diff options
| author | 2023-09-08 17:28:52 +0000 | |
|---|---|---|
| committer | 2023-09-08 17:28:52 +0000 | |
| commit | 3b7fe89edaa60739134b34c7ad0b3755e29a7342 (patch) | |
| tree | a487ab6c26e24e9b5f94bed49ac0fd5ed8e32ed6 | |
| parent | 732c0812d2e899e0ae26972a6b483a898924ed29 (diff) | |
| parent | 62f85560741e604eea78ab255bd8d7def6546f13 (diff) | |
Merge "Improve documentation for TrustManagerService#TrustState" into main
| -rw-r--r-- | services/core/java/com/android/server/trust/TrustManagerService.java | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 04cd7f72acc9..80c5170eef7c 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -158,10 +158,26 @@ public class TrustManagerService extends SystemService { private VirtualDeviceManagerInternal mVirtualDeviceManager; private enum TrustState { - UNTRUSTED, // the phone is not unlocked by any trustagents - TRUSTABLE, // the phone is in a semi-locked state that can be unlocked if - // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE is passed and a trustagent is trusted - TRUSTED // the phone is unlocked + // UNTRUSTED means that TrustManagerService is currently *not* giving permission for the + // user's Keyguard to be dismissed, and grants of trust by trust agents are remembered in + // the corresponding TrustAgentWrapper but are not recognized until the device is unlocked + // for the user. I.e., if the device is locked and the state is UNTRUSTED, it cannot be + // unlocked by a trust agent. Automotive devices are an exception; grants of trust are + // always recognized on them. + UNTRUSTED, + + // TRUSTABLE is the same as UNTRUSTED except that new grants of trust using + // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE are recognized for moving to TRUSTED. I.e., if + // the device is locked and the state is TRUSTABLE, it can be unlocked by a trust agent, + // provided that the trust agent chooses to use Active Unlock. The TRUSTABLE state is only + // possible as a result of a downgrade from TRUSTED, after a trust agent used + // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE in its most recent grant. + TRUSTABLE, + + // TRUSTED means that TrustManagerService is currently giving permission for the user's + // Keyguard to be dismissed. This implies that the device is unlocked for the user (where + // the case of Keyguard showing but dismissible just with swipe counts as "unlocked"). + TRUSTED }; @GuardedBy("mUserTrustState") |