diff options
4 files changed, 35 insertions, 4 deletions
diff --git a/core/java/android/service/trust/ITrustAgentServiceCallback.aidl b/core/java/android/service/trust/ITrustAgentServiceCallback.aidl index 220e498df8a8..6b11e7463abc 100644 --- a/core/java/android/service/trust/ITrustAgentServiceCallback.aidl +++ b/core/java/android/service/trust/ITrustAgentServiceCallback.aidl @@ -26,6 +26,7 @@ import android.os.UserHandle; oneway interface ITrustAgentServiceCallback { void grantTrust(CharSequence message, long durationMs, int flags); void revokeTrust(); + void lockUser(); void setManagingTrust(boolean managingTrust); void onConfigureCompleted(boolean result, IBinder token); void addEscrowToken(in byte[] token, int userId); diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java index 9eb598512c55..37598512560d 100644 --- a/core/java/android/service/trust/TrustAgentService.java +++ b/core/java/android/service/trust/TrustAgentService.java @@ -621,11 +621,15 @@ public class TrustAgentService extends Service { * * If the user has no auth method specified, then keyguard will still be shown but can be * dismissed normally. - * - * TODO(b/213631675): Implement & make public - * @hide */ public final void lockUser() { + if (mCallback != null) { + try { + mCallback.lockUser(); + } catch (RemoteException e) { + onError("calling lockUser"); + } + } } /** diff --git a/services/core/java/com/android/server/trust/TrustAgentWrapper.java b/services/core/java/com/android/server/trust/TrustAgentWrapper.java index 839ac49b25cf..1dea3d7943d8 100644 --- a/services/core/java/com/android/server/trust/TrustAgentWrapper.java +++ b/services/core/java/com/android/server/trust/TrustAgentWrapper.java @@ -71,6 +71,7 @@ public class TrustAgentWrapper { private static final int MSG_ESCROW_TOKEN_STATE = 9; private static final int MSG_UNLOCK_USER = 10; private static final int MSG_SHOW_KEYGUARD_ERROR_MESSAGE = 11; + private static final int MSG_LOCK_USER = 12; /** * Time in uptime millis that we wait for the service connection, both when starting @@ -296,6 +297,13 @@ public class TrustAgentWrapper { mTrustManagerService.showKeyguardErrorMessage(message); break; } + case MSG_LOCK_USER: { + mTrusted = false; + mTrustable = false; + mTrustManagerService.updateTrust(mUserId, 0 /* flags */); + mTrustManagerService.lockUser(mUserId); + break; + } } } }; @@ -321,6 +329,11 @@ public class TrustAgentWrapper { } @Override + public void lockUser() { + mHandler.sendEmptyMessage(MSG_LOCK_USER); + } + + @Override public void setManagingTrust(boolean managingTrust) { if (DEBUG) Slog.d(TAG, "managingTrust()"); mHandler.obtainMessage(MSG_MANAGING_TRUST, managingTrust ? 1 : 0, 0).sendToTarget(); diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index ee6f63e8d049..6aafd4aec0ab 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -245,7 +245,6 @@ public class TrustManagerService extends SystemService { } // Extend unlock config and logic - private final class SettingsObserver extends ContentObserver { private final Uri TRUST_AGENTS_EXTEND_UNLOCK = Settings.Secure.getUriFor(Settings.Secure.TRUST_AGENTS_EXTEND_UNLOCK); @@ -556,6 +555,20 @@ public class TrustManagerService extends SystemService { mLockPatternUtils.unlockUserWithToken(handle, token, userId); } + /** + * Locks the phone and requires some auth (not trust) like a biometric or passcode before + * unlocking. + */ + public void lockUser(int userId) { + mLockPatternUtils.requireStrongAuth( + StrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_USER_REQUEST, userId); + try { + WindowManagerGlobal.getWindowManagerService().lockNow(null); + } catch (RemoteException e) { + Slog.e(TAG, "Error locking screen when called from trust agent"); + } + } + void showKeyguardErrorMessage(CharSequence message) { dispatchOnTrustError(message); } |