1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.service.oemlock;
18 
19 import android.annotation.Nullable;
20 import android.annotation.RequiresPermission;
21 import android.annotation.SystemApi;
22 import android.annotation.SystemService;
23 import android.content.Context;
24 import android.os.RemoteException;
25 
26 /**
27  * Interface for managing the OEM lock on the device.
28  *
29  * This will only be available if the device implements OEM lock protection.
30  *
31  * Multiple actors have an opinion on whether the device can be OEM unlocked and they must all be in
32  * agreement for unlock to be possible.
33  *
34  * @hide
35  */
36 @SystemApi
37 @SystemService(Context.OEM_LOCK_SERVICE)
38 public class OemLockManager {
39     private IOemLockService mService;
40 
41     /** @hide */
OemLockManager(IOemLockService service)42     public OemLockManager(IOemLockService service) {
43         mService = service;
44     }
45 
46     /**
47      * Returns a vendor specific name for the OEM lock.
48      *
49      * This value is used to identify the security protocol used by locks.
50      *
51      * @return The name of the OEM lock or {@code null} if failed to get the name.
52      */
53     @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
54     @Nullable
getLockName()55     public String getLockName() {
56         try {
57             return mService.getLockName();
58         } catch (RemoteException e) {
59             throw e.rethrowFromSystemServer();
60         }
61     }
62 
63     /**
64      * Sets whether the carrier has allowed this device to be OEM unlocked.
65      *
66      * Depending on the implementation, the validity of the request might need to be proved. This
67      * can be acheived by passing a signature that the system will use to verify the request is
68      * legitimate.
69      *
70      * All actors involved must agree for OEM unlock to be possible.
71      *
72      * @param allowed Whether the device should be allowed to be unlocked.
73      * @param signature Optional proof of request validity, {@code null} for none.
74      * @throws IllegalArgumentException if a signature is required but was not provided.
75      * @throws SecurityException if the wrong signature was provided.
76      *
77      * @see #isOemUnlockAllowedByCarrier()
78      */
79     @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature)80     public void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) {
81         try {
82             mService.setOemUnlockAllowedByCarrier(allowed, signature);
83         } catch (RemoteException e) {
84             throw e.rethrowFromSystemServer();
85         }
86     }
87 
88     /**
89      * Returns whether the carrier has allowed this device to be OEM unlocked.
90      * @return Whether OEM unlock is allowed by the carrier, or true if no OEM lock is present.
91      *
92      * @see #setOemUnlockAllowedByCarrier(boolean, byte[])
93      */
94     @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
isOemUnlockAllowedByCarrier()95     public boolean isOemUnlockAllowedByCarrier() {
96         try {
97             return mService.isOemUnlockAllowedByCarrier();
98         } catch (RemoteException e) {
99             throw e.rethrowFromSystemServer();
100         }
101     }
102 
103     /**
104      * Sets whether the user has allowed this device to be unlocked.
105      *
106      * All actors involved must agree for OEM unlock to be possible.
107      *
108      * @param allowed Whether the device should be allowed to be unlocked.
109      * @throws SecurityException if the user is not allowed to unlock the device.
110      *
111      * @see #isOemUnlockAllowedByUser()
112      */
113     @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE)
setOemUnlockAllowedByUser(boolean allowed)114     public void setOemUnlockAllowedByUser(boolean allowed) {
115         try {
116             mService.setOemUnlockAllowedByUser(allowed);
117         } catch (RemoteException e) {
118             throw e.rethrowFromSystemServer();
119         }
120     }
121 
122     /**
123      * Returns whether, or not, the user has allowed this device to be OEM unlocked.
124      * @return Whether OEM unlock is allowed by the user, or true if no OEM lock is present.
125      *
126      * @see #setOemUnlockAllowedByUser(boolean)
127      */
128     @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE)
isOemUnlockAllowedByUser()129     public boolean isOemUnlockAllowedByUser() {
130         try {
131             return mService.isOemUnlockAllowedByUser();
132         } catch (RemoteException e) {
133             throw e.rethrowFromSystemServer();
134         }
135     }
136 
137     /**
138      * @return Whether the bootloader is able to OEM unlock the device.
139      *
140      * @hide
141      */
isOemUnlockAllowed()142     public boolean isOemUnlockAllowed() {
143         try {
144             return mService.isOemUnlockAllowed();
145         } catch (RemoteException e) {
146             throw e.rethrowFromSystemServer();
147         }
148     }
149 
150     /**
151      * @return Whether the device has been OEM unlocked by the bootloader.
152      *
153      * @hide
154      */
isDeviceOemUnlocked()155     public boolean isDeviceOemUnlocked() {
156         try {
157             return mService.isDeviceOemUnlocked();
158         } catch (RemoteException e) {
159             throw e.rethrowFromSystemServer();
160         }
161     }
162 }
163