Loading core/java/android/app/trust/ITrustManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -34,4 +34,6 @@ interface ITrustManager { boolean isDeviceLocked(int userId); boolean isDeviceSecure(int userId); boolean isTrustUsuallyManaged(int userId); void unlockedByFingerprintForUser(int userId); void clearAllFingerprints(); } core/java/android/app/trust/TrustManager.java +26 −2 Original line number Diff line number Diff line Loading @@ -25,8 +25,6 @@ import android.os.Message; import android.os.RemoteException; import android.util.ArrayMap; import com.android.internal.widget.LockPatternUtils; /** * See {@link com.android.server.trust.TrustManagerService} * @hide Loading Loading @@ -184,6 +182,32 @@ public class TrustManager { } } /** * Updates the trust state for the user due to the user unlocking via fingerprint. * Should only be called if user authenticated via fingerprint and bouncer can be skipped. * @param userId */ @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) public void unlockedByFingerprintForUser(int userId) { try { mService.unlockedByFingerprintForUser(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Clears authenticated fingerprints for all users. */ @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) public void clearAllFingerprints() { try { mService.clearAllFingerprints(); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } private final Handler mHandler = new Handler(Looper.getMainLooper()) { @Override public void handleMessage(Message msg) { Loading packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java +5 −0 Original line number Diff line number Diff line Loading @@ -415,6 +415,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { private void onFingerprintAuthenticated(int userId) { Trace.beginSection("KeyGuardUpdateMonitor#onFingerPrintAuthenticated"); mUserFingerprintAuthenticated.put(userId, true); // Update/refresh trust state only if user can skip bouncer if (getUserCanSkipBouncer(userId)) { mTrustManager.unlockedByFingerprintForUser(userId); } // Don't send cancel if authentication succeeds mFingerprintCancelSignal = null; for (int i = 0; i < mCallbacks.size(); i++) { Loading Loading @@ -1649,6 +1653,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { public void clearFingerprintRecognized() { mUserFingerprintAuthenticated.clear(); mTrustManager.clearAllFingerprints(); } public boolean isSimPinVoiceSecure() { Loading services/core/java/com/android/server/trust/TrustManagerService.java +39 −3 Original line number Diff line number Diff line Loading @@ -106,6 +106,7 @@ public class TrustManagerService extends SystemService { private static final int MSG_UNLOCK_USER = 11; private static final int MSG_STOP_USER = 12; private static final int MSG_DISPATCH_UNLOCK_LOCKOUT = 13; private static final int MSG_REFRESH_DEVICE_LOCKED_FOR_USER = 14; private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000; Loading @@ -125,9 +126,13 @@ public class TrustManagerService extends SystemService { @GuardedBy("mDeviceLockedForUser") private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray(); @GuardedBy("mDeviceLockedForUser") @GuardedBy("mTrustUsuallyManagedForUser") private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray(); // set to true only if user can skip bouncer @GuardedBy("mUsersUnlockedByFingerprint") private SparseBooleanArray mUsersUnlockedByFingerprint = new SparseBooleanArray(); private final StrongAuthTracker mStrongAuthTracker; private boolean mTrustAgentsCanRun = false; Loading Loading @@ -409,7 +414,6 @@ public class TrustManagerService extends SystemService { + " must be USER_ALL or a specific user.", new Throwable("here")); userId = UserHandle.USER_ALL; } List<UserInfo> userInfos; if (userId == UserHandle.USER_ALL) { userInfos = mUserManager.getUsers(true /* excludeDying */); Loading @@ -432,13 +436,19 @@ public class TrustManagerService extends SystemService { boolean secure = mLockPatternUtils.isSecure(id); boolean trusted = aggregateIsTrusted(id); boolean showingKeyguard = true; boolean fingerprintAuthenticated = false; if (mCurrentUser == id) { synchronized(mUsersUnlockedByFingerprint) { fingerprintAuthenticated = mUsersUnlockedByFingerprint.get(id, false); } try { showingKeyguard = wm.isKeyguardLocked(); } catch (RemoteException e) { } } boolean deviceLocked = secure && showingKeyguard && !trusted; boolean deviceLocked = secure && showingKeyguard && !trusted && !fingerprintAuthenticated; setDeviceLockedForUser(id, deviceLocked); } } Loading Loading @@ -986,6 +996,26 @@ public class TrustManagerService extends SystemService { "query trust state"); return isTrustUsuallyManagedInternal(userId); } @Override public void unlockedByFingerprintForUser(int userId) { enforceReportPermission(); synchronized(mUsersUnlockedByFingerprint) { mUsersUnlockedByFingerprint.put(userId, true); } mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, userId, 0 /* arg2 */).sendToTarget(); } @Override public void clearAllFingerprints() { enforceReportPermission(); synchronized(mUsersUnlockedByFingerprint) { mUsersUnlockedByFingerprint.clear(); } mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, UserHandle.USER_ALL, 0 /* arg2 */).sendToTarget(); } }; private boolean isTrustUsuallyManagedInternal(int userId) { Loading Loading @@ -1073,6 +1103,9 @@ public class TrustManagerService extends SystemService { } } break; case MSG_REFRESH_DEVICE_LOCKED_FOR_USER: refreshDeviceLockedForUser(msg.arg1); break; } } }; Loading Loading @@ -1132,6 +1165,9 @@ public class TrustManagerService extends SystemService { synchronized (mTrustUsuallyManagedForUser) { mTrustUsuallyManagedForUser.delete(userId); } synchronized (mUsersUnlockedByFingerprint) { mUsersUnlockedByFingerprint.delete(userId); } refreshAgentList(userId); refreshDeviceLockedForUser(userId); } Loading Loading
core/java/android/app/trust/ITrustManager.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -34,4 +34,6 @@ interface ITrustManager { boolean isDeviceLocked(int userId); boolean isDeviceSecure(int userId); boolean isTrustUsuallyManaged(int userId); void unlockedByFingerprintForUser(int userId); void clearAllFingerprints(); }
core/java/android/app/trust/TrustManager.java +26 −2 Original line number Diff line number Diff line Loading @@ -25,8 +25,6 @@ import android.os.Message; import android.os.RemoteException; import android.util.ArrayMap; import com.android.internal.widget.LockPatternUtils; /** * See {@link com.android.server.trust.TrustManagerService} * @hide Loading Loading @@ -184,6 +182,32 @@ public class TrustManager { } } /** * Updates the trust state for the user due to the user unlocking via fingerprint. * Should only be called if user authenticated via fingerprint and bouncer can be skipped. * @param userId */ @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) public void unlockedByFingerprintForUser(int userId) { try { mService.unlockedByFingerprintForUser(userId); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } /** * Clears authenticated fingerprints for all users. */ @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE) public void clearAllFingerprints() { try { mService.clearAllFingerprints(); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } private final Handler mHandler = new Handler(Looper.getMainLooper()) { @Override public void handleMessage(Message msg) { Loading
packages/SystemUI/src/com/android/keyguard/KeyguardUpdateMonitor.java +5 −0 Original line number Diff line number Diff line Loading @@ -415,6 +415,10 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { private void onFingerprintAuthenticated(int userId) { Trace.beginSection("KeyGuardUpdateMonitor#onFingerPrintAuthenticated"); mUserFingerprintAuthenticated.put(userId, true); // Update/refresh trust state only if user can skip bouncer if (getUserCanSkipBouncer(userId)) { mTrustManager.unlockedByFingerprintForUser(userId); } // Don't send cancel if authentication succeeds mFingerprintCancelSignal = null; for (int i = 0; i < mCallbacks.size(); i++) { Loading Loading @@ -1649,6 +1653,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener { public void clearFingerprintRecognized() { mUserFingerprintAuthenticated.clear(); mTrustManager.clearAllFingerprints(); } public boolean isSimPinVoiceSecure() { Loading
services/core/java/com/android/server/trust/TrustManagerService.java +39 −3 Original line number Diff line number Diff line Loading @@ -106,6 +106,7 @@ public class TrustManagerService extends SystemService { private static final int MSG_UNLOCK_USER = 11; private static final int MSG_STOP_USER = 12; private static final int MSG_DISPATCH_UNLOCK_LOCKOUT = 13; private static final int MSG_REFRESH_DEVICE_LOCKED_FOR_USER = 14; private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000; Loading @@ -125,9 +126,13 @@ public class TrustManagerService extends SystemService { @GuardedBy("mDeviceLockedForUser") private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray(); @GuardedBy("mDeviceLockedForUser") @GuardedBy("mTrustUsuallyManagedForUser") private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray(); // set to true only if user can skip bouncer @GuardedBy("mUsersUnlockedByFingerprint") private SparseBooleanArray mUsersUnlockedByFingerprint = new SparseBooleanArray(); private final StrongAuthTracker mStrongAuthTracker; private boolean mTrustAgentsCanRun = false; Loading Loading @@ -409,7 +414,6 @@ public class TrustManagerService extends SystemService { + " must be USER_ALL or a specific user.", new Throwable("here")); userId = UserHandle.USER_ALL; } List<UserInfo> userInfos; if (userId == UserHandle.USER_ALL) { userInfos = mUserManager.getUsers(true /* excludeDying */); Loading @@ -432,13 +436,19 @@ public class TrustManagerService extends SystemService { boolean secure = mLockPatternUtils.isSecure(id); boolean trusted = aggregateIsTrusted(id); boolean showingKeyguard = true; boolean fingerprintAuthenticated = false; if (mCurrentUser == id) { synchronized(mUsersUnlockedByFingerprint) { fingerprintAuthenticated = mUsersUnlockedByFingerprint.get(id, false); } try { showingKeyguard = wm.isKeyguardLocked(); } catch (RemoteException e) { } } boolean deviceLocked = secure && showingKeyguard && !trusted; boolean deviceLocked = secure && showingKeyguard && !trusted && !fingerprintAuthenticated; setDeviceLockedForUser(id, deviceLocked); } } Loading Loading @@ -986,6 +996,26 @@ public class TrustManagerService extends SystemService { "query trust state"); return isTrustUsuallyManagedInternal(userId); } @Override public void unlockedByFingerprintForUser(int userId) { enforceReportPermission(); synchronized(mUsersUnlockedByFingerprint) { mUsersUnlockedByFingerprint.put(userId, true); } mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, userId, 0 /* arg2 */).sendToTarget(); } @Override public void clearAllFingerprints() { enforceReportPermission(); synchronized(mUsersUnlockedByFingerprint) { mUsersUnlockedByFingerprint.clear(); } mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, UserHandle.USER_ALL, 0 /* arg2 */).sendToTarget(); } }; private boolean isTrustUsuallyManagedInternal(int userId) { Loading Loading @@ -1073,6 +1103,9 @@ public class TrustManagerService extends SystemService { } } break; case MSG_REFRESH_DEVICE_LOCKED_FOR_USER: refreshDeviceLockedForUser(msg.arg1); break; } } }; Loading Loading @@ -1132,6 +1165,9 @@ public class TrustManagerService extends SystemService { synchronized (mTrustUsuallyManagedForUser) { mTrustUsuallyManagedForUser.delete(userId); } synchronized (mUsersUnlockedByFingerprint) { mUsersUnlockedByFingerprint.delete(userId); } refreshAgentList(userId); refreshDeviceLockedForUser(userId); } Loading
