summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/app/trust/ITrustManager.aidl1
-rw-r--r--core/java/android/app/trust/TrustManager.java17
-rw-r--r--packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java9
-rw-r--r--services/core/java/com/android/server/trust/TrustManagerService.java59
4 files changed, 70 insertions, 16 deletions
diff --git a/core/java/android/app/trust/ITrustManager.aidl b/core/java/android/app/trust/ITrustManager.aidl
index 17cff5c..32951d9 100644
--- a/core/java/android/app/trust/ITrustManager.aidl
+++ b/core/java/android/app/trust/ITrustManager.aidl
@@ -32,4 +32,5 @@ interface ITrustManager {
void reportKeyguardShowingChanged();
boolean isDeviceLocked(int userId);
boolean isDeviceSecure(int userId);
+ boolean hasUserAuthenticatedSinceBoot(int userId);
}
diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index b5c5317..8cab565 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -147,6 +147,23 @@ public class TrustManager {
}
}
+ /**
+ * Checks whether the specified user has been authenticated since the last boot.
+ *
+ * @param userId the user id of the user to check for
+ * @return true if the user has authenticated since boot, false otherwise
+ *
+ * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
+ */
+ public boolean hasUserAuthenticatedSinceBoot(int userId) {
+ try {
+ return mService.hasUserAuthenticatedSinceBoot(userId);
+ } catch (RemoteException e) {
+ onError(e);
+ return false;
+ }
+ }
+
private void onError(Exception e) {
Log.e(TAG, "Error while calling TrustManagerService", e);
}
diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
index c7b7628..842cf73 100644
--- a/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
+++ b/packages/Keyguard/src/com/android/keyguard/KeyguardUpdateMonitor.java
@@ -58,7 +58,6 @@ import android.hardware.fingerprint.FingerprintManager;
import android.hardware.fingerprint.FingerprintManager.AuthenticationCallback;
import android.hardware.fingerprint.FingerprintUtils;
import android.hardware.fingerprint.FingerprintManager.AuthenticationResult;
-import android.service.trust.TrustAgentService;
import android.telephony.SubscriptionInfo;
import android.telephony.SubscriptionManager;
import android.telephony.SubscriptionManager.OnSubscriptionsChangedListener;
@@ -154,6 +153,7 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
private SubscriptionManager mSubscriptionManager;
private List<SubscriptionInfo> mSubscriptionInfo;
private boolean mFingerprintDetectionRunning;
+ private TrustManager mTrustManager;
private final Handler mHandler = new Handler() {
@Override
@@ -784,8 +784,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
e.printStackTrace();
}
- TrustManager trustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
- trustManager.registerTrustListener(this);
+ mTrustManager = (TrustManager) context.getSystemService(Context.TRUST_SERVICE);
+ mTrustManager.registerTrustListener(this);
mFpm = (FingerprintManager) context.getSystemService(Context.FINGERPRINT_SERVICE);
updateFingerprintListeningState();
@@ -801,7 +801,8 @@ public class KeyguardUpdateMonitor implements TrustManager.TrustListener {
}
private boolean shouldListenForFingerprint() {
- return mScreenOn && mKeyguardIsVisible && !mSwitchingUser;
+ return mScreenOn && mKeyguardIsVisible && !mSwitchingUser
+ && mTrustManager.hasUserAuthenticatedSinceBoot(ActivityManager.getCurrentUser());
}
private void startListeningForFingerprint() {
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 7d2fb43..726db4e 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -227,7 +227,7 @@ public class TrustManagerService extends SystemService {
if (!userInfo.supportsSwitchTo()) continue;
if (!mActivityManager.isUserRunning(userInfo.id)) continue;
if (!lockPatternUtils.isSecure(userInfo.id)) continue;
- if (!mUserHasAuthenticatedSinceBoot.get(userInfo.id)) continue;
+ if (!getUserHasAuthenticated(userInfo.id)) continue;
DevicePolicyManager dpm = lockPatternUtils.getDevicePolicyManager();
int disabledFeatures = dpm.getKeyguardDisabledFeatures(null, userInfo.id);
final boolean disableTrustAgents =
@@ -506,7 +506,7 @@ public class TrustManagerService extends SystemService {
// Agent dispatch and aggregation
private boolean aggregateIsTrusted(int userId) {
- if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+ if (!getUserHasAuthenticated(userId)) {
return false;
}
for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -521,7 +521,7 @@ public class TrustManagerService extends SystemService {
}
private boolean aggregateIsTrustManaged(int userId) {
- if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+ if (!getUserHasAuthenticated(userId)) {
return false;
}
for (int i = 0; i < mActiveAgents.size(); i++) {
@@ -549,23 +549,46 @@ public class TrustManagerService extends SystemService {
}
private void updateUserHasAuthenticated(int userId) {
- if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
- mUserHasAuthenticatedSinceBoot.put(userId, true);
+ boolean changed = setUserHasAuthenticated(userId);
+ if (changed) {
refreshAgentList(userId);
}
}
+ private boolean getUserHasAuthenticated(int userId) {
+ synchronized (mUserHasAuthenticatedSinceBoot) {
+ return mUserHasAuthenticatedSinceBoot.get(userId);
+ }
+ }
- private void requireCredentialEntry(int userId) {
- if (userId == UserHandle.USER_ALL) {
- mUserHasAuthenticatedSinceBoot.clear();
- refreshAgentList(UserHandle.USER_ALL);
- } else {
- mUserHasAuthenticatedSinceBoot.put(userId, false);
- refreshAgentList(userId);
+ /**
+ * @return whether the value has changed
+ */
+ private boolean setUserHasAuthenticated(int userId) {
+ synchronized (mUserHasAuthenticatedSinceBoot) {
+ if (!mUserHasAuthenticatedSinceBoot.get(userId)) {
+ mUserHasAuthenticatedSinceBoot.put(userId, true);
+ return true;
+ }
+ return false;
}
}
+ private void clearUserHasAuthenticated(int userId) {
+ synchronized (mUserHasAuthenticatedSinceBoot) {
+ if (userId == UserHandle.USER_ALL) {
+ mUserHasAuthenticatedSinceBoot.clear();
+ } else {
+ mUserHasAuthenticatedSinceBoot.put(userId, false);
+ }
+ }
+ }
+
+ private void requireCredentialEntry(int userId) {
+ clearUserHasAuthenticated(userId);
+ refreshAgentList(userId);
+ }
+
// Listeners
private void addListener(ITrustListener listener) {
@@ -705,6 +728,18 @@ public class TrustManagerService extends SystemService {
}
}
+ @Override
+ public boolean hasUserAuthenticatedSinceBoot(int userId) throws RemoteException {
+ mContext.enforceCallingOrSelfPermission(
+ Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, null);
+ long token = Binder.clearCallingIdentity();
+ try {
+ return getUserHasAuthenticated(userId);
+ } finally {
+ Binder.restoreCallingIdentity(token);
+ }
+ }
+
private void enforceReportPermission() {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
generated by cgit v1.1 at 2025-08-17 11:08:52 +0000