Merge "Implement device lock state listener" into main
diff --git a/core/api/current.txt b/core/api/current.txt
index a03f8c5..cbc3529 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -6235,6 +6235,7 @@
}
public class KeyguardManager {
+ method @FlaggedApi("android.app.device_unlock_listener") @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void addDeviceLockedStateListener(@NonNull java.util.concurrent.Executor, @NonNull android.app.KeyguardManager.DeviceLockedStateListener);
method @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void addKeyguardLockedStateListener(@NonNull java.util.concurrent.Executor, @NonNull android.app.KeyguardManager.KeyguardLockedStateListener);
method @Deprecated public android.content.Intent createConfirmDeviceCredentialIntent(CharSequence, CharSequence);
method @Deprecated @RequiresPermission(android.Manifest.permission.DISABLE_KEYGUARD) public void exitKeyguardSecurely(android.app.KeyguardManager.OnKeyguardExitResult);
@@ -6244,10 +6245,15 @@
method public boolean isKeyguardLocked();
method public boolean isKeyguardSecure();
method @Deprecated public android.app.KeyguardManager.KeyguardLock newKeyguardLock(String);
+ method @FlaggedApi("android.app.device_unlock_listener") @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void removeDeviceLockedStateListener(@NonNull android.app.KeyguardManager.DeviceLockedStateListener);
method @RequiresPermission(android.Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE) public void removeKeyguardLockedStateListener(@NonNull android.app.KeyguardManager.KeyguardLockedStateListener);
method public void requestDismissKeyguard(@NonNull android.app.Activity, @Nullable android.app.KeyguardManager.KeyguardDismissCallback);
}
+ @FlaggedApi("android.app.device_unlock_listener") @java.lang.FunctionalInterface public static interface KeyguardManager.DeviceLockedStateListener {
+ method public void onDeviceLockedStateChanged(boolean);
+ }
+
public abstract static class KeyguardManager.KeyguardDismissCallback {
ctor public KeyguardManager.KeyguardDismissCallback();
method public void onDismissCancelled();
diff --git a/core/java/android/app/KeyguardManager.java b/core/java/android/app/KeyguardManager.java
index 62820ad..67f7bee 100644
--- a/core/java/android/app/KeyguardManager.java
+++ b/core/java/android/app/KeyguardManager.java
@@ -18,6 +18,7 @@
import android.Manifest;
import android.annotation.CallbackExecutor;
+import android.annotation.FlaggedApi;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
@@ -52,7 +53,9 @@
import android.view.IWindowManager;
import android.view.WindowManagerGlobal;
+import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.internal.policy.IDeviceLockedStateListener;
import com.android.internal.policy.IKeyguardDismissCallback;
import com.android.internal.policy.IKeyguardLockedStateListener;
import com.android.internal.util.Preconditions;
@@ -253,6 +256,26 @@
private final ArrayMap<KeyguardLockedStateListener, Executor>
mKeyguardLockedStateListeners = new ArrayMap<>();
+ private final IDeviceLockedStateListener mIDeviceLockedStateListener =
+ new IDeviceLockedStateListener.Stub() {
+ @Override
+ public void onDeviceLockedStateChanged(boolean isDeviceLocked) {
+ if (!Flags.deviceUnlockListener()) {
+ return;
+ }
+ synchronized (mDeviceLockedStateListeners) {
+ mDeviceLockedStateListeners.forEach((listener, executor) -> {
+ executor.execute(
+ () -> listener.onDeviceLockedStateChanged(isDeviceLocked));
+ });
+ }
+ }
+ };
+
+ @GuardedBy("mDeviceLockedStateListeners")
+ private final ArrayMap<DeviceLockedStateListener, Executor>
+ mDeviceLockedStateListeners = new ArrayMap<>();
+
/**
* Get an intent to prompt the user to confirm credentials (pin, pattern, password or biometrics
* if enrolled) for the current user of the device. The caller is expected to launch this
@@ -1370,4 +1393,77 @@
}
}
}
+
+
+ /**
+ * Listener for device locked state changes.
+ */
+ @FunctionalInterface
+ @FlaggedApi(Flags.FLAG_DEVICE_UNLOCK_LISTENER)
+ public interface DeviceLockedStateListener {
+ /**
+ * Callback function that executes when the device locked state changes.
+ */
+ void onDeviceLockedStateChanged(boolean isDeviceLocked);
+ }
+
+
+ /**
+ * Registers a listener to execute when the device locked state changes.
+ *
+ * @param executor The {@link Executor} where the {@code listener} will be invoked
+ * @param listener The listener to add to receive device locked state changes.
+ *
+ * @see #isDeviceLocked()
+ * @see #removeDeviceLockedStateListener(DeviceLockedStateListener)
+ */
+ @RequiresPermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+ @FlaggedApi(Flags.FLAG_DEVICE_UNLOCK_LISTENER)
+ public void addDeviceLockedStateListener(@NonNull @CallbackExecutor Executor executor,
+ @NonNull DeviceLockedStateListener listener) {
+ if (!Flags.deviceUnlockListener()) {
+ return;
+ }
+
+ synchronized (mDeviceLockedStateListeners) {
+ mDeviceLockedStateListeners.put(listener, executor);
+ if (mDeviceLockedStateListeners.size() > 1) {
+ return;
+ }
+ try {
+ mTrustManager.registerDeviceLockedStateListener(mIDeviceLockedStateListener,
+ mContext.getDeviceId());
+ } catch (RemoteException re) {
+ Log.d(TAG, "TrustManager service died", re);
+ }
+ }
+ }
+
+ /**
+ * Unregisters a listener that executes when the device locked state changes.
+ *
+ * @param listener The listener to remove.
+ *
+ * @see #isDeviceLocked()
+ * @see #addDeviceLockedStateListener(Executor, DeviceLockedStateListener)
+ */
+ @RequiresPermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+ @FlaggedApi(Flags.FLAG_DEVICE_UNLOCK_LISTENER)
+ public void removeDeviceLockedStateListener(@NonNull DeviceLockedStateListener listener) {
+ if (!Flags.deviceUnlockListener()) {
+ return;
+ }
+
+ synchronized (mDeviceLockedStateListeners) {
+ mDeviceLockedStateListeners.remove(listener);
+ if (!mDeviceLockedStateListeners.isEmpty()) {
+ return;
+ }
+ try {
+ mTrustManager.unregisterDeviceLockedStateListener(mIDeviceLockedStateListener);
+ } catch (RemoteException re) {
+ Log.d(TAG, "TrustManager service died", re);
+ }
+ }
+ }
}
diff --git a/core/java/android/app/keyguard.aconfig b/core/java/android/app/keyguard.aconfig
new file mode 100644
index 0000000..9cd1c15
--- /dev/null
+++ b/core/java/android/app/keyguard.aconfig
@@ -0,0 +1,10 @@
+package: "android.app"
+container: "system"
+
+flag {
+ namespace: "wallet_integration"
+ name: "device_unlock_listener"
+ is_exported: true
+ description: "Enable listener API for device unlock."
+ bug: "296195355"
+}
\ No newline at end of file
diff --git a/core/java/android/app/trust/ITrustManager.aidl b/core/java/android/app/trust/ITrustManager.aidl
index 730bb73..ffa5488 100644
--- a/core/java/android/app/trust/ITrustManager.aidl
+++ b/core/java/android/app/trust/ITrustManager.aidl
@@ -18,6 +18,7 @@
import android.app.trust.ITrustListener;
import android.hardware.biometrics.BiometricSourceType;
+import com.android.internal.policy.IDeviceLockedStateListener;
/**
* System private API to comunicate with trust service.
@@ -43,4 +44,8 @@
boolean isActiveUnlockRunning(int userId);
@EnforcePermission("ACCESS_FINE_LOCATION")
boolean isInSignificantPlace();
+ @EnforcePermission("SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE")
+ void registerDeviceLockedStateListener(in IDeviceLockedStateListener listener, int deviceId);
+ @EnforcePermission("SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE")
+ void unregisterDeviceLockedStateListener(in IDeviceLockedStateListener listener);
}
diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index 1ef83cd..8c8970e 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -31,6 +31,8 @@
import android.os.RemoteException;
import android.util.ArrayMap;
+import com.android.internal.policy.IDeviceLockedStateListener;
+
import java.util.ArrayList;
import java.util.List;
@@ -259,6 +261,35 @@
}
/**
+ * Registers a listener for device lock state events.
+ *
+ * Requires the {@link android.Manifest.permission#SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE}
+ * permission.
+ */
+ public void registerDeviceLockedStateListener(final IDeviceLockedStateListener listener,
+ int deviceId) {
+ try {
+ mService.registerDeviceLockedStateListener(listener, deviceId);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+
+ /**
+ * Unregisters a listener for device lock state events.
+ *
+ * Requires the {@link android.Manifest.permission#SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE}
+ * permission.
+ */
+ public void unregisterDeviceLockedStateListener(final IDeviceLockedStateListener listener) {
+ try {
+ mService.unregisterDeviceLockedStateListener(listener);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+
+ /**
* @return whether {@param userId} has enabled and configured trust agents. Ignores short-term
* unavailability of trust due to {@link LockPatternUtils.StrongAuthTracker}.
*/
diff --git a/core/java/com/android/internal/policy/IDeviceLockedStateListener.aidl b/core/java/com/android/internal/policy/IDeviceLockedStateListener.aidl
new file mode 100644
index 0000000..cc626f6
--- /dev/null
+++ b/core/java/com/android/internal/policy/IDeviceLockedStateListener.aidl
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.internal.policy;
+
+oneway interface IDeviceLockedStateListener {
+ void onDeviceLockedStateChanged(boolean isDeviceLocked);
+}
\ No newline at end of file
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 0046405..7fcbf19 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -5587,7 +5587,8 @@
<permission android:name="android.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE"
android:protectionLevel="signature" />
- <!-- Allows an application to subscribe to keyguard locked (i.e., showing) state.
+ <!-- Allows an application to subscribe to device locked and keyguard locked (i.e., showing)
+ state.
<p>Protection level: signature|role
<p>Intended for use by ROLE_ASSISTANT and signature apps only.
-->
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 465ac2f..887e186 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -61,6 +61,7 @@
import android.os.Looper;
import android.os.Message;
import android.os.PersistableBundle;
+import android.os.RemoteCallbackList;
import android.os.RemoteException;
import android.os.SystemClock;
import android.os.UserHandle;
@@ -84,6 +85,7 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.content.PackageMonitor;
import com.android.internal.infra.AndroidFuture;
+import com.android.internal.policy.IDeviceLockedStateListener;
import com.android.internal.util.DumpUtils;
import com.android.internal.widget.LockPatternUtils;
import com.android.internal.widget.LockSettingsInternal;
@@ -105,6 +107,7 @@
import java.util.Collection;
import java.util.List;
import java.util.Objects;
+import java.util.stream.IntStream;
/**
* Manages trust agents and trust listeners.
@@ -253,6 +256,10 @@
new SparseArray<>();
private final SparseArray<TrustableTimeoutAlarmListener>
mIdleTrustableTimeoutAlarmListenerForUser = new SparseArray<>();
+
+ private final RemoteCallbackList<IDeviceLockedStateListener>
+ mDeviceLockedStateListeners = new RemoteCallbackList<>();
+
private AlarmManager mAlarmManager;
private final Object mAlarmLock = new Object();
@@ -1090,6 +1097,7 @@
if (changed) {
notifyTrustAgentsOfDeviceLockState(userId, locked);
notifyKeystoreOfDeviceLockState(userId, locked);
+ notifyDeviceLockedListenersForUser(userId, locked);
// Also update the user's profiles who have unified challenge, since they
// share the same unlocked state (see {@link #isDeviceLocked(int)})
for (int profileHandle : mUserManager.getEnabledProfileIds(userId)) {
@@ -1910,6 +1918,26 @@
return mIsInSignificantPlace;
}
+ @EnforcePermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+ @Override
+ public void registerDeviceLockedStateListener(IDeviceLockedStateListener listener,
+ int deviceId) {
+ super.registerDeviceLockedStateListener_enforcePermission();
+ if (deviceId != Context.DEVICE_ID_DEFAULT) {
+ // Virtual devices are considered insecure.
+ return;
+ }
+ mDeviceLockedStateListeners.register(listener,
+ Integer.valueOf(UserHandle.getUserId(Binder.getCallingUid())));
+ }
+
+ @EnforcePermission(Manifest.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE)
+ @Override
+ public void unregisterDeviceLockedStateListener(IDeviceLockedStateListener listener) {
+ super.unregisterDeviceLockedStateListener_enforcePermission();
+ mDeviceLockedStateListeners.unregister(listener);
+ }
+
private void enforceReportPermission() {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, "reporting trust events");
@@ -2031,6 +2059,7 @@
}
notifyKeystoreOfDeviceLockState(userId, locked);
+ notifyDeviceLockedListenersForUser(userId, locked);
if (locked) {
try {
@@ -2497,4 +2526,24 @@
updateTrust(mUserId, 0 /* flags */);
}
}
+
+ private void notifyDeviceLockedListenersForUser(int userId, boolean locked) {
+ int numListeners = mDeviceLockedStateListeners.beginBroadcast();
+ try {
+ IntStream.range(0, numListeners).forEach(i -> {
+ try {
+ Integer uid = (Integer) mDeviceLockedStateListeners.getBroadcastCookie(i);
+ if (userId == uid.intValue()) {
+ mDeviceLockedStateListeners.getBroadcastItem(i)
+ .onDeviceLockedStateChanged(locked);
+ }
+ } catch (RemoteException re) {
+ Log.i(TAG, "Service died", re);
+ }
+ });
+
+ } finally {
+ mDeviceLockedStateListeners.finishBroadcast();
+ }
+ }
}