Added an onDeviceUnlockLockout callback to TrustAgentService.

Test: Manually tested onDeviceUnlockLockout being called with an actual TestAgentService implementation. Notes: - Active Trust Agents are no longer killed/unbinded from when a temporary device lockout occurs. Instead, the onDeviceUnlockLockout callback of the agent is called. Change-Id: Ifa0984d1d7e5153568334d736e9ebd5a00ef1297 Bug: 34198873
author: Zachary Iqbal <zacharyi@google.com> 2017-01-12 14:41:13 -0800
committer: Zachary Iqbal <zacharyi@google.com> 2017-01-20 15:55:07 -0800
commit: 327323d2b337077433fe02438a79cc98e91799e3 (patch)
tree: 2ca5fb7eeff04f2cd78a5b4c0c34ac0b1e583c2e /core/java
parent: 52461d46a47054130028341a4f5070d932f840ca (diff)
5 files changed, 50 insertions, 0 deletions
diff --git a/core/java/android/app/trust/ITrustManager.aidl b/core/java/android/app/trust/ITrustManager.aidl
index d3d02e59c228..a10de45d115b 100644
--- a/core/java/android/app/trust/ITrustManager.aidl
+++ b/core/java/android/app/trust/ITrustManager.aidl
@@ -25,6 +25,7 @@ import android.app.trust.ITrustListener;
  */
 interface ITrustManager {
     void reportUnlockAttempt(boolean successful, int userId);
+    void reportUnlockLockout(int timeoutMs, int userId);
     void reportEnabledTrustAgentsChanged(int userId);
     void registerTrustListener(in ITrustListener trustListener);
     void unregisterTrustListener(in ITrustListener trustListener);
diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index 0f5cb6f4b8e1..a64a023fec6b 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -81,6 +81,26 @@ public class TrustManager {
     }
 
     /**
+     * Reports that user {@param userId} has entered a temporary device lockout.
+     *
+     * This generally occurs when  the user has unsuccessfully tried to unlock the device too many
+     * times. The user will then be unable to unlock the device until a set amount of time has
+     * elapsed.
+     *
+     * @param timeout The amount of time that needs to elapse, in milliseconds, until the user may
+     *    attempt to unlock the device again.
+     *
+     * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
+     */
+    public void reportUnlockLockout(int timeoutMs, int userId) {
+        try {
+            mService.reportUnlockLockout(timeoutMs, userId);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
+    /**
      * Reports that the list of enabled trust agents changed for user {@param userId}.
      *
      * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
diff --git a/core/java/android/service/trust/ITrustAgentService.aidl b/core/java/android/service/trust/ITrustAgentService.aidl
index f07d0d032ed1..22b4d09e5f70 100644
--- a/core/java/android/service/trust/ITrustAgentService.aidl
+++ b/core/java/android/service/trust/ITrustAgentService.aidl
@@ -24,6 +24,7 @@ import android.service.trust.ITrustAgentServiceCallback;
  */
 interface ITrustAgentService {
     oneway void onUnlockAttempt(boolean successful);
+    oneway void onUnlockLockout(int timeoutMs);
     oneway void onTrustTimeout();
     oneway void onDeviceLocked();
     oneway void onDeviceUnlocked();
diff --git a/core/java/android/service/trust/TrustAgentService.java b/core/java/android/service/trust/TrustAgentService.java
index 9d7ffad5052e..0d5177d23413 100644
--- a/core/java/android/service/trust/TrustAgentService.java
+++ b/core/java/android/service/trust/TrustAgentService.java
@@ -123,6 +123,7 @@ public class TrustAgentService extends Service {
     private static final int MSG_TRUST_TIMEOUT = 3;
     private static final int MSG_DEVICE_LOCKED = 4;
     private static final int MSG_DEVICE_UNLOCKED = 5;
+    private static final int MSG_UNLOCK_LOCKOUT = 6;
 
     /**
      * Class containing raw data for a given configuration request.
@@ -151,6 +152,9 @@ public class TrustAgentService extends Service {
                 case MSG_UNLOCK_ATTEMPT:
                     onUnlockAttempt(msg.arg1 != 0);
                     break;
+                case MSG_UNLOCK_LOCKOUT:
+                    onDeviceUnlockLockout(msg.arg1);
+                    break;
                 case MSG_CONFIGURE:
                     ConfigurationData data = (ConfigurationData) msg.obj;
                     boolean result = onConfigure(data.options);
@@ -226,6 +230,21 @@ public class TrustAgentService extends Service {
     public void onDeviceUnlocked() {
     }
 
+    /**
+     * Called when the device enters a temporary unlock lockout.
+     *
+     * <p>This occurs when the user has consecutively failed to unlock the device too many times,
+     * and must wait until a timeout has passed to perform another attempt. The user may then only
+     * use strong authentication mechanisms (PIN, pattern or password) to unlock the device.
+     * Calls to {@link #grantTrust(CharSequence, long, int)} will be ignored until the user has
+     * unlocked the device and {@link #onDeviceUnlocked()} is called.
+     *
+     * @param timeoutMs The amount of time, in milliseconds, that needs to elapse before the user
+     *    can attempt to unlock the device again.
+     */
+    public void onDeviceUnlockLockout(long timeoutMs) {
+    }
+
     private void onError(String msg) {
         Slog.v(TAG, "Remote exception while " + msg);
     }
@@ -366,6 +385,11 @@ public class TrustAgentService extends Service {
             mHandler.obtainMessage(MSG_UNLOCK_ATTEMPT, successful ? 1 : 0, 0).sendToTarget();
         }
 
+        @Override
+        public void onUnlockLockout(int timeoutMs) {
+            mHandler.obtainMessage(MSG_UNLOCK_LOCKOUT, timeoutMs, 0).sendToTarget();
+        }
+
         @Override /* Binder API */
         public void onTrustTimeout() {
             mHandler.sendEmptyMessage(MSG_TRUST_TIMEOUT);
diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
index a43f3a72782c..a29882b497b4 100644
--- a/core/java/com/android/internal/widget/LockPatternUtils.java
+++ b/core/java/com/android/internal/widget/LockPatternUtils.java
@@ -298,6 +298,10 @@ public class LockPatternUtils {
         getTrustManager().reportUnlockAttempt(true /* authenticated */, userId);
     }
 
+    public void reportPasswordLockout(int timeoutMs, int userId) {
+        getTrustManager().reportUnlockLockout(timeoutMs, userId);
+    }
+
     public int getCurrentFailedPasswordAttempts(int userId) {
         return getDevicePolicyManager().getCurrentFailedPasswordAttempts(userId);
     }
author	Zachary Iqbal <zacharyi@google.com>	2017-01-12 14:41:13 -0800
committer	Zachary Iqbal <zacharyi@google.com>	2017-01-20 15:55:07 -0800
commit	327323d2b337077433fe02438a79cc98e91799e3 (patch)
tree	2ca5fb7eeff04f2cd78a5b4c0c34ac0b1e583c2e /core/java
parent	52461d46a47054130028341a4f5070d932f840ca (diff)