1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.service.oemlock; 18 19 import android.annotation.Nullable; 20 import android.annotation.RequiresPermission; 21 import android.annotation.SystemApi; 22 import android.annotation.SystemService; 23 import android.content.Context; 24 import android.os.RemoteException; 25 26 /** 27 * Interface for managing the OEM lock on the device. 28 * 29 * This will only be available if the device implements OEM lock protection. 30 * 31 * Multiple actors have an opinion on whether the device can be OEM unlocked and they must all be in 32 * agreement for unlock to be possible. 33 * 34 * @hide 35 */ 36 @SystemApi 37 @SystemService(Context.OEM_LOCK_SERVICE) 38 public class OemLockManager { 39 private IOemLockService mService; 40 41 /** @hide */ OemLockManager(IOemLockService service)42 public OemLockManager(IOemLockService service) { 43 mService = service; 44 } 45 46 /** 47 * Returns a vendor specific name for the OEM lock. 48 * 49 * This value is used to identify the security protocol used by locks. 50 * 51 * @return The name of the OEM lock or {@code null} if failed to get the name. 52 */ 53 @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE) 54 @Nullable getLockName()55 public String getLockName() { 56 try { 57 return mService.getLockName(); 58 } catch (RemoteException e) { 59 throw e.rethrowFromSystemServer(); 60 } 61 } 62 63 /** 64 * Sets whether the carrier has allowed this device to be OEM unlocked. 65 * 66 * Depending on the implementation, the validity of the request might need to be proved. This 67 * can be acheived by passing a signature that the system will use to verify the request is 68 * legitimate. 69 * 70 * All actors involved must agree for OEM unlock to be possible. 71 * 72 * @param allowed Whether the device should be allowed to be unlocked. 73 * @param signature Optional proof of request validity, {@code null} for none. 74 * @throws IllegalArgumentException if a signature is required but was not provided. 75 * @throws SecurityException if the wrong signature was provided. 76 * 77 * @see #isOemUnlockAllowedByCarrier() 78 */ 79 @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE) setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature)80 public void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) { 81 try { 82 mService.setOemUnlockAllowedByCarrier(allowed, signature); 83 } catch (RemoteException e) { 84 throw e.rethrowFromSystemServer(); 85 } 86 } 87 88 /** 89 * Returns whether the carrier has allowed this device to be OEM unlocked. 90 * @return Whether OEM unlock is allowed by the carrier, or true if no OEM lock is present. 91 * 92 * @see #setOemUnlockAllowedByCarrier(boolean, byte[]) 93 */ 94 @RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE) isOemUnlockAllowedByCarrier()95 public boolean isOemUnlockAllowedByCarrier() { 96 try { 97 return mService.isOemUnlockAllowedByCarrier(); 98 } catch (RemoteException e) { 99 throw e.rethrowFromSystemServer(); 100 } 101 } 102 103 /** 104 * Sets whether the user has allowed this device to be unlocked. 105 * 106 * All actors involved must agree for OEM unlock to be possible. 107 * 108 * @param allowed Whether the device should be allowed to be unlocked. 109 * @throws SecurityException if the user is not allowed to unlock the device. 110 * 111 * @see #isOemUnlockAllowedByUser() 112 */ 113 @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE) setOemUnlockAllowedByUser(boolean allowed)114 public void setOemUnlockAllowedByUser(boolean allowed) { 115 try { 116 mService.setOemUnlockAllowedByUser(allowed); 117 } catch (RemoteException e) { 118 throw e.rethrowFromSystemServer(); 119 } 120 } 121 122 /** 123 * Returns whether, or not, the user has allowed this device to be OEM unlocked. 124 * @return Whether OEM unlock is allowed by the user, or true if no OEM lock is present. 125 * 126 * @see #setOemUnlockAllowedByUser(boolean) 127 */ 128 @RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE) isOemUnlockAllowedByUser()129 public boolean isOemUnlockAllowedByUser() { 130 try { 131 return mService.isOemUnlockAllowedByUser(); 132 } catch (RemoteException e) { 133 throw e.rethrowFromSystemServer(); 134 } 135 } 136 137 /** 138 * @return Whether the bootloader is able to OEM unlock the device. 139 * 140 * @hide 141 */ isOemUnlockAllowed()142 public boolean isOemUnlockAllowed() { 143 try { 144 return mService.isOemUnlockAllowed(); 145 } catch (RemoteException e) { 146 throw e.rethrowFromSystemServer(); 147 } 148 } 149 150 /** 151 * @return Whether the device has been OEM unlocked by the bootloader. 152 * 153 * @hide 154 */ isDeviceOemUnlocked()155 public boolean isDeviceOemUnlocked() { 156 try { 157 return mService.isDeviceOemUnlocked(); 158 } catch (RemoteException e) { 159 throw e.rethrowFromSystemServer(); 160 } 161 } 162 } 163