Merge "Add new DevicePolicyManager API to allow fine-grained TrustAgent management" into lmp-dev

    method public android.os.UserHandle createUser(android.content.ComponentName, java.lang.String);

    method public void enableSystemApp(android.content.ComponentName, java.lang.String);

    method public int enableSystemApp(android.content.ComponentName, android.content.Intent);

    method public void setTrustAgentFeaturesEnabled(android.content.ComponentName, android.content.ComponentName, java.util.List<java.lang.String>);

    method public java.lang.String[] getAccountTypesWithManagementDisabled();

    method public java.util.List<android.content.ComponentName> getActiveAdmins();

    method public android.os.Bundle getApplicationRestrictions(android.content.ComponentName, java.lang.String);

    method public boolean getScreenCaptureDisabled(android.content.ComponentName);

    method public boolean getStorageEncryption(android.content.ComponentName);

    method public int getStorageEncryptionStatus();

    method public java.util.List<java.lang.String> getTrustAgentFeaturesEnabled(android.content.ComponentName, android.content.ComponentName);

    method public boolean hasAnyCaCertsInstalled();

    method public boolean hasCaCertInstalled(byte[]);

    method public boolean hasGrantedPolicy(android.content.ComponentName, int);

    ctor public TrustAgentService();

    method public final void grantTrust(java.lang.CharSequence, long, boolean);

    method public final android.os.IBinder onBind(android.content.Intent);

    method public boolean onSetTrustAgentFeaturesEnabled(android.os.Bundle);

    method public void onUnlockAttempt(boolean);

    method public final void revokeTrust();

    field public static final java.lang.String KEY_FEATURES = "trust_agent_features";

    field public static final java.lang.String SERVICE_INTERFACE = "android.service.trust.TrustAgentService";

    field public static final java.lang.String TRUST_AGENT_META_DATA = "android.service.trust.trustagent";

  }

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.util.ArrayList;

import java.util.List;

import java.util.Set;

        }

    }

    /**

     * Sets a list of features to enable for a TrustAgentService component. This is meant to be

     * used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which will disable all

     * trust agents but those with features enabled by this function call.

     *

     * <p>The calling device admin must have requested

     * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call

     * this method; if it has not, a security exception will be thrown.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param agent Which component to enable features for.

     * @param features List of features to enable. Consult specific TrustAgent documentation for

     * the feature list.

     */

    public void setTrustAgentFeaturesEnabled(ComponentName admin, ComponentName agent,

            List<String> features) {

        if (mService != null) {

            try {

                mService.setTrustAgentFeaturesEnabled(admin, agent, features, UserHandle.myUserId());

            } catch (RemoteException e) {

                Log.w(TAG, "Failed talking with device policy service", e);

            }

        }

    }

    /**

     * Gets list of enabled features for the given {@link TrustAgentService} agent. If admin is

     * null, this will return the intersection of all features enabled for the given agent by all

     * admins.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param agent Which component to get enabled features for.

     * @return List of enabled features.

     */

    public List<String> getTrustAgentFeaturesEnabled(ComponentName admin, ComponentName agent) {

        if (mService != null) {

            try {

                return mService.getTrustAgentFeaturesEnabled(admin, agent, UserHandle.myUserId());

            } catch (RemoteException e) {

                Log.w(TAG, "Failed talking with device policy service", e);

            }

        }

        return new ArrayList<String>(); // empty list

    }

    /**

     * Called by a profile owner to set whether caller-Id information from the managed

     * profile will be shown for incoming calls.

    void setCrossProfileCallerIdDisabled(in ComponentName who, boolean disabled);

    boolean getCrossProfileCallerIdDisabled(in ComponentName who);

    boolean getCrossProfileCallerIdDisabledForUser(int userId);

    void setTrustAgentFeaturesEnabled(in ComponentName admin, in ComponentName agent, in List<String> features, int userId);

    List<String> getTrustAgentFeaturesEnabled(in ComponentName admin, in ComponentName agent, int userId);

}

 * Communication channel from TrustManagerService to the TrustAgent.

 * @hide

 */

oneway interface ITrustAgentService {

    void onUnlockAttempt(boolean successful);

    void setCallback(ITrustAgentServiceCallback callback);

interface ITrustAgentService {

    oneway void onUnlockAttempt(boolean successful);

    oneway void setCallback(ITrustAgentServiceCallback callback);

    boolean setTrustAgentFeaturesEnabled(in Bundle options);

}

import android.Manifest;

import android.annotation.SdkConstant;

import android.app.Service;

import android.app.admin.DevicePolicyManager;

import android.content.ComponentName;

import android.content.Intent;

import android.content.pm.PackageManager;

import android.content.pm.ServiceInfo;

import android.os.Bundle;

import android.os.Handler;

import android.os.IBinder;

import android.os.RemoteException;

     */

    public static final String TRUST_AGENT_META_DATA = "android.service.trust.trustagent";

    /**

     * A white list of features that the given trust agent should support when otherwise disabled

     * by device policy.

     */

    public static final String KEY_FEATURES = "trust_agent_features";

    private static final int MSG_UNLOCK_ATTEMPT = 1;

    private static final boolean DEBUG = false;

        Slog.v(TAG, "Remote exception while " + msg);

    }

    /**

     * Called when device policy wants to restrict features in the TrustAgent in response to

     * {@link DevicePolicyManager#setTrustAgentFeaturesEnabled(ComponentName, ComponentName, java.util.List) }.

     * TrustAgents that support this feature should overload this method and return 'true'.

     *

     * The list of options can be obtained by calling

     * options.getStringArrayList({@link #KEY_FEATURES}). Presence of a feature string in the list

     * means it should be enabled ("white-listed"). Absence of the feature means it should be

     * disabled. An empty list means all features should be disabled.

     *

     * This function is only called if {@link DevicePolicyManager#KEYGUARD_DISABLE_TRUST_AGENTS} is

     * set.

     *

     * @param options Option feature bundle.

     * @return true if the {@link #TrustAgentService()} supports this feature.

     */

    public boolean onSetTrustAgentFeaturesEnabled(Bundle options) {

        return false;

    }

    /**

     * Call to grant trust on the device.

     *

                    .sendToTarget();

        }

        @Override

        public void setCallback(ITrustAgentServiceCallback callback) {

            synchronized (mLock) {

                mCallback = callback;

                }

            }

        }

        @Override

        public boolean setTrustAgentFeaturesEnabled(Bundle features) {

            synchronized (mLock) {

                return onSetTrustAgentFeaturesEnabled(features);

            }

        }

    }

}