Merge "Modifies the Trust Agent API to support Active Unlock."
diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java
index 61277e2..22ed1b8 100644
--- a/core/java/android/service/trust/TrustAgentService.java
+++ b/core/java/android/service/trust/TrustAgentService.java
@@ -114,15 +114,47 @@
*/
public static final int FLAG_GRANT_TRUST_DISMISS_KEYGUARD = 1 << 1;
+ /**
+ * Flag for {@link #grantTrust(CharSequence, long, int)} indicating the platform should
+ * automatically remove trust after some conditions are met (detailed below) with the option for
+ * the agent to renew the trust again later.
+ *
+ * <p>After this is called, the agent will grant trust until the platform thinks an active user
+ * is no longer using that trust. For example, if the user dismisses keyguard, the platform will
+ * remove trust (this does not automatically lock the device).
+ *
+ * <p>When the platform internally removes the agent's trust in this manner, an agent can
+ * re-grant it (via a call to grantTrust) without the user having to unlock the device through
+ * another method (e.g. PIN). This renewable state only persists for a limited time.
+ *
+ * TODO(b/213631675): Remove @hide
+ * @hide
+ */
+ public static final int FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE = 1 << 2;
+
+ /**
+ * Flag for {@link #grantTrust(CharSequence, long, int)} indicating that the message should
+ * be displayed to the user.
+ *
+ * Without this flag, the message passed to {@code grantTrust} is only used for debugging
+ * purposes. With the flag, it may be displayed to the user as the reason why the device is
+ * unlocked.
+ *
+ * TODO(b/213911325): Remove @hide
+ * @hide
+ */
+ public static final int FLAG_GRANT_TRUST_DISPLAY_MESSAGE = 1 << 3;
+
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@IntDef(flag = true, prefix = { "FLAG_GRANT_TRUST_" }, value = {
FLAG_GRANT_TRUST_INITIATED_BY_USER,
FLAG_GRANT_TRUST_DISMISS_KEYGUARD,
+ FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE,
+ FLAG_GRANT_TRUST_DISPLAY_MESSAGE,
})
public @interface GrantTrustFlags {}
-
/**
* Int enum indicating that escrow token is active.
* See {@link #onEscrowTokenStateReceived(long, int)}
@@ -265,6 +297,22 @@
}
/**
+ * Called when the user has interacted with the locked device such that they likely want it
+ * to be unlocked. This approximates the timing when, for example, the platform would check for
+ * face authentication to unlock the device.
+ *
+ * To attempt to unlock the device, the agent needs to call
+ * {@link #grantTrust(CharSequence, long, int)}.
+ *
+ * @see #FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE
+ *
+ * TODO(b/213631672): Hook up call from system server & SystemUI, then un-hide
+ * @hide
+ */
+ public void onUserRequestedUnlock() {
+ }
+
+ /**
* Called when the timeout provided by the agent expires. Note that this may be called earlier
* than requested by the agent if the trust timeout is adjusted by the system or
* {@link DevicePolicyManager}. The agent is expected to re-evaluate the trust state and only
@@ -564,6 +612,22 @@
}
/**
+ * Locks the user.
+ *
+ * This revokes any trust granted by this agent and shows keyguard for the user if it is not
+ * currently shown for them. Other users are not affected. Note that this is in contrast to
+ * {@link #revokeTrust()} which does not show keyguard if it is not already shown.
+ *
+ * If the user has no auth method specified, then keyguard will still be shown but can be
+ * dismissed normally.
+ *
+ * TODO(b/213631675): Implement & make public
+ * @hide
+ */
+ public final void lockUser() {
+ }
+
+ /**
* Request showing a transient error message on the keyguard.
* The message will be visible on the lock screen or always on display if possible but can be
* overridden by other keyguard events of higher priority - eg. fingerprint auth error.
diff --git a/services/core/java/com/android/server/trust/TrustAgentWrapper.java b/services/core/java/com/android/server/trust/TrustAgentWrapper.java
index 59f8e54..79231f7 100644
--- a/services/core/java/com/android/server/trust/TrustAgentWrapper.java
+++ b/services/core/java/com/android/server/trust/TrustAgentWrapper.java
@@ -123,6 +123,7 @@
public void handleMessage(Message msg) {
switch (msg.what) {
case MSG_GRANT_TRUST:
+ // TODO(b/213631675): Respect FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE
if (!isConnected()) {
Log.w(TAG, "Agent is not connected, cannot grant trust: "
+ mName.flattenToShortString());