Blame - services/core/java/com/android/server/trust/TrustManagerService.java - platform/frameworks/base

2014-03-27 14:56:59 +0100

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License

15

*/

16

17

package com.android.server.trust;

18

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

19

import com.android.internal.annotations.GuardedBy;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

20

import com.android.internal.content.PackageMonitor;

21

import com.android.internal.widget.LockPatternUtils;

22

import com.android.server.SystemService;

23

24

import org.xmlpull.v1.XmlPullParser;

25

import org.xmlpull.v1.XmlPullParserException;

26

27

import android.Manifest;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

28

import android.app.ActivityManager;

Nicolas Prevot

c662898

2016-04-14 10:11:21 +0100

[diff] [blame^]

29

import android.app.ActivityManagerNative;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

30

import android.app.admin.DevicePolicyManager;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

31

import android.app.trust.ITrustListener;

32

import android.app.trust.ITrustManager;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

33

import android.content.BroadcastReceiver;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

34

import android.content.ComponentName;

35

import android.content.Context;

36

import android.content.Intent;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

37

import android.content.IntentFilter;

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

38

import android.content.pm.ApplicationInfo;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

39

import android.content.pm.PackageManager;

40

import android.content.pm.ResolveInfo;

41

import android.content.pm.UserInfo;

42

import android.content.res.Resources;

43

import android.content.res.TypedArray;

44

import android.content.res.XmlResourceParser;

45

import android.graphics.drawable.Drawable;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

46

import android.os.Binder;

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

47

import android.os.DeadObjectException;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

48

import android.os.Handler;

49

import android.os.IBinder;

50

import android.os.Message;

Jim Miller

e303bf4

2014-08-26 17:12:29 -0700

[diff] [blame]

51

import android.os.PersistableBundle;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

52

import android.os.RemoteException;

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

53

import android.os.SystemClock;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

54

import android.os.UserHandle;

55

import android.os.UserManager;

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

56

import android.provider.Settings;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

57

import android.service.trust.TrustAgentService;

58

import android.util.ArraySet;

59

import android.util.AttributeSet;

Adrian Roos

18ea893

2014-05-28 14:53:06 +0200

[diff] [blame]

60

import android.util.Log;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

61

import android.util.Slog;

Adrian Roos

7046bfd

2014-05-16 21:20:54 +0200

[diff] [blame]

62

import android.util.SparseBooleanArray;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

63

import android.util.Xml;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

64

import android.view.IWindowManager;

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

65

import android.view.WindowManagerGlobal;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

66

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

67

import java.io.FileDescriptor;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

68

import java.io.IOException;

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

69

import java.io.PrintWriter;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

70

import java.util.ArrayList;

71

import java.util.List;

72

73

/**

74

* Manages trust agents and trust listeners.

75

*

76

* It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s

77

* of each user and notifies them about events that are relevant to them.

78

* It start and stops them based on the value of

79

* {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}.

80

*

81

* It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the

82

* trust state changes for any user.

83

*

84

* Trust state and the setting of enabled agents is kept per user and each user has its own

85

* instance of a {@link android.service.trust.TrustAgentService}.

86

*/

87

public class TrustManagerService extends SystemService {

88

89

private static final boolean DEBUG = false;

90

private static final String TAG = "TrustManagerService";

91

92

private static final Intent TRUST_AGENT_INTENT =

93

new Intent(TrustAgentService.SERVICE_INTERFACE);

Adrian Roos

18ea893

2014-05-28 14:53:06 +0200

[diff] [blame]

94

private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

95

96

private static final int MSG_REGISTER_LISTENER = 1;

97

private static final int MSG_UNREGISTER_LISTENER = 2;

98

private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3;

99

private static final int MSG_ENABLED_AGENTS_CHANGED = 4;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

100

private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6;

101

private static final int MSG_START_USER = 7;

102

private static final int MSG_CLEANUP_USER = 8;

103

private static final int MSG_SWITCH_USER = 9;

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

104

private static final int MSG_SET_DEVICE_LOCKED = 10;

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

105

private static final int MSG_FLUSH_TRUST_USUALLY_MANAGED = 11;

106

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

107

private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

108

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

109

private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<>();

110

private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<>();

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

111

private final Receiver mReceiver = new Receiver();

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

112

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

113

/* package */ final TrustArchive mArchive = new TrustArchive();

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

114

private final Context mContext;

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

115

private final LockPatternUtils mLockPatternUtils;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

116

private final UserManager mUserManager;

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

117

private final ActivityManager mActivityManager;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

118

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

119

@GuardedBy("mUserIsTrusted")

120

private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

121

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

122

@GuardedBy("mDeviceLockedForUser")

123

private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray();

124

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

125

@GuardedBy("mDeviceLockedForUser")

126

private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray();

127

Rakesh Iyer

a7aa4d6

2016-01-19 17:27:23 -0800

[diff] [blame]

128

private final StrongAuthTracker mStrongAuthTracker;

129

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

130

private boolean mTrustAgentsCanRun = false;

Xiaohui Chen

09e0291

2015-08-05 09:44:56 -0700

[diff] [blame]

131

private int mCurrentUser = UserHandle.USER_SYSTEM;

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

132

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

133

public TrustManagerService(Context context) {

134

super(context);

135

mContext = context;

136

mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

137

mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

138

mLockPatternUtils = new LockPatternUtils(context);

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

139

mStrongAuthTracker = new StrongAuthTracker(context);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

@Override

public void onStart() {

144

publishBinderService(Context.TRUST_SERVICE, mService);

}

@Override

public void onBootPhase(int phase) {

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

149

if (isSafeMode()) {

150

// No trust agents in safe mode.

151

return;

152

}

153

if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

154

mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true);

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

155

mReceiver.register(mContext);

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

156

mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

157

} else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) {

158

mTrustAgentsCanRun = true;

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

159

refreshAgentList(UserHandle.USER_ALL);

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

160

} else if (phase == SystemService.PHASE_BOOT_COMPLETED) {

Xiaohui Chen

09e0291

2015-08-05 09:44:56 -0700

[diff] [blame]

161

maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_SYSTEM);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

// Agent management

private static final class AgentInfo {

168

CharSequence label;

169

Drawable icon;

170

ComponentName component; // service that implements ITrustAgent

171

ComponentName settings; // setting to launch to modify agent.

172

TrustAgentWrapper agent;

int userId;

@Override

public boolean equals(Object other) {

177

if (!(other instanceof AgentInfo)) {

178

return false;

179

}

180

AgentInfo o = (AgentInfo) other;

181

return component.equals(o.component) && userId == o.userId;

}

@Override

public int hashCode() {

186

return component.hashCode() * 31 + userId;

}

}

private void updateTrustAll() {

191

List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);

192

for (UserInfo userInfo : userInfos) {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

193

updateTrust(userInfo.id, 0);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

197

public void updateTrust(int userId, int flags) {

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

198

boolean managed = aggregateIsTrustManaged(userId);

199

dispatchOnTrustManagedChanged(managed, userId);

200

if (mStrongAuthTracker.isTrustAllowedForUser(userId)

201

&& isTrustUsuallyManagedInternal(userId) != managed) {

202

updateTrustUsuallyManaged(userId, managed);

203

}

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

204

boolean trusted = aggregateIsTrusted(userId);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

205

boolean changed;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

206

synchronized (mUserIsTrusted) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

207

changed = mUserIsTrusted.get(userId) != trusted;

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

208

mUserIsTrusted.put(userId, trusted);

209

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

210

dispatchOnTrustChanged(trusted, userId, flags);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

211

if (changed) {

212

refreshDeviceLockedForUser(userId);

213

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

214

}

215

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

216

private void updateTrustUsuallyManaged(int userId, boolean managed) {

217

synchronized (mTrustUsuallyManagedForUser) {

218

mTrustUsuallyManagedForUser.put(userId, managed);

219

}

220

// Wait a few minutes before committing to flash, in case the trust agent is transiently not

221

// managing trust (crashed, needs to acknowledge DPM restrictions, etc).

222

mHandler.removeMessages(MSG_FLUSH_TRUST_USUALLY_MANAGED);

223

mHandler.sendMessageDelayed(

224

mHandler.obtainMessage(MSG_FLUSH_TRUST_USUALLY_MANAGED),

225

TRUST_USUALLY_MANAGED_FLUSH_DELAY);

226

}

227

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

228

void refreshAgentList(int userIdOrAll) {

229

if (DEBUG) Slog.d(TAG, "refreshAgentList(" + userIdOrAll + ")");

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

230

if (!mTrustAgentsCanRun) {

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

231

return;

232

}

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

233

if (userIdOrAll != UserHandle.USER_ALL && userIdOrAll < UserHandle.USER_SYSTEM) {

234

Log.e(TAG, "refreshAgentList(userId=" + userIdOrAll + "): Invalid user handle,"

Adrian Roos

2014-09-08 14:03:47 +0200

[diff] [blame]

235

+ " must be USER_ALL or a specific user.", new Throwable("here"));

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

236

userIdOrAll = UserHandle.USER_ALL;

Adrian Roos

2014-09-08 14:03:47 +0200

[diff] [blame]

237

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

238

PackageManager pm = mContext.getPackageManager();

239

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

240

List<UserInfo> userInfos;

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

241

if (userIdOrAll == UserHandle.USER_ALL) {

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

242

userInfos = mUserManager.getUsers(true /* excludeDying */);

243

} else {

244

userInfos = new ArrayList<>();

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

245

userInfos.add(mUserManager.getUserInfo(userIdOrAll));

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

246

}

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

247

LockPatternUtils lockPatternUtils = mLockPatternUtils;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

248

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

249

ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>();

250

obsoleteAgents.addAll(mActiveAgents);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

251

252

for (UserInfo userInfo : userInfos) {

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

253

if (userInfo == null || userInfo.partial || !userInfo.isEnabled()

254

|| userInfo.guestToRemove) continue;

Xiaohui Chen

7cb69df

2015-07-13 16:01:01 -0700

[diff] [blame]

255

if (!userInfo.supportsSwitchToByUser()) continue;

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

256

if (!mActivityManager.isUserRunning(userInfo.id)) continue;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

257

if (!lockPatternUtils.isSecure(userInfo.id)) continue;

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

258

if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id)) continue;

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

259

DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();

260

int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);

Jim Miller

604e755

2014-07-18 19:00:02 -0700

[diff] [blame]

261

final boolean disableTrustAgents =

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

262

(disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;

263

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

264

List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id);

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

265

if (enabledAgents == null) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

266

continue;

267

}

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

268

List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

269

for (ResolveInfo resolveInfo : resolveInfos) {

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

270

ComponentName name = getComponentName(resolveInfo);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

271

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

272

if (!enabledAgents.contains(name)) continue;

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

273

if (disableTrustAgents) {

Jim Miller

e303bf4

2014-08-26 17:12:29 -0700

[diff] [blame]

274

List<PersistableBundle> config =

275

dpm.getTrustAgentConfiguration(null /* admin */, name, userInfo.id);

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

276

// Disable agent if no features are enabled.

Jim Miller

e303bf4

2014-08-26 17:12:29 -0700

[diff] [blame]

277

if (config == null || config.isEmpty()) continue;

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

278

}

279

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

280

AgentInfo agentInfo = new AgentInfo();

281

agentInfo.component = name;

282

agentInfo.userId = userInfo.id;

283

if (!mActiveAgents.contains(agentInfo)) {

284

agentInfo.label = resolveInfo.loadLabel(pm);

285

agentInfo.icon = resolveInfo.loadIcon(pm);

286

agentInfo.settings = getSettingsComponentName(pm, resolveInfo);

287

agentInfo.agent = new TrustAgentWrapper(mContext, this,

288

new Intent().setComponent(name), userInfo.getUserHandle());

289

mActiveAgents.add(agentInfo);

290

} else {

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

291

obsoleteAgents.remove(agentInfo);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

}

boolean trustMayHaveChanged = false;

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

297

for (int i = 0; i < obsoleteAgents.size(); i++) {

298

AgentInfo info = obsoleteAgents.valueAt(i);

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

299

if (userIdOrAll == UserHandle.USER_ALL || userIdOrAll == info.userId) {

Adrian Roos

2014-09-08 14:03:47 +0200

[diff] [blame]

300

if (info.agent.isManagingTrust()) {

301

trustMayHaveChanged = true;

302

}

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

303

info.agent.destroy();

Adrian Roos

2014-09-08 14:03:47 +0200

[diff] [blame]

304

mActiveAgents.remove(info);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

305

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

306

}

307

308

if (trustMayHaveChanged) {

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

309

if (userIdOrAll == UserHandle.USER_ALL) {

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

310

updateTrustAll();

311

} else {

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

312

updateTrust(userIdOrAll, 0);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

313

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

317

public void setDeviceLockedForUser(int userId, boolean locked) {

Clara Bayarri

a177111

2015-12-18 16:29:18 +0000

[diff] [blame]

318

if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {

319

synchronized (mDeviceLockedForUser) {

320

mDeviceLockedForUser.put(userId, locked);

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

321

}

Nicolas Prevot

c662898

2016-04-14 10:11:21 +0100

[diff] [blame^]

322

if (locked) {

323

try {

324

ActivityManagerNative.getDefault().notifyLockedProfile(userId);

325

} catch (RemoteException e) {

326

}

327

}

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

}

}

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

331

boolean isDeviceLockedInner(int userId) {

332

synchronized (mDeviceLockedForUser) {

333

return mDeviceLockedForUser.get(userId, true);

}

}

private void refreshDeviceLockedForUser(int userId) {

Xiaohui Chen

09e0291

2015-08-05 09:44:56 -0700

[diff] [blame]

338

if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) {

Adrian Roos

7e2e40e

2014-11-21 15:27:12 +0100

[diff] [blame]

339

Log.e(TAG, "refreshDeviceLockedForUser(userId=" + userId + "): Invalid user handle,"

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

340

+ " must be USER_ALL or a specific user.", new Throwable("here"));

341

userId = UserHandle.USER_ALL;

342

}

343

344

List<UserInfo> userInfos;

345

if (userId == UserHandle.USER_ALL) {

346

userInfos = mUserManager.getUsers(true /* excludeDying */);

347

} else {

348

userInfos = new ArrayList<>();

349

userInfos.add(mUserManager.getUserInfo(userId));

350

}

351

352

IWindowManager wm = WindowManagerGlobal.getWindowManagerService();

353

354

for (int i = 0; i < userInfos.size(); i++) {

355

UserInfo info = userInfos.get(i);

356

357

if (info == null || info.partial || !info.isEnabled() || info.guestToRemove

Xiaohui Chen

7cb69df

2015-07-13 16:01:01 -0700

[diff] [blame]

358

|| !info.supportsSwitchToByUser()) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

continue;

}

int id = info.id;

boolean secure = mLockPatternUtils.isSecure(id);

364

boolean trusted = aggregateIsTrusted(id);

365

boolean showingKeyguard = true;

366

if (mCurrentUser == id) {

367

try {

368

showingKeyguard = wm.isKeyguardLocked();

369

} catch (RemoteException e) {

370

}

371

}

372

boolean deviceLocked = secure && showingKeyguard && !trusted;

373

374

boolean changed;

375

synchronized (mDeviceLockedForUser) {

376

changed = isDeviceLockedInner(id) != deviceLocked;

377

mDeviceLockedForUser.put(id, deviceLocked);

378

}

379

if (changed) {

380

dispatchDeviceLocked(id, deviceLocked);

}

}

}

private void dispatchDeviceLocked(int userId, boolean isLocked) {

386

for (int i = 0; i < mActiveAgents.size(); i++) {

387

AgentInfo agent = mActiveAgents.valueAt(i);

388

if (agent.userId == userId) {

389

if (isLocked) {

390

agent.agent.onDeviceLocked();

391

} else{

392

agent.agent.onDeviceUnlocked();

}

}

}

}

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

398

void updateDevicePolicyFeatures() {

Adrian Roos

2014-07-29 15:09:57 +0200

[diff] [blame]

399

for (int i = 0; i < mActiveAgents.size(); i++) {

400

AgentInfo info = mActiveAgents.valueAt(i);

401

if (info.agent.isConnected()) {

402

info.agent.updateDevicePolicyFeatures();

}

}

}

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

407

private void removeAgentsOfPackage(String packageName) {

408

boolean trustMayHaveChanged = false;

409

for (int i = mActiveAgents.size() - 1; i >= 0; i--) {

410

AgentInfo info = mActiveAgents.valueAt(i);

411

if (packageName.equals(info.component.getPackageName())) {

412

Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

413

if (info.agent.isManagingTrust()) {

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

414

trustMayHaveChanged = true;

415

}

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

416

info.agent.destroy();

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

417

mActiveAgents.removeAt(i);

418

}

419

}

420

if (trustMayHaveChanged) {

updateTrustAll();

}

}

public void resetAgent(ComponentName name, int userId) {

426

boolean trustMayHaveChanged = false;

427

for (int i = mActiveAgents.size() - 1; i >= 0; i--) {

428

AgentInfo info = mActiveAgents.valueAt(i);

429

if (name.equals(info.component) && userId == info.userId) {

430

Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

431

if (info.agent.isManagingTrust()) {

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

432

trustMayHaveChanged = true;

433

}

Adrian Roos

2014-11-11 12:55:44 +0100

[diff] [blame]

434

info.agent.destroy();

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

435

mActiveAgents.removeAt(i);

436

}

437

}

438

if (trustMayHaveChanged) {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

439

updateTrust(userId, 0);

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

440

}

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

441

refreshAgentList(userId);

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

442

}

443

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

444

private ComponentName getSettingsComponentName(PackageManager pm, ResolveInfo resolveInfo) {

445

if (resolveInfo == null || resolveInfo.serviceInfo == null

446

|| resolveInfo.serviceInfo.metaData == null) return null;

447

String cn = null;

448

XmlResourceParser parser = null;

449

Exception caughtException = null;

450

try {

451

parser = resolveInfo.serviceInfo.loadXmlMetaData(pm,

452

TrustAgentService.TRUST_AGENT_META_DATA);

453

if (parser == null) {

454

Slog.w(TAG, "Can't find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data");

455

return null;

456

}

457

Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo);

458

AttributeSet attrs = Xml.asAttributeSet(parser);

459

int type;

460

while ((type = parser.next()) != XmlPullParser.END_DOCUMENT

461

&& type != XmlPullParser.START_TAG) {

462

// Drain preamble.

463

}

464

String nodeName = parser.getName();

Adrian Roos

7e03dfc

2014-05-16 16:06:28 +0200

[diff] [blame]

465

if (!"trust-agent".equals(nodeName)) {

466

Slog.w(TAG, "Meta-data does not start with trust-agent tag");

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

return null;

}

TypedArray sa = res

.obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent);

471

cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity);

472

sa.recycle();

473

} catch (PackageManager.NameNotFoundException e) {

474

caughtException = e;

475

} catch (IOException e) {

476

caughtException = e;

477

} catch (XmlPullParserException e) {

478

caughtException = e;

479

} finally {

480

if (parser != null) parser.close();

481

}

482

if (caughtException != null) {

483

Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException);

return null;

}

if (cn == null) {

return null;

}

if (cn.indexOf('/') < 0) {

490

cn = resolveInfo.serviceInfo.packageName + "/" + cn;

491

}

492

return ComponentName.unflattenFromString(cn);

493

}

494

495

private ComponentName getComponentName(ResolveInfo resolveInfo) {

496

if (resolveInfo == null || resolveInfo.serviceInfo == null) return null;

497

return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name);

498

}

499

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

500

private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) {

501

if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(),

502

Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) {

503

return;

504

}

505

PackageManager pm = mContext.getPackageManager();

506

List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);

507

ArraySet<ComponentName> discoveredAgents = new ArraySet<>();

508

for (ResolveInfo resolveInfo : resolveInfos) {

509

ComponentName componentName = getComponentName(resolveInfo);

510

int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags;

511

if ((applicationInfoFlags & ApplicationInfo.FLAG_SYSTEM) == 0) {

512

Log.i(TAG, "Leaving agent " + componentName + " disabled because package "

513

+ "is not a system package.");

514

continue;

515

}

516

discoveredAgents.add(componentName);

517

}

518

519

List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);

520

if (previouslyEnabledAgents != null) {

521

discoveredAgents.addAll(previouslyEnabledAgents);

522

}

523

utils.setEnabledTrustAgents(discoveredAgents, userId);

524

Settings.Secure.putIntForUser(mContext.getContentResolver(),

525

Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId);

526

}

527

528

private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) {

529

List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,

530

0 /* flags */, userId);

531

ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size());

532

for (ResolveInfo resolveInfo : resolveInfos) {

533

if (resolveInfo.serviceInfo == null) continue;

534

if (resolveInfo.serviceInfo.applicationInfo == null) continue;

535

String packageName = resolveInfo.serviceInfo.packageName;

536

if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)

537

!= PackageManager.PERMISSION_GRANTED) {

538

ComponentName name = getComponentName(resolveInfo);

539

Log.w(TAG, "Skipping agent " + name + " because package does not have"

540

+ " permission " + PERMISSION_PROVIDE_AGENT + ".");

541

continue;

542

}

543

allowedAgents.add(resolveInfo);

544

}

545

return allowedAgents;

546

}

547

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

548

// Agent dispatch and aggregation

549

550

private boolean aggregateIsTrusted(int userId) {

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

551

if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {

Adrian Roos

7046bfd

2014-05-16 21:20:54 +0200

[diff] [blame]

552

return false;

553

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

554

for (int i = 0; i < mActiveAgents.size(); i++) {

555

AgentInfo info = mActiveAgents.valueAt(i);

556

if (info.userId == userId) {

557

if (info.agent.isTrusted()) {

return true;

}

}

}

return false;

}

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

565

private boolean aggregateIsTrustManaged(int userId) {

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

566

if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

567

return false;

568

}

569

for (int i = 0; i < mActiveAgents.size(); i++) {

570

AgentInfo info = mActiveAgents.valueAt(i);

571

if (info.userId == userId) {

572

if (info.agent.isManagingTrust()) {

return true;

}

}

}

return false;

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

580

private void dispatchUnlockAttempt(boolean successful, int userId) {

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

581

if (successful) {

582

mStrongAuthTracker.allowTrustFromUnlock(userId);

583

}

584

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

585

for (int i = 0; i < mActiveAgents.size(); i++) {

586

AgentInfo info = mActiveAgents.valueAt(i);

587

if (info.userId == userId) {

588

info.agent.onUnlockAttempt(successful);

589

}

590

}

Adrian Roos

2c12cfa

2014-06-25 23:28:53 +0200

[diff] [blame]

591

}

592

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

593

// Listeners

594

595

private void addListener(ITrustListener listener) {

596

for (int i = 0; i < mTrustListeners.size(); i++) {

597

if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {

return;

}

}

mTrustListeners.add(listener);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

602

updateTrustAll();

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

603

}

604

605

private void removeListener(ITrustListener listener) {

606

for (int i = 0; i < mTrustListeners.size(); i++) {

607

if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {

Jay Civelli

979a32e

2014-07-18 16:47:36 -0700

[diff] [blame]

608

mTrustListeners.remove(i);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

return;

}

}

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

614

private void dispatchOnTrustChanged(boolean enabled, int userId, int flags) {

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

615

if (DEBUG) {

616

Log.i(TAG, "onTrustChanged(" + enabled + ", " + userId + ", 0x"

617

+ Integer.toHexString(flags) + ")");

618

}

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

619

if (!enabled) flags = 0;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

620

for (int i = 0; i < mTrustListeners.size(); i++) {

621

try {

Adrian Roos

2015-04-16 12:23:18 -0700

[diff] [blame]

622

mTrustListeners.get(i).onTrustChanged(enabled, userId, flags);

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

623

} catch (DeadObjectException e) {

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

624

Slog.d(TAG, "Removing dead TrustListener.");

625

mTrustListeners.remove(i);

626

i--;

627

} catch (RemoteException e) {

628

Slog.e(TAG, "Exception while notifying TrustListener.", e);

}

}

}

private void dispatchOnTrustManagedChanged(boolean managed, int userId) {

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

634

if (DEBUG) {

635

Log.i(TAG, "onTrustManagedChanged(" + managed + ", " + userId + ")");

636

}

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

637

for (int i = 0; i < mTrustListeners.size(); i++) {

638

try {

639

mTrustListeners.get(i).onTrustManagedChanged(managed, userId);

640

} catch (DeadObjectException e) {

641

Slog.d(TAG, "Removing dead TrustListener.");

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

642

mTrustListeners.remove(i);

643

i--;

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

644

} catch (RemoteException e) {

Adrian Roos

2014-05-20 12:56:25 +0200

[diff] [blame]

645

Slog.e(TAG, "Exception while notifying TrustListener.", e);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

// User lifecycle

@Override

public void onStartUser(int userId) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

654

mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget();

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

}

@Override

public void onCleanupUser(int userId) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

659

mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget();

}

@Override

public void onSwitchUser(int userId) {

664

mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget();

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

665

}

666

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

667

// Plumbing

668

669

private final IBinder mService = new ITrustManager.Stub() {

670

@Override

671

public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException {

672

enforceReportPermission();

673

mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId)

.sendToTarget();

}

@Override

public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException {

679

enforceReportPermission();

680

// coalesce refresh messages.

681

mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED);

682

mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED);

683

}

684

685

@Override

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

686

public void reportKeyguardShowingChanged() throws RemoteException {

687

enforceReportPermission();

688

// coalesce refresh messages.

689

mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED);

690

mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED);

691

}

692

693

@Override

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

694

public void registerTrustListener(ITrustListener trustListener) throws RemoteException {

695

enforceListenerPermission();

696

mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget();

}

@Override

public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException {

701

enforceListenerPermission();

702

mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();

703

}

704

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

705

@Override

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

706

public boolean isDeviceLocked(int userId) throws RemoteException {

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

707

userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

708

false /* allowAll */, true /* requireFull */, "isDeviceLocked", null);

Adrian Roos

2014-11-20 16:21:11 +0100

[diff] [blame]

709

Clara Bayarri

078e91b

2016-01-15 16:57:35 +0000

[diff] [blame]

710

long token = Binder.clearCallingIdentity();

711

try {

712

if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {

713

userId = resolveProfileParent(userId);

714

}

715

return isDeviceLockedInner(userId);

716

} finally {

717

Binder.restoreCallingIdentity(token);

718

}

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

719

}

720

Adrian Roos

8289368

2015-04-02 16:17:46 +0200

[diff] [blame]

721

@Override

722

public boolean isDeviceSecure(int userId) throws RemoteException {

723

userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,

724

false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);

Adrian Roos

8289368

2015-04-02 16:17:46 +0200

[diff] [blame]

725

726

long token = Binder.clearCallingIdentity();

727

try {

Clara Bayarri

8d35de8

2016-01-12 17:29:29 +0000

[diff] [blame]

728

if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {

729

userId = resolveProfileParent(userId);

730

}

Clara Bayarri

a177111

2015-12-18 16:29:18 +0000

[diff] [blame]

731

return mLockPatternUtils.isSecure(userId);

Adrian Roos

8289368

2015-04-02 16:17:46 +0200

[diff] [blame]

732

} finally {

733

Binder.restoreCallingIdentity(token);

}

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

737

private void enforceReportPermission() {

Adrian Roos

2c12cfa

2014-06-25 23:28:53 +0200

[diff] [blame]

738

mContext.enforceCallingOrSelfPermission(

739

Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

740

}

741

742

private void enforceListenerPermission() {

743

mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER,

744

"register trust listener");

745

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

746

747

@Override

748

protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) {

749

mContext.enforceCallingPermission(Manifest.permission.DUMP,

750

"dumping TrustManagerService");

Adrian Roos

2014-10-24 15:48:39 +0200

[diff] [blame]

751

if (isSafeMode()) {

752

fout.println("disabled because the system is in safe mode.");

753

return;

754

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

755

if (!mTrustAgentsCanRun) {

756

fout.println("disabled because the third-party apps can't run yet.");

757

return;

758

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

759

final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

760

mHandler.runWithScissors(new Runnable() {

761

@Override

762

public void run() {

763

fout.println("Trust manager state:");

764

for (UserInfo user : userInfos) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

765

dumpUser(fout, user, user.id == mCurrentUser);

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

}

}

}, 1500);

}

private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) {

772

fout.printf(" User \"%s\" (id=%d, flags=%#x)",

773

user.name, user.id, user.flags);

Xiaohui Chen

7cb69df

2015-07-13 16:01:01 -0700

[diff] [blame]

774

if (!user.supportsSwitchToByUser()) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

775

fout.println("(managed profile)");

776

fout.println(" disabled because switching to this user is not possible.");

777

return;

778

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

779

if (isCurrent) {

780

fout.print(" (current)");

781

}

782

fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id)));

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

783

fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id)));

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

784

fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id)));

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

785

fout.print(", strongAuthRequired=" + dumpHex(

786

mStrongAuthTracker.getStrongAuthForUser(user.id)));

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

787

fout.println();

788

fout.println(" Enabled agents:");

789

boolean duplicateSimpleNames = false;

790

ArraySet<String> simpleNames = new ArraySet<String>();

791

for (AgentInfo info : mActiveAgents) {

792

if (info.userId != user.id) { continue; }

793

boolean trusted = info.agent.isTrusted();

794

fout.print(" "); fout.println(info.component.flattenToShortString());

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

795

fout.print(" bound=" + dumpBool(info.agent.isBound()));

796

fout.print(", connected=" + dumpBool(info.agent.isConnected()));

Adrian Roos

2014-07-25 15:37:28 +0200

[diff] [blame]

797

fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust()));

798

fout.print(", trusted=" + dumpBool(trusted));

799

fout.println();

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

800

if (trusted) {

801

fout.println(" message=\"" + info.agent.getMessage() + "\"");

802

}

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

803

if (!info.agent.isConnected()) {

804

String restartTime = TrustArchive.formatDuration(

805

info.agent.getScheduledRestartUptimeMillis()

806

- SystemClock.uptimeMillis());

807

fout.println(" restartScheduledAt=" + restartTime);

808

}

Adrian Roos

2014-05-02 12:12:20 +0200

[diff] [blame]

809

if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) {

810

duplicateSimpleNames = true;

811

}

812

}

813

fout.println(" Events:");

814

mArchive.dump(fout, 50, user.id, " " /* linePrefix */, duplicateSimpleNames);

fout.println();

}

private String dumpBool(boolean b) {

819

return b ? "1" : "0";

820

}

Adrian Roos

2015-08-14 15:53:06 -0700

[diff] [blame]

821

822

private String dumpHex(int i) {

823

return "0x" + Integer.toHexString(i);

824

}

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

825

826

@Override

827

public void setDeviceLockedForUser(int userId, boolean value) {

Clara Bayarri

00a9b89

2016-01-13 16:17:09 +0000

[diff] [blame]

828

enforceReportPermission();

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

829

mHandler.obtainMessage(MSG_SET_DEVICE_LOCKED, value ? 1 : 0, userId)

830

.sendToTarget();

831

}

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

832

833

@Override

834

public boolean isTrustUsuallyManaged(int userId) {

835

mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER,

836

"query trust state");

837

return isTrustUsuallyManagedInternal(userId);

838

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

839

};

840

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

841

private boolean isTrustUsuallyManagedInternal(int userId) {

842

synchronized (mTrustUsuallyManagedForUser) {

843

int i = mTrustUsuallyManagedForUser.indexOfKey(userId);

844

if (i >= 0) {

845

return mTrustUsuallyManagedForUser.valueAt(i);

846

}

847

}

848

// It's not in memory yet, get the value from persisted storage instead

849

boolean persistedValue = mLockPatternUtils.isTrustUsuallyManaged(userId);

850

synchronized (mTrustUsuallyManagedForUser) {

851

int i = mTrustUsuallyManagedForUser.indexOfKey(userId);

852

if (i >= 0) {

853

// Someone set the trust usually managed in the mean time. Better use that.

854

return mTrustUsuallyManagedForUser.valueAt(i);

855

} else {

856

// .. otherwise it's safe to cache the fetched value now.

857

mTrustUsuallyManagedForUser.put(userId, persistedValue);

858

return persistedValue;

}

}

}

Adrian Roos

2014-10-22 16:57:16 +0200

[diff] [blame]

863

private int resolveProfileParent(int userId) {

864

long identity = Binder.clearCallingIdentity();

865

try {

866

UserInfo parent = mUserManager.getProfileParent(userId);

867

if (parent != null) {

868

return parent.getUserHandle().getIdentifier();

}

return userId;

} finally {

Binder.restoreCallingIdentity(identity);

}

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

876

private final Handler mHandler = new Handler() {

877

@Override

878

public void handleMessage(Message msg) {

879

switch (msg.what) {

880

case MSG_REGISTER_LISTENER:

881

addListener((ITrustListener) msg.obj);

882

break;

883

case MSG_UNREGISTER_LISTENER:

884

removeListener((ITrustListener) msg.obj);

885

break;

886

case MSG_DISPATCH_UNLOCK_ATTEMPT:

887

dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2);

888

break;

889

case MSG_ENABLED_AGENTS_CHANGED:

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

890

refreshAgentList(UserHandle.USER_ALL);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

891

// This is also called when the security mode of a user changes.

892

refreshDeviceLockedForUser(UserHandle.USER_ALL);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

893

break;

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

894

case MSG_KEYGUARD_SHOWING_CHANGED:

Adrian Roos

7e2e40e

2014-11-21 15:27:12 +0100

[diff] [blame]

895

refreshDeviceLockedForUser(mCurrentUser);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

896

break;

897

case MSG_START_USER:

898

case MSG_CLEANUP_USER:

899

refreshAgentList(msg.arg1);

900

break;

901

case MSG_SWITCH_USER:

902

mCurrentUser = msg.arg1;

903

refreshDeviceLockedForUser(UserHandle.USER_ALL);

904

break;

Clara Bayarri

2015-10-29 15:43:55 +0000

[diff] [blame]

905

case MSG_SET_DEVICE_LOCKED:

906

setDeviceLockedForUser(msg.arg2, msg.arg1 != 0);

907

break;

Adrian Roos

2016-01-12 20:29:03 +0100

[diff] [blame]

908

case MSG_FLUSH_TRUST_USUALLY_MANAGED:

909

SparseBooleanArray usuallyManaged;

910

synchronized (mTrustUsuallyManagedForUser) {

911

usuallyManaged = mTrustUsuallyManagedForUser.clone();

912

}

913

914

for (int i = 0; i < usuallyManaged.size(); i++) {

915

int userId = usuallyManaged.keyAt(i);

916

boolean value = usuallyManaged.valueAt(i);

917

if (value != mLockPatternUtils.isTrustUsuallyManaged(userId)) {

918

mLockPatternUtils.setTrustUsuallyManaged(value, userId);

919

}

920

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

}

};

private final PackageMonitor mPackageMonitor = new PackageMonitor() {

926

@Override

927

public void onSomePackagesChanged() {

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

928

refreshAgentList(UserHandle.USER_ALL);

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

}

@Override

public boolean onPackageChanged(String packageName, int uid, String[] components) {

933

// We're interested in all changes, even if just some components get enabled / disabled.

934

return true;

935

}

Adrian Roos

2014-07-24 16:00:46 +0200

[diff] [blame]

936

937

@Override

938

public void onPackageDisappeared(String packageName, int reason) {

939

removeAgentsOfPackage(packageName);

940

}

Adrian Roos

2014-03-27 14:56:59 +0100

[diff] [blame]

941

};

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

942

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

943

private class Receiver extends BroadcastReceiver {

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

944

945

@Override

946

public void onReceive(Context context, Intent intent) {

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

947

String action = intent.getAction();

948

if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action)) {

Marco Fucci

2014-08-29 12:31:48 -0700

[diff] [blame]

949

refreshAgentList(getSendingUserId());

950

updateDevicePolicyFeatures();

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

951

} else if (Intent.ACTION_USER_ADDED.equals(action)) {

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

952

int userId = getUserId(intent);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

953

if (userId > 0) {

954

maybeEnableFactoryTrustAgents(mLockPatternUtils, userId);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

955

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

956

} else if (Intent.ACTION_USER_REMOVED.equals(action)) {

957

int userId = getUserId(intent);

958

if (userId > 0) {

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

959

synchronized (mUserIsTrusted) {

960

mUserIsTrusted.delete(userId);

961

}

962

synchronized (mDeviceLockedForUser) {

963

mDeviceLockedForUser.delete(userId);

964

}

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

965

refreshAgentList(userId);

Adrian Roos

2014-11-20 19:48:56 +0100

[diff] [blame]

966

refreshDeviceLockedForUser(userId);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

}

}

}

private int getUserId(Intent intent) {

972

int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -100);

if (userId > 0) {

return userId;

} else {

Slog.wtf(TAG, "EXTRA_USER_HANDLE missing or invalid, value=" + userId);

977

return -100;

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

}

}

public void register(Context context) {

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

982

IntentFilter filter = new IntentFilter();

983

filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);

984

filter.addAction(Intent.ACTION_USER_PRESENT);

Adrian Roos

2014-09-05 18:22:28 +0200

[diff] [blame]

985

filter.addAction(Intent.ACTION_USER_ADDED);

Adrian Roos

2014-10-28 20:16:12 +0100

[diff] [blame]

986

filter.addAction(Intent.ACTION_USER_REMOVED);

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

987

context.registerReceiverAsUser(this,

988

UserHandle.ALL,

Adrian Roos

2014-08-13 18:25:52 +0200

[diff] [blame]

989

filter,

Adrian Roos

2014-05-16 18:52:29 +0200

[diff] [blame]

990

null /* permission */,

991

null /* scheduler */);

992

}

993

}

Adrian Roos

2016-03-03 14:58:33 -0800

[diff] [blame]

994

995

private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker {

996

997

SparseBooleanArray mStartFromSuccessfulUnlock = new SparseBooleanArray();

998

999

public StrongAuthTracker(Context context) {

super(context);

}

@Override

public void onStrongAuthRequiredChanged(int userId) {

1005

mStartFromSuccessfulUnlock.delete(userId);

1006

1007

if (DEBUG) {

1008

Log.i(TAG, "onStrongAuthRequiredChanged(" + userId + ") ->"

1009

+ " trustAllowed=" + isTrustAllowedForUser(userId)

1010

+ " agentsCanRun=" + canAgentsRunForUser(userId));

1011

}

1012

1013

refreshAgentList(userId);

1014

1015

// The list of active trust agents may not have changed, if there was a previous call

1016

// to allowTrustFromUnlock, so we update the trust here too.

1017

updateTrust(userId, 0 /* flags */);

1018

}

1019

1020

boolean canAgentsRunForUser(int userId) {

1021

return mStartFromSuccessfulUnlock.get(userId)

1022

|| super.isTrustAllowedForUser(userId);

}

/**

* Temporarily suppress strong auth requirements for {@param userId} until strong auth

1027

* changes again. Must only be called when we know about a successful unlock already

1028

* before the underlying StrongAuthTracker.

1029

*

1030

* Note that this only changes whether trust agents can be started, not the actual trusted

1031

* value.

1032

*/

1033

void allowTrustFromUnlock(int userId) {

1034

if (userId < UserHandle.USER_SYSTEM) {

1035

throw new IllegalArgumentException("userId must be a valid user: " + userId);

1036

}

1037

boolean previous = canAgentsRunForUser(userId);

1038

mStartFromSuccessfulUnlock.put(userId, true);

1039

1040

if (DEBUG) {

1041

Log.i(TAG, "allowTrustFromUnlock(" + userId + ") ->"

1042

+ " trustAllowed=" + isTrustAllowedForUser(userId)

1043

+ " agentsCanRun=" + canAgentsRunForUser(userId));

1044

}

1045

1046

if (canAgentsRunForUser(userId) != previous) {

1047

refreshAgentList(userId);

1048

}

1049

}

1050

}

Adrian Roos