, ITrustListener>(); 45 } 46 47 /** 48 * Reports that user {@param userId} has tried to unlock the device. 49 * 50 * @param successful if true, the unlock attempt was successful. 51 * 52 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 53 */ reportUnlockAttempt(boolean successful, int userId)54 public void reportUnlockAttempt(boolean successful, int userId) { 55 try { 56 mService.reportUnlockAttempt(successful, userId); 57 } catch (RemoteException e) { 58 onError(e); 59 } 60 } 61 62 /** 63 * Reports that the list of enabled trust agents changed for user {@param userId}. 64 * 65 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 66 */ reportEnabledTrustAgentsChanged(int userId)67 public void reportEnabledTrustAgentsChanged(int userId) { 68 try { 69 mService.reportEnabledTrustAgentsChanged(userId); 70 } catch (RemoteException e) { 71 onError(e); 72 } 73 } 74 75 /** 76 * Reports that trust is disabled until credentials have been entered for user {@param userId}. 77 * 78 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 79 * 80 * @param userId either an explicit user id or {@link android.os.UserHandle#USER_ALL} 81 */ reportRequireCredentialEntry(int userId)82 public void reportRequireCredentialEntry(int userId) { 83 try { 84 mService.reportRequireCredentialEntry(userId); 85 } catch (RemoteException e) { 86 onError(e); 87 } 88 } 89 90 /** 91 * Reports that the visibility of the keyguard has changed. 92 * 93 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 94 */ reportKeyguardShowingChanged()95 public void reportKeyguardShowingChanged() { 96 try { 97 mService.reportKeyguardShowingChanged(); 98 } catch (RemoteException e) { 99 onError(e); 100 } 101 } 102 103 /** 104 * Registers a listener for trust events. 105 * 106 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 107 */ registerTrustListener(final TrustListener trustListener)108 public void registerTrustListener(final TrustListener trustListener) { 109 try { 110 ITrustListener.Stub iTrustListener = new ITrustListener.Stub() { 111 @Override 112 public void onTrustChanged(boolean enabled, int userId, int flags) { 113 Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId, 114 trustListener); 115 if (flags != 0) { 116 m.getData().putInt(DATA_FLAGS, flags); 117 } 118 m.sendToTarget(); 119 } 120 121 @Override 122 public void onTrustManagedChanged(boolean managed, int userId) { 123 mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId, 124 trustListener).sendToTarget(); 125 } 126 }; 127 mService.registerTrustListener(iTrustListener); 128 mTrustListeners.put(trustListener, iTrustListener); 129 } catch (RemoteException e) { 130 onError(e); 131 } 132 } 133 134 /** 135 * Unregisters a listener for trust events. 136 * 137 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 138 */ unregisterTrustListener(final TrustListener trustListener)139 public void unregisterTrustListener(final TrustListener trustListener) { 140 ITrustListener iTrustListener = mTrustListeners.remove(trustListener); 141 if (iTrustListener != null) { 142 try { 143 mService.unregisterTrustListener(iTrustListener); 144 } catch (RemoteException e) { 145 onError(e); 146 } 147 } 148 } 149 150 /** 151 * Checks whether the specified user has been authenticated since the last boot. 152 * 153 * @param userId the user id of the user to check for 154 * @return true if the user has authenticated since boot, false otherwise 155 * 156 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 157 */ hasUserAuthenticatedSinceBoot(int userId)158 public boolean hasUserAuthenticatedSinceBoot(int userId) { 159 try { 160 return mService.hasUserAuthenticatedSinceBoot(userId); 161 } catch (RemoteException e) { 162 onError(e); 163 return false; 164 } 165 } 166 onError(Exception e)167 private void onError(Exception e) { 168 Log.e(TAG, "Error while calling TrustManagerService", e); 169 } 170 171 private final Handler mHandler = new Handler(Looper.getMainLooper()) { 172 @Override 173 public void handleMessage(Message msg) { 174 switch(msg.what) { 175 case MSG_TRUST_CHANGED: 176 int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0; 177 ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags); 178 break; 179 case MSG_TRUST_MANAGED_CHANGED: 180 ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2); 181 } 182 } 183 }; 184 185 public interface TrustListener { 186 187 /** 188 * Reports that the trust state has changed. 189 * @param enabled if true, the system believes the environment to be trusted. 190 * @param userId the user, for which the trust changed. 191 * @param flags flags specified by the trust agent when granting trust. See 192 * {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int) 193 * TrustAgentService.grantTrust(CharSequence, long, int)}. 194 */ onTrustChanged(boolean enabled, int userId, int flags)195 void onTrustChanged(boolean enabled, int userId, int flags); 196 197 /** 198 * Reports that whether trust is managed has changed 199 * @param enabled if true, at least one trust agent is managing trust. 200 * @param userId the user, for which the state changed. 201 */ onTrustManagedChanged(boolean enabled, int userId)202 void onTrustManagedChanged(boolean enabled, int userId); 203 } 204 } 205