Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac8c52db authored by Your Name's avatar Your Name
Browse files

Updating TrustManagerService to react to keyguard visible changes. 

Trustagents should know to downgrade to trustable when the keyguard
visiblity changes. This will fix a bug on tablet where hitting the power
button doesn't sleep the device, and consequently doesn't broadcast the
SCREEN_OFF broadcast which causes the unit tests to fail. This also
fixes a larger issue where if the phone gets unlatched, or if a
trustagent is set up while the phone is unlocked, the phone will be able
to downgrade the trustagent to trustable at the correct time.

As part of this chance, we can remove the USER_PRESENT broadcast which
ends up duplicating the reportKeyguardShowingChanged. Also, in
TemporaryAndRenewableTrustTest.kt, we now grantTrust after waking the
phone which is more realistic and was causing the tests to fail before.

Test: atest TrustTests:TemporaryAndRenewableTrustTests --iterations
Bug: 213631682
Fixes: 231326751
Change-Id: I10a3270ff0b9f12d62acd448ad754f829d843b0e
parent 0567c355

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+16 −11
Original line number Diff line number Diff line
@@ -122,16 +122,9 @@ public class TrustAgentWrapper { 
            if (!TrustManagerService.ENABLE_ACTIVE_UNLOCK_FLAG) {

                return;

            }

            if (!mWaitingForTrustableDowngrade) {

                return;

            }

            // are these the broadcasts we want to listen to

            if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())

                    || Intent.ACTION_USER_PRESENT.equals(intent.getAction())) {

                mTrusted = false;

                mTrustable = true;

                mWaitingForTrustableDowngrade = false;

                mTrustManagerService.updateTrust(mUserId, 0);

            if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())) {

                downgradeToTrustable();

            }

        }

    };
@@ -480,8 +473,7 @@ public class TrustAgentWrapper { 
        final String pathUri = mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME);

        alarmFilter.addDataPath(pathUri, PatternMatcher.PATTERN_LITERAL);



        IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_USER_PRESENT);

        trustableFilter.addAction(Intent.ACTION_SCREEN_OFF);

        IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_SCREEN_OFF);



        // Schedules a restart for when connecting times out. If the connection succeeds,

        // the restart is canceled in mCallback's onConnected.
@@ -668,6 +660,19 @@ public class TrustAgentWrapper { 
        mTrustable = false;

    }



    /**

     * Downgrades the trustagent to trustable as a result of a keyguard or screen related event, and

     * then updates the trust state of the phone to reflect the change.

     */

    public void downgradeToTrustable() {

        if (mWaitingForTrustableDowngrade) {

            mWaitingForTrustableDowngrade = false;

            mTrusted = false;

            mTrustable = true;

            mTrustManagerService.updateTrust(mUserId, 0);

        }

    }



    public boolean isManagingTrust() {

        return mManagingTrust && !mTrustDisabledByDpm;

    }

services/core/java/com/android/server/trust/TrustManagerService.java

+17 −0
Original line number Diff line number Diff line
@@ -1184,6 +1184,22 @@ public class TrustManagerService extends SystemService { 
        return false;

    }



    /**

     * We downgrade to trustable whenever keyguard changes its showing value.

     *  - becomes showing: something has caused the device to show keyguard which happens due to

     *  user intent to lock the device either through direct action or a timeout

     *  - becomes not showing: keyguard was dismissed and we no longer need to keep the device

     *  unlocked

     *  */

    private void dispatchTrustableDowngrade() {

        for (int i = 0; i < mActiveAgents.size(); i++) {

            AgentInfo info = mActiveAgents.valueAt(i);

            if (info.userId == mCurrentUser) {

                info.agent.downgradeToTrustable();

            }

        }

    }



    private List<String> getTrustGrantedMessages(int userId) {

        if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {

            return new ArrayList<>();
@@ -1752,6 +1768,7 @@ public class TrustManagerService extends SystemService { 
                    refreshDeviceLockedForUser(UserHandle.USER_ALL);

                    break;

                case MSG_KEYGUARD_SHOWING_CHANGED:

                    dispatchTrustableDowngrade();

                    refreshDeviceLockedForUser(mCurrentUser);

                    break;

                case MSG_START_USER:

tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt

+5 −6
Original line number Diff line number Diff line
@@ -29,7 +29,7 @@ import androidx.test.ext.junit.rules.ActivityScenarioRule 
import androidx.test.ext.junit.runners.AndroidJUnit4

import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation

import androidx.test.uiautomator.UiDevice

import com.google.common.truth.Truth.assertThat

import android.trust.test.lib.wait

import org.junit.Before

import org.junit.Rule

import org.junit.Test
@@ -74,9 +74,9 @@ class TemporaryAndRenewableTrustTest { 
        uiDevice.sleep()

        lockStateTrackingRule.assertLocked()



        uiDevice.wakeUp()

        trustAgentRule.agent.grantTrust(

            GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}

        uiDevice.wakeUp()



        lockStateTrackingRule.assertLocked()

    }
@@ -98,9 +98,9 @@ class TemporaryAndRenewableTrustTest { 


        lockStateTrackingRule.assertLocked()



        uiDevice.wakeUp()

        trustAgentRule.agent.grantTrust(

            GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}

        uiDevice.wakeUp()



        lockStateTrackingRule.assertUnlocked()

    }
@@ -116,6 +116,7 @@ class TemporaryAndRenewableTrustTest { 
        uiDevice.sleep()



        lockStateTrackingRule.assertLocked()

        uiDevice.wakeUp()



        Log.i(TAG, "Renewing trust and unlocking")

        var result: GrantTrustResult? = null
@@ -124,10 +125,9 @@ class TemporaryAndRenewableTrustTest { 
            Log.i(TAG, "Callback received; status=${it.status}")

            result = it

        }

        uiDevice.wakeUp()

        lockStateTrackingRule.assertUnlocked()



        assertThat(result?.status).isEqualTo(STATUS_UNLOCKED_BY_GRANT)

        wait("callback triggered") { result?.status == STATUS_UNLOCKED_BY_GRANT }

    }



    @Test
@@ -141,7 +141,6 @@ class TemporaryAndRenewableTrustTest { 
        trustAgentRule.agent.revokeTrust()

        await(500)

        uiDevice.wakeUp()

        await(500)



        trustAgentRule.agent.grantTrust(

            GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}