1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17 package android.app.trust; 18 19 import android.Manifest; 20 import android.annotation.RequiresPermission; 21 import android.os.Handler; 22 import android.os.IBinder; 23 import android.os.Looper; 24 import android.os.Message; 25 import android.os.RemoteException; 26 import android.util.ArrayMap; 27 28 import com.android.internal.widget.LockPatternUtils; 29 30 /** 31 * See {@link com.android.server.trust.TrustManagerService} 32 * @hide 33 */ 34 public class TrustManager { 35 36 private static final int MSG_TRUST_CHANGED = 1; 37 private static final int MSG_TRUST_MANAGED_CHANGED = 2; 38 39 private static final String TAG = "TrustManager"; 40 private static final String DATA_FLAGS = "initiatedByUser"; 41 42 private final ITrustManager mService; 43 private final ArrayMap<TrustListener, ITrustListener> mTrustListeners; 44 TrustManager(IBinder b)45 public TrustManager(IBinder b) { 46 mService = ITrustManager.Stub.asInterface(b); 47 mTrustListeners = new ArrayMap<TrustListener, ITrustListener>(); 48 } 49 50 /** 51 * Changes the lock status for the given user. This is only applicable to Managed Profiles, 52 * other users should be handled by Keyguard. 53 * 54 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 55 * 56 * @param userId The id for the user to be locked/unlocked. 57 * @param locked The value for that user's locked state. 58 */ 59 @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) setDeviceLockedForUser(int userId, boolean locked)60 public void setDeviceLockedForUser(int userId, boolean locked) { 61 try { 62 mService.setDeviceLockedForUser(userId, locked); 63 } catch (RemoteException e) { 64 throw e.rethrowFromSystemServer(); 65 } 66 } 67 68 /** 69 * Reports that user {@param userId} has tried to unlock the device. 70 * 71 * @param successful if true, the unlock attempt was successful. 72 * 73 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 74 */ reportUnlockAttempt(boolean successful, int userId)75 public void reportUnlockAttempt(boolean successful, int userId) { 76 try { 77 mService.reportUnlockAttempt(successful, userId); 78 } catch (RemoteException e) { 79 throw e.rethrowFromSystemServer(); 80 } 81 } 82 83 /** 84 * Reports that the list of enabled trust agents changed for user {@param userId}. 85 * 86 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 87 */ reportEnabledTrustAgentsChanged(int userId)88 public void reportEnabledTrustAgentsChanged(int userId) { 89 try { 90 mService.reportEnabledTrustAgentsChanged(userId); 91 } catch (RemoteException e) { 92 throw e.rethrowFromSystemServer(); 93 } 94 } 95 96 /** 97 * Reports that the visibility of the keyguard has changed. 98 * 99 * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. 100 */ reportKeyguardShowingChanged()101 public void reportKeyguardShowingChanged() { 102 try { 103 mService.reportKeyguardShowingChanged(); 104 } catch (RemoteException e) { 105 throw e.rethrowFromSystemServer(); 106 } 107 } 108 109 /** 110 * Registers a listener for trust events. 111 * 112 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 113 */ registerTrustListener(final TrustListener trustListener)114 public void registerTrustListener(final TrustListener trustListener) { 115 try { 116 ITrustListener.Stub iTrustListener = new ITrustListener.Stub() { 117 @Override 118 public void onTrustChanged(boolean enabled, int userId, int flags) { 119 Message m = mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId, 120 trustListener); 121 if (flags != 0) { 122 m.getData().putInt(DATA_FLAGS, flags); 123 } 124 m.sendToTarget(); 125 } 126 127 @Override 128 public void onTrustManagedChanged(boolean managed, int userId) { 129 mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId, 130 trustListener).sendToTarget(); 131 } 132 }; 133 mService.registerTrustListener(iTrustListener); 134 mTrustListeners.put(trustListener, iTrustListener); 135 } catch (RemoteException e) { 136 throw e.rethrowFromSystemServer(); 137 } 138 } 139 140 /** 141 * Unregisters a listener for trust events. 142 * 143 * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission. 144 */ unregisterTrustListener(final TrustListener trustListener)145 public void unregisterTrustListener(final TrustListener trustListener) { 146 ITrustListener iTrustListener = mTrustListeners.remove(trustListener); 147 if (iTrustListener != null) { 148 try { 149 mService.unregisterTrustListener(iTrustListener); 150 } catch (RemoteException e) { 151 throw e.rethrowFromSystemServer(); 152 } 153 } 154 } 155 156 /** 157 * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term 158 * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}. 159 */ 160 @RequiresPermission(android.Manifest.permission.TRUST_LISTENER) isTrustUsuallyManaged(int userId)161 public boolean isTrustUsuallyManaged(int userId) { 162 try { 163 return mService.isTrustUsuallyManaged(userId); 164 } catch (RemoteException e) { 165 throw e.rethrowFromSystemServer(); 166 } 167 } 168 169 private final Handler mHandler = new Handler(Looper.getMainLooper()) { 170 @Override 171 public void handleMessage(Message msg) { 172 switch(msg.what) { 173 case MSG_TRUST_CHANGED: 174 int flags = msg.peekData() != null ? msg.peekData().getInt(DATA_FLAGS) : 0; 175 ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2, flags); 176 break; 177 case MSG_TRUST_MANAGED_CHANGED: 178 ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2); 179 } 180 } 181 }; 182 183 public interface TrustListener { 184 185 /** 186 * Reports that the trust state has changed. 187 * @param enabled if true, the system believes the environment to be trusted. 188 * @param userId the user, for which the trust changed. 189 * @param flags flags specified by the trust agent when granting trust. See 190 * {@link android.service.trust.TrustAgentService#grantTrust(CharSequence, long, int) 191 * TrustAgentService.grantTrust(CharSequence, long, int)}. 192 */ onTrustChanged(boolean enabled, int userId, int flags)193 void onTrustChanged(boolean enabled, int userId, int flags); 194 195 /** 196 * Reports that whether trust is managed has changed 197 * @param enabled if true, at least one trust agent is managing trust. 198 * @param userId the user, for which the state changed. 199 */ onTrustManagedChanged(boolean enabled, int userId)200 void onTrustManagedChanged(boolean enabled, int userId); 201 } 202 } 203