diff options
34 files changed, 267 insertions, 422 deletions
diff --git a/config/preloaded-classes b/config/preloaded-classes index 1812c2bb61d6..fd4e3dfcaf95 100644 --- a/config/preloaded-classes +++ b/config/preloaded-classes @@ -6634,12 +6634,6 @@ android.security.Scrypt android.security.attestationverification.AttestationVerificationManager android.security.keymaster.ExportResult$1 android.security.keymaster.ExportResult -android.security.keymaster.IKeyAttestationApplicationIdProvider$Stub -android.security.keymaster.IKeyAttestationApplicationIdProvider -android.security.keymaster.KeyAttestationApplicationId$1 -android.security.keymaster.KeyAttestationApplicationId -android.security.keymaster.KeyAttestationPackageInfo$1 -android.security.keymaster.KeyAttestationPackageInfo android.security.keymaster.KeyCharacteristics$1 android.security.keymaster.KeyCharacteristics android.security.keymaster.KeymasterArgument$1 @@ -6664,7 +6658,13 @@ android.security.keystore.AttestationUtils android.security.keystore.BackendBusyException android.security.keystore.DelegatingX509Certificate android.security.keystore.DeviceIdAttestationException +android.security.keystore.IKeyAttestationApplicationIdProvider$Stub +android.security.keystore.IKeyAttestationApplicationIdProvider +android.security.keystore.KeyAttestationApplicationId$Stub +android.security.keystore.KeyAttestationApplicationId android.security.keystore.KeyAttestationException +android.security.keystore.KeyAttestationPackageInfo$Stub +android.security.keystore.KeyAttestationPackageInfo android.security.keystore.KeyExpiredException android.security.keystore.KeyGenParameterSpec$Builder android.security.keystore.KeyGenParameterSpec @@ -6687,6 +6687,8 @@ android.security.keystore.KeystoreResponse$1 android.security.keystore.KeystoreResponse android.security.keystore.ParcelableKeyGenParameterSpec$1 android.security.keystore.ParcelableKeyGenParameterSpec +android.security.keystore.Signature$Stub +android.security.keystore.Signature android.security.keystore.SecureKeyImportUnavailableException android.security.keystore.StrongBoxUnavailableException android.security.keystore.UserAuthArgs diff --git a/core/api/current.txt b/core/api/current.txt index c5c5df55785c..dd98aa569ddb 100644 --- a/core/api/current.txt +++ b/core/api/current.txt @@ -29084,6 +29084,8 @@ package android.nfc { method @Nullable public android.nfc.NfcAntennaInfo getNfcAntennaInfo(); method public boolean ignore(android.nfc.Tag, int, android.nfc.NfcAdapter.OnTagRemovedListener, android.os.Handler); method public boolean isEnabled(); + method @FlaggedApi("android.nfc.enable_nfc_reader_option") public boolean isReaderOptionEnabled(); + method @FlaggedApi("android.nfc.enable_nfc_reader_option") public boolean isReaderOptionSupported(); method public boolean isSecureNfcEnabled(); method public boolean isSecureNfcSupported(); field public static final String ACTION_ADAPTER_STATE_CHANGED = "android.nfc.action.ADAPTER_STATE_CHANGED"; diff --git a/core/api/system-current.txt b/core/api/system-current.txt index d6c03e0a3f1e..4c69b0e9b107 100644 --- a/core/api/system-current.txt +++ b/core/api/system-current.txt @@ -10216,6 +10216,7 @@ package android.nfc { method @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) public boolean disable(); method @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) public boolean disable(boolean); method @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) public boolean enable(); + method @FlaggedApi("android.nfc.enable_nfc_reader_option") @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) public boolean enableReaderOption(boolean); method @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) public boolean enableSecureNfc(boolean); method @NonNull @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) public java.util.Map<java.lang.String,java.lang.Boolean> getTagIntentAppPreferenceForUser(int); method @RequiresPermission(android.Manifest.permission.NFC_SET_CONTROLLER_ALWAYS_ON) public boolean isControllerAlwaysOn(); diff --git a/core/java/Android.bp b/core/java/Android.bp index 5091b52f7fd0..70864d532986 100644 --- a/core/java/Android.bp +++ b/core/java/Android.bp @@ -23,11 +23,6 @@ filegroup { visibility: ["//frameworks/base"], } -filegroup { - name: "IKeyAttestationApplicationIdProvider.aidl", - srcs: ["android/security/keymaster/IKeyAttestationApplicationIdProvider.aidl"], -} - aidl_library { name: "IDropBoxManagerService_aidl", srcs: [ diff --git a/core/java/android/content/pm/Signature.aidl b/core/java/android/content/pm/Signature.aidl deleted file mode 100644 index 36c127ad0384..000000000000 --- a/core/java/android/content/pm/Signature.aidl +++ /dev/null @@ -1,32 +0,0 @@ -/* //device/java/android/android/view/WindowManager.aidl -** -** Copyright 2007, The Android Open Source Project -** -** Licensed under the Apache License, Version 2.0 (the "License"); -** you may not use this file except in compliance with the License. -** You may obtain a copy of the License at -** -** http://www.apache.org/licenses/LICENSE-2.0 -** -** Unless required by applicable law or agreed to in writing, software -** distributed under the License is distributed on an "AS IS" BASIS, -** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -** See the License for the specific language governing permissions and -** limitations under the License. -*/ - -package android.content.pm; - -/* For the key attestation application id provider service we needed a native implementation - * of the Signature parcelable because the service is used by the native keystore. - * The native implementation is now located at - * system/security/keystore/Signature.cpp - * and - * system/security/keystore/include/keystore/Signature.h. - * and can be used by linking against libkeystore_binder. - * - * This is not the best arrangement. If you, dear reader, happen to implement native implementations - * for the package manager's parcelables, consider moving Signature.cpp/.h to your library and - * adjust keystore's dependencies accordingly. Thank you. - */ -parcelable Signature cpp_header "keystore/Signature.h"; diff --git a/core/java/android/nfc/INfcAdapter.aidl b/core/java/android/nfc/INfcAdapter.aidl index a6d8cafe8263..0c95c2ec7a7a 100644 --- a/core/java/android/nfc/INfcAdapter.aidl +++ b/core/java/android/nfc/INfcAdapter.aidl @@ -79,4 +79,9 @@ interface INfcAdapter Map getTagIntentAppPreferenceForUser(int userId); @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)") int setTagIntentAppPreferenceForUser(int userId, String pkg, boolean allow); + + boolean isReaderOptionEnabled(); + boolean isReaderOptionSupported(); + @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS)") + boolean enableReaderOption(boolean enable); } diff --git a/core/java/android/nfc/NfcAdapter.java b/core/java/android/nfc/NfcAdapter.java index 1307dfc2665e..46586308e3cf 100644 --- a/core/java/android/nfc/NfcAdapter.java +++ b/core/java/android/nfc/NfcAdapter.java @@ -17,6 +17,7 @@ package android.nfc; import android.annotation.CallbackExecutor; +import android.annotation.FlaggedApi; import android.annotation.IntDef; import android.annotation.NonNull; import android.annotation.Nullable; @@ -1826,6 +1827,97 @@ public final class NfcAdapter { } /** + * Sets NFC Reader option feature. + * <p>This API is for the Settings application. + * @return True if successful + * @hide + */ + @SystemApi + @FlaggedApi(Flags.FLAG_ENABLE_NFC_READER_OPTION) + @RequiresPermission(android.Manifest.permission.WRITE_SECURE_SETTINGS) + public boolean enableReaderOption(boolean enable) { + if (!sHasNfcFeature) { + throw new UnsupportedOperationException(); + } + try { + return sService.enableReaderOption(enable); + } catch (RemoteException e) { + attemptDeadServiceRecovery(e); + // Try one more time + if (sService == null) { + Log.e(TAG, "Failed to recover NFC Service."); + return false; + } + try { + return sService.enableReaderOption(enable); + } catch (RemoteException ee) { + Log.e(TAG, "Failed to recover NFC Service."); + } + return false; + } + } + + /** + * Checks if the device supports NFC Reader option functionality. + * + * @return True if device supports NFC Reader option, false otherwise + * @throws UnsupportedOperationException if FEATURE_NFC is unavailable. + */ + @FlaggedApi(Flags.FLAG_ENABLE_NFC_READER_OPTION) + public boolean isReaderOptionSupported() { + if (!sHasNfcFeature) { + throw new UnsupportedOperationException(); + } + try { + return sService.isReaderOptionSupported(); + } catch (RemoteException e) { + attemptDeadServiceRecovery(e); + // Try one more time + if (sService == null) { + Log.e(TAG, "Failed to recover NFC Service."); + return false; + } + try { + return sService.isReaderOptionSupported(); + } catch (RemoteException ee) { + Log.e(TAG, "Failed to recover NFC Service."); + } + return false; + } + } + + /** + * Checks NFC Reader option feature is enabled. + * + * @return True if NFC Reader option is enabled, false otherwise + * @throws UnsupportedOperationException if FEATURE_NFC is unavailable. + * @throws UnsupportedOperationException if device doesn't support + * NFC Reader option functionality. {@link #isReaderOptionSupported} + */ + @FlaggedApi(Flags.FLAG_ENABLE_NFC_READER_OPTION) + public boolean isReaderOptionEnabled() { + if (!sHasNfcFeature) { + throw new UnsupportedOperationException(); + } + try { + return sService.isReaderOptionEnabled(); + } catch (RemoteException e) { + attemptDeadServiceRecovery(e); + // Try one more time + if (sService == null) { + Log.e(TAG, "Failed to recover NFC Service."); + return false; + } + try { + return sService.isReaderOptionEnabled(); + } catch (RemoteException ee) { + Log.e(TAG, "Failed to recover NFC Service."); + } + return false; + } + } + + /** * Enable NDEF Push feature. * <p>This API is for the Settings application. * @hide diff --git a/core/java/android/nfc/flags.aconfig b/core/java/android/nfc/flags.aconfig index e3faf3978856..55b0b4261763 100644 --- a/core/java/android/nfc/flags.aconfig +++ b/core/java/android/nfc/flags.aconfig @@ -6,3 +6,10 @@ flag { description: "Flag for NFC mainline changes" bug: "292140387" } + +flag { + name: "enable_nfc_reader_option" + namespace: "nfc" + description: "Flag for NFC reader option API changes" + bug: "291187960" +} diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index baeb1aa71207..9cdb9cefdc43 100644 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -10442,20 +10442,6 @@ public final class Settings { "assist_long_press_home_enabled"; /** - * Control whether Trust Agents are in active unlock or extend unlock mode. - * @hide - */ - @Readable - public static final String TRUST_AGENTS_EXTEND_UNLOCK = "trust_agents_extend_unlock"; - - /** - * Control whether the screen locks when trust is lost. - * @hide - */ - @Readable - public static final String LOCK_SCREEN_WHEN_TRUST_LOST = "lock_screen_when_trust_lost"; - - /** * Control whether Night display is currently activated. * @hide */ diff --git a/core/java/android/security/keymaster/KeyAttestationApplicationId.java b/core/java/android/security/keymaster/KeyAttestationApplicationId.java deleted file mode 100644 index 670f30e1b04b..000000000000 --- a/core/java/android/security/keymaster/KeyAttestationApplicationId.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.keymaster; - -import android.os.Parcel; -import android.os.Parcelable; - -/** - * @hide - * The information aggregated by this class is used by keystore to identify a caller of the - * keystore API toward a remote party. It aggregates multiple PackageInfos because keystore - * can only determine a caller by uid granularity, and a uid can be shared by multiple packages. - * The remote party must decide if it trusts all of the packages enough to consider the - * confidentiality of the key material in question intact. - */ -public class KeyAttestationApplicationId implements Parcelable { - private final KeyAttestationPackageInfo[] mAttestationPackageInfos; - - /** - * @param mAttestationPackageInfos - */ - public KeyAttestationApplicationId(KeyAttestationPackageInfo[] mAttestationPackageInfos) { - super(); - this.mAttestationPackageInfos = mAttestationPackageInfos; - } - - /** - * @return the mAttestationPackageInfos - */ - public KeyAttestationPackageInfo[] getAttestationPackageInfos() { - return mAttestationPackageInfos; - } - - @Override - public int describeContents() { - return 0; - } - - @Override - public void writeToParcel(Parcel dest, int flags) { - dest.writeTypedArray(mAttestationPackageInfos, flags); - } - - public static final @android.annotation.NonNull Parcelable.Creator<KeyAttestationApplicationId> CREATOR - = new Parcelable.Creator<KeyAttestationApplicationId>() { - @Override - public KeyAttestationApplicationId createFromParcel(Parcel source) { - return new KeyAttestationApplicationId(source); - } - - @Override - public KeyAttestationApplicationId[] newArray(int size) { - return new KeyAttestationApplicationId[size]; - } - }; - - KeyAttestationApplicationId(Parcel source) { - mAttestationPackageInfos = source.createTypedArray(KeyAttestationPackageInfo.CREATOR); - } -} diff --git a/core/java/android/security/keymaster/KeyAttestationPackageInfo.java b/core/java/android/security/keymaster/KeyAttestationPackageInfo.java deleted file mode 100644 index c0b8d8dfd4d9..000000000000 --- a/core/java/android/security/keymaster/KeyAttestationPackageInfo.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.keymaster; - -import android.content.pm.Signature; -import android.os.Parcel; -import android.os.Parcelable; - -/** - * @hide - * This class constitutes and excerpt from the PackageManager's PackageInfo for the purpose of - * key attestation. It is part of the KeyAttestationApplicationId, which is used by - * keystore to identify the caller of the keystore API towards a remote party. - */ -public class KeyAttestationPackageInfo implements Parcelable { - private final String mPackageName; - private final long mPackageVersionCode; - private final Signature[] mPackageSignatures; - - /** - * @param mPackageName - * @param mPackageVersionCode - * @param mPackageSignatures - */ - public KeyAttestationPackageInfo( - String mPackageName, long mPackageVersionCode, Signature[] mPackageSignatures) { - super(); - this.mPackageName = mPackageName; - this.mPackageVersionCode = mPackageVersionCode; - this.mPackageSignatures = mPackageSignatures; - } - /** - * @return the mPackageName - */ - public String getPackageName() { - return mPackageName; - } - /** - * @return the mPackageVersionCode - */ - public long getPackageVersionCode() { - return mPackageVersionCode; - } - /** - * @return the mPackageSignatures - */ - public Signature[] getPackageSignatures() { - return mPackageSignatures; - } - - @Override - public int describeContents() { - return 0; - } - - @Override - public void writeToParcel(Parcel dest, int flags) { - dest.writeString(mPackageName); - dest.writeLong(mPackageVersionCode); - dest.writeTypedArray(mPackageSignatures, flags); - } - - public static final @android.annotation.NonNull Parcelable.Creator<KeyAttestationPackageInfo> CREATOR - = new Parcelable.Creator<KeyAttestationPackageInfo>() { - @Override - public KeyAttestationPackageInfo createFromParcel(Parcel source) { - return new KeyAttestationPackageInfo(source); - } - - @Override - public KeyAttestationPackageInfo[] newArray(int size) { - return new KeyAttestationPackageInfo[size]; - } - }; - - private KeyAttestationPackageInfo(Parcel source) { - mPackageName = source.readString(); - mPackageVersionCode = source.readLong(); - mPackageSignatures = source.createTypedArray(Signature.CREATOR); - } -} diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index dc28fa45794c..a1f8de41cfce 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -171,7 +171,6 @@ public class LockPatternUtils { */ public static final int USER_FRP = UserHandle.USER_NULL + 1; - public final static String PATTERN_EVER_CHOSEN_KEY = "lockscreen.patterneverchosen"; public final static String PASSWORD_TYPE_KEY = "lockscreen.password_type"; @Deprecated public final static String PASSWORD_TYPE_ALTERNATE_KEY = "lockscreen.password_type_alternate"; @@ -597,16 +596,6 @@ public class LockPatternUtils { } /** - * Return true if the user has ever chosen a pattern. This is true even if the pattern is - * currently cleared. - * - * @return True if the user has ever chosen a pattern. - */ - public boolean isPatternEverChosen(int userId) { - return getBoolean(PATTERN_EVER_CHOSEN_KEY, false, userId); - } - - /** * Returns the length of the PIN set by a particular user. * @param userId user id of the user whose pin length we have to return * @return @@ -639,13 +628,6 @@ public class LockPatternUtils { return false; } } - /** - * Records that the user has chosen a pattern at some time, even if the pattern is - * currently cleared. - */ - public void reportPatternWasChosen(int userId) { - setBoolean(PATTERN_EVER_CHOSEN_KEY, true, userId); - } /** * Used by device policy manager to validate the current password diff --git a/keystore/aaid/aidl/Android.bp b/keystore/aaid/aidl/Android.bp new file mode 100644 index 000000000000..97acfb4ea4c3 --- /dev/null +++ b/keystore/aaid/aidl/Android.bp @@ -0,0 +1,31 @@ +// Copyright 2020, The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +aidl_interface { + name: "android.security.aaid_aidl", + srcs: ["android/security/keystore/*.aidl"], + unstable: true, + backend: { + rust: { + enabled: true, + }, + cpp: { + enabled: true, + }, + }, +} diff --git a/core/java/android/security/keymaster/IKeyAttestationApplicationIdProvider.aidl b/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl index dbffd5f57ce2..c360cb8f281a 100644 --- a/core/java/android/security/keymaster/IKeyAttestationApplicationIdProvider.aidl +++ b/keystore/aaid/aidl/android/security/keystore/IKeyAttestationApplicationIdProvider.aidl @@ -1,5 +1,5 @@ /** - * Copyright (c) 2016, The Android Open Source Project + * Copyright (c) 2023, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,19 +14,15 @@ * limitations under the License. */ -package android.security.keymaster; +package android.security.keystore; -import android.security.keymaster.KeyAttestationApplicationId; -import android.security.keymaster.KeyAttestationPackageInfo; -import android.content.pm.Signature; +import android.security.keystore.KeyAttestationApplicationId; -/** - * This must be kept manually in sync with system/security/keystore until AIDL - * can generate both Java and C++ bindings. - * - * @hide - */ +/** @hide */ interface IKeyAttestationApplicationIdProvider { - /* keep in sync with /system/security/keystore/keystore_attestation_id.cpp */ + /** + * Provides information describing the possible applications identified by a UID. + * @hide + */ KeyAttestationApplicationId getKeyAttestationApplicationId(int uid); } diff --git a/keystore/aaid/aidl/android/security/keystore/KeyAttestationApplicationId.aidl b/keystore/aaid/aidl/android/security/keystore/KeyAttestationApplicationId.aidl new file mode 100644 index 000000000000..c33e8309b2f2 --- /dev/null +++ b/keystore/aaid/aidl/android/security/keystore/KeyAttestationApplicationId.aidl @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2023, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.keystore; + +import android.security.keystore.KeyAttestationPackageInfo; + +/** + * @hide + * The information aggregated by this parcelable is used by keystore to identify a caller of the + * keystore API toward a remote party. It aggregates multiple PackageInfos because keystore + * can only determine a caller by uid granularity, and a uid can be shared by multiple packages. + * The remote party must decide if it trusts all of the packages enough to consider the + * confidentiality of the key material in question intact. + */ +parcelable KeyAttestationApplicationId { + KeyAttestationPackageInfo[] packageInfos; +} diff --git a/core/java/android/security/keymaster/KeyAttestationPackageInfo.aidl b/keystore/aaid/aidl/android/security/keystore/KeyAttestationPackageInfo.aidl index f8b843bc032f..5f647d0b1abe 100644 --- a/core/java/android/security/keymaster/KeyAttestationPackageInfo.aidl +++ b/keystore/aaid/aidl/android/security/keystore/KeyAttestationPackageInfo.aidl @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, The Android Open Source Project + * Copyright (c) 2023, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,9 +14,20 @@ * limitations under the License. */ -package android.security.keymaster; +package android.security.keystore; -/* The cpp_header is relative to system/security/keystore/include - * Link against libkeystore_binder to make use of the native implementation of this Parcelable. +import android.security.keystore.Signature; + +/** + * @hide + * This parcelable constitutes and excerpt from the PackageManager's PackageInfo for the purpose of + * key attestation. It is part of the KeyAttestationApplicationId, which is used by + * keystore to identify the caller of the keystore API towards a remote party. */ -parcelable KeyAttestationPackageInfo cpp_header "keystore/KeyAttestationPackageInfo.h"; +parcelable KeyAttestationPackageInfo { + String packageName; + + long versionCode; + + Signature[] signatures; +} diff --git a/core/java/android/security/keymaster/KeyAttestationApplicationId.aidl b/keystore/aaid/aidl/android/security/keystore/Signature.aidl index 9f6ff58ed5ce..800499a13355 100644 --- a/core/java/android/security/keymaster/KeyAttestationApplicationId.aidl +++ b/keystore/aaid/aidl/android/security/keystore/Signature.aidl @@ -14,9 +14,18 @@ * limitations under the License. */ -package android.security.keymaster; +package android.security.keystore; -/* The cpp_header is relative to system/security/keystore/include - * Link against libkeystore_binder to make use of the native implementation of this Parcelable. +/** + * @hide + * Represents a signature data read from the package file. Extracted from from the PackageManager's + * PackageInfo for the purpose of key attestation. It is part of the KeyAttestationPackageInfo, + * which is used by keystore to identify the caller of the keystore API towards a remote party. */ -parcelable KeyAttestationApplicationId cpp_header "keystore/KeyAttestationApplicationId.h"; +parcelable Signature { + /** + * Represents signing certificate data associated with application package, signatures are + * expected to be a hex-encoded ASCII string representing valid X509 certificate. + */ + byte[] data; +} diff --git a/media/java/android/media/AudioAttributes.java b/media/java/android/media/AudioAttributes.java index b0cdb0554c11..1d668681f80c 100644 --- a/media/java/android/media/AudioAttributes.java +++ b/media/java/android/media/AudioAttributes.java @@ -875,18 +875,7 @@ public final class AudioAttributes implements Parcelable { /** * Sets the attribute describing what is the intended use of the audio signal, * such as alarm or ringtone. - * @param usage one of {@link AttributeSdkUsage#USAGE_UNKNOWN}, - * {@link AttributeSdkUsage#USAGE_MEDIA}, - * {@link AttributeSdkUsage#USAGE_VOICE_COMMUNICATION}, - * {@link AttributeSdkUsage#USAGE_VOICE_COMMUNICATION_SIGNALLING}, - * {@link AttributeSdkUsage#USAGE_ALARM}, {@link AudioAttributes#USAGE_NOTIFICATION}, - * {@link AttributeSdkUsage#USAGE_NOTIFICATION_RINGTONE}, - * {@link AttributeSdkUsage#USAGE_NOTIFICATION_EVENT}, - * {@link AttributeSdkUsage#USAGE_ASSISTANT}, - * {@link AttributeSdkUsage#USAGE_ASSISTANCE_ACCESSIBILITY}, - * {@link AttributeSdkUsage#USAGE_ASSISTANCE_NAVIGATION_GUIDANCE}, - * {@link AttributeSdkUsage#USAGE_ASSISTANCE_SONIFICATION}, - * {@link AttributeSdkUsage#USAGE_GAME}. + * @param usage the usage to set. * @return the same Builder instance. */ public Builder setUsage(@AttributeSdkUsage int usage) { diff --git a/media/java/android/media/AudioMetadata.java b/media/java/android/media/AudioMetadata.java index 0f962f9e9d4b..4e61549a5e5a 100644 --- a/media/java/android/media/AudioMetadata.java +++ b/media/java/android/media/AudioMetadata.java @@ -226,16 +226,15 @@ public final class AudioMetadata { * * An Integer value representing presentation content classifier. * - * @see AudioPresentation.ContentClassifier - * One of {@link AudioPresentation#CONTENT_UNKNOWN}, - * {@link AudioPresentation#CONTENT_MAIN}, - * {@link AudioPresentation#CONTENT_MUSIC_AND_EFFECTS}, - * {@link AudioPresentation#CONTENT_VISUALLY_IMPAIRED}, - * {@link AudioPresentation#CONTENT_HEARING_IMPAIRED}, - * {@link AudioPresentation#CONTENT_DIALOG}, - * {@link AudioPresentation#CONTENT_COMMENTARY}, - * {@link AudioPresentation#CONTENT_EMERGENCY}, - * {@link AudioPresentation#CONTENT_VOICEOVER}. + * @see AudioPresentation#CONTENT_UNKNOWN + * @see AudioPresentation#CONTENT_MAIN + * @see AudioPresentation#CONTENT_MUSIC_AND_EFFECTS + * @see AudioPresentation#CONTENT_VISUALLY_IMPAIRED + * @see AudioPresentation#CONTENT_HEARING_IMPAIRED + * @see AudioPresentation#CONTENT_DIALOG + * @see AudioPresentation#CONTENT_COMMENTARY + * @see AudioPresentation#CONTENT_EMERGENCY + * @see AudioPresentation#CONTENT_VOICEOVER */ @NonNull public static final Key<Integer> KEY_PRESENTATION_CONTENT_CLASSIFIER = createKey("presentation-content-classifier", Integer.class); diff --git a/media/java/android/media/tv/SectionRequest.java b/media/java/android/media/tv/SectionRequest.java index 078e83222e4e..ec0d7f7a2ce4 100644 --- a/media/java/android/media/tv/SectionRequest.java +++ b/media/java/android/media/tv/SectionRequest.java @@ -81,7 +81,7 @@ public final class SectionRequest extends BroadcastInfoRequest implements Parcel /** * Gets the version number of requested session. If it is null, value will be -1. * <p>The consistency of version numbers between request and response depends on - * {@link BroadcastInfoRequest.RequestOption}. If the request has RequestOption value + * {@link BroadcastInfoRequest#getOption()}. If the request has RequestOption value * REQUEST_OPTION_AUTO_UPDATE, then the response may be set to the latest version which may be * different from the version of the request. Otherwise, response with a different version from * its request will be considered invalid. diff --git a/media/java/android/media/tv/SectionResponse.java b/media/java/android/media/tv/SectionResponse.java index f38ea9dfac99..10333fe424a6 100644 --- a/media/java/android/media/tv/SectionResponse.java +++ b/media/java/android/media/tv/SectionResponse.java @@ -76,7 +76,7 @@ public final class SectionResponse extends BroadcastInfoResponse implements Parc /** * Gets the Version number of requested session. If it is null, value will be -1. * <p>The consistency of version numbers between request and response depends on - * {@link BroadcastInfoRequest.RequestOption}. If the request has RequestOption value + * {@link BroadcastInfoRequest#getOption()}. If the request has RequestOption value * REQUEST_OPTION_AUTO_UPDATE, then the response may be set to the latest version which may be * different from the version of the request. Otherwise, response with a different version from * its request will be considered invalid. diff --git a/media/java/android/media/tv/TableRequest.java b/media/java/android/media/tv/TableRequest.java index d9587f6ac089..06df07fbc899 100644 --- a/media/java/android/media/tv/TableRequest.java +++ b/media/java/android/media/tv/TableRequest.java @@ -129,7 +129,7 @@ public final class TableRequest extends BroadcastInfoRequest implements Parcelab /** * Gets the version number of requested table. If it is null, value will be -1. * <p>The consistency of version numbers between request and response depends on - * {@link BroadcastInfoRequest.RequestOption}. If the request has RequestOption value + * {@link BroadcastInfoRequest#getOption()}. If the request has RequestOption value * REQUEST_OPTION_AUTO_UPDATE, then the response may be set to the latest version which may be * different from the version of the request. Otherwise, response with a different version from * its request will be considered invalid. diff --git a/media/java/android/media/tv/TableResponse.java b/media/java/android/media/tv/TableResponse.java index c4fc26ef1932..1daf452fa422 100644 --- a/media/java/android/media/tv/TableResponse.java +++ b/media/java/android/media/tv/TableResponse.java @@ -269,7 +269,7 @@ public final class TableResponse extends BroadcastInfoResponse implements Parcel /** * Gets the version number of requested table. If it is null, value will be -1. * <p>The consistency of version numbers between request and response depends on - * {@link BroadcastInfoRequest.RequestOption}. If the request has RequestOption value + * {@link BroadcastInfoRequest#getOption()}. If the request has RequestOption value * REQUEST_OPTION_AUTO_UPDATE, then the response may be set to the latest version which may be * different from the version of the request. Otherwise, response with a different version from * its request will be considered invalid. diff --git a/packages/SettingsProvider/src/android/provider/settings/backup/SecureSettings.java b/packages/SettingsProvider/src/android/provider/settings/backup/SecureSettings.java index 3efb41dbfe5c..cf26937cbd88 100644 --- a/packages/SettingsProvider/src/android/provider/settings/backup/SecureSettings.java +++ b/packages/SettingsProvider/src/android/provider/settings/backup/SecureSettings.java @@ -163,12 +163,10 @@ public class SecureSettings { Settings.Secure.CHARGING_VIBRATION_ENABLED, Settings.Secure.ACCESSIBILITY_NON_INTERACTIVE_UI_TIMEOUT_MS, Settings.Secure.ACCESSIBILITY_INTERACTIVE_UI_TIMEOUT_MS, - Settings.Secure.TRUST_AGENTS_EXTEND_UNLOCK, Settings.Secure.UI_NIGHT_MODE, Settings.Secure.UI_NIGHT_MODE_CUSTOM_TYPE, Settings.Secure.DARK_THEME_CUSTOM_START_TIME, Settings.Secure.DARK_THEME_CUSTOM_END_TIME, - Settings.Secure.LOCK_SCREEN_WHEN_TRUST_LOST, Settings.Secure.SKIP_DIRECTION, Settings.Secure.THEME_CUSTOMIZATION_OVERLAY_PACKAGES, Settings.Secure.BACK_GESTURE_INSET_SCALE_LEFT, diff --git a/packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java b/packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java index f6c2f6918739..f78f2028d7b6 100644 --- a/packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java +++ b/packages/SettingsProvider/src/android/provider/settings/validators/SecureSettingsValidators.java @@ -242,9 +242,7 @@ public class SecureSettingsValidators { Secure.ACCESSIBILITY_INTERACTIVE_UI_TIMEOUT_MS, NON_NEGATIVE_INTEGER_VALIDATOR); VALIDATORS.put(Secure.USER_SETUP_COMPLETE, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.ASSIST_GESTURE_SETUP_COMPLETE, BOOLEAN_VALIDATOR); - VALIDATORS.put(Secure.TRUST_AGENTS_EXTEND_UNLOCK, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.LOCK_SCREEN_CUSTOM_CLOCK_FACE, JSON_OBJECT_VALIDATOR); - VALIDATORS.put(Secure.LOCK_SCREEN_WHEN_TRUST_LOST, BOOLEAN_VALIDATOR); VALIDATORS.put(Secure.SKIP_GESTURE, BOOLEAN_VALIDATOR); /* * Only used if FeatureFlag "settings_skip_direction_mutable" is enabled. diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsBackupAgent.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsBackupAgent.java index b404465a8cce..b19d3495c217 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsBackupAgent.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsBackupAgent.java @@ -961,7 +961,6 @@ public class SettingsBackupAgent extends BackupAgentHelper { lockPatternUtils.setOwnerInfo(value, userId); break; case KEY_LOCK_SETTINGS_VISIBLE_PATTERN_ENABLED: - lockPatternUtils.reportPatternWasChosen(userId); lockPatternUtils.setVisiblePatternEnabled("1".equals(value), userId); break; case KEY_LOCK_SETTINGS_POWER_BUTTON_INSTANTLY_LOCKS: diff --git a/services/core/Android.bp b/services/core/Android.bp index 4e412bbe67df..9ac30f334d0b 100644 --- a/services/core/Android.bp +++ b/services/core/Android.bp @@ -180,6 +180,7 @@ java_library_static { "android.hidl.manager-V1.2-java", "cbor-java", "icu4j_calendar_astronomer", + "android.security.aaid_aidl-java", "netd-client", "overlayable_policy_aidl-java", "SurfaceFlingerProperties", diff --git a/services/core/java/com/android/server/content/SyncStorageEngine.java b/services/core/java/com/android/server/content/SyncStorageEngine.java index b890bbd65b95..eae417e1e838 100644 --- a/services/core/java/com/android/server/content/SyncStorageEngine.java +++ b/services/core/java/com/android/server/content/SyncStorageEngine.java @@ -1845,7 +1845,7 @@ public class SyncStorageEngine { private void parseListenForTickles(TypedXmlPullParser parser) { int userId = 0; try { - parser.getAttributeInt(null, XML_ATTR_USER); + userId = parser.getAttributeInt(null, XML_ATTR_USER); } catch (XmlPullParserException e) { Slog.e(TAG, "error parsing the user for listen-for-tickles", e); } diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index ff959decac33..8547c96e13af 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -1767,10 +1767,6 @@ public class LockSettingsService extends ILockSettings.Stub { } private void onPostPasswordChanged(LockscreenCredential newCredential, int userHandle) { - if (newCredential.isPattern()) { - setBoolean(LockPatternUtils.PATTERN_EVER_CHOSEN_KEY, true, userHandle); - } - updatePasswordHistory(newCredential, userHandle); mContext.getSystemService(TrustManager.class).reportEnabledTrustAgentsChanged(userHandle); } diff --git a/services/core/java/com/android/server/om/OverlayManagerService.java b/services/core/java/com/android/server/om/OverlayManagerService.java index 2f9536ff6427..23532c1b4eb3 100644 --- a/services/core/java/com/android/server/om/OverlayManagerService.java +++ b/services/core/java/com/android/server/om/OverlayManagerService.java @@ -261,6 +261,8 @@ public final class OverlayManagerService extends SystemService { private final OverlayActorEnforcer mActorEnforcer; + private int mPrevStartedUserId = -1; + public OverlayManagerService(@NonNull final Context context) { super(context); try { @@ -338,6 +340,10 @@ public final class OverlayManagerService extends SystemService { } private void onStartUser(@UserIdInt int newUserId) { + // Do nothing when start a user that is the same as the one started previously. + if (newUserId == mPrevStartedUserId) { + return; + } try { traceBegin(TRACE_TAG_RRO, "OMS#onStartUser " + newUserId); // ensure overlays in the settings are up-to-date, and propagate @@ -348,6 +354,7 @@ public final class OverlayManagerService extends SystemService { } finally { traceEnd(TRACE_TAG_RRO); } + mPrevStartedUserId = newUserId; } private static String[] getDefaultOverlayPackages() { diff --git a/services/core/java/com/android/server/pm/DexOptHelper.java b/services/core/java/com/android/server/pm/DexOptHelper.java index 39cd88810961..8bd2982d1ead 100644 --- a/services/core/java/com/android/server/pm/DexOptHelper.java +++ b/services/core/java/com/android/server/pm/DexOptHelper.java @@ -1050,7 +1050,7 @@ public final class DexOptHelper { context.unregisterReceiver(this); artManager.scheduleBackgroundDexoptJob(); } - }, new IntentFilter(Intent.ACTION_BOOT_COMPLETED)); + }, new IntentFilter(Intent.ACTION_LOCKED_BOOT_COMPLETED)); } /** diff --git a/services/core/java/com/android/server/pm/dex/ArtStatsLogUtils.java b/services/core/java/com/android/server/pm/dex/ArtStatsLogUtils.java index f0bf1ea80570..d0c346a63889 100644 --- a/services/core/java/com/android/server/pm/dex/ArtStatsLogUtils.java +++ b/services/core/java/com/android/server/pm/dex/ArtStatsLogUtils.java @@ -334,7 +334,10 @@ public class ArtStatsLogUtils { ArtStatsLog.BACKGROUND_DEXOPT_JOB_ENDED__STATUS__STATUS_UNKNOWN), cancellationReason, durationMs, - 0); // deprecated, used to be durationIncludingSleepMs + 0, // deprecated, used to be durationIncludingSleepMs + 0, // optimizedPackagesCount + 0, // packagesDependingOnBootClasspathCount + 0); // totalPackagesCount } } } diff --git a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java index c908acdd1d6c..d5bc91278aa8 100644 --- a/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java +++ b/services/core/java/com/android/server/security/KeyAttestationApplicationIdProviderService.java @@ -24,9 +24,10 @@ import android.content.pm.PackageManager.NameNotFoundException; import android.os.Binder; import android.os.RemoteException; import android.os.UserHandle; -import android.security.keymaster.IKeyAttestationApplicationIdProvider; -import android.security.keymaster.KeyAttestationApplicationId; -import android.security.keymaster.KeyAttestationPackageInfo; +import android.security.keystore.IKeyAttestationApplicationIdProvider; +import android.security.keystore.KeyAttestationApplicationId; +import android.security.keystore.KeyAttestationPackageInfo; +import android.security.keystore.Signature; /** * @hide @@ -64,14 +65,25 @@ public class KeyAttestationApplicationIdProviderService for (int i = 0; i < packageNames.length; ++i) { PackageInfo packageInfo = mPackageManager.getPackageInfoAsUser(packageNames[i], PackageManager.GET_SIGNATURES, userId); - keyAttestationPackageInfos[i] = new KeyAttestationPackageInfo(packageNames[i], - packageInfo.getLongVersionCode(), packageInfo.signatures); + KeyAttestationPackageInfo pInfo = new KeyAttestationPackageInfo(); + pInfo.packageName = new String(packageNames[i]); + pInfo.versionCode = packageInfo.getLongVersionCode(); + pInfo.signatures = new Signature[packageInfo.signatures.length]; + for (int index = 0; index < packageInfo.signatures.length; index++) { + Signature sign = new Signature(); + sign.data = packageInfo.signatures[index].toByteArray(); + pInfo.signatures[index] = sign; + } + + keyAttestationPackageInfos[i] = pInfo; } } catch (NameNotFoundException nnfe) { throw new RemoteException(nnfe.getMessage()); } finally { Binder.restoreCallingIdentity(token); } - return new KeyAttestationApplicationId(keyAttestationPackageInfos); + KeyAttestationApplicationId attestAppId = new KeyAttestationApplicationId(); + attestAppId.packageInfos = keyAttestationPackageInfos; + return attestAppId; } } diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 21bfdd87195d..635e11be3a16 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -31,7 +31,6 @@ import android.app.trust.ITrustListener; import android.app.trust.ITrustManager; import android.content.BroadcastReceiver; import android.content.ComponentName; -import android.content.ContentResolver; import android.content.Context; import android.content.Intent; import android.content.IntentFilter; @@ -42,11 +41,9 @@ import android.content.pm.UserInfo; import android.content.res.Resources; import android.content.res.TypedArray; import android.content.res.XmlResourceParser; -import android.database.ContentObserver; import android.graphics.drawable.Drawable; import android.hardware.biometrics.BiometricManager; import android.hardware.biometrics.BiometricSourceType; -import android.net.Uri; import android.os.Binder; import android.os.Build; import android.os.Bundle; @@ -237,7 +234,6 @@ public class TrustManagerService extends SystemService { mIdleTrustableTimeoutAlarmListenerForUser = new SparseArray<>(); private AlarmManager mAlarmManager; private final Object mAlarmLock = new Object(); - private final SettingsObserver mSettingsObserver; private final StrongAuthTracker mStrongAuthTracker; @@ -279,7 +275,6 @@ public class TrustManagerService extends SystemService { mLockPatternUtils = injector.getLockPatternUtils(); mStrongAuthTracker = new StrongAuthTracker(context, injector.getLooper()); mAlarmManager = (AlarmManager) mContext.getSystemService(Context.ALARM_SERVICE); - mSettingsObserver = new SettingsObserver(mHandler); } @Override @@ -307,103 +302,10 @@ public class TrustManagerService extends SystemService { } } - // Extend unlock config and logic - private final class SettingsObserver extends ContentObserver { - private final Uri TRUST_AGENTS_EXTEND_UNLOCK = - Settings.Secure.getUriFor(Settings.Secure.TRUST_AGENTS_EXTEND_UNLOCK); - - private final Uri LOCK_SCREEN_WHEN_TRUST_LOST = - Settings.Secure.getUriFor(Settings.Secure.LOCK_SCREEN_WHEN_TRUST_LOST); - - private final boolean mIsAutomotive; - private final ContentResolver mContentResolver; - private boolean mTrustAgentsNonrenewableTrust; - private boolean mLockWhenTrustLost; - - /** - * Creates a settings observer - * - * @param handler The handler to run {@link #onChange} on, or null if none. - */ - SettingsObserver(Handler handler) { - super(handler); - - PackageManager packageManager = getContext().getPackageManager(); - mIsAutomotive = packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE); - - mContentResolver = getContext().getContentResolver(); - updateContentObserver(); - } - - void updateContentObserver() { - mContentResolver.unregisterContentObserver(this); - mContentResolver.registerContentObserver(TRUST_AGENTS_EXTEND_UNLOCK, - false /* notifyForDescendents */, - this /* observer */, - mCurrentUser); - mContentResolver.registerContentObserver(LOCK_SCREEN_WHEN_TRUST_LOST, - false /* notifyForDescendents */, - this /* observer */, - mCurrentUser); - - // Update the value immediately - onChange(true /* selfChange */, TRUST_AGENTS_EXTEND_UNLOCK); - onChange(true /* selfChange */, LOCK_SCREEN_WHEN_TRUST_LOST); - } - - @Override - public void onChange(boolean selfChange, Uri uri) { - if (TRUST_AGENTS_EXTEND_UNLOCK.equals(uri)) { - // Smart lock should only grant non-renewable trust. The only exception is for - // automotive, where it can actively unlock the head unit. - int defaultValue = mIsAutomotive ? 0 : 1; - - mTrustAgentsNonrenewableTrust = - Settings.Secure.getIntForUser( - mContentResolver, - Settings.Secure.TRUST_AGENTS_EXTEND_UNLOCK, - defaultValue, - mCurrentUser) != 0; - } else if (LOCK_SCREEN_WHEN_TRUST_LOST.equals(uri)) { - mLockWhenTrustLost = - Settings.Secure.getIntForUser( - mContentResolver, - Settings.Secure.LOCK_SCREEN_WHEN_TRUST_LOST, - 0 /* default */, - mCurrentUser) != 0; - } - } - - boolean getTrustAgentsNonrenewableTrust() { - return mTrustAgentsNonrenewableTrust; - } - - boolean getLockWhenTrustLost() { - return mLockWhenTrustLost; - } - } - - private void maybeLockScreen(int userId) { - if (userId != mCurrentUser) { - return; - } - - if (mSettingsObserver.getLockWhenTrustLost()) { - if (DEBUG) Slog.d(TAG, "Locking device because trust was lost"); - try { - WindowManagerGlobal.getWindowManagerService().lockNow(null); - } catch (RemoteException e) { - Slog.e(TAG, "Error locking screen when trust was lost"); - } - - // If active unlocking is not allowed, cancel any pending trust timeouts because the - // screen is already locked. - TrustedTimeoutAlarmListener alarm = mTrustTimeoutAlarmListenerForUser.get(userId); - if (alarm != null && mSettingsObserver.getTrustAgentsNonrenewableTrust()) { - mAlarmManager.cancel(alarm); - alarm.setQueued(false /* isQueued */); - } - } + // Automotive head units can be unlocked by a trust agent, even when the agent doesn't use + // FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE. + private boolean isAutomotive() { + return getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE); } private void scheduleTrustTimeout(boolean override, boolean isTrustableTimeout) { @@ -600,12 +502,10 @@ public class TrustManagerService extends SystemService { synchronized (mUserTrustState) { wasTrusted = (mUserTrustState.get(userId) == TrustState.TRUSTED); wasTrustable = (mUserTrustState.get(userId) == TrustState.TRUSTABLE); - boolean isAutomotive = getContext().getPackageManager().hasSystemFeature( - PackageManager.FEATURE_AUTOMOTIVE); boolean renewingTrust = wasTrustable && ( (flags & TrustAgentService.FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) != 0); boolean canMoveToTrusted = - alreadyUnlocked || isFromUnlock || renewingTrust || isAutomotive; + alreadyUnlocked || isFromUnlock || renewingTrust || isAutomotive(); boolean upgradingTrustForCurrentUser = (userId == mCurrentUser); if (trustedByAtLeastOneAgent && wasTrusted) { @@ -632,9 +532,7 @@ public class TrustManagerService extends SystemService { isNowTrusted, newlyUnlocked, userId, flags, getTrustGrantedMessages(userId)); if (isNowTrusted != wasTrusted) { refreshDeviceLockedForUser(userId); - if (!isNowTrusted) { - maybeLockScreen(userId); - } else { + if (isNowTrusted) { boolean isTrustableTimeout = (flags & FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) != 0; // Every time we grant renewable trust we should override the idle trustable @@ -1855,9 +1753,7 @@ public class TrustManagerService extends SystemService { synchronized(mUsersUnlockedByBiometric) { mUsersUnlockedByBiometric.put(userId, true); } - // In non-renewable trust mode we need to refresh trust state here, which will call - // refreshDeviceLockedForUser() - int updateTrustOnUnlock = mSettingsObserver.getTrustAgentsNonrenewableTrust() ? 1 : 0; + int updateTrustOnUnlock = isAutomotive() ? 0 : 1; mHandler.obtainMessage(MSG_REFRESH_DEVICE_LOCKED_FOR_USER, userId, updateTrustOnUnlock).sendToTarget(); mHandler.obtainMessage(MSG_REFRESH_TRUSTABLE_TIMERS_AFTER_AUTH, userId).sendToTarget(); @@ -1966,7 +1862,6 @@ public class TrustManagerService extends SystemService { break; case MSG_SWITCH_USER: mCurrentUser = msg.arg1; - mSettingsObserver.updateContentObserver(); refreshDeviceLockedForUser(UserHandle.USER_ALL); break; case MSG_STOP_USER: @@ -2196,7 +2091,6 @@ public class TrustManagerService extends SystemService { mLockPatternUtils.requireStrongAuth( mStrongAuthTracker.SOME_AUTH_REQUIRED_AFTER_TRUSTAGENT_EXPIRED, mUserId); } - maybeLockScreen(mUserId); } protected abstract void handleAlarm(); |