diff options
| -rw-r--r-- | api/current.txt | 5 | ||||
| -rw-r--r-- | api/system-current.txt | 5 | ||||
| -rw-r--r-- | api/test-current.txt | 5 | ||||
| -rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 28 | ||||
| -rw-r--r-- | core/java/android/app/admin/IDevicePolicyManager.aidl | 3 | ||||
| -rw-r--r-- | core/java/android/auditing/SecurityLog.java | 30 | ||||
| -rw-r--r-- | core/java/android/auditing/SecurityLogTags.logtags | 13 | ||||
| -rw-r--r-- | packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java | 6 | ||||
| -rw-r--r-- | packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java | 12 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 27 |
10 files changed, 96 insertions, 38 deletions
diff --git a/api/current.txt b/api/current.txt index 7a2cbcee7eca..ebeaefc353fc 100644 --- a/api/current.txt +++ b/api/current.txt @@ -6516,8 +6516,9 @@ package android.auditing { field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452 field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451 field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455 - field public static final int TAG_DEVICE_LOCKED = 210007; // 0x33457 - field public static final int TAG_DEVICE_UNLOCK_ATTEMPT = 210006; // 0x33456 + field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456 + field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457 + field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458 field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453 field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454 } diff --git a/api/system-current.txt b/api/system-current.txt index f42a71aa8955..07e30a85d04b 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -6774,8 +6774,9 @@ package android.auditing { field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452 field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451 field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455 - field public static final int TAG_DEVICE_LOCKED = 210007; // 0x33457 - field public static final int TAG_DEVICE_UNLOCK_ATTEMPT = 210006; // 0x33456 + field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456 + field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457 + field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458 field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453 field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454 } diff --git a/api/test-current.txt b/api/test-current.txt index f668220fe290..ddb7dc98fa91 100644 --- a/api/test-current.txt +++ b/api/test-current.txt @@ -6518,8 +6518,9 @@ package android.auditing { field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452 field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451 field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455 - field public static final int TAG_DEVICE_LOCKED = 210007; // 0x33457 - field public static final int TAG_DEVICE_UNLOCK_ATTEMPT = 210006; // 0x33456 + field public static final int TAG_KEYGUARD_DISMISSED = 210006; // 0x33456 + field public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = 210007; // 0x33457 + field public static final int TAG_KEYGUARD_SECURED = 210008; // 0x33458 field public static final int TAG_SYNC_RECV_FILE = 210003; // 0x33453 field public static final int TAG_SYNC_SEND_FILE = 210004; // 0x33454 } diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index fef2a0e60806..a3c615db7eb3 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -2973,6 +2973,34 @@ public class DevicePolicyManager { } /** + * Should be called when keyguard has been dismissed. + * @hide + */ + public void reportKeyguardDismissed() { + if (mService != null) { + try { + mService.reportKeyguardDismissed(); + } catch (RemoteException e) { + Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e); + } + } + } + + /** + * Should be called when keyguard view has been shown to the user. + * @hide + */ + public void reportKeyguardSecured() { + if (mService != null) { + try { + mService.reportKeyguardSecured(); + } catch (RemoteException e) { + Log.w(TAG, REMOTE_EXCEPTION_MESSAGE, e); + } + } + } + + /** * @hide * Sets the given package as the device owner. * Same as {@link #setDeviceOwner(ComponentName, String)} but without setting a device owner name. diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 20d4a299d826..6333013612db 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -116,6 +116,9 @@ interface IDevicePolicyManager { void reportFailedPasswordAttempt(int userHandle); void reportSuccessfulPasswordAttempt(int userHandle); + void reportKeyguardDismissed(); + void reportKeyguardSecured(); + boolean setDeviceOwner(in ComponentName who, String ownerName, int userId); ComponentName getDeviceOwnerComponent(boolean callingUserOnly); String getDeviceOwnerName(); diff --git a/core/java/android/auditing/SecurityLog.java b/core/java/android/auditing/SecurityLog.java index 87dc1d85cd06..8d8d2f59c677 100644 --- a/core/java/android/auditing/SecurityLog.java +++ b/core/java/android/auditing/SecurityLog.java @@ -34,7 +34,8 @@ public class SecurityLog { /** @hide */ @Retention(RetentionPolicy.SOURCE) @IntDef({TAG_ADB_SHELL_INTERACTIVE, TAG_ADB_SHELL_CMD, TAG_SYNC_RECV_FILE, TAG_SYNC_SEND_FILE, - TAG_APP_PROCESS_START, TAG_DEVICE_UNLOCK_ATTEMPT, TAG_DEVICE_LOCKED}) + TAG_APP_PROCESS_START, TAG_KEYGUARD_DISMISSED, TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, + TAG_KEYGUARD_SECURED}) public @interface SECURITY_LOG_TAG {} /** @@ -68,21 +69,24 @@ public class SecurityLog { * seinfo tag (String), SHA-256 hash of the APK in hexadecimal (String) */ public static final int TAG_APP_PROCESS_START = SecurityLogTags.SECURITY_APP_PROCESS_START; - /** - * Indicate that there has been an attempt to unlock the device. The log entry contains the - * following information about the attempt in order, accessible via - * {@link SecurityEvent#getData()}}: unlock result (integer, 1 for successful unlock, 0 for - * unsuccessful), unlock method (String) + * Indicate that keyguard is being dismissed. + * There is no extra payload in the log event. */ - public static final int TAG_DEVICE_UNLOCK_ATTEMPT = - SecurityLogTags.SECURITY_DEVICE_UNLOCK_ATTEMPT; - + public static final int TAG_KEYGUARD_DISMISSED = + SecurityLogTags.SECURITY_KEYGUARD_DISMISSED; + /** + * Indicate that there has been an authentication attempt to dismiss the keyguard. The log entry + * contains the attempt result (integer, 1 for successful, 0 for unsuccessful), accessible via + * {@link SecurityEvent#getData()}} + */ + public static final int TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT = + SecurityLogTags.SECURITY_KEYGUARD_DISMISS_AUTH_ATTEMPT; /** * Indicate that the device has been locked, either by user or by timeout. + * There is no extra payload in the log event. */ - public static final int TAG_DEVICE_LOCKED = SecurityLogTags.SECURITY_DEVICE_LOCKED; - + public static final int TAG_KEYGUARD_SECURED = SecurityLogTags.SECURITY_KEYGUARD_SECURED; /** * Returns if device logging is enabled. Log producers should only write new logs if this is @@ -128,7 +132,9 @@ public class SecurityLog { * Returns the tag of this log entry, which specifies entry's semantics. * Could be one of {@link SecurityLog#TAG_SYNC_RECV_FILE}, * {@link SecurityLog#TAG_SYNC_SEND_FILE}, {@link SecurityLog#TAG_ADB_SHELL_CMD}, - * {@link SecurityLog#TAG_ADB_SHELL_INTERACTIVE}, {@link SecurityLog#TAG_APP_PROCESS_START}. + * {@link SecurityLog#TAG_ADB_SHELL_INTERACTIVE}, {@link SecurityLog#TAG_APP_PROCESS_START}, + * {@link SecurityLog#TAG_KEYGUARD_DISMISSED}, {@link SecurityLog#TAG_KEYGUARD_SECURED}, + * {@link SecurityLog#TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT}. */ public @SECURITY_LOG_TAG int getTag() { return mEvent.getTag(); diff --git a/core/java/android/auditing/SecurityLogTags.logtags b/core/java/android/auditing/SecurityLogTags.logtags index 455acff3048e..cf858940058b 100644 --- a/core/java/android/auditing/SecurityLogTags.logtags +++ b/core/java/android/auditing/SecurityLogTags.logtags @@ -3,9 +3,10 @@ option java_package android.auditing 210001 security_adb_shell_interactive -210002 security_adb_shell_command (command|3) -210003 security_adb_sync_recv (path|3) -210004 security_adb_sync_send (path|3) -210005 security_app_process_start (process|3),(start_time|2|3),(uid|1),(pid|1),(seinfo|3),(sha256|3) -210006 security_device_unlock_attempt (success|1),(method|3) -210007 security_device_locked
\ No newline at end of file +210002 security_adb_shell_command (command|3) +210003 security_adb_sync_recv (path|3) +210004 security_adb_sync_send (path|3) +210005 security_app_process_start (process|3),(start_time|2|3),(uid|1),(pid|1),(seinfo|3),(sha256|3) +210006 security_keyguard_dismissed +210007 security_keyguard_dismiss_auth_attempt (success|1) +210008 security_keyguard_secured diff --git a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java index c7d17dc221bf..409f6a700ff3 100644 --- a/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java +++ b/packages/Keyguard/src/com/android/keyguard/KeyguardSecurityContainer.java @@ -18,7 +18,6 @@ package com.android.keyguard; import android.app.Activity; import android.app.AlertDialog; import android.app.admin.DevicePolicyManager; -import android.auditing.SecurityLog; import android.content.Context; import android.os.UserHandle; import android.util.AttributeSet; @@ -424,11 +423,6 @@ public class KeyguardSecurityContainer extends FrameLayout implements KeyguardSe } public void reportUnlockAttempt(int userId, boolean success, int timeoutMs) { - if (SecurityLog.isLoggingEnabled()) { - SecurityLog.writeEvent(SecurityLog.TAG_DEVICE_UNLOCK_ATTEMPT, - (success ? 1 : 0), - mCurrentSecuritySelection.name()); - } KeyguardUpdateMonitor monitor = KeyguardUpdateMonitor.getInstance(mContext); if (success) { monitor.clearFailedUnlockAttempts(); diff --git a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java index 0475c72cabe2..958572fd4fd5 100644 --- a/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java +++ b/packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java @@ -24,7 +24,6 @@ import android.app.PendingIntent; import android.app.SearchManager; import android.app.StatusBarManager; import android.app.trust.TrustManager; -import android.auditing.SecurityLog; import android.content.BroadcastReceiver; import android.content.ContentResolver; import android.content.Context; @@ -1371,10 +1370,8 @@ public class KeyguardViewMediator extends SystemUI { * @see #KEYGUARD_DONE */ private void handleKeyguardDone(boolean authenticated) { - if (SecurityLog.isLoggingEnabled() - && mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) { - SecurityLog.writeEvent(SecurityLog.TAG_DEVICE_UNLOCK_ATTEMPT, - (authenticated ? 1 : 0), "Unknown"); + if (mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) { + mLockPatternUtils.getDevicePolicyManager().reportKeyguardDismissed(); } if (DEBUG) Log.d(TAG, "handleKeyguardDone"); synchronized (this) { @@ -1487,9 +1484,8 @@ public class KeyguardViewMediator extends SystemUI { * @see #SHOW */ private void handleShow(Bundle options) { - if (SecurityLog.isLoggingEnabled() - && mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) { - SecurityLog.writeEvent(SecurityLog.TAG_DEVICE_LOCKED, ""); + if (mLockPatternUtils.isSecure(KeyguardUpdateMonitor.getCurrentUser())) { + mLockPatternUtils.getDevicePolicyManager().reportKeyguardSecured(); } synchronized (KeyguardViewMediator.this) { if (!mSystemReady) { diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index b94e6d63f69e..236ae68eb569 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -49,6 +49,7 @@ import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.IDevicePolicyManager; import android.app.admin.SystemUpdatePolicy; import android.app.backup.IBackupManager; +import android.auditing.SecurityLog; import android.content.BroadcastReceiver; import android.content.ComponentName; import android.content.ContentResolver; @@ -4401,6 +4402,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } finally { mInjector.binderRestoreCallingIdentity(ident); } + + if (SecurityLog.isLoggingEnabled()) { + SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0); + } } @Override @@ -4427,6 +4432,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } + + if (SecurityLog.isLoggingEnabled()) { + SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1); + } + } + + @Override + public void reportKeyguardDismissed() { + mContext.enforceCallingOrSelfPermission( + android.Manifest.permission.BIND_DEVICE_ADMIN, null); + if (SecurityLog.isLoggingEnabled()) { + SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED); + } + } + + @Override + public void reportKeyguardSecured() { + mContext.enforceCallingOrSelfPermission( + android.Manifest.permission.BIND_DEVICE_ADMIN, null); + if (SecurityLog.isLoggingEnabled()) { + SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED); + } } @Override |