search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / components / proximity_auth / unlock_manager.cc
blobe55ad50814ff678267ed6b4f73b051e385a6f75f
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/proximity_auth/unlock_manager.h"
6
7 #include "base/bind.h"
8 #include "base/location.h"
9 #include "base/logging.h"
10 #include "base/thread_task_runner_handle.h"
11 #include "base/time/time.h"
12 #include "components/proximity_auth/logging/logging.h"
13 #include "components/proximity_auth/messenger.h"
14 #include "components/proximity_auth/metrics.h"
15 #include "components/proximity_auth/proximity_auth_client.h"
16 #include "components/proximity_auth/proximity_monitor.h"
17 #include "device/bluetooth/bluetooth_adapter_factory.h"
18
19 #if defined(OS_CHROMEOS)
20 #include "chromeos/dbus/dbus_thread_manager.h"
21
22 using chromeos::DBusThreadManager;
23 #endif // defined(OS_CHROMEOS)
24
25 namespace proximity_auth {
26 namespace {
27
28 // The maximum amount of time, in seconds, that the unlock manager can stay in
29 // the 'waking up' state after resuming from sleep.
30 const int kWakingUpDurationSecs = 5;
31
32 // The limit, in seconds, on the elapsed time for an auth attempt. If an auth
33 // attempt exceeds this limit, it will time out and be rejected. This is
34 // provided as a failsafe, in case something goes wrong.
35 const int kAuthAttemptTimeoutSecs = 5;
36
37 // Returns the remote device's security settings state, for metrics,
38 // corresponding to a remote status update.
39 metrics::RemoteSecuritySettingsState GetRemoteSecuritySettingsState(
40 const RemoteStatusUpdate& status_update) {
41 switch (status_update.secure_screen_lock_state) {
42 case SECURE_SCREEN_LOCK_STATE_UNKNOWN:
43 return metrics::RemoteSecuritySettingsState::UNKNOWN;
44
45 case SECURE_SCREEN_LOCK_DISABLED:
46 switch (status_update.trust_agent_state) {
47 case TRUST_AGENT_UNSUPPORTED:
48 return metrics::RemoteSecuritySettingsState::
49 SCREEN_LOCK_DISABLED_TRUST_AGENT_UNSUPPORTED;
50 case TRUST_AGENT_DISABLED:
51 return metrics::RemoteSecuritySettingsState::
52 SCREEN_LOCK_DISABLED_TRUST_AGENT_DISABLED;
53 case TRUST_AGENT_ENABLED:
54 return metrics::RemoteSecuritySettingsState::
55 SCREEN_LOCK_DISABLED_TRUST_AGENT_ENABLED;
56 }
57
58 case SECURE_SCREEN_LOCK_ENABLED:
59 switch (status_update.trust_agent_state) {
60 case TRUST_AGENT_UNSUPPORTED:
61 return metrics::RemoteSecuritySettingsState::
62 SCREEN_LOCK_ENABLED_TRUST_AGENT_UNSUPPORTED;
63 case TRUST_AGENT_DISABLED:
64 return metrics::RemoteSecuritySettingsState::
65 SCREEN_LOCK_ENABLED_TRUST_AGENT_DISABLED;
66 case TRUST_AGENT_ENABLED:
67 return metrics::RemoteSecuritySettingsState::
68 SCREEN_LOCK_ENABLED_TRUST_AGENT_ENABLED;
69 }
70 }
71
72 NOTREACHED();
73 return metrics::RemoteSecuritySettingsState::UNKNOWN;
74 }
75
76 } // namespace
77
78 UnlockManager::UnlockManager(ScreenlockType screenlock_type,
79 scoped_ptr<ProximityMonitor> proximity_monitor,
80 ProximityAuthClient* proximity_auth_client)
81 : screenlock_type_(screenlock_type),
82 life_cycle_(nullptr),
83 messenger_(nullptr),
84 proximity_monitor_(proximity_monitor.Pass()),
85 proximity_auth_client_(proximity_auth_client),
86 is_locked_(false),
87 is_attempting_auth_(false),
88 is_waking_up_(false),
89 screenlock_state_(ScreenlockState::INACTIVE),
90 clear_waking_up_state_weak_ptr_factory_(this),
91 reject_auth_attempt_weak_ptr_factory_(this),
92 weak_ptr_factory_(this) {
93 // TODO(isherman): Register for auth attempt notifications, equivalent to the
94 // JavaScript lines:
95 //
96 // chrome.screenlockPrivate.onAuthAttempted.addListener(
97 // this.onAuthAttempted_.bind(this));
98
99 ScreenlockBridge* screenlock_bridge = ScreenlockBridge::Get();
100 screenlock_bridge->AddObserver(this);
101 OnScreenLockedOrUnlocked(screenlock_bridge->IsLocked());
102
103 #if defined(OS_CHROMEOS)
104 DBusThreadManager::Get()->GetPowerManagerClient()->AddObserver(this);
105 #endif // defined(OS_CHROMEOS)
106 SetWakingUpState(true);
107
108 if (device::BluetoothAdapterFactory::IsBluetoothAdapterAvailable()) {
109 device::BluetoothAdapterFactory::GetAdapter(
110 base::Bind(&UnlockManager::OnBluetoothAdapterInitialized,
111 weak_ptr_factory_.GetWeakPtr()));
112 }
113 }
114
115 UnlockManager::~UnlockManager() {
116 if (messenger_)
117 messenger_->RemoveObserver(this);
118
119 ScreenlockBridge::Get()->RemoveObserver(this);
120
121 #if defined(OS_CHROMEOS)
122 DBusThreadManager::Get()->GetPowerManagerClient()->RemoveObserver(this);
123 #endif // defined(OS_CHROMEOS)
124
125 if (bluetooth_adapter_)
126 bluetooth_adapter_->RemoveObserver(this);
127 }
128
129 bool UnlockManager::IsUnlockAllowed() {
130 return (remote_screenlock_state_ &&
131 *remote_screenlock_state_ == RemoteScreenlockState::UNLOCKED &&
132 life_cycle_ &&
133 life_cycle_->GetState() ==
134 RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED &&
135 proximity_monitor_->IsUnlockAllowed() &&
136 (screenlock_type_ != ScreenlockType::SIGN_IN ||
137 (messenger_ && messenger_->SupportsSignIn())));
138 }
139
140 void UnlockManager::SetRemoteDeviceLifeCycle(
141 RemoteDeviceLifeCycle* life_cycle) {
142 if (messenger_) {
143 messenger_->RemoveObserver(this);
144 messenger_ = nullptr;
145 }
146
147 life_cycle_ = life_cycle;
148 if (life_cycle_)
149 SetWakingUpState(true);
150
151 UpdateLockScreen();
152 }
153
154 void UnlockManager::OnLifeCycleStateChanged() {
155 RemoteDeviceLifeCycle::State state = life_cycle_->GetState();
156 PA_LOG(INFO) << "[Unlock] RemoteDeviceLifeCycle state changed: "
157 << static_cast<int>(state);
158
159 remote_screenlock_state_.reset();
160 if (state == RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED) {
161 messenger_ = life_cycle_->GetMessenger();
162 messenger_->AddObserver(this);
163 }
164
165 if (state == RemoteDeviceLifeCycle::State::AUTHENTICATION_FAILED)
166 SetWakingUpState(false);
167
168 UpdateLockScreen();
169 }
170
171 void UnlockManager::OnUnlockEventSent(bool success) {
172 if (!is_attempting_auth_) {
173 PA_LOG(ERROR) << "[Unlock] Sent easy_unlock event, but no auth attempted.";
174 return;
175 }
176
177 if (sign_in_secret_ && success)
178 proximity_auth_client_->FinalizeSignin(*sign_in_secret_);
179
180 AcceptAuthAttempt(success);
181 }
182
183 void UnlockManager::OnRemoteStatusUpdate(
184 const RemoteStatusUpdate& status_update) {
185 PA_LOG(INFO) << "[Unlock] Status Update: ("
186 << "user_present=" << status_update.user_presence << ", "
187 << "secure_screen_lock="
188 << status_update.secure_screen_lock_state << ", "
189 << "trust_agent=" << status_update.trust_agent_state << ")";
190 metrics::RecordRemoteSecuritySettingsState(
191 GetRemoteSecuritySettingsState(status_update));
192
193 remote_screenlock_state_.reset(new RemoteScreenlockState(
194 GetScreenlockStateFromRemoteUpdate(status_update)));
195
196 // This also calls |UpdateLockScreen()|
197 SetWakingUpState(false);
198 }
199
200 void UnlockManager::OnDecryptResponse(scoped_ptr<std::string> decrypted_bytes) {
201 if (!is_attempting_auth_) {
202 PA_LOG(ERROR) << "[Unlock] Decrypt response received but not attempting "
203 << "auth.";
204 return;
205 }
206
207 if (!decrypted_bytes) {
208 PA_LOG(INFO) << "[Unlock] Failed to decrypt sign-in challenge.";
209 AcceptAuthAttempt(false);
210 } else {
211 sign_in_secret_ = decrypted_bytes.Pass();
212 messenger_->DispatchUnlockEvent();
213 }
214 }
215
216 void UnlockManager::OnUnlockResponse(bool success) {
217 if (!is_attempting_auth_) {
218 PA_LOG(ERROR) << "[Unlock] Unlock response received but not attempting "
219 << "auth.";
220 return;
221 }
222
223 PA_LOG(INFO) << "[Unlock] Unlock response from remote device: "
224 << (success ? "success" : "failure");
225 if (success)
226 messenger_->DispatchUnlockEvent();
227 else
228 AcceptAuthAttempt(false);
229 }
230
231 void UnlockManager::OnDisconnected() {
232 messenger_->RemoveObserver(this);
233 messenger_ = nullptr;
234 }
235
236 void UnlockManager::OnScreenDidLock(
237 ScreenlockBridge::LockHandler::ScreenType screen_type) {
238 OnScreenLockedOrUnlocked(true);
239 }
240
241 void UnlockManager::OnScreenDidUnlock(
242 ScreenlockBridge::LockHandler::ScreenType screen_type) {
243 OnScreenLockedOrUnlocked(false);
244 }
245
246 void UnlockManager::OnFocusedUserChanged(const std::string& user_id) {}
247
248 void UnlockManager::OnScreenLockedOrUnlocked(bool is_locked) {
249 // TODO(tengs): Chrome will only start connecting to the phone when
250 // the screen is locked, for privacy reasons. We should reinvestigate
251 // this behaviour if we want automatic locking.
252 if (is_locked && bluetooth_adapter_ && bluetooth_adapter_->IsPowered() &&
253 life_cycle_ &&
254 life_cycle_->GetState() ==
255 RemoteDeviceLifeCycle::State::FINDING_CONNECTION) {
256 SetWakingUpState(true);
257 }
258
259 is_locked_ = is_locked;
260 UpdateProximityMonitorState();
261 }
262
263 void UnlockManager::OnBluetoothAdapterInitialized(
264 scoped_refptr<device::BluetoothAdapter> adapter) {
265 bluetooth_adapter_ = adapter;
266 bluetooth_adapter_->AddObserver(this);
267 }
268
269 void UnlockManager::AdapterPresentChanged(device::BluetoothAdapter* adapter,
270 bool present) {
271 UpdateLockScreen();
272 }
273
274 void UnlockManager::AdapterPoweredChanged(device::BluetoothAdapter* adapter,
275 bool powered) {
276 UpdateLockScreen();
277 }
278
279 #if defined(OS_CHROMEOS)
280 void UnlockManager::SuspendDone(const base::TimeDelta& sleep_duration) {
281 SetWakingUpState(true);
282 }
283 #endif // defined(OS_CHROMEOS)
284
285 void UnlockManager::OnAuthAttempted(
286 ScreenlockBridge::LockHandler::AuthType auth_type) {
287 if (is_attempting_auth_) {
288 PA_LOG(INFO) << "[Unlock] Already attempting auth.";
289 return;
290 }
291
292 if (auth_type != ScreenlockBridge::LockHandler::USER_CLICK)
293 return;
294
295 is_attempting_auth_ = true;
296
297 if (!life_cycle_) {
298 PA_LOG(ERROR) << "[Unlock] No life_cycle active when auth is attempted";
299 AcceptAuthAttempt(false);
300 UpdateLockScreen();
301 return;
302 }
303
304 if (!IsUnlockAllowed()) {
305 AcceptAuthAttempt(false);
306 UpdateLockScreen();
307 return;
308 }
309
310 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
311 FROM_HERE,
312 base::Bind(&UnlockManager::AcceptAuthAttempt,
313 reject_auth_attempt_weak_ptr_factory_.GetWeakPtr(), false),
314 base::TimeDelta::FromSeconds(kAuthAttemptTimeoutSecs));
315
316 if (screenlock_type_ == ScreenlockType::SIGN_IN) {
317 SendSignInChallenge();
318 } else {
319 if (messenger_->SupportsSignIn()) {
320 messenger_->RequestUnlock();
321 } else {
322 PA_LOG(INFO) << "[Unlock] Protocol v3.1 not supported, skipping "
323 << "request_unlock.";
324 messenger_->DispatchUnlockEvent();
325 }
326 }
327 }
328
329 void UnlockManager::SendSignInChallenge() {
330 // TODO(isherman): Implement.
331 NOTIMPLEMENTED();
332 }
333
334 ScreenlockState UnlockManager::GetScreenlockState() {
335 if (!life_cycle_ ||
336 life_cycle_->GetState() == RemoteDeviceLifeCycle::State::STOPPED)
337 return ScreenlockState::INACTIVE;
338
339 if (IsUnlockAllowed())
340 return ScreenlockState::AUTHENTICATED;
341
342 if (life_cycle_->GetState() ==
343 RemoteDeviceLifeCycle::State::AUTHENTICATION_FAILED)
344 return ScreenlockState::PHONE_NOT_AUTHENTICATED;
345
346 if (is_waking_up_)
347 return ScreenlockState::BLUETOOTH_CONNECTING;
348
349 if (!bluetooth_adapter_ || !bluetooth_adapter_->IsPowered())
350 return ScreenlockState::NO_BLUETOOTH;
351
352 if (screenlock_type_ == ScreenlockType::SIGN_IN && messenger_ &&
353 !messenger_->SupportsSignIn())
354 return ScreenlockState::PHONE_UNSUPPORTED;
355
356 // If the RSSI is too low, then the remote device is nowhere near the local
357 // device. This message should take priority over messages about screen lock
358 // states.
359 if (!proximity_monitor_->IsUnlockAllowed() &&
360 !proximity_monitor_->IsInRssiRange())
361 return ScreenlockState::RSSI_TOO_LOW;
362
363 if (remote_screenlock_state_) {
364 switch (*remote_screenlock_state_) {
365 case RemoteScreenlockState::DISABLED:
366 return ScreenlockState::PHONE_NOT_LOCKABLE;
367
368 case RemoteScreenlockState::LOCKED:
369 if (proximity_monitor_->GetStrategy() ==
370 ProximityMonitor::Strategy::CHECK_TRANSMIT_POWER &&
371 !proximity_monitor_->IsUnlockAllowed()) {
372 return ScreenlockState::PHONE_LOCKED_AND_TX_POWER_TOO_HIGH;
373 }
374 return ScreenlockState::PHONE_LOCKED;
375
376 case RemoteScreenlockState::UNKNOWN:
377 return ScreenlockState::PHONE_UNSUPPORTED;
378
379 case RemoteScreenlockState::UNLOCKED:
380 // Handled by the code below.
381 break;
382 }
383 }
384
385 if (!proximity_monitor_->IsUnlockAllowed()) {
386 ProximityMonitor::Strategy strategy = proximity_monitor_->GetStrategy();
387 if (strategy != ProximityMonitor::Strategy::CHECK_TRANSMIT_POWER) {
388 // CHECK_RSSI should have been handled above, and no other states should
389 // prevent unlocking.
390 PA_LOG(ERROR) << "[Unlock] Invalid ProximityMonitor strategy: "
391 << static_cast<int>(strategy);
392 return ScreenlockState::NO_PHONE;
393 }
394 return ScreenlockState::TX_POWER_TOO_HIGH;
395 }
396
397 return ScreenlockState::NO_PHONE;
398 }
399
400 void UnlockManager::UpdateLockScreen() {
401 UpdateProximityMonitorState();
402
403 ScreenlockState new_state = GetScreenlockState();
404 if (screenlock_state_ == new_state)
405 return;
406
407 proximity_auth_client_->UpdateScreenlockState(new_state);
408 screenlock_state_ = new_state;
409 }
410
411 void UnlockManager::UpdateProximityMonitorState() {
412 if (is_locked_ && life_cycle_ &&
413 life_cycle_->GetState() ==
414 RemoteDeviceLifeCycle::State::SECURE_CHANNEL_ESTABLISHED) {
415 proximity_monitor_->Start();
416 } else {
417 proximity_monitor_->Stop();
418 }
419 }
420
421 void UnlockManager::SetWakingUpState(bool is_waking_up) {
422 is_waking_up_ = is_waking_up;
423
424 // Clear the waking up state after a timeout.
425 clear_waking_up_state_weak_ptr_factory_.InvalidateWeakPtrs();
426 if (is_waking_up_) {
427 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
428 FROM_HERE,
429 base::Bind(&UnlockManager::SetWakingUpState,
430 clear_waking_up_state_weak_ptr_factory_.GetWeakPtr(), false),
431 base::TimeDelta::FromSeconds(kWakingUpDurationSecs));
432 }
433
434 UpdateLockScreen();
435 }
436
437 void UnlockManager::AcceptAuthAttempt(bool should_accept) {
438 if (!is_attempting_auth_)
439 return;
440
441 // Cancel the pending task to time out the auth attempt.
442 reject_auth_attempt_weak_ptr_factory_.InvalidateWeakPtrs();
443
444 if (should_accept)
445 proximity_monitor_->RecordProximityMetricsOnAuthSuccess();
446
447 is_attempting_auth_ = false;
448 proximity_auth_client_->FinalizeUnlock(should_accept);
449 }
450
451 UnlockManager::RemoteScreenlockState
452 UnlockManager::GetScreenlockStateFromRemoteUpdate(RemoteStatusUpdate update) {
453 switch (update.secure_screen_lock_state) {
454 case SECURE_SCREEN_LOCK_DISABLED:
455 return RemoteScreenlockState::DISABLED;
456
457 case SECURE_SCREEN_LOCK_ENABLED:
458 if (update.user_presence == USER_PRESENT)
459 return RemoteScreenlockState::UNLOCKED;
460
461 return RemoteScreenlockState::LOCKED;
462
463 case SECURE_SCREEN_LOCK_STATE_UNKNOWN:
464 return RemoteScreenlockState::UNKNOWN;
465 }
466
467 NOTREACHED();
468 return RemoteScreenlockState::UNKNOWN;
469 }
470
471 } // namespace proximity_auth