Merge "Updating TrustManagerService to react to keyguard visible changes."... (1047f17e) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+16 −11

Original line number	Diff line number	Diff line
		@@ -122,16 +122,9 @@ public class TrustAgentWrapper {
		if (!TrustManagerService.ENABLE_ACTIVE_UNLOCK_FLAG) {
		return;
		}
		if (!mWaitingForTrustableDowngrade) {
		return;
		}
		// are these the broadcasts we want to listen to
		if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())
		\|\| Intent.ACTION_USER_PRESENT.equals(intent.getAction())) {
		mTrusted = false;
		mTrustable = true;
		mWaitingForTrustableDowngrade = false;
		mTrustManagerService.updateTrust(mUserId, 0);
		if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())) {
		downgradeToTrustable();
		}
		}
		};
		@@ -480,8 +473,7 @@ public class TrustAgentWrapper {
		final String pathUri = mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME);
		alarmFilter.addDataPath(pathUri, PatternMatcher.PATTERN_LITERAL);

		IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_USER_PRESENT);
		trustableFilter.addAction(Intent.ACTION_SCREEN_OFF);
		IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_SCREEN_OFF);

		// Schedules a restart for when connecting times out. If the connection succeeds,
		// the restart is canceled in mCallback's onConnected.
		@@ -668,6 +660,19 @@ public class TrustAgentWrapper {
		mTrustable = false;
		}

		/**
		* Downgrades the trustagent to trustable as a result of a keyguard or screen related event, and
		* then updates the trust state of the phone to reflect the change.
		*/
		public void downgradeToTrustable() {
		if (mWaitingForTrustableDowngrade) {
		mWaitingForTrustableDowngrade = false;
		mTrusted = false;
		mTrustable = true;
		mTrustManagerService.updateTrust(mUserId, 0);
		}
		}

		public boolean isManagingTrust() {
		return mManagingTrust && !mTrustDisabledByDpm;
		}

services/core/java/com/android/server/trust/TrustManagerService.java

+17 −0

Original line number	Diff line number	Diff line
		@@ -1184,6 +1184,22 @@ public class TrustManagerService extends SystemService {
		return false;
		}

		/**
		* We downgrade to trustable whenever keyguard changes its showing value.
		* - becomes showing: something has caused the device to show keyguard which happens due to
		* user intent to lock the device either through direct action or a timeout
		* - becomes not showing: keyguard was dismissed and we no longer need to keep the device
		* unlocked
		* */
		private void dispatchTrustableDowngrade() {
		for (int i = 0; i < mActiveAgents.size(); i++) {
		AgentInfo info = mActiveAgents.valueAt(i);
		if (info.userId == mCurrentUser) {
		info.agent.downgradeToTrustable();
		}
		}
		}

		private List<String> getTrustGrantedMessages(int userId) {
		if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {
		return new ArrayList<>();
		@@ -1752,6 +1768,7 @@ public class TrustManagerService extends SystemService {
		refreshDeviceLockedForUser(UserHandle.USER_ALL);
		break;
		case MSG_KEYGUARD_SHOWING_CHANGED:
		dispatchTrustableDowngrade();
		refreshDeviceLockedForUser(mCurrentUser);
		break;
		case MSG_START_USER:

tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt

+5 −6

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ import androidx.test.ext.junit.rules.ActivityScenarioRule
		import androidx.test.ext.junit.runners.AndroidJUnit4
		import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation
		import androidx.test.uiautomator.UiDevice
		import com.google.common.truth.Truth.assertThat
		import android.trust.test.lib.wait
		import org.junit.Before
		import org.junit.Rule
		import org.junit.Test
		@@ -74,9 +74,9 @@ class TemporaryAndRenewableTrustTest {
		uiDevice.sleep()
		lockStateTrackingRule.assertLocked()

		uiDevice.wakeUp()
		trustAgentRule.agent.grantTrust(
		GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
		uiDevice.wakeUp()

		lockStateTrackingRule.assertLocked()
		}
		@@ -98,9 +98,9 @@ class TemporaryAndRenewableTrustTest {

		lockStateTrackingRule.assertLocked()

		uiDevice.wakeUp()
		trustAgentRule.agent.grantTrust(
		GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
		uiDevice.wakeUp()

		lockStateTrackingRule.assertUnlocked()
		}
		@@ -116,6 +116,7 @@ class TemporaryAndRenewableTrustTest {
		uiDevice.sleep()

		lockStateTrackingRule.assertLocked()
		uiDevice.wakeUp()

		Log.i(TAG, "Renewing trust and unlocking")
		var result: GrantTrustResult? = null
		@@ -124,10 +125,9 @@ class TemporaryAndRenewableTrustTest {
		Log.i(TAG, "Callback received; status=${it.status}")
		result = it
		}
		uiDevice.wakeUp()
		lockStateTrackingRule.assertUnlocked()

		assertThat(result?.status).isEqualTo(STATUS_UNLOCKED_BY_GRANT)
		wait("callback triggered") { result?.status == STATUS_UNLOCKED_BY_GRANT }
		}

		@Test
		@@ -141,7 +141,6 @@ class TemporaryAndRenewableTrustTest {
		trustAgentRule.agent.revokeTrust()
		await(500)
		uiDevice.wakeUp()
		await(500)

		trustAgentRule.agent.grantTrust(
		GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}