diff options
author | Adrian Roos <roosa@google.com> | 2014-07-29 15:09:57 +0200 |
---|---|---|
committer | Adrian Roos <roosa@google.com> | 2014-07-30 12:34:18 +0000 |
commit | 8f21158fe64eb93ff005dc1b831b282b95531023 (patch) | |
tree | ca5054639d03e4ac0b13536eb59ce723e50f0b81 /services/core/java/com/android/server/trust | |
parent | 7861c663fd64af33ec2a4c5ad653c806dc8bd994 (diff) | |
download | frameworks_base-8f21158fe64eb93ff005dc1b831b282b95531023.zip frameworks_base-8f21158fe64eb93ff005dc1b831b282b95531023.tar.gz frameworks_base-8f21158fe64eb93ff005dc1b831b282b95531023.tar.bz2 |
Trust: Make setEnabledFeatures asynchronous
Unsynchronizes the call into app code from setEnabledFeatures,
replacing it with a callback mechanism. Also makes this actually
work by fixing the check in TrustManagerService to take into account
whitelisting.
Change-Id: I0831752cd2d3158eda9c8404a5569498f11ac2ac
Diffstat (limited to 'services/core/java/com/android/server/trust')
-rw-r--r-- | services/core/java/com/android/server/trust/TrustAgentWrapper.java | 101 | ||||
-rw-r--r-- | services/core/java/com/android/server/trust/TrustManagerService.java | 25 |
2 files changed, 68 insertions, 58 deletions
diff --git a/services/core/java/com/android/server/trust/TrustAgentWrapper.java b/services/core/java/com/android/server/trust/TrustAgentWrapper.java index eee2a4d..ee20b3c 100644 --- a/services/core/java/com/android/server/trust/TrustAgentWrapper.java +++ b/services/core/java/com/android/server/trust/TrustAgentWrapper.java @@ -17,12 +17,11 @@ package com.android.server.trust; import android.app.admin.DevicePolicyManager; -import android.content.BroadcastReceiver; import android.content.ComponentName; import android.content.Context; import android.content.Intent; -import android.content.IntentFilter; import android.content.ServiceConnection; +import android.os.Binder; import android.os.Bundle; import android.os.Handler; import android.os.IBinder; @@ -51,7 +50,7 @@ public class TrustAgentWrapper { private static final int MSG_REVOKE_TRUST = 2; private static final int MSG_TRUST_TIMEOUT = 3; private static final int MSG_RESTART_TIMEOUT = 4; - private static final int MSG_DPM_CHANGED = 5; + private static final int MSG_SET_TRUST_AGENT_FEATURES_COMPLETED = 5; private static final int MSG_MANAGING_TRUST = 6; /** @@ -79,6 +78,7 @@ public class TrustAgentWrapper { private CharSequence mMessage; private boolean mTrustDisabledByDpm; private boolean mManagingTrust; + private IBinder mSetTrustAgentFeaturesToken; private final Handler mHandler = new Handler() { @Override @@ -121,8 +121,21 @@ public class TrustAgentWrapper { unbind(); mTrustManagerService.resetAgent(mName, mUserId); break; - case MSG_DPM_CHANGED: - updateDevicePolicyFeatures(mName); + case MSG_SET_TRUST_AGENT_FEATURES_COMPLETED: + IBinder token = (IBinder) msg.obj; + boolean result = msg.arg1 != 0; + if (mSetTrustAgentFeaturesToken == token) { + mSetTrustAgentFeaturesToken = null; + if (mTrustDisabledByDpm && result) { + if (DEBUG) Log.v(TAG, "Re-enabling agent because it acknowledged " + + "enabled features: " + mName); + mTrustDisabledByDpm = false; + mTrustManagerService.updateTrust(mUserId); + } + } else { + if (DEBUG) Log.w(TAG, "Ignoring MSG_SET_TRUST_AGENT_FEATURES_COMPLETED " + + "with obsolete token: " + mName); + } break; case MSG_MANAGING_TRUST: mManagingTrust = msg.arg1 != 0; @@ -161,6 +174,13 @@ public class TrustAgentWrapper { if (DEBUG) Slog.v(TAG, "managingTrust()"); mHandler.obtainMessage(MSG_MANAGING_TRUST, managingTrust ? 1 : 0, 0).sendToTarget(); } + + @Override + public void onSetTrustAgentFeaturesEnabledCompleted(boolean result, IBinder token) { + if (DEBUG) Slog.v(TAG, "onSetTrustAgentFeaturesEnabledCompleted(result=" + result); + mHandler.obtainMessage(MSG_SET_TRUST_AGENT_FEATURES_COMPLETED, + result ? 1 : 0, 0, token).sendToTarget(); + } }; private final ServiceConnection mConnection = new ServiceConnection() { @@ -171,8 +191,7 @@ public class TrustAgentWrapper { mTrustAgentService = ITrustAgentService.Stub.asInterface(service); mTrustManagerService.mArchive.logAgentConnected(mUserId, name); setCallback(mCallback); - updateDevicePolicyFeatures(name); - watchForDpmChanges(true); + updateDevicePolicyFeatures(); } @Override @@ -180,24 +199,13 @@ public class TrustAgentWrapper { if (DEBUG) Log.v(TAG, "TrustAgent disconnected : " + name.flattenToShortString()); mTrustAgentService = null; mManagingTrust = false; + mSetTrustAgentFeaturesToken = null; mTrustManagerService.mArchive.logAgentDied(mUserId, name); mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); if (mBound) { scheduleRestart(); } // mTrustDisabledByDpm maintains state - watchForDpmChanges(false); - } - }; - - private BroadcastReceiver mBroadcastReceiver = new BroadcastReceiver() { - - @Override - public void onReceive(Context context, Intent intent) { - if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED - .equals(intent.getAction())) { - mHandler.sendEmptyMessage(MSG_DPM_CHANGED); - } } }; @@ -241,48 +249,32 @@ public class TrustAgentWrapper { } } - private void watchForDpmChanges(boolean start) { - if (start) { - final IntentFilter filter = new IntentFilter(); - filter.addAction(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); - filter.addAction(Intent.ACTION_USER_REMOVED); - mContext.registerReceiver(mBroadcastReceiver, filter); - } else { - mContext.unregisterReceiver(mBroadcastReceiver); - } - } - - private boolean updateDevicePolicyFeatures(ComponentName name) { + boolean updateDevicePolicyFeatures() { boolean trustDisabled = false; - if (DEBUG) Slog.v(TAG, "updateDevicePolicyFeatures(" + name + ")"); + if (DEBUG) Slog.v(TAG, "updateDevicePolicyFeatures(" + mName + ")"); try { if (mTrustAgentService != null) { DevicePolicyManager dpm = (DevicePolicyManager) mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); - if (dpm != null) { - // If trust disabled, only enable it if the options bundle is set and - // accepted by the TrustAgent. - if ((dpm.getKeyguardDisabledFeatures(null) - & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) { - List<String> features = dpm.getTrustAgentFeaturesEnabled(null, name); - if (DEBUG) Slog.v(TAG, "Detected trust agents disabled. Features = " + features); - if (features != null && features.size() > 0) { - Bundle bundle = new Bundle(); - bundle.putStringArrayList(TrustAgentService.KEY_FEATURES, - (ArrayList<String>)features); - if (DEBUG) { - Slog.v(TAG, "TrustAgent " + name.flattenToShortString() - + " disabled except "+ features); - } - trustDisabled = mTrustAgentService.setTrustAgentFeaturesEnabled(bundle); - } else { - if (DEBUG) Slog.v(TAG, "TrustAgent " + name + " disabled by flag"); - trustDisabled = true; // trust agent should be disabled + + if ((dpm.getKeyguardDisabledFeatures(null) + & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0) { + List<String> features = dpm.getTrustAgentFeaturesEnabled(null, mName); + trustDisabled = true; + if (DEBUG) Slog.v(TAG, "Detected trust agents disabled. Features = " + + features); + if (features != null && features.size() > 0) { + Bundle bundle = new Bundle(); + bundle.putStringArrayList(TrustAgentService.KEY_FEATURES, + (ArrayList<String>)features); + if (DEBUG) { + Slog.v(TAG, "TrustAgent " + mName.flattenToShortString() + + " disabled until it acknowledges "+ features); } + mSetTrustAgentFeaturesToken = new Binder(); + mTrustAgentService.setTrustAgentFeaturesEnabled(bundle, + mSetTrustAgentFeaturesToken); } - } else { - Log.e(TAG, "Can't get DevicePolicyManagerService: is it running?", - new IllegalStateException("Stack trace:")); } } } catch (RemoteException e) { @@ -316,6 +308,7 @@ public class TrustAgentWrapper { mContext.unbindService(mConnection); mBound = false; mTrustAgentService = null; + mSetTrustAgentFeaturesToken = null; mHandler.sendEmptyMessage(MSG_REVOKE_TRUST); mHandler.removeMessages(MSG_RESTART_TIMEOUT); } diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 950d639..d3b8d5d 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -157,7 +157,7 @@ public class TrustManagerService extends SystemService { dispatchOnTrustChanged(aggregateIsTrusted(userId), userId); } - protected void refreshAgentList() { + void refreshAgentList() { if (DEBUG) Slog.d(TAG, "refreshAgentList()"); PackageManager pm = mContext.getPackageManager(); @@ -168,13 +168,13 @@ public class TrustManagerService extends SystemService { obsoleteAgents.addAll(mActiveAgents); for (UserInfo userInfo : userInfos) { - int disabledFeatures = lockPatternUtils.getDevicePolicyManager() - .getKeyguardDisabledFeatures(null, userInfo.id); + DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager(); + int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id); final boolean disableTrustAgents = (disabledFeatures & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; List<ComponentName> enabledAgents = lockPatternUtils.getEnabledTrustAgents(userInfo.id); - if (disableTrustAgents || enabledAgents == null) { + if (enabledAgents == null) { continue; } List<ResolveInfo> resolveInfos = pm.queryIntentServicesAsUser(TRUST_AGENT_INTENT, @@ -193,6 +193,13 @@ public class TrustManagerService extends SystemService { ComponentName name = getComponentName(resolveInfo); if (!enabledAgents.contains(name)) continue; + if (disableTrustAgents) { + List<String> features = + dpm.getTrustAgentFeaturesEnabled(null /* admin */, name); + // Disable agent if no features are enabled. + if (features == null || features.isEmpty()) continue; + } + AgentInfo agentInfo = new AgentInfo(); agentInfo.component = name; agentInfo.userId = userInfo.id; @@ -224,6 +231,15 @@ public class TrustManagerService extends SystemService { } } + void updateDevicePolicyFeatures(int userId) { + for (int i = 0; i < mActiveAgents.size(); i++) { + AgentInfo info = mActiveAgents.valueAt(i); + if (info.agent.isConnected()) { + info.agent.updateDevicePolicyFeatures(); + } + } + } + private void removeAgentsOfPackage(String packageName) { boolean trustMayHaveChanged = false; for (int i = mActiveAgents.size() - 1; i >= 0; i--) { @@ -587,6 +603,7 @@ public class TrustManagerService extends SystemService { if (DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED.equals( intent.getAction())) { refreshAgentList(); + updateDevicePolicyFeatures(getSendingUserId()); } } |