Implement device lock state listener

Bug: 296195355
Test: new CTS test
Flag: android.app.device_unlock_listener
Change-Id: I672954ac7bf5d428612c4d6f11c0ee3895b02ab0
Merged-In: I672954ac7bf5d428612c4d6f11c0ee3895b02ab0

8 files changed, 221 insertions, 1 deletions

diff --git a/core/api/current.txt b/core/api/current.txt
index b927c06a7245..b774ef148cfc 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -6198,6 +6198,7 @@ package android.app {
   }
 
   public class KeyguardManager {
+    method @FlaggedApi("android.app.device_unlock_listener") @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void addDeviceLockedStateListener(@NonNull java.util.concurrent.Executor, @NonNull android.app.KeyguardManager.DeviceLockedStateListener);
     method @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void addKeyguardLockedStateListener(@NonNull java.util.concurrent.Executor, @NonNull android.app.KeyguardManager.KeyguardLockedStateListener);
     method @Deprecated public android.content.Intent createConfirmDeviceCredentialIntent(CharSequence, CharSequence);
     method @Deprecated @RequiresPermission(android.Manifest.permission.DISABLE_KEYGUARD) public void exitKeyguardSecurely(android.app.KeyguardManager.OnKeyguardExitResult);
@@ -6207,10 +6208,15 @@ package android.app {
     method public boolean isKeyguardLocked();
     method public boolean isKeyguardSecure();
     method @Deprecated public android.app.KeyguardManager.KeyguardLock newKeyguardLock(String);
+    method @FlaggedApi("android.app.device_unlock_listener") @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void removeDeviceLockedStateListener(@NonNull android.app.KeyguardManager.DeviceLockedStateListener);
     method @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void removeKeyguardLockedStateListener(@NonNull android.app.KeyguardManager.KeyguardLockedStateListener);
     method public void requestDismissKeyguard(@NonNull android.app.Activity, @Nullable android.app.KeyguardManager.KeyguardDismissCallback);
   }
 
+  @FlaggedApi("android.app.device_unlock_listener") @java.lang.FunctionalInterface public static interface KeyguardManager.DeviceLockedStateListener {
+    method public void onDeviceLockedStateChanged(boolean);
+  }
+
   public abstract static class KeyguardManager.KeyguardDismissCallback {
     ctor public KeyguardManager.KeyguardDismissCallback();
     method public void onDismissCancelled();
diff --git a/core/java/android/app/KeyguardManager.java b/core/java/android/app/KeyguardManager.java
index 62820ad5a4d6..67f7bee4028e 100644
--- a/core/java/android/app/KeyguardManager.java
+++ b/core/java/android/app/KeyguardManager.java
@@ -18,6 +18,7 @@ package android.app;
 
 import android.Manifest;
 import android.annotation.CallbackExecutor;
+import android.annotation.FlaggedApi;
 import android.annotation.IntDef;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
@@ -52,7 +53,9 @@ import android.view.IOnKeyguardExitResult;
 import android.view.IWindowManager;
 import android.view.WindowManagerGlobal;
 
+import com.android.internal.annotations.GuardedBy;
 import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.policy.IDeviceLockedStateListener;
 import com.android.internal.policy.IKeyguardDismissCallback;
 import com.android.internal.policy.IKeyguardLockedStateListener;
 import com.android.internal.util.Preconditions;
@@ -253,6 +256,26 @@ public class KeyguardManager {
     private final ArrayMap<KeyguardLockedStateListener, Executor>
             mKeyguardLockedStateListeners = new ArrayMap<>();
 
+    private final IDeviceLockedStateListener mIDeviceLockedStateListener =
+            new IDeviceLockedStateListener.Stub() {
+                @Override
+                public void onDeviceLockedStateChanged(boolean isDeviceLocked) {
+                    if (!Flags.deviceUnlockListener()) {
+                        return;
+                    }
+                    synchronized (mDeviceLockedStateListeners) {
+                        mDeviceLockedStateListeners.forEach((listener, executor) -> {
+                            executor.execute(
+                                    () -> listener.onDeviceLockedStateChanged(isDeviceLocked));
+                        });
+                    }
+                }
+            };
+
+    @GuardedBy("mDeviceLockedStateListeners")
+    private final ArrayMap<DeviceLockedStateListener, Executor>
+            mDeviceLockedStateListeners = new ArrayMap<>();
+
     /**
      * Get an intent to prompt the user to confirm credentials (pin, pattern, password or biometrics
      * if enrolled) for the current user of the device. The caller is expected to launch this
@@ -1370,4 +1393,77 @@ public class KeyguardManager {
             }
         }
     }
+
+
+    /**
+     * Listener for device locked state changes.
+     */
+    @FunctionalInterface
+    @FlaggedApi(Flags.FLAG_DEVICE_UNLOCK_LISTENER)
+    public interface DeviceLockedStateListener {
+        /**
+         * Callback function that executes when the device locked state changes.
+         */
+        void onDeviceLockedStateChanged(boolean isDeviceLocked);
+    }
+
+
+    /**
+     * Registers a listener to execute when the device locked state changes.
+     *
+     * @param executor The {@link Executor} where the {@code listener} will be invoked
+     * @param listener The listener to add to receive device locked state changes.
+     *
+     * @see #isDeviceLocked()
+     * @see #removeDeviceLockedStateListener(DeviceLockedStateListener)
+     */
+    @RequiresPermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+    @FlaggedApi(Flags.FLAG_DEVICE_UNLOCK_LISTENER)
+    public void addDeviceLockedStateListener(@NonNull @CallbackExecutor Executor executor,
+            @NonNull DeviceLockedStateListener listener) {
+        if (!Flags.deviceUnlockListener()) {
+            return;
+        }
+
+        synchronized (mDeviceLockedStateListeners) {
+            mDeviceLockedStateListeners.put(listener, executor);
+            if (mDeviceLockedStateListeners.size() > 1) {
+                return;
+            }
+            try {
+                mTrustManager.registerDeviceLockedStateListener(mIDeviceLockedStateListener,
+                        mContext.getDeviceId());
+            } catch (RemoteException re) {
+                Log.d(TAG, "TrustManager service died", re);
+            }
+        }
+    }
+
+    /**
+     * Unregisters a listener that executes when the device locked state changes.
+     *
+     * @param listener The listener to remove.
+     *
+     * @see #isDeviceLocked()
+     * @see #addDeviceLockedStateListener(Executor, DeviceLockedStateListener)
+     */
+    @RequiresPermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+    @FlaggedApi(Flags.FLAG_DEVICE_UNLOCK_LISTENER)
+    public void removeDeviceLockedStateListener(@NonNull DeviceLockedStateListener listener) {
+        if (!Flags.deviceUnlockListener()) {
+            return;
+        }
+
+        synchronized (mDeviceLockedStateListeners) {
+            mDeviceLockedStateListeners.remove(listener);
+            if (!mDeviceLockedStateListeners.isEmpty()) {
+                return;
+            }
+            try {
+                mTrustManager.unregisterDeviceLockedStateListener(mIDeviceLockedStateListener);
+            } catch (RemoteException re) {
+                Log.d(TAG, "TrustManager service died", re);
+            }
+        }
+    }
 }
diff --git a/core/java/android/app/keyguard.aconfig b/core/java/android/app/keyguard.aconfig
new file mode 100644
index 000000000000..9cd1c1579416
--- /dev/null
+++ b/core/java/android/app/keyguard.aconfig
@@ -0,0 +1,10 @@
+package: "android.app"
+container: "system"
+
+flag {
+     namespace: "wallet_integration"
+     name: "device_unlock_listener"
+     is_exported: true
+     description: "Enable listener API for device unlock."
+     bug: "296195355"
+}
\ No newline at end of file
diff --git a/core/java/android/app/trust/ITrustManager.aidl b/core/java/android/app/trust/ITrustManager.aidl
index 740f5932f902..7cef2eff8767 100644
--- a/core/java/android/app/trust/ITrustManager.aidl
+++ b/core/java/android/app/trust/ITrustManager.aidl
@@ -18,6 +18,7 @@ package android.app.trust;
 
 import android.app.trust.ITrustListener;
 import android.hardware.biometrics.BiometricSourceType;
+import com.android.internal.policy.IDeviceLockedStateListener;
 
 /**
  * System private API to comunicate with trust service.
@@ -42,4 +43,8 @@ interface ITrustManager {
     void clearAllBiometricRecognized(in BiometricSourceType target, int unlockedUser);
     boolean isActiveUnlockRunning(int userId);
     boolean isInSignificantPlace();
+    @EnforcePermission("SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE")
+    void registerDeviceLockedStateListener(in IDeviceLockedStateListener listener, int deviceId);
+    @EnforcePermission("SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE")
+    void unregisterDeviceLockedStateListener(in IDeviceLockedStateListener listener);
 }
diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index 88d4d691cd97..75acac462427 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -31,6 +31,8 @@ import android.os.Message;
 import android.os.RemoteException;
 import android.util.ArrayMap;
 
+import com.android.internal.policy.IDeviceLockedStateListener;
+
 import java.util.ArrayList;
 import java.util.List;
 
@@ -259,6 +261,35 @@ public class TrustManager {
     }
 
     /**
+     * Registers a listener for device lock state events.
+     *
+     * Requires the {@link android.Manifest.permission#SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE}
+     * permission.
+     */
+    public void registerDeviceLockedStateListener(final IDeviceLockedStateListener listener,
+            int deviceId) {
+        try {
+            mService.registerDeviceLockedStateListener(listener, deviceId);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
+    /**
+     * Unregisters a listener for device lock state events.
+     *
+     * Requires the {@link android.Manifest.permission#SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE}
+     * permission.
+     */
+    public void unregisterDeviceLockedStateListener(final IDeviceLockedStateListener listener) {
+        try {
+            mService.unregisterDeviceLockedStateListener(listener);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
+    /**
      * @return whether {@param userId} has enabled and configured trust agents. Ignores short-term
      * unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.
      */
diff --git a/core/java/com/android/internal/policy/IDeviceLockedStateListener.aidl b/core/java/com/android/internal/policy/IDeviceLockedStateListener.aidl
new file mode 100644
index 000000000000..cc626f699d43
--- /dev/null
+++ b/core/java/com/android/internal/policy/IDeviceLockedStateListener.aidl
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.internal.policy;
+
+oneway interface IDeviceLockedStateListener {
+    void onDeviceLockedStateChanged(boolean isDeviceLocked);
+}
\ No newline at end of file
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 101ba119b496..d74065589361 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -5428,7 +5428,8 @@
     <permission android:name="android.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE"
         android:protectionLevel="signature" />
 
-    <!-- Allows an application to subscribe to keyguard locked (i.e., showing) state.
+    <!-- Allows an application to subscribe to device locked and keyguard locked (i.e., showing)
+        state.
          <p>Protection level: signature|role
          <p>Intended for use by ROLE_ASSISTANT and signature apps only.
     -->
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 953aae9588dd..5e36ee3a5812 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -21,6 +21,7 @@ import static android.service.trust.GrantTrustResult.STATUS_UNLOCKED_BY_GRANT;
 import static android.service.trust.TrustAgentService.FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE;
 
 import android.Manifest;
+import android.annotation.EnforcePermission;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.UserIdInt;
@@ -60,6 +61,7 @@ import android.os.IBinder;
 import android.os.Looper;
 import android.os.Message;
 import android.os.PersistableBundle;
+import android.os.RemoteCallbackList;
 import android.os.RemoteException;
 import android.os.SystemClock;
 import android.os.UserHandle;
@@ -83,6 +85,7 @@ import com.android.internal.annotations.GuardedBy;
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.content.PackageMonitor;
 import com.android.internal.infra.AndroidFuture;
+import com.android.internal.policy.IDeviceLockedStateListener;
 import com.android.internal.util.DumpUtils;
 import com.android.internal.widget.LockPatternUtils;
 import com.android.internal.widget.LockSettingsInternal;
@@ -103,6 +106,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Objects;
+import java.util.stream.IntStream;
 
 /**
  * Manages trust agents and trust listeners.
@@ -250,6 +254,10 @@ public class TrustManagerService extends SystemService {
             new SparseArray<>();
     private final SparseArray<TrustableTimeoutAlarmListener>
             mIdleTrustableTimeoutAlarmListenerForUser = new SparseArray<>();
+
+    private final RemoteCallbackList<IDeviceLockedStateListener>
+            mDeviceLockedStateListeners = new RemoteCallbackList<>();
+
     private AlarmManager mAlarmManager;
     private final Object mAlarmLock = new Object();
 
@@ -1085,6 +1093,7 @@ public class TrustManagerService extends SystemService {
         if (changed) {
             notifyTrustAgentsOfDeviceLockState(userId, locked);
             notifyKeystoreOfDeviceLockState(userId, locked);
+            notifyDeviceLockedListenersForUser(userId, locked);
             // Also update the user's profiles who have unified challenge, since they
             // share the same unlocked state (see {@link #isDeviceLocked(int)})
             for (int profileHandle : mUserManager.getEnabledProfileIds(userId)) {
@@ -1892,6 +1901,26 @@ public class TrustManagerService extends SystemService {
             return mIsInSignificantPlace;
         }
 
+        @EnforcePermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+        @Override
+        public void registerDeviceLockedStateListener(IDeviceLockedStateListener listener,
+                int deviceId) {
+            super.registerDeviceLockedStateListener_enforcePermission();
+            if (deviceId != Context.DEVICE_ID_DEFAULT) {
+                // Virtual devices are considered insecure.
+                return;
+            }
+            mDeviceLockedStateListeners.register(listener,
+                    Integer.valueOf(UserHandle.getUserId(Binder.getCallingUid())));
+        }
+
+        @EnforcePermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+        @Override
+        public void unregisterDeviceLockedStateListener(IDeviceLockedStateListener listener) {
+            super.unregisterDeviceLockedStateListener_enforcePermission();
+            mDeviceLockedStateListeners.unregister(listener);
+        }
+
         private void enforceReportPermission() {
             mContext.enforceCallingOrSelfPermission(
                     Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
@@ -2013,6 +2042,7 @@ public class TrustManagerService extends SystemService {
                     }
 
                     notifyKeystoreOfDeviceLockState(userId, locked);
+                    notifyDeviceLockedListenersForUser(userId, locked);
 
                     if (locked) {
                         try {
@@ -2479,4 +2509,24 @@ public class TrustManagerService extends SystemService {
             updateTrust(mUserId, 0 /* flags */);
         }
     }
+
+    private void notifyDeviceLockedListenersForUser(int userId, boolean locked) {
+        int numListeners = mDeviceLockedStateListeners.beginBroadcast();
+        try {
+            IntStream.range(0, numListeners).forEach(i -> {
+                try {
+                    Integer uid = (Integer) mDeviceLockedStateListeners.getBroadcastCookie(i);
+                    if (userId == uid.intValue()) {
+                        mDeviceLockedStateListeners.getBroadcastItem(i)
+                                .onDeviceLockedStateChanged(locked);
+                    }
+                } catch (RemoteException re) {
+                    Log.i(TAG, "Service died", re);
+                }
+            });
+
+        } finally {
+            mDeviceLockedStateListeners.finishBroadcast();
+        }
+    }
 }