Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eb05c18c authored by Alex Stetson's avatar Alex Stetson
Browse files

Get keyguard state from UserManager lock state for bg users 

If a visible background user is secure, the TrustManagerService will
always assert they are showing keyguard. However, this may not always be
the case - should the user be unlocked, the keyguard is no longer
showing and the TrustManager should be updated to reflect this.

Bug: 365626480
Test: atest FrameworksMockingServicesTests:TrustManagerServiceTest
Flag: NONE bugfix
Change-Id: Iee29496bbc23e9e440c9e59592e77c19f8757f13
parent 203cdd3f

services/core/java/com/android/server/trust/TrustManagerService.java

+14 −0
Original line number Diff line number Diff line
@@ -89,6 +89,7 @@ import com.android.internal.widget.LockSettingsInternal; 
import com.android.internal.widget.LockSettingsStateListener;

import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.pm.UserManagerInternal;

import com.android.server.servicewatcher.CurrentUserServiceSupplier;

import com.android.server.servicewatcher.ServiceWatcher;

import com.android.server.utils.Slogf;
@@ -170,6 +171,7 @@ public class TrustManagerService extends SystemService { 
    private final ActivityManager mActivityManager;

    private FingerprintManager mFingerprintManager;

    private FaceManager mFaceManager;

    private UserManagerInternal mUserManagerInternal;



    private enum TrustState {

        // UNTRUSTED means that TrustManagerService is currently *not* giving permission for the
@@ -1064,6 +1066,8 @@ public class TrustManagerService extends SystemService { 
                    Log.w(TAG, "Unable to check keyguard lock state", e);

                }

                currentUserIsUnlocked = unlockedUser == id;

            } else if (isVisibleBackgroundUser(id)) {

                showingKeyguard = !mUserManager.isUserUnlocked(id);

            }

            final boolean deviceLocked = secure && showingKeyguard && !trusted

                    && !biometricAuthenticated;
@@ -1095,6 +1099,16 @@ public class TrustManagerService extends SystemService { 
        }

    }



    private boolean isVisibleBackgroundUser(int userId) {

        if (!mUserManager.isVisibleBackgroundUsersSupported()) {

            return false;

        }

        if (mUserManagerInternal == null) {

            mUserManagerInternal = LocalServices.getService(UserManagerInternal.class);

        }

        return mUserManagerInternal.isVisibleBackgroundFullUser(userId);

    }



    private void notifyTrustAgentsOfDeviceLockState(int userId, boolean isLocked) {

        for (int i = 0; i < mActiveAgents.size(); i++) {

            AgentInfo agent = mActiveAgents.valueAt(i);

services/tests/mockingservicestests/src/com/android/server/trust/TrustManagerServiceTest.java

+52 −0
Original line number Diff line number Diff line
@@ -100,6 +100,7 @@ import com.android.modules.utils.testing.ExtendedMockitoRule; 
import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.SystemServiceManager;

import com.android.server.pm.UserManagerInternal;



import org.junit.After;

import org.junit.Before;
@@ -145,6 +146,7 @@ public class TrustManagerServiceTest { 


    private static final String URI_SCHEME_PACKAGE = "package";

    private static final int TEST_USER_ID = 50;

    private static final int TEST_VISIBLE_BACKGROUND_USER_ID = 51;

    private static final UserInfo TEST_USER =

            new UserInfo(TEST_USER_ID, "user", UserInfo.FLAG_FULL);

    private static final int PARENT_USER_ID = 60;
@@ -170,6 +172,7 @@ public class TrustManagerServiceTest { 
    private @Mock KeyStoreAuthorization mKeyStoreAuthorization;

    private @Mock LockPatternUtils mLockPatternUtils;

    private @Mock LockSettingsInternal mLockSettingsInternal;

    private @Mock UserManagerInternal mUserManagerInternal;

    private @Mock PackageManager mPackageManager;

    private @Mock UserManager mUserManager;

    private @Mock IWindowManager mWindowManager;
@@ -224,6 +227,7 @@ public class TrustManagerServiceTest { 
        when(mUserManager.getAliveUsers()).thenReturn(List.of(TEST_USER));

        when(mUserManager.getEnabledProfileIds(TEST_USER_ID)).thenReturn(new int[0]);

        when(mUserManager.getUserInfo(TEST_USER_ID)).thenReturn(TEST_USER);

        when(mUserManager.isVisibleBackgroundUsersSupported()).thenReturn(false);



        when(mWindowManager.isKeyguardLocked()).thenReturn(true);
@@ -593,6 +597,54 @@ public class TrustManagerServiceTest { 
        verify(mTrustListener, never()).onTrustManagedChanged(anyBoolean(), anyInt());

    }



    @Test

    public void testDeviceLocked_visibleBackgroundUser_userLocked() throws RemoteException {

        setupVisibleBackgroundUser(/* visible= */ true, /* unlocked= */ false);

        mService.waitForIdle();

        mTrustManager.reportEnabledTrustAgentsChanged(TEST_VISIBLE_BACKGROUND_USER_ID);

        mService.waitForIdle();

        assertThat(mService.isDeviceLockedInner(TEST_VISIBLE_BACKGROUND_USER_ID)).isTrue();

    }



    @Test

    public void testDeviceLocked_visibleBackgroundUser_userUnlocked() throws RemoteException {

        setupVisibleBackgroundUser(/* visible= */ true, /* unlocked= */ true);

        mService.waitForIdle();

        mTrustManager.reportEnabledTrustAgentsChanged(TEST_VISIBLE_BACKGROUND_USER_ID);

        mService.waitForIdle();

        assertThat(mService.isDeviceLockedInner(TEST_VISIBLE_BACKGROUND_USER_ID)).isFalse();

    }



    @Test

    public void testDeviceLocked_invisibleBackgroundUser_userUnlocked() throws RemoteException {

        setupVisibleBackgroundUser(/* visible= */ false, /* unlocked= */ true);

        mService.waitForIdle();

        mTrustManager.reportEnabledTrustAgentsChanged(TEST_VISIBLE_BACKGROUND_USER_ID);

        mService.waitForIdle();

        assertThat(mService.isDeviceLockedInner(TEST_VISIBLE_BACKGROUND_USER_ID)).isTrue();

    }



    private void setupVisibleBackgroundUser(boolean visible, boolean unlocked) {

        UserInfo info = new UserInfo(TEST_VISIBLE_BACKGROUND_USER_ID, "visible bg user",

                UserInfo.FLAG_FULL);



        when(mActivityManager.isUserRunning(TEST_VISIBLE_BACKGROUND_USER_ID)).thenReturn(true);



        when(mLockPatternUtils.isSecure(TEST_VISIBLE_BACKGROUND_USER_ID)).thenReturn(true);



        when(mUserManager.getAliveUsers()).thenReturn(List.of(TEST_USER, info));

        when(mUserManager.getEnabledProfileIds(TEST_VISIBLE_BACKGROUND_USER_ID)).thenReturn(

                new int[0]);

        when(mUserManager.getUserInfo(TEST_VISIBLE_BACKGROUND_USER_ID)).thenReturn(info);

        when(mUserManager.isUserUnlocked(TEST_VISIBLE_BACKGROUND_USER_ID)).thenReturn(unlocked);

        when(mUserManager.isVisibleBackgroundUsersSupported()).thenReturn(true);



        LocalServices.removeServiceForTest(UserManagerInternal.class);

        LocalServices.addService(UserManagerInternal.class, mUserManagerInternal);

        when(mUserManagerInternal.isVisibleBackgroundFullUser(

                TEST_VISIBLE_BACKGROUND_USER_ID)).thenReturn(visible);

    }



    private void setUpRenewableTrust(ITrustAgentService trustAgent) throws RemoteException {

        ITrustAgentServiceCallback callback = getCallback(trustAgent);

        callback.setManagingTrust(true);