Default Trust Agents are now always enforced.

Notes:
- Even when the system has a trust agent initalized, the default trust agent will be used, if specified.

Bug: 37643316
Test: Manually set config.xml to whitelist agent.
Change-Id: Id7600798b85debbca21e2f87c3d3d6928494c1cb

1 files changed, 16 insertions, 13 deletions

diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index cc4c23d8727b..e1dcb0e33f4d 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -67,6 +67,7 @@ import java.io.FileDescriptor;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
@@ -575,20 +576,22 @@ public class TrustManagerService extends SystemService {
     }
 
     private void maybeEnableFactoryTrustAgents(LockPatternUtils utils, int userId) {
-        if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(),
-                Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) {
-            return;
-        }
-        PackageManager pm = mContext.getPackageManager();
-        List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);
         ComponentName defaultAgent = getDefaultFactoryTrustAgent(mContext);
         boolean shouldUseDefaultAgent = defaultAgent != null;
-        ArraySet<ComponentName> discoveredAgents = new ArraySet<>();
 
         if (shouldUseDefaultAgent) {
-            discoveredAgents.add(defaultAgent);
             Log.i(TAG, "Enabling " + defaultAgent + " because it is a default agent.");
+            utils.setEnabledTrustAgents(Collections.singleton(defaultAgent), userId);
         } else { // A default agent is not set; perform regular trust agent discovery
+            if (0 != Settings.Secure.getIntForUser(mContext.getContentResolver(),
+                    Settings.Secure.TRUST_AGENTS_INITIALIZED, 0, userId)) {
+                return;
+            }
+            PackageManager pm = mContext.getPackageManager();
+            List<ResolveInfo> resolveInfos = resolveAllowedTrustAgents(pm, userId);
+
+            ArraySet<ComponentName> discoveredAgents = new ArraySet<>();
+
             for (ResolveInfo resolveInfo : resolveInfos) {
                 ComponentName componentName = getComponentName(resolveInfo);
                 int applicationInfoFlags = resolveInfo.serviceInfo.applicationInfo.flags;
@@ -599,13 +602,13 @@ public class TrustManagerService extends SystemService {
                 }
                 discoveredAgents.add(componentName);
             }
-        }
 
-        List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);
-        if (previouslyEnabledAgents != null) {
-            discoveredAgents.addAll(previouslyEnabledAgents);
+            List<ComponentName> previouslyEnabledAgents = utils.getEnabledTrustAgents(userId);
+            if (previouslyEnabledAgents != null) {
+                discoveredAgents.addAll(previouslyEnabledAgents);
+            }
+            utils.setEnabledTrustAgents(discoveredAgents, userId);
         }
-        utils.setEnabledTrustAgents(discoveredAgents, userId);
         Settings.Secure.putIntForUser(mContext.getContentResolver(),
                 Settings.Secure.TRUST_AGENTS_INITIALIZED, 1, userId);
     }