Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 68771eb8 authored by Adrian Roos's avatar Adrian Roos
Browse files

Fix Trust Agent discovery for FBE 

Trust agent discovery happens earlier than unlocking the user's
key for file based encryption (FBE), so we need to explicitly
also ask for non-direct-boot-aware packages.

Additionally, never run trust agents for a user that hasn't been
unlocked yet.

Change-Id: Ice8a6510f163508abecfd83d627658f7aaa5107f
Fixes: 28537596
parent c18009e6

services/core/java/com/android/server/trust/TrustManagerService.java

+12 −1
Original line number Diff line number Diff line
@@ -53,6 +53,7 @@ import android.os.RemoteException; 
import android.os.SystemClock;

import android.os.UserHandle;

import android.os.UserManager;

import android.os.storage.StorageManager;

import android.provider.Settings;

import android.service.trust.TrustAgentService;

import android.util.ArraySet;
@@ -103,6 +104,7 @@ public class TrustManagerService extends SystemService { 
    private static final int MSG_SWITCH_USER = 9;

    private static final int MSG_SET_DEVICE_LOCKED = 10;

    private static final int MSG_FLUSH_TRUST_USUALLY_MANAGED = 11;

    private static final int MSG_UNLOCK_USER = 12;



    private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000;
@@ -253,6 +255,7 @@ public class TrustManagerService extends SystemService { 
            if (userInfo == null || userInfo.partial || !userInfo.isEnabled()

                    || userInfo.guestToRemove) continue;

            if (!userInfo.supportsSwitchToByUser()) continue;

            if (!StorageManager.isUserKeyUnlocked(userInfo.id)) continue;

            if (!mActivityManager.isUserRunning(userInfo.id)) continue;

            if (!lockPatternUtils.isSecure(userInfo.id)) continue;

            if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id)) continue;
@@ -527,7 +530,8 @@ public class TrustManagerService extends SystemService { 


    private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) {

        List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,

                0 /* flags */, userId);

                PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,

                userId);

        ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size());

        for (ResolveInfo resolveInfo : resolveInfos) {

            if (resolveInfo.serviceInfo == null) continue;
@@ -664,6 +668,11 @@ public class TrustManagerService extends SystemService { 
        mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget();

    }



    @Override

    public void onUnlockUser(int userId) {

        mHandler.obtainMessage(MSG_UNLOCK_USER, userId, 0, null).sendToTarget();

    }



    // Plumbing



    private final IBinder mService = new ITrustManager.Stub() {
@@ -896,6 +905,7 @@ public class TrustManagerService extends SystemService { 
                    break;

                case MSG_START_USER:

                case MSG_CLEANUP_USER:

                case MSG_UNLOCK_USER:

                    refreshAgentList(msg.arg1);

                    break;

                case MSG_SWITCH_USER:
@@ -918,6 +928,7 @@ public class TrustManagerService extends SystemService { 
                            mLockPatternUtils.setTrustUsuallyManaged(value, userId);

                        }

                    }

                    break;

            }

        }

    };