1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.service.oemlock;
import android.annotation.Nullable;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.annotation.SystemService;
import android.content.Context;
import android.os.RemoteException;
/**
* Interface for managing the OEM lock on the device.
*
* This will only be available if the device implements OEM lock protection.
*
* Multiple actors have an opinion on whether the device can be OEM unlocked and they must all be in
* agreement for unlock to be possible.
*
* @hide
*/
@SystemApi
@SystemService(Context.OEM_LOCK_SERVICE)
public class OemLockManager {
private IOemLockService mService;
/** @hide */
public OemLockManager(IOemLockService service) {
mService = service;
}
/**
* Returns a vendor specific name for the OEM lock.
*
* This value is used to identify the security protocol used by locks.
*
* @return The name of the OEM lock or {@code null} if failed to get the name.
*/
@RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
@Nullable
public String getLockName() {
try {
return mService.getLockName();
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* Sets whether the carrier has allowed this device to be OEM unlocked.
*
* Depending on the implementation, the validity of the request might need to be proved. This
* can be acheived by passing a signature that the system will use to verify the request is
* legitimate.
*
* All actors involved must agree for OEM unlock to be possible.
*
* @param allowed Whether the device should be allowed to be unlocked.
* @param signature Optional proof of request validity, {@code null} for none.
* @throws IllegalArgumentException if a signature is required but was not provided.
* @throws SecurityException if the wrong signature was provided.
*
* @see #isOemUnlockAllowedByCarrier()
*/
@RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
public void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) {
try {
mService.setOemUnlockAllowedByCarrier(allowed, signature);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* Returns whether the carrier has allowed this device to be OEM unlocked.
* @return Whether OEM unlock is allowed by the carrier, or true if no OEM lock is present.
*
* @see #setOemUnlockAllowedByCarrier(boolean, byte[])
*/
@RequiresPermission(android.Manifest.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE)
public boolean isOemUnlockAllowedByCarrier() {
try {
return mService.isOemUnlockAllowedByCarrier();
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* Sets whether the user has allowed this device to be unlocked.
*
* All actors involved must agree for OEM unlock to be possible.
*
* @param allowed Whether the device should be allowed to be unlocked.
* @throws SecurityException if the user is not allowed to unlock the device.
*
* @see #isOemUnlockAllowedByUser()
*/
@RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE)
public void setOemUnlockAllowedByUser(boolean allowed) {
try {
mService.setOemUnlockAllowedByUser(allowed);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* Returns whether, or not, the user has allowed this device to be OEM unlocked.
* @return Whether OEM unlock is allowed by the user, or true if no OEM lock is present.
*
* @see #setOemUnlockAllowedByUser(boolean)
*/
@RequiresPermission(android.Manifest.permission.MANAGE_USER_OEM_UNLOCK_STATE)
public boolean isOemUnlockAllowedByUser() {
try {
return mService.isOemUnlockAllowedByUser();
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* @return Whether the bootloader is able to OEM unlock the device.
*
* @hide
*/
public boolean isOemUnlockAllowed() {
try {
return mService.isOemUnlockAllowed();
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* @return Whether the device has been OEM unlocked by the bootloader.
*
* @hide
*/
public boolean isDeviceOemUnlocked() {
try {
return mService.isDeviceOemUnlocked();
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
}
|
