Merge "Logging of keyguard actions into security log"
diff --git a/api/current.txt b/api/current.txt
index 7a2cbce..ebeaefc 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -6516,8 +6516,9 @@
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
- field public static final int TAG_DEVICE_LOCKED = 210007; // 0x33457
- field public static final int TAG_DEVICE_UNLOCK_ATTEMPT = 210006; // 0x33456
+ field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
+ field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
+ field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
diff --git a/api/system-current.txt b/api/system-current.txt
index f42a71a..07e30a8 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -6774,8 +6774,9 @@
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
- field public static final int TAG_DEVICE_LOCKED = 210007; // 0x33457
- field public static final int TAG_DEVICE_UNLOCK_ATTEMPT = 210006; // 0x33456
+ field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
+ field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
+ field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
diff --git a/api/test-current.txt b/api/test-current.txt
index f668220..ddb7dc9 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -6518,8 +6518,9 @@
field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
- field public static final int TAG_DEVICE_LOCKED = 210007; // 0x33457
- field public static final int TAG_DEVICE_UNLOCK_ATTEMPT = 210006; // 0x33456
+ field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456
+ field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457
+ field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458
field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453
field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454
}
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index fef2a0e..a3c615d 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2973,6 +2973,34 @@
}
/**
+ * Should be called when keyguard has been dismissed.
+ * @hide
+ */
+ public void reportKeyguardDismissed() {
+ if (mService != null) {
+ try {
+ mService.reportKeyguardDismissed();
+ } catch (RemoteException e) {
+ Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);
+ }
+ }
+ }
+
+ /**
+ * Should be called when keyguard view has been shown to the user.
+ * @hide
+ */
+ public void reportKeyguardSecured() {
+ if (mService != null) {
+ try {
+ mService.reportKeyguardSecured();
+ } catch (RemoteException e) {
+ Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e);
+ }
+ }
+ }
+
+ /**
* @hide
* Sets the given package as the device owner.
* Same as {@link #setDeviceOwner(ComponentName, String)} but without setting a device owner name.
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 20d4a29..6333013 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -116,6 +116,9 @@
void reportFailedPasswordAttempt(int userHandle);
void reportSuccessfulPasswordAttempt(int userHandle);
+ void reportKeyguardDismissed();
+ void reportKeyguardSecured();
+
boolean setDeviceOwner(in ComponentName who, String ownerName, int userId);
ComponentName getDeviceOwnerComponent(boolean callingUserOnly);
String getDeviceOwnerName();
diff --git a/core/java/android/auditing/SecurityLog.java b/core/java/android/auditing/SecurityLog.java
index 87dc1d8..8d8d2f5 100644
--- a/core/java/android/auditing/SecurityLog.java
+++ b/core/java/android/auditing/SecurityLog.java
@@ -34,7 +34,8 @@
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@IntDef({TAG_ADB_SHELL_INTERACTIVE, TAG_ADB_SHELL_CMD, TAG_SYNC_RECV_FILE, TAG_SYNC_SEND_FILE,
- TAG_APP_PROCESS_START, TAG_DEVICE_UNLOCK_ATTEMPT, TAG_DEVICE_LOCKED})
+ TAG_APP_PROCESS_START, TAG_KEYGUARD_DISMISSED, TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT,
+ TAG_KEYGUARD_SECURED})
public @interface SECURITY_LOG_TAG {}
/**
@@ -68,21 +69,24 @@
* seinfo tag (String), SHA-256 hash of the APK in hexadecimal (String)
*/
public static final int TAG_APP_PROCESS_START = SecurityLogTags.SECURITY_APP_PROCESS_START;
-
/**
- * Indicate that there has been an attempt to unlock the device. The log entry contains the
- * following information about the attempt in order, accessible via
- * {@link SecurityEvent#getData()}}: unlock result (integer, 1 for successful unlock, 0 for
- * unsuccessful), unlock method (String)
+ * Indicate that keyguard is being dismissed.
+ * There is no extra payload in the log event.
*/
- public static final int TAG_DEVICE_UNLOCK_ATTEMPT =
- SecurityLogTags.SECURITY_DEVICE_UNLOCK_ATTEMPT;
-
+ public static final int TAG_KEYGUARD_DISMISSED =
+ SecurityLogTags.SECURITY_KEYGUARD_DISMISSED;
+ /**
+ * Indicate that there has been an authentication attempt to dismiss the keyguard. The log entry
+ * contains the attempt result (integer, 1 for successful, 0 for unsuccessful), accessible via
+ * {@link SecurityEvent#getData()}}
+ */
+ public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT =
+ SecurityLogTags.SECURITY_KEYGUARD_DISMISS_AUTH_ATTEMPT;
/**
* Indicate that the device has been locked, either by user or by timeout.
+ * There is no extra payload in the log event.
*/
- public static final int TAG_DEVICE_LOCKED = SecurityLogTags.SECURITY_DEVICE_LOCKED;
-
+ public static final int TAG_KEYGUARD_SECURED = SecurityLogTags.SECURITY_KEYGUARD_SECURED;
/**
* Returns if device logging is enabled. Log producers should only write new logs if this is
@@ -128,7 +132,9 @@
* Returns the tag of this log entry, which specifies entry's semantics.
* Could be one of {@link SecurityLog#TAG_SYNC_RECV_FILE},
* {@link SecurityLog#TAG_SYNC_SEND_FILE}, {@link SecurityLog#TAG_ADB_SHELL_CMD},
- * {@link SecurityLog#TAG_ADB_SHELL_INTERACTIVE}, {@link SecurityLog#TAG_APP_PROCESS_START}.
+ * {@link SecurityLog#TAG_ADB_SHELL_INTERACTIVE}, {@link SecurityLog#TAG_APP_PROCESS_START},
+ * {@link SecurityLog#TAG_KEYGUARD_DISMISSED}, {@link SecurityLog#TAG_KEYGUARD_SECURED},
+ * {@link SecurityLog#TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT}.
*/
public @SECURITY_LOG_TAG int getTag() {
return mEvent.getTag();
diff --git a/core/java/android/auditing/SecurityLogTags.logtags b/core/java/android/auditing/SecurityLogTags.logtags
index 455acff..cf85894 100644
--- a/core/java/android/auditing/SecurityLogTags.logtags
+++ b/core/java/android/auditing/SecurityLogTags.logtags
@@ -3,9 +3,10 @@
option java_package android.auditing
210001 security_adb_shell_interactive
-210002 security_adb_shell_command (command|3)
-210003 security_adb_sync_recv (path|3)
-210004 security_adb_sync_send (path|3)
-210005 security_app_process_start (process|3),(start_time|2|3),(uid|1),(pid|1),(seinfo|3),(sha256|3)
-210006 security_device_unlock_attempt (success|1),(method|3)
-210007 security_device_locked
\ No newline at end of file
+210002 security_adb_shell_command (command|3)
+210003 security_adb_sync_recv (path|3)
+210004 security_adb_sync_send (path|3)
+210005 security_app_process_start (process|3),(start_time|2|3),(uid|1),(pid|1),(seinfo|3),(sha256|3)
+210006 security_keyguard_dismissed
+210007 security_keyguard_dismiss_auth_attempt (success|1)
+210008 security_keyguard_secured
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java
index c7d17dc..409f6a7 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java
@@ -18,7 +18,6 @@
import android.app.Activity;
import android.app.AlertDialog;
import android.app.admin.DevicePolicyManager;
-import android.auditing.SecurityLog;
import android.content.Context;
import android.os.UserHandle;
import android.util.AttributeSet;
@@ -424,11 +423,6 @@
}
public void reportUnlockAttempt(int userId, boolean success, int timeoutMs) {
- if (SecurityLog.isLoggingEnabled()) {
- SecurityLog.writeEvent(SecurityLog.TAG_DEVICE_UNLOCK_ATTEMPT,
- (success ? 1 : 0),
- mCurrentSecuritySelection.name());
- }
KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext);
if (success) {
monitor.clearFailedUnlockAttempts();
diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
index 0475c72..958572f 100644
--- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
+++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java
@@ -24,7 +24,6 @@
import android.app.SearchManager;
import android.app.StatusBarManager;
import android.app.trust.TrustManager;
-import android.auditing.SecurityLog;
import android.content.BroadcastReceiver;
import android.content.ContentResolver;
import android.content.Context;
@@ -1371,10 +1370,8 @@
* @see #KEYGUARD_DONE
*/
private void handleKeyguardDone(boolean authenticated) {
- if (SecurityLog.isLoggingEnabled()
- && mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) {
- SecurityLog.writeEvent(SecurityLog.TAG_DEVICE_UNLOCK_ATTEMPT,
- (authenticated ? 1 : 0), "Unknown");
+ if (mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) {
+ mLockPatternUtils.getDevicePolicyManager().reportKeyguardDismissed();
}
if (DEBUG) Log.d(TAG, "handleKeyguardDone");
synchronized (this) {
@@ -1487,9 +1484,8 @@
* @see #SHOW
*/
private void handleShow(Bundle options) {
- if (SecurityLog.isLoggingEnabled()
- && mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) {
- SecurityLog.writeEvent(SecurityLog.TAG_DEVICE_LOCKED, "");
+ if (mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) {
+ mLockPatternUtils.getDevicePolicyManager().reportKeyguardSecured();
}
synchronized (KeyguardViewMediator.this) {
if (!mSystemReady) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index b94e6d6..236ae68e 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -49,6 +49,7 @@
import android.app.admin.IDevicePolicyManager;
import android.app.admin.SystemUpdatePolicy;
import android.app.backup.IBackupManager;
+import android.auditing.SecurityLog;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.ContentResolver;
@@ -4401,6 +4402,10 @@
} finally {
mInjector.binderRestoreCallingIdentity(ident);
}
+
+ if (SecurityLog.isLoggingEnabled()) {
+ SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0);
+ }
}
@Override
@@ -4427,6 +4432,28 @@
}
}
}
+
+ if (SecurityLog.isLoggingEnabled()) {
+ SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1);
+ }
+ }
+
+ @Override
+ public void reportKeyguardDismissed() {
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.BIND_DEVICE_ADMIN, null);
+ if (SecurityLog.isLoggingEnabled()) {
+ SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED);
+ }
+ }
+
+ @Override
+ public void reportKeyguardSecured() {
+ mContext.enforceCallingOrSelfPermission(
+ android.Manifest.permission.BIND_DEVICE_ADMIN, null);
+ if (SecurityLog.isLoggingEnabled()) {
+ SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED);
+ }
}
@Override