public class TrustAgentService extends Service
Trust agents may only be provided by the platform. It is expected that there is only one trust agent installed on the platform. In the event there is more than one, either trust agent can enable trust.
To extend this class, you must declare the service in your manifest file with
the android.Manifest.permission#BIND_TRUST_AGENT
permission
and include an intent filter with the SERVICE_INTERFACE
action. For example:
<service android:name=".TrustAgent" android:label="@string/service_name" android:permission="android.permission.BIND_TRUST_AGENT"> <intent-filter> <action android:name="android.service.trust.TrustAgentService" /> </intent-filter> <meta-data android:name="android.service.trust.trustagent" android:value="@xml/trust_agent" /> </service>
The associated meta-data file can specify an activity that is accessible through Settings
and should allow configuring the trust agent, as defined in
android.R.styleable#TrustAgent
. For example:
<trust-agent xmlns:android="http://schemas.android.com/apk/res/android" android:settingsActivity=".TrustAgentSettings" />
Modifier and Type | Class and Description |
---|---|
static interface |
TrustAgentService.GrantTrustFlags |
Service.StartArgFlags, Service.StartResult, Service.StopForegroundFlags
Context.BindServiceFlags, Context.CreatePackageOptions, Context.ServiceName
Modifier and Type | Field and Description |
---|---|
static int |
FLAG_GRANT_TRUST_DISMISS_KEYGUARD
Flag for
grantTrust(CharSequence, long, int) indicating that the agent would like
to dismiss the keyguard. |
static int |
FLAG_GRANT_TRUST_INITIATED_BY_USER
Flag for
grantTrust(CharSequence, long, int) indicating that trust is being granted
as the direct result of user action - such as solving a security challenge. |
static String |
SERVICE_INTERFACE
The
Intent that must be declared as handled by the service. |
static String |
TRUST_AGENT_META_DATA
The name of the
meta-data tag pointing to additional configuration of the trust
agent. |
START_CONTINUATION_MASK, START_FLAG_REDELIVERY, START_FLAG_RETRY, START_NOT_STICKY, START_REDELIVER_INTENT, START_STICKY, START_STICKY_COMPATIBILITY, START_TASK_REMOVED_COMPLETE, STOP_FOREGROUND_DETACH, STOP_FOREGROUND_REMOVE
ACCESSIBILITY_SERVICE, ACCOUNT_SERVICE, ACTIVITY_SERVICE, ALARM_SERVICE, APP_OPS_SERVICE, APPWIDGET_SERVICE, AUDIO_SERVICE, BACKUP_SERVICE, BATTERY_SERVICE, BIND_ABOVE_CLIENT, BIND_ADJUST_WITH_ACTIVITY, BIND_ALLOW_OOM_MANAGEMENT, BIND_ALLOW_WHITELIST_MANAGEMENT, BIND_AUTO_CREATE, BIND_DEBUG_UNBIND, BIND_EXTERNAL_SERVICE, BIND_FOREGROUND_SERVICE, BIND_FOREGROUND_SERVICE_WHILE_AWAKE, BIND_IMPORTANT, BIND_NOT_FOREGROUND, BIND_NOT_VISIBLE, BIND_SHOWING_UI, BIND_TREAT_LIKE_ACTIVITY, BIND_VISIBLE, BIND_WAIVE_PRIORITY, BLUETOOTH_SERVICE, CAMERA_SERVICE, CAPTIONING_SERVICE, CARRIER_CONFIG_SERVICE, CLIPBOARD_SERVICE, CONNECTIVITY_SERVICE, CONSUMER_IR_SERVICE, CONTEXT_CREDENTIAL_PROTECTED_STORAGE, CONTEXT_DEVICE_PROTECTED_STORAGE, CONTEXT_IGNORE_SECURITY, CONTEXT_INCLUDE_CODE, CONTEXT_REGISTER_PACKAGE, CONTEXT_RESTRICTED, CONTEXTHUB_SERVICE, COUNTRY_DETECTOR, DEVICE_IDLE_CONTROLLER, DEVICE_POLICY_SERVICE, DISPLAY_SERVICE, DOWNLOAD_SERVICE, DROPBOX_SERVICE, ETHERNET_SERVICE, FINGERPRINT_SERVICE, GATEKEEPER_SERVICE, HARDWARE_PROPERTIES_SERVICE, HDMI_CONTROL_SERVICE, INPUT_METHOD_SERVICE, INPUT_SERVICE, JOB_SCHEDULER_SERVICE, KEYGUARD_SERVICE, LAUNCHER_APPS_SERVICE, LAYOUT_INFLATER_SERVICE, LOCATION_SERVICE, MEDIA_PROJECTION_SERVICE, MEDIA_ROUTER_SERVICE, MEDIA_SESSION_SERVICE, MIDI_SERVICE, MODE_APPEND, MODE_ENABLE_WRITE_AHEAD_LOGGING, MODE_MULTI_PROCESS, MODE_NO_LOCALIZED_COLLATORS, MODE_PRIVATE, MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE, NETWORK_POLICY_SERVICE, NETWORK_SCORE_SERVICE, NETWORK_STATS_SERVICE, NETWORKMANAGEMENT_SERVICE, NFC_SERVICE, NOTIFICATION_SERVICE, NSD_SERVICE, PERSISTENT_DATA_BLOCK_SERVICE, POWER_SERVICE, PRINT_SERVICE, RADIO_SERVICE, RECOVERY_SERVICE, RESTRICTIONS_SERVICE, SEARCH_SERVICE, SENSOR_SERVICE, SERIAL_SERVICE, SHORTCUT_SERVICE, SIP_SERVICE, SOUND_TRIGGER_SERVICE, STATUS_BAR_SERVICE, STORAGE_SERVICE, SYSTEM_HEALTH_SERVICE, TELECOM_SERVICE, TELEPHONY_SERVICE, TELEPHONY_SUBSCRIPTION_SERVICE, TEXT_SERVICES_MANAGER_SERVICE, TRUST_SERVICE, TV_INPUT_SERVICE, UI_MODE_SERVICE, UPDATE_LOCK_SERVICE, USAGE_STATS_SERVICE, USB_SERVICE, USER_SERVICE, VIBRATOR_SERVICE, VOICE_INTERACTION_MANAGER_SERVICE, WALLPAPER_SERVICE, WIFI_NAN_SERVICE, WIFI_P2P_SERVICE, WIFI_RTT_SERVICE, WIFI_SCANNING_SERVICE, WIFI_SERVICE, WINDOW_SERVICE
TRIM_MEMORY_BACKGROUND, TRIM_MEMORY_COMPLETE, TRIM_MEMORY_MODERATE, TRIM_MEMORY_RUNNING_CRITICAL, TRIM_MEMORY_RUNNING_LOW, TRIM_MEMORY_RUNNING_MODERATE, TRIM_MEMORY_UI_HIDDEN
Constructor and Description |
---|
TrustAgentService() |
Modifier and Type | Method and Description |
---|---|
void |
grantTrust(CharSequence message,
long durationMs,
boolean initiatedByUser)
Deprecated.
use
grantTrust(CharSequence, long, int) instead. |
void |
grantTrust(CharSequence message,
long durationMs,
int flags)
Call to grant trust on the device.
|
IBinder |
onBind(Intent intent)
Return the communication channel to the service.
|
boolean |
onConfigure(List<PersistableBundle> options)
Called when device policy admin wants to enable specific options for agent in response to
DevicePolicyManager.setKeyguardDisabledFeatures(ComponentName, int) and
DevicePolicyManager.setTrustAgentConfiguration(ComponentName, ComponentName,
PersistableBundle) . |
void |
onCreate()
Called by the system when the service is first created.
|
void |
onDeviceLocked()
Called when the device enters a state where a PIN, pattern or
password must be entered to unlock it.
|
void |
onDeviceUnlocked()
Called when the device leaves a state where a PIN, pattern or
password must be entered to unlock it.
|
void |
onTrustTimeout()
Called when the timeout provided by the agent expires.
|
void |
onUnlockAttempt(boolean successful)
Called after the user attempts to authenticate in keyguard with their device credentials,
such as pin, pattern or password.
|
void |
revokeTrust()
Call to revoke trust on the device.
|
void |
setManagingTrust(boolean managingTrust)
Call to notify the system if the agent is ready to manage trust.
|
attach, dump, getApplication, onConfigurationChanged, onDestroy, onLowMemory, onRebind, onStart, onStartCommand, onTaskRemoved, onTrimMemory, onUnbind, setForeground, startForeground, stopForeground, stopForeground, stopSelf, stopSelf, stopSelfResult
attachBaseContext, bindService, bindServiceAsUser, canStartActivityForResult, checkCallingOrSelfPermission, checkCallingOrSelfUriPermission, checkCallingPermission, checkCallingUriPermission, checkPermission, checkPermission, checkSelfPermission, checkUriPermission, checkUriPermission, checkUriPermission, clearWallpaper, createApplicationContext, createConfigurationContext, createCredentialProtectedStorageContext, createDeviceProtectedStorageContext, createDisplayContext, createPackageContext, createPackageContextAsUser, databaseList, deleteDatabase, deleteFile, deleteSharedPreferences, enforceCallingOrSelfPermission, enforceCallingOrSelfUriPermission, enforceCallingPermission, enforceCallingUriPermission, enforcePermission, enforceUriPermission, enforceUriPermission, fileList, getApplicationContext, getApplicationInfo, getAssets, getBaseContext, getBasePackageName, getCacheDir, getClassLoader, getCodeCacheDir, getContentResolver, getDatabasePath, getDataDir, getDir, getDisplay, getDisplayAdjustments, getExternalCacheDir, getExternalCacheDirs, getExternalFilesDir, getExternalFilesDirs, getExternalMediaDirs, getFilesDir, getFileStreamPath, getMainLooper, getNoBackupFilesDir, getObbDir, getObbDirs, getOpPackageName, getPackageCodePath, getPackageManager, getPackageName, getPackageResourcePath, getResources, getSharedPreferences, getSharedPreferences, getSharedPreferencesPath, getSystemService, getSystemServiceName, getTheme, getThemeResId, getUserId, getWallpaper, getWallpaperDesiredMinimumHeight, getWallpaperDesiredMinimumWidth, grantUriPermission, isCredentialProtectedStorage, isDeviceProtectedStorage, isRestricted, moveDatabaseFrom, moveSharedPreferencesFrom, openFileInput, openFileOutput, openOrCreateDatabase, openOrCreateDatabase, peekWallpaper, registerReceiver, registerReceiver, registerReceiverAsUser, removeStickyBroadcast, removeStickyBroadcastAsUser, revokeUriPermission, sendBroadcast, sendBroadcast, sendBroadcast, sendBroadcast, sendBroadcastAsUser, sendBroadcastAsUser, sendBroadcastAsUser, sendBroadcastMultiplePermissions, sendOrderedBroadcast, sendOrderedBroadcast, sendOrderedBroadcast, sendOrderedBroadcast, sendOrderedBroadcastAsUser, sendOrderedBroadcastAsUser, sendOrderedBroadcastAsUser, sendStickyBroadcast, sendStickyBroadcastAsUser, sendStickyBroadcastAsUser, sendStickyOrderedBroadcast, sendStickyOrderedBroadcastAsUser, setTheme, setWallpaper, setWallpaper, startActivities, startActivities, startActivitiesAsUser, startActivity, startActivity, startActivityAsUser, startActivityAsUser, startActivityForResult, startInstrumentation, startIntentSender, startIntentSender, startService, startServiceAsUser, stopService, stopServiceAsUser, unbindService, unregisterReceiver
bindServiceAsUser, createCredentialEncryptedStorageContext, createDeviceEncryptedStorageContext, getColor, getColorStateList, getDrawable, getSharedPrefsFile, getString, getString, getSystemService, getText, isCredentialEncryptedStorage, isDeviceEncryptedStorage, migrateDatabaseFrom, migrateSharedPreferencesFrom, obtainStyledAttributes, obtainStyledAttributes, obtainStyledAttributes, obtainStyledAttributes, registerComponentCallbacks, unregisterComponentCallbacks
public static final String SERVICE_INTERFACE
Intent
that must be declared as handled by the service.public static final String TRUST_AGENT_META_DATA
meta-data
tag pointing to additional configuration of the trust
agent.public static final int FLAG_GRANT_TRUST_INITIATED_BY_USER
grantTrust(CharSequence, long, int)
indicating that trust is being granted
as the direct result of user action - such as solving a security challenge. The hint is used
by the system to optimize the experience. Behavior may vary by device and release, so
one should only set this parameter if it meets the above criteria rather than relying on
the behavior of any particular device or release.public static final int FLAG_GRANT_TRUST_DISMISS_KEYGUARD
grantTrust(CharSequence, long, int)
indicating that the agent would like
to dismiss the keyguard. When using this flag, the TrustAgentService
must ensure
it is only set in response to a direct user action with the expectation of dismissing the
keyguard.public void onCreate()
Service
public void onUnlockAttempt(boolean successful)
successful
- true if the user successfully completed the challenge.public void onTrustTimeout()
DevicePolicyManager
. The agent is expected to re-evaluate the trust state and only
call grantTrust(CharSequence, long, boolean)
if the trust state should be
continued.public void onDeviceLocked()
public void onDeviceUnlocked()
public boolean onConfigure(List<PersistableBundle> options)
DevicePolicyManager.setKeyguardDisabledFeatures(ComponentName, int)
and
DevicePolicyManager.setTrustAgentConfiguration(ComponentName, ComponentName,
PersistableBundle)
.
Agents that support configuration options should overload this method and return 'true'.
options
- The aggregated list of options or an empty list if no restrictions apply.TrustAgentService
supports configuration options.@Deprecated public final void grantTrust(CharSequence message, long durationMs, boolean initiatedByUser)
grantTrust(CharSequence, long, int)
instead.message
- describes why the device is trusted, e.g. "Trusted by location".durationMs
- amount of time in milliseconds to keep the device in a trusted state.
Trust for this agent will automatically be revoked when the timeout expires unless
extended by a subsequent call to this function. The timeout is measured from the
invocation of this function as dictated by SystemClock#elapsedRealtime())
.
For security reasons, the value should be no larger than necessary.
The value may be adjusted by the system as necessary to comply with a policy controlled
by the system or DevicePolicyManager
restrictions. See onTrustTimeout()
for determining when trust expires.initiatedByUser
- this is a hint to the system that trust is being granted as the
direct result of user action - such as solving a security challenge. The hint is used
by the system to optimize the experience. Behavior may vary by device and release, so
one should only set this parameter if it meets the above criteria rather than relying on
the behavior of any particular device or release. Corresponds to
FLAG_GRANT_TRUST_INITIATED_BY_USER
.IllegalStateException
- if the agent is not currently managing trust.public final void grantTrust(CharSequence message, long durationMs, int flags)
message
- describes why the device is trusted, e.g. "Trusted by location".durationMs
- amount of time in milliseconds to keep the device in a trusted state.
Trust for this agent will automatically be revoked when the timeout expires unless
extended by a subsequent call to this function. The timeout is measured from the
invocation of this function as dictated by SystemClock#elapsedRealtime())
.
For security reasons, the value should be no larger than necessary.
The value may be adjusted by the system as necessary to comply with a policy controlled
by the system or DevicePolicyManager
restrictions. See onTrustTimeout()
for determining when trust expires.flags
- TBDocumentedIllegalStateException
- if the agent is not currently managing trust.public final void revokeTrust()
public final void setManagingTrust(boolean managingTrust)
onCreate()
.managingTrust
- indicates if the agent would like to manage trust.public final IBinder onBind(Intent intent)
Service
IBinder
is usually for a complex interface
that has been described using
aidl.
Note that unlike other application components, calls on to the IBinder interface returned here may not happen on the main thread of the process. More information about the main thread can be found in Processes and Threads.
onBind
in class Service
intent
- The Intent that was used to bind to this service,
as given to Context.bindService
. Note that any extras that were included with
the Intent at that point will not be seen here.