Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.trust; |
| 18 | |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 19 | import android.annotation.TargetApi; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 20 | import android.app.AlarmManager; |
| 21 | import android.app.PendingIntent; |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 22 | import android.app.admin.DevicePolicyManager; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 23 | import android.content.BroadcastReceiver; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 24 | import android.content.ComponentName; |
| 25 | import android.content.Context; |
| 26 | import android.content.Intent; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 27 | import android.content.IntentFilter; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 28 | import android.content.ServiceConnection; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 29 | import android.net.Uri; |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 30 | import android.os.Binder; |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 31 | import android.os.Build; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 32 | import android.os.Handler; |
| 33 | import android.os.IBinder; |
| 34 | import android.os.Message; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 35 | import android.os.PatternMatcher; |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 36 | import android.os.PersistableBundle; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 37 | import android.os.RemoteException; |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 38 | import android.os.SystemClock; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 39 | import android.os.UserHandle; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 40 | import android.service.trust.ITrustAgentService; |
| 41 | import android.service.trust.ITrustAgentServiceCallback; |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 42 | import android.service.trust.TrustAgentService; |
| 43 | import android.util.Log; |
| 44 | import android.util.Slog; |
Lucas Dupin | ef88654 | 2018-01-03 16:03:07 -0800 | [diff] [blame] | 45 | |
| 46 | import com.android.internal.policy.IKeyguardDismissCallback; |
| 47 | |
Adrian Roos | a43fd03 | 2015-03-09 19:10:15 +0100 | [diff] [blame] | 48 | import java.util.Collections; |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 49 | import java.util.List; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 50 | |
| 51 | /** |
| 52 | * A wrapper around a TrustAgentService interface. Coordinates communication between |
| 53 | * TrustManager and the actual TrustAgent. |
| 54 | */ |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 55 | @TargetApi(Build.VERSION_CODES.LOLLIPOP) |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 56 | public class TrustAgentWrapper { |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 57 | private static final String EXTRA_COMPONENT_NAME = "componentName"; |
| 58 | private static final String TRUST_EXPIRED_ACTION = "android.server.trust.TRUST_EXPIRED_ACTION"; |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 59 | private static final String PERMISSION = android.Manifest.permission.PROVIDE_TRUST_AGENT; |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 60 | private static final boolean DEBUG = TrustManagerService.DEBUG; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 61 | private static final String TAG = "TrustAgentWrapper"; |
| 62 | |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 63 | private static final int MSG_GRANT_TRUST = 1; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 64 | private static final int MSG_REVOKE_TRUST = 2; |
| 65 | private static final int MSG_TRUST_TIMEOUT = 3; |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 66 | private static final int MSG_RESTART_TIMEOUT = 4; |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 67 | private static final int MSG_SET_TRUST_AGENT_FEATURES_COMPLETED = 5; |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 68 | private static final int MSG_MANAGING_TRUST = 6; |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 69 | private static final int MSG_ADD_ESCROW_TOKEN = 7; |
| 70 | private static final int MSG_REMOVE_ESCROW_TOKEN = 8; |
| 71 | private static final int MSG_ESCROW_TOKEN_STATE = 9; |
| 72 | private static final int MSG_UNLOCK_USER = 10; |
Lucas Dupin | ef88654 | 2018-01-03 16:03:07 -0800 | [diff] [blame] | 73 | private static final int MSG_SHOW_KEYGUARD_ERROR_MESSAGE = 11; |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 74 | |
| 75 | /** |
| 76 | * Time in uptime millis that we wait for the service connection, both when starting |
| 77 | * and when the service disconnects. |
| 78 | */ |
| 79 | private static final long RESTART_TIMEOUT_MILLIS = 5 * 60000; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 80 | |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 81 | /** |
| 82 | * Long extra for {@link #MSG_GRANT_TRUST} |
| 83 | */ |
| 84 | private static final String DATA_DURATION = "duration"; |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 85 | private static final String DATA_ESCROW_TOKEN = "escrow_token"; |
| 86 | private static final String DATA_HANDLE = "handle"; |
| 87 | private static final String DATA_USER_ID = "user_id"; |
Lucas Dupin | ef88654 | 2018-01-03 16:03:07 -0800 | [diff] [blame] | 88 | private static final String DATA_MESSAGE = "message"; |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 89 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 90 | private final TrustManagerService mTrustManagerService; |
| 91 | private final int mUserId; |
| 92 | private final Context mContext; |
| 93 | private final ComponentName mName; |
| 94 | |
| 95 | private ITrustAgentService mTrustAgentService; |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 96 | private boolean mBound; |
| 97 | private long mScheduledRestartUptimeMillis; |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 98 | private long mMaximumTimeToLock; // from DevicePolicyManager |
Adrian Roos | 517b3a4 | 2016-03-03 14:58:33 -0800 | [diff] [blame] | 99 | private boolean mPendingSuccessfulUnlock = false; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 100 | |
| 101 | // Trust state |
| 102 | private boolean mTrusted; |
Adrian Roos | 7e03dfc | 2014-05-16 16:06:28 +0200 | [diff] [blame] | 103 | private CharSequence mMessage; |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 104 | private boolean mTrustDisabledByDpm; |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 105 | private boolean mManagingTrust; |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 106 | private IBinder mSetTrustAgentFeaturesToken; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 107 | private AlarmManager mAlarmManager; |
| 108 | private final Intent mAlarmIntent; |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 109 | private PendingIntent mAlarmPendingIntent; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 110 | |
| 111 | private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() { |
| 112 | @Override |
| 113 | public void onReceive(Context context, Intent intent) { |
| 114 | ComponentName component = intent.getParcelableExtra(EXTRA_COMPONENT_NAME); |
| 115 | if (TRUST_EXPIRED_ACTION.equals(intent.getAction()) |
| 116 | && mName.equals(component)) { |
| 117 | mHandler.removeMessages(MSG_TRUST_TIMEOUT); |
| 118 | mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT); |
| 119 | } |
| 120 | } |
| 121 | }; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 122 | |
| 123 | private final Handler mHandler = new Handler() { |
| 124 | @Override |
| 125 | public void handleMessage(Message msg) { |
| 126 | switch (msg.what) { |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 127 | case MSG_GRANT_TRUST: |
Adrian Roos | 7d59b4f | 2014-05-27 20:01:31 +0200 | [diff] [blame] | 128 | if (!isConnected()) { |
| 129 | Log.w(TAG, "Agent is not connected, cannot grant trust: " |
| 130 | + mName.flattenToShortString()); |
| 131 | return; |
| 132 | } |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 133 | mTrusted = true; |
Adrian Roos | 7e03dfc | 2014-05-16 16:06:28 +0200 | [diff] [blame] | 134 | mMessage = (CharSequence) msg.obj; |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 135 | int flags = msg.arg1; |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 136 | long durationMs = msg.getData().getLong(DATA_DURATION); |
| 137 | if (durationMs > 0) { |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 138 | final long duration; |
| 139 | if (mMaximumTimeToLock != 0) { |
| 140 | // Enforce DevicePolicyManager timeout. This is here as a safeguard to |
| 141 | // ensure trust agents are evaluating trust state at least as often as |
| 142 | // the policy dictates. Admins that want more guarantees should be using |
| 143 | // DevicePolicyManager#KEYGUARD_DISABLE_TRUST_AGENTS. |
| 144 | duration = Math.min(durationMs, mMaximumTimeToLock); |
| 145 | if (DEBUG) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 146 | Slog.d(TAG, "DPM lock timeout in effect. Timeout adjusted from " |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 147 | + durationMs + " to " + duration); |
| 148 | } |
| 149 | } else { |
| 150 | duration = durationMs; |
| 151 | } |
| 152 | long expiration = SystemClock.elapsedRealtime() + duration; |
| 153 | mAlarmPendingIntent = PendingIntent.getBroadcast(mContext, 0, mAlarmIntent, |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 154 | PendingIntent.FLAG_CANCEL_CURRENT); |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 155 | mAlarmManager.set(AlarmManager.ELAPSED_REALTIME_WAKEUP, expiration, |
| 156 | mAlarmPendingIntent); |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 157 | } |
| 158 | mTrustManagerService.mArchive.logGrantTrust(mUserId, mName, |
| 159 | (mMessage != null ? mMessage.toString() : null), |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 160 | durationMs, flags); |
| 161 | mTrustManagerService.updateTrust(mUserId, flags); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 162 | break; |
| 163 | case MSG_TRUST_TIMEOUT: |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 164 | if (DEBUG) Slog.d(TAG, "Trust timed out : " + mName.flattenToShortString()); |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 165 | mTrustManagerService.mArchive.logTrustTimeout(mUserId, mName); |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 166 | onTrustTimeout(); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 167 | // Fall through. |
| 168 | case MSG_REVOKE_TRUST: |
| 169 | mTrusted = false; |
| 170 | mMessage = null; |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 171 | mHandler.removeMessages(MSG_TRUST_TIMEOUT); |
| 172 | if (msg.what == MSG_REVOKE_TRUST) { |
| 173 | mTrustManagerService.mArchive.logRevokeTrust(mUserId, mName); |
| 174 | } |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 175 | mTrustManagerService.updateTrust(mUserId, 0); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 176 | break; |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 177 | case MSG_RESTART_TIMEOUT: |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 178 | Slog.w(TAG, "Connection attempt to agent " + mName.flattenToShortString() |
| 179 | + " timed out, rebinding"); |
Adrian Roos | fc29e0b | 2014-11-11 12:55:44 +0100 | [diff] [blame] | 180 | destroy(); |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 181 | mTrustManagerService.resetAgent(mName, mUserId); |
| 182 | break; |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 183 | case MSG_SET_TRUST_AGENT_FEATURES_COMPLETED: |
| 184 | IBinder token = (IBinder) msg.obj; |
| 185 | boolean result = msg.arg1 != 0; |
| 186 | if (mSetTrustAgentFeaturesToken == token) { |
| 187 | mSetTrustAgentFeaturesToken = null; |
| 188 | if (mTrustDisabledByDpm && result) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 189 | if (DEBUG) Slog.d(TAG, "Re-enabling agent because it acknowledged " |
| 190 | + "enabled features: " + mName.flattenToShortString()); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 191 | mTrustDisabledByDpm = false; |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 192 | mTrustManagerService.updateTrust(mUserId, 0); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 193 | } |
| 194 | } else { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 195 | if (DEBUG) Slog.w(TAG, "Ignoring MSG_SET_TRUST_AGENT_FEATURES_COMPLETED " |
| 196 | + "with obsolete token: " + mName.flattenToShortString()); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 197 | } |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 198 | break; |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 199 | case MSG_MANAGING_TRUST: |
| 200 | mManagingTrust = msg.arg1 != 0; |
| 201 | if (!mManagingTrust) { |
| 202 | mTrusted = false; |
| 203 | mMessage = null; |
| 204 | } |
| 205 | mTrustManagerService.mArchive.logManagingTrust(mUserId, mName, mManagingTrust); |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 206 | mTrustManagerService.updateTrust(mUserId, 0); |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 207 | break; |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 208 | case MSG_ADD_ESCROW_TOKEN: { |
| 209 | byte[] eToken = msg.getData().getByteArray(DATA_ESCROW_TOKEN); |
| 210 | int userId = msg.getData().getInt(DATA_USER_ID); |
| 211 | long handle = mTrustManagerService.addEscrowToken(eToken, userId); |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 212 | boolean resultDeliverred = false; |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 213 | try { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 214 | if (mTrustAgentService != null) { |
| 215 | mTrustAgentService.onEscrowTokenAdded( |
| 216 | eToken, handle, UserHandle.of(userId)); |
| 217 | resultDeliverred = true; |
| 218 | } |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 219 | } catch (RemoteException e) { |
| 220 | onError(e); |
| 221 | } |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 222 | |
| 223 | if (!resultDeliverred) { |
| 224 | mTrustManagerService.removeEscrowToken(handle, userId); |
| 225 | } |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 226 | break; |
| 227 | } |
| 228 | case MSG_ESCROW_TOKEN_STATE: { |
| 229 | long handle = msg.getData().getLong(DATA_HANDLE); |
| 230 | int userId = msg.getData().getInt(DATA_USER_ID); |
| 231 | boolean active = mTrustManagerService.isEscrowTokenActive(handle, userId); |
| 232 | try { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 233 | if (mTrustAgentService != null) { |
| 234 | mTrustAgentService.onTokenStateReceived(handle, |
| 235 | active ? TrustAgentService.TOKEN_STATE_ACTIVE |
| 236 | : TrustAgentService.TOKEN_STATE_INACTIVE); |
| 237 | } |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 238 | } catch (RemoteException e) { |
| 239 | onError(e); |
| 240 | } |
| 241 | break; |
| 242 | } |
| 243 | case MSG_REMOVE_ESCROW_TOKEN: { |
| 244 | long handle = msg.getData().getLong(DATA_HANDLE); |
| 245 | int userId = msg.getData().getInt(DATA_USER_ID); |
| 246 | boolean success = mTrustManagerService.removeEscrowToken(handle, userId); |
| 247 | try { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 248 | if (mTrustAgentService != null) { |
| 249 | mTrustAgentService.onEscrowTokenRemoved(handle, success); |
| 250 | } |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 251 | } catch (RemoteException e) { |
| 252 | onError(e); |
| 253 | } |
| 254 | break; |
| 255 | } |
| 256 | case MSG_UNLOCK_USER: { |
| 257 | long handle = msg.getData().getLong(DATA_HANDLE); |
| 258 | int userId = msg.getData().getInt(DATA_USER_ID); |
| 259 | byte[] eToken = msg.getData().getByteArray(DATA_ESCROW_TOKEN); |
| 260 | mTrustManagerService.unlockUserWithToken(handle, eToken, userId); |
| 261 | break; |
| 262 | } |
Lucas Dupin | ef88654 | 2018-01-03 16:03:07 -0800 | [diff] [blame] | 263 | case MSG_SHOW_KEYGUARD_ERROR_MESSAGE: { |
| 264 | CharSequence message = msg.getData().getCharSequence(DATA_MESSAGE); |
| 265 | mTrustManagerService.showKeyguardErrorMessage(message); |
| 266 | break; |
| 267 | } |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 268 | } |
| 269 | } |
| 270 | }; |
| 271 | |
| 272 | private ITrustAgentServiceCallback mCallback = new ITrustAgentServiceCallback.Stub() { |
| 273 | |
Adrian Roos | 7e03dfc | 2014-05-16 16:06:28 +0200 | [diff] [blame] | 274 | @Override |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 275 | public void grantTrust(CharSequence userMessage, long durationMs, int flags) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 276 | if (DEBUG) Slog.d(TAG, "enableTrust(" + userMessage + ", durationMs = " + durationMs |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 277 | + ", flags = " + flags + ")"); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 278 | |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 279 | Message msg = mHandler.obtainMessage( |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 280 | MSG_GRANT_TRUST, flags, 0, userMessage); |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 281 | msg.getData().putLong(DATA_DURATION, durationMs); |
| 282 | msg.sendToTarget(); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 283 | } |
| 284 | |
Adrian Roos | 7e03dfc | 2014-05-16 16:06:28 +0200 | [diff] [blame] | 285 | @Override |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 286 | public void revokeTrust() { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 287 | if (DEBUG) Slog.d(TAG, "revokeTrust()"); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 288 | mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); |
| 289 | } |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 290 | |
| 291 | @Override |
| 292 | public void setManagingTrust(boolean managingTrust) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 293 | if (DEBUG) Slog.d(TAG, "managingTrust()"); |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 294 | mHandler.obtainMessage(MSG_MANAGING_TRUST, managingTrust ? 1 : 0, 0).sendToTarget(); |
| 295 | } |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 296 | |
| 297 | @Override |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 298 | public void onConfigureCompleted(boolean result, IBinder token) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 299 | if (DEBUG) Slog.d(TAG, "onSetTrustAgentFeaturesEnabledCompleted(result=" + result); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 300 | mHandler.obtainMessage(MSG_SET_TRUST_AGENT_FEATURES_COMPLETED, |
| 301 | result ? 1 : 0, 0, token).sendToTarget(); |
| 302 | } |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 303 | |
| 304 | @Override |
| 305 | public void addEscrowToken(byte[] token, int userId) { |
| 306 | if (mContext.getResources() |
| 307 | .getBoolean(com.android.internal.R.bool.config_allowEscrowTokenForTrustAgent)) { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 308 | throw new SecurityException("Escrow token API is not allowed."); |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 309 | } |
| 310 | |
| 311 | if (DEBUG) Slog.d(TAG, "adding escrow token for user " + userId); |
| 312 | Message msg = mHandler.obtainMessage(MSG_ADD_ESCROW_TOKEN); |
| 313 | msg.getData().putByteArray(DATA_ESCROW_TOKEN, token); |
| 314 | msg.getData().putInt(DATA_USER_ID, userId); |
| 315 | msg.sendToTarget(); |
| 316 | } |
| 317 | |
| 318 | @Override |
| 319 | public void isEscrowTokenActive(long handle, int userId) { |
| 320 | if (mContext.getResources() |
| 321 | .getBoolean(com.android.internal.R.bool.config_allowEscrowTokenForTrustAgent)) { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 322 | throw new SecurityException("Escrow token API is not allowed."); |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 323 | } |
| 324 | |
| 325 | if (DEBUG) Slog.d(TAG, "checking the state of escrow token on user " + userId); |
| 326 | Message msg = mHandler.obtainMessage(MSG_ESCROW_TOKEN_STATE); |
| 327 | msg.getData().putLong(DATA_HANDLE, handle); |
| 328 | msg.getData().putInt(DATA_USER_ID, userId); |
| 329 | msg.sendToTarget(); |
| 330 | } |
| 331 | |
| 332 | @Override |
| 333 | public void removeEscrowToken(long handle, int userId) { |
| 334 | if (mContext.getResources() |
| 335 | .getBoolean(com.android.internal.R.bool.config_allowEscrowTokenForTrustAgent)) { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 336 | throw new SecurityException("Escrow token API is not allowed."); |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 337 | } |
| 338 | |
| 339 | if (DEBUG) Slog.d(TAG, "removing escrow token on user " + userId); |
| 340 | Message msg = mHandler.obtainMessage(MSG_REMOVE_ESCROW_TOKEN); |
| 341 | msg.getData().putLong(DATA_HANDLE, handle); |
| 342 | msg.getData().putInt(DATA_USER_ID, userId); |
| 343 | msg.sendToTarget(); |
| 344 | } |
| 345 | |
| 346 | @Override |
| 347 | public void unlockUserWithToken(long handle, byte[] token, int userId) { |
| 348 | if (mContext.getResources() |
| 349 | .getBoolean(com.android.internal.R.bool.config_allowEscrowTokenForTrustAgent)) { |
Lingjun Li | 44196d3 | 2017-02-17 18:32:23 -0800 | [diff] [blame] | 350 | throw new SecurityException("Escrow token API is not allowed."); |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 351 | } |
| 352 | |
| 353 | if (DEBUG) Slog.d(TAG, "unlocking user " + userId); |
| 354 | Message msg = mHandler.obtainMessage(MSG_UNLOCK_USER); |
| 355 | msg.getData().putInt(DATA_USER_ID, userId); |
| 356 | msg.getData().putLong(DATA_HANDLE, handle); |
| 357 | msg.getData().putByteArray(DATA_ESCROW_TOKEN, token); |
| 358 | msg.sendToTarget(); |
| 359 | } |
Lucas Dupin | ef88654 | 2018-01-03 16:03:07 -0800 | [diff] [blame] | 360 | |
| 361 | @Override |
| 362 | public void showKeyguardErrorMessage(CharSequence message) { |
| 363 | if (DEBUG) Slog.d(TAG, "Showing keyguard error message: " + message); |
| 364 | Message msg = mHandler.obtainMessage(MSG_SHOW_KEYGUARD_ERROR_MESSAGE); |
| 365 | msg.getData().putCharSequence(DATA_MESSAGE, message); |
| 366 | msg.sendToTarget(); |
| 367 | } |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 368 | }; |
| 369 | |
| 370 | private final ServiceConnection mConnection = new ServiceConnection() { |
| 371 | @Override |
| 372 | public void onServiceConnected(ComponentName name, IBinder service) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 373 | if (DEBUG) Slog.d(TAG, "TrustAgent started : " + name.flattenToString()); |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 374 | mHandler.removeMessages(MSG_RESTART_TIMEOUT); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 375 | mTrustAgentService = ITrustAgentService.Stub.asInterface(service); |
Adrian Roos | 7d59b4f | 2014-05-27 20:01:31 +0200 | [diff] [blame] | 376 | mTrustManagerService.mArchive.logAgentConnected(mUserId, name); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 377 | setCallback(mCallback); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 378 | updateDevicePolicyFeatures(); |
Adrian Roos | 481a6df | 2014-11-20 19:48:56 +0100 | [diff] [blame] | 379 | |
Adrian Roos | 517b3a4 | 2016-03-03 14:58:33 -0800 | [diff] [blame] | 380 | if (mPendingSuccessfulUnlock) { |
| 381 | onUnlockAttempt(true); |
| 382 | mPendingSuccessfulUnlock = false; |
| 383 | } |
| 384 | |
Adrian Roos | 481a6df | 2014-11-20 19:48:56 +0100 | [diff] [blame] | 385 | if (mTrustManagerService.isDeviceLockedInner(mUserId)) { |
| 386 | onDeviceLocked(); |
| 387 | } else { |
| 388 | onDeviceUnlocked(); |
| 389 | } |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 390 | } |
| 391 | |
| 392 | @Override |
| 393 | public void onServiceDisconnected(ComponentName name) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 394 | if (DEBUG) Slog.d(TAG, "TrustAgent disconnected : " + name.flattenToShortString()); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 395 | mTrustAgentService = null; |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 396 | mManagingTrust = false; |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 397 | mSetTrustAgentFeaturesToken = null; |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 398 | mTrustManagerService.mArchive.logAgentDied(mUserId, name); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 399 | mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 400 | if (mBound) { |
| 401 | scheduleRestart(); |
| 402 | } |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 403 | // mTrustDisabledByDpm maintains state |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 404 | } |
| 405 | }; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 406 | |
| 407 | public TrustAgentWrapper(Context context, TrustManagerService trustManagerService, |
| 408 | Intent intent, UserHandle user) { |
| 409 | mContext = context; |
| 410 | mTrustManagerService = trustManagerService; |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 411 | mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 412 | mUserId = user.getIdentifier(); |
| 413 | mName = intent.getComponent(); |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 414 | |
| 415 | mAlarmIntent = new Intent(TRUST_EXPIRED_ACTION).putExtra(EXTRA_COMPONENT_NAME, mName); |
| 416 | mAlarmIntent.setData(Uri.parse(mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME))); |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 417 | mAlarmIntent.setPackage(context.getPackageName()); |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 418 | |
| 419 | final IntentFilter alarmFilter = new IntentFilter(TRUST_EXPIRED_ACTION); |
| 420 | alarmFilter.addDataScheme(mAlarmIntent.getScheme()); |
| 421 | final String pathUri = mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME); |
| 422 | alarmFilter.addDataPath(pathUri, PatternMatcher.PATTERN_LITERAL); |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 423 | |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 424 | // Schedules a restart for when connecting times out. If the connection succeeds, |
| 425 | // the restart is canceled in mCallback's onConnected. |
| 426 | scheduleRestart(); |
Dianne Hackborn | d69e4c1 | 2015-04-24 09:54:54 -0700 | [diff] [blame] | 427 | mBound = context.bindServiceAsUser(intent, mConnection, |
| 428 | Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE, user); |
Adrian Roos | 1221b06 | 2015-03-26 12:29:51 -0700 | [diff] [blame] | 429 | if (mBound) { |
| 430 | mContext.registerReceiver(mBroadcastReceiver, alarmFilter, PERMISSION, null); |
| 431 | } else { |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 432 | Log.e(TAG, "Can't bind to TrustAgent " + mName.flattenToShortString()); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 433 | } |
| 434 | } |
| 435 | |
| 436 | private void onError(Exception e) { |
Lingjun Li | 93a145f | 2017-01-23 17:13:35 -0800 | [diff] [blame] | 437 | Slog.w(TAG , "Exception ", e); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 438 | } |
| 439 | |
Jim Miller | d4efaac | 2014-08-14 18:02:45 -0700 | [diff] [blame] | 440 | private void onTrustTimeout() { |
| 441 | try { |
| 442 | if (mTrustAgentService != null) mTrustAgentService.onTrustTimeout(); |
| 443 | } catch (RemoteException e) { |
| 444 | onError(e); |
| 445 | } |
| 446 | } |
Adrian Roos | 481a6df | 2014-11-20 19:48:56 +0100 | [diff] [blame] | 447 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 448 | /** |
| 449 | * @see android.service.trust.TrustAgentService#onUnlockAttempt(boolean) |
| 450 | */ |
| 451 | public void onUnlockAttempt(boolean successful) { |
| 452 | try { |
Adrian Roos | 517b3a4 | 2016-03-03 14:58:33 -0800 | [diff] [blame] | 453 | if (mTrustAgentService != null) { |
| 454 | mTrustAgentService.onUnlockAttempt(successful); |
| 455 | } else { |
| 456 | mPendingSuccessfulUnlock = successful; |
| 457 | } |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 458 | } catch (RemoteException e) { |
| 459 | onError(e); |
| 460 | } |
| 461 | } |
| 462 | |
Adrian Roos | 481a6df | 2014-11-20 19:48:56 +0100 | [diff] [blame] | 463 | /** |
Zachary Iqbal | 327323d | 2017-01-12 14:41:13 -0800 | [diff] [blame] | 464 | * @see android.service.trust.TrustAgentService#onUnlockLockout(int) |
| 465 | */ |
| 466 | public void onUnlockLockout(int timeoutMs) { |
| 467 | try { |
| 468 | if (mTrustAgentService != null) { |
| 469 | mTrustAgentService.onUnlockLockout(timeoutMs); |
| 470 | } |
| 471 | } catch (RemoteException e) { |
| 472 | onError(e); |
| 473 | } |
| 474 | } |
| 475 | |
| 476 | /** |
Adrian Roos | 481a6df | 2014-11-20 19:48:56 +0100 | [diff] [blame] | 477 | * @see android.service.trust.TrustAgentService#onDeviceLocked() |
| 478 | */ |
| 479 | public void onDeviceLocked() { |
| 480 | try { |
| 481 | if (mTrustAgentService != null) mTrustAgentService.onDeviceLocked(); |
| 482 | } catch (RemoteException e) { |
| 483 | onError(e); |
| 484 | } |
| 485 | } |
| 486 | |
| 487 | /** |
| 488 | * @see android.service.trust.TrustAgentService#onDeviceUnlocked() |
| 489 | */ |
| 490 | public void onDeviceUnlocked() { |
| 491 | try { |
| 492 | if (mTrustAgentService != null) mTrustAgentService.onDeviceUnlocked(); |
| 493 | } catch (RemoteException e) { |
| 494 | onError(e); |
| 495 | } |
| 496 | } |
| 497 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 498 | private void setCallback(ITrustAgentServiceCallback callback) { |
| 499 | try { |
| 500 | if (mTrustAgentService != null) { |
| 501 | mTrustAgentService.setCallback(callback); |
| 502 | } |
| 503 | } catch (RemoteException e) { |
| 504 | onError(e); |
| 505 | } |
| 506 | } |
| 507 | |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 508 | boolean updateDevicePolicyFeatures() { |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 509 | boolean trustDisabled = false; |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 510 | if (DEBUG) Slog.d(TAG, "updateDevicePolicyFeatures(" + mName + ")"); |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 511 | try { |
| 512 | if (mTrustAgentService != null) { |
| 513 | DevicePolicyManager dpm = |
| 514 | (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 515 | |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 516 | if ((dpm.getKeyguardDisabledFeatures(null, mUserId) |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 517 | & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) { |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 518 | List<PersistableBundle> config = dpm.getTrustAgentConfiguration( |
| 519 | null, mName, mUserId); |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 520 | trustDisabled = true; |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 521 | if (DEBUG) Slog.d(TAG, "Detected trust agents disabled. Config = " + config); |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 522 | if (config != null && config.size() > 0) { |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 523 | if (DEBUG) { |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 524 | Slog.d(TAG, "TrustAgent " + mName.flattenToShortString() |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 525 | + " disabled until it acknowledges "+ config); |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 526 | } |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 527 | mSetTrustAgentFeaturesToken = new Binder(); |
Jim Miller | e303bf4 | 2014-08-26 17:12:29 -0700 | [diff] [blame] | 528 | mTrustAgentService.onConfigure(config, mSetTrustAgentFeaturesToken); |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 529 | } |
Adrian Roos | a43fd03 | 2015-03-09 19:10:15 +0100 | [diff] [blame] | 530 | } else { |
| 531 | mTrustAgentService.onConfigure(Collections.EMPTY_LIST, null); |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 532 | } |
Pavel Grafov | 2893998 | 2017-10-03 15:11:52 +0100 | [diff] [blame] | 533 | final long maxTimeToLock = dpm.getMaximumTimeToLock(null, mUserId); |
Jim Miller | 76b9b8b | 2014-08-22 17:04:57 -0700 | [diff] [blame] | 534 | if (maxTimeToLock != mMaximumTimeToLock) { |
| 535 | // If the timeout changes, cancel the alarm and send a timeout event to have |
| 536 | // the agent re-evaluate trust. |
| 537 | mMaximumTimeToLock = maxTimeToLock; |
| 538 | if (mAlarmPendingIntent != null) { |
| 539 | mAlarmManager.cancel(mAlarmPendingIntent); |
| 540 | mAlarmPendingIntent = null; |
| 541 | mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT); |
| 542 | } |
| 543 | } |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 544 | } |
| 545 | } catch (RemoteException e) { |
| 546 | onError(e); |
| 547 | } |
| 548 | if (mTrustDisabledByDpm != trustDisabled) { |
| 549 | mTrustDisabledByDpm = trustDisabled; |
Adrian Roos | 94e15a5 | 2015-04-16 12:23:18 -0700 | [diff] [blame] | 550 | mTrustManagerService.updateTrust(mUserId, 0); |
Jim Miller | 604e755 | 2014-07-18 19:00:02 -0700 | [diff] [blame] | 551 | } |
| 552 | return trustDisabled; |
| 553 | } |
| 554 | |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 555 | public boolean isTrusted() { |
Adrian Roos | 7861c66 | 2014-07-25 15:37:28 +0200 | [diff] [blame] | 556 | return mTrusted && mManagingTrust && !mTrustDisabledByDpm; |
| 557 | } |
| 558 | |
| 559 | public boolean isManagingTrust() { |
| 560 | return mManagingTrust && !mTrustDisabledByDpm; |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 561 | } |
| 562 | |
Adrian Roos | 7e03dfc | 2014-05-16 16:06:28 +0200 | [diff] [blame] | 563 | public CharSequence getMessage() { |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 564 | return mMessage; |
| 565 | } |
| 566 | |
Adrian Roos | fc29e0b | 2014-11-11 12:55:44 +0100 | [diff] [blame] | 567 | public void destroy() { |
| 568 | mHandler.removeMessages(MSG_RESTART_TIMEOUT); |
| 569 | |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 570 | if (!mBound) { |
| 571 | return; |
| 572 | } |
Adrian Roos | 5d63978 | 2016-07-21 11:43:02 -0700 | [diff] [blame] | 573 | if (DEBUG) Slog.d(TAG, "TrustAgent unbound : " + mName.flattenToShortString()); |
Adrian Roos | 7d59b4f | 2014-05-27 20:01:31 +0200 | [diff] [blame] | 574 | mTrustManagerService.mArchive.logAgentStopped(mUserId, mName); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 575 | mContext.unbindService(mConnection); |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 576 | mBound = false; |
Adrian Roos | 1221b06 | 2015-03-26 12:29:51 -0700 | [diff] [blame] | 577 | mContext.unregisterReceiver(mBroadcastReceiver); |
Adrian Roos | 7d59b4f | 2014-05-27 20:01:31 +0200 | [diff] [blame] | 578 | mTrustAgentService = null; |
Adrian Roos | 8f21158 | 2014-07-29 15:09:57 +0200 | [diff] [blame] | 579 | mSetTrustAgentFeaturesToken = null; |
Adrian Roos | 7d59b4f | 2014-05-27 20:01:31 +0200 | [diff] [blame] | 580 | mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 581 | } |
Adrian Roos | 7a4f3d4 | 2014-05-02 12:12:20 +0200 | [diff] [blame] | 582 | |
| 583 | public boolean isConnected() { |
| 584 | return mTrustAgentService != null; |
| 585 | } |
Adrian Roos | c5f95ce | 2014-07-24 16:00:46 +0200 | [diff] [blame] | 586 | |
| 587 | public boolean isBound() { |
| 588 | return mBound; |
| 589 | } |
| 590 | |
| 591 | /** |
| 592 | * If not connected, returns the time at which the agent is restarted. |
| 593 | * |
| 594 | * @return restart time in uptime millis. |
| 595 | */ |
| 596 | public long getScheduledRestartUptimeMillis() { |
| 597 | return mScheduledRestartUptimeMillis; |
| 598 | } |
| 599 | |
| 600 | private void scheduleRestart() { |
| 601 | mHandler.removeMessages(MSG_RESTART_TIMEOUT); |
| 602 | mScheduledRestartUptimeMillis = SystemClock.uptimeMillis() + RESTART_TIMEOUT_MILLIS; |
| 603 | mHandler.sendEmptyMessageAtTime(MSG_RESTART_TIMEOUT, mScheduledRestartUptimeMillis); |
| 604 | } |
Adrian Roos | 82142c2 | 2014-03-27 14:56:59 +0100 | [diff] [blame] | 605 | } |