Loading core/java/android/app/trust/ITrustManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -32,4 +32,5 @@ interface ITrustManager { void reportKeyguardShowingChanged(); boolean isDeviceLocked(int userId); boolean isDeviceSecure(int userId); boolean hasUserAuthenticatedSinceBoot(int userId); } core/java/android/app/trust/TrustManager.java +17 −0 Original line number Diff line number Diff line Loading @@ -147,6 +147,23 @@ public class TrustManager { } } /** * Checks whether the specified user has been authenticated since the last boot. * * @param userId the user id of the user to check for * @return true if the user has authenticated since boot, false otherwise * * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. */ public boolean hasUserAuthenticatedSinceBoot(int userId) { try { return mService.hasUserAuthenticatedSinceBoot(userId); } catch (RemoteException e) { onError(e); return false; } } private void onError(Exception e) { Log.e(TAG, "Error while calling TrustManagerService", e); } Loading packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java +5 −4 Original line number Diff line number Diff line Loading @@ -58,7 +58,6 @@ import android.hardware.fingerprint.FingerprintManager; import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback; import android.hardware.fingerprint.FingerprintUtils; import android.hardware.fingerprint.FingerprintManager.AuthenticationResult; import android.service.trust.TrustAgentService; import android.telephony.SubscriptionInfo; import android.telephony.SubscriptionManager; import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener; Loading Loading @@ -154,6 +153,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { private SubscriptionManager mSubscriptionManager; private List<SubscriptionInfo> mSubscriptionInfo; private boolean mFingerprintDetectionRunning; private TrustManager mTrustManager; private final Handler mHandler = new Handler() { @Override Loading Loading @@ -784,8 +784,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { e.printStackTrace(); } TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE); trustManager.registerTrustListener(this); mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE); mTrustManager.registerTrustListener(this); mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE); updateFingerprintListeningState(); Loading @@ -801,7 +801,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { } private boolean shouldListenForFingerprint() { return mScreenOn && mKeyguardIsVisible && !mSwitchingUser; return mScreenOn && mKeyguardIsVisible && !mSwitchingUser && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser()); } private void startListeningForFingerprint() { Loading services/core/java/com/android/server/trust/TrustManagerService.java +47 −12 Original line number Diff line number Diff line Loading @@ -227,7 +227,7 @@ public class TrustManagerService extends SystemService { if (!userInfo.supportsSwitchTo()) continue; if (!mActivityManager.isUserRunning(userInfo.id)) continue; if (!lockPatternUtils.isSecure(userInfo.id)) continue; if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue; if (!getUserHasAuthenticated(userInfo.id)) continue; DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager(); int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id); final boolean disableTrustAgents = Loading Loading @@ -506,7 +506,7 @@ public class TrustManagerService extends SystemService { // Agent dispatch and aggregation private boolean aggregateIsTrusted(int userId) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { if (!getUserHasAuthenticated(userId)) { return false; } for (int i = 0; i < mActiveAgents.size(); i++) { Loading @@ -521,7 +521,7 @@ public class TrustManagerService extends SystemService { } private boolean aggregateIsTrustManaged(int userId) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { if (!getUserHasAuthenticated(userId)) { return false; } for (int i = 0; i < mActiveAgents.size(); i++) { Loading Loading @@ -549,23 +549,46 @@ public class TrustManagerService extends SystemService { } private void updateUserHasAuthenticated(int userId) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { mUserHasAuthenticatedSinceBoot.put(userId, true); boolean changed = setUserHasAuthenticated(userId); if (changed) { refreshAgentList(userId); } } private boolean getUserHasAuthenticated(int userId) { synchronized (mUserHasAuthenticatedSinceBoot) { return mUserHasAuthenticatedSinceBoot.get(userId); } } private void requireCredentialEntry(int userId) { /** * @return whether the value has changed */ private boolean setUserHasAuthenticated(int userId) { synchronized (mUserHasAuthenticatedSinceBoot) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { mUserHasAuthenticatedSinceBoot.put(userId, true); return true; } return false; } } private void clearUserHasAuthenticated(int userId) { synchronized (mUserHasAuthenticatedSinceBoot) { if (userId == UserHandle.USER_ALL) { mUserHasAuthenticatedSinceBoot.clear(); refreshAgentList(UserHandle.USER_ALL); } else { mUserHasAuthenticatedSinceBoot.put(userId, false); refreshAgentList(userId); } } } private void requireCredentialEntry(int userId) { clearUserHasAuthenticated(userId); refreshAgentList(userId); } // Listeners private void addListener(ITrustListener listener) { Loading Loading @@ -705,6 +728,18 @@ public class TrustManagerService extends SystemService { } } @Override public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException { mContext.enforceCallingOrSelfPermission( Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null); long token = Binder.clearCallingIdentity(); try { return getUserHasAuthenticated(userId); } finally { Binder.restoreCallingIdentity(token); } } private void enforceReportPermission() { mContext.enforceCallingOrSelfPermission( Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events"); Loading Loading
core/java/android/app/trust/ITrustManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -32,4 +32,5 @@ interface ITrustManager { void reportKeyguardShowingChanged(); boolean isDeviceLocked(int userId); boolean isDeviceSecure(int userId); boolean hasUserAuthenticatedSinceBoot(int userId); }
core/java/android/app/trust/TrustManager.java +17 −0 Original line number Diff line number Diff line Loading @@ -147,6 +147,23 @@ public class TrustManager { } } /** * Checks whether the specified user has been authenticated since the last boot. * * @param userId the user id of the user to check for * @return true if the user has authenticated since boot, false otherwise * * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission. */ public boolean hasUserAuthenticatedSinceBoot(int userId) { try { return mService.hasUserAuthenticatedSinceBoot(userId); } catch (RemoteException e) { onError(e); return false; } } private void onError(Exception e) { Log.e(TAG, "Error while calling TrustManagerService", e); } Loading
packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java +5 −4 Original line number Diff line number Diff line Loading @@ -58,7 +58,6 @@ import android.hardware.fingerprint.FingerprintManager; import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback; import android.hardware.fingerprint.FingerprintUtils; import android.hardware.fingerprint.FingerprintManager.AuthenticationResult; import android.service.trust.TrustAgentService; import android.telephony.SubscriptionInfo; import android.telephony.SubscriptionManager; import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener; Loading Loading @@ -154,6 +153,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { private SubscriptionManager mSubscriptionManager; private List<SubscriptionInfo> mSubscriptionInfo; private boolean mFingerprintDetectionRunning; private TrustManager mTrustManager; private final Handler mHandler = new Handler() { @Override Loading Loading @@ -784,8 +784,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { e.printStackTrace(); } TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE); trustManager.registerTrustListener(this); mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE); mTrustManager.registerTrustListener(this); mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE); updateFingerprintListeningState(); Loading @@ -801,7 +801,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { } private boolean shouldListenForFingerprint() { return mScreenOn && mKeyguardIsVisible && !mSwitchingUser; return mScreenOn && mKeyguardIsVisible && !mSwitchingUser && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser()); } private void startListeningForFingerprint() { Loading
services/core/java/com/android/server/trust/TrustManagerService.java +47 −12 Original line number Diff line number Diff line Loading @@ -227,7 +227,7 @@ public class TrustManagerService extends SystemService { if (!userInfo.supportsSwitchTo()) continue; if (!mActivityManager.isUserRunning(userInfo.id)) continue; if (!lockPatternUtils.isSecure(userInfo.id)) continue; if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue; if (!getUserHasAuthenticated(userInfo.id)) continue; DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager(); int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id); final boolean disableTrustAgents = Loading Loading @@ -506,7 +506,7 @@ public class TrustManagerService extends SystemService { // Agent dispatch and aggregation private boolean aggregateIsTrusted(int userId) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { if (!getUserHasAuthenticated(userId)) { return false; } for (int i = 0; i < mActiveAgents.size(); i++) { Loading @@ -521,7 +521,7 @@ public class TrustManagerService extends SystemService { } private boolean aggregateIsTrustManaged(int userId) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { if (!getUserHasAuthenticated(userId)) { return false; } for (int i = 0; i < mActiveAgents.size(); i++) { Loading Loading @@ -549,23 +549,46 @@ public class TrustManagerService extends SystemService { } private void updateUserHasAuthenticated(int userId) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { mUserHasAuthenticatedSinceBoot.put(userId, true); boolean changed = setUserHasAuthenticated(userId); if (changed) { refreshAgentList(userId); } } private boolean getUserHasAuthenticated(int userId) { synchronized (mUserHasAuthenticatedSinceBoot) { return mUserHasAuthenticatedSinceBoot.get(userId); } } private void requireCredentialEntry(int userId) { /** * @return whether the value has changed */ private boolean setUserHasAuthenticated(int userId) { synchronized (mUserHasAuthenticatedSinceBoot) { if (!mUserHasAuthenticatedSinceBoot.get(userId)) { mUserHasAuthenticatedSinceBoot.put(userId, true); return true; } return false; } } private void clearUserHasAuthenticated(int userId) { synchronized (mUserHasAuthenticatedSinceBoot) { if (userId == UserHandle.USER_ALL) { mUserHasAuthenticatedSinceBoot.clear(); refreshAgentList(UserHandle.USER_ALL); } else { mUserHasAuthenticatedSinceBoot.put(userId, false); refreshAgentList(userId); } } } private void requireCredentialEntry(int userId) { clearUserHasAuthenticated(userId); refreshAgentList(userId); } // Listeners private void addListener(ITrustListener listener) { Loading Loading @@ -705,6 +728,18 @@ public class TrustManagerService extends SystemService { } } @Override public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException { mContext.enforceCallingOrSelfPermission( Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null); long token = Binder.clearCallingIdentity(); try { return getUserHasAuthenticated(userId); } finally { Binder.restoreCallingIdentity(token); } } private void enforceReportPermission() { mContext.enforceCallingOrSelfPermission( Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events"); Loading
