Loading core/java/android/service/trust/TrustAgentService.java +65 −1 Original line number Diff line number Diff line Loading @@ -114,15 +114,47 @@ public class TrustAgentService extends Service { */ public static final int FLAG_GRANT_TRUST_DISMISS_KEYGUARD = 1 << 1; /** * Flag for {@link #grantTrust(CharSequence, long, int)} indicating the platform should * automatically remove trust after some conditions are met (detailed below) with the option for * the agent to renew the trust again later. * * <p>After this is called, the agent will grant trust until the platform thinks an active user * is no longer using that trust. For example, if the user dismisses keyguard, the platform will * remove trust (this does not automatically lock the device). * * <p>When the platform internally removes the agent's trust in this manner, an agent can * re-grant it (via a call to grantTrust) without the user having to unlock the device through * another method (e.g. PIN). This renewable state only persists for a limited time. * * TODO(b/213631675): Remove @hide * @hide */ public static final int FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE = 1 << 2; /** * Flag for {@link #grantTrust(CharSequence, long, int)} indicating that the message should * be displayed to the user. * * Without this flag, the message passed to {@code grantTrust} is only used for debugging * purposes. With the flag, it may be displayed to the user as the reason why the device is * unlocked. * * TODO(b/213911325): Remove @hide * @hide */ public static final int FLAG_GRANT_TRUST_DISPLAY_MESSAGE = 1 << 3; /** @hide */ @Retention(RetentionPolicy.SOURCE) @IntDef(flag = true, prefix = { "FLAG_GRANT_TRUST_" }, value = { FLAG_GRANT_TRUST_INITIATED_BY_USER, FLAG_GRANT_TRUST_DISMISS_KEYGUARD, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE, FLAG_GRANT_TRUST_DISPLAY_MESSAGE, }) public @interface GrantTrustFlags {} /** * Int enum indicating that escrow token is active. * See {@link #onEscrowTokenStateReceived(long, int)} Loading Loading @@ -264,6 +296,22 @@ public class TrustAgentService extends Service { public void onUnlockAttempt(boolean successful) { } /** * Called when the user has interacted with the locked device such that they likely want it * to be unlocked. This approximates the timing when, for example, the platform would check for * face authentication to unlock the device. * * To attempt to unlock the device, the agent needs to call * {@link #grantTrust(CharSequence, long, int)}. * * @see #FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE * * TODO(b/213631672): Hook up call from system server & SystemUI, then un-hide * @hide */ public void onUserRequestedUnlock() { } /** * Called when the timeout provided by the agent expires. Note that this may be called earlier * than requested by the agent if the trust timeout is adjusted by the system or Loading Loading @@ -563,6 +611,22 @@ public class TrustAgentService extends Service { } } /** * Locks the user. * * This revokes any trust granted by this agent and shows keyguard for the user if it is not * currently shown for them. Other users are not affected. Note that this is in contrast to * {@link #revokeTrust()} which does not show keyguard if it is not already shown. * * If the user has no auth method specified, then keyguard will still be shown but can be * dismissed normally. * * TODO(b/213631675): Implement & make public * @hide */ public final void lockUser() { } /** * Request showing a transient error message on the keyguard. * The message will be visible on the lock screen or always on display if possible but can be Loading services/core/java/com/android/server/trust/TrustAgentWrapper.java +1 −0 Original line number Diff line number Diff line Loading @@ -123,6 +123,7 @@ public class TrustAgentWrapper { public void handleMessage(Message msg) { switch (msg.what) { case MSG_GRANT_TRUST: // TODO(b/213631675): Respect FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE if (!isConnected()) { Log.w(TAG, "Agent is not connected, cannot grant trust: " + mName.flattenToShortString()); Loading Loading
core/java/android/service/trust/TrustAgentService.java +65 −1 Original line number Diff line number Diff line Loading @@ -114,15 +114,47 @@ public class TrustAgentService extends Service { */ public static final int FLAG_GRANT_TRUST_DISMISS_KEYGUARD = 1 << 1; /** * Flag for {@link #grantTrust(CharSequence, long, int)} indicating the platform should * automatically remove trust after some conditions are met (detailed below) with the option for * the agent to renew the trust again later. * * <p>After this is called, the agent will grant trust until the platform thinks an active user * is no longer using that trust. For example, if the user dismisses keyguard, the platform will * remove trust (this does not automatically lock the device). * * <p>When the platform internally removes the agent's trust in this manner, an agent can * re-grant it (via a call to grantTrust) without the user having to unlock the device through * another method (e.g. PIN). This renewable state only persists for a limited time. * * TODO(b/213631675): Remove @hide * @hide */ public static final int FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE = 1 << 2; /** * Flag for {@link #grantTrust(CharSequence, long, int)} indicating that the message should * be displayed to the user. * * Without this flag, the message passed to {@code grantTrust} is only used for debugging * purposes. With the flag, it may be displayed to the user as the reason why the device is * unlocked. * * TODO(b/213911325): Remove @hide * @hide */ public static final int FLAG_GRANT_TRUST_DISPLAY_MESSAGE = 1 << 3; /** @hide */ @Retention(RetentionPolicy.SOURCE) @IntDef(flag = true, prefix = { "FLAG_GRANT_TRUST_" }, value = { FLAG_GRANT_TRUST_INITIATED_BY_USER, FLAG_GRANT_TRUST_DISMISS_KEYGUARD, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE, FLAG_GRANT_TRUST_DISPLAY_MESSAGE, }) public @interface GrantTrustFlags {} /** * Int enum indicating that escrow token is active. * See {@link #onEscrowTokenStateReceived(long, int)} Loading Loading @@ -264,6 +296,22 @@ public class TrustAgentService extends Service { public void onUnlockAttempt(boolean successful) { } /** * Called when the user has interacted with the locked device such that they likely want it * to be unlocked. This approximates the timing when, for example, the platform would check for * face authentication to unlock the device. * * To attempt to unlock the device, the agent needs to call * {@link #grantTrust(CharSequence, long, int)}. * * @see #FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE * * TODO(b/213631672): Hook up call from system server & SystemUI, then un-hide * @hide */ public void onUserRequestedUnlock() { } /** * Called when the timeout provided by the agent expires. Note that this may be called earlier * than requested by the agent if the trust timeout is adjusted by the system or Loading Loading @@ -563,6 +611,22 @@ public class TrustAgentService extends Service { } } /** * Locks the user. * * This revokes any trust granted by this agent and shows keyguard for the user if it is not * currently shown for them. Other users are not affected. Note that this is in contrast to * {@link #revokeTrust()} which does not show keyguard if it is not already shown. * * If the user has no auth method specified, then keyguard will still be shown but can be * dismissed normally. * * TODO(b/213631675): Implement & make public * @hide */ public final void lockUser() { } /** * Request showing a transient error message on the keyguard. * The message will be visible on the lock screen or always on display if possible but can be Loading
services/core/java/com/android/server/trust/TrustAgentWrapper.java +1 −0 Original line number Diff line number Diff line Loading @@ -123,6 +123,7 @@ public class TrustAgentWrapper { public void handleMessage(Message msg) { switch (msg.what) { case MSG_GRANT_TRUST: // TODO(b/213631675): Respect FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE if (!isConnected()) { Log.w(TAG, "Agent is not connected, cannot grant trust: " + mName.flattenToShortString()); Loading
