Blame - services/core/java/com/android/server/trust/TrustManagerService.java - platform/frameworks/base

2014-03-27 14:56:59 +0100

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License

15

*/

16

17

package com.android.server.trust;

18

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

19

import com.android.internal.annotations.GuardedBy;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

20

import com.android.internal.content.PackageMonitor;

21

import com.android.internal.widget.LockPatternUtils;

22

import com.android.server.SystemService;

23

24

import org.xmlpull.v1.XmlPullParser;

25

import org.xmlpull.v1.XmlPullParserException;

26

27

import android.Manifest;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

28

import android.app.ActivityManager;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

29

import android.app.admin.DevicePolicyManager;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

30

import android.app.trust.ITrustListener;

31

import android.app.trust.ITrustManager;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

32

import android.content.BroadcastReceiver;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

33

import android.content.ComponentName;

34

import android.content.Context;

35

import android.content.Intent;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

36

import android.content.IntentFilter;

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

37

import android.content.pm.ApplicationInfo;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

38

import android.content.pm.PackageManager;

39

import android.content.pm.ResolveInfo;

40

import android.content.pm.UserInfo;

41

import android.content.res.Resources;

42

import android.content.res.TypedArray;

43

import android.content.res.XmlResourceParser;

44

import android.graphics.drawable.Drawable;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

45

import android.os.Binder;

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

46

import android.os.DeadObjectException;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

47

import android.os.Handler;

48

import android.os.IBinder;

49

import android.os.Message;

Jim Miller

e303bf4

2014-08-26 17:12:29 -0700

[diff] [blame]

50

import android.os.PersistableBundle;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

51

import android.os.RemoteException;

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

52

import android.os.SystemClock;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

53

import android.os.UserHandle;

54

import android.os.UserManager;

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

55

import android.provider.Settings;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

56

import android.service.trust.TrustAgentService;

57

import android.util.ArraySet;

58

import android.util.AttributeSet;

Adrian Roos

18ea893

2014-05-28 14:53:06 +0200

[diff] [blame]

59

import android.util.Log;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

60

import android.util.Slog;

Adrian Roos

2014-05-16 21:20:54 +0200

[diff] [blame]

61

import android.util.SparseBooleanArray;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

62

import android.util.Xml;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

63

import android.view.IWindowManager;

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

64

import android.view.WindowManagerGlobal;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

65

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

66

import java.io.FileDescriptor;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

67

import java.io.IOException;

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

68

import java.io.PrintWriter;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

69

import java.util.ArrayList;

70

import java.util.List;

71

72

/**

73

* Manages trust agents and trust listeners.

74

*

75

* It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s

76

* of each user and notifies them about events that are relevant to them.

77

* It start and stops them based on the value of

78

* {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}.

79

*

80

* It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the

81

* trust state changes for any user.

82

*

83

* Trust state and the setting of enabled agents is kept per user and each user has its own

84

* instance of a {@link android.service.trust.TrustAgentService}.

85

*/

86

public class TrustManagerService extends SystemService {

87

88

private static final boolean DEBUG = false;

89

private static final String TAG = "TrustManagerService";

90

91

private static final Intent TRUST_AGENT_INTENT =

92

new Intent(TrustAgentService.SERVICE_INTERFACE);

Adrian Roos

18ea893

2014-05-28 14:53:06 +0200

[diff] [blame]

93

private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

94

95

private static final int MSG_REGISTER_LISTENER = 1;

96

private static final int MSG_UNREGISTER_LISTENER = 2;

97

private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3;

98

private static final int MSG_ENABLED_AGENTS_CHANGED = 4;

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

99

private static final int MSG_REQUIRE_CREDENTIAL_ENTRY = 5;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

100

private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6;

101

private static final int MSG_START_USER = 7;

102

private static final int MSG_CLEANUP_USER = 8;

103

private static final int MSG_SWITCH_USER = 9;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

104

105

private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<AgentInfo>();

106

private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<ITrustListener>();

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

107

private final Receiver mReceiver = new Receiver();

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

108

private final SparseBooleanArray mUserHasAuthenticated = new SparseBooleanArray();

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

109

/* package */ final TrustArchive mArchive = new TrustArchive();

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

110

private final Context mContext;

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

111

private final LockPatternUtils mLockPatternUtils;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

112

private final UserManager mUserManager;

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

113

private final ActivityManager mActivityManager;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

114

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

115

@GuardedBy("mUserIsTrusted")

116

private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

117

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

118

@GuardedBy("mDeviceLockedForUser")

119

private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray();

120

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

121

@GuardedBy("mUserHasAuthenticatedSinceBoot")

122

private final SparseBooleanArray mUserHasAuthenticatedSinceBoot = new SparseBooleanArray();

123

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

124

private boolean mTrustAgentsCanRun = false;

Xiaohui Chen

2015-08-05 09:44:56 -0700

[diff] [blame^]

125

private int mCurrentUser = UserHandle.USER_SYSTEM;

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

126

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

127

public TrustManagerService(Context context) {

128

super(context);

129

mContext = context;

130

mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

131

mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

132

mLockPatternUtils = new LockPatternUtils(context);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

@Override

public void onStart() {

137

publishBinderService(Context.TRUST_SERVICE, mService);

}

@Override

public void onBootPhase(int phase) {

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

142

if (isSafeMode()) {

143

// No trust agents in safe mode.

144

return;

145

}

146

if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

147

mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true);

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

148

mReceiver.register(mContext);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

149

} else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) {

150

mTrustAgentsCanRun = true;

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

151

refreshAgentList(UserHandle.USER_ALL);

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

152

} else if (phase == SystemService.PHASE_BOOT_COMPLETED) {

Xiaohui Chen

2015-08-05 09:44:56 -0700

[diff] [blame^]

153

maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_SYSTEM);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

// Agent management

private static final class AgentInfo {

160

CharSequence label;

161

Drawable icon;

162

ComponentName component; // service that implements ITrustAgent

163

ComponentName settings; // setting to launch to modify agent.

164

TrustAgentWrapper agent;

int userId;

@Override

public boolean equals(Object other) {

169

if (!(other instanceof AgentInfo)) {

170

return false;

171

}

172

AgentInfo o = (AgentInfo) other;

173

return component.equals(o.component) && userId == o.userId;

}

@Override

public int hashCode() {

178

return component.hashCode() * 31 + userId;

}

}

private void updateTrustAll() {

183

List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);

184

for (UserInfo userInfo : userInfos) {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

185

updateTrust(userInfo.id, 0);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

189

public void updateTrust(int userId, int flags) {

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

190

dispatchOnTrustManagedChanged(aggregateIsTrustManaged(userId), userId);

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

191

boolean trusted = aggregateIsTrusted(userId);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

192

boolean changed;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

193

synchronized (mUserIsTrusted) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

194

changed = mUserIsTrusted.get(userId) != trusted;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

195

mUserIsTrusted.put(userId, trusted);

196

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

197

dispatchOnTrustChanged(trusted, userId, flags);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

198

if (changed) {

199

refreshDeviceLockedForUser(userId);

200

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

201

}

202

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

203

void refreshAgentList(int userId) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

204

if (DEBUG) Slog.d(TAG, "refreshAgentList()");

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

205

if (!mTrustAgentsCanRun) {

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

206

return;

207

}

Xiaohui Chen

2015-08-05 09:44:56 -0700

[diff] [blame^]

208

if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) {

Adrian Roos

e681c27

2014-09-08 14:03:47 +0200

[diff] [blame]

209

Log.e(TAG, "refreshAgentList(userId=" + userId + "): Invalid user handle,"

210

+ " must be USER_ALL or a specific user.", new Throwable("here"));

211

userId = UserHandle.USER_ALL;

212

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

213

PackageManager pm = mContext.getPackageManager();

214

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

215

List<UserInfo> userInfos;

216

if (userId == UserHandle.USER_ALL) {

217

userInfos = mUserManager.getUsers(true /* excludeDying */);

218

} else {

219

userInfos = new ArrayList<>();

220

userInfos.add(mUserManager.getUserInfo(userId));

221

}

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

222

LockPatternUtils lockPatternUtils = mLockPatternUtils;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

223

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

224

ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>();

225

obsoleteAgents.addAll(mActiveAgents);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

226

227

for (UserInfo userInfo : userInfos) {

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

228

if (userInfo == null || userInfo.partial || !userInfo.isEnabled()

229

|| userInfo.guestToRemove) continue;

Xiaohui Chen

7cb69df

2015-07-13 16:01:01 -0700

[diff] [blame]

230

if (!userInfo.supportsSwitchToByUser()) continue;

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

231

if (!mActivityManager.isUserRunning(userInfo.id)) continue;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

232

if (!lockPatternUtils.isSecure(userInfo.id)) continue;

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

233

if (!getUserHasAuthenticated(userInfo.id)) continue;

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

234

DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();

235

int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);

Jim Miller

604e755

2014-07-18 19:00:02 -0700

[diff] [blame]

236

final boolean disableTrustAgents =

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

237

(disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;

238

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

239

List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id);

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

240

if (enabledAgents == null) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

241

continue;

242

}

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

243

List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

244

for (ResolveInfo resolveInfo : resolveInfos) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

245

ComponentName name = getComponentName(resolveInfo);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

246

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

247

if (!enabledAgents.contains(name)) continue;

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

248

if (disableTrustAgents) {

Jim Miller

e303bf4

2014-08-26 17:12:29 -0700

[diff] [blame]

249

List<PersistableBundle> config =

250

dpm.getTrustAgentConfiguration(null /* admin */, name, userInfo.id);

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

251

// Disable agent if no features are enabled.

Jim Miller

e303bf4

2014-08-26 17:12:29 -0700

[diff] [blame]

252

if (config == null || config.isEmpty()) continue;

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

253

}

254

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

255

AgentInfo agentInfo = new AgentInfo();

256

agentInfo.component = name;

257

agentInfo.userId = userInfo.id;

258

if (!mActiveAgents.contains(agentInfo)) {

259

agentInfo.label = resolveInfo.loadLabel(pm);

260

agentInfo.icon = resolveInfo.loadIcon(pm);

261

agentInfo.settings = getSettingsComponentName(pm, resolveInfo);

262

agentInfo.agent = new TrustAgentWrapper(mContext, this,

263

new Intent().setComponent(name), userInfo.getUserHandle());

264

mActiveAgents.add(agentInfo);

265

} else {

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

266

obsoleteAgents.remove(agentInfo);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

}

boolean trustMayHaveChanged = false;

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

272

for (int i = 0; i < obsoleteAgents.size(); i++) {

273

AgentInfo info = obsoleteAgents.valueAt(i);

Adrian Roos

e681c27

2014-09-08 14:03:47 +0200

[diff] [blame]

274

if (userId == UserHandle.USER_ALL || userId == info.userId) {

275

if (info.agent.isManagingTrust()) {

276

trustMayHaveChanged = true;

277

}

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

278

info.agent.destroy();

Adrian Roos

e681c27

2014-09-08 14:03:47 +0200

[diff] [blame]

279

mActiveAgents.remove(info);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

280

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

281

}

282

283

if (trustMayHaveChanged) {

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

284

if (userId == UserHandle.USER_ALL) {

285

updateTrustAll();

286

} else {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

287

updateTrust(userId, 0);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

288

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

292

boolean isDeviceLockedInner(int userId) {

293

synchronized (mDeviceLockedForUser) {

294

return mDeviceLockedForUser.get(userId, true);

}

}

private void refreshDeviceLockedForUser(int userId) {

Xiaohui Chen

2015-08-05 09:44:56 -0700

[diff] [blame^]

299

if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) {

Adrian Roos

7e2e40e

2014-11-21 15:27:12 +0100

[diff] [blame]

300

Log.e(TAG, "refreshDeviceLockedForUser(userId=" + userId + "): Invalid user handle,"

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

301

+ " must be USER_ALL or a specific user.", new Throwable("here"));

302

userId = UserHandle.USER_ALL;

303

}

304

305

List<UserInfo> userInfos;

306

if (userId == UserHandle.USER_ALL) {

307

userInfos = mUserManager.getUsers(true /* excludeDying */);

308

} else {

309

userInfos = new ArrayList<>();

310

userInfos.add(mUserManager.getUserInfo(userId));

311

}

312

313

IWindowManager wm = WindowManagerGlobal.getWindowManagerService();

314

315

for (int i = 0; i < userInfos.size(); i++) {

316

UserInfo info = userInfos.get(i);

317

318

if (info == null || info.partial || !info.isEnabled() || info.guestToRemove

Xiaohui Chen

7cb69df

2015-07-13 16:01:01 -0700

[diff] [blame]

319

|| !info.supportsSwitchToByUser()) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

continue;

}

int id = info.id;

boolean secure = mLockPatternUtils.isSecure(id);

325

boolean trusted = aggregateIsTrusted(id);

326

boolean showingKeyguard = true;

327

if (mCurrentUser == id) {

328

try {

329

showingKeyguard = wm.isKeyguardLocked();

330

} catch (RemoteException e) {

331

}

332

}

333

boolean deviceLocked = secure && showingKeyguard && !trusted;

334

335

boolean changed;

336

synchronized (mDeviceLockedForUser) {

337

changed = isDeviceLockedInner(id) != deviceLocked;

338

mDeviceLockedForUser.put(id, deviceLocked);

339

}

340

if (changed) {

341

dispatchDeviceLocked(id, deviceLocked);

}

}

}

private void dispatchDeviceLocked(int userId, boolean isLocked) {

347

for (int i = 0; i < mActiveAgents.size(); i++) {

348

AgentInfo agent = mActiveAgents.valueAt(i);

349

if (agent.userId == userId) {

350

if (isLocked) {

351

agent.agent.onDeviceLocked();

352

} else{

353

agent.agent.onDeviceUnlocked();

}

}

}

}

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

359

void updateDevicePolicyFeatures() {

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

360

for (int i = 0; i < mActiveAgents.size(); i++) {

361

AgentInfo info = mActiveAgents.valueAt(i);

362

if (info.agent.isConnected()) {

363

info.agent.updateDevicePolicyFeatures();

}

}

}

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

368

private void removeAgentsOfPackage(String packageName) {

369

boolean trustMayHaveChanged = false;

370

for (int i = mActiveAgents.size() - 1; i >= 0; i--) {

371

AgentInfo info = mActiveAgents.valueAt(i);

372

if (packageName.equals(info.component.getPackageName())) {

373

Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

374

if (info.agent.isManagingTrust()) {

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

375

trustMayHaveChanged = true;

376

}

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

377

info.agent.destroy();

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

378

mActiveAgents.removeAt(i);

379

}

380

}

381

if (trustMayHaveChanged) {

updateTrustAll();

}

}

public void resetAgent(ComponentName name, int userId) {

387

boolean trustMayHaveChanged = false;

388

for (int i = mActiveAgents.size() - 1; i >= 0; i--) {

389

AgentInfo info = mActiveAgents.valueAt(i);

390

if (name.equals(info.component) && userId == info.userId) {

391

Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

392

if (info.agent.isManagingTrust()) {

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

393

trustMayHaveChanged = true;

394

}

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

395

info.agent.destroy();

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

396

mActiveAgents.removeAt(i);

397

}

398

}

399

if (trustMayHaveChanged) {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

400

updateTrust(userId, 0);

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

401

}

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

402

refreshAgentList(userId);

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

403

}

404

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

405

private ComponentName getSettingsComponentName(PackageManager pm, ResolveInfo resolveInfo) {

406

if (resolveInfo == null || resolveInfo.serviceInfo == null

407

|| resolveInfo.serviceInfo.metaData == null) return null;

408

String cn = null;

409

XmlResourceParser parser = null;

410

Exception caughtException = null;

411

try {

412

parser = resolveInfo.serviceInfo.loadXmlMetaData(pm,

413

TrustAgentService.TRUST_AGENT_META_DATA);

414

if (parser == null) {

415

Slog.w(TAG, "Can't find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data");

416

return null;

417

}

418

Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo);

419

AttributeSet attrs = Xml.asAttributeSet(parser);

420

int type;

421

while ((type = parser.next()) != XmlPullParser.END_DOCUMENT

422

&& type != XmlPullParser.START_TAG) {

423

// Drain preamble.

424

}

425

String nodeName = parser.getName();

Adrian Roos

7e03dfc

2014-05-16 16:06:28 +0200

[diff] [blame]

426

if (!"trust-agent".equals(nodeName)) {

427

Slog.w(TAG, "Meta-data does not start with trust-agent tag");

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

return null;

}

TypedArray sa = res

.obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent);

432

cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity);

433

sa.recycle();

434

} catch (PackageManager.NameNotFoundException e) {

435

caughtException = e;

436

} catch (IOException e) {

437

caughtException = e;

438

} catch (XmlPullParserException e) {

439

caughtException = e;

440

} finally {

441

if (parser != null) parser.close();

442

}

443

if (caughtException != null) {

444

Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException);

return null;

}

if (cn == null) {

return null;

}

if (cn.indexOf('/') < 0) {

451

cn = resolveInfo.serviceInfo.packageName + "/" + cn;

452

}

453

return ComponentName.unflattenFromString(cn);

454

}

455

456

private ComponentName getComponentName(ResolveInfo resolveInfo) {

457

if (resolveInfo == null || resolveInfo.serviceInfo == null) return null;

458

return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name);

459

}

460

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

461

private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) {

462

if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(),

463

Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) {

464

return;

465

}

466

PackageManager pm = mContext.getPackageManager();

467

List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);

468

ArraySet<ComponentName> discoveredAgents = new ArraySet<>();

469

for (ResolveInfo resolveInfo : resolveInfos) {

470

ComponentName componentName = getComponentName(resolveInfo);

471

int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags;

472

if ((applicationInfoFlags & ApplicationInfo.FLAG_SYSTEM) == 0) {

473

Log.i(TAG, "Leaving agent " + componentName + " disabled because package "

474

+ "is not a system package.");

475

continue;

476

}

477

discoveredAgents.add(componentName);

478

}

479

480

List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);

481

if (previouslyEnabledAgents != null) {

482

discoveredAgents.addAll(previouslyEnabledAgents);

483

}

484

utils.setEnabledTrustAgents(discoveredAgents, userId);

485

Settings.Secure.putIntForUser(mContext.getContentResolver(),

486

Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId);

487

}

488

489

private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) {

490

List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,

491

0 /* flags */, userId);

492

ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size());

493

for (ResolveInfo resolveInfo : resolveInfos) {

494

if (resolveInfo.serviceInfo == null) continue;

495

if (resolveInfo.serviceInfo.applicationInfo == null) continue;

496

String packageName = resolveInfo.serviceInfo.packageName;

497

if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)

498

!= PackageManager.PERMISSION_GRANTED) {

499

ComponentName name = getComponentName(resolveInfo);

500

Log.w(TAG, "Skipping agent " + name + " because package does not have"

501

+ " permission " + PERMISSION_PROVIDE_AGENT + ".");

502

continue;

503

}

504

allowedAgents.add(resolveInfo);

505

}

506

return allowedAgents;

507

}

508

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

509

// Agent dispatch and aggregation

510

511

private boolean aggregateIsTrusted(int userId) {

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

512

if (!getUserHasAuthenticated(userId)) {

Adrian Roos

2014-05-16 21:20:54 +0200

[diff] [blame]

513

return false;

514

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

515

for (int i = 0; i < mActiveAgents.size(); i++) {

516

AgentInfo info = mActiveAgents.valueAt(i);

517

if (info.userId == userId) {

518

if (info.agent.isTrusted()) {

return true;

}

}

}

return false;

}

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

526

private boolean aggregateIsTrustManaged(int userId) {

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

527

if (!getUserHasAuthenticated(userId)) {

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

528

return false;

529

}

530

for (int i = 0; i < mActiveAgents.size(); i++) {

531

AgentInfo info = mActiveAgents.valueAt(i);

532

if (info.userId == userId) {

533

if (info.agent.isManagingTrust()) {

return true;

}

}

}

return false;

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

541

private void dispatchUnlockAttempt(boolean successful, int userId) {

542

for (int i = 0; i < mActiveAgents.size(); i++) {

543

AgentInfo info = mActiveAgents.valueAt(i);

544

if (info.userId == userId) {

545

info.agent.onUnlockAttempt(successful);

546

}

547

}

Adrian Roos

2014-05-16 21:20:54 +0200

[diff] [blame]

548

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

549

if (successful) {

550

updateUserHasAuthenticated(userId);

}

}

private void updateUserHasAuthenticated(int userId) {

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

555

boolean changed = setUserHasAuthenticated(userId);

556

if (changed) {

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

557

refreshAgentList(userId);

Adrian Roos

2014-05-16 21:20:54 +0200

[diff] [blame]

558

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

559

}

560

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

561

private boolean getUserHasAuthenticated(int userId) {

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

562

return mUserHasAuthenticated.get(userId);

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

}

/**

* @return whether the value has changed

567

*/

568

private boolean setUserHasAuthenticated(int userId) {

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

569

if (!mUserHasAuthenticated.get(userId)) {

570

mUserHasAuthenticated.put(userId, true);

571

synchronized (mUserHasAuthenticatedSinceBoot) {

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

572

mUserHasAuthenticatedSinceBoot.put(userId, true);

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

573

}

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

574

return true;

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

575

}

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

576

return false;

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

577

}

578

579

private void clearUserHasAuthenticated(int userId) {

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

580

if (userId == UserHandle.USER_ALL) {

581

mUserHasAuthenticated.clear();

582

} else {

583

mUserHasAuthenticated.put(userId, false);

}

}

private boolean getUserHasAuthenticatedSinceBoot(int userId) {

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

588

synchronized (mUserHasAuthenticatedSinceBoot) {

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

589

return mUserHasAuthenticatedSinceBoot.get(userId);

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

590

}

591

}

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

592

593

private void requireCredentialEntry(int userId) {

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

594

clearUserHasAuthenticated(userId);

595

refreshAgentList(userId);

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

596

}

597

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

598

// Listeners

599

600

private void addListener(ITrustListener listener) {

601

for (int i = 0; i < mTrustListeners.size(); i++) {

602

if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {

return;

}

}

mTrustListeners.add(listener);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

607

updateTrustAll();

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

608

}

609

610

private void removeListener(ITrustListener listener) {

611

for (int i = 0; i < mTrustListeners.size(); i++) {

612

if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {

Jay Civelli

979a32e

2014-07-18 16:47:36 -0700

[diff] [blame]

613

mTrustListeners.remove(i);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

return;

}

}

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

619

private void dispatchOnTrustChanged(boolean enabled, int userId, int flags) {

620

if (!enabled) flags = 0;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

621

for (int i = 0; i < mTrustListeners.size(); i++) {

622

try {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

623

mTrustListeners.get(i).onTrustChanged(enabled, userId, flags);

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

624

} catch (DeadObjectException e) {

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

625

Slog.d(TAG, "Removing dead TrustListener.");

626

mTrustListeners.remove(i);

627

i--;

628

} catch (RemoteException e) {

629

Slog.e(TAG, "Exception while notifying TrustListener.", e);

}

}

}

private void dispatchOnTrustManagedChanged(boolean managed, int userId) {

635

for (int i = 0; i < mTrustListeners.size(); i++) {

636

try {

637

mTrustListeners.get(i).onTrustManagedChanged(managed, userId);

638

} catch (DeadObjectException e) {

639

Slog.d(TAG, "Removing dead TrustListener.");

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

640

mTrustListeners.remove(i);

641

i--;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

642

} catch (RemoteException e) {

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

643

Slog.e(TAG, "Exception while notifying TrustListener.", e);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

// User lifecycle

@Override

public void onStartUser(int userId) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

652

mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget();

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

}

@Override

public void onCleanupUser(int userId) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

657

mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget();

}

@Override

public void onSwitchUser(int userId) {

662

mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget();

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

663

}

664

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

665

// Plumbing

666

667

private final IBinder mService = new ITrustManager.Stub() {

668

@Override

669

public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException {

670

enforceReportPermission();

671

mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId)

.sendToTarget();

}

@Override

public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException {

677

enforceReportPermission();

678

// coalesce refresh messages.

679

mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED);

680

mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED);

681

}

682

683

@Override

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

684

public void reportRequireCredentialEntry(int userId) throws RemoteException {

685

enforceReportPermission();

Xiaohui Chen

2015-08-05 09:44:56 -0700

[diff] [blame^]

686

if (userId == UserHandle.USER_ALL || userId >= UserHandle.USER_SYSTEM) {

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

687

mHandler.obtainMessage(MSG_REQUIRE_CREDENTIAL_ENTRY, userId, 0).sendToTarget();

688

} else {

689

throw new IllegalArgumentException(

690

"userId must be an explicit user id or USER_ALL");

}

}

@Override

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

695

public void reportKeyguardShowingChanged() throws RemoteException {

696

enforceReportPermission();

697

// coalesce refresh messages.

698

mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED);

699

mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED);

700

}

701

702

@Override

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

703

public void registerTrustListener(ITrustListener trustListener) throws RemoteException {

704

enforceListenerPermission();

705

mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget();

}

@Override

public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException {

710

enforceListenerPermission();

711

mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();

712

}

713

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

714

@Override

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

715

public boolean isDeviceLocked(int userId) throws RemoteException {

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

716

userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

717

false /* allowAll */, true /* requireFull */, "isDeviceLocked", null);

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

718

userId = resolveProfileParent(userId);

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

719

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

720

return isDeviceLockedInner(userId);

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

721

}

722

Adrian Roos

8289368

2015-04-02 16:17:46 +0200

[diff] [blame]

723

@Override

724

public boolean isDeviceSecure(int userId) throws RemoteException {

725

userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,

726

false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);

727

userId = resolveProfileParent(userId);

728

729

long token = Binder.clearCallingIdentity();

730

try {

731

return new LockPatternUtils(mContext).isSecure(userId);

732

} finally {

733

Binder.restoreCallingIdentity(token);

}

}

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

737

@Override

738

public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException {

739

mContext.enforceCallingOrSelfPermission(

740

Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null);

741

long token = Binder.clearCallingIdentity();

742

try {

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

743

return getUserHasAuthenticatedSinceBoot(userId);

Jorim Jaggi

2015-05-01 14:28:49 -0700

[diff] [blame]

744

} finally {

745

Binder.restoreCallingIdentity(token);

}

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

749

private void enforceReportPermission() {

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

750

mContext.enforceCallingOrSelfPermission(

751

Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

752

}

753

754

private void enforceListenerPermission() {

755

mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER,

756

"register trust listener");

757

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

758

759

@Override

760

protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) {

761

mContext.enforceCallingPermission(Manifest.permission.DUMP,

762

"dumping TrustManagerService");

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

763

if (isSafeMode()) {

764

fout.println("disabled because the system is in safe mode.");

765

return;

766

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

767

if (!mTrustAgentsCanRun) {

768

fout.println("disabled because the third-party apps can't run yet.");

769

return;

770

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

771

final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

772

mHandler.runWithScissors(new Runnable() {

773

@Override

774

public void run() {

775

fout.println("Trust manager state:");

776

for (UserInfo user : userInfos) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

777

dumpUser(fout, user, user.id == mCurrentUser);

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

}

}

}, 1500);

}

private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) {

784

fout.printf(" User \"%s\" (id=%d, flags=%#x)",

785

user.name, user.id, user.flags);

Xiaohui Chen

7cb69df

2015-07-13 16:01:01 -0700

[diff] [blame]

786

if (!user.supportsSwitchToByUser()) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

787

fout.println("(managed profile)");

788

fout.println(" disabled because switching to this user is not possible.");

789

return;

790

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

791

if (isCurrent) {

792

fout.print(" (current)");

793

}

794

fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id)));

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

795

fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id)));

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

796

fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id)));

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

797

fout.print(", hasAuthenticated=" + dumpBool(getUserHasAuthenticated(user.id)));

798

fout.print(", hasAuthenticatedSinceBoot="

799

+ dumpBool(getUserHasAuthenticatedSinceBoot(user.id)));

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

800

fout.println();

801

fout.println(" Enabled agents:");

802

boolean duplicateSimpleNames = false;

803

ArraySet<String> simpleNames = new ArraySet<String>();

804

for (AgentInfo info : mActiveAgents) {

805

if (info.userId != user.id) { continue; }

806

boolean trusted = info.agent.isTrusted();

807

fout.print(" "); fout.println(info.component.flattenToShortString());

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

808

fout.print(" bound=" + dumpBool(info.agent.isBound()));

809

fout.print(", connected=" + dumpBool(info.agent.isConnected()));

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

810

fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust()));

811

fout.print(", trusted=" + dumpBool(trusted));

812

fout.println();

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

813

if (trusted) {

814

fout.println(" message=\"" + info.agent.getMessage() + "\"");

815

}

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

816

if (!info.agent.isConnected()) {

817

String restartTime = TrustArchive.formatDuration(

818

info.agent.getScheduledRestartUptimeMillis()

819

- SystemClock.uptimeMillis());

820

fout.println(" restartScheduledAt=" + restartTime);

821

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

822

if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) {

823

duplicateSimpleNames = true;

824

}

825

}

826

fout.println(" Events:");

827

mArchive.dump(fout, 50, user.id, " " /* linePrefix */, duplicateSimpleNames);

fout.println();

}

private String dumpBool(boolean b) {

832

return b ? "1" : "0";

833

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

834

};

835

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

836

private int resolveProfileParent(int userId) {

837

long identity = Binder.clearCallingIdentity();

838

try {

839

UserInfo parent = mUserManager.getProfileParent(userId);

840

if (parent != null) {

841

return parent.getUserHandle().getIdentifier();

}

return userId;

} finally {

Binder.restoreCallingIdentity(identity);

}

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

849

private final Handler mHandler = new Handler() {

850

@Override

851

public void handleMessage(Message msg) {

852

switch (msg.what) {

853

case MSG_REGISTER_LISTENER:

854

addListener((ITrustListener) msg.obj);

855

break;

856

case MSG_UNREGISTER_LISTENER:

857

removeListener((ITrustListener) msg.obj);

858

break;

859

case MSG_DISPATCH_UNLOCK_ATTEMPT:

860

dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2);

861

break;

862

case MSG_ENABLED_AGENTS_CHANGED:

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

863

refreshAgentList(UserHandle.USER_ALL);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

864

// This is also called when the security mode of a user changes.

865

refreshDeviceLockedForUser(UserHandle.USER_ALL);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

866

break;

Adrian Roos

2014-06-25 23:28:53 +0200

[diff] [blame]

867

case MSG_REQUIRE_CREDENTIAL_ENTRY:

868

requireCredentialEntry(msg.arg1);

869

break;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

870

case MSG_KEYGUARD_SHOWING_CHANGED:

Adrian Roos

7e2e40e

2014-11-21 15:27:12 +0100

[diff] [blame]

871

refreshDeviceLockedForUser(mCurrentUser);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

872

break;

873

case MSG_START_USER:

874

case MSG_CLEANUP_USER:

875

refreshAgentList(msg.arg1);

876

break;

877

case MSG_SWITCH_USER:

878

mCurrentUser = msg.arg1;

879

refreshDeviceLockedForUser(UserHandle.USER_ALL);

880

break;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

};

private final PackageMonitor mPackageMonitor = new PackageMonitor() {

886

@Override

887

public void onSomePackagesChanged() {

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

888

refreshAgentList(UserHandle.USER_ALL);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

@Override

public boolean onPackageChanged(String packageName, int uid, String[] components) {

893

// We're interested in all changes, even if just some components get enabled / disabled.

894

return true;

895

}

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

896

897

@Override

898

public void onPackageDisappeared(String packageName, int reason) {

899

removeAgentsOfPackage(packageName);

900

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

901

};

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

902

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

903

private class Receiver extends BroadcastReceiver {

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

904

905

@Override

906

public void onReceive(Context context, Intent intent) {

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

907

String action = intent.getAction();

908

if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action)) {

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

909

refreshAgentList(getSendingUserId());

910

updateDevicePolicyFeatures();

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

911

} else if (Intent.ACTION_USER_PRESENT.equals(action)) {

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

912

updateUserHasAuthenticated(getSendingUserId());

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

913

} else if (Intent.ACTION_USER_ADDED.equals(action)) {

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

914

int userId = getUserId(intent);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

915

if (userId > 0) {

916

maybeEnableFactoryTrustAgents(mLockPatternUtils, userId);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

917

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

918

} else if (Intent.ACTION_USER_REMOVED.equals(action)) {

919

int userId = getUserId(intent);

920

if (userId > 0) {

Adrian Roos

2015-06-29 17:49:17 -0700

[diff] [blame]

921

mUserHasAuthenticated.delete(userId);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

922

synchronized (mUserIsTrusted) {

923

mUserIsTrusted.delete(userId);

924

}

925

synchronized (mDeviceLockedForUser) {

926

mDeviceLockedForUser.delete(userId);

927

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

928

refreshAgentList(userId);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

929

refreshDeviceLockedForUser(userId);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

}

}

}

private int getUserId(Intent intent) {

935

int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -100);

if (userId > 0) {

return userId;

} else {

Slog.wtf(TAG, "EXTRA_USER_HANDLE missing or invalid, value=" + userId);

940

return -100;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

}

}

public void register(Context context) {

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

945

IntentFilter filter = new IntentFilter();

946

filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);

947

filter.addAction(Intent.ACTION_USER_PRESENT);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

948

filter.addAction(Intent.ACTION_USER_ADDED);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

949

filter.addAction(Intent.ACTION_USER_REMOVED);

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

950

context.registerReceiverAsUser(this,

951

UserHandle.ALL,

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

952

filter,

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

953

null /* permission */,

954

null /* scheduler */);

955

}

956

}

Adrian Roos