Updating TrustManagerService to react to keyguard visible changes.

Trustagents should know to downgrade to trustable when the keyguard
visiblity changes. This will fix a bug on tablet where hitting the power
button doesn't sleep the device, and consequently doesn't broadcast the
SCREEN_OFF broadcast which causes the unit tests to fail. This also
fixes a larger issue where if the phone gets unlatched, or if a
trustagent is set up while the phone is unlocked, the phone will be able
to downgrade the trustagent to trustable at the correct time.

As part of this chance, we can remove the USER_PRESENT broadcast which
ends up duplicating the reportKeyguardShowingChanged. Also, in
TemporaryAndRenewableTrustTest.kt, we now grantTrust after waking the
phone which is more realistic and was causing the tests to fail before.

Test: atest TrustTests:TemporaryAndRenewableTrustTests --iterations
Bug: 213631682
Fixes: 231326751
Change-Id: I10a3270ff0b9f12d62acd448ad754f829d843b0e

3 files changed, 38 insertions, 17 deletions

diff --git a/services/core/java/com/android/server/trust/TrustAgentWrapper.java b/services/core/java/com/android/server/trust/TrustAgentWrapper.java
index d3748140a5a5..4b8c7c176fda 100644
--- a/services/core/java/com/android/server/trust/TrustAgentWrapper.java
+++ b/services/core/java/com/android/server/trust/TrustAgentWrapper.java
@@ -122,16 +122,9 @@ public class TrustAgentWrapper {
             if (!TrustManagerService.ENABLE_ACTIVE_UNLOCK_FLAG) {
                 return;
             }
-            if (!mWaitingForTrustableDowngrade) {
-                return;
-            }
             // are these the broadcasts we want to listen to
-            if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())
-                    || Intent.ACTION_USER_PRESENT.equals(intent.getAction())) {
-                mTrusted = false;
-                mTrustable = true;
-                mWaitingForTrustableDowngrade = false;
-                mTrustManagerService.updateTrust(mUserId, 0);
+            if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())) {
+                downgradeToTrustable();
             }
         }
     };
@@ -480,8 +473,7 @@ public class TrustAgentWrapper {
         final String pathUri = mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME);
         alarmFilter.addDataPath(pathUri, PatternMatcher.PATTERN_LITERAL);
 
-        IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_USER_PRESENT);
-        trustableFilter.addAction(Intent.ACTION_SCREEN_OFF);
+        IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_SCREEN_OFF);
 
         // Schedules a restart for when connecting times out. If the connection succeeds,
         // the restart is canceled in mCallback's onConnected.
@@ -668,6 +660,19 @@ public class TrustAgentWrapper {
         mTrustable = false;
     }
 
+    /**
+     * Downgrades the trustagent to trustable as a result of a keyguard or screen related event, and
+     * then updates the trust state of the phone to reflect the change.
+     */
+    public void downgradeToTrustable() {
+        if (mWaitingForTrustableDowngrade) {
+            mWaitingForTrustableDowngrade = false;
+            mTrusted = false;
+            mTrustable = true;
+            mTrustManagerService.updateTrust(mUserId, 0);
+        }
+    }
+
     public boolean isManagingTrust() {
         return mManagingTrust && !mTrustDisabledByDpm;
     }
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 8f4ddea1c30c..80ce70de2138 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -1184,6 +1184,22 @@ public class TrustManagerService extends SystemService {
         return false;
     }
 
+    /**
+     * We downgrade to trustable whenever keyguard changes its showing value.
+     *  - becomes showing: something has caused the device to show keyguard which happens due to
+     *  user intent to lock the device either through direct action or a timeout
+     *  - becomes not showing: keyguard was dismissed and we no longer need to keep the device
+     *  unlocked
+     *  */
+    private void dispatchTrustableDowngrade() {
+        for (int i = 0; i < mActiveAgents.size(); i++) {
+            AgentInfo info = mActiveAgents.valueAt(i);
+            if (info.userId == mCurrentUser) {
+                info.agent.downgradeToTrustable();
+            }
+        }
+    }
+
     private List<String> getTrustGrantedMessages(int userId) {
         if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) {
             return new ArrayList<>();
@@ -1752,6 +1768,7 @@ public class TrustManagerService extends SystemService {
                     refreshDeviceLockedForUser(UserHandle.USER_ALL);
                     break;
                 case MSG_KEYGUARD_SHOWING_CHANGED:
+                    dispatchTrustableDowngrade();
                     refreshDeviceLockedForUser(mCurrentUser);
                     break;
                 case MSG_START_USER:
diff --git a/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt b/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt
index 3c6d54d24291..ae722477a2bc 100644
--- a/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt
+++ b/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt
@@ -29,7 +29,7 @@ import androidx.test.ext.junit.rules.ActivityScenarioRule
 import androidx.test.ext.junit.runners.AndroidJUnit4
 import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation
 import androidx.test.uiautomator.UiDevice
-import com.google.common.truth.Truth.assertThat
+import android.trust.test.lib.wait
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
@@ -74,9 +74,9 @@ class TemporaryAndRenewableTrustTest {
         uiDevice.sleep()
         lockStateTrackingRule.assertLocked()
 
+        uiDevice.wakeUp()
         trustAgentRule.agent.grantTrust(
             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
-        uiDevice.wakeUp()
 
         lockStateTrackingRule.assertLocked()
     }
@@ -98,9 +98,9 @@ class TemporaryAndRenewableTrustTest {
 
         lockStateTrackingRule.assertLocked()
 
+        uiDevice.wakeUp()
         trustAgentRule.agent.grantTrust(
             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
-        uiDevice.wakeUp()
 
         lockStateTrackingRule.assertUnlocked()
     }
@@ -116,6 +116,7 @@ class TemporaryAndRenewableTrustTest {
         uiDevice.sleep()
 
         lockStateTrackingRule.assertLocked()
+        uiDevice.wakeUp()
 
         Log.i(TAG, "Renewing trust and unlocking")
         var result: GrantTrustResult? = null
@@ -124,10 +125,9 @@ class TemporaryAndRenewableTrustTest {
             Log.i(TAG, "Callback received; status=${it.status}")
             result = it
         }
-        uiDevice.wakeUp()
         lockStateTrackingRule.assertUnlocked()
 
-        assertThat(result?.status).isEqualTo(STATUS_UNLOCKED_BY_GRANT)
+        wait("callback triggered") { result?.status == STATUS_UNLOCKED_BY_GRANT }
     }
 
     @Test
@@ -141,7 +141,6 @@ class TemporaryAndRenewableTrustTest {
         trustAgentRule.agent.revokeTrust()
         await(500)
         uiDevice.wakeUp()
-        await(500)
 
         trustAgentRule.agent.grantTrust(
             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}