Notify the TrustAgent when the token is activated. (32d5355b) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/widget/LockPatternUtils.java

+15 −2

Original line number	Diff line number	Diff line
		@@ -1687,8 +1687,21 @@ public class LockPatternUtils {
		*
		* @return a unique 64-bit token handle which is needed to refer to this token later.
		*/
		public long addEscrowToken(byte[] token, int userId) {
		return getLockSettingsInternal().addEscrowToken(token, userId);
		public long addEscrowToken(byte[] token, int userId,
		@Nullable EscrowTokenStateChangeCallback callback) {
		return getLockSettingsInternal().addEscrowToken(token, userId, callback);
		}

		/**
		* Callback interface to notify when an added escrow token has been activated.
		*/
		public interface EscrowTokenStateChangeCallback {
		/**
		* The method to be called when the token is activated.
		* @param handle 64 bit handle corresponding to the escrow token
		* @param userid user for whom the escrow token has been added
		*/
		void onEscrowTokenActivated(long handle, int userid);
		}

		/**

core/java/com/android/internal/widget/LockSettingsInternal.java

+6 −2

Original line number	Diff line number	Diff line
		@@ -29,15 +29,18 @@ public abstract class LockSettingsInternal {
		* or change user password.
		*
		* After adding, if the user currently has lockscreen password, he will need to perform a
		* confirm credential operation in order to activate the token for future use. If the user
		* confirm credential operation in order to activate the token for future use.
		* Once the token is activated, the callback that is passed here is called. If the user
		* has no secure lockscreen, then the token is activated immediately.
		*
		* @return a unique 64-bit token handle which is needed to refer to this token later.
		*/
		public abstract long addEscrowToken(byte[] token, int userId);
		public abstract long addEscrowToken(byte[] token, int userId,
		LockPatternUtils.EscrowTokenStateChangeCallback callback);

		/**
		* Remove an escrow token.
		*
		* @return true if the given handle refers to a valid token previously returned from
		* {@link #addEscrowToken}, whether it's active or not. return false otherwise.
		*/
		@@ -51,6 +54,7 @@ public abstract class LockSettingsInternal {

		/**
		* Set the lock credential.
		*
		* @return true if password is set.
		*/
		public abstract boolean setLockCredentialWithToken(byte[] credential, int type,

services/core/java/com/android/server/locksettings/LockSettingsService.java

+7 −4

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ import static android.Manifest.permission.READ_CONTACTS;
		import static android.content.Context.KEYGUARD_SERVICE;
		import static android.content.pm.PackageManager.PERMISSION_GRANTED;

		import static com.android.internal.widget.LockPatternUtils.EscrowTokenStateChangeCallback;
		import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;
		import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_HANDLE_KEY;
		import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT;
		@@ -2648,7 +2649,8 @@ public class LockSettingsService extends ILockSettings.Stub {
		}
		}

		private long addEscrowToken(byte[] token, int userId) throws RemoteException {
		private long addEscrowToken(byte[] token, int userId, EscrowTokenStateChangeCallback callback)
		throws RemoteException {
		if (DEBUG) Slog.d(TAG, "addEscrowToken: user=" + userId);
		synchronized (mSpManager) {
		enableSyntheticPasswordLocked();
		@@ -2672,7 +2674,7 @@ public class LockSettingsService extends ILockSettings.Stub {
		throw new SecurityException("Escrow token is disabled on the current user");
		}
		}
		long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId);
		long handle = mSpManager.createTokenBasedSyntheticPassword(token, userId, callback);
		if (auth != null) {
		mSpManager.activateTokenBasedSyntheticPassword(handle, auth, userId);
		}
		@@ -2943,9 +2945,10 @@ public class LockSettingsService extends ILockSettings.Stub {
		private final class LocalService extends LockSettingsInternal {

		@Override
		public long addEscrowToken(byte[] token, int userId) {
		public long addEscrowToken(byte[] token, int userId,
		EscrowTokenStateChangeCallback callback) {
		try {
		return LockSettingsService.this.addEscrowToken(token, userId);
		return LockSettingsService.this.addEscrowToken(token, userId, callback);
		} catch (RemoteException re) {
		throw re.rethrowFromSystemServer();
		}

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+13 −1

Original line number	Diff line number	Diff line
		@@ -16,6 +16,8 @@

		package com.android.server.locksettings;

		import static com.android.internal.widget.LockPatternUtils.EscrowTokenStateChangeCallback;

		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.app.admin.DevicePolicyManager;
		@@ -281,6 +283,7 @@ public class SyntheticPasswordManager {
		byte[] secdiscardableOnDisk;
		byte[] weaverSecret;
		byte[] aggregatedSecret;
		EscrowTokenStateChangeCallback mCallback;
		}

		private final Context mContext;
		@@ -740,7 +743,12 @@ public class SyntheticPasswordManager {

		private ArrayMap<Integer, ArrayMap<Long, TokenData>> tokenMap = new ArrayMap<>();

		public long createTokenBasedSyntheticPassword(byte[] token, int userId) {
		/**
		* Create a token based Synthetic password for the given user.
		* @return
		*/
		public long createTokenBasedSyntheticPassword(byte[] token, int userId,
		@Nullable EscrowTokenStateChangeCallback changeCallback) {
		long handle = generateHandle();
		if (!tokenMap.containsKey(userId)) {
		tokenMap.put(userId, new ArrayMap<>());
		@@ -756,6 +764,7 @@ public class SyntheticPasswordManager {
		tokenData.weaverSecret = null;
		}
		tokenData.aggregatedSecret = transformUnderSecdiscardable(token, secdiscardable);
		tokenData.mCallback = changeCallback;

		tokenMap.get(userId).put(handle, tokenData);
		return handle;
		@@ -803,6 +812,9 @@ public class SyntheticPasswordManager {
		createSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_TOKEN_BASED, authToken,
		tokenData.aggregatedSecret, 0L, userId);
		tokenMap.get(userId).remove(handle);
		if (tokenData.mCallback != null) {
		tokenData.mCallback.onEscrowTokenActivated(handle, userId);
		}
		return true;
		}

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+15 −2

Original line number	Diff line number	Diff line
		@@ -43,8 +43,6 @@ import android.service.trust.TrustAgentService;
		import android.util.Log;
		import android.util.Slog;

		import com.android.internal.policy.IKeyguardDismissCallback;

		import java.util.Collections;
		import java.util.List;

		@@ -495,6 +493,21 @@ public class TrustAgentWrapper {
		}
		}

		/**
		* @see android.service.trust.TrustAgentService#onTokenStateReceived()
		*
		*/
		public void onEscrowTokenActivated(long handle, int userId) {
		if (DEBUG) Slog.d(TAG, "onEscrowTokenActivated: " + handle + " user: " + userId);
		if (mTrustAgentService != null) {
		try {
		mTrustAgentService.onTokenStateReceived(handle,
		TrustAgentService.TOKEN_STATE_ACTIVE);
		} catch (RemoteException e) {
		onError(e);
		}
		}
		}
		private void setCallback(ITrustAgentServiceCallback callback) {
		try {
		if (mTrustAgentService != null) {