Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a7da0e26 authored by Dave McCloskey's avatar Dave McCloskey
Browse files

Changes to support adding CTS Test TrustTestCases. 

Bug: 213631672
Test: atest TrustTestCases

Change-Id: I43bffe76cca38171f19538740a25eb5d3cb09c54
parent 615951d1

core/api/test-current.txt

+20 −2
Original line number Diff line number Diff line
@@ -2,6 +2,7 @@ 
package android {



  public static final class Manifest.permission {

    field public static final String ACCESS_KEYGUARD_SECURE_STORAGE = "android.permission.ACCESS_KEYGUARD_SECURE_STORAGE";

    field public static final String ACCESS_NOTIFICATIONS = "android.permission.ACCESS_NOTIFICATIONS";

    field public static final String ACTIVITY_EMBEDDING = "android.permission.ACTIVITY_EMBEDDING";

    field public static final String APPROVE_INCIDENT_REPORTS = "android.permission.APPROVE_INCIDENT_REPORTS";
@@ -280,8 +281,8 @@ package android.app { 
  }



  public class KeyguardManager {

    method @RequiresPermission(anyOf={android.Manifest.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS, "android.permission.ACCESS_KEYGUARD_SECURE_STORAGE"}) public boolean checkLock(int, @Nullable byte[]);

    method @RequiresPermission(anyOf={android.Manifest.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS, "android.permission.ACCESS_KEYGUARD_SECURE_STORAGE"}) public boolean setLock(int, @Nullable byte[], int, @Nullable byte[]);

    method @RequiresPermission(anyOf={android.Manifest.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS, android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE}) public boolean checkLock(int, @Nullable byte[]);

    method @RequiresPermission(anyOf={android.Manifest.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS, android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE}) public boolean setLock(int, @Nullable byte[], int, @Nullable byte[]);

  }



  public class LocaleManager {
@@ -575,6 +576,15 @@ package android.app.prediction { 


}



package android.app.trust {



  public class TrustManager {

    method @RequiresPermission(android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) public void enableTrustAgentForUserForTest(@NonNull android.content.ComponentName, int);

    method @RequiresPermission(android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) public void reportUserRequestedUnlock(int);

  }



}



package android.app.usage {



  public class NetworkStatsManager {
@@ -2376,6 +2386,14 @@ package android.service.quicksettings { 


}



package android.service.trust {



  public class TrustAgentService extends android.app.Service {

    method public void onUserRequestedUnlock();

  }



}



package android.service.voice {



  public class AlwaysOnHotwordDetector implements android.service.voice.HotwordDetector {

core/java/android/app/trust/ITrustManager.aidl

+2 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
package android.app.trust;



import android.app.trust.ITrustListener;

import android.content.ComponentName;

import android.hardware.biometrics.BiometricSourceType;



/**
@@ -29,6 +30,7 @@ interface ITrustManager { 
    void reportUserRequestedUnlock(int userId);

    void reportUnlockLockout(int timeoutMs, int userId);

    void reportEnabledTrustAgentsChanged(int userId);

    void enableTrustAgentForUserForTest(in ComponentName componentName, int userId);

    void registerTrustListener(in ITrustListener trustListener);

    void unregisterTrustListener(in ITrustListener trustListener);

    void reportKeyguardShowingChanged();

core/java/android/app/trust/TrustManager.java

+67 −6
Original line number Diff line number Diff line
@@ -16,10 +16,14 @@ 


package android.app.trust;



import android.Manifest;

import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;



import android.annotation.NonNull;

import android.annotation.RequiresPermission;

import android.annotation.SystemService;

import android.annotation.TestApi;

import android.compat.annotation.UnsupportedAppUsage;

import android.content.ComponentName;

import android.content.Context;

import android.hardware.biometrics.BiometricSourceType;

import android.os.Handler;
@@ -33,9 +37,17 @@ import java.util.ArrayList; 
import java.util.List;



/**

 * See {@link com.android.server.trust.TrustManagerService}

 * Interface to the system service managing trust.

 *

 * <p>This class is for internal use only. This class is marked {@code @TestApi} to

 * enable testing the trust system including {@link android.service.trust.TrustAgentService}.

 * Methods which are currently not used in tests are marked @hide.

 *

 * @see com.android.server.trust.TrustManagerService

 *

 * @hide

 */

@TestApi

@SystemService(Context.TRUST_SERVICE)

public class TrustManager {
@@ -51,7 +63,8 @@ public class TrustManager { 
    private final ITrustManager mService;

    private final ArrayMap<TrustListener, ITrustListener> mTrustListeners;



    public TrustManager(IBinder b) {

    /** @hide */

    public TrustManager(@NonNull IBinder b) {

        mService = ITrustManager.Stub.asInterface(b);

        mTrustListeners = new ArrayMap<TrustListener, ITrustListener>();

    }
@@ -62,8 +75,10 @@ public class TrustManager { 
     *

     * @param userId The id for the user to be locked/unlocked.

     * @param locked The value for that user's locked state.

     *

     * @hide

     */

    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void setDeviceLockedForUser(int userId, boolean locked) {

        try {

            mService.setDeviceLockedForUser(userId, locked);
@@ -78,8 +93,11 @@ public class TrustManager { 
     * @param successful if true, the unlock attempt was successful.

     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     *

     * @hide

     */

    @UnsupportedAppUsage

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void reportUnlockAttempt(boolean successful, int userId) {

        try {

            mService.reportUnlockAttempt(successful, userId);
@@ -93,6 +111,7 @@ public class TrustManager { 
     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     */

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void reportUserRequestedUnlock(int userId) {

        try {

            mService.reportUserRequestedUnlock(userId);
@@ -112,7 +131,10 @@ public class TrustManager { 
     *    attempt to unlock the device again.

     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     *

     * @hide

     */

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void reportUnlockLockout(int timeoutMs, int userId) {

        try {

            mService.reportUnlockLockout(timeoutMs, userId);
@@ -125,7 +147,10 @@ public class TrustManager { 
     * Reports that the list of enabled trust agents changed for user {@param userId}.

     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     *

     * @hide

     */

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void reportEnabledTrustAgentsChanged(int userId) {

        try {

            mService.reportEnabledTrustAgentsChanged(userId);
@@ -134,11 +159,34 @@ public class TrustManager { 
        }

    }



    /**

     * Enables a trust agent.

     *

     * <p>The agent is specified by {@code componentName} and must be a subclass of

     * {@link android.service.trust.TrustAgentService} and otherwise meet the requirements

     * to be a trust agent.

     *

     * <p>This method can only be used in tests.

     *

     * @param componentName the trust agent to enable

     */

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void enableTrustAgentForUserForTest(@NonNull ComponentName componentName, int userId) {

        try {

            mService.enableTrustAgentForUserForTest(componentName, userId);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

    }



    /**

     * Reports that the visibility of the keyguard has changed.

     *

     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.

     *

     * @hide

     */

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void reportKeyguardShowingChanged() {

        try {

            mService.reportKeyguardShowingChanged();
@@ -151,7 +199,10 @@ public class TrustManager { 
     * Registers a listener for trust events.

     *

     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)

    public void registerTrustListener(final TrustListener trustListener) {

        try {

            ITrustListener.Stub iTrustListener = new ITrustListener.Stub() {
@@ -192,7 +243,10 @@ public class TrustManager { 
     * Unregisters a listener for trust events.

     *

     * Requires the {@link android.Manifest.permission#TRUST_LISTENER} permission.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)

    public void unregisterTrustListener(final TrustListener trustListener) {

        ITrustListener iTrustListener = mTrustListeners.remove(trustListener);

        if (iTrustListener != null) {
@@ -207,6 +261,8 @@ public class TrustManager { 
    /**

     * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term

     * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.

     *

     * @hide

     */

    @RequiresPermission(android.Manifest.permission.TRUST_LISTENER)

    public boolean isTrustUsuallyManaged(int userId) {
@@ -223,8 +279,10 @@ public class TrustManager { 
     * can be skipped.

     *

     * @param userId

     *

     * @hide

     */

    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void unlockedByBiometricForUser(int userId, BiometricSourceType source) {

        try {

            mService.unlockedByBiometricForUser(userId, source);
@@ -235,8 +293,10 @@ public class TrustManager { 


    /**

     * Clears authentication by the specified biometric type for all users.

     *

     * @hide

     */

    @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)

    @RequiresPermission(ACCESS_KEYGUARD_SECURE_STORAGE)

    public void clearAllBiometricRecognized(BiometricSourceType source, int unlockedUser) {

        try {

            mService.clearAllBiometricRecognized(source, unlockedUser);
@@ -264,6 +324,7 @@ public class TrustManager { 
        }

    };



    /** @hide */

    public interface TrustListener {



        /**

core/java/android/service/trust/TrustAgentService.java

+3 −1
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import android.annotation.IntDef; 
import android.annotation.NonNull;

import android.annotation.SdkConstant;

import android.annotation.SystemApi;

import android.annotation.TestApi;

import android.app.Service;

import android.app.admin.DevicePolicyManager;

import android.content.ComponentName;
@@ -310,9 +311,10 @@ public class TrustAgentService extends Service { 
     *

     * @see #FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE

     *

     * TODO(b/213631672): Add CTS tests

     * TODO(b/213631672): Remove @hide and @TestApi

     * @hide

     */

    @TestApi

    public void onUserRequestedUnlock() {

    }

core/res/AndroidManifest.xml

+1 −1
Original line number Diff line number Diff line
@@ -5316,7 +5316,7 @@ 
                android:protectionLevel="signature|setup|role" />



    <!-- Allows access to keyguard secure storage.  Only allowed for system processes.

        @hide -->

         @hide @TestApi -->

    <permission android:name="android.permission.ACCESS_KEYGUARD_SECURE_STORAGE"

        android:protectionLevel="signature|setup" />