4 files changed, 70 insertions, 2 deletions

diff --git a/core/java/android/app/trust/ITrustListener.aidl b/core/java/android/app/trust/ITrustListener.aidl
index 4680043..45a066d 100644
--- a/core/java/android/app/trust/ITrustListener.aidl
+++ b/core/java/android/app/trust/ITrustListener.aidl
@@ -23,4 +23,5 @@ package android.app.trust;
  */
 oneway interface ITrustListener {
     void onTrustChanged(boolean enabled, int userId);
+    void onTrustManagedChanged(boolean managed, int userId);
 }
\ No newline at end of file
diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index 6e90590..796e3cc 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -31,6 +31,7 @@ import android.util.Log;
 public class TrustManager {
 
     private static final int MSG_TRUST_CHANGED = 1;
+    private static final int MSG_TRUST_MANAGED_CHANGED = 2;
 
     private static final String TAG = "TrustManager";
 
@@ -98,6 +99,13 @@ public class TrustManager {
                     mHandler.obtainMessage(MSG_TRUST_CHANGED, (enabled ? 1 : 0), userId,
                             trustListener).sendToTarget();
                 }
+
+                @Override
+                public void onTrustManagedChanged(boolean managed, int userId)
+                        throws RemoteException {
+                    mHandler.obtainMessage(MSG_TRUST_MANAGED_CHANGED, (managed ? 1 : 0), userId,
+                            trustListener).sendToTarget();
+                }
             };
             mService.registerTrustListener(iTrustListener);
             mTrustListeners.put(trustListener, iTrustListener);
@@ -133,6 +141,8 @@ public class TrustManager {
                 case MSG_TRUST_CHANGED:
                     ((TrustListener)msg.obj).onTrustChanged(msg.arg1 != 0, msg.arg2);
                     break;
+                case MSG_TRUST_MANAGED_CHANGED:
+                    ((TrustListener)msg.obj).onTrustManagedChanged(msg.arg1 != 0, msg.arg2);
             }
         }
     };
@@ -145,5 +155,12 @@ public class TrustManager {
          * @param userId the user, for which the trust changed.
          */
         void onTrustChanged(boolean enabled, int userId);
+
+        /**
+         * Reports that whether trust is managed has changed
+         * @param enabled if true, at least one trust agent is managing trust.
+         * @param userId the user, for which the state changed.
+         */
+        void onTrustManagedChanged(boolean enabled, int userId);
     }
 }
diff --git a/core/java/android/service/trust/ITrustAgentServiceCallback.aidl b/core/java/android/service/trust/ITrustAgentServiceCallback.aidl
index 9e4c2bf..193ac59 100644
--- a/core/java/android/service/trust/ITrustAgentServiceCallback.aidl
+++ b/core/java/android/service/trust/ITrustAgentServiceCallback.aidl
@@ -25,4 +25,5 @@ import android.os.UserHandle;
 oneway interface ITrustAgentServiceCallback {
     void grantTrust(CharSequence message, long durationMs, boolean initiatedByUser);
     void revokeTrust();
+    void setManagingTrust(boolean managingTrust);
 }
diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java
index 61da85f..2609fce 100644
--- a/core/java/android/service/trust/TrustAgentService.java
+++ b/core/java/android/service/trust/TrustAgentService.java
@@ -66,6 +66,13 @@ import android.util.Slog;
 public class TrustAgentService extends Service {
     private final String TAG = TrustAgentService.class.getSimpleName() +
             "[" + getClass().getSimpleName() + "]";
+    private static final boolean DEBUG = false;
+
+    // Temporary workaround to allow current trust agent implementations to continue working.
+    // This and the code guarded by this should be removed before shipping.
+    // If true, calls setManagingTrust(true) after onCreate, if it wasn't already set.
+    // TODO: Remove this once all agents are updated.
+    private static final boolean SET_MANAGED_FOR_LEGACY_AGENTS = true;
 
     /**
      * The {@link Intent} that must be declared as handled by the service.
@@ -88,12 +95,12 @@ public class TrustAgentService extends Service {
 
     private static final int MSG_UNLOCK_ATTEMPT = 1;
 
-    private static final boolean DEBUG = false;
-
     private ITrustAgentServiceCallback mCallback;
 
     private Runnable mPendingGrantTrustTask;
 
+    private boolean mManagingTrust;
+
     // Lock used to access mPendingGrantTrustTask and mCallback.
     private final Object mLock = new Object();
 
@@ -109,6 +116,11 @@ public class TrustAgentService extends Service {
 
     @Override
     public void onCreate() {
+        // TODO: Remove this once all agents are updated.
+        if (SET_MANAGED_FOR_LEGACY_AGENTS) {
+            setManagingTrust(true);
+        }
+
         super.onCreate();
         ComponentName component = new ComponentName(this, getClass());
         try {
@@ -163,10 +175,15 @@ public class TrustAgentService extends Service {
      *                   for this agent will automatically be revoked when the timeout expires.
      * @param initiatedByUser indicates that the user has explicitly initiated an action that proves
      *                        the user is about to use the device.
+     * @throws IllegalStateException if the agent is not currently managing trust.
      */
     public final void grantTrust(
             final CharSequence message, final long durationMs, final boolean initiatedByUser) {
         synchronized (mLock) {
+            if (!mManagingTrust) {
+                throw new IllegalStateException("Cannot grant trust if agent is not managing trust."
+                        + " Call setManagingTrust(true) first.");
+            }
             if (mCallback != null) {
                 try {
                     mCallback.grantTrust(message.toString(), durationMs, initiatedByUser);
@@ -204,6 +221,29 @@ public class TrustAgentService extends Service {
         }
     }
 
+    /**
+     * Call to notify the system if the agent is ready to manage trust.
+     *
+     * This property is not persistent across recreating the service and defaults to false.
+     * Therefore this method is typically called when initializing the agent in {@link #onCreate}.
+     *
+     * @param managingTrust indicates if the agent would like to manage trust.
+     */
+    public final void setManagingTrust(boolean managingTrust) {
+        synchronized (mLock) {
+            if (mManagingTrust != managingTrust) {
+                mManagingTrust = managingTrust;
+                if (mCallback != null) {
+                    try {
+                        mCallback.setManagingTrust(managingTrust);
+                    } catch (RemoteException e) {
+                        onError("calling setManagingTrust()");
+                    }
+                }
+            }
+        }
+    }
+
     @Override
     public final IBinder onBind(Intent intent) {
         if (DEBUG) Slog.v(TAG, "onBind() intent = " + intent);
@@ -221,6 +261,15 @@ public class TrustAgentService extends Service {
         public void setCallback(ITrustAgentServiceCallback callback) {
             synchronized (mLock) {
                 mCallback = callback;
+                // The managingTrust property is false implicitly on the server-side, so we only
+                // need to set it here if the agent has decided to manage trust.
+                if (mManagingTrust) {
+                    try {
+                        mCallback.setManagingTrust(mManagingTrust);
+                    } catch (RemoteException e ) {
+                        onError("calling setManagingTrust()");
+                    }
+                }
                 if (mPendingGrantTrustTask != null) {
                     mPendingGrantTrustTask.run();
                     mPendingGrantTrustTask = null;