Loading core/java/android/app/KeyguardManager.java +23 −4 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.annotation.RequiresPermission; import android.annotation.SystemApi; import android.annotation.SystemService; import android.annotation.TestApi; import android.annotation.UserIdInt; import android.app.admin.DevicePolicyManager; import android.app.admin.DevicePolicyManager.PasswordComplexity; import android.app.admin.PasswordMetrics; Loading Loading @@ -736,7 +737,7 @@ public class KeyguardManager { * @see #isKeyguardLocked() */ public boolean isDeviceLocked() { return isDeviceLocked(mContext.getUserId()); return isDeviceLocked(mContext.getUserId(), mContext.getDeviceId()); } /** Loading @@ -746,8 +747,17 @@ public class KeyguardManager { */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) public boolean isDeviceLocked(int userId) { return isDeviceLocked(userId, mContext.getDeviceId()); } /** * Per-user per-device version of {@link #isDeviceLocked()}. * * @hide */ public boolean isDeviceLocked(@UserIdInt int userId, int deviceId) { try { return mTrustManager.isDeviceLocked(userId, mContext.getAssociatedDisplayId()); return mTrustManager.isDeviceLocked(userId, deviceId); } catch (RemoteException e) { return false; } Loading @@ -769,7 +779,7 @@ public class KeyguardManager { * @see #isKeyguardSecure() */ public boolean isDeviceSecure() { return isDeviceSecure(mContext.getUserId()); return isDeviceSecure(mContext.getUserId(), mContext.getDeviceId()); } /** Loading @@ -779,8 +789,17 @@ public class KeyguardManager { */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public boolean isDeviceSecure(int userId) { return isDeviceSecure(userId, mContext.getDeviceId()); } /** * Per-user per-device version of {@link #isDeviceSecure()}. * * @hide */ public boolean isDeviceSecure(@UserIdInt int userId, int deviceId) { try { return mTrustManager.isDeviceSecure(userId, mContext.getAssociatedDisplayId()); return mTrustManager.isDeviceSecure(userId, deviceId); } catch (RemoteException e) { return false; } Loading core/java/android/app/trust/ITrustManager.aidl +2 −2 Original line number Diff line number Diff line Loading @@ -34,8 +34,8 @@ interface ITrustManager { void unregisterTrustListener(in ITrustListener trustListener); void reportKeyguardShowingChanged(); void setDeviceLockedForUser(int userId, boolean locked); boolean isDeviceLocked(int userId, int displayId); boolean isDeviceSecure(int userId, int displayId); boolean isDeviceLocked(int userId, int deviceId); boolean isDeviceSecure(int userId, int deviceId); @EnforcePermission("TRUST_LISTENER") boolean isTrustUsuallyManaged(int userId); void unlockedByBiometricForUser(int userId, in BiometricSourceType source); Loading services/core/java/com/android/server/biometrics/PreAuthInfo.java +1 −1 Original line number Diff line number Diff line Loading @@ -108,7 +108,7 @@ class PreAuthInfo { final boolean credentialRequested = Utils.isCredentialRequested(promptInfo); final boolean credentialAvailable = trustManager.isDeviceSecure(userId, context.getAssociatedDisplayId()); context.getDeviceId()); // Assuming that biometric authenticators are listed in priority-order, the rest of this // function will attempt to find the first authenticator that's as strong or stronger than Loading services/core/java/com/android/server/clipboard/ClipboardService.java +7 −7 Original line number Diff line number Diff line Loading @@ -646,7 +646,7 @@ public class ClipboardService extends SystemService { intendingUid, intendingUserId, intendingDeviceId) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return null; } synchronized (mLock) { Loading Loading @@ -686,7 +686,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return null; } synchronized (mLock) { Loading @@ -710,7 +710,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return false; } synchronized (mLock) { Loading Loading @@ -785,7 +785,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return false; } synchronized (mLock) { Loading Loading @@ -814,7 +814,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return null; } synchronized (mLock) { Loading Loading @@ -1150,12 +1150,12 @@ public class ClipboardService extends SystemService { && text.equals(clipboard.primaryClip.getItemAt(0).getText()); } private boolean isDeviceLocked(@UserIdInt int userId) { private boolean isDeviceLocked(@UserIdInt int userId, int deviceId) { final long token = Binder.clearCallingIdentity(); try { final KeyguardManager keyguardManager = getContext().getSystemService( KeyguardManager.class); return keyguardManager != null && keyguardManager.isDeviceLocked(userId); return keyguardManager != null && keyguardManager.isDeviceLocked(userId, deviceId); } finally { Binder.restoreCallingIdentity(token); } Loading services/core/java/com/android/server/trust/TrustManagerService.java +8 −57 Original line number Diff line number Diff line Loading @@ -70,7 +70,6 @@ import android.util.Slog; import android.util.SparseArray; import android.util.SparseBooleanArray; import android.util.Xml; import android.view.Display; import android.view.IWindowManager; import android.view.WindowManagerGlobal; Loading @@ -79,7 +78,6 @@ import com.android.internal.content.PackageMonitor; import com.android.internal.infra.AndroidFuture; import com.android.internal.util.DumpUtils; import com.android.internal.widget.LockPatternUtils; import com.android.server.LocalServices; import com.android.server.SystemService; import com.android.server.companion.virtual.VirtualDeviceManagerInternal; Loading Loading @@ -1523,57 +1521,13 @@ public class TrustManagerService extends SystemService { mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget(); } /** * @param uid: uid of the calling app (obtained via getCallingUid()) * @param displayId: the id of a Display * @return Returns true if both of the following conditions hold - * 1) the uid belongs to an app instead of a system core component; and * 2) either the uid is running on a virtual device or the displayId * is owned by a virtual device */ private boolean isAppOrDisplayOnAnyVirtualDevice(int uid, int displayId) { if (UserHandle.isCore(uid)) { return false; } if (mVirtualDeviceManager == null) { mVirtualDeviceManager = LocalServices.getService( VirtualDeviceManagerInternal.class); if (mVirtualDeviceManager == null) { // VirtualDeviceManager service may not have been published return false; } } switch (displayId) { case Display.INVALID_DISPLAY: // There is no Display object associated with the Context of the calling app. if (mVirtualDeviceManager.isAppRunningOnAnyVirtualDevice(uid)) { return true; } break; case Display.DEFAULT_DISPLAY: // The DEFAULT_DISPLAY is by definition not virtual. break; default: // Other display IDs can belong to logical displays created for other purposes. if (mVirtualDeviceManager.isDisplayOwnedByAnyVirtualDevice(displayId)) { return true; } break; } return false; } @Override public boolean isDeviceLocked(int userId, int displayId) throws RemoteException { int uid = getCallingUid(); if (isAppOrDisplayOnAnyVirtualDevice(uid, displayId)) { // Virtual displays are considered insecure because they may be used for streaming // to other devices. public boolean isDeviceLocked(int userId, int deviceId) throws RemoteException { if (deviceId != Context.DEVICE_ID_DEFAULT) { // Virtual devices are considered insecure. return false; } userId = ActivityManager.handleIncomingUser(getCallingPid(), uid, userId, userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, false /* allowAll */, true /* requireFull */, "isDeviceLocked", null); final long token = Binder.clearCallingIdentity(); Loading @@ -1588,15 +1542,12 @@ public class TrustManagerService extends SystemService { } @Override public boolean isDeviceSecure(int userId, int displayId) throws RemoteException { int uid = getCallingUid(); if (isAppOrDisplayOnAnyVirtualDevice(uid, displayId)) { // Virtual displays are considered insecure because they may be used for streaming // to other devices. public boolean isDeviceSecure(int userId, int deviceId) throws RemoteException { if (deviceId != Context.DEVICE_ID_DEFAULT) { // Virtual devices are considered insecure. return false; } userId = ActivityManager.handleIncomingUser(getCallingPid(), uid, userId, userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, false /* allowAll */, true /* requireFull */, "isDeviceSecure", null); final long token = Binder.clearCallingIdentity(); Loading Loading
core/java/android/app/KeyguardManager.java +23 −4 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.annotation.RequiresPermission; import android.annotation.SystemApi; import android.annotation.SystemService; import android.annotation.TestApi; import android.annotation.UserIdInt; import android.app.admin.DevicePolicyManager; import android.app.admin.DevicePolicyManager.PasswordComplexity; import android.app.admin.PasswordMetrics; Loading Loading @@ -736,7 +737,7 @@ public class KeyguardManager { * @see #isKeyguardLocked() */ public boolean isDeviceLocked() { return isDeviceLocked(mContext.getUserId()); return isDeviceLocked(mContext.getUserId(), mContext.getDeviceId()); } /** Loading @@ -746,8 +747,17 @@ public class KeyguardManager { */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023) public boolean isDeviceLocked(int userId) { return isDeviceLocked(userId, mContext.getDeviceId()); } /** * Per-user per-device version of {@link #isDeviceLocked()}. * * @hide */ public boolean isDeviceLocked(@UserIdInt int userId, int deviceId) { try { return mTrustManager.isDeviceLocked(userId, mContext.getAssociatedDisplayId()); return mTrustManager.isDeviceLocked(userId, deviceId); } catch (RemoteException e) { return false; } Loading @@ -769,7 +779,7 @@ public class KeyguardManager { * @see #isKeyguardSecure() */ public boolean isDeviceSecure() { return isDeviceSecure(mContext.getUserId()); return isDeviceSecure(mContext.getUserId(), mContext.getDeviceId()); } /** Loading @@ -779,8 +789,17 @@ public class KeyguardManager { */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) public boolean isDeviceSecure(int userId) { return isDeviceSecure(userId, mContext.getDeviceId()); } /** * Per-user per-device version of {@link #isDeviceSecure()}. * * @hide */ public boolean isDeviceSecure(@UserIdInt int userId, int deviceId) { try { return mTrustManager.isDeviceSecure(userId, mContext.getAssociatedDisplayId()); return mTrustManager.isDeviceSecure(userId, deviceId); } catch (RemoteException e) { return false; } Loading
core/java/android/app/trust/ITrustManager.aidl +2 −2 Original line number Diff line number Diff line Loading @@ -34,8 +34,8 @@ interface ITrustManager { void unregisterTrustListener(in ITrustListener trustListener); void reportKeyguardShowingChanged(); void setDeviceLockedForUser(int userId, boolean locked); boolean isDeviceLocked(int userId, int displayId); boolean isDeviceSecure(int userId, int displayId); boolean isDeviceLocked(int userId, int deviceId); boolean isDeviceSecure(int userId, int deviceId); @EnforcePermission("TRUST_LISTENER") boolean isTrustUsuallyManaged(int userId); void unlockedByBiometricForUser(int userId, in BiometricSourceType source); Loading
services/core/java/com/android/server/biometrics/PreAuthInfo.java +1 −1 Original line number Diff line number Diff line Loading @@ -108,7 +108,7 @@ class PreAuthInfo { final boolean credentialRequested = Utils.isCredentialRequested(promptInfo); final boolean credentialAvailable = trustManager.isDeviceSecure(userId, context.getAssociatedDisplayId()); context.getDeviceId()); // Assuming that biometric authenticators are listed in priority-order, the rest of this // function will attempt to find the first authenticator that's as strong or stronger than Loading
services/core/java/com/android/server/clipboard/ClipboardService.java +7 −7 Original line number Diff line number Diff line Loading @@ -646,7 +646,7 @@ public class ClipboardService extends SystemService { intendingUid, intendingUserId, intendingDeviceId) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return null; } synchronized (mLock) { Loading Loading @@ -686,7 +686,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return null; } synchronized (mLock) { Loading @@ -710,7 +710,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return false; } synchronized (mLock) { Loading Loading @@ -785,7 +785,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return false; } synchronized (mLock) { Loading Loading @@ -814,7 +814,7 @@ public class ClipboardService extends SystemService { intendingUserId, intendingDeviceId, false) || isDeviceLocked(intendingUserId)) { || isDeviceLocked(intendingUserId, deviceId)) { return null; } synchronized (mLock) { Loading Loading @@ -1150,12 +1150,12 @@ public class ClipboardService extends SystemService { && text.equals(clipboard.primaryClip.getItemAt(0).getText()); } private boolean isDeviceLocked(@UserIdInt int userId) { private boolean isDeviceLocked(@UserIdInt int userId, int deviceId) { final long token = Binder.clearCallingIdentity(); try { final KeyguardManager keyguardManager = getContext().getSystemService( KeyguardManager.class); return keyguardManager != null && keyguardManager.isDeviceLocked(userId); return keyguardManager != null && keyguardManager.isDeviceLocked(userId, deviceId); } finally { Binder.restoreCallingIdentity(token); } Loading
services/core/java/com/android/server/trust/TrustManagerService.java +8 −57 Original line number Diff line number Diff line Loading @@ -70,7 +70,6 @@ import android.util.Slog; import android.util.SparseArray; import android.util.SparseBooleanArray; import android.util.Xml; import android.view.Display; import android.view.IWindowManager; import android.view.WindowManagerGlobal; Loading @@ -79,7 +78,6 @@ import com.android.internal.content.PackageMonitor; import com.android.internal.infra.AndroidFuture; import com.android.internal.util.DumpUtils; import com.android.internal.widget.LockPatternUtils; import com.android.server.LocalServices; import com.android.server.SystemService; import com.android.server.companion.virtual.VirtualDeviceManagerInternal; Loading Loading @@ -1523,57 +1521,13 @@ public class TrustManagerService extends SystemService { mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget(); } /** * @param uid: uid of the calling app (obtained via getCallingUid()) * @param displayId: the id of a Display * @return Returns true if both of the following conditions hold - * 1) the uid belongs to an app instead of a system core component; and * 2) either the uid is running on a virtual device or the displayId * is owned by a virtual device */ private boolean isAppOrDisplayOnAnyVirtualDevice(int uid, int displayId) { if (UserHandle.isCore(uid)) { return false; } if (mVirtualDeviceManager == null) { mVirtualDeviceManager = LocalServices.getService( VirtualDeviceManagerInternal.class); if (mVirtualDeviceManager == null) { // VirtualDeviceManager service may not have been published return false; } } switch (displayId) { case Display.INVALID_DISPLAY: // There is no Display object associated with the Context of the calling app. if (mVirtualDeviceManager.isAppRunningOnAnyVirtualDevice(uid)) { return true; } break; case Display.DEFAULT_DISPLAY: // The DEFAULT_DISPLAY is by definition not virtual. break; default: // Other display IDs can belong to logical displays created for other purposes. if (mVirtualDeviceManager.isDisplayOwnedByAnyVirtualDevice(displayId)) { return true; } break; } return false; } @Override public boolean isDeviceLocked(int userId, int displayId) throws RemoteException { int uid = getCallingUid(); if (isAppOrDisplayOnAnyVirtualDevice(uid, displayId)) { // Virtual displays are considered insecure because they may be used for streaming // to other devices. public boolean isDeviceLocked(int userId, int deviceId) throws RemoteException { if (deviceId != Context.DEVICE_ID_DEFAULT) { // Virtual devices are considered insecure. return false; } userId = ActivityManager.handleIncomingUser(getCallingPid(), uid, userId, userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, false /* allowAll */, true /* requireFull */, "isDeviceLocked", null); final long token = Binder.clearCallingIdentity(); Loading @@ -1588,15 +1542,12 @@ public class TrustManagerService extends SystemService { } @Override public boolean isDeviceSecure(int userId, int displayId) throws RemoteException { int uid = getCallingUid(); if (isAppOrDisplayOnAnyVirtualDevice(uid, displayId)) { // Virtual displays are considered insecure because they may be used for streaming // to other devices. public boolean isDeviceSecure(int userId, int deviceId) throws RemoteException { if (deviceId != Context.DEVICE_ID_DEFAULT) { // Virtual devices are considered insecure. return false; } userId = ActivityManager.handleIncomingUser(getCallingPid(), uid, userId, userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId, false /* allowAll */, true /* requireFull */, "isDeviceSecure", null); final long token = Binder.clearCallingIdentity(); Loading
