Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / bba3270c34c9ee5e70a02d39e398114600d6a553 / . / services / core / java / com / android / server / trust / TrustAgentWrapper.java
blob: fb7d1864381bd3b2fb2ac43a720886724df68a34 [file] [log] [blame]
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.trust;
18
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]19import android.app.AlarmManager;
20import android.app.PendingIntent;
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]21import android.app.admin.DevicePolicyManager;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]22import android.content.BroadcastReceiver;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]23import android.content.ComponentName;
24import android.content.Context;
25import android.content.Intent;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]26import android.content.IntentFilter;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]27import android.content.ServiceConnection;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]28import android.net.Uri;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]29import android.os.Binder;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]30import android.os.Handler;
31import android.os.IBinder;
32import android.os.Message;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]33import android.os.PatternMatcher;
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]34import android.os.PersistableBundle;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]35import android.os.RemoteException;
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]36import android.os.SystemClock;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]37import android.os.UserHandle;
38import android.util.Log;
39import android.util.Slog;
40import android.service.trust.ITrustAgentService;
41import android.service.trust.ITrustAgentServiceCallback;
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]42
Adrian Roosa43fd032015-03-09 19:10:15 +0100[diff] [blame]43import java.util.Collections;
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]44import java.util.List;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]45
46/**
47 * A wrapper around a TrustAgentService interface. Coordinates communication between
48 * TrustManager and the actual TrustAgent.
49 */
50public class TrustAgentWrapper {
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]51 private static final String EXTRA_COMPONENT_NAME = "componentName";
52 private static final String TRUST_EXPIRED_ACTION = "android.server.trust.TRUST_EXPIRED_ACTION";
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]53 private static final String PERMISSION = android.Manifest.permission.PROVIDE_TRUST_AGENT;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]54 private static final boolean DEBUG = false;
55 private static final String TAG = "TrustAgentWrapper";
56
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]57 private static final int MSG_GRANT_TRUST = 1;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]58 private static final int MSG_REVOKE_TRUST = 2;
59 private static final int MSG_TRUST_TIMEOUT = 3;
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]60 private static final int MSG_RESTART_TIMEOUT = 4;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]61 private static final int MSG_SET_TRUST_AGENT_FEATURES_COMPLETED = 5;
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]62 private static final int MSG_MANAGING_TRUST = 6;
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]63
64 /**
65 * Time in uptime millis that we wait for the service connection, both when starting
66 * and when the service disconnects.
67 */
68 private static final long RESTART_TIMEOUT_MILLIS = 5 * 60000;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]69
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]70 /**
71 * Long extra for {@link #MSG_GRANT_TRUST}
72 */
73 private static final String DATA_DURATION = "duration";
74
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]75 private final TrustManagerService mTrustManagerService;
76 private final int mUserId;
77 private final Context mContext;
78 private final ComponentName mName;
79
80 private ITrustAgentService mTrustAgentService;
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]81 private boolean mBound;
82 private long mScheduledRestartUptimeMillis;
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]83 private long mMaximumTimeToLock; // from DevicePolicyManager
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]84
85 // Trust state
86 private boolean mTrusted;
Adrian Roos7e03dfc2014-05-16 16:06:28 +0200[diff] [blame]87 private CharSequence mMessage;
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]88 private boolean mTrustDisabledByDpm;
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]89 private boolean mManagingTrust;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]90 private IBinder mSetTrustAgentFeaturesToken;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]91 private AlarmManager mAlarmManager;
92 private final Intent mAlarmIntent;
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]93 private PendingIntent mAlarmPendingIntent;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]94
95 private final BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() {
96 @Override
97 public void onReceive(Context context, Intent intent) {
98 ComponentName component = intent.getParcelableExtra(EXTRA_COMPONENT_NAME);
99 if (TRUST_EXPIRED_ACTION.equals(intent.getAction())
100 && mName.equals(component)) {
101 mHandler.removeMessages(MSG_TRUST_TIMEOUT);
102 mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT);
103 }
104 }
105 };
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]106
107 private final Handler mHandler = new Handler() {
108 @Override
109 public void handleMessage(Message msg) {
110 switch (msg.what) {
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]111 case MSG_GRANT_TRUST:
Adrian Roos7d59b4f2014-05-27 20:01:31 +0200[diff] [blame]112 if (!isConnected()) {
113 Log.w(TAG, "Agent is not connected, cannot grant trust: "
114 + mName.flattenToShortString());
115 return;
116 }
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]117 mTrusted = true;
Adrian Roos7e03dfc2014-05-16 16:06:28 +0200[diff] [blame]118 mMessage = (CharSequence) msg.obj;
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]119 int flags = msg.arg1;
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]120 long durationMs = msg.getData().getLong(DATA_DURATION);
121 if (durationMs > 0) {
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]122 final long duration;
123 if (mMaximumTimeToLock != 0) {
124 // Enforce DevicePolicyManager timeout. This is here as a safeguard to
125 // ensure trust agents are evaluating trust state at least as often as
126 // the policy dictates. Admins that want more guarantees should be using
127 // DevicePolicyManager#KEYGUARD_DISABLE_TRUST_AGENTS.
128 duration = Math.min(durationMs, mMaximumTimeToLock);
129 if (DEBUG) {
130 Log.v(TAG, "DPM lock timeout in effect. Timeout adjusted from "
131 + durationMs + " to " + duration);
132 }
133 } else {
134 duration = durationMs;
135 }
136 long expiration = SystemClock.elapsedRealtime() + duration;
137 mAlarmPendingIntent = PendingIntent.getBroadcast(mContext, 0, mAlarmIntent,
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]138 PendingIntent.FLAG_CANCEL_CURRENT);
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]139 mAlarmManager.set(AlarmManager.ELAPSED_REALTIME_WAKEUP, expiration,
140 mAlarmPendingIntent);
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]141 }
142 mTrustManagerService.mArchive.logGrantTrust(mUserId, mName,
143 (mMessage != null ? mMessage.toString() : null),
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]144 durationMs, flags);
145 mTrustManagerService.updateTrust(mUserId, flags);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]146 break;
147 case MSG_TRUST_TIMEOUT:
148 if (DEBUG) Slog.v(TAG, "Trust timed out : " + mName.flattenToShortString());
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]149 mTrustManagerService.mArchive.logTrustTimeout(mUserId, mName);
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]150 onTrustTimeout();
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]151 // Fall through.
152 case MSG_REVOKE_TRUST:
153 mTrusted = false;
154 mMessage = null;
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]155 mHandler.removeMessages(MSG_TRUST_TIMEOUT);
156 if (msg.what == MSG_REVOKE_TRUST) {
157 mTrustManagerService.mArchive.logRevokeTrust(mUserId, mName);
158 }
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]159 mTrustManagerService.updateTrust(mUserId, 0);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]160 break;
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]161 case MSG_RESTART_TIMEOUT:
Adrian Roosfc29e0b2014-11-11 12:55:44 +0100[diff] [blame]162 destroy();
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]163 mTrustManagerService.resetAgent(mName, mUserId);
164 break;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]165 case MSG_SET_TRUST_AGENT_FEATURES_COMPLETED:
166 IBinder token = (IBinder) msg.obj;
167 boolean result = msg.arg1 != 0;
168 if (mSetTrustAgentFeaturesToken == token) {
169 mSetTrustAgentFeaturesToken = null;
170 if (mTrustDisabledByDpm && result) {
171 if (DEBUG) Log.v(TAG, "Re-enabling agent because it acknowledged "
172 + "enabled features: " + mName);
173 mTrustDisabledByDpm = false;
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]174 mTrustManagerService.updateTrust(mUserId, 0);
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]175 }
176 } else {
177 if (DEBUG) Log.w(TAG, "Ignoring MSG_SET_TRUST_AGENT_FEATURES_COMPLETED "
178 + "with obsolete token: " + mName);
179 }
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]180 break;
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]181 case MSG_MANAGING_TRUST:
182 mManagingTrust = msg.arg1 != 0;
183 if (!mManagingTrust) {
184 mTrusted = false;
185 mMessage = null;
186 }
187 mTrustManagerService.mArchive.logManagingTrust(mUserId, mName, mManagingTrust);
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]188 mTrustManagerService.updateTrust(mUserId, 0);
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]189 break;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]190 }
191 }
192 };
193
194 private ITrustAgentServiceCallback mCallback = new ITrustAgentServiceCallback.Stub() {
195
Adrian Roos7e03dfc2014-05-16 16:06:28 +0200[diff] [blame]196 @Override
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]197 public void grantTrust(CharSequence userMessage, long durationMs, int flags) {
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]198 if (DEBUG) Slog.v(TAG, "enableTrust(" + userMessage + ", durationMs = " + durationMs
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]199 + ", flags = " + flags + ")");
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]200
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]201 Message msg = mHandler.obtainMessage(
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]202 MSG_GRANT_TRUST, flags, 0, userMessage);
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]203 msg.getData().putLong(DATA_DURATION, durationMs);
204 msg.sendToTarget();
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]205 }
206
Adrian Roos7e03dfc2014-05-16 16:06:28 +0200[diff] [blame]207 @Override
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]208 public void revokeTrust() {
209 if (DEBUG) Slog.v(TAG, "revokeTrust()");
210 mHandler.sendEmptyMessage(MSG_REVOKE_TRUST);
211 }
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]212
213 @Override
214 public void setManagingTrust(boolean managingTrust) {
215 if (DEBUG) Slog.v(TAG, "managingTrust()");
216 mHandler.obtainMessage(MSG_MANAGING_TRUST, managingTrust ? 1 : 0, 0).sendToTarget();
217 }
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]218
219 @Override
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]220 public void onConfigureCompleted(boolean result, IBinder token) {
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]221 if (DEBUG) Slog.v(TAG, "onSetTrustAgentFeaturesEnabledCompleted(result=" + result);
222 mHandler.obtainMessage(MSG_SET_TRUST_AGENT_FEATURES_COMPLETED,
223 result ? 1 : 0, 0, token).sendToTarget();
224 }
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]225 };
226
227 private final ServiceConnection mConnection = new ServiceConnection() {
228 @Override
229 public void onServiceConnected(ComponentName name, IBinder service) {
230 if (DEBUG) Log.v(TAG, "TrustAgent started : " + name.flattenToString());
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]231 mHandler.removeMessages(MSG_RESTART_TIMEOUT);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]232 mTrustAgentService = ITrustAgentService.Stub.asInterface(service);
Adrian Roos7d59b4f2014-05-27 20:01:31 +0200[diff] [blame]233 mTrustManagerService.mArchive.logAgentConnected(mUserId, name);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]234 setCallback(mCallback);
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]235 updateDevicePolicyFeatures();
Adrian Roos481a6df2014-11-20 19:48:56 +0100[diff] [blame]236
237 if (mTrustManagerService.isDeviceLockedInner(mUserId)) {
238 onDeviceLocked();
239 } else {
240 onDeviceUnlocked();
241 }
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]242 }
243
244 @Override
245 public void onServiceDisconnected(ComponentName name) {
246 if (DEBUG) Log.v(TAG, "TrustAgent disconnected : " + name.flattenToShortString());
247 mTrustAgentService = null;
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]248 mManagingTrust = false;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]249 mSetTrustAgentFeaturesToken = null;
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]250 mTrustManagerService.mArchive.logAgentDied(mUserId, name);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]251 mHandler.sendEmptyMessage(MSG_REVOKE_TRUST);
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]252 if (mBound) {
253 scheduleRestart();
254 }
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]255 // mTrustDisabledByDpm maintains state
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]256 }
257 };
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]258
259 public TrustAgentWrapper(Context context, TrustManagerService trustManagerService,
260 Intent intent, UserHandle user) {
261 mContext = context;
262 mTrustManagerService = trustManagerService;
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]263 mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]264 mUserId = user.getIdentifier();
265 mName = intent.getComponent();
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]266
267 mAlarmIntent = new Intent(TRUST_EXPIRED_ACTION).putExtra(EXTRA_COMPONENT_NAME, mName);
268 mAlarmIntent.setData(Uri.parse(mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME)));
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]269 mAlarmIntent.setPackage(context.getPackageName());
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]270
271 final IntentFilter alarmFilter = new IntentFilter(TRUST_EXPIRED_ACTION);
272 alarmFilter.addDataScheme(mAlarmIntent.getScheme());
273 final String pathUri = mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME);
274 alarmFilter.addDataPath(pathUri, PatternMatcher.PATTERN_LITERAL);
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]275
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]276 // Schedules a restart for when connecting times out. If the connection succeeds,
277 // the restart is canceled in mCallback's onConnected.
278 scheduleRestart();
279 mBound = context.bindServiceAsUser(intent, mConnection, Context.BIND_AUTO_CREATE, user);
Adrian Roos1221b062015-03-26 12:29:51 -0700[diff] [blame]280 if (mBound) {
281 mContext.registerReceiver(mBroadcastReceiver, alarmFilter, PERMISSION, null);
282 } else {
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]283 Log.e(TAG, "Can't bind to TrustAgent " + mName.flattenToShortString());
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]284 }
285 }
286
287 private void onError(Exception e) {
288 Slog.w(TAG , "Remote Exception", e);
289 }
290
Jim Millerd4efaac2014-08-14 18:02:45 -0700[diff] [blame]291 private void onTrustTimeout() {
292 try {
293 if (mTrustAgentService != null) mTrustAgentService.onTrustTimeout();
294 } catch (RemoteException e) {
295 onError(e);
296 }
297 }
Adrian Roos481a6df2014-11-20 19:48:56 +0100[diff] [blame]298
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]299 /**
300 * @see android.service.trust.TrustAgentService#onUnlockAttempt(boolean)
301 */
302 public void onUnlockAttempt(boolean successful) {
303 try {
304 if (mTrustAgentService != null) mTrustAgentService.onUnlockAttempt(successful);
305 } catch (RemoteException e) {
306 onError(e);
307 }
308 }
309
Adrian Roos481a6df2014-11-20 19:48:56 +0100[diff] [blame]310 /**
311 * @see android.service.trust.TrustAgentService#onDeviceLocked()
312 */
313 public void onDeviceLocked() {
314 try {
315 if (mTrustAgentService != null) mTrustAgentService.onDeviceLocked();
316 } catch (RemoteException e) {
317 onError(e);
318 }
319 }
320
321 /**
322 * @see android.service.trust.TrustAgentService#onDeviceUnlocked()
323 */
324 public void onDeviceUnlocked() {
325 try {
326 if (mTrustAgentService != null) mTrustAgentService.onDeviceUnlocked();
327 } catch (RemoteException e) {
328 onError(e);
329 }
330 }
331
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]332 private void setCallback(ITrustAgentServiceCallback callback) {
333 try {
334 if (mTrustAgentService != null) {
335 mTrustAgentService.setCallback(callback);
336 }
337 } catch (RemoteException e) {
338 onError(e);
339 }
340 }
341
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]342 boolean updateDevicePolicyFeatures() {
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]343 boolean trustDisabled = false;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]344 if (DEBUG) Slog.v(TAG, "updateDevicePolicyFeatures(" + mName + ")");
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]345 try {
346 if (mTrustAgentService != null) {
347 DevicePolicyManager dpm =
348 (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]349
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]350 if ((dpm.getKeyguardDisabledFeatures(null, mUserId)
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]351 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) {
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]352 List<PersistableBundle> config = dpm.getTrustAgentConfiguration(
353 null, mName, mUserId);
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]354 trustDisabled = true;
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]355 if (DEBUG) Slog.v(TAG, "Detected trust agents disabled. Config = " + config);
356 if (config != null && config.size() > 0) {
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]357 if (DEBUG) {
358 Slog.v(TAG, "TrustAgent " + mName.flattenToShortString()
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]359 + " disabled until it acknowledges "+ config);
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]360 }
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]361 mSetTrustAgentFeaturesToken = new Binder();
Jim Millere303bf42014-08-26 17:12:29 -0700[diff] [blame]362 mTrustAgentService.onConfigure(config, mSetTrustAgentFeaturesToken);
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]363 }
Adrian Roosa43fd032015-03-09 19:10:15 +0100[diff] [blame]364 } else {
365 mTrustAgentService.onConfigure(Collections.EMPTY_LIST, null);
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]366 }
Jim Miller76b9b8b2014-08-22 17:04:57 -0700[diff] [blame]367 final long maxTimeToLock = dpm.getMaximumTimeToLock(null);
368 if (maxTimeToLock != mMaximumTimeToLock) {
369 // If the timeout changes, cancel the alarm and send a timeout event to have
370 // the agent re-evaluate trust.
371 mMaximumTimeToLock = maxTimeToLock;
372 if (mAlarmPendingIntent != null) {
373 mAlarmManager.cancel(mAlarmPendingIntent);
374 mAlarmPendingIntent = null;
375 mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT);
376 }
377 }
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]378 }
379 } catch (RemoteException e) {
380 onError(e);
381 }
382 if (mTrustDisabledByDpm != trustDisabled) {
383 mTrustDisabledByDpm = trustDisabled;
Adrian Roos94e15a52015-04-16 12:23:18 -0700[diff] [blame]384 mTrustManagerService.updateTrust(mUserId, 0);
Jim Miller604e7552014-07-18 19:00:02 -0700[diff] [blame]385 }
386 return trustDisabled;
387 }
388
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]389 public boolean isTrusted() {
Adrian Roos7861c662014-07-25 15:37:28 +0200[diff] [blame]390 return mTrusted && mManagingTrust && !mTrustDisabledByDpm;
391 }
392
393 public boolean isManagingTrust() {
394 return mManagingTrust && !mTrustDisabledByDpm;
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]395 }
396
Adrian Roos7e03dfc2014-05-16 16:06:28 +0200[diff] [blame]397 public CharSequence getMessage() {
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]398 return mMessage;
399 }
400
Adrian Roosfc29e0b2014-11-11 12:55:44 +0100[diff] [blame]401 public void destroy() {
402 mHandler.removeMessages(MSG_RESTART_TIMEOUT);
403
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]404 if (!mBound) {
405 return;
406 }
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]407 if (DEBUG) Log.v(TAG, "TrustAgent unbound : " + mName.flattenToShortString());
Adrian Roos7d59b4f2014-05-27 20:01:31 +0200[diff] [blame]408 mTrustManagerService.mArchive.logAgentStopped(mUserId, mName);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]409 mContext.unbindService(mConnection);
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]410 mBound = false;
Adrian Roos1221b062015-03-26 12:29:51 -0700[diff] [blame]411 mContext.unregisterReceiver(mBroadcastReceiver);
Adrian Roos7d59b4f2014-05-27 20:01:31 +0200[diff] [blame]412 mTrustAgentService = null;
Adrian Roos8f211582014-07-29 15:09:57 +0200[diff] [blame]413 mSetTrustAgentFeaturesToken = null;
Adrian Roos7d59b4f2014-05-27 20:01:31 +0200[diff] [blame]414 mHandler.sendEmptyMessage(MSG_REVOKE_TRUST);
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]415 }
Adrian Roos7a4f3d42014-05-02 12:12:20 +0200[diff] [blame]416
417 public boolean isConnected() {
418 return mTrustAgentService != null;
419 }
Adrian Roosc5f95ce2014-07-24 16:00:46 +0200[diff] [blame]420
421 public boolean isBound() {
422 return mBound;
423 }
424
425 /**
426 * If not connected, returns the time at which the agent is restarted.
427 *
428 * @return restart time in uptime millis.
429 */
430 public long getScheduledRestartUptimeMillis() {
431 return mScheduledRestartUptimeMillis;
432 }
433
434 private void scheduleRestart() {
435 mHandler.removeMessages(MSG_RESTART_TIMEOUT);
436 mScheduledRestartUptimeMillis = SystemClock.uptimeMillis() + RESTART_TIMEOUT_MILLIS;
437 mHandler.sendEmptyMessageAtTime(MSG_RESTART_TIMEOUT, mScheduledRestartUptimeMillis);
438 }
Adrian Roos82142c22014-03-27 14:56:59 +0100[diff] [blame]439}