Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd00f7a7 authored by Eric Biggers's avatar Eric Biggers Committed by Gerrit Code Review
Browse files

Merge changes I57de36ba,I75d58e09 into main 

* changes:
  TrustManagerService: remove ENABLE_ACTIVE_UNLOCK_FLAG
  Fix timer bug in TrustManagerService.
parents c5d7c01f 23529870

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+0 −3
Original line number Diff line number Diff line
@@ -120,9 +120,6 @@ public class TrustAgentWrapper { 
    private final BroadcastReceiver mTrustableDowngradeReceiver = new BroadcastReceiver() {

        @Override

        public void onReceive(Context context, Intent intent) {

            if (!TrustManagerService.ENABLE_ACTIVE_UNLOCK_FLAG) {

                return;

            }

            // are these the broadcasts we want to listen to

            if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())) {

                downgradeToTrustable();

services/core/java/com/android/server/trust/TrustManagerService.java

+37 −107
Original line number Diff line number Diff line
@@ -57,7 +57,6 @@ import android.os.Message; 
import android.os.PersistableBundle;

import android.os.RemoteException;

import android.os.SystemClock;

import android.os.SystemProperties;

import android.os.UserHandle;

import android.os.UserManager;

import android.provider.Settings;
@@ -161,10 +160,6 @@ public class TrustManagerService extends SystemService { 
    @GuardedBy("mUserIsTrusted")

    private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();



    //TODO(b/215724686): remove flag

    public static final boolean ENABLE_ACTIVE_UNLOCK_FLAG = SystemProperties.getBoolean(

            "fw.enable_active_unlock_flag", true);



    private enum TrustState {

        UNTRUSTED, // the phone is not unlocked by any trustagents

        TRUSTABLE, // the phone is in a semi-locked state that can be unlocked if
@@ -393,6 +388,23 @@ public class TrustManagerService extends SystemService { 
                true /* overrideHardTimeout */);

    }



    private void cancelBothTrustableAlarms(int userId) {

        TrustableTimeoutAlarmListener idleTimeout =

                mIdleTrustableTimeoutAlarmListenerForUser.get(

                        userId);

        TrustableTimeoutAlarmListener trustableTimeout =

                mTrustableTimeoutAlarmListenerForUser.get(

                        userId);

        if (idleTimeout != null && idleTimeout.isQueued()) {

            idleTimeout.setQueued(false);

            mAlarmManager.cancel(idleTimeout);

        }

        if (trustableTimeout != null && trustableTimeout.isQueued()) {

            trustableTimeout.setQueued(false);

            mAlarmManager.cancel(trustableTimeout);

        }

    }



    private void handleScheduleTrustedTimeout(int userId, boolean shouldOverride) {

        long when = SystemClock.elapsedRealtime() + TRUST_TIMEOUT_IN_MILLIS;

        TrustedTimeoutAlarmListener alarm = mTrustTimeoutAlarmListenerForUser.get(userId);
@@ -521,69 +533,6 @@ public class TrustManagerService extends SystemService { 
            int flags,

            boolean isFromUnlock,

            @Nullable AndroidFuture<GrantTrustResult> resultCallback) {

        if (ENABLE_ACTIVE_UNLOCK_FLAG) {

            updateTrustWithRenewableUnlock(userId, flags, isFromUnlock, resultCallback);

        } else {

            updateTrustWithNonrenewableTrust(userId, flags, isFromUnlock);

        }

    }



    private void updateTrustWithNonrenewableTrust(int userId, int flags, boolean isFromUnlock) {

        boolean managed = aggregateIsTrustManaged(userId);

        dispatchOnTrustManagedChanged(managed, userId);

        if (mStrongAuthTracker.isTrustAllowedForUser(userId)

                && isTrustUsuallyManagedInternal(userId) != managed) {

            updateTrustUsuallyManaged(userId, managed);

        }



        boolean trusted = aggregateIsTrusted(userId);

        IWindowManager wm = WindowManagerGlobal.getWindowManagerService();

        boolean showingKeyguard = true;

        try {

            showingKeyguard = wm.isKeyguardLocked();

        } catch (RemoteException e) {

        }



        boolean changed;

        synchronized (mUserIsTrusted) {

            if (mSettingsObserver.getTrustAgentsNonrenewableTrust()) {

                // For non-renewable trust agents can only set the device to trusted if it already

                // trusted or the device is unlocked. Attempting to set the device as trusted

                // when the device is locked will be ignored.

                changed = mUserIsTrusted.get(userId) != trusted;

                trusted = trusted

                        && (!showingKeyguard || isFromUnlock || !changed)

                        && userId == mCurrentUser;

                if (DEBUG) {

                    Slog.d(TAG, "Extend unlock setting trusted as " + Boolean.toString(trusted)

                            + " && " + Boolean.toString(!showingKeyguard)

                            + " && " + Boolean.toString(userId == mCurrentUser));

                }

            }

            changed = mUserIsTrusted.get(userId) != trusted;

            mUserIsTrusted.put(userId, trusted);

        }

        dispatchOnTrustChanged(

                trusted,

                false /* newlyUnlocked */,

                userId,

                flags,

                getTrustGrantedMessages(userId));

        if (changed) {

            refreshDeviceLockedForUser(userId);

            if (!trusted) {

                maybeLockScreen(userId);

            } else {

                scheduleTrustTimeout(false /* override */, false /* isTrustableTimeout*/);

            }

        }

    }



    private void updateTrustWithRenewableUnlock(

            int userId,

            int flags,

            boolean isFromUnlock,

            @Nullable AndroidFuture<GrantTrustResult> resultCallback) {

        boolean managed = aggregateIsTrustManaged(userId);

        dispatchOnTrustManagedChanged(managed, userId);

        if (mStrongAuthTracker.isTrustAllowedForUser(userId)
@@ -657,6 +606,11 @@ public class TrustManagerService extends SystemService { 
                resultCallback.complete(new GrantTrustResult(STATUS_UNLOCKED_BY_GRANT));

            }

        }



        if ((wasTrusted || wasTrustable) && pendingTrustState == TrustState.UNTRUSTED) {

            if (DEBUG) Slog.d(TAG, "Trust was revoked, destroy trustable alarms");

            cancelBothTrustableAlarms(userId);

        }

    }



    private void updateTrustUsuallyManaged(int userId, boolean managed) {
@@ -1903,7 +1857,11 @@ public class TrustManagerService extends SystemService { 
                    handleScheduleTrustTimeout(shouldOverride, timeoutType);

                    break;

                case MSG_REFRESH_TRUSTABLE_TIMERS_AFTER_AUTH:

                    TrustableTimeoutAlarmListener trustableAlarm =

                            mTrustableTimeoutAlarmListenerForUser.get(msg.arg1);

                    if (trustableAlarm != null && trustableAlarm.isQueued()) {

                        refreshTrustableTimers(msg.arg1);

                    }

                    break;

            }

        }
@@ -2118,17 +2076,12 @@ public class TrustManagerService extends SystemService { 


        @Override

        public void handleAlarm() {

            TrustableTimeoutAlarmListener otherAlarm;

            boolean otherAlarmPresent;

            if (ENABLE_ACTIVE_UNLOCK_FLAG) {

                otherAlarm = mTrustableTimeoutAlarmListenerForUser.get(mUserId);

                otherAlarmPresent = (otherAlarm != null) && otherAlarm.isQueued();

                if (otherAlarmPresent) {

            TrustableTimeoutAlarmListener otherAlarm =

                    mTrustableTimeoutAlarmListenerForUser.get(mUserId);

            if (otherAlarm != null && otherAlarm.isQueued()) {

                synchronized (mAlarmLock) {

                    disableNonrenewableTrustWhileRenewableTrustIsPresent();

                }

                    return;

                }

            }

        }
@@ -2152,35 +2105,12 @@ public class TrustManagerService extends SystemService { 


        @Override

        public void handleAlarm() {

            TrustedTimeoutAlarmListener otherAlarm;

            boolean otherAlarmPresent;

            if (ENABLE_ACTIVE_UNLOCK_FLAG) {

                cancelBothTrustableAlarms();

                otherAlarm = mTrustTimeoutAlarmListenerForUser.get(mUserId);

                otherAlarmPresent = (otherAlarm != null) && otherAlarm.isQueued();

                if (otherAlarmPresent) {

            cancelBothTrustableAlarms(mUserId);

            TrustedTimeoutAlarmListener otherAlarm = mTrustTimeoutAlarmListenerForUser.get(mUserId);

            if (otherAlarm != null && otherAlarm.isQueued()) {

                synchronized (mAlarmLock) {

                    disableRenewableTrustWhileNonrenewableTrustIsPresent();

                }

                    return;

                }

            }

        }



        private void cancelBothTrustableAlarms() {

            TrustableTimeoutAlarmListener idleTimeout =

                    mIdleTrustableTimeoutAlarmListenerForUser.get(

                            mUserId);

            TrustableTimeoutAlarmListener trustableTimeout =

                    mTrustableTimeoutAlarmListenerForUser.get(

                            mUserId);

            if (idleTimeout != null && idleTimeout.isQueued()) {

                idleTimeout.setQueued(false);

                mAlarmManager.cancel(idleTimeout);

            }

            if (trustableTimeout != null && trustableTimeout.isQueued()) {

                trustableTimeout.setQueued(false);

                mAlarmManager.cancel(trustableTimeout);

            }

        }