Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8cfa5678 authored by Dave McCloskey's avatar Dave McCloskey
Browse files

Modifies the Trust Agent API to support Active Unlock. 

Details for the design are in go/android-active-unlock-t and
go/android-active-unlock-t-api. This change
defines the API without implementing its use.

Test: non-functional API change. Existing regression tests check for regressions.
Test: manually verified smart lock still revokes trust when bluetooth
device disconnected
Bug: 213631675
Bug: 213631677
Bug: 213631672
Bug: 213911325
CTS-Coverage-Bug: 213944235

Change-Id: I206f3e5c5c456a7433be325ea0186b79319d3a66
parent 1d7def59

core/java/android/service/trust/TrustAgentService.java

+65 −1
Original line number Diff line number Diff line
@@ -114,15 +114,47 @@ public class TrustAgentService extends Service { 
     */

    public static final int FLAG_GRANT_TRUST_DISMISS_KEYGUARD = 1 << 1;



    /**

     * Flag for {@link #grantTrust(CharSequence, long, int)} indicating the platform should

     * automatically remove trust after some conditions are met (detailed below) with the option for

     * the agent to renew the trust again later.

     *

     * <p>After this is called, the agent will grant trust until the platform thinks an active user

     * is no longer using that trust. For example, if the user dismisses keyguard, the platform will

     * remove trust (this does not automatically lock the device).

     *

     * <p>When the platform internally removes the agent's trust in this manner, an agent can

     * re-grant it (via a call to grantTrust) without the user having to unlock the device through

     * another method (e.g. PIN). This renewable state only persists for a limited time.

     *

     * TODO(b/213631675): Remove @hide

     * @hide

     */

    public static final int FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE = 1 << 2;



    /**

     * Flag for {@link #grantTrust(CharSequence, long, int)} indicating that the message should

     * be displayed to the user.

     *

     * Without this flag, the message passed to {@code grantTrust} is only used for debugging

     * purposes. With the flag, it may be displayed to the user as the reason why the device is

     * unlocked.

     *

     * TODO(b/213911325): Remove @hide

     * @hide

     */

    public static final int FLAG_GRANT_TRUST_DISPLAY_MESSAGE = 1 << 3;



    /** @hide */

    @Retention(RetentionPolicy.SOURCE)

    @IntDef(flag = true, prefix = { "FLAG_GRANT_TRUST_" }, value = {

            FLAG_GRANT_TRUST_INITIATED_BY_USER,

            FLAG_GRANT_TRUST_DISMISS_KEYGUARD,

            FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE,

            FLAG_GRANT_TRUST_DISPLAY_MESSAGE,

    })

    public @interface GrantTrustFlags {}





    /**

     * Int enum indicating that escrow token is active.

     * See {@link #onEscrowTokenStateReceived(long, int)}
@@ -264,6 +296,22 @@ public class TrustAgentService extends Service { 
    public void onUnlockAttempt(boolean successful) {

    }



    /**

     * Called when the user has interacted with the locked device such that they likely want it

     * to be unlocked. This approximates the timing when, for example, the platform would check for

     * face authentication to unlock the device.

     *

     * To attempt to unlock the device, the agent needs to call

     * {@link #grantTrust(CharSequence, long, int)}.

     *

     * @see #FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE

     *

     * TODO(b/213631672): Hook up call from system server & SystemUI, then un-hide

     * @hide

     */

    public void onUserRequestedUnlock() {

    }



    /**

     * Called when the timeout provided by the agent expires.  Note that this may be called earlier

     * than requested by the agent if the trust timeout is adjusted by the system or
@@ -563,6 +611,22 @@ public class TrustAgentService extends Service { 
        }

    }



    /**

     * Locks the user.

     *

     * This revokes any trust granted by this agent and shows keyguard for the user if it is not

     * currently shown for them. Other users are not affected. Note that this is in contrast to

     * {@link #revokeTrust()} which does not show keyguard if it is not already shown.

     *

     * If the user has no auth method specified, then keyguard will still be shown but can be

     * dismissed normally.

     *

     * TODO(b/213631675): Implement & make public

     * @hide

     */

    public final void lockUser() {

    }



    /**

     * Request showing a transient error message on the keyguard.

     * The message will be visible on the lock screen or always on display if possible but can be

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+1 −0
Original line number Diff line number Diff line
@@ -123,6 +123,7 @@ public class TrustAgentWrapper { 
        public void handleMessage(Message msg) {

            switch (msg.what) {

                case MSG_GRANT_TRUST:

                    // TODO(b/213631675): Respect FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE

                    if (!isConnected()) {

                        Log.w(TAG, "Agent is not connected, cannot grant trust: "

                                + mName.flattenToShortString());