Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e303bf44 authored by Jim Miller's avatar Jim Miller
Browse files

Update TrustAgentService API after review 

This change incorporates API council feedback and enables the
TrustAgent whitelisting API.

It also contains a minor cleanup of DPM's use of UserHandle
to eliminate unnecessary object creation.

Fixes bug 17008504

Change-Id: I63cc50169fde54b34406845818bcaf6aadc1a3db
parent 12b239e6

api/current.txt

+2 −0
Original line number Diff line number Diff line
@@ -5317,6 +5317,7 @@ package android.app.admin { 
    method public boolean getScreenCaptureDisabled(android.content.ComponentName);

    method public boolean getStorageEncryption(android.content.ComponentName);

    method public int getStorageEncryptionStatus();

    method public java.util.List<android.os.PersistableBundle> getTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName);

    method public boolean hasCaCertInstalled(android.content.ComponentName, byte[]);

    method public boolean hasGrantedPolicy(android.content.ComponentName, int);

    method public boolean installCaCert(android.content.ComponentName, byte[]);
@@ -5365,6 +5366,7 @@ package android.app.admin { 
    method public void setScreenCaptureDisabled(android.content.ComponentName, boolean);

    method public void setSecureSetting(android.content.ComponentName, java.lang.String, java.lang.String);

    method public int setStorageEncryption(android.content.ComponentName, boolean);

    method public void setTrustAgentConfiguration(android.content.ComponentName, android.content.ComponentName, android.os.PersistableBundle);

    method public void setUninstallBlocked(android.content.ComponentName, java.lang.String, boolean);

    method public boolean switchUser(android.content.ComponentName, android.os.UserHandle);

    method public void uninstallAllUserCaCerts(android.content.ComponentName);

core/java/android/app/admin/DevicePolicyManager.java

+31 −19
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ import android.content.pm.ResolveInfo; 
import android.net.ProxyInfo;

import android.os.Bundle;

import android.os.Handler;

import android.os.PersistableBundle;

import android.os.Process;

import android.os.RemoteCallback;

import android.os.RemoteException;
@@ -40,6 +41,7 @@ import android.os.UserManager; 
import android.provider.Settings;

import android.security.Credentials;

import android.service.restrictions.RestrictionsReceiver;

import android.service.trust.TrustAgentService;

import android.util.Log;



import com.android.org.conscrypt.TrustedCertificateStore;
@@ -2604,25 +2606,29 @@ public class DevicePolicyManager { 
    }



    /**

     * Sets a list of features to enable for a TrustAgent component. This is meant to be

     * used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which will disable all

     * trust agents but those with features enabled by this function call.

     * Sets a list of configuration features to enable for a TrustAgent component. This is meant

     * to be used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which disables all

     * trust agents but those enabled by this function call. If flag

     * {@link #KEYGUARD_DISABLE_TRUST_AGENTS} is not set, then this call has no effect.

     *

     * <p>The calling device admin must have requested

     * {@link DeviceAdminInfo#USES_POLICY_DISABLE_KEYGUARD_FEATURES} to be able to call

     * this method; if it has not, a security exception will be thrown.

     * this method; if not, a security exception will be thrown.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param agent Which component to enable features for.

     * @param features List of features to enable. Consult specific TrustAgent documentation for

     * the feature list.

     * @hide

     * @param target Component name of the agent to be enabled.

     * @param options TrustAgent-specific feature bundle. If null for any admin, agent

     * will be strictly disabled according to the state of the

     *  {@link #KEYGUARD_DISABLE_TRUST_AGENTS} flag.

     * <p>If {@link #KEYGUARD_DISABLE_TRUST_AGENTS} is set and options is not null for all admins,

     * then it's up to the TrustAgent itself to aggregate the values from all device admins.

     * <p>Consult documentation for the specific TrustAgent to determine legal options parameters.

     */

    public void setTrustAgentFeaturesEnabled(ComponentName admin, ComponentName agent,

            List<String> features) {

    public void setTrustAgentConfiguration(ComponentName admin, ComponentName target,

            PersistableBundle options) {

        if (mService != null) {

            try {

                mService.setTrustAgentFeaturesEnabled(admin, agent, features, UserHandle.myUserId());

                mService.setTrustAgentConfiguration(admin, target, options, UserHandle.myUserId());

            } catch (RemoteException e) {

                Log.w(TAG, "Failed talking with device policy service", e);

            }
@@ -2630,24 +2636,30 @@ public class DevicePolicyManager { 
    }



    /**

     * Gets list of enabled features for the given TrustAgent component. If admin is

     * null, this will return the intersection of all features enabled for the given agent by all

     * admins.

     * Gets configuration for the given trust agent based on aggregating all calls to

     * {@link #setTrustAgentConfiguration(ComponentName, ComponentName, PersistableBundle)} for

     * all device admins.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param agent Which component to get enabled features for.

     * @return List of enabled features.

     * @hide

     * @return configuration for the given trust agent.

     */

    public List<String> getTrustAgentFeaturesEnabled(ComponentName admin, ComponentName agent) {

    public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin,

            ComponentName agent) {

        return getTrustAgentConfiguration(admin, agent, UserHandle.myUserId());

    }



    /** @hide per-user version */

    public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin,

            ComponentName agent, int userHandle) {

        if (mService != null) {

            try {

                return mService.getTrustAgentFeaturesEnabled(admin, agent, UserHandle.myUserId());

                return mService.getTrustAgentConfiguration(admin, agent, userHandle);

            } catch (RemoteException e) {

                Log.w(TAG, "Failed talking with device policy service", e);

            }

        }

        return new ArrayList<String>(); // empty list

        return new ArrayList<PersistableBundle>(); // empty list

    }



    /**

core/java/android/app/admin/IDevicePolicyManager.aidl

+5 −2
Original line number Diff line number Diff line
@@ -22,6 +22,7 @@ import android.content.Intent; 
import android.content.IntentFilter;

import android.net.ProxyInfo;

import android.os.Bundle;

import android.os.PersistableBundle;

import android.os.RemoteCallback;

import android.os.UserHandle;

import java.util.List;
@@ -183,8 +184,10 @@ interface IDevicePolicyManager { 
    boolean getCrossProfileCallerIdDisabled(in ComponentName who);

    boolean getCrossProfileCallerIdDisabledForUser(int userId);



    void setTrustAgentFeaturesEnabled(in ComponentName admin, in ComponentName agent, in List<String> features, int userId);

    List<String> getTrustAgentFeaturesEnabled(in ComponentName admin, in ComponentName agent, int userId);

    void setTrustAgentConfiguration(in ComponentName admin, in ComponentName agent,

            in PersistableBundle args, int userId);

    List<PersistableBundle> getTrustAgentConfiguration(in ComponentName admin,

            in ComponentName agent, int userId);



    boolean addCrossProfileWidgetProvider(in ComponentName admin, String packageName);

    boolean removeCrossProfileWidgetProvider(in ComponentName admin, String packageName);

core/java/android/service/trust/ITrustAgentService.aidl

+2 −2
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ 
 */

package android.service.trust;



import android.os.Bundle;

import android.os.PersistableBundle;

import android.service.trust.ITrustAgentServiceCallback;



/**
@@ -25,6 +25,6 @@ import android.service.trust.ITrustAgentServiceCallback; 
interface ITrustAgentService {

    oneway void onUnlockAttempt(boolean successful);

    oneway void onTrustTimeout();

    oneway void onConfigure(in List<PersistableBundle> options, IBinder token);

    oneway void setCallback(ITrustAgentServiceCallback callback);

    oneway void setTrustAgentFeaturesEnabled(in Bundle options, IBinder token);

}

core/java/android/service/trust/ITrustAgentServiceCallback.aidl

+1 −1
Original line number Diff line number Diff line
@@ -27,5 +27,5 @@ oneway interface ITrustAgentServiceCallback { 
    void grantTrust(CharSequence message, long durationMs, boolean initiatedByUser);

    void revokeTrust();

    void setManagingTrust(boolean managingTrust);

    void onSetTrustAgentFeaturesEnabledCompleted(boolean result, IBinder token);

    void onConfigureCompleted(boolean result, IBinder token);

}