diff options
3 files changed, 38 insertions, 17 deletions
diff --git a/services/core/java/com/android/server/trust/TrustAgentWrapper.java b/services/core/java/com/android/server/trust/TrustAgentWrapper.java index d3748140a5a5..4b8c7c176fda 100644 --- a/services/core/java/com/android/server/trust/TrustAgentWrapper.java +++ b/services/core/java/com/android/server/trust/TrustAgentWrapper.java @@ -122,16 +122,9 @@ public class TrustAgentWrapper { if (!TrustManagerService.ENABLE_ACTIVE_UNLOCK_FLAG) { return; } - if (!mWaitingForTrustableDowngrade) { - return; - } // are these the broadcasts we want to listen to - if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction()) - || Intent.ACTION_USER_PRESENT.equals(intent.getAction())) { - mTrusted = false; - mTrustable = true; - mWaitingForTrustableDowngrade = false; - mTrustManagerService.updateTrust(mUserId, 0); + if (Intent.ACTION_SCREEN_OFF.equals(intent.getAction())) { + downgradeToTrustable(); } } }; @@ -480,8 +473,7 @@ public class TrustAgentWrapper { final String pathUri = mAlarmIntent.toUri(Intent.URI_INTENT_SCHEME); alarmFilter.addDataPath(pathUri, PatternMatcher.PATTERN_LITERAL); - IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_USER_PRESENT); - trustableFilter.addAction(Intent.ACTION_SCREEN_OFF); + IntentFilter trustableFilter = new IntentFilter(Intent.ACTION_SCREEN_OFF); // Schedules a restart for when connecting times out. If the connection succeeds, // the restart is canceled in mCallback's onConnected. @@ -668,6 +660,19 @@ public class TrustAgentWrapper { mTrustable = false; } + /** + * Downgrades the trustagent to trustable as a result of a keyguard or screen related event, and + * then updates the trust state of the phone to reflect the change. + */ + public void downgradeToTrustable() { + if (mWaitingForTrustableDowngrade) { + mWaitingForTrustableDowngrade = false; + mTrusted = false; + mTrustable = true; + mTrustManagerService.updateTrust(mUserId, 0); + } + } + public boolean isManagingTrust() { return mManagingTrust && !mTrustDisabledByDpm; } diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java index 8f4ddea1c30c..80ce70de2138 100644 --- a/services/core/java/com/android/server/trust/TrustManagerService.java +++ b/services/core/java/com/android/server/trust/TrustManagerService.java @@ -1184,6 +1184,22 @@ public class TrustManagerService extends SystemService { return false; } + /** + * We downgrade to trustable whenever keyguard changes its showing value. + * - becomes showing: something has caused the device to show keyguard which happens due to + * user intent to lock the device either through direct action or a timeout + * - becomes not showing: keyguard was dismissed and we no longer need to keep the device + * unlocked + * */ + private void dispatchTrustableDowngrade() { + for (int i = 0; i < mActiveAgents.size(); i++) { + AgentInfo info = mActiveAgents.valueAt(i); + if (info.userId == mCurrentUser) { + info.agent.downgradeToTrustable(); + } + } + } + private List<String> getTrustGrantedMessages(int userId) { if (!mStrongAuthTracker.isTrustAllowedForUser(userId)) { return new ArrayList<>(); @@ -1752,6 +1768,7 @@ public class TrustManagerService extends SystemService { refreshDeviceLockedForUser(UserHandle.USER_ALL); break; case MSG_KEYGUARD_SHOWING_CHANGED: + dispatchTrustableDowngrade(); refreshDeviceLockedForUser(mCurrentUser); break; case MSG_START_USER: diff --git a/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt b/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt index 3c6d54d24291..ae722477a2bc 100644 --- a/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt +++ b/tests/TrustTests/src/android/trust/test/TemporaryAndRenewableTrustTest.kt @@ -29,7 +29,7 @@ import androidx.test.ext.junit.rules.ActivityScenarioRule import androidx.test.ext.junit.runners.AndroidJUnit4 import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation import androidx.test.uiautomator.UiDevice -import com.google.common.truth.Truth.assertThat +import android.trust.test.lib.wait import org.junit.Before import org.junit.Rule import org.junit.Test @@ -74,9 +74,9 @@ class TemporaryAndRenewableTrustTest { uiDevice.sleep() lockStateTrackingRule.assertLocked() + uiDevice.wakeUp() trustAgentRule.agent.grantTrust( GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {} - uiDevice.wakeUp() lockStateTrackingRule.assertLocked() } @@ -98,9 +98,9 @@ class TemporaryAndRenewableTrustTest { lockStateTrackingRule.assertLocked() + uiDevice.wakeUp() trustAgentRule.agent.grantTrust( GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {} - uiDevice.wakeUp() lockStateTrackingRule.assertUnlocked() } @@ -116,6 +116,7 @@ class TemporaryAndRenewableTrustTest { uiDevice.sleep() lockStateTrackingRule.assertLocked() + uiDevice.wakeUp() Log.i(TAG, "Renewing trust and unlocking") var result: GrantTrustResult? = null @@ -124,10 +125,9 @@ class TemporaryAndRenewableTrustTest { Log.i(TAG, "Callback received; status=${it.status}") result = it } - uiDevice.wakeUp() lockStateTrackingRule.assertUnlocked() - assertThat(result?.status).isEqualTo(STATUS_UNLOCKED_BY_GRANT) + wait("callback triggered") { result?.status == STATUS_UNLOCKED_BY_GRANT } } @Test @@ -141,7 +141,6 @@ class TemporaryAndRenewableTrustTest { trustAgentRule.agent.revokeTrust() await(500) uiDevice.wakeUp() - await(500) trustAgentRule.agent.grantTrust( GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {} |