码迷,mamicode.com
首页 > 编程语言 > 详细

TrustManagerService.java

时间:2018-10-06 19:52:44      阅读:244      评论:0      收藏:0      [点我收藏+]

标签:indexof   flatten   HERE   because   parser   else   keyguard   win   ati   

   1 /*
   2  * Copyright (C) 2014 The Android Open Source Project
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License
  15  */
  16 
  17 package com.android.server.trust;
  18 
  19 import android.Manifest;
  20 import android.annotation.UserIdInt;
  21 import android.app.ActivityManager;
  22 import android.app.admin.DevicePolicyManager;
  23 import android.app.trust.ITrustListener;
  24 import android.app.trust.ITrustManager;
  25 import android.content.BroadcastReceiver;
  26 import android.content.ComponentName;
  27 import android.content.Context;
  28 import android.content.Intent;
  29 import android.content.IntentFilter;
  30 import android.content.pm.ApplicationInfo;
  31 import android.content.pm.PackageManager;
  32 import android.content.pm.ResolveInfo;
  33 import android.content.pm.UserInfo;
  34 import android.content.res.Resources;
  35 import android.content.res.TypedArray;
  36 import android.content.res.XmlResourceParser;
  37 import android.graphics.drawable.Drawable;
  38 import android.os.Binder;
  39 import android.os.Build;
  40 import android.os.DeadObjectException;
  41 import android.os.Handler;
  42 import android.os.IBinder;
  43 import android.os.Message;
  44 import android.os.PersistableBundle;
  45 import android.os.RemoteException;
  46 import android.os.SystemClock;
  47 import android.os.UserHandle;
  48 import android.os.UserManager;
  49 import android.os.storage.StorageManager;
  50 import android.provider.Settings;
  51 import android.service.trust.TrustAgentService;
  52 import android.text.TextUtils;
  53 import android.util.ArraySet;
  54 import android.util.AttributeSet;
  55 import android.util.Log;
  56 import android.util.Slog;
  57 import android.util.SparseBooleanArray;
  58 import android.util.Xml;
  59 import android.view.IWindowManager;
  60 import android.view.WindowManagerGlobal;
  61 import com.android.internal.annotations.GuardedBy;
  62 import com.android.internal.content.PackageMonitor;
  63 import com.android.internal.policy.IKeyguardDismissCallback;
  64 import com.android.internal.util.DumpUtils;
  65 import com.android.internal.widget.LockPatternUtils;
  66 import com.android.server.SystemService;
  67 import java.io.FileDescriptor;
  68 import java.io.IOException;
  69 import java.io.PrintWriter;
  70 import java.util.ArrayList;
  71 import java.util.List;
  72 import org.xmlpull.v1.XmlPullParser;
  73 import org.xmlpull.v1.XmlPullParserException;
  74 
  75 /**
  76  * Manages trust agents and trust listeners.
  77  *
  78  * It is responsible for binding to the enabled {@link android.service.trust.TrustAgentService}s
  79  * of each user and notifies them about events that are relevant to them.
  80  * It start and stops them based on the value of
  81  * {@link com.android.internal.widget.LockPatternUtils#getEnabledTrustAgents(int)}.
  82  *
  83  * It also keeps a set of {@link android.app.trust.ITrustListener}s that are notified whenever the
  84  * trust state changes for any user.
  85  *
  86  * Trust state and the setting of enabled agents is kept per user and each user has its own
  87  * instance of a {@link android.service.trust.TrustAgentService}.
  88  */
  89 public class TrustManagerService extends SystemService {
  90     private static final String TAG = "TrustManagerService";
  91     static final boolean DEBUG = Build.IS_DEBUGGABLE && Log.isLoggable(TAG, Log.VERBOSE);
  92 
  93     private static final Intent TRUST_AGENT_INTENT =
  94             new Intent(TrustAgentService.SERVICE_INTERFACE);
  95     private static final String PERMISSION_PROVIDE_AGENT = Manifest.permission.PROVIDE_TRUST_AGENT;
  96 
  97     private static final int MSG_REGISTER_LISTENER = 1;
  98     private static final int MSG_UNREGISTER_LISTENER = 2;
  99     private static final int MSG_DISPATCH_UNLOCK_ATTEMPT = 3;
 100     private static final int MSG_ENABLED_AGENTS_CHANGED = 4;
 101     private static final int MSG_KEYGUARD_SHOWING_CHANGED = 6;
 102     private static final int MSG_START_USER = 7;
 103     private static final int MSG_CLEANUP_USER = 8;
 104     private static final int MSG_SWITCH_USER = 9;
 105     private static final int MSG_FLUSH_TRUST_USUALLY_MANAGED = 10;
 106     private static final int MSG_UNLOCK_USER = 11;
 107     private static final int MSG_STOP_USER = 12;
 108     private static final int MSG_DISPATCH_UNLOCK_LOCKOUT = 13;
 109     private static final int MSG_REFRESH_DEVICE_LOCKED_FOR_USER = 14;
 110 
 111     private static final int TRUST_USUALLY_MANAGED_FLUSH_DELAY = 2 * 60 * 1000;
 112 
 113     private final ArraySet<AgentInfo> mActiveAgents = new ArraySet<>();
 114     private final ArrayList<ITrustListener> mTrustListeners = new ArrayList<>();
 115     private final Receiver mReceiver = new Receiver();
 116 
 117     /* package */ final TrustArchive mArchive = new TrustArchive();
 118     private final Context mContext;
 119     private final LockPatternUtils mLockPatternUtils;
 120     private final UserManager mUserManager;
 121     private final ActivityManager mActivityManager;
 122 
 123     @GuardedBy("mUserIsTrusted")
 124     private final SparseBooleanArray mUserIsTrusted = new SparseBooleanArray();
 125 
 126     @GuardedBy("mDeviceLockedForUser")
 127     private final SparseBooleanArray mDeviceLockedForUser = new SparseBooleanArray();
 128 
 129     @GuardedBy("mTrustUsuallyManagedForUser")
 130     private final SparseBooleanArray mTrustUsuallyManagedForUser = new SparseBooleanArray();
 131 
 132     // set to true only if user can skip bouncer
 133     @GuardedBy("mUsersUnlockedByFingerprint")
 134     private final SparseBooleanArray mUsersUnlockedByFingerprint = new SparseBooleanArray();
 135 
 136     private final StrongAuthTracker mStrongAuthTracker;
 137 
 138     private boolean mTrustAgentsCanRun = false;
 139     private int mCurrentUser = UserHandle.USER_SYSTEM;
 140 
 141     public TrustManagerService(Context context) {
 142         super(context);
 143         mContext = context;
 144         mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
 145         mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
 146         mLockPatternUtils = new LockPatternUtils(context);
 147         mStrongAuthTracker = new StrongAuthTracker(context);
 148     }
 149 
 150     @Override
 151     public void onStart() {
 152         publishBinderService(Context.TRUST_SERVICE, mService);
 153     }
 154 
 155     @Override
 156     public void onBootPhase(int phase) {
 157         if (isSafeMode()) {
 158             // No trust agents in safe mode.
 159             return;
 160         }
 161         if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) {
 162             mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true);
 163             mReceiver.register(mContext);
 164             mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker);
 165         } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) {
 166             mTrustAgentsCanRun = true;
 167             refreshAgentList(UserHandle.USER_ALL);
 168             refreshDeviceLockedForUser(UserHandle.USER_ALL);
 169         } else if (phase == SystemService.PHASE_BOOT_COMPLETED) {
 170             maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_SYSTEM);
 171         }
 172     }
 173 
 174     // Agent management
 175 
 176     private static final class AgentInfo {
 177         CharSequence label;
 178         Drawable icon;
 179         ComponentName component; // service that implements ITrustAgent
 180         SettingsAttrs settings; // setting to launch to modify agent.
 181         TrustAgentWrapper agent;
 182         int userId;
 183 
 184         @Override
 185         public boolean equals(Object other) {
 186             if (!(other instanceof AgentInfo)) {
 187                 return false;
 188             }
 189             AgentInfo o = (AgentInfo) other;
 190             return component.equals(o.component) && userId == o.userId;
 191         }
 192 
 193         @Override
 194         public int hashCode() {
 195             return component.hashCode() * 31 + userId;
 196         }
 197     }
 198 
 199     private void updateTrustAll() {
 200         List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
 201         for (UserInfo userInfo : userInfos) {
 202             updateTrust(userInfo.id, 0);
 203         }
 204     }
 205 
 206     public void updateTrust(int userId, int flags) {
 207         boolean managed = aggregateIsTrustManaged(userId);
 208         dispatchOnTrustManagedChanged(managed, userId);
 209         if (mStrongAuthTracker.isTrustAllowedForUser(userId)
 210                 && isTrustUsuallyManagedInternal(userId) != managed) {
 211             updateTrustUsuallyManaged(userId, managed);
 212         }
 213         boolean trusted = aggregateIsTrusted(userId);
 214         boolean changed;
 215         synchronized (mUserIsTrusted) {
 216             changed = mUserIsTrusted.get(userId) != trusted;
 217             mUserIsTrusted.put(userId, trusted);
 218         }
 219         dispatchOnTrustChanged(trusted, userId, flags);
 220         if (changed) {
 221             refreshDeviceLockedForUser(userId);
 222         }
 223     }
 224 
 225     private void updateTrustUsuallyManaged(int userId, boolean managed) {
 226         synchronized (mTrustUsuallyManagedForUser) {
 227             mTrustUsuallyManagedForUser.put(userId, managed);
 228         }
 229         // Wait a few minutes before committing to flash, in case the trust agent is transiently not
 230         // managing trust (crashed, needs to acknowledge DPM restrictions, etc).
 231         mHandler.removeMessages(MSG_FLUSH_TRUST_USUALLY_MANAGED);
 232         mHandler.sendMessageDelayed(
 233                 mHandler.obtainMessage(MSG_FLUSH_TRUST_USUALLY_MANAGED),
 234                 TRUST_USUALLY_MANAGED_FLUSH_DELAY);
 235     }
 236 
 237     public long addEscrowToken(byte[] token, int userId) {
 238         return mLockPatternUtils.addEscrowToken(token, userId);
 239     }
 240 
 241     public boolean removeEscrowToken(long handle, int userId) {
 242         return mLockPatternUtils.removeEscrowToken(handle, userId);
 243     }
 244 
 245     public boolean isEscrowTokenActive(long handle, int userId) {
 246         return mLockPatternUtils.isEscrowTokenActive(handle, userId);
 247     }
 248 
 249     public void unlockUserWithToken(long handle, byte[] token, int userId) {
 250         mLockPatternUtils.unlockUserWithToken(handle, token, userId);
 251     }
 252 
 253     void showKeyguardErrorMessage(CharSequence message) {
 254         dispatchOnTrustError(message);
 255     }
 256 
 257     void refreshAgentList(int userIdOrAll) {
 258         if (DEBUG) Slog.d(TAG, "refreshAgentList(" + userIdOrAll + ")");
 259         if (!mTrustAgentsCanRun) {
 260             return;
 261         }
 262         if (userIdOrAll != UserHandle.USER_ALL && userIdOrAll < UserHandle.USER_SYSTEM) {
 263             Log.e(TAG, "refreshAgentList(userId=" + userIdOrAll + "): Invalid user handle,"
 264                     + " must be USER_ALL or a specific user.", new Throwable("here"));
 265             userIdOrAll = UserHandle.USER_ALL;
 266         }
 267         PackageManager pm = mContext.getPackageManager();
 268 
 269         List<UserInfo> userInfos;
 270         if (userIdOrAll == UserHandle.USER_ALL) {
 271             userInfos = mUserManager.getUsers(true /* excludeDying */);
 272         } else {
 273             userInfos = new ArrayList<>();
 274             userInfos.add(mUserManager.getUserInfo(userIdOrAll));
 275         }
 276         LockPatternUtils lockPatternUtils = mLockPatternUtils;
 277 
 278         ArraySet<AgentInfo> obsoleteAgents = new ArraySet<>();
 279         obsoleteAgents.addAll(mActiveAgents);
 280 
 281         for (UserInfo userInfo : userInfos) {
 282             if (userInfo == null || userInfo.partial || !userInfo.isEnabled()
 283                     || userInfo.guestToRemove) continue;
 284             if (!userInfo.supportsSwitchToByUser()) {
 285                 if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id
 286                         + ": switchToByUser=false");
 287                 continue;
 288             }
 289             if (!mActivityManager.isUserRunning(userInfo.id)) {
 290                 if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id
 291                         + ": user not started");
 292                 continue;
 293             }
 294             if (!lockPatternUtils.isSecure(userInfo.id)) {
 295                 if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id
 296                         + ": no secure credential");
 297                 continue;
 298             }
 299 
 300             DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
 301             int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
 302             final boolean disableTrustAgents =
 303                     (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0;
 304 
 305             List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id);
 306             if (enabledAgents == null) {
 307                 if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id
 308                         + ": no agents enabled by user");
 309                 continue;
 310             }
 311             List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userInfo.id);
 312             for (ResolveInfo resolveInfo : resolveInfos) {
 313                 ComponentName name = getComponentName(resolveInfo);
 314 
 315                 if (!enabledAgents.contains(name)) {
 316                     if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping "
 317                             + name.flattenToShortString() + " u"+ userInfo.id
 318                             + ": not enabled by user");
 319                     continue;
 320                 }
 321                 if (disableTrustAgents) {
 322                     List<PersistableBundle> config =
 323                             dpm.getTrustAgentConfiguration(null /* admin */, name, userInfo.id);
 324                     // Disable agent if no features are enabled.
 325                     if (config == null || config.isEmpty()) {
 326                         if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping "
 327                                 + name.flattenToShortString() + " u"+ userInfo.id
 328                                 + ": not allowed by DPM");
 329                         continue;
 330                     }
 331                 }
 332                 AgentInfo agentInfo = new AgentInfo();
 333                 agentInfo.component = name;
 334                 agentInfo.userId = userInfo.id;
 335                 if (!mActiveAgents.contains(agentInfo)) {
 336                     agentInfo.label = resolveInfo.loadLabel(pm);
 337                     agentInfo.icon = resolveInfo.loadIcon(pm);
 338                     agentInfo.settings = getSettingsAttrs(pm, resolveInfo);
 339                 } else {
 340                     int index = mActiveAgents.indexOf(agentInfo);
 341                     agentInfo = mActiveAgents.valueAt(index);
 342                 }
 343 
 344                 boolean directUnlock = resolveInfo.serviceInfo.directBootAware
 345                     && agentInfo.settings.canUnlockProfile;
 346 
 347                 if (directUnlock) {
 348                     if (DEBUG) Slog.d(TAG, "refreshAgentList: trustagent " + name
 349                             + "of user " + userInfo.id + "can unlock user profile.");
 350                 }
 351 
 352                 if (!mUserManager.isUserUnlockingOrUnlocked(userInfo.id)
 353                         && !directUnlock) {
 354                     if (DEBUG) Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id
 355                             + "‘s trust agent " + name + ": FBE still locked and "
 356                             + " the agent cannot unlock user profile.");
 357                     continue;
 358                 }
 359 
 360                 if (!mStrongAuthTracker.canAgentsRunForUser(userInfo.id)) {
 361                     int flag = mStrongAuthTracker.getStrongAuthForUser(userInfo.id);
 362                     if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT) {
 363                         if (flag != StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_BOOT
 364                             || !directUnlock) {
 365                             if (DEBUG)
 366                                 Slog.d(TAG, "refreshAgentList: skipping user " + userInfo.id
 367                                     + ": prevented by StrongAuthTracker = 0x"
 368                                     + Integer.toHexString(mStrongAuthTracker.getStrongAuthForUser(
 369                                     userInfo.id)));
 370                             continue;
 371                         }
 372                     }
 373                 }
 374 
 375                 if (agentInfo.agent == null) {
 376                     agentInfo.agent = new TrustAgentWrapper(mContext, this,
 377                             new Intent().setComponent(name), userInfo.getUserHandle());
 378                 }
 379 
 380                 if (!mActiveAgents.contains(agentInfo)) {
 381                     mActiveAgents.add(agentInfo);
 382                 } else {
 383                     obsoleteAgents.remove(agentInfo);
 384                 }
 385             }
 386         }
 387 
 388         boolean trustMayHaveChanged = false;
 389         for (int i = 0; i < obsoleteAgents.size(); i++) {
 390             AgentInfo info = obsoleteAgents.valueAt(i);
 391             if (userIdOrAll == UserHandle.USER_ALL || userIdOrAll == info.userId) {
 392                 if (info.agent.isManagingTrust()) {
 393                     trustMayHaveChanged = true;
 394                 }
 395                 info.agent.destroy();
 396                 mActiveAgents.remove(info);
 397             }
 398         }
 399 
 400         if (trustMayHaveChanged) {
 401             if (userIdOrAll == UserHandle.USER_ALL) {
 402                 updateTrustAll();
 403             } else {
 404                 updateTrust(userIdOrAll, 0);
 405             }
 406         }
 407     }
 408 
 409     boolean isDeviceLockedInner(int userId) {
 410         synchronized (mDeviceLockedForUser) {
 411             return mDeviceLockedForUser.get(userId, true);
 412         }
 413     }
 414 
 415     private void refreshDeviceLockedForUser(int userId) {
 416         if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_SYSTEM) {
 417             Log.e(TAG, "refreshDeviceLockedForUser(userId=" + userId + "): Invalid user handle,"
 418                     + " must be USER_ALL or a specific user.", new Throwable("here"));
 419             userId = UserHandle.USER_ALL;
 420         }
 421         List<UserInfo> userInfos;
 422         if (userId == UserHandle.USER_ALL) {
 423             userInfos = mUserManager.getUsers(true /* excludeDying */);
 424         } else {
 425             userInfos = new ArrayList<>();
 426             userInfos.add(mUserManager.getUserInfo(userId));
 427         }
 428 
 429         IWindowManager wm = WindowManagerGlobal.getWindowManagerService();
 430 
 431         for (int i = 0; i < userInfos.size(); i++) {
 432             UserInfo info = userInfos.get(i);
 433 
 434             if (info == null || info.partial || !info.isEnabled() || info.guestToRemove
 435                     || !info.supportsSwitchToByUser()) {
 436                 continue;
 437             }
 438 
 439             int id = info.id;
 440             boolean secure = mLockPatternUtils.isSecure(id);
 441             boolean trusted = aggregateIsTrusted(id);
 442             boolean showingKeyguard = true;
 443             boolean fingerprintAuthenticated = false;
 444 
 445             if (mCurrentUser == id) {
 446                 synchronized(mUsersUnlockedByFingerprint) {
 447                     fingerprintAuthenticated = mUsersUnlockedByFingerprint.get(id, false);
 448                 }
 449                 try {
 450                     showingKeyguard = wm.isKeyguardLocked();
 451                 } catch (RemoteException e) {
 452                 }
 453             }
 454             boolean deviceLocked = secure && showingKeyguard && !trusted &&
 455                     !fingerprintAuthenticated;
 456             setDeviceLockedForUser(id, deviceLocked);
 457         }
 458     }
 459 
 460     private void setDeviceLockedForUser(@UserIdInt int userId, boolean locked) {
 461         final boolean changed;
 462         synchronized (mDeviceLockedForUser) {
 463             changed = isDeviceLockedInner(userId) != locked;
 464             mDeviceLockedForUser.put(userId, locked);
 465         }
 466         if (changed) {
 467             dispatchDeviceLocked(userId, locked);
 468         }
 469     }
 470 
 471     private void dispatchDeviceLocked(int userId, boolean isLocked) {
 472         for (int i = 0; i < mActiveAgents.size(); i++) {
 473             AgentInfo agent = mActiveAgents.valueAt(i);
 474             if (agent.userId == userId) {
 475                 if (isLocked) {
 476                     agent.agent.onDeviceLocked();
 477                 } else{
 478                     agent.agent.onDeviceUnlocked();
 479                 }
 480             }
 481         }
 482     }
 483 
 484     void updateDevicePolicyFeatures() {
 485         boolean changed = false;
 486         for (int i = 0; i < mActiveAgents.size(); i++) {
 487             AgentInfo info = mActiveAgents.valueAt(i);
 488             if (info.agent.isConnected()) {
 489                 info.agent.updateDevicePolicyFeatures();
 490                 changed = true;
 491             }
 492         }
 493         if (changed) {
 494             mArchive.logDevicePolicyChanged();
 495         }
 496     }
 497 
 498     private void removeAgentsOfPackage(String packageName) {
 499         boolean trustMayHaveChanged = false;
 500         for (int i = mActiveAgents.size() - 1; i >= 0; i--) {
 501             AgentInfo info = mActiveAgents.valueAt(i);
 502             if (packageName.equals(info.component.getPackageName())) {
 503                 Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());
 504                 if (info.agent.isManagingTrust()) {
 505                     trustMayHaveChanged = true;
 506                 }
 507                 info.agent.destroy();
 508                 mActiveAgents.removeAt(i);
 509             }
 510         }
 511         if (trustMayHaveChanged) {
 512             updateTrustAll();
 513         }
 514     }
 515 
 516     public void resetAgent(ComponentName name, int userId) {
 517         boolean trustMayHaveChanged = false;
 518         for (int i = mActiveAgents.size() - 1; i >= 0; i--) {
 519             AgentInfo info = mActiveAgents.valueAt(i);
 520             if (name.equals(info.component) && userId == info.userId) {
 521                 Log.i(TAG, "Resetting agent " + info.component.flattenToShortString());
 522                 if (info.agent.isManagingTrust()) {
 523                     trustMayHaveChanged = true;
 524                 }
 525                 info.agent.destroy();
 526                 mActiveAgents.removeAt(i);
 527             }
 528         }
 529         if (trustMayHaveChanged) {
 530             updateTrust(userId, 0);
 531         }
 532         refreshAgentList(userId);
 533     }
 534 
 535     private SettingsAttrs getSettingsAttrs(PackageManager pm, ResolveInfo resolveInfo) {
 536         if (resolveInfo == null || resolveInfo.serviceInfo == null
 537                 || resolveInfo.serviceInfo.metaData == null) return null;
 538         String cn = null;
 539         boolean canUnlockProfile = false;
 540 
 541         XmlResourceParser parser = null;
 542         Exception caughtException = null;
 543         try {
 544             parser = resolveInfo.serviceInfo.loadXmlMetaData(pm,
 545                     TrustAgentService.TRUST_AGENT_META_DATA);
 546             if (parser == null) {
 547                 Slog.w(TAG, "Can‘t find " + TrustAgentService.TRUST_AGENT_META_DATA + " meta-data");
 548                 return null;
 549             }
 550             Resources res = pm.getResourcesForApplication(resolveInfo.serviceInfo.applicationInfo);
 551             AttributeSet attrs = Xml.asAttributeSet(parser);
 552             int type;
 553             while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
 554                     && type != XmlPullParser.START_TAG) {
 555                 // Drain preamble.
 556             }
 557             String nodeName = parser.getName();
 558             if (!"trust-agent".equals(nodeName)) {
 559                 Slog.w(TAG, "Meta-data does not start with trust-agent tag");
 560                 return null;
 561             }
 562             TypedArray sa = res
 563                     .obtainAttributes(attrs, com.android.internal.R.styleable.TrustAgent);
 564             cn = sa.getString(com.android.internal.R.styleable.TrustAgent_settingsActivity);
 565             canUnlockProfile = sa.getBoolean(
 566                     com.android.internal.R.styleable.TrustAgent_unlockProfile, false);
 567             sa.recycle();
 568         } catch (PackageManager.NameNotFoundException e) {
 569             caughtException = e;
 570         } catch (IOException e) {
 571             caughtException = e;
 572         } catch (XmlPullParserException e) {
 573             caughtException = e;
 574         } finally {
 575             if (parser != null) parser.close();
 576         }
 577         if (caughtException != null) {
 578             Slog.w(TAG, "Error parsing : " + resolveInfo.serviceInfo.packageName, caughtException);
 579             return null;
 580         }
 581         if (cn == null) {
 582             return null;
 583         }
 584         if (cn.indexOf(‘/‘) < 0) {
 585             cn = resolveInfo.serviceInfo.packageName + "/" + cn;
 586         }
 587         return new SettingsAttrs(ComponentName.unflattenFromString(cn), canUnlockProfile);
 588     }
 589 
 590     private ComponentName getComponentName(ResolveInfo resolveInfo) {
 591         if (resolveInfo == null || resolveInfo.serviceInfo == null) return null;
 592         return new ComponentName(resolveInfo.serviceInfo.packageName, resolveInfo.serviceInfo.name);
 593     }
 594 
 595     private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) {
 596         if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(),
 597                 Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) {
 598             return;
 599         }
 600         PackageManager pm = mContext.getPackageManager();
 601         List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);
 602         ComponentName defaultAgent = getDefaultFactoryTrustAgent(mContext);
 603         boolean shouldUseDefaultAgent = defaultAgent != null;
 604         ArraySet<ComponentName> discoveredAgents = new ArraySet<>();
 605 
 606         if (shouldUseDefaultAgent) {
 607             discoveredAgents.add(defaultAgent);
 608             Log.i(TAG, "Enabling " + defaultAgent + " because it is a default agent.");
 609         } else { // A default agent is not set; perform regular trust agent discovery
 610             for (ResolveInfo resolveInfo : resolveInfos) {
 611                 ComponentName componentName = getComponentName(resolveInfo);
 612                 int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags;
 613                 if ((applicationInfoFlags & ApplicationInfo.FLAG_SYSTEM) == 0) {
 614                     Log.i(TAG, "Leaving agent " + componentName + " disabled because package "
 615                             + "is not a system package.");
 616                     continue;
 617                 }
 618                 discoveredAgents.add(componentName);
 619             }
 620         }
 621 
 622         List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);
 623         if (previouslyEnabledAgents != null) {
 624             discoveredAgents.addAll(previouslyEnabledAgents);
 625         }
 626         utils.setEnabledTrustAgents(discoveredAgents, userId);
 627         Settings.Secure.putIntForUser(mContext.getContentResolver(),
 628                 Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId);
 629     }
 630 
 631     /**
 632      * Returns the {@link ComponentName} for the default trust agent, or {@code null} if there
 633      * is no trust agent set.
 634      */
 635     private static ComponentName getDefaultFactoryTrustAgent(Context context) {
 636         String defaultTrustAgent = context.getResources()
 637             .getString(com.android.internal.R.string.config_defaultTrustAgent);
 638         if (TextUtils.isEmpty(defaultTrustAgent)) {
 639             return null;
 640         }
 641         return ComponentName.unflattenFromString(defaultTrustAgent);
 642     }
 643 
 644     private List<ResolveInfo> resolveAllowedTrustAgents(PackageManager pm, int userId) {
 645         List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT,
 646                 PackageManager.GET_META_DATA |
 647                 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,
 648                 userId);
 649         ArrayList<ResolveInfo> allowedAgents = new ArrayList<>(resolveInfos.size());
 650         for (ResolveInfo resolveInfo : resolveInfos) {
 651             if (resolveInfo.serviceInfo == null) continue;
 652             if (resolveInfo.serviceInfo.applicationInfo == null) continue;
 653             String packageName = resolveInfo.serviceInfo.packageName;
 654             if (pm.checkPermission(PERMISSION_PROVIDE_AGENT, packageName)
 655                     != PackageManager.PERMISSION_GRANTED) {
 656                 ComponentName name = getComponentName(resolveInfo);
 657                 Log.w(TAG, "Skipping agent " + name + " because package does not have"
 658                         + " permission " + PERMISSION_PROVIDE_AGENT + ".");
 659                 continue;
 660             }
 661             allowedAgents.add(resolveInfo);
 662         }
 663         return allowedAgents;
 664     }
 665 
 666     // Agent dispatch and aggregation
 667 
 668     private boolean aggregateIsTrusted(int userId) {
 669         if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {
 670             return false;
 671         }
 672         for (int i = 0; i < mActiveAgents.size(); i++) {
 673             AgentInfo info = mActiveAgents.valueAt(i);
 674             if (info.userId == userId) {
 675                 if (info.agent.isTrusted()) {
 676                     return true;
 677                 }
 678             }
 679         }
 680         return false;
 681     }
 682 
 683     private boolean aggregateIsTrustManaged(int userId) {
 684         if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {
 685             return false;
 686         }
 687         for (int i = 0; i < mActiveAgents.size(); i++) {
 688             AgentInfo info = mActiveAgents.valueAt(i);
 689             if (info.userId == userId) {
 690                 if (info.agent.isManagingTrust()) {
 691                     return true;
 692                 }
 693             }
 694         }
 695         return false;
 696     }
 697 
 698     private void dispatchUnlockAttempt(boolean successful, int userId) {
 699         if (successful) {
 700             mStrongAuthTracker.allowTrustFromUnlock(userId);
 701         }
 702 
 703         for (int i = 0; i < mActiveAgents.size(); i++) {
 704             AgentInfo info = mActiveAgents.valueAt(i);
 705             if (info.userId == userId) {
 706                 info.agent.onUnlockAttempt(successful);
 707             }
 708         }
 709     }
 710 
 711     private void dispatchUnlockLockout(int timeoutMs, int userId) {
 712         for (int i = 0; i < mActiveAgents.size(); i++) {
 713             AgentInfo info = mActiveAgents.valueAt(i);
 714             if (info.userId == userId) {
 715                 info.agent.onUnlockLockout(timeoutMs);
 716             }
 717         }
 718     }
 719 
 720     // Listeners
 721 
 722     private void addListener(ITrustListener listener) {
 723         for (int i = 0; i < mTrustListeners.size(); i++) {
 724             if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {
 725                 return;
 726             }
 727         }
 728         mTrustListeners.add(listener);
 729         updateTrustAll();
 730     }
 731 
 732     private void removeListener(ITrustListener listener) {
 733         for (int i = 0; i < mTrustListeners.size(); i++) {
 734             if (mTrustListeners.get(i).asBinder() == listener.asBinder()) {
 735                 mTrustListeners.remove(i);
 736                 return;
 737             }
 738         }
 739     }
 740 
 741     private void dispatchOnTrustChanged(boolean enabled, int userId, int flags) {
 742         if (DEBUG) {
 743             Log.i(TAG, "onTrustChanged(" + enabled + ", " + userId + ", 0x"
 744                     + Integer.toHexString(flags) + ")");
 745         }
 746         if (!enabled) flags = 0;
 747         for (int i = 0; i < mTrustListeners.size(); i++) {
 748             try {
 749                 mTrustListeners.get(i).onTrustChanged(enabled, userId, flags);
 750             } catch (DeadObjectException e) {
 751                 Slog.d(TAG, "Removing dead TrustListener.");
 752                 mTrustListeners.remove(i);
 753                 i--;
 754             } catch (RemoteException e) {
 755                 Slog.e(TAG, "Exception while notifying TrustListener.", e);
 756             }
 757         }
 758     }
 759 
 760     private void dispatchOnTrustManagedChanged(boolean managed, int userId) {
 761         if (DEBUG) {
 762             Log.i(TAG, "onTrustManagedChanged(" + managed + ", " + userId + ")");
 763         }
 764         for (int i = 0; i < mTrustListeners.size(); i++) {
 765             try {
 766                 mTrustListeners.get(i).onTrustManagedChanged(managed, userId);
 767             } catch (DeadObjectException e) {
 768                 Slog.d(TAG, "Removing dead TrustListener.");
 769                 mTrustListeners.remove(i);
 770                 i--;
 771             } catch (RemoteException e) {
 772                 Slog.e(TAG, "Exception while notifying TrustListener.", e);
 773             }
 774         }
 775     }
 776 
 777     private void dispatchOnTrustError(CharSequence message) {
 778         if (DEBUG) {
 779             Log.i(TAG, "onTrustError(" + message + ")");
 780         }
 781         for (int i = 0; i < mTrustListeners.size(); i++) {
 782             try {
 783                 mTrustListeners.get(i).onTrustError(message);
 784             } catch (DeadObjectException e) {
 785                 Slog.d(TAG, "Removing dead TrustListener.");
 786                 mTrustListeners.remove(i);
 787                 i--;
 788             } catch (RemoteException e) {
 789                 Slog.e(TAG, "Exception while notifying TrustListener.", e);
 790             }
 791         }
 792     }
 793 
 794     // User lifecycle
 795 
 796     @Override
 797     public void onStartUser(int userId) {
 798         mHandler.obtainMessage(MSG_START_USER, userId, 0, null).sendToTarget();
 799     }
 800 
 801     @Override
 802     public void onCleanupUser(int userId) {
 803         mHandler.obtainMessage(MSG_CLEANUP_USER, userId, 0, null).sendToTarget();
 804     }
 805 
 806     @Override
 807     public void onSwitchUser(int userId) {
 808         mHandler.obtainMessage(MSG_SWITCH_USER, userId, 0, null).sendToTarget();
 809     }
 810 
 811     @Override
 812     public void onUnlockUser(int userId) {
 813         mHandler.obtainMessage(MSG_UNLOCK_USER, userId, 0, null).sendToTarget();
 814     }
 815 
 816     @Override
 817     public void onStopUser(@UserIdInt int userId) {
 818         mHandler.obtainMessage(MSG_STOP_USER, userId, 0, null).sendToTarget();
 819     }
 820 
 821     // Plumbing
 822 
 823     private final IBinder mService = new ITrustManager.Stub() {
 824         @Override
 825         public void reportUnlockAttempt(boolean authenticated, int userId) throws RemoteException {
 826             enforceReportPermission();
 827             mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_ATTEMPT, authenticated ? 1 : 0, userId)
 828                     .sendToTarget();
 829         }
 830 
 831         @Override
 832         public void reportUnlockLockout(int timeoutMs, int userId) throws RemoteException {
 833             enforceReportPermission();
 834             mHandler.obtainMessage(MSG_DISPATCH_UNLOCK_LOCKOUT, timeoutMs, userId)
 835                     .sendToTarget();
 836         }
 837 
 838         @Override
 839         public void reportEnabledTrustAgentsChanged(int userId) throws RemoteException {
 840             enforceReportPermission();
 841             // coalesce refresh messages.
 842             mHandler.removeMessages(MSG_ENABLED_AGENTS_CHANGED);
 843             mHandler.sendEmptyMessage(MSG_ENABLED_AGENTS_CHANGED);
 844         }
 845 
 846         @Override
 847         public void reportKeyguardShowingChanged() throws RemoteException {
 848             enforceReportPermission();
 849             // coalesce refresh messages.
 850             mHandler.removeMessages(MSG_KEYGUARD_SHOWING_CHANGED);
 851             mHandler.sendEmptyMessage(MSG_KEYGUARD_SHOWING_CHANGED);
 852 
 853             // Make sure handler processes the message before returning, such that isDeviceLocked
 854             // after this call will retrieve the correct value.
 855             mHandler.runWithScissors(() -> {}, 0);
 856         }
 857 
 858         @Override
 859         public void registerTrustListener(ITrustListener trustListener) throws RemoteException {
 860             enforceListenerPermission();
 861             mHandler.obtainMessage(MSG_REGISTER_LISTENER, trustListener).sendToTarget();
 862         }
 863 
 864         @Override
 865         public void unregisterTrustListener(ITrustListener trustListener) throws RemoteException {
 866             enforceListenerPermission();
 867             mHandler.obtainMessage(MSG_UNREGISTER_LISTENER, trustListener).sendToTarget();
 868         }
 869 
 870         @Override
 871         public boolean isDeviceLocked(int userId) throws RemoteException {
 872             userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
 873                     false /* allowAll */, true /* requireFull */, "isDeviceLocked", null);
 874 
 875             long token = Binder.clearCallingIdentity();
 876             try {
 877                 if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
 878                     userId = resolveProfileParent(userId);
 879                 }
 880                 return isDeviceLockedInner(userId);
 881             } finally {
 882                 Binder.restoreCallingIdentity(token);
 883             }
 884         }
 885 
 886         @Override
 887         public boolean isDeviceSecure(int userId) throws RemoteException {
 888             userId = ActivityManager.handleIncomingUser(getCallingPid(), getCallingUid(), userId,
 889                     false /* allowAll */, true /* requireFull */, "isDeviceSecure", null);
 890 
 891             long token = Binder.clearCallingIdentity();
 892             try {
 893                 if (!mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
 894                     userId = resolveProfileParent(userId);
 895                 }
 896                 return mLockPatternUtils.isSecure(userId);
 897             } finally {
 898                 Binder.restoreCallingIdentity(token);
 899             }
 900         }
 901 
 902         private void enforceReportPermission() {
 903             mContext.enforceCallingOrSelfPermission(
 904                     Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
 905         }
 906 
 907         private void enforceListenerPermission() {
 908             mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER,
 909                     "register trust listener");
 910         }
 911 
 912         @Override
 913         protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) {
 914             if (!DumpUtils.checkDumpPermission(mContext, TAG, fout)) return;
 915             if (isSafeMode()) {
 916                 fout.println("disabled because the system is in safe mode.");
 917                 return;
 918             }
 919             if (!mTrustAgentsCanRun) {
 920                 fout.println("disabled because the third-party apps can‘t run yet.");
 921                 return;
 922             }
 923             final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
 924             mHandler.runWithScissors(new Runnable() {
 925                 @Override
 926                 public void run() {
 927                     fout.println("Trust manager state:");
 928                     for (UserInfo user : userInfos) {
 929                         dumpUser(fout, user, user.id == mCurrentUser);
 930                     }
 931                 }
 932             }, 1500);
 933         }
 934 
 935         private void dumpUser(PrintWriter fout, UserInfo user, boolean isCurrent) {
 936             fout.printf(" User \"%s\" (id=%d, flags=%#x)",
 937                     user.name, user.id, user.flags);
 938             if (!user.supportsSwitchToByUser()) {
 939                 fout.println("(managed profile)");
 940                 fout.println("   disabled because switching to this user is not possible.");
 941                 return;
 942             }
 943             if (isCurrent) {
 944                 fout.print(" (current)");
 945             }
 946             fout.print(": trusted=" + dumpBool(aggregateIsTrusted(user.id)));
 947             fout.print(", trustManaged=" + dumpBool(aggregateIsTrustManaged(user.id)));
 948             fout.print(", deviceLocked=" + dumpBool(isDeviceLockedInner(user.id)));
 949             fout.print(", strongAuthRequired=" + dumpHex(
 950                     mStrongAuthTracker.getStrongAuthForUser(user.id)));
 951             fout.println();
 952             fout.println("   Enabled agents:");
 953             boolean duplicateSimpleNames = false;
 954             ArraySet<String> simpleNames = new ArraySet<String>();
 955             for (AgentInfo info : mActiveAgents) {
 956                 if (info.userId != user.id) { continue; }
 957                 boolean trusted = info.agent.isTrusted();
 958                 fout.print("    "); fout.println(info.component.flattenToShortString());
 959                 fout.print("     bound=" + dumpBool(info.agent.isBound()));
 960                 fout.print(", connected=" + dumpBool(info.agent.isConnected()));
 961                 fout.print(", managingTrust=" + dumpBool(info.agent.isManagingTrust()));
 962                 fout.print(", trusted=" + dumpBool(trusted));
 963                 fout.println();
 964                 if (trusted) {
 965                     fout.println("      message=\"" + info.agent.getMessage() + "\"");
 966                 }
 967                 if (!info.agent.isConnected()) {
 968                     String restartTime = TrustArchive.formatDuration(
 969                             info.agent.getScheduledRestartUptimeMillis()
 970                                     - SystemClock.uptimeMillis());
 971                     fout.println("      restartScheduledAt=" + restartTime);
 972                 }
 973                 if (!simpleNames.add(TrustArchive.getSimpleName(info.component))) {
 974                     duplicateSimpleNames = true;
 975                 }
 976             }
 977             fout.println("   Events:");
 978             mArchive.dump(fout, 50, user.id, "    " /* linePrefix */, duplicateSimpleNames);
 979             fout.println();
 980         }
 981 
 982         private String dumpBool(boolean b) {
 983             return b ? "1" : "0";
 984         }
 985 
 986         private String dumpHex(int i) {
 987             return "0x" + Integer.toHexString(i);
 988         }
 989 
 990         @Override
 991         public void setDeviceLockedForUser(int userId, boolean locked) {
 992             enforceReportPermission();
 993             final long identity = Binder.clearCallingIdentity();
 994             try {
 995                 if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
 996                     synchronized (mDeviceLockedForUser) {
 997                         mDeviceLockedForUser.put(userId, locked);
 998                     }
 999                     if (locked) {
1000                         try {
1001                             ActivityManager.getService().notifyLockedProfile(userId);
1002                         } catch (RemoteException e) {
1003                         }
1004                     }
1005                     final Intent lockIntent = new Intent(Intent.ACTION_DEVICE_LOCKED_CHANGED);
1006                     lockIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
1007                     lockIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
1008                     mContext.sendBroadcastAsUser(lockIntent, UserHandle.SYSTEM,
1009                             Manifest.permission.TRUST_LISTENER, /* options */ null);
1010                 }
1011             } finally {
1012                 Binder.restoreCallingIdentity(identity);
1013             }
1014         }
1015 
1016         @Override
1017         public boolean isTrustUsuallyManaged(int userId) {
1018             mContext.enforceCallingPermission(Manifest.permission.TRUST_LISTENER,
1019                     "query trust state");
1020             return isTrustUsuallyManagedInternal(userId);
1021         }
1022 
1023         @Override
1024         public void unlockedByFingerprintForUser(int userId) {
1025             enforceReportPermission();
1026             synchronized(mUsersUnlockedByFingerprint) {
1027                 mUsersUnlockedByFingerprint.put(userId, true);
1028             }
1029             mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, userId,
1030                     0 /* arg2 */).sendToTarget();
1031         }
1032 
1033         @Override
1034         public void clearAllFingerprints() {
1035             enforceReportPermission();
1036             synchronized(mUsersUnlockedByFingerprint) {
1037                 mUsersUnlockedByFingerprint.clear();
1038             }
1039             mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, UserHandle.USER_ALL,
1040                     0 /* arg2 */).sendToTarget();
1041         }
1042     };
1043 
1044     private boolean isTrustUsuallyManagedInternal(int userId) {
1045         synchronized (mTrustUsuallyManagedForUser) {
1046             int i = mTrustUsuallyManagedForUser.indexOfKey(userId);
1047             if (i >= 0) {
1048                 return mTrustUsuallyManagedForUser.valueAt(i);
1049             }
1050         }
1051         // It‘s not in memory yet, get the value from persisted storage instead
1052         boolean persistedValue = mLockPatternUtils.isTrustUsuallyManaged(userId);
1053         synchronized (mTrustUsuallyManagedForUser) {
1054             int i = mTrustUsuallyManagedForUser.indexOfKey(userId);
1055             if (i >= 0) {
1056                 // Someone set the trust usually managed in the mean time. Better use that.
1057                 return mTrustUsuallyManagedForUser.valueAt(i);
1058             } else {
1059                 // .. otherwise it‘s safe to cache the fetched value now.
1060                 mTrustUsuallyManagedForUser.put(userId, persistedValue);
1061                 return persistedValue;
1062             }
1063         }
1064     }
1065 
1066     private int resolveProfileParent(int userId) {
1067         long identity = Binder.clearCallingIdentity();
1068         try {
1069             UserInfo parent = mUserManager.getProfileParent(userId);
1070             if (parent != null) {
1071                 return parent.getUserHandle().getIdentifier();
1072             }
1073             return userId;
1074         } finally {
1075             Binder.restoreCallingIdentity(identity);
1076         }
1077     }
1078 
1079     private final Handler mHandler = new Handler() {
1080         @Override
1081         public void handleMessage(Message msg) {
1082             switch (msg.what) {
1083                 case MSG_REGISTER_LISTENER:
1084                     addListener((ITrustListener) msg.obj);
1085                     break;
1086                 case MSG_UNREGISTER_LISTENER:
1087                     removeListener((ITrustListener) msg.obj);
1088                     break;
1089                 case MSG_DISPATCH_UNLOCK_ATTEMPT:
1090                     dispatchUnlockAttempt(msg.arg1 != 0, msg.arg2);
1091                     break;
1092                 case MSG_DISPATCH_UNLOCK_LOCKOUT:
1093                     dispatchUnlockLockout(msg.arg1, msg.arg2);
1094                     break;
1095                 case MSG_ENABLED_AGENTS_CHANGED:
1096                     refreshAgentList(UserHandle.USER_ALL);
1097                     // This is also called when the security mode of a user changes.
1098                     refreshDeviceLockedForUser(UserHandle.USER_ALL);
1099                     break;
1100                 case MSG_KEYGUARD_SHOWING_CHANGED:
1101                     refreshDeviceLockedForUser(mCurrentUser);
1102                     break;
1103                 case MSG_START_USER:
1104                 case MSG_CLEANUP_USER:
1105                 case MSG_UNLOCK_USER:
1106                     refreshAgentList(msg.arg1);
1107                     break;
1108                 case MSG_SWITCH_USER:
1109                     mCurrentUser = msg.arg1;
1110                     refreshDeviceLockedForUser(UserHandle.USER_ALL);
1111                     break;
1112                 case MSG_STOP_USER:
1113                     setDeviceLockedForUser(msg.arg1, true);
1114                     break;
1115                 case MSG_FLUSH_TRUST_USUALLY_MANAGED:
1116                     SparseBooleanArray usuallyManaged;
1117                     synchronized (mTrustUsuallyManagedForUser) {
1118                         usuallyManaged = mTrustUsuallyManagedForUser.clone();
1119                     }
1120 
1121                     for (int i = 0; i < usuallyManaged.size(); i++) {
1122                         int userId = usuallyManaged.keyAt(i);
1123                         boolean value = usuallyManaged.valueAt(i);
1124                         if (value != mLockPatternUtils.isTrustUsuallyManaged(userId)) {
1125                             mLockPatternUtils.setTrustUsuallyManaged(value, userId);
1126                         }
1127                     }
1128                     break;
1129                 case MSG_REFRESH_DEVICE_LOCKED_FOR_USER:
1130                     refreshDeviceLockedForUser(msg.arg1);
1131                     break;
1132             }
1133         }
1134     };
1135 
1136     private final PackageMonitor mPackageMonitor = new PackageMonitor() {
1137         @Override
1138         public void onSomePackagesChanged() {
1139             refreshAgentList(UserHandle.USER_ALL);
1140         }
1141 
1142         @Override
1143         public boolean onPackageChanged(String packageName, int uid, String[] components) {
1144             // We‘re interested in all changes, even if just some components get enabled / disabled.
1145             return true;
1146         }
1147 
1148         @Override
1149         public void onPackageDisappeared(String packageName, int reason) {
1150             removeAgentsOfPackage(packageName);
1151         }
1152     };
1153 
1154     private static class SettingsAttrs {
1155         public ComponentName componentName;
1156         public boolean canUnlockProfile;
1157 
1158         public SettingsAttrs(
1159                 ComponentName componentName,
1160                 boolean canUnlockProfile) {
1161             this.componentName = componentName;
1162             this.canUnlockProfile = canUnlockProfile;
1163         }
1164     };
1165 
1166     private class Receiver extends BroadcastReceiver {
1167 
1168         @Override
1169         public void onReceive(Context context, Intent intent) {
1170             String action = intent.getAction();
1171             if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals(action)) {
1172                 refreshAgentList(getSendingUserId());
1173                 updateDevicePolicyFeatures();
1174             } else if (Intent.ACTION_USER_ADDED.equals(action)) {
1175                 int userId = getUserId(intent);
1176                 if (userId > 0) {
1177                     maybeEnableFactoryTrustAgents(mLockPatternUtils, userId);
1178                 }
1179             } else if (Intent.ACTION_USER_REMOVED.equals(action)) {
1180                 int userId = getUserId(intent);
1181                 if (userId > 0) {
1182                     synchronized (mUserIsTrusted) {
1183                         mUserIsTrusted.delete(userId);
1184                     }
1185                     synchronized (mDeviceLockedForUser) {
1186                         mDeviceLockedForUser.delete(userId);
1187                     }
1188                     synchronized (mTrustUsuallyManagedForUser) {
1189                         mTrustUsuallyManagedForUser.delete(userId);
1190                     }
1191                     synchronized (mUsersUnlockedByFingerprint) {
1192                         mUsersUnlockedByFingerprint.delete(userId);
1193                     }
1194                     refreshAgentList(userId);
1195                     refreshDeviceLockedForUser(userId);
1196                 }
1197             }
1198         }
1199 
1200         private int getUserId(Intent intent) {
1201             int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -100);
1202             if (userId > 0) {
1203                 return userId;
1204             } else {
1205                 Slog.wtf(TAG, "EXTRA_USER_HANDLE missing or invalid, value=" + userId);
1206                 return -100;
1207             }
1208         }
1209 
1210         public void register(Context context) {
1211             IntentFilter filter = new IntentFilter();
1212             filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED);
1213             filter.addAction(Intent.ACTION_USER_ADDED);
1214             filter.addAction(Intent.ACTION_USER_REMOVED);
1215             context.registerReceiverAsUser(this,
1216                     UserHandle.ALL,
1217                     filter,
1218                     null /* permission */,
1219                     null /* scheduler */);
1220         }
1221     }
1222 
1223     private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker {
1224 
1225         SparseBooleanArray mStartFromSuccessfulUnlock = new SparseBooleanArray();
1226 
1227         public StrongAuthTracker(Context context) {
1228             super(context);
1229         }
1230 
1231         @Override
1232         public void onStrongAuthRequiredChanged(int userId) {
1233             mStartFromSuccessfulUnlock.delete(userId);
1234 
1235             if (DEBUG) {
1236                 Log.i(TAG, "onStrongAuthRequiredChanged(" + userId + ") ->"
1237                         + " trustAllowed=" + isTrustAllowedForUser(userId)
1238                         + " agentsCanRun=" + canAgentsRunForUser(userId));
1239             }
1240 
1241             refreshAgentList(userId);
1242 
1243             // The list of active trust agents may not have changed, if there was a previous call
1244             // to allowTrustFromUnlock, so we update the trust here too.
1245             updateTrust(userId, 0 /* flags */);
1246         }
1247 
1248         boolean canAgentsRunForUser(int userId) {
1249             return mStartFromSuccessfulUnlock.get(userId)
1250                     || super.isTrustAllowedForUser(userId);
1251         }
1252 
1253         /**
1254          * Temporarily suppress strong auth requirements for {@param userId} until strong auth
1255          * changes again. Must only be called when we know about a successful unlock already
1256          * before the underlying StrongAuthTracker.
1257          *
1258          * Note that this only changes whether trust agents can be started, not the actual trusted
1259          * value.
1260          */
1261         void allowTrustFromUnlock(int userId) {
1262             if (userId < UserHandle.USER_SYSTEM) {
1263                 throw new IllegalArgumentException("userId must be a valid user: " + userId);
1264             }
1265             boolean previous = canAgentsRunForUser(userId);
1266             mStartFromSuccessfulUnlock.put(userId, true);
1267 
1268             if (DEBUG) {
1269                 Log.i(TAG, "allowTrustFromUnlock(" + userId + ") ->"
1270                         + " trustAllowed=" + isTrustAllowedForUser(userId)
1271                         + " agentsCanRun=" + canAgentsRunForUser(userId));
1272             }
1273 
1274             if (canAgentsRunForUser(userId) != previous) {
1275                 refreshAgentList(userId);
1276             }
1277         }
1278     }
1279 }

 

TrustManagerService.java

标签:indexof   flatten   HERE   because   parser   else   keyguard   win   ati   

原文地址:https://www.cnblogs.com/chaosDemo/p/9748108.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!