diff options
| author | 2023-09-08 19:08:10 +0000 | |
|---|---|---|
| committer | 2023-09-08 19:08:10 +0000 | |
| commit | 57934d4bf7fea4370e82b40529b19cdd30894309 (patch) | |
| tree | 57179348e55092771aa5d0a3bce4d2f700e2df26 | |
| parent | 073773d902c578f0305d93000b7e760c8bb9f7d4 (diff) | |
| parent | eec5221aab11e721b8b9f06e9f3e257fb9436571 (diff) | |
Merge "Improve documentation for TrustManagerService#TrustState" into main am: 3b7fe89eda am: e777b1eec2 am: eec5221aab
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2736661
Change-Id: Iebdad6b41c21f4268a2603a776a1ce7f70cd5aa0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | services/core/java/com/android/server/trust/TrustManagerService.java | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 31904f8d8868..fb188c0c4948 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -162,10 +162,26 @@ public class TrustManagerService extends SystemService { private VirtualDeviceManagerInternal mVirtualDeviceManager; private enum TrustState { - UNTRUSTED, // the phone is not unlocked by any trustagents - TRUSTABLE, // the phone is in a semi-locked state that can be unlocked if - // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE is passed and a trustagent is trusted - TRUSTED // the phone is unlocked + // UNTRUSTED means that TrustManagerService is currently *not* giving permission for the + // user's Keyguard to be dismissed, and grants of trust by trust agents are remembered in + // the corresponding TrustAgentWrapper but are not recognized until the device is unlocked + // for the user. I.e., if the device is locked and the state is UNTRUSTED, it cannot be + // unlocked by a trust agent. Automotive devices are an exception; grants of trust are + // always recognized on them. + UNTRUSTED, + + // TRUSTABLE is the same as UNTRUSTED except that new grants of trust using + // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE are recognized for moving to TRUSTED. I.e., if + // the device is locked and the state is TRUSTABLE, it can be unlocked by a trust agent, + // provided that the trust agent chooses to use Active Unlock. The TRUSTABLE state is only + // possible as a result of a downgrade from TRUSTED, after a trust agent used + // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE in its most recent grant. + TRUSTABLE, + + // TRUSTED means that TrustManagerService is currently giving permission for the user's + // Keyguard to be dismissed. This implies that the device is unlocked for the user (where + // the case of Keyguard showing but dismissible just with swipe counts as "unlocked"). + TRUSTED }; @GuardedBy("mUserTrustState") |